provable insecurity
play

Provable insecurity Where artifacts come from, and how constructive - PowerPoint PPT Presentation

Mar 28, 2023 •300 likes •1.99k views

Provable insecurity Where artifacts come from, and how constructive math may help Claus Diem and dreiwert University of Leipzig December 29, 2019 Hash functions in theory and practice Constructive logic Part I Problem Claus Diem and

  1. Hash functions in theory and practice Constructive logic Artifact: ℓ ◮ Suppose the family h = ( h s ) s is collision free. What can we then conclude about h s 0 for a particular paramater s 0 ? Claus Diem and dreiwert Provable insecurity

  2. Hash functions in theory and practice Constructive logic Artifact: ℓ ◮ Suppose the family h = ( h s ) s is collision free. What can we then conclude about h s 0 for a particular paramater s 0 ? ◮ Strictly speaking nothing: Claus Diem and dreiwert Provable insecurity

  3. Hash functions in theory and practice Constructive logic Artifact: ℓ ◮ Suppose the family h = ( h s ) s is collision free. What can we then conclude about h s 0 for a particular paramater s 0 ? ◮ Strictly speaking nothing: � h s , if l ( s ) � = 128, ◮ Suppose h is collision resistant and h ∗ s = MD 5, if l ( s ) = 128. Then h ∗ is also collision resistant by the definition. Claus Diem and dreiwert Provable insecurity

  4. Hash functions in theory and practice Constructive logic Artifact: ℓ ◮ Suppose the family h = ( h s ) s is collision free. What can we then conclude about h s 0 for a particular paramater s 0 ? ◮ Strictly speaking nothing: � h s , if l ( s ) � = 128, ◮ Suppose h is collision resistant and h ∗ s = MD 5, if l ( s ) = 128. Then h ∗ is also collision resistant by the definition. ◮ But MD5 is still broken ... Claus Diem and dreiwert Provable insecurity

  5. Hash functions in theory and practice Constructive logic Artifact: ℓ ◮ Suppose the family h = ( h s ) s is collision free. What can we then conclude about h s 0 for a particular paramater s 0 ? ◮ Strictly speaking nothing: � h s , if l ( s ) � = 128, ◮ Suppose h is collision resistant and h ∗ s = MD 5, if l ( s ) = 128. Then h ∗ is also collision resistant by the definition. ◮ But MD5 is still broken ... ◮ Such a family h ∗ might seem to be “artificially constructed”, but maybe not ... Claus Diem and dreiwert Provable insecurity

  6. Hash functions in theory and practice Constructive logic Keyed hash functions ◮ h s , k : { 0 , 1 } ∗ → { 0 , 1 } l ( s ) (security parameter s , key k ) Claus Diem and dreiwert Provable insecurity

  7. Hash functions in theory and practice Constructive logic Keyed hash functions ◮ h s , k : { 0 , 1 } ∗ → { 0 , 1 } l ( s ) (security parameter s , key k ) ◮ Attacker A s reads k , outputs x , y Claus Diem and dreiwert Provable insecurity

  8. Hash functions in theory and practice Constructive logic Keyed hash functions ◮ h s , k : { 0 , 1 } ∗ → { 0 , 1 } l ( s ) (security parameter s , key k ) ◮ Attacker A s reads k , outputs x , y 1 ◮ collision resistant: ∀ n : ∃ s 0 : ∀ s : s > s 0 ⇒ P [ x � = y ∧ h s , k ( x ) = h s , k ( y )] < l ( s ) n Claus Diem and dreiwert Provable insecurity

  9. Hash functions in theory and practice Constructive logic Keyed hash functions ◮ h s , k : { 0 , 1 } ∗ → { 0 , 1 } l ( s ) (security parameter s , key k ) ◮ Attacker A s reads k , outputs x , y 1 ◮ collision resistant: ∀ n : ∃ s 0 : ∀ s : s > s 0 ⇒ P [ x � = y ∧ h s , k ( x ) = h s , k ( y )] < l ( s ) n ◮ (after Damgard 1987) Claus Diem and dreiwert Provable insecurity

