succinct malleable nizks and an application to compact
play

Succinct Malleable NIZKs and an Application to Compact Shuffles - PowerPoint PPT Presentation

Oct 27, 2022 •245 likes •1.47k views

Succinct Malleable NIZKs and an Application to Compact Shuffles Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR Cambridge) Anna Lysyanskaya (Brown University) Sarah Meiklejohn (UC San Diego) 1 Proofs of proofs 2 Proofs of proofs Suppose

  1. Outline Definitions 6

  2. Outline Definitions SNARGs to cm-NIZKs 6

  3. Outline Definitions SNARGs to cm-NIZKs Applying the cm-NIZK 6

  4. Outline Definitions SNARGs to cm-NIZKs Applying the cm-NIZK Conclusions 6

  5. Outline Definitions Malleable proofs Definitions SNARGs to cm-NIZKs SNARGs t-tiered transformations Applying the cm-NIZK Conclusions 6

  6. Malleability for proofs [CKLM12] 7

  7. Malleability for proofs [CKLM12] Generally, a proof is malleable with respect to T if there exists an algorithm Eval that on input (T,{x i , π i }), outputs a proof π for T({x i }) 7

  8. Malleability for proofs [CKLM12] Generally, a proof is malleable with respect to T if there exists an algorithm Eval that on input (T,{x i , π i }), outputs a proof π for T({x i }) • E.g., T = × , x i = “b i is a bit” 7

  9. Malleability for proofs [CKLM12] Generally, a proof is malleable with respect to T if there exists an algorithm Eval that on input (T,{x i , π i }), outputs a proof π for T({x i }) • E.g., T = × , x i = “b i is a bit” Can define zero knowledge in the usual way as long as proofs are malleable only with respect to operations under which the language is closed 7

  10. Malleability for proofs [CKLM12] Generally, a proof is malleable with respect to T if there exists an algorithm Eval that on input (T,{x i , π i }), outputs a proof π for T({x i }) • E.g., T = × , x i = “b i is a bit” Can define zero knowledge in the usual way as long as proofs are malleable only with respect to operations under which the language is closed But how to define a strong notion of soundness like controlled malleability? 7

  11. Malleability for proofs [CKLM12] Generally, a proof is malleable with respect to T if there exists an algorithm Eval that on input (T,{x i , π i }), outputs a proof π for T({x i }) • E.g., T = × , x i = “b i is a bit” Can define zero knowledge in the usual way as long as proofs are malleable only with respect to operations under which the language is closed But how to define a strong notion of soundness like controlled malleability? High-level idea of CM-SSE: extractor can pull out either a witness (fresh proof), or a previous instance and an allowable transformation from that instance to the new one (validly transformed proof) 7

  12. Malleability for proofs [CKLM12] Generally, a proof is malleable with respect to T if there exists an algorithm Eval that on input (T,{x i , π i }), outputs a proof π for T({x i }) • E.g., T = × , x i = “b i is a bit” Can define zero knowledge in the usual way as long as proofs are malleable only with respect to operations under which the language is closed But how to define a strong notion of soundness like controlled malleability? High-level idea of CM-SSE: extractor can pull out either a witness (fresh proof), or a previous instance and an allowable transformation from that instance to the new one (validly transformed proof) (hides fresh vs. transformed) If a proof is zero knowledge, CM-SSE, and strongly derivation private, then we call it a cm-NIZK 7

  13. SNARGs [BSW12,GGPR13] 8

  14. SNARGs [BSW12,GGPR13] A proof system is a succinct non-interactive argument of knowledge (SNARG) if it is complete and if: 8

  15. SNARGs [BSW12,GGPR13] A proof system is a succinct non-interactive argument of knowledge (SNARG) if it is complete and if: • (Succinctness.) The size of a proof that (x,w) ∈ R is bounded by φ (k,|x|,|w|) < poly(k)polylog(|x|) + γ |w| for some 0 < γ < 1 8

  16. SNARGs [BSW12,GGPR13] A proof system is a succinct non-interactive argument of knowledge (SNARG) if it is complete and if: • (Succinctness.) The size of a proof that (x,w) ∈ R is bounded by φ (k,|x|,|w|) < poly(k)polylog(|x|) + γ |w| for some 0 < γ < 1 • We use γ = 1/4 (for unary case) 8

  17. SNARGs [BSW12,GGPR13] A proof system is a succinct non-interactive argument of knowledge (SNARG) if it is complete and if: • (Succinctness.) The size of a proof that (x,w) ∈ R is bounded by φ (k,|x|,|w|) < poly(k)polylog(|x|) + γ |w| for some 0 < γ < 1 • We use γ = 1/4 (for unary case) • The point is, the proof can be smaller than the witness 8

  18. SNARGs [BSW12,GGPR13] A proof system is a succinct non-interactive argument of knowledge (SNARG) if it is complete and if: • (Succinctness.) The size of a proof that (x,w) ∈ R is bounded by φ (k,|x|,|w|) < poly(k)polylog(|x|) + γ |w| for some 0 < γ < 1 • We use γ = 1/4 (for unary case) π ′ π π • The point is, the proof can be smaller than the witness 8

  19. SNARGs [BSW12,GGPR13] A proof system is a succinct non-interactive argument of knowledge (SNARG) if it is complete and if: • (Succinctness.) The size of a proof that (x,w) ∈ R is bounded by φ (k,|x|,|w|) < poly(k)polylog(|x|) + γ |w| for some 0 < γ < 1 • We use γ = 1/4 (for unary case) π ′ π π • The point is, the proof can be smaller than the witness • (Adaptive knowledge extraction.) For every A there exists extractor E A such that, for (x, π ) = A(crs;r), w = E A (crs;r) such that (x,w) ∈ R 8

  20. SNARGs [BSW12,GGPR13] A proof system is a succinct non-interactive argument of knowledge (SNARG) if it is complete and if: • (Succinctness.) The size of a proof that (x,w) ∈ R is bounded by φ (k,|x|,|w|) < poly(k)polylog(|x|) + γ |w| for some 0 < γ < 1 • We use γ = 1/4 (for unary case) π ′ π π • The point is, the proof can be smaller than the witness • (Adaptive knowledge extraction.) For every A there exists extractor E A such that, for (x, π ) = A(crs;r), w = E A (crs;r) such that (x,w) ∈ R Constructions of these do exist [AF07,Groth10,...,BCCT12,GGPR13] 8

  21. t-tiered transformations 9

  22. t-tiered transformations To fit the proof-of-a-proof approach, consider transformations as moving between tiers 9

  23. t-tiered transformations To fit the proof-of-a-proof approach, consider transformations as moving between tiers A relation R is t-tiered if there exists an efficient function tier( ⋅ ) such that for all x ∈ L R , 0 ≤ tier(x) ≤ t 9

  24. t-tiered transformations To fit the proof-of-a-proof approach, consider transformations as moving between tiers A relation R is t-tiered if there exists an efficient function tier( ⋅ ) such that for all x ∈ L R , 0 ≤ tier(x) ≤ t 9

  25. t-tiered transformations To fit the proof-of-a-proof approach, consider transformations as moving between tiers A relation R is t-tiered if there exists an efficient function tier( ⋅ ) such that for all x ∈ L R , 0 ≤ tier(x) ≤ t A class of transformations T is t-tiered if for all T ∈ T , (1) tier(x) < t and x ∈ L R then tier(T(x)) > tier(x) and T(x) ∈ L R , and (2) if tier(x) = t then T(x) = ⊥ 9

  26. t-tiered transformations To fit the proof-of-a-proof approach, consider transformations as moving between tiers A relation R is t-tiered if there exists an efficient function tier( ⋅ ) such that for all x ∈ L R , 0 ≤ tier(x) ≤ t (allowed) A class of transformations T is t-tiered if for all T ∈ T , (1) tier(x) < t and x ∈ L R then tier(T(x)) > tier(x) and T(x) ∈ L R , and (2) if tier(x) = t then T(x) = ⊥ 9

  27. t-tiered transformations To fit the proof-of-a-proof approach, consider transformations as moving between tiers A relation R is t-tiered if there exists an efficient function tier( ⋅ ) such that for all x ∈ L R , 0 ≤ tier(x) ≤ t (allowed) A class of transformations T is t-tiered if for all T ∈ T , (1) tier(x) < t and x ∈ L R then tier(T(x)) > tier(x) and T(x) ∈ L R , and (2) if tier(x) = t then T(x) = ⊥ 9

  28. t-tiered transformations To fit the proof-of-a-proof approach, consider transformations as moving between tiers A relation R is t-tiered if there exists an efficient function tier( ⋅ ) such that for all x ∈ L R , 0 ≤ tier(x) ≤ t (allowed) A class of transformations T is t-tiered if for all T ∈ T , (1) tier(x) < t and x ∈ L R then tier(T(x)) > tier(x) and T(x) ∈ L R , and (2) if tier(x) = t then T(x) = ⊥ 9

  29. t-tiered transformations To fit the proof-of-a-proof approach, consider transformations as moving between tiers A relation R is t-tiered if there exists an efficient function tier( ⋅ ) such that for all x ∈ L R , 0 ≤ tier(x) ≤ t (disallowed) (allowed) A class of transformations T is t-tiered if for all T ∈ T , (1) tier(x) < t and x ∈ L R then tier(T(x)) > tier(x) and T(x) ∈ L R , and (2) if tier(x) = t then T(x) = ⊥ 9

  30. t-tiered transformations To fit the proof-of-a-proof approach, consider transformations as moving between tiers A relation R is t-tiered if there exists an efficient function tier( ⋅ ) such that for all x ∈ L R , 0 ≤ tier(x) ≤ t (disallowed) (allowed) A class of transformations T is t-tiered if for all T ∈ T , (1) tier(x) < t and x ∈ L R then tier(T(x)) > tier(x) and T(x) ∈ L R , and (2) if tier(x) = t then T(x) = ⊥ 9

  31. t-tiered transformations To fit the proof-of-a-proof approach, consider transformations as moving between tiers A relation R is t-tiered if there exists an efficient function tier( ⋅ ) such that for all x ∈ L R , 0 ≤ tier(x) ≤ t (disallowed) (allowed) A class of transformations T is t-tiered if for all T ∈ T , (1) tier(x) < t and x ∈ L R then tier(T(x)) > tier(x) and T(x) ∈ L R , and (2) if tier(x) = t then T(x) = ⊥ 9

  32. t-tiered transformations To fit the proof-of-a-proof approach, consider transformations as moving between tiers A relation R is t-tiered if there exists an efficient function tier( ⋅ ) such that for all x ∈ L R , 0 ≤ tier(x) ≤ t (disallowed) (allowed) A class of transformations T is t-tiered if for all T ∈ T , (1) tier(x) < t and x ∈ L R then tier(T(x)) > tier(x) and T(x) ∈ L R , and (2) if tier(x) = t then T(x) = ⊥ Also can’t compose more than t transformations 9

  33. Outline SNARGs to cm-NIZKs Malleable SNARGs Cryptographic background Definitions Shuffling and decrypting Boosting to full extractability Boosting to CM-SSE Applying the cm-NIZK Conclusions 10

  34. Malleable SNARGs malleable SNARG 11

  35. Malleable SNARGs malleable SNARG Our goal: build malleability into SNARGs [BSW12] 11

  36. Malleable SNARGs malleable SNARG Our goal: build malleability into SNARGs [BSW12] If we use succinct non-interactive arguments of knowledge (SNARGs), a proof of knowledge of π could in fact be the same size! 11

  37. Malleable SNARGs malleable SNARG Our goal: build malleability into SNARGs [BSW12] If we use succinct non-interactive arguments of knowledge (SNARGs), a proof of knowledge of π could in fact be the same size! π 11

  38. Malleable SNARGs malleable SNARG Our goal: build malleability into SNARGs [BSW12] If we use succinct non-interactive arguments of knowledge (SNARGs), a proof of knowledge of π could in fact be the same size! π 11

  39. Malleable SNARGs malleable SNARG Our goal: build malleability into SNARGs [BSW12] If we use succinct non-interactive arguments of knowledge (SNARGs), a proof of knowledge of π could in fact be the same size! π 11

  40. Malleable SNARGs malleable SNARG Our goal: build malleability into SNARGs [BSW12] If we use succinct non-interactive arguments of knowledge (SNARGs), a proof of knowledge of π could in fact be the same size! π ′ π T 11

  41. Malleable SNARGs malleable SNARG Our goal: build malleability into SNARGs [BSW12] If we use succinct non-interactive arguments of knowledge (SNARGs), a proof of knowledge of π could in fact be the same size! π ′ π T 11

  42. Malleable SNARGs malleable SNARG Our goal: build malleability into SNARGs [BSW12] If we use succinct non-interactive arguments of knowledge (SNARGs), a proof of knowledge of π could in fact be the same size! π ′ π T Can continue this process many times (Bob proves knowledge of Alice’s proof π A for x A and an allowable transformation T B to his instance x B , Charlie proves knowledge of Bob’s proof π B for x B and an allowable transformation T C to his instance x C , etc.) 11

  43. Malleable SNARGs malleable SNARG Our goal: build malleability into SNARGs [BSW12] If we use succinct non-interactive arguments of knowledge (SNARGs), a proof of knowledge of π could in fact be the same size! π ′ π T Can continue this process many times (Bob proves knowledge of Alice’s proof π A for x A and an allowable transformation T B to his instance x B , Charlie proves knowledge of Bob’s proof π B for x B and an allowable transformation T C to his instance x C , etc.) 11

  44. Malleable SNARGs malleable SNARG Our goal: build malleability into SNARGs [BSW12] If we use succinct non-interactive arguments of knowledge (SNARGs), a proof of knowledge of π could in fact be the same size! π ′′ π ′ T π T Can continue this process many times (Bob proves knowledge of Alice’s proof π A for x A and an allowable transformation T B to his instance x B , Charlie proves knowledge of Bob’s proof π B for x B and an allowable transformation T C to his instance x C , etc.) 11

  45. Malleable SNARGs malleable SNARG Our goal: build malleability into SNARGs [BSW12] If we use succinct non-interactive arguments of knowledge (SNARGs), a proof of knowledge of π could in fact be the same size! π ′′ π ′ T π T Can continue this process many times (Bob proves knowledge of Alice’s proof π A for x A and an allowable transformation T B to his instance x B , Charlie proves knowledge of Bob’s proof π B for x B and an allowable transformation T C to his instance x C , etc.) 11

  46. Malleable SNARGs malleable SNARG 12

  47. Malleable SNARGs malleable SNARG Intuitively, to form a proof for an instance x, prove you know a fresh witness w such that (x,w) ∈ R, or a proof π , instance x ′ at the next tier down, and an allowable T such that T(x ′ ) = x 12

  48. Malleable SNARGs malleable SNARG Intuitively, to form a proof for an instance x, prove you know a fresh witness w such that (x,w) ∈ R, or a proof π , instance x ′ at the next tier down, and an allowable T such that T(x ′ ) = x π A (x A ): w A 12

  49. Malleable SNARGs malleable SNARG Intuitively, to form a proof for an instance x, prove you know a fresh witness w such that (x,w) ∈ R, or a proof π , instance x ′ at the next tier down, and an allowable T such that T(x ′ ) = x π B (x B ): ( π A ,x A, T B ) π A (x A ): w A 12

  50. Malleable SNARGs malleable SNARG Intuitively, to form a proof for an instance x, prove you know a fresh witness w such that (x,w) ∈ R, or a proof π , instance x ′ at the next tier down, and an allowable T such that T(x ′ ) = x π B (x B ): ( π A ,x A, T B ) tier(x B ) = tier(x A ) + 1 π A (x A ): w A 12

  51. Malleable SNARGs malleable SNARG Intuitively, to form a proof for an instance x, prove you know a fresh witness w such that (x,w) ∈ R, or a proof π , instance x ′ at the next tier down, and an allowable T such that T(x ′ ) = x ( π B ,x B, T C ) π B (x B ): ( π A ,x A, T B ) tier(x B ) = tier(x A ) + 1 π A (x A ): w A 12

  52. Malleable SNARGs malleable SNARG Intuitively, to form a proof for an instance x, prove you know a fresh witness w such that (x,w) ∈ R, or a proof π , instance x ′ at the next tier down, and an allowable T such that T(x ′ ) = x ( π B ,x B, T C ) tier(x C ) = tier(x B ) + 1 π B (x B ): ( π A ,x A, T B ) tier(x B ) = tier(x A ) + 1 π A (x A ): w A 12

  53. Malleable SNARGs malleable SNARG Intuitively, to form a proof for an instance x, prove you know a fresh witness w such that (x,w) ∈ R, or a proof π , instance x ′ at the next tier down, and an allowable T such that T(x ′ ) = x ( π B ,x B, T C ) tier(x C ) = tier(x B ) + 1 π B (x B ): ( π A ,x A, T B ) tier(x B ) = tier(x A ) + 1 π A (x A ): w A Zero knowledge and adaptive knowledge extraction are both preserved*, gain malleability with respect to t-tiered transformations* 12

  54. Malleable SNARGs malleable SNARG Intuitively, to form a proof for an instance x, prove you know a fresh witness w such that (x,w) ∈ R, or a proof π , instance x ′ at the next tier down, and an allowable T such that T(x ′ ) = x ( π B ,x B, T C ) tier(x C ) = tier(x B ) + 1 π B (x B ): ( π A ,x A, T B ) tier(x B ) = tier(x A ) + 1 π A (x A ): w A Zero knowledge and adaptive knowledge extraction are both preserved*, gain malleability with respect to t-tiered transformations* *Since extractor might have to “tunnel down” t must be a constant [BSW12,BCCT13] and we use a stronger notion of extraction (consider non- uniform adversaries) 12

  55. Boosting to full extractability malleable SNARG 13

  56. Boosting to full extractability malleable malleable SNARG NIWIPoK Our goal: get from adaptive knowledge extraction to stronger soundness 13

  57. Boosting to full extractability malleable malleable SNARG NIWIPoK Our goal: get from adaptive knowledge extraction to stronger soundness Rather than even try to reconcile adaptive knowledge extraction with something much stronger like extractability or CM-SSE, just use regular soundness of SNARG 13

  58. Boosting to full extractability malleable malleable SNARG NIWIPoK Our goal: get from adaptive knowledge extraction to stronger soundness Rather than even try to reconcile adaptive knowledge extraction with something much stronger like extractability or CM-SSE, just use regular soundness of SNARG SNARG now just proves knowledge of plaintext such that (x,w) ∈ R 13

  59. Boosting to full extractability malleable malleable SNARG NIWIPoK Our goal: get from adaptive knowledge extraction to stronger soundness Rather than even try to reconcile adaptive knowledge extraction with something much stronger like extractability or CM-SSE, just use regular soundness of SNARG SNARG now just proves knowledge of plaintext such that (x,w) ∈ R malleable SNARG 13

  60. Boosting to full extractability malleable malleable SNARG NIWIPoK Our goal: get from adaptive knowledge extraction to stronger soundness Rather than even try to reconcile adaptive knowledge extraction with something much stronger like extractability or CM-SSE, just use regular soundness of SNARG SNARG now just proves knowledge of plaintext such that (x,w) ∈ R + malleable Enc(w) SNARG 13

  61. Boosting to full extractability malleable malleable SNARG NIWIPoK + malleable Enc(w) SNARG 14

  62. Boosting to full extractability malleable malleable SNARG NIWIPoK Extraction is quite simple: τ e is decryption key, and extractor decrypts, so we never need to use non-black-box SNARG extractor! + malleable Enc(w) SNARG 14

  63. Boosting to full extractability malleable malleable SNARG NIWIPoK Extraction is quite simple: τ e is decryption key, and extractor decrypts, so we never need to use non-black-box SNARG extractor! If we use a fully-homomorphic encryption scheme, can preserve malleability for t-tiered transformations (but we do lose succinctness) + malleable Enc(w) SNARG 14

  64. Boosting to CM-SSE malleable malleable cm-NIZK SNARG NIWIPoK Our goal: preserve malleability with respect to t-tiered transformations Essentially amplify [CKLM12] construction; don’t assume certain transformations (e.g., the identity) are allowable 15

  65. Boosting to CM-SSE malleable malleable cm-NIZK SNARG NIWIPoK Our goal: preserve malleability with respect to t-tiered transformations Essentially amplify [CKLM12] construction; don’t assume certain transformations (e.g., the identity) are allowable + malleable malleable signature SNARG NIWIPoK 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

New Constructions of Statistical NIZKs: Dual-Mode DV-NIZKs and More Benot Libert, Alain

New Constructions of Statistical NIZKs: Dual-Mode DV-NIZKs and More Benot Libert, Alain

New Constructions of Statistical NIZKs: Dual-Mode DV-NIZKs and More Benot Libert, Alain Passelgue, Hoeteck Wee, and David J. Wu May 2020 Non-Interactive Zero-Knowledge (NIZK) [BFM88] accept if NP language 0,1 0,1

678 views • 37 slides
In-memory processing of big data via succinct data structures Rajeev Raman University of

In-memory processing of big data via succinct data structures Rajeev Raman University of

In-memory processing of big data via succinct data structures Rajeev Raman University of Leicester SDP Workshop, University of Cambridge Introduction Succinct Data Structuring Succinct Tries Applications &amp; Libraries End Overview

321 views • 18 slides
CASTER ASSEMBLY SCALE 1 : 1 DRAWN 1/26/2010 swaters A A CHECKED TITLE QA CASTER ASSEMBLY

CASTER ASSEMBLY SCALE 1 : 1 DRAWN 1/26/2010 swaters A A CHECKED TITLE QA CASTER ASSEMBLY

4 3 2 1 PARTS LIST ITEM QTY PART NUMBER MATERIAL 1 1 TOP PLATE MALLEABLE IRON 2 2 AXLE SUPPORT MALLEABLE IRON 3 1 AXLE SAE 1020 4 2 BUSHING BRONZE 5 1 WHEEL MALLEABLE IRON B B CASTER ASSEMBLY SCALE 1 : 1 DRAWN

434 views • 7 slides
Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR

Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR

Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR Cambridge) Anna Lysyanskaya (Brown University) Sarah Meiklejohn (UC San Diego) 1 Non-malleable cryptography Twenty years ago, saw a strong emphasis on

1.6k views • 145 slides
Non-Malleable Codes for Partial Functions with Manipulation Detection Aggelos Kiayias Feng-Hao

Non-Malleable Codes for Partial Functions with Manipulation Detection Aggelos Kiayias Feng-Hao

Non-Malleable Codes for Partial Functions with Manipulation Detection Aggelos Kiayias Feng-Hao Liu Yiannis Tselekounis Edin. &amp; FAU CRYPTO 2018 Outline Introduction to non-malleable codes Adversarial model, motivation Results,

772 views • 55 slides
NIZKs with an untrusted CRS: Security in the face of parameter subversion Mihir Bellare

NIZKs with an untrusted CRS: Security in the face of parameter subversion Mihir Bellare

NIZKs with an untrusted CRS: Security in the face of parameter subversion Mihir Bellare Alessandra Scafuro Georg Fuchsbauer Asiacrypt 2016 Motivation 2013 compromised security not covered by standard model here: parameter

576 views • 43 slides
Computational Approaches for Stochastic Shortest Path on Succinct MDPs Krishnendu Chatterjee 1

Computational Approaches for Stochastic Shortest Path on Succinct MDPs Krishnendu Chatterjee 1

Computational Approaches for Stochastic Shortest Path on Succinct MDPs Krishnendu Chatterjee 1 Hongfei Fu 2 Amir Goharshady 1 Nastaran Okati 3 1 IST Austria 2 Shanghai Jiao Tong University 3 Ferdowsi University of Mashhad IJCAI 2018 Succinct MDPs

350 views • 32 slides
FUNCTIONALLY OBLIVIOUS (AND SUCCINCT) Edward Kmett BUILDING BETTER TOOLS Cache-Oblivious

FUNCTIONALLY OBLIVIOUS (AND SUCCINCT) Edward Kmett BUILDING BETTER TOOLS Cache-Oblivious

FUNCTIONALLY OBLIVIOUS (AND SUCCINCT) Edward Kmett BUILDING BETTER TOOLS Cache-Oblivious Algorithms Succinct Data Structures RAM MODEL Almost everything you do in Haskell assumes this model Good for ADTs, but not a realistic

673 views • 49 slides
Tiramisu : Black-Box Simulation Extractable NIZKs in the Updatable CRS Model Karim Baghery 1,2 and

Tiramisu : Black-Box Simulation Extractable NIZKs in the Updatable CRS Model Karim Baghery 1,2 and

Tiramisu : Black-Box Simulation Extractable NIZKs in the Updatable CRS Model Karim Baghery 1,2 and Mahdi Sedaghat 1 1 imec-COSIC, KU Leuven, Leuven, Belgium 2 University of Tartu, Tartu, Estonia. karim.baghery@kuleuven.be

247 views • 7 slides
PI is not at least as succinct as MODS Nikolay Kaleyski July 7, 2017 Nikolay Kaleyski PI is not

PI is not at least as succinct as MODS Nikolay Kaleyski July 7, 2017 Nikolay Kaleyski PI is not

PI is not at least as succinct as MODS Nikolay Kaleyski July 7, 2017 Nikolay Kaleyski PI is not at least as succinct as MODS Known results in knowledge compilation A Knowledge Compilation Map, Adnan Darwiche &amp; Pierre Marquis (2002)

814 views • 53 slides
Statistical Encoding of Succinct Data Structures alez 1 Gonzalo Navarro 1 Rodrigo Gonz 1

Statistical Encoding of Succinct Data Structures alez 1 Gonzalo Navarro 1 Rodrigo Gonz 1

Outline Statistical Encoding of Succinct Data Structures alez 1 Gonzalo Navarro 1 Rodrigo Gonz 1 Department of Computer Science Universidad de Chile Combinatorial Pattern Matching, 2006 Gonz alez, Navarro Statistical Encoding of Succinct

1.17k views • 80 slides
Spreadsheets: an Introduction to utilized the notion of a malleable matrix to develop the

Spreadsheets: an Introduction to utilized the notion of a malleable matrix to develop the

From word munching to number crunching In 1978 Harvard grad student Dan Bricklin Spreadsheets: an Introduction to utilized the notion of a malleable matrix to develop the first computer spreadsheet program Excel Vastly expanded

185 views • 7 slides
Interstate Medical Licensure Compact Overview Define Need for compact Compacts in

Interstate Medical Licensure Compact Overview Define Need for compact Compacts in

Interstate Medical Licensure Compact Overview Define Need for compact Compacts in Idaho Key Principles of the Compact Eligibility for compact licensure Compact Commission Benefits for Idaho Next Steps What is an

718 views • 24 slides
Application of A Zero-latency Whitening Filter to Compact Binary Coalescence GW Searches Leo

Application of A Zero-latency Whitening Filter to Compact Binary Coalescence GW Searches Leo

Application of A Zero-latency Whitening Filter to Compact Binary Coalescence GW Searches Leo Tsukada RESCEU, Univ. of Tokyo The Third KAGRA International Workshop May 21, 2017 1 /24 THE 3RD KAGRA INTERNATIONAL WORKSHOP This talk is based

462 views • 28 slides
Community Compact Cabinet &amp; Becoming a Compact Community 495/MetroWest Partnership

Community Compact Cabinet &amp; Becoming a Compact Community 495/MetroWest Partnership

Commonwealth of Massachusetts Community Compact Cabinet &amp; Becoming a Compact Community 495/MetroWest Partnership June 8, 2016 1 What is the CCC Created by the Governors first Executive Order (#554), the Community Compact

155 views • 14 slides
A Case for Malleable Thread-Level Linear Algebra Libraries: The LU Factorization with Partial

A Case for Malleable Thread-Level Linear Algebra Libraries: The LU Factorization with Partial

A Case for Malleable Thread-Level Linear Algebra Libraries: The LU Factorization with Partial Pivoting Sandra Cataln, Jose R. Herrero, Enrique S. Quintana-Ort, Rafael Rodrguez-Snchez, Robert van de Geijn BLIS Retreat, 19-20th September

361 views • 25 slides
Splicing TE-LSPs in Inter-AS/ Hierarchical CsC scenarios

Splicing TE-LSPs in Inter-AS/ Hierarchical CsC scenarios

Splicing TE-LSPs in Inter-AS/ Hierarchical CsC scenarios dra;-balaji-mpls-csc-te-lsp-splice-01 Balaji Venkat Venkataswami Bhargav Bhikkaji Sam

171 views • 6 slides
Tiered Indexes Indexing, session 12 CS6200: Information Retrieval Slides by: Jesse Anderton

Tiered Indexes Indexing, session 12 CS6200: Information Retrieval Slides by: Jesse Anderton

Tiered Indexes Indexing, session 12 CS6200: Information Retrieval Slides by: Jesse Anderton Champion Lists Champion Lists Champion Lists are inverted lists for terms which contain only the highest-scoring d1 d2 d3 documents for that term.

108 views • 7 slides
RECSM Summer School: Social Network Analysis Pablo Barber a School of International Relations

RECSM Summer School: Social Network Analysis Pablo Barber a School of International Relations

RECSM Summer School: Social Network Analysis Pablo Barber a School of International Relations University of Southern California pablobarbera.com Networked Democracy Lab www.netdem.org Course website: github.com/pablobarbera/big-data-upf

433 views • 24 slides
The New Agenda: Patient Centered Strategies for the Exam Room Kickoff Webinar March 28, 2016

The New Agenda: Patient Centered Strategies for the Exam Room Kickoff Webinar March 28, 2016

The New Agenda: Patient Centered Strategies for the Exam Room Kickoff Webinar March 28, 2016 Special thanks to our funders: New Agenda Team Jennifer Wright Tammy Fisher CCI, Improvement CCI, Senior Director Advisor - Program Coach

453 views • 23 slides
7/10/2020 Air Quality Task Force Meeting 7/10/2020 Air Quality Task Force Meeting

7/10/2020 Air Quality Task Force Meeting 7/10/2020 Air Quality Task Force Meeting

7/10/2020 Air Quality Task Force Meeting 7/10/2020 Air Quality Task Force Meeting https://www.portofoakland.com/business/bids rfps/bid engineering/permits/ 7/10/2020 Air Quality Task Force Meeting 7/10/2020 Air Quality Task Force Meeting

439 views • 18 slides
Servicing and Loss Mitigation Jennifer Schultz, Esq. Community Legal Services, Inc. 1410 W. Erie

Servicing and Loss Mitigation Jennifer Schultz, Esq. Community Legal Services, Inc. 1410 W. Erie

Servicing and Loss Mitigation Jennifer Schultz, Esq. Community Legal Services, Inc. 1410 W. Erie Ave. Philadelphia, PA 19140 jschultz@clsphila.org What kind of loan do you have? FHA Origination-based (look at loan docs) GSE

467 views • 25 slides
Comparison of AHCAL hadron shower data with simulations Shaojun Lu shaojun.lu@desy.de LCWS10,

Comparison of AHCAL hadron shower data with simulations Shaojun Lu shaojun.lu@desy.de LCWS10,

Comparison of AHCAL hadron shower data with simulations Shaojun Lu shaojun.lu@desy.de LCWS10, Beijing, 26-30 March 2010 Outline Test beam prototype The power of imaging calorimeter Validation with em showers Comparison

584 views • 19 slides
Plane partitions with two-periodic weights Sevak Mkrtchyan University of Rochester GGI June 15,

Plane partitions with two-periodic weights Sevak Mkrtchyan University of Rochester GGI June 15,

The model Homogeneous weights Inhomogeneous weights Other regimes Plane partitions with two-periodic weights Sevak Mkrtchyan University of Rochester GGI June 15, 2015 The model Homogeneous weights Plane partitions Inhomogeneous weights

716 views • 49 slides

More recommend