multilinear maps from lattices
play

Multilinear maps from lattices Constructions, attacks, and - PowerPoint PPT Presentation

Jan 17, 2024 •687 likes •2.17k views

Multilinear maps from lattices Constructions, attacks, and applications Yilei Chen (Visa Research) Crypto Innovation School Shanghai 2019 1 What are multilinear maps? 2 3 Cool. So what are the multilinear maps in cryptography? 4

  1. GGH15 > (Ring)LWE analogy: in a nutshell A, S 1 A+E 1 ,..., S k A+E k → ∏SA+E mod q > GGH15: (also appear as “cascaded LWE” in [ Koppula-Waters 16], [ Alamati-Peikert 16]) A 0 D 1 = S 1 A 1 +E 1 , A 1 D 2 = S 2 A 2 +E 2 mod q D i is sampled using the trapdoor of A i-1 39

  2. GGH15 > (Ring)LWE analogy: in a nutshell A, S 1 A+E 1 ,..., S k A+E k → ∏SA+E mod q > GGH15: (also appear as “cascaded LWE” in [ Koppula-Waters 16], [ Alamati-Peikert 16]) A 0 D 1 = S 1 A 1 +E 1 , A 1 D 2 = S 2 A 2 +E 2 mod q D i is sampled using the trapdoor of A i-1 = mod q D 1 S 1 A 1 +E 1 A 0 = mod q D 2 S 2 A 2 +E 2 A 1 40

  3. Zoom in the most important relation of S is the eigenvalue of D this talk A i-1 D i x = A i S i + E mod q D i is sampled using the trapdoor of A i-1 41

  4. GGH15 > (Ring)LWE analogy: in a nutshell A, S 1 A+E 1 ,..., S k A+E k → ∏SA+E mod q > GGH15: (also appear as “cascaded LWE” in [ Koppula-Waters 16], [ Alamati-Peikert 16]) A 0 D 1 = S 1 A 1 +E 1 , A 1 D 2 = S 2 A 2 +E 2 mod q D i is sampled using the trapdoor of A i-1 Publish A 0 , D 1 , D 2 as the encodings of S 1 , S 2 42

  5. GGH15 > (Ring)LWE analogy: in a nutshell A, S 1 A+E 1 ,..., S k A+E k → ∏SA+E mod q > GGH15: (also appear as “cascaded LWE” in [ Koppula-Waters 16], [ Alamati-Peikert 16]) A 0 D 1 = S 1 A 1 +E 1 , A 1 D 2 = S 2 A 2 +E 2 mod q D i is sampled using the trapdoor of A i-1 Publish A 0 , D 1 , D 2 as the encodings of S 1 , S 2 Eval = A 0 D 1 D 2 = (S 1 A 1 +E 1 )D 2 = S 1 S 2 A 2 + S 1 E 2 + E 1 D 2 mod q functionality small 43

  6. A toy example of GGH15 eval D 1,1 D 2,1 D 3,1 D 4,1 A 0 D 1,0 D 2,0 D 3,0 D 4,0 Eval(0110) = A 0 D 1,0 D 2,1 D 3,1 D 4,0 A i-1 D i, b = x A i S i, b + E mod q 44

  7. A toy example of GGH15 eval ( ) D 2,1 D 3,1 D 4,1 + S 1,1 E 1,1 A 1 + S 1,0 E 1,0 D 2,0 D 3,0 D 4,0 Eval(0110) = A 0 D 1,0 D 2,1 D 3,1 D 4,0 = (s 1,0 A 1 +E 1,0 )D 2,1 D 3,1 D 4,0 A i-1 D i, b = x A i S i, b + E mod q 45

  8. D 2,1 D 3,1 D 4,1 S 1,1 A 1 S 1,0 D 2,0 D 3,0 D 4,0 Eval(0110) + “small” = A 0 D 1,0 D 2,1 D 3,1 D 4,0 = (s 1,0 A 1 +E 1,0 )D 2,1 D 3,1 D 4,0 = s 1,0 A 1 D 2,1 D 3,1 D 4,0 + “small” A toy example of GGH15 eval 46

  9. ( ) D 3,1 D 4,1 + S 1,1 S 2,1 E 2,1 A 2 + S 1,0 S 2,0 E 2,0 D 3,0 D 4,0 Eval(0110) + “small” = A 0 D 1,0 D 2,1 D 3,1 D 4,0 = (s 1,0 A 1 +E 1,0 )D 2,1 D 3,1 D 4,0 = s 1,0 A 1 D 2,1 D 3,1 D 4,0 + “small” A toy example = s 1,0 (s 2,1 A 2 +E 2,1 )D 3,1 D 4,0 + “small” of GGH15 eval 47

  10. D 3,1 D 4,1 S 1,1 S 2,1 A 2 S 1,0 S 2,0 D 3,0 D 4,0 + Eval(0110) “still small” = A 0 D 1,0 D 2,1 D 3,1 D 4,0 = (s 1,0 A 1 +E 1,0 )D 2,1 D 3,1 D 4,0 = s 1,0 A 1 D 2,1 D 3,1 D 4,0 + “small” A toy example = s 1,0 (s 2,1 A 2 +E 2,1 )D 3,1 D 4,0 + “small” = s 1,0 s 2,1 A 2 D 3,1 D 4,0 + “still small” of GGH15 eval 48

  11. S 1,1 S 2,1 S 3,1 S 4,1 A 4 S 1,0 S 2,0 S 3,0 S 4,0 “still small” + Eval(0110) = A 0 D 1,0 D 2,1 D 3,1 D 4,0 = (s 1,0 A 1 +E 1,0 )D 2,1 D 3,1 D 4,0 = s 1,0 A 1 D 2,1 D 3,1 D 4,0 + “small” A toy example = s 1,0 (s 2,1 A 2 +E 2,1 )D 3,1 D 4,0 + “small” = s 1,0 s 2,1 A 2 D 3,1 D 4,0 + “still small” of GGH15 eval = s 1,0 s 2,1 s 3,1 A 3 D 4,0 + “still smallish” = s 1,0 s 2,1 s 3,1 s 4,0 A 4 + “small” 49

  12. S 1,1 S 2,1 S 3,1 S 4,1 A 4 S 1,0 S 2,0 S 3,0 S 4,0 + “small” e t a u l a v E D 1,1 D 2,1 D 3,1 D 4,1 A toy example A 0 of GGH15 eval D 1,0 D 2,0 D 3,0 D 4,0 50

  13. Functionality D 1,1 D 2,1 D 3,1 D 4,1 A 0 D 1,0 D 2,0 D 3,0 D 4,0 A 0 , S 1 A 1 +E 1 ,..., S k A k +E k → ∏SA k +E mod q Functionality: evaluate and test whether ∏S is zero or not. (Designing GGH15 applications: put structures in S i, b ) 51

  14. Functionality D 1,1 D 2,1 D 3,1 D 4,1 and Security A 0 D 1,0 D 2,0 D 3,0 D 4,0 A 0 , S 1 A 1 +E 1 ,..., S k A k +E k → ∏SA k +E mod q Functionality: evaluate and test whether ∏S is zero or not. (Designing GGH15 applications: put structures in S i, b ) Security (intuitively): hides S i, b for all i, b 52

  15. Functionality & Security S D 1,1 +E = A 1 A 0 toy examples S S = +E A 0 D 1,0 A 1 ∏SA 2 +E S D 2,1 = +E A 2 A 1 F(00) = 0 S F(01) = 1 F(10) = 1 = +E D 2,0 A 2 A 1 S F(11) = 1 53

  16. Functionality & Security S D 1,1 +E = A 1 A 0 toy examples S S = +E A 0 D 1,0 A 1 S S D 2,1 = +E A 2 A 1 S Claim: this construction hides all the structures in the S matrices. S = +E D 2,0 A 2 A 1 S 54

  17. Recall decisional LWE + E A S x A , ≈ computational A U , Permutation - LWE: A(1) A(1) S + E A(2) x A(2) S , A(3) A(3) S ≈ computational A(1) , U A(2) A(3) 55

  18. Functionality & Security S D 1,1 +E = A 1 A 0 toy examples S S = +E A 0 D 1,0 A 1 S S D 2,1 = +E A 2 A 1 S Claim: this construction hides all the structures in the S matrices. S = +E D 2,0 A 2 A 1 S 56

  19. Functionality & Security S D 1,1 +E = A 1 A 0 toy examples S S = +E A 0 D 1,0 A 1 S D 2,1 = U 2,1 A 1 = U 2,0 D 2,0 A 1 Permutation LWE 57

  20. Functionality & Security S D 1,1 +E = A 1 A 0 toy examples S S = +E A 0 D 1,0 A 1 S D 2,1 = U 2,1 A 1 = U 2,0 D 2,0 A 1 Turn off the trapdoor using GPV 58

  21. Functionality & Security U 1,1 D 1,1 = A 0 toy examples = U 1,0 A 0 D 1,0 D 2,1 = U 2,1 A 1 = U 2,0 D 2,0 A 1 Permutation LWE 59

  22. Functionality & Security U 1,1 D 1,1 = A 0 toy examples = U 1,0 A 0 D 1,0 D 2,1 = U 2,1 A 1 = U 2,0 D 2,0 A 1 Turn off the trapdoor using GPV 60

  23. Ok, looks simple. Are there insecure examples? 61

  24. For example, let S 2 = 0 in Insecurity A 0 D 1 = S 1 A 1 +E 1 , A 1 D 2 = S 2 A 2 +E 2 mod q example = mod q D 1 S 1 A 1 +E 1 A 0 = mod q D 2 E 2 A 1 62

  25. For example, let S 2 = 0 in Insecurity A 0 D 1 = S 1 A 1 +E 1 , A 1 D 2 = S 2 A 2 +E 2 mod q example D 2 becomes a “weak trapdoor” of A 1 , then S 1 is in danger = mod q D 1 S 1 A 1 +E 1 A 0 = mod q D 2 E 2 A 1 63

  26. For example, let S 2 = 0 in Insecurity A 0 D 1 = S 1 A 1 +E 1 , A 1 D 2 = S 2 A 2 +E 2 mod q example D 2 becomes a “weak trapdoor” of A 1 , then S 1 is in danger Eval = A 0 D 1 D 2 = (S 1 A 1 +E 1 )D 2 = S 1 E 2 + E 1 D 2 mod q Recover S 1 E 2 + E 1 D 2 over integers, can do many things. = mod q D 1 S 1 A 1 +E 1 A 0 = mod q D 2 E 2 A 1 64

  27. Plan of today: 1. Introduction 2. The GGH15 construction: functionality and security overview 3. Applications Open problems will be mentioned throughout the talk 65

  28. Private constrained PRFs [ Canetti, Chen 17 ] Witness encryption Multiparty key agreement [ Chen, Vaikuntanathan, Wee 18 ] Multilinear maps Indistinguishability obfuscation Deniable encryption Lockable obfuscation (Compute-then-Compare obf.) Broadcast encryption Reduction from LWE; Candidates exists; Broken 66

  29. What are private constrained PRFs? 67

  30. Private constrained Pseudorandom Function in 3 slides 68

  31. Private constrained Pseudorandom Function in 3 slides A truly random function PRF a d v With oracle access to either left or right 69

  32. Private constrained Pseudorandom Function in 3 slides original key Privately modified key a d v either the original key or the modified one Private key owner 70

  33. What are private constrained PRFs? Fine, so why is it useful? 71

  34. H i d e t h e p r o g r a i m n t h e c o n s t r a i n t Reminiscent of obfuscation ...

  35. Theorem [ Canetti Chen 17 ]: Two-key PCPRF (for a circuit class C) implies obfuscation (for C) Construction: Obf = ( K[C], K[Original] ) Obfuscation Eval(x): check consistency Eval( K[C], x) =? Eval( K[Original], x) C Z 73

  36. Jumping ahead, if you publish two constrained keys, there is an attack … In the rest of the talk, we will focus on: 1-key secure PCPRFs. 74

  37. D e c r y p t a n d e v a l 1-key PCPRF => Reusable Garbled Circuits

  38. Theorem [ Canetti Chen 17 ] 1-key PCPRF implies 1-key private-key functional encryption (reusable garbled circuits). Construction: from normal encryption Sym and PCPRF F Enc(m;r): ct = Enc Sym.K (m;r); tag = F[K](ct) FSK[Sym.K, F.K, C]: constrained key for the “decryption and eval” functionality C(Dec Sym.K ( . )) Eval: compute F[C(Dec Sym.K ( . ))](ct), and compare with tag

  39. Applications of PCPRFs: *Obfuscation Reusable garbled circuits Privately-detectable watermarking Maybe more … 77

  40. What are private constrained PRFs? Why is it useful? How to construct? 78

  41. Step 1: We need a PRF. Step 2: Add a constraint privately. 79

  42. [ Banerjee, Peikert, Rosen ’12 ] Subset-product & rounding ... s 1,1 s 2,1 s n,1 A Key: mod q ... s 1,0 s 2,0 s n,0 F(x) = { ∏s i,xi A } 2 Eval: s i,b are LWE secrets from low-norm distributions 80

  43. Rounding: {t} p : Z q -> Z p Compute t*p/q, then round to the nearest integer In this talk, p=2, q/p>exp(L), q/p ∼ super-polynomial q Amount of noise 81

  44. [ Banerjee, Peikert, Rosen 12 ] Uniform Small Unspecified Proof of pseudorandomness A is public, S i,xi are secret S 1,1 S 2,1 S 3,1 S 4,1 A mod q S 1,0 S 2,0 S 3,0 S 4,0 F(x) = { ∏s i,xi A } 2 Main observation: After rounding, can inject noises without changing functionality whp. 82

  45. [ Banerjee, Peikert, Rosen 12 ] Uniform Small Unspecified Proof of pseudorandomness A is public, S i,xi are secret S 1,1 S 2,1 S 3,1 S 4,1 A mod q S 1,0 S 2,0 S 3,0 S 4,0 F(x) = { ∏s i,xi A } 2 F(0110) = { s 1,0 s 2,1 s 3,1 s 4,0 A } 2 83

  46. [ Banerjee, Peikert, Rosen 12 ] Uniform Small Unspecified Proof of pseudorandomness A is public, S i,xi are secret S 1,1 S 2,1 S 3,1 S 4,1 A mod q S 1,0 S 2,0 S 3,0 S 4,0 F(x) = { ∏s i,xi A } 2 F(0110) = { s 1,0 s 2,1 s 3,1 s 4,0 A } 2 ≈ s { s 1,0 s 2,1 s 3,1 (s 4,0 A+E 4,0 ) } 2 84

  47. [ Banerjee, Peikert, Rosen 12 ] Uniform Small Unspecified Proof of pseudorandomness A is public, S i,xi are secret S 1,1 S 2,1 S 3,1 S 4,1 A mod q S 1,0 S 2,0 S 3,0 S 4,0 F(x) = { ∏s i,xi A } 2 F(0110) = { s 1,0 s 2,1 s 3,1 s 4,0 A } 2 ≈ s { s 1,0 s 2,1 s 3,1 (s 4,0 A+E 4,0 ) } 2 ≈ c { s 1,0 s 2,1 s 3,1 Y ***0 } 2 85

  48. [ Banerjee, Peikert, Rosen 12 ] Uniform Small Unspecified Proof of pseudorandomness A is public, S i,xi are secret S 1,1 S 2,1 S 3,1 S 4,1 A mod q S 1,0 S 2,0 S 3,0 S 4,0 F(x) = { ∏s i,xi A } 2 F(0110) = { s 1,0 s 2,1 s 3,1 s 4,0 A } 2 ≈ s { s 1,0 s 2,1 s 3,1 (s 4,0 A+E 4,0 ) } 2 ≈ c { s 1,0 s 2,1 s 3,1 Y ***0 } 2 ≈ s { s 1,0 s 2,1 (s 3,1 Y ***0 +E 3,1 ) } 2 86

  49. [ Banerjee, Peikert, Rosen 12 ] Uniform Small Unspecified Proof of pseudorandomness A is public, S i,xi are secret S 1,1 S 2,1 S 3,1 S 4,1 A mod q S 1,0 S 2,0 S 3,0 S 4,0 F(x) = { ∏s i,xi A } 2 F(0110) = { s 1,0 s 2,1 s 3,1 s 4,0 A } 2 ≈ s { s 1,0 s 2,1 s 3,1 (s 4,0 A+E 4,0 ) } 2 ≈ c { s 1,0 s 2,1 s 3,1 Y ***0 } 2 ≈ s { s 1,0 s 2,1 (s 3,1 Y ***0 +E 3,1 ) } 2 ≈ c { s 1,0 s 2,1 Y **10 } 2 ≈ … ≈{ Y 0110 } 2 87

  50. [ Banerjee, Peikert, Rosen ’12 ] Subset-product & rounding ... s 1,1 s 2,1 s n,1 A Key: mod q ... s 1,0 s 2,0 s n,0 F(x) = { ∏s i,xi A } 2 Eval: Exercise: show that taking matrix subset-product without rounding does not give a PRF. 88

  51. [ Banerjee, Peikert, Rosen ’12 ] Subset-product & rounding ... s 1,1 s 2,1 s n,1 A Key: mod q ... s 1,0 s 2,0 s n,0 F(x) = { ∏s i,xi A } 2 Eval: Open problem: prove or disprove that when q is a polynomial, the construction is a PRF. 89

  52. ... s 1,1 s 2,1 s n,1 A Key: mod q ... s 1,0 s 2,0 s n,0 F(x) = { ∏s i,xi A } 2 Eval: What we need in addition to build a Private Constrained PRF: + Embed structures in the secret terms to perform functionality (Barrington’s theorem) + A proper public mode of the function (GGH15 encoding) 90

  53. Imagine the GGH15 encoding of the PRF S 1,1 S 2,1 S 3,1 S 4,1 A 4 S 1,0 S 2,0 S 3,0 S 4,0 + “small” e t a u l a v E D 1,1 D 2,1 D 3,1 D 4,1 A 0 D 1,0 D 2,0 D 3,0 D 4,0 91

  54. Barrington’s theorem (used to embed a circuit into the key) 92

  55. 93 (Bonus) Barrington 1986: log-depth boolean circuits can be recognized by subset products of permutation matrices of width 5. Example: how to represent an AND gate P -1 Q -1 P Q 1 I I I I 0 Input wire 1 Input wire 2 Input wire 1 Input wire 2

  56. 94 (Bonus) Barrington 1986: log-depth boolean circuits can be recognized by subset products of permutation matrices of width 5. Example: how to represent an AND gate 0 and 0 1 I I I I 0 Input wire 1 Input wire 2 Input wire 1 Input wire 2

  57. 95 (Bonus) Barrington 1986: log-depth boolean circuits can be recognized by subset products of permutation matrices of width 5. Example: how to represent an AND gate 0 and 1 Q -1 Q 1 I I 0 Input wire 1 Input wire 2 Input wire 1 Input wire 2

  58. 96 (Bonus) Barrington 1986: log-depth boolean circuits can be recognized by subset products of permutation matrices of width 5. Example: how to represent an AND gate 1 and 0 P -1 P 1 I I 0 Input wire 1 Input wire 2 Input wire 1 Input wire 2

  59. 97 (Bonus) Barrington 1986: log-depth boolean circuits can be recognized by subset products of permutation matrices of width 5. Example: how to represent an AND gate 1 and 1 PQP -1 Q -1 = C ≠ I P -1 Q -1 P Q 1 0 Input wire 1 Input wire 2 Input wire 1 Input wire 2

  60. Representation of the constraint predicate: branching program 1 B 1,1 B 2,1 B 3,1 ... B L,1 0 B 1,0 B 2,0 B 3,0 ... B L,0 Eval: ∏B z(i),x_z(i) = I or C Steps 1 2 3 ... L Input z(1) z(2) z(3) ... z(L) 98

  61. We set the secrets like: S S 1,1 S 2,1 S 3,1 S 4,1 A 4 S S 1,0 S 2,0 S 3,0 S 4,0 S S S Representation of secrets (to be encoded by GGH15): B i,b ⊗ s i,b S S S S e.g. I ⊗ s = P ⊗ s = S S S S 99 S S

  62. PCPRF for NC1 constraints (permutation branching programs) 100

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

More Efficient Cryptographic Multilinear Maps from Ideal Lattices Ron Steinfeld Clayton School

More Efficient Cryptographic Multilinear Maps from Ideal Lattices Ron Steinfeld Clayton School

Introduction GGH Construction GGHLite Conclusions More Efficient Cryptographic Multilinear Maps from Ideal Lattices Ron Steinfeld Clayton School of IT Monash University, Australia (Based on joint work with A. Langlois and D. Stehl e, ENS

706 views • 39 slides
Multilinear Maps over the Integers From Design to Security Tancrde Lepoint CryptoExperts The

Multilinear Maps over the Integers From Design to Security Tancrde Lepoint CryptoExperts The

Multilinear Maps over the Integers From Design to Security Tancrde Lepoint CryptoExperts The Mathematics of Modern Cryptography Workshop, July 10th 2015 Timeline: The Hype Cycle of Multilinear Maps 2 / 30 visibility Timeline time 2 / 30

1.61k views • 112 slides
Obfuscation and Weak Multilinear Maps Mark Zhandry Princeton

Obfuscation and Weak Multilinear Maps Mark Zhandry Princeton

Obfuscation and Weak Multilinear Maps Mark Zhandry Princeton University Joint work with Saikrishna Badrinarayanan , Sanjam Garg, Eric Miles, Pratyay Mukherjee, Amit Sahai,

762 views • 49 slides
Private Outsourcing of Polynomial Evaluation and Matrix Multiplication using Multilinear Maps

Private Outsourcing of Polynomial Evaluation and Matrix Multiplication using Multilinear Maps

Private Outsourcing of Polynomial Evaluation and Matrix Multiplication using Multilinear Maps Liang Feng Zhang, Reihaneh Safavi-Naini Institute for Security, Privacy and Information Assurance Department of Computer Science University of

197 views • 19 slides
A Survey of Computational Assumptions on Bilinear and Multilinear Maps Allison Bishop IEX and

A Survey of Computational Assumptions on Bilinear and Multilinear Maps Allison Bishop IEX and

A Survey of Computational Assumptions on Bilinear and Multilinear Maps Allison Bishop IEX and Columbia University Group Basics There are two kinds of people in this world. Those who like additive group notation, and those who like

657 views • 31 slides
Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from

Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from

Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from Degree-5 Multilinear maps Prabhanjan Ananth Amit Sahai Constructions of iO All current constructions of iO are based on multilinear maps [GGHRSW13,

649 views • 39 slides
Cryptanalysis of the New CLT Multilinear Map over the Integers May 11, 2016 Cheon, Fouque, Lee,

Cryptanalysis of the New CLT Multilinear Map over the Integers May 11, 2016 Cheon, Fouque, Lee,

Cryptanalysis of the New CLT Multilinear Map over the Integers May 11, 2016 Cheon, Fouque, Lee, Minuad, Ryu Cryptanlysis of CLT15 Maps May 11, 2016 1 / 26 Jung Hee Cheon 1 , Pierre-Alain Fouque 2 , 3 , Changmin Lee 1 , Brice Minaud 2 , Hansol

456 views • 28 slides
Tamari-like intervals and planar maps Wenjie Fang TU Graz Workshop on Enumerative Combinatorics,

Tamari-like intervals and planar maps Wenjie Fang TU Graz Workshop on Enumerative Combinatorics,

Tamari-like lattices Planar Maps Bijections Extensions Discussion Tamari-like intervals and planar maps Wenjie Fang TU Graz Workshop on Enumerative Combinatorics, 19 October 2017 Erwin Schr odinger Institute Tamari-like lattices Planar

737 views • 35 slides
Mult ltilinear Maps From Id Ideal Lattic ices Sanjam Garg (IBM) Joint work with Craig Gentry

Mult ltilinear Maps From Id Ideal Lattic ices Sanjam Garg (IBM) Joint work with Craig Gentry

Mult ltilinear Maps From Id Ideal Lattic ices Sanjam Garg (IBM) Joint work with Craig Gentry (IBM) and Shai Halevi (IBM) Outline Bilinear Maps: Recall and Applications Motivating Multilinear maps Our Results Definitions of

694 views • 52 slides
Random colored lattices Olivier Bernardi Joint work with Mireille Bousquet-M elou (CNRS)

Random colored lattices Olivier Bernardi Joint work with Mireille Bousquet-M elou (CNRS)

Random colored lattices Olivier Bernardi Joint work with Mireille Bousquet-M elou (CNRS) IGERT talk, Brandeis University, February 2013 Random lattices, Random surfaces Maps A map is a way of gluing polygons in order to form a connected

1.28k views • 74 slides
Lattices from Codes or Codes from Lattices Amin Sakzad Dept of Electrical and Computer Systems

Lattices from Codes or Codes from Lattices Amin Sakzad Dept of Electrical and Computer Systems

Recall Cycle-Free Codes and Lattices Lattices from Codes Codes from Lattices Lattices from Codes or Codes from Lattices Amin Sakzad Dept of Electrical and Computer Systems Engineering Monash University amin.sakzad@monash.edu Oct. 2013

851 views • 55 slides
Lecture 9: Theta functions and lattices May 12, 2020 1 / 7 Lattices in R n A lattice is an

Lecture 9: Theta functions and lattices May 12, 2020 1 / 7 Lattices in R n A lattice is an

Lecture 9: Theta functions and lattices May 12, 2020 1 / 7 Lattices in R n A lattice is an additive subgroup R n such that Z n ( is free on n generators) b Z R R n ( spans the whole real vector space) # n +

246 views • 7 slides
Partitioning via Non-Linear Polynomial Functions: More Compact IBEs from Ideal Lattices and

Partitioning via Non-Linear Polynomial Functions: More Compact IBEs from Ideal Lattices and

Partitioning via Non-Linear Polynomial Functions: More Compact IBEs from Ideal Lattices and Bilinear Maps Shuichi Katsumata (The University of Tokyo) Shota Yamada (AIST) ASIACRYPT Born in 1991 (Japan) Me Born in 1991 (Japan) Background

850 views • 62 slides
Transcendental lattices and supersingular reduction lattices of a singular K3 surface Keio, 2007

Transcendental lattices and supersingular reduction lattices of a singular K3 surface Keio, 2007

Transcendental lattices and supersingular reduction lattices of a singular K3 surface Keio, 2007 September Ichiro Shimada (Hokkaido University, Sapporo, JAPAN) By a lattice, we mean a finitely generated free Z -module equipped with a

611 views • 31 slides
Algebraic models for multilinear dependence Jason Morton Stanford University February 21, 2009

Algebraic models for multilinear dependence Jason Morton Stanford University February 21, 2009

Algebraic models for multilinear dependence Jason Morton Stanford University February 21, 2009 NSF Tensor Workshop Joint work with Lek-Heng Lim of U.C. Berkeley J. Morton (Stanford) Algebraic models for multilinear dependence 2/21/09 NSF

504 views • 37 slides
CS371m - Mobile Computing Maps Using Google Maps This lecture focuses on using Google Maps

CS371m - Mobile Computing Maps Using Google Maps This lecture focuses on using Google Maps

CS371m - Mobile Computing Maps Using Google Maps This lecture focuses on using Google Maps inside an Android app Alternatives Exist: Open Street Maps http://www.openstreetmap.org/ If you simply want to display a "standard

1.15k views • 79 slides
Anisotropic Long Range Spin Systems Nicol` o Defenu Scuola Internazionale Superiore di Studi

Anisotropic Long Range Spin Systems Nicol` o Defenu Scuola Internazionale Superiore di Studi

Anisotropic Long Range Spin Systems Nicol` o Defenu Scuola Internazionale Superiore di Studi Avanzati, Trieste (Italy). ndefenu@sissa.it July 26, 2016 Nicol` o Defenu (SISSA) Functional RG July 26, 2016 1 / 21 Overview Long Range

1.08k views • 38 slides
Out of GIZAEfficient Word Alignment Models for SMT Yanjun Ma National Centre for Language

Out of GIZAEfficient Word Alignment Models for SMT Yanjun Ma National Centre for Language

Out of GIZAEfficient Word Alignment Models for SMT Yanjun Ma National Centre for Language Technology School of Computing Dublin City University NCLT Seminar Series March 4, 2009 Y. Ma (DCU) Out of Giza 1 / 28 Outline 1 Contexts 2 HMM

950 views • 49 slides
Standard and Natural Policy Gradients for Discounted Rewards Aaron Mishkin August 8, 2020 UBC

Standard and Natural Policy Gradients for Discounted Rewards Aaron Mishkin August 8, 2020 UBC

Standard and Natural Policy Gradients for Discounted Rewards Aaron Mishkin August 8, 2020 UBC MLRG 2018W1 1 Motivating Example: Humanoid Robot Control Consider learning a control model for a robotic arm that plays table tennis.

675 views • 38 slides
Stirling Alloa Kincardine Railway Brief History of the Route 1850 1968 Alloa

Stirling Alloa Kincardine Railway Brief History of the Route 1850 1968 Alloa

Rail future 2012 Stirling Alloa Kincardine Railway Brief History of the Route 1850 1968 Alloa and Cambus 1851 Rail Link 1983 Alloa Kincardine Dunfermline and 1993 Stirling - Cambus Alloa 1996 Kincardine-

553 views • 28 slides
AITP Components Cezary Kaliszyk 03 April 2016 University of Innsbruck, Austria Talk Overview

AITP Components Cezary Kaliszyk 03 April 2016 University of Innsbruck, Austria Talk Overview

Modular Architecture for Proof Advice AITP Components Cezary Kaliszyk 03 April 2016 University of Innsbruck, Austria Talk Overview AI over formal mathematics Premise selection overview The methods tried so far Features for

894 views • 41 slides
Dialogue systems & chatbots Pierre Lison IN4080 : Natural Language Processing (Fall 2020)

Dialogue systems & chatbots Pierre Lison IN4080 : Natural Language Processing (Fall 2020)

www.nr.no Dialogue systems & chatbots Pierre Lison IN4080 : Natural Language Processing (Fall 2020) 5.10.2020 The next 3 weeks How does (human-human) What are they? dialogue actually work ? What applications? Dialogue systems What are

523 views • 27 slides
GPU Sample Sort Nikolaj Leischner, Vitaly Osipov , Peter Sanders Institut fr Theoretische

GPU Sample Sort Nikolaj Leischner, Vitaly Osipov , Peter Sanders Institut fr Theoretische

GPU Sample Sort Nikolaj Leischner, Vitaly Osipov , Peter Sanders Institut fr Theoretische Informatik - Algorithmik II 1 Vitaly Osipov: Fakultt fr Informatik KIT Universitt des Landes Baden-Wrttemberg und GPU Sample Sort Institut

556 views • 24 slides
Automatic Speech Recognition (CS753) Automatic Speech Recognition (CS753) Lecture 24: Statistical

Automatic Speech Recognition (CS753) Automatic Speech Recognition (CS753) Lecture 24: Statistical

Automatic Speech Recognition (CS753) Automatic Speech Recognition (CS753) Lecture 24: Statistical Parametric Speech Synthesis Instructor: Preethi Jyothi Nov 2, 2017 Images on the first 11 slides are from Zen et al., Statistical Parametric

590 views • 19 slides

More recommend