  10. Hash functions in theory and practice Constructive logic Keyed hash functions ◮ h s , k : { 0 , 1 } ∗ → { 0 , 1 } l ( s ) (security parameter s , key k ) ◮ Attacker A s reads k , outputs x , y 1 ◮ collision resistant: ∀ n : ∃ s 0 : ∀ s : s > s 0 ⇒ P [ x � = y ∧ h s , k ( x ) = h s , k ( y )] < l ( s ) n ◮ (after Damgard 1987) ◮ Allows working with A s working on fixed output lengths Claus Diem and dreiwert Provable insecurity

  11. Hash functions in theory and practice Constructive logic Keyed hash functions ◮ h s , k : { 0 , 1 } ∗ → { 0 , 1 } l ( s ) (security parameter s , key k ) ◮ Attacker A s reads k , outputs x , y 1 ◮ collision resistant: ∀ n : ∃ s 0 : ∀ s : s > s 0 ⇒ P [ x � = y ∧ h s , k ( x ) = h s , k ( y )] < l ( s ) n ◮ (after Damgard 1987) ◮ Allows working with A s working on fixed output lengths ◮ Might seem to be a good solution: Not asymptotic, does not immediately lead to a “trivial” attack. Claus Diem and dreiwert Provable insecurity

  12. Hash functions in theory and practice Constructive logic Artifact: k ◮ But: Real hash functions normally don’t have keys Claus Diem and dreiwert Provable insecurity

  13. Hash functions in theory and practice Constructive logic Artifact: k ◮ But: Real hash functions normally don’t have keys ◮ Possible interpretation in some cases: key = initialization vector Claus Diem and dreiwert Provable insecurity

  14. Hash functions in theory and practice Constructive logic Artifact: k ◮ But: Real hash functions normally don’t have keys ◮ Possible interpretation in some cases: key = initialization vector ◮ But then, free-start collision attacks are being analyzed Claus Diem and dreiwert Provable insecurity

  15. Hash functions in theory and practice Constructive logic Artifact: k ◮ But: Real hash functions normally don’t have keys ◮ Possible interpretation in some cases: key = initialization vector ◮ But then, free-start collision attacks are being analyzed ◮ But without variable (!) k , A s can always be the trivial attacker Claus Diem and dreiwert Provable insecurity

  16. Hash functions in theory and practice Constructive logic Artifact: k ◮ But: Real hash functions normally don’t have keys ◮ Possible interpretation in some cases: key = initialization vector ◮ But then, free-start collision attacks are being analyzed ◮ But without variable (!) k , A s can always be the trivial attacker ◮ Assume h being collision resistant and � h s , k , if l ( s ) � = 128, h ∗ s , k = MD 5, if l ( s ) = 128 ∧ k = k 0 , Claus Diem and dreiwert Provable insecurity

  17. Hash functions in theory and practice Constructive logic Artifact: k ◮ But: Real hash functions normally don’t have keys ◮ Possible interpretation in some cases: key = initialization vector ◮ But then, free-start collision attacks are being analyzed ◮ But without variable (!) k , A s can always be the trivial attacker ◮ Assume h being collision resistant and � h s , k , if l ( s ) � = 128, h ∗ s , k = MD 5, if l ( s ) = 128 ∧ k = k 0 , ◮ So, strictly speaking from “ h is collision resistant” we still cannot conclude anything about “concrete hash functions”. Claus Diem and dreiwert Provable insecurity

  18. Hash functions in theory and practice Constructive logic Practical security How's it going? Excellent, We can prove so let's go in production that the new CPU using 64 bit registers works as speci fi ed, No point doing so. when the register width For every fi xed register width, approaches in fi nity. the proof does not say anything. Figure: Drawings: xkcd.com, modification to text (CC BY-NC 2.5) Claus Diem and dreiwert Provable insecurity

  19. Hash functions in theory and practice Constructive logic “Provably secure” hash functions ◮ collision resistant hash functions according to these definitions can be constructed Claus Diem and dreiwert Provable insecurity

  20. Hash functions in theory and practice Constructive logic “Provably secure” hash functions ◮ collision resistant hash functions according to these definitions can be constructed (under suitable assumption!). ◮ e.g. VSH, ECOH, FSB Claus Diem and dreiwert Provable insecurity

  21. Hash functions in theory and practice Constructive logic “Provably secure” hash functions ◮ collision resistant hash functions according to these definitions can be constructed (under suitable assumption!). ◮ e.g. VSH, ECOH, FSB ◮ Often slow and of little practical relevance Claus Diem and dreiwert Provable insecurity

  22. Hash functions in theory and practice Constructive logic “Provably secure” hash functions ◮ collision resistant hash functions according to these definitions can be constructed (under suitable assumption!). ◮ e.g. VSH, ECOH, FSB ◮ Often slow and of little practical relevance ◮ Who decides about the length and the key to use? Claus Diem and dreiwert Provable insecurity

  23. Hash functions in theory and practice Constructive logic First conclusions ◮ Problematic to characterize families of functions when seeking for results on a specific hash functions Claus Diem and dreiwert Provable insecurity

  24. Hash functions in theory and practice Constructive logic First conclusions ◮ Problematic to characterize families of functions when seeking for results on a specific hash functions ◮ Where does the (existing) attacker A come from? Claus Diem and dreiwert Provable insecurity

  25. Hash functions in theory and practice Constructive logic First conclusions ◮ Problematic to characterize families of functions when seeking for results on a specific hash functions ◮ Where does the (existing) attacker A come from? ◮ Explicit precomputation: A pre computes attacker A Claus Diem and dreiwert Provable insecurity

  26. Hash functions in theory and practice Constructive logic First conclusions ◮ Problematic to characterize families of functions when seeking for results on a specific hash functions ◮ Where does the (existing) attacker A come from? ◮ Explicit precomputation: A pre computes attacker A ◮ Cost of attack: e.g. TIME ( A pre )+ TIME ( A ) Claus Diem and dreiwert Provable insecurity

  27. Hash functions in theory and practice Constructive logic The fastest attack, reloaded ◮ int main() { std::cout << "int main() {" << std::endl; std::cout << " std::cout << \" x , y \\n\";\n"; std::cout << " return 0;" << std::endl; std::cout << "}" << std::endl; return 0; } Claus Diem and dreiwert Provable insecurity

  28. Hash functions in theory and practice Constructive logic The fastest attack, reloaded ◮ int main() { std::cout << "int main() {" << std::endl; std::cout << " std::cout << \" x , y \\n\";\n"; std::cout << " return 0;" << std::endl; std::cout << "}" << std::endl; return 0; } ◮ Complexity: constant Claus Diem and dreiwert Provable insecurity

  29. Hash functions in theory and practice Constructive logic The fastest attack, reloaded ◮ int main() { std::cout << "int main() {" << std::endl; std::cout << " std::cout << \" x , y \\n\";\n"; std::cout << " return 0;" << std::endl; std::cout << "}" << std::endl; return 0; } ◮ Complexity: constant ◮ Anything gained? Claus Diem and dreiwert Provable insecurity

  30. Hash functions in theory and practice Constructive logic Closing the gap ◮ An idea (after Bernstein and Lange 2012): Size limitation for A pre Claus Diem and dreiwert Provable insecurity

  31. Hash functions in theory and practice Constructive logic Closing the gap ◮ An idea (after Bernstein and Lange 2012): Size limitation for A pre ◮ Outrules trivial attacks for sufficiently large output lengths Claus Diem and dreiwert Provable insecurity

  32. Hash functions in theory and practice Constructive logic Closing the gap ◮ An idea (after Bernstein and Lange 2012): Size limitation for A pre ◮ Outrules trivial attacks for sufficiently large output lengths ◮ Still not useful for practically used hash functions. Claus Diem and dreiwert Provable insecurity

  33. Hash functions in theory and practice Constructive logic Fundamental issue remains ◮ We know: If a Hash function h is collision resistant GnuPG-h is unforgable. Claus Diem and dreiwert Provable insecurity

  34. Hash functions in theory and practice Constructive logic Fundamental issue remains ◮ We know: If a Hash function h is collision resistant GnuPG-h is unforgable. ◮ We want to argue that some “real” Hash function h is collision resistant. Claus Diem and dreiwert Provable insecurity

  35. Hash functions in theory and practice Constructive logic Fundamental issue remains ◮ We know: If a Hash function h is collision resistant GnuPG-h is unforgable. ◮ We want to argue that some “real” Hash function h is collision resistant. ◮ But such an h is never collision resistant. Claus Diem and dreiwert Provable insecurity

  36. Hash functions in theory and practice Constructive logic Fundamental issue remains ◮ We know: If a Hash function h is collision resistant GnuPG-h is unforgable. ◮ We want to argue that some “real” Hash function h is collision resistant. ◮ But such an h is never collision resistant. ◮ Only in the asymptotic setting or in the Random Oracle model this can be proven. Claus Diem and dreiwert Provable insecurity

  37. Hash functions in theory and practice Constructive logic Fundamental issue remains ◮ We know: If a Hash function h is collision resistant GnuPG-h is unforgable. ◮ We want to argue that some “real” Hash function h is collision resistant. ◮ But such an h is never collision resistant. ◮ Only in the asymptotic setting or in the Random Oracle model this can be proven. ◮ So usually the known proofs are applied where they cannot really be applied ◮ Is this really what we expect from a „proof“? Claus Diem and dreiwert Provable insecurity

  38. Hash functions in theory and practice Constructive logic Interpretation of proofs It can be shown that the new signature scheme has a weakness. But well-known cryptographers say that the weakness is not of practical relevance. At least we can prove the security of the encryption. But it is assumed that the proof methology does not allow conclusions about practical security. Figure: Drawings: xkcd.com, modification to text (CC BY-NC 2.5) Claus Diem and dreiwert Provable insecurity

  39. Hash functions in theory and practice Constructive logic Getting to the root cause ◮ Where do x and y come from? Claus Diem and dreiwert Provable insecurity

  40. Hash functions in theory and practice Constructive logic Getting to the root cause ◮ Where do x and y come from? ◮ x , y ← pigeonhole principle ← mathematical logic Claus Diem and dreiwert Provable insecurity

  41. Hash functions in theory and practice Constructive logic Getting to the root cause ◮ Where do x and y come from? ◮ x , y ← pigeonhole principle ← mathematical logic ◮ Language consisting of: ∨ , ∧ , ¬ , = ⇒ , ∃ , ∀ and symbols Claus Diem and dreiwert Provable insecurity

  42. Hash functions in theory and practice Constructive logic Getting to the root cause ◮ Where do x and y come from? ◮ x , y ← pigeonhole principle ← mathematical logic ◮ Language consisting of: ∨ , ∧ , ¬ , = ⇒ , ∃ , ∀ and symbols ◮ Problem may be caused by the meaning of the symbols Claus Diem and dreiwert Provable insecurity

  43. Introduction Algorithmic content Hash collision, revisited Part II Constructive logic Claus Diem and dreiwert Provable insecurity

  44. Introduction Algorithmic content Hash collision, revisited What is constructive logic? ◮ Symbols as in classical logic Claus Diem and dreiwert Provable insecurity

  45. Introduction Algorithmic content Hash collision, revisited What is constructive logic? ◮ Symbols as in classical logic ◮ Meaning partially different Claus Diem and dreiwert Provable insecurity

  46. Introduction Algorithmic content Hash collision, revisited What is constructive logic? ◮ Symbols as in classical logic ◮ Meaning partially different ◮ “ x exists” means “we can construct x ” Claus Diem and dreiwert Provable insecurity

  47. Introduction Algorithmic content Hash collision, revisited From proofs to algorithms ◮ BHK interpretations give a meaning to constructive proofs. Claus Diem and dreiwert Provable insecurity

  48. Introduction Algorithmic content Hash collision, revisited From proofs to algorithms ◮ BHK interpretations give a meaning to constructive proofs. ◮ (after Brouwer-Heyting-Kolmogorov, more seldomly Brouwer-Heyting-Kreisel) Claus Diem and dreiwert Provable insecurity

  49. Introduction Algorithmic content Hash collision, revisited From proofs to algorithms ◮ BHK interpretations give a meaning to constructive proofs. ◮ (after Brouwer-Heyting-Kolmogorov, more seldomly Brouwer-Heyting-Kreisel) ◮ Realizations formalize these interpretations. Claus Diem and dreiwert Provable insecurity

  50. Introduction Algorithmic content Hash collision, revisited From proofs to algorithms ◮ BHK interpretations give a meaning to constructive proofs. ◮ (after Brouwer-Heyting-Kolmogorov, more seldomly Brouwer-Heyting-Kreisel) ◮ Realizations formalize these interpretations. ◮ Realizations have a strong relationship to algorithms Claus Diem and dreiwert Provable insecurity

  51. Introduction Algorithmic content Hash collision, revisited What are realizations? ◮ “ a realizes A ” means: Claus Diem and dreiwert Provable insecurity

  52. Introduction Algorithmic content Hash collision, revisited What are realizations? ◮ “ a realizes A ” means: a is a proof of A ◮ defined inductively over the structure of the proven formula Claus Diem and dreiwert Provable insecurity

  53. Introduction Algorithmic content Hash collision, revisited Conjunction ◮ structure: A ∧ B Claus Diem and dreiwert Provable insecurity

  54. Introduction Algorithmic content Hash collision, revisited Conjunction ◮ structure: A ∧ B ◮ � a , b � realizes A ∧ B iff a realizes A and b realizes B Claus Diem and dreiwert Provable insecurity

  55. Introduction Algorithmic content Hash collision, revisited Conjunction ◮ structure: A ∧ B ◮ � a , b � realizes A ∧ B iff a realizes A and b realizes B ◮ Interpretation: both conjuncts must be proved Claus Diem and dreiwert Provable insecurity

  56. Introduction Algorithmic content Hash collision, revisited Conjunction ◮ structure: A ∧ B ◮ � a , b � realizes A ∧ B iff a realizes A and b realizes B ◮ Interpretation: both conjuncts must be proved ◮ Meaning as in classical logic Claus Diem and dreiwert Provable insecurity

  57. Introduction Algorithmic content Hash collision, revisited Disjunction ◮ structure: A ∨ B Claus Diem and dreiwert Provable insecurity

  58. Introduction Algorithmic content Hash collision, revisited Disjunction ◮ structure: A ∨ B ◮ � 0 , a � realizes A ∨ B iff a realizes A ◮ � 1 , b � realizes A ∨ B iff b realizes B Claus Diem and dreiwert Provable insecurity

  59. Introduction Algorithmic content Hash collision, revisited Disjunction ◮ structure: A ∨ B ◮ � 0 , a � realizes A ∨ B iff a realizes A ◮ � 1 , b � realizes A ∨ B iff b realizes B ◮ Interpretation: one must either prove A or prove B Claus Diem and dreiwert Provable insecurity

  60. Introduction Algorithmic content Hash collision, revisited Disjunction ◮ structure: A ∨ B ◮ � 0 , a � realizes A ∨ B iff a realizes A ◮ � 1 , b � realizes A ∨ B iff b realizes B ◮ Interpretation: one must either prove A or prove B ◮ Stronger meaning as a disjunction in classical logic Claus Diem and dreiwert Provable insecurity

  61. Introduction Algorithmic content Hash collision, revisited Implication ◮ structure: A ⇒ B Claus Diem and dreiwert Provable insecurity

  62. Introduction Algorithmic content Hash collision, revisited Implication ◮ structure: A ⇒ B ◮ f realizes A ⇒ B means: If a realizes A then f ( a ) realizes B Claus Diem and dreiwert Provable insecurity

  63. Introduction Algorithmic content Hash collision, revisited Implication ◮ structure: A ⇒ B ◮ f realizes A ⇒ B means: If a realizes A then f ( a ) realizes B ◮ Interpretation: convert any proof for A into a proof for B Claus Diem and dreiwert Provable insecurity

  64. Introduction Algorithmic content Hash collision, revisited Implication ◮ structure: A ⇒ B ◮ f realizes A ⇒ B means: If a realizes A then f ( a ) realizes B ◮ Interpretation: convert any proof for A into a proof for B ◮ Meaning as in classical logic Claus Diem and dreiwert Provable insecurity

  65. Introduction Algorithmic content Hash collision, revisited Negation ◮ structure: ¬ A Claus Diem and dreiwert Provable insecurity

  66. Introduction Algorithmic content Hash collision, revisited Negation ◮ structure: ¬ A ◮ f realizes ¬ A iff. f realizes A ⇒ 0 = 1 Claus Diem and dreiwert Provable insecurity

  67. Introduction Algorithmic content Hash collision, revisited Negation ◮ structure: ¬ A ◮ f realizes ¬ A iff. f realizes A ⇒ 0 = 1 ◮ Interpretation: derive a contradiction from any proof for A Claus Diem and dreiwert Provable insecurity

  68. Introduction Algorithmic content Hash collision, revisited Negation ◮ structure: ¬ A ◮ f realizes ¬ A iff. f realizes A ⇒ 0 = 1 ◮ Interpretation: derive a contradiction from any proof for A ◮ Meaning weaker as a negation in classical logic Claus Diem and dreiwert Provable insecurity

  69. Introduction Algorithmic content Hash collision, revisited Negation ◮ structure: ¬ A ◮ f realizes ¬ A iff. f realizes A ⇒ 0 = 1 ◮ Interpretation: derive a contradiction from any proof for A ◮ Meaning weaker as a negation in classical logic ◮ A ⇒ ¬¬ A , but not necessarily ¬¬ A ⇒ A Claus Diem and dreiwert Provable insecurity

  70. Introduction Algorithmic content Hash collision, revisited Universal quantification ◮ structure: ∀ x : A Claus Diem and dreiwert Provable insecurity

  71. Introduction Algorithmic content Hash collision, revisited Universal quantification ◮ structure: ∀ x : A ◮ f realizes ∀ x : A iff. f ( a ) realizes A [ x / a ] for every a Claus Diem and dreiwert Provable insecurity

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Outline Atlanta, GA What is food insecurity? Food Insecurity in Why we care about

Outline Atlanta, GA What is food insecurity? Food Insecurity in Why we care about

2010 MOWAA Annual Conference and EXPO Outline Atlanta, GA What is food insecurity? Food Insecurity in Why we care about food insecurity? Older Americans: What are barriers to achieve food security? What are the consequences of

290 views • 4 slides
Increases in Food Insecurity due to COVID-19: What Can be Done? Craig Gundersen University of

Increases in Food Insecurity due to COVID-19: What Can be Done? Craig Gundersen University of

Increases in Food Insecurity due to COVID-19: What Can be Done? Craig Gundersen University of Illinois ACES Distinguished Professor Department of Agricultural and Consumer Economics Defining Food Insecurity A households food insecurity

363 views • 35 slides
Food Insecurity Statistics Orange County 12.7% of households are food insecure There are

Food Insecurity Statistics Orange County 12.7% of households are food insecure There are

Food Insecurity Statistics Orange County 12.7% of households are food insecure There are 349,690 people living with food insecurity 1 in 5 children face food insecurity Source: (Feeding America. Map the Meal Gap 2013.) Child Poverty

554 views • 23 slides
OF FOOD INSECURITY Evaluating the level and dynamics of Ph.D. Qualifier: food insecurity Mame

OF FOOD INSECURITY Evaluating the level and dynamics of Ph.D. Qualifier: food insecurity Mame

Evaluate the LEVEL AND DYNAMICS OF FOOD INSECURITY Evaluating the level and dynamics of Ph.D. Qualifier: food insecurity Mame Zewga PROMOTER: Vector Jetten Mame Zewge Co-PROMOTERS: Dr. Ettema Janneke Dr. Dereje Meshesha Outline

578 views • 18 slides
Food Deserts in Our Community Presented by Micheline Hynes Prevalence of Food Insecurity The

Food Deserts in Our Community Presented by Micheline Hynes Prevalence of Food Insecurity The

Food Deserts in Our Community Presented by Micheline Hynes Prevalence of Food Insecurity The prevalence of food insecurity varied considerably among household types. Rates of food insecurity were higher than the national average (11.1%) for

298 views • 29 slides
Another Look at Provable Security Alfred Menezes (joint work with Sanjit Chatterjee, Neal

Another Look at Provable Security Alfred Menezes (joint work with Sanjit Chatterjee, Neal

Another Look at Provable Security Alfred Menezes (joint work with Sanjit Chatterjee, Neal Koblitz, Palash Sarkar) EUROCRYPT 2012 1 Provable security Goal: To prove that a protocol P is secure with respect to a computational problem or

1.32k views • 91 slides
The fundamental goal of provable security D. J. Bernstein University of Illinois at

The fundamental goal of provable security D. J. Bernstein University of Illinois at

The fundamental goal of provable security D. J. Bernstein University of Illinois at Chicago &amp; Technische Universiteit Eindhoven Lets focus on what provable security is trying to do. Lets not get distracted by current

623 views • 9 slides
Nutrition Programs for Older Adults Food Insecurity in Older Adults Food Insecurity (USDA): A

Nutrition Programs for Older Adults Food Insecurity in Older Adults Food Insecurity (USDA): A

Nutrition Programs for Older Adults Food Insecurity in Older Adults Food Insecurity (USDA): A household-level economic and social condition of limited or uncertain access to adequate food. As of 2017, 7.3% of older adults in the

258 views • 11 slides
Introduction to Provable Security Alejandro Hevia Dept. of Computer Science, Universidad de

Introduction to Provable Security Alejandro Hevia Dept. of Computer Science, Universidad de

Introduction to Provable Security Introduction to Provable Security Alejandro Hevia Dept. of Computer Science, Universidad de Chile Advanced Crypto School, Florian opolis October 17, 2013 1/77 Introduction to Cryptography Part I

1.15k views • 99 slides
Provable Security in Cryptography ----- DL-based Systems ECC - Sept 24th 2002 - Essen David

Provable Security in Cryptography ----- DL-based Systems ECC - Sept 24th 2002 - Essen David

Provable Security in Cryptography ----- DL-based Systems ECC - Sept 24th 2002 - Essen David Pointcheval Ecole normale suprieure France Summary Summary The Methodology of Provable Security Complexity Assumptions

351 views • 24 slides
Outline Cryptographic Algorithm Engineering and Provable Security Crypto refresher

Outline Cryptographic Algorithm Engineering and Provable Security Crypto refresher

Bart Preneel September 2007 Cryptographic Algorithm Engineering and Provable Security Outline Cryptographic Algorithm Engineering and Provable Security Crypto refresher Basic concepts Foundations of Security Analysis and

958 views • 31 slides
Food insecurity and health: Development and initial findings of a community research

Food insecurity and health: Development and initial findings of a community research

Food insecurity and health: Development and initial findings of a community research collaboration Sandi L. Pruitt June 26, 2017 Reduction of food insecurity, particularly at the severe level, is a public health concern and a modifiable

190 views • 15 slides
Stockholm Water Week Water stewardship different ways but same objectives Water insecurity

Stockholm Water Week Water stewardship different ways but same objectives Water insecurity

Stockholm Water Week Water stewardship different ways but same objectives Water insecurity an increasingly dominate factor for sustainable development Drivers of Water insecurity All sectors have a role Non-cooperation makes a bad

346 views • 11 slides
Colloquium 2019 Food Insecurities: Our College Community Responsibility Presented by: Diane

Colloquium 2019 Food Insecurities: Our College Community Responsibility Presented by: Diane

Colloquium 2019 Food Insecurities: Our College Community Responsibility Presented by: Diane Haskins What is Food In Insecurity? FOOD INSECURITY (food insecurity), n. Food insecurity is the limited or uncertain availability of

551 views • 23 slides
CONSTANT INSECURITY: THINGS YOU DIDN'T KNOW ABOUT (PECOFF) PORTABLE EXECUTABLE FILE FORMAT

CONSTANT INSECURITY: THINGS YOU DIDN'T KNOW ABOUT (PECOFF) PORTABLE EXECUTABLE FILE FORMAT

BlackHat USA 2011, Las Vegas Mario Vuksan &amp; Tomislav Pericin, ReversingLabs CONSTANT INSECURITY: THINGS YOU DIDN'T KNOW ABOUT (PECOFF) PORTABLE EXECUTABLE FILE FORMAT Constant Insecurity Maturing Code PE has been on Windows for 18

686 views • 41 slides
FOOD INSECURITY WHOS AFFECTED? WHY DOES IT MATTER? Audrey C. McCool, EdD, RDN, LD Learning

FOOD INSECURITY WHOS AFFECTED? WHY DOES IT MATTER? Audrey C. McCool, EdD, RDN, LD Learning

FOOD INSECURITY WHOS AFFECTED? WHY DOES IT MATTER? Audrey C. McCool, EdD, RDN, LD Learning Objectives 2 Session Participants will: Have increased understanding of the extent of food insecurity throughout the U.S. and in their local

803 views • 40 slides
CS3157: Advanced Programming Lecture #4 Jan 30 Shlomo Hershkop shlomo@cs.columbia.edu 1

CS3157: Advanced Programming Lecture #4 Jan 30 Shlomo Hershkop shlomo@cs.columbia.edu 1

CS3157: Advanced Programming Lecture #4 Jan 30 Shlomo Hershkop shlomo@cs.columbia.edu 1 Outline Feedback Homework More file handling and reg exp CGI HTML CGI &amp; Perl Perl Debugger Reading:

545 views • 28 slides
How Risky is the Random-Oracle Model? Gatan Leurent and Phong Nguy n &amp; &amp; France

How Risky is the Random-Oracle Model? Gatan Leurent and Phong Nguy n &amp; &amp; France

How Risky is the Random-Oracle Model? Gatan Leurent and Phong Nguy n &amp; &amp; France Aug. 19, 2009 Full version on http:/ / eprint.iacr.org/2008/ 441 Summary The Random-Oracle Model (ROM) Random-Oracle Instantiations Robustness

789 views • 48 slides
CS 683 - Security and Privacy Fall 2019 Instructor: Karim Eldefrawy University of San Francisco

CS 683 - Security and Privacy Fall 2019 Instructor: Karim Eldefrawy University of San Francisco

CS 683 - Security and Privacy Fall 2019 Instructor: Karim Eldefrawy University of San Francisco http://www.cs.usfca.edu/~keldefrawy/teaching /fall2019/cs683/cs683_main.htm 1 CBC Mode Cipher-Block Chaining (CBC) Mode Input to encryption

703 views • 45 slides
Slinging the Hash (Function) What are hash functions good for? Hashing values to insert into

Slinging the Hash (Function) What are hash functions good for? Hashing values to insert into

Slinging the Hash (Function) What are hash functions good for? Hashing values to insert into arrays: hash tables Converting long strings into shorter strings in an irreversible way: one-way function Turn a 200 KB document into a 16

434 views • 5 slides
CSE543 - Introduction to Computer and Network Security Module: Cryptography Professor Trent

CSE543 - Introduction to Computer and Network Security Module: Cryptography Professor Trent

1.13k views • 69 slides
Deploying MDA Traceroute on RIPE Atlas Probes Kevin Vermeulen 1 , Stephen Strowes 2 , Timur

Deploying MDA Traceroute on RIPE Atlas Probes Kevin Vermeulen 1 , Stephen Strowes 2 , Timur

Deploying MDA Traceroute on RIPE Atlas Probes Kevin Vermeulen 1 , Stephen Strowes 2 , Timur Friedman 1 1 Sorbonne University, 2 RIPE NCC Summary Multipath Detection Algorithm (MDA) and its limits Towards a better MDA: Survey on load

444 views • 18 slides
Asymptotics of Joint Maxima of Discrete Random Variables Anne Feidt University of Zurich with

Asymptotics of Joint Maxima of Discrete Random Variables Anne Feidt University of Zurich with

Asymptotics of Joint Maxima of Discrete Random Variables Anne Feidt University of Zurich with Christian Genest and Johanna Ne slehov a Disentis, 21 st July 2008 Introduction Notation X 1 , . . . , X n i.i.d. with cdf F Maximum X

668 views • 27 slides
02291: System Integration Model-Driven Architecture (MDA) Hubert Baumeister huba@dtu.dk DTU

02291: System Integration Model-Driven Architecture (MDA) Hubert Baumeister huba@dtu.dk DTU

02291: System Integration Model-Driven Architecture (MDA) Hubert Baumeister huba@dtu.dk DTU Compute Technical University of Denmark Spring 2020 Traditional Development to MDA Traditional Development to MDA Traditional Development to MDA

549 views • 25 slides

More recommend