towards standardization of threshold schemes for
play

Towards Standardization of Threshold Schemes for Cryptographic - PowerPoint PPT Presentation

Mar 08, 2023 •274 likes •2.04k views

Towards Standardization of Threshold Schemes for Cryptographic Primitives at NIST Lu s Brand ao Joint work with: Apostol Vassilev, Nicky Mouha, Michael Davidson The red dancing devil is from clker.com/clipart-13643.html National

  1. 1. Introduction The threshold approach At high-level: The intuitive aim: use redundancy & diversity to mitigate improve security the compromise of up to a threshold vs. number ( f -out-of- n ) of components a non-threshold scheme The red dancing devil is from clker.com/clipart-13643.html NIST-CSD wants to standardize threshold schemes for cryptographic primitives Potential primitives: signing, decryption, enciphering, key-generation, ... Some properties: ◮ withstands several compromised components; ◮ needs several uncompromised components; ◮ prevents secret keys from being in one place; ◮ enhances resistance against side-channel attacks; ... 6/30

  2. 1. Introduction Secret Sharing Schemes (a starting point) Split a secret key into n secret “shares” for storage at rest. 7/30

  3. 1. Introduction Secret Sharing Schemes (a starting point) Split a secret key into n secret “shares” for storage at rest. y Shamir scheme (1979) [Sha79] y s Example 2 -out-of- n secret sharing ◮ The secret y s is placed in the y -axis; x 0 7/30

  4. 1. Introduction Secret Sharing Schemes (a starting point) Split a secret key into n secret “shares” for storage at rest. y Shamir scheme (1979) [Sha79] y s Example 2 -out-of- n secret sharing Λ( x ) ◮ The secret y s is placed in the y -axis; ◮ A random line Λ is drawn crossing the secret; x 0 7/30

  5. 1. Introduction Secret Sharing Schemes (a starting point) Split a secret key into n secret “shares” for storage at rest. y Shamir scheme (1979) [Sha79] y s Example 2 -out-of- n secret sharing Alice y A Λ( x ) ◮ The secret y s is placed in the y -axis; y B Bob ◮ A random line Λ is drawn crossing the secret; y C Cai ◮ Each share is a point (Λ( i ) , i ) in the line Λ ; x 0 1 2 3 7/30

  6. 1. Introduction Secret Sharing Schemes (a starting point) Split a secret key into n secret “shares” for storage at rest. y Shamir scheme (1979) [Sha79] Example 2 -out-of- n secret sharing ◮ The secret y s is placed in the y -axis; y B Bob ◮ A random line Λ is drawn crossing the secret; ◮ Each share is a point (Λ( i ) , i ) in the line Λ ; x 0 2 Each share alone has no information about the secret. 7/30

  7. 1. Introduction Secret Sharing Schemes (a starting point) Split a secret key into n secret “shares” for storage at rest. y Shamir scheme (1979) [Sha79] y s Example 2 -out-of- n secret sharing Alice y A Λ( x ) ◮ The secret y s is placed in the y -axis; y B Bob ◮ A random line Λ is drawn crossing the secret; y C Cai ◮ Each share is a point (Λ( i ) , i ) in the line Λ ; x 0 1 2 3 Each share alone has no information about the secret. Any pair of shares allows recovering the secret 7/30

  8. 1. Introduction Secret Sharing Schemes (a starting point) Split a secret key into n secret “shares” for storage at rest. y Shamir scheme (1979) [Sha79] y s Example 2 -out-of- n secret sharing Alice y A Humanoid cliparts: Λ( x ) ◮ The secret y s is placed in the y -axis; clker.com/clipart-*.html Alice: *=2478 y B Bob Bob: *=2482 ◮ A random line Λ is drawn crossing the secret; Cai: *=2479 y C Cai ◮ Each share is a point (Λ( i ) , i ) in the line Λ ; x 0 1 2 3 Each share alone has no information about the secret. Any pair of shares allows recovering the secret But how to avoid recombining the key when the key is needed by an algorithm? 7/30

  9. 1. Introduction Secret Sharing Schemes (a starting point) Split a secret key into n secret “shares” for storage at rest. y Shamir scheme (1979) [Sha79] y s Example 2 -out-of- n secret sharing Alice y A Humanoid cliparts: Λ( x ) ◮ The secret y s is placed in the y -axis; clker.com/clipart-*.html Alice: *=2478 y B Bob Bob: *=2482 ◮ A random line Λ is drawn crossing the secret; Cai: *=2479 y C Cai ◮ Each share is a point (Λ( i ) , i ) in the line Λ ; x 0 1 2 3 Each share alone has no information about the secret. Any pair of shares allows recovering the secret But how to avoid recombining the key when the key is needed by an algorithm? Use threshold schemes for cryptographic primitives (next) 7/30

  10. 1. Introduction Goal(s) for this presentation Overview the NIST effort towards standardization of threshold schemes clker.com/clipart-purple-mountain.html 8/30

  11. 1. Introduction Goal(s) for this presentation Overview the NIST effort towards standardization of threshold schemes 1. Convey high-dimensionality of the threshold space clker.com/clipart-purple-mountain.html 8/30

  12. 1. Introduction Goal(s) for this presentation Overview the NIST effort towards standardization of threshold schemes 1. Convey high-dimensionality of the threshold space 2. Describe the steps so far and ahead clker.com/clipart-purple-mountain.html 8/30

  13. 1. Introduction Goal(s) for this presentation Overview the NIST effort towards standardization of threshold schemes 1. Convey high-dimensionality of the threshold space 2. Describe the steps so far and ahead 3. Motivate feedback and engagement from stakeholders clker.com/clipart-purple-mountain.html 8/30

  14. 2. Preliminaries Outline 1. Introduction 2. Preliminaries 3. Step 1: NISTIR 4. Step 2: NTCW 5. Step 3: preliminary roadmap 6. Final remarks 9/30

  15. 2. Preliminaries A simple example: RSA signature (or decryption) [RSA78] 10/30

  16. 2. Preliminaries A simple example: RSA signature (or decryption) [RSA78] A 3-out-of-3 threshold scheme ( k = n = 3 ) Conventional scheme ( k = n = 1 ) 10/30

  17. 2. Preliminaries A simple example: RSA signature (or decryption) [RSA78] A 3-out-of-3 threshold scheme ( k = n = 3 ) Conventional scheme ( k = n = 1 ) ◮ KeyGen ◮ KeyGen ◮ Sign ◮ Sign ◮ Verify ◮ Verify 10/30

  18. 2. Preliminaries A simple example: RSA signature (or decryption) [RSA78] A 3-out-of-3 threshold scheme ( k = n = 3 ) Conventional scheme ( k = n = 1 ) ◮ KeyGen ◮ KeyGen ◮ Public Modulus: N = p · q ◮ Secret SignKey: d ◮ Public VerKey: e (= d − 1 ( mod φ ) ) ◮ Sign ◮ Sign ( m ) : σ = m d ( mod N ) ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) ◮ Verify 10/30

  19. 2. Preliminaries A simple example: RSA signature (or decryption) [RSA78] A 3-out-of-3 threshold scheme ( k = n = 3 ) Conventional scheme ( k = n = 1 ) ◮ KeyGen (by dealer): ◮ KeyGen (by signer): ◮ Same N , d , e ◮ Public Modulus: N = p · q ◮ SubKeys: d 1 , d 2 , d 3 : d 1 + d 2 + d 3 = d ( mod φ ) ◮ Secret SignKey: d ◮ Sign ◮ Public VerKey: e (= d − 1 ( mod φ ) ) ◮ Sign ( m ) : σ = m d ( mod N ) ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) ◮ Verify 10/30

  20. 2. Preliminaries A simple example: RSA signature (or decryption) [RSA78] Conventional scheme ( k = n = 1 ) A 3-out-of-3 threshold scheme ( k = n = 3 ) ◮ KeyGen (by dealer): ◮ KeyGen (by signer): ◮ Same N , d , e ◮ Public Modulus: N = p · q ◮ SubKeys: d 1 , d 2 , d 3 : d 1 + d 2 + d 3 = d ( mod φ ) ◮ Secret SignKey: d ◮ Public VerKey: e (= d − 1 ( mod φ ) ) ◮ Sign ( m ) : { separate: s i = m d i ( mod N ) : i = 1 , 2 , 3 ◮ Sign ( m ) : σ = m d ( mod N ) combine: σ = s 1 · s 2 · s 3 ( mod N ) } ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) ◮ Verify 10/30

  21. 2. Preliminaries A simple example: RSA signature (or decryption) [RSA78] A 3-out-of-3 threshold scheme ( k = n = 3 ) Conventional scheme ( k = n = 1 ) ◮ KeyGen (by dealer): ◮ KeyGen (by signer): ◮ Same N , d , e ◮ Public Modulus: N = p · q ◮ SubKeys: d 1 , d 2 , d 3 : d 1 + d 2 + d 3 = d ( mod φ ) ◮ Secret SignKey: d ◮ Public VerKey: e (= d − 1 ( mod φ ) ) ◮ Sign ( m ) : { separate: s i = m d i ( mod N ) : i = 1 , 2 , 3 ◮ Sign ( m ) : σ = m d ( mod N ) combine: σ = s 1 · s 2 · s 3 ( mod N ) } ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) 10/30

  22. 2. Preliminaries A simple example: RSA signature (or decryption) [RSA78] A 3-out-of-3 threshold scheme ( k = n = 3 ) Conventional scheme ( k = n = 1 ) ◮ KeyGen (by dealer): ◮ KeyGen (by signer): ◮ Same N , d , e ◮ Public Modulus: N = p · q ◮ SubKeys: d 1 , d 2 , d 3 : d 1 + d 2 + d 3 = d ( mod φ ) ◮ Secret SignKey: d ◮ Public VerKey: e (= d − 1 ( mod φ ) ) ◮ Sign ( m ) : { separate: s i = m d i ( mod N ) : i = 1 , 2 , 3 ◮ Sign ( m ) : σ = m d ( mod N ) combine: σ = s 1 · s 2 · s 3 ( mod N ) } ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) About this threshold scheme: SignKey d not recombined; 10/30

  23. 2. Preliminaries A simple example: RSA signature (or decryption) [RSA78] A 3-out-of-3 threshold scheme ( k = n = 3 ) Conventional scheme ( k = n = 1 ) ◮ KeyGen (by dealer): ◮ KeyGen (by signer): ◮ Same N , d , e ◮ Public Modulus: N = p · q ◮ SubKeys: d 1 , d 2 , d 3 : d 1 + d 2 + d 3 = d ( mod φ ) ◮ Secret SignKey: d ◮ Public VerKey: e (= d − 1 ( mod φ ) ) ◮ Sign ( m ) : { separate: s i = m d i ( mod N ) : i = 1 , 2 , 3 ◮ Sign ( m ) : σ = m d ( mod N ) combine: σ = s 1 · s 2 · s 3 ( mod N ) } ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) About this threshold scheme: SignKey d not recombined; can reshare d leaving e fixed; 10/30

  24. 2. Preliminaries A simple example: RSA signature (or decryption) [RSA78] A 3-out-of-3 threshold scheme ( k = n = 3 ) Conventional scheme ( k = n = 1 ) ◮ KeyGen (by dealer): ◮ KeyGen (by signer): ◮ Same N , d , e ◮ Public Modulus: N = p · q ◮ SubKeys: d 1 , d 2 , d 3 : d 1 + d 2 + d 3 = d ( mod φ ) ◮ Secret SignKey: d ◮ Public VerKey: e (= d − 1 ( mod φ ) ) ◮ Sign ( m ) : { separate: s i = m d i ( mod N ) : i = 1 , 2 , 3 ◮ Sign ( m ) : σ = m d ( mod N ) combine: σ = s 1 · s 2 · s 3 ( mod N ) } ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) About this threshold scheme: SignKey d not recombined; can reshare d leaving e fixed; same σ ; 10/30

  25. 2. Preliminaries A simple example: RSA signature (or decryption) [RSA78] A 3-out-of-3 threshold scheme ( k = n = 3 ) Conventional scheme ( k = n = 1 ) ◮ KeyGen (by dealer): ◮ KeyGen (by signer): ◮ Same N , d , e ◮ Public Modulus: N = p · q ◮ SubKeys: d 1 , d 2 , d 3 : d 1 + d 2 + d 3 = d ( mod φ ) ◮ Secret SignKey: d ◮ Public VerKey: e (= d − 1 ( mod φ ) ) ◮ Sign ( m ) : { separate: s i = m d i ( mod N ) : i = 1 , 2 , 3 ◮ Sign ( m ) : σ = m d ( mod N ) combine: σ = s 1 · s 2 · s 3 ( mod N ) } ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) About this threshold scheme: SignKey d not recombined; can reshare d leaving e fixed; same σ ; efficient! 10/30

  26. 2. Preliminaries A simple example: RSA signature (or decryption) [RSA78] A 3-out-of-3 threshold scheme ( k = n = 3 ) Conventional scheme ( k = n = 1 ) ◮ KeyGen (by dealer): ◮ KeyGen (by signer): ◮ Same N , d , e ◮ Public Modulus: N = p · q ◮ SubKeys: d 1 , d 2 , d 3 : d 1 + d 2 + d 3 = d ( mod φ ) ◮ Secret SignKey: d ◮ Public VerKey: e (= d − 1 ( mod φ ) ) ◮ Sign ( m ) : { separate: s i = m d i ( mod N ) : i = 1 , 2 , 3 ◮ Sign ( m ) : σ = m d ( mod N ) combine: σ = s 1 · s 2 · s 3 ( mod N ) } ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) About this threshold scheme: SignKey d not recombined; can reshare d leaving e fixed; same σ ; efficient! Facilitating setting: ∃ dealer; 10/30

  27. 2. Preliminaries A simple example: RSA signature (or decryption) [RSA78] A 3-out-of-3 threshold scheme ( k = n = 3 ) Conventional scheme ( k = n = 1 ) ◮ KeyGen (by dealer): ◮ KeyGen (by signer): ◮ Same N , d , e ◮ Public Modulus: N = p · q ◮ SubKeys: d 1 , d 2 , d 3 : d 1 + d 2 + d 3 = d ( mod φ ) ◮ Secret SignKey: d ◮ Public VerKey: e (= d − 1 ( mod φ ) ) ◮ Sign ( m ) : { separate: s i = m d i ( mod N ) : i = 1 , 2 , 3 ◮ Sign ( m ) : σ = m d ( mod N ) combine: σ = s 1 · s 2 · s 3 ( mod N ) } ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) About this threshold scheme: SignKey d not recombined; can reshare d leaving e fixed; same σ ; efficient! Facilitating setting: ∃ dealer; ∃ homomorphism; 10/30

  28. 2. Preliminaries A simple example: RSA signature (or decryption) [RSA78] A 3-out-of-3 threshold scheme ( k = n = 3 ) Conventional scheme ( k = n = 1 ) ◮ KeyGen (by dealer): ◮ KeyGen (by signer): ◮ Same N , d , e ◮ Public Modulus: N = p · q ◮ SubKeys: d 1 , d 2 , d 3 : d 1 + d 2 + d 3 = d ( mod φ ) ◮ Secret SignKey: d ◮ Public VerKey: e (= d − 1 ( mod φ ) ) ◮ Sign ( m ) : { separate: s i = m d i ( mod N ) : i = 1 , 2 , 3 ◮ Sign ( m ) : σ = m d ( mod N ) combine: σ = s 1 · s 2 · s 3 ( mod N ) } ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) About this threshold scheme: SignKey d not recombined; can reshare d leaving e fixed; same σ ; efficient! Facilitating setting: ∃ dealer; ∃ homomorphism; all parties learn m . 10/30

  29. 2. Preliminaries A simple example: RSA signature (or decryption) [RSA78] A 3-out-of-3 threshold scheme ( k = n = 3 ) Conventional scheme ( k = n = 1 ) ◮ KeyGen (by dealer): ◮ KeyGen (by signer): ◮ Same N , d , e ◮ Public Modulus: N = p · q ◮ SubKeys: d 1 , d 2 , d 3 : d 1 + d 2 + d 3 = d ( mod φ ) ◮ Secret SignKey: d ◮ Public VerKey: e (= d − 1 ( mod φ ) ) ◮ Sign ( m ) : { separate: s i = m d i ( mod N ) : i = 1 , 2 , 3 ◮ Sign ( m ) : σ = m d ( mod N ) combine: σ = s 1 · s 2 · s 3 ( mod N ) } ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) About this threshold scheme: SignKey d not recombined; can reshare d leaving e fixed; same σ ; efficient! Facilitating setting: ∃ dealer; ∃ homomorphism; all parties learn m . Not fault-tolerant: a single sub-signer can boycott a correct signing. 10/30

  30. 2. Preliminaries A simple example: RSA signature (or decryption) [RSA78] A 3-out-of-3 threshold scheme ( k = n = 3 ) Conventional scheme ( k = n = 1 ) ◮ KeyGen (by dealer): ◮ KeyGen (by signer): ◮ Same N , d , e ◮ Public Modulus: N = p · q ◮ SubKeys: d 1 , d 2 , d 3 : d 1 + d 2 + d 3 = d ( mod φ ) ◮ Secret SignKey: d ◮ Public VerKey: e (= d − 1 ( mod φ ) ) ◮ Sign ( m ) : { separate: s i = m d i ( mod N ) : i = 1 , 2 , 3 ◮ Sign ( m ) : σ = m d ( mod N ) combine: σ = s 1 · s 2 · s 3 ( mod N ) } ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) About this threshold scheme: SignKey d not recombined; can reshare d leaving e fixed; same σ ; efficient! Facilitating setting: ∃ dealer; ∃ homomorphism; all parties learn m . Not fault-tolerant: a single sub-signer can boycott a correct signing. Can other threshold schemes be implemented: ? 10/30

  31. 2. Preliminaries A simple example: RSA signature (or decryption) [RSA78] A 3-out-of-3 threshold scheme ( k = n = 3 ) Conventional scheme ( k = n = 1 ) ◮ KeyGen (by dealer): ◮ KeyGen (by signer): ◮ Same N , d , e ◮ Public Modulus: N = p · q ◮ SubKeys: d 1 , d 2 , d 3 : d 1 + d 2 + d 3 = d ( mod φ ) ◮ Secret SignKey: d ◮ Public VerKey: e (= d − 1 ( mod φ ) ) ◮ Sign ( m ) : { separate: s i = m d i ( mod N ) : i = 1 , 2 , 3 ◮ Sign ( m ) : σ = m d ( mod N ) combine: σ = s 1 · s 2 · s 3 ( mod N ) } ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) About this threshold scheme: SignKey d not recombined; can reshare d leaving e fixed; same σ ; efficient! Facilitating setting: ∃ dealer; ∃ homomorphism; all parties learn m . Not fault-tolerant: a single sub-signer can boycott a correct signing. Can other threshold schemes be implemented: ∄ dealer, ∄ homomorphisms, secret-shared m , withstanding f malicious signers ? 10/30

  32. 2. Preliminaries A simple example: RSA signature (or decryption) [RSA78] A 3-out-of-3 threshold scheme ( k = n = 3 ) Conventional scheme ( k = n = 1 ) ◮ KeyGen (by dealer): ◮ KeyGen (by signer): ◮ Same N , d , e ◮ Public Modulus: N = p · q ◮ SubKeys: d 1 , d 2 , d 3 : d 1 + d 2 + d 3 = d ( mod φ ) ◮ Secret SignKey: d ◮ Public VerKey: e (= d − 1 ( mod φ ) ) ◮ Sign ( m ) : { separate: s i = m d i ( mod N ) : i = 1 , 2 , 3 ◮ Sign ( m ) : σ = m d ( mod N ) combine: σ = s 1 · s 2 · s 3 ( mod N ) } ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) About this threshold scheme: SignKey d not recombined; can reshare d leaving e fixed; same σ ; efficient! Facilitating setting: ∃ dealer; ∃ homomorphism; all parties learn m . Not fault-tolerant: a single sub-signer can boycott a correct signing. Can other threshold schemes be implemented: ∄ dealer, ∄ homomorphisms, secret-shared m , withstanding f malicious signers ? Yes , using threshold cryptography 10/30

  33. 2. Preliminaries A simple example: RSA signature (or decryption) [RSA78] A 3-out-of-3 threshold scheme ( k = n = 3 ) Conventional scheme ( k = n = 1 ) ◮ KeyGen (by dealer): ◮ KeyGen (by signer): ◮ Same N , d , e ◮ Public Modulus: N = p · q ◮ SubKeys: d 1 , d 2 , d 3 : d 1 + d 2 + d 3 = d ( mod φ ) ◮ Secret SignKey: d ◮ Public VerKey: e (= d − 1 ( mod φ ) ) ◮ Sign ( m ) : { separate: s i = m d i ( mod N ) : i = 1 , 2 , 3 ◮ Sign ( m ) : σ = m d ( mod N ) combine: σ = s 1 · s 2 · s 3 ( mod N ) } ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) ◮ Verify ( σ, m ) : σ e = ? m ( mod N ) About this threshold scheme: SignKey d not recombined; can reshare d leaving e fixed; same σ ; efficient! Facilitating setting: ∃ dealer; ∃ homomorphism; all parties learn m . Not fault-tolerant: a single sub-signer can boycott a correct signing. Can other threshold schemes be implemented: ∄ dealer, ∄ homomorphisms, secret-shared m , withstanding f malicious signers ? Yes , using threshold cryptography (with more complicated schemes) 10/30

  34. 2. Preliminaries What do thresholds k and f mean? 11/30

  35. 2. Preliminaries What do thresholds k and f mean? 3-out-of-3 decryption: ◮ Availability: 3 nodes needed to decrypt ◮ Key secrecy: okay while 1 share is secret clker.com/clipart-encryption.html 11/30

  36. 2. Preliminaries What do thresholds k and f mean? 3-out-of-3 decryption: ◮ Availability: 3 nodes needed to decrypt ( k = 3 , f = 0 ) ◮ Key secrecy: okay while 1 share is secret clker.com/clipart-encryption.html 11/30

  37. 2. Preliminaries What do thresholds k and f mean? 3-out-of-3 decryption: ◮ Availability: 3 nodes needed to decrypt ( k = 3 , f = 0 ) ◮ Key secrecy: okay while 1 share is secret ( k = 1 , f = 2 ) clker.com/clipart-encryption.html 11/30

  38. 2. Preliminaries What do thresholds k and f mean? 3-out-of-3 decryption: ◮ Availability: 3 nodes needed to decrypt ( k = 3 , f = 0 ) ◮ Key secrecy: okay while 1 share is secret ( k = 1 , f = 2 ) clker.com/clipart-encryption.html (Each security property has its own k and f ) 11/30

  39. 2. Preliminaries What do thresholds k and f mean? 3-out-of-3 decryption: ◮ Availability: 3 nodes needed to decrypt ( k = 3 , f = 0 ) ◮ Key secrecy: okay while 1 share is secret ( k = 1 , f = 2 ) clker.com/clipart-encryption.html (Each security property has its own k and f ) 2-out-of-3 signature: ◮ Availability: 2 nodes needed to sign ◮ Key secrecy: okay while 2 shares are secret clker.com/clipart-3712.html 11/30

  40. 2. Preliminaries What do thresholds k and f mean? 3-out-of-3 decryption: ◮ Availability: 3 nodes needed to decrypt ( k = 3 , f = 0 ) ◮ Key secrecy: okay while 1 share is secret ( k = 1 , f = 2 ) clker.com/clipart-encryption.html (Each security property has its own k and f ) 2-out-of-3 signature: ◮ Availability: 2 nodes needed to sign ( k = 2 , f = 1 ) ◮ Key secrecy: okay while 2 shares are secret clker.com/clipart-3712.html 11/30

  41. 2. Preliminaries What do thresholds k and f mean? 3-out-of-3 decryption: ◮ Availability: 3 nodes needed to decrypt ( k = 3 , f = 0 ) ◮ Key secrecy: okay while 1 share is secret ( k = 1 , f = 2 ) clker.com/clipart-encryption.html (Each security property has its own k and f ) 2-out-of-3 signature: ◮ Availability: 2 nodes needed to sign ( k = 2 , f = 1 ) ◮ Key secrecy: okay while 2 shares are secret ( k = 2 , f = 1 ) clker.com/clipart-3712.html 11/30

  42. 2. Preliminaries What do thresholds k and f mean? 3-out-of-3 decryption: ◮ Availability: 3 nodes needed to decrypt ( k = 3 , f = 0 ) ◮ Key secrecy: okay while 1 share is secret ( k = 1 , f = 2 ) clker.com/clipart-encryption.html (Each security property has its own k and f ) 2-out-of-3 signature: ◮ Availability: 2 nodes needed to sign ( k = 2 , f = 1 ) ◮ Key secrecy: okay while 2 shares are secret ( k = 2 , f = 1 ) clker.com/clipart-3712.html But does any of these schemes improve security? (compared with a non-threshold scheme ( n = k = 1 , f = 0 )) 11/30

  43. 2. Preliminaries What do thresholds k and f mean? 3-out-of-3 decryption: ◮ Availability: 3 nodes needed to decrypt ( k = 3 , f = 0 ) ◮ Key secrecy: okay while 1 share is secret ( k = 1 , f = 2 ) clker.com/clipart-encryption.html (Each security property has its own k and f ) 2-out-of-3 signature: ◮ Availability: 2 nodes needed to sign ( k = 2 , f = 1 ) ◮ Key secrecy: okay while 2 shares are secret ( k = 2 , f = 1 ) clker.com/clipart-3712.html But does any of these schemes improve security? (compared with a non-threshold scheme ( n = k = 1 , f = 0 )) It depends: “ k -out-of- n ” or “ f -out-of- n ” is not a sufficient characterization for a comprehensive security assertion 11/30

  44. 2. Preliminaries What do thresholds k and f mean? 3-out-of-3 decryption: ◮ Availability: 3 nodes needed to decrypt ( k = 3 , f = 0 ) ◮ Key secrecy: okay while 1 share is secret ( k = 1 , f = 2 ) clker.com/clipart-encryption.html (Each security property has its own k and f ) 2-out-of-3 signature: ◮ Availability: 2 nodes needed to sign ( k = 2 , f = 1 ) ◮ Key secrecy: okay while 2 shares are secret ( k = 2 , f = 1 ) clker.com/clipart-3712.html But does any of these schemes improve security? (compared with a non-threshold scheme ( n = k = 1 , f = 0 )) It depends: “ k -out-of- n ” or “ f -out-of- n ” is not a sufficient characterization for a comprehensive security assertion Depends on attack model (e.g., attack surface, ...), system model (e.g., rejuvenations, ...), ... 11/30

  45. 3. Step 1: NISTIR Outline 1. Introduction 2. Preliminaries 3. Step 1: NISTIR 4. Step 2: NTCW 5. Step 3: preliminary roadmap 6. Final remarks 12/30

  46. 3. Step 1: NISTIR NIST Internal Report (NISTIR) 8214 13/30

  47. 3. Step 1: NISTIR NIST Internal Report (NISTIR) 8214 Threshold Schemes for Cryptographic Primitives — Challenges and Opportunities in Standardization and Validation of Threshold Cryptography. [BMV18] doi:10.6028/NIST.IR.8214 NISTIR 8214 Threshold Schemes for Cryptographic Primitives Challenges and Opportunities in Standardization and Validation of Threshold Cryptography Luís T. A. N. Brandão Nicky Mouha Apostol Vassilev This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8214 https://csrc.nist.gov/publications/detail/nistir/8214/final 13/30

  48. 3. Step 1: NISTIR NIST Internal Report (NISTIR) 8214 Threshold Schemes for Cryptographic Primitives — Challenges and Opportunities in Standardization and Validation of Threshold Cryptography. [BMV18] doi:10.6028/NIST.IR.8214 The report sets a basis for discussion: ◮ need to characterize threshold schemes NISTIR 8214 Threshold Schemes for Cryptographic Primitives Challenges and Opportunities in Standardization and Validation of Threshold Cryptography Luís T. A. N. Brandão ◮ need to engage with stakeholders Nicky Mouha Apostol Vassilev This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8214 ◮ need to define criteria for standardization Image adapted from: openclipart.org/detail/283392 https://csrc.nist.gov/publications/detail/nistir/8214/final 13/30

  49. 3. Step 1: NISTIR NIST Internal Report (NISTIR) 8214 Threshold Schemes for Cryptographic Primitives — Challenges and Opportunities in Standardization and Validation of Threshold Cryptography. [BMV18] doi:10.6028/NIST.IR.8214 The report sets a basis for discussion: ◮ need to characterize threshold schemes NISTIR 8214 Threshold Schemes for Cryptographic Primitives Challenges and Opportunities in Standardization and Validation of Threshold Cryptography Luís T. A. N. Brandão ◮ need to engage with stakeholders Nicky Mouha Apostol Vassilev This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8214 ◮ need to define criteria for standardization Image adapted from: openclipart.org/detail/283392 Past timeline: ◮ 2018-July: Draft online 3 months for public comments ◮ 2018-October: Received comments from 13 external sources ◮ 2019-March: Final version online, along with “diff” and received comments https://csrc.nist.gov/publications/detail/nistir/8214/final 13/30

  50. 3. Step 1: NISTIR Characterizing threshold schemes 14/30

  51. 3. Step 1: NISTIR Characterizing threshold schemes To reflect on a threshold scheme, start by characterizing 4 main features : • Kinds of threshold • Communication interfaces • Executing platform • Setup and maintenance The cliparts are from openclipart.org/detail/ ∗ , with ∗ ∈ { 71491 , 190624 , 101407 , 161401 , 161389 } 14/30

  52. 3. Step 1: NISTIR Characterizing threshold schemes To reflect on a threshold scheme, start by characterizing 4 main features : • Kinds of threshold • Communication interfaces • Executing platform • Setup and maintenance The cliparts are from openclipart.org/detail/ ∗ , with ∗ ∈ { 71491 , 190624 , 101407 , 161401 , 161389 } Each feature spans distinct options that affect security in different ways. 14/30

  53. 3. Step 1: NISTIR Characterizing threshold schemes To reflect on a threshold scheme, start by characterizing 4 main features : • Kinds of threshold • Communication interfaces • Executing platform • Setup and maintenance The cliparts are from openclipart.org/detail/ ∗ , with ∗ ∈ { 71491 , 190624 , 101407 , 161401 , 161389 } Each feature spans distinct options that affect security in different ways. A characterization provides a better context for security assertions. 14/30

  54. 3. Step 1: NISTIR Characterizing threshold schemes To reflect on a threshold scheme, start by characterizing 4 main features : • Kinds of threshold • Communication interfaces • Executing platform • Setup and maintenance The cliparts are from openclipart.org/detail/ ∗ , with ∗ ∈ { 71491 , 190624 , 101407 , 161401 , 161389 } Each feature spans distinct options that affect security in different ways. A characterization provides a better context for security assertions. But there are other factors ... 14/30

  55. 3. Step 1: NISTIR Deployment context 15/30

  56. 3. Step 1: NISTIR Deployment context ◮ Application context. Should it affect security requirements? 15/30

  57. 3. Step 1: NISTIR Deployment context ◮ Application context. Should it affect security requirements? ◮ signature correctness — may be deferred to client ◮ decryption correctness — may require robust protocol clker.com/clipart-3712.html clker.com/clipart-encryption.html 15/30

  58. 3. Step 1: NISTIR Deployment context ◮ Application context. Should it affect security requirements? ◮ signature correctness — may be deferred to client ◮ decryption correctness — may require robust protocol clker.com/clipart-3712.html clker.com/clipart-encryption.html ◮ Conceivable attack types. clker.com/clipart-10778 ◮ Active vs. passive ◮ Invasive (physical) vs. non-invasive ◮ Side-channel vs. communication interfaces ◮ Static vs. adaptive ◮ Parallel vs. sequential (wrt attacking nodes) ◮ Stealth vs. detected 15/30

  59. 3. Step 1: NISTIR Deployment context ◮ Application context. Should it affect security requirements? ◮ signature correctness — may be deferred to client ◮ decryption correctness — may require robust protocol clker.com/clipart-3712.html clker.com/clipart-encryption.html ◮ Conceivable attack types. clker.com/clipart-10778 ◮ Active vs. passive ◮ Invasive (physical) vs. non-invasive ◮ Side-channel vs. communication interfaces ◮ Static vs. adaptive ◮ Parallel vs. sequential (wrt attacking nodes) ◮ Stealth vs. detected A threshold scheme improving security against an attack in an application may be powerless or degrade security for another attack in another application 15/30

  60. 3. Step 1: NISTIR The validation challenge 16/30

  61. 3. Step 1: NISTIR The validation challenge Devise standards of testable and validatable threshold schemes vs. devise testing and validation for standardized threshold schemes 16/30

  62. 3. Step 1: NISTIR The validation challenge Devise standards of testable and validatable threshold schemes vs. devise testing and validation for standardized threshold schemes Validation is needed in the federal context: ◮ need to use validated implementations [tC96] of standardized algorithms ◮ FIPS 140-2/3 defines, for cryptographic modules, 4 security levels: subsets of applicable security assertions [NIS01] (FIPS = Federal Information Processing Standards) 16/30

  63. 4. Step 2: NTCW Outline 1. Introduction 2. Preliminaries 3. Step 1: NISTIR 4. Step 2: NTCW 5. Step 3: preliminary roadmap 6. Final remarks 17/30

  64. ffi 4. Step 2: NTCW #NTCW2019 NIST Threshold Cryptography Workshop 2019 https://csrc.nist.gov/Events/2019/NTCW19 18/30

  65. ffi 4. Step 2: NTCW #NTCW2019 NIST Threshold Cryptography Workshop 2019 March 11–12, 2019 @ NIST Gaithersburg MD, USA www.nist.gov/image/surfgaithersburgjpg https://csrc.nist.gov/Events/2019/NTCW19 18/30

  66. 4. Step 2: NTCW #NTCW2019 NIST Threshold Cryptography Workshop 2019 Coutries (of a ffi liation) registered to the NIST Threshold Cryptography Workshop March 11–12, 2019 @ Canada 1% China 1% NIST Gaithersburg MD, USA Denmark 2% Belgium 9% Estonia 4% France 4% Israel 1% Italy 1% Switzerland 2% United States 75% NIST Gaithersburg www.nist.gov/image/surfgaithersburgjpg March 11-12, 2019 About 80 attendees https://csrc.nist.gov/Events/2019/NTCW19 18/30

  67. 4. Step 2: NTCW #NTCW2019 NIST Threshold Cryptography Workshop 2019 Coutries (of a ffi liation) registered to the NIST Threshold Cryptography Workshop March 11–12, 2019 @ Canada 1% China 1% NIST Gaithersburg MD, USA Denmark 2% Belgium 9% Estonia 4% France 4% Israel 1% Italy 1% Switzerland 2% United States 75% NIST Gaithersburg www.nist.gov/image/surfgaithersburgjpg March 11-12, 2019 About 80 attendees A platform for open interaction: ◮ hear about experiences with threshold crypto; ◮ get to know stakeholders; ◮ get input to reflect on roadmap and criteria. https://csrc.nist.gov/Events/2019/NTCW19 18/30

  68. 4. Step 2: NTCW Format and content 19/30

  69. 4. Step 2: NTCW Format and content Accepted 15 external submissions: ◮ 2 panels ◮ 5 papers ◮ 8 presentations 19/30

  70. 4. Step 2: NTCW Format and content Accepted 15 external submissions: Plus: ◮ 2 panels ◮ 2 invited keynotes ◮ 5 papers ◮ 4 NIST talks ◮ 8 presentations ◮ 2 feedback moments 19/30

  71. 4. Step 2: NTCW Format and content Accepted 15 external submissions: Plus: ◮ 2 panels ◮ 2 invited keynotes ◮ 5 papers ◮ 4 NIST talks ◮ 8 presentations ◮ 2 feedback moments Videos, papers and presentations online at the NTCW webpage: https://csrc.nist.gov/Events/2019/NTCW19 19/30

  72. 4. Step 2: NTCW Format and content Accepted 15 external submissions: Plus: ◮ 2 panels ◮ 2 invited keynotes ◮ 5 papers ◮ 4 NIST talks ◮ 8 presentations ◮ 2 feedback moments Videos, papers and presentations online at the NTCW webpage: https://csrc.nist.gov/Events/2019/NTCW19 Discussion of diverse topics: ◮ threshold schemes in general (motivation and implementation feasibility); ◮ NIST standardization of cryptographic primitives ◮ a post-quantum threshold public-key encryption scheme; ◮ threshold signatures (adaptive security; elliptic curve digital signature algorithm); ◮ validation of cryptographic implementations; ◮ threshold circuit design (tradeoffs, pitfalls, combined attacks, verification tools); ◮ secret-sharing with leakage resilience; ◮ distributed symmetric-key encryption; ◮ applications and experience with threshold cryptography. 19/30

  73. 4. Step 2: NTCW Results 20/30

  74. 4. Step 2: NTCW Results A step in driving an open and transparent process towards standardization of threshold schemes for cryptographic primitives . (See NISTIR 7977) 20/30

  75. 4. Step 2: NTCW Results A step in driving an open and transparent process towards standardization of threshold schemes for cryptographic primitives . (See NISTIR 7977) Some notes: ◮ differences in granularity (building blocks vs. full functionalities); ◮ separation of single-device vs. multi-party; ◮ importance of envisioning applications; ◮ stakeholders’ willingness to contribute; ◮ usefulness of explaining rationale (e.g., as complimented for the NISTIR); ◮ encouragement to move forward. 20/30

  76. 4. Step 2: NTCW Results A step in driving an open and transparent process towards standardization of threshold schemes for cryptographic primitives . (See NISTIR 7977) Some notes: ◮ differences in granularity (building blocks vs. full functionalities); ◮ separation of single-device vs. multi-party; ◮ importance of envisioning applications; ◮ stakeholders’ willingness to contribute; ◮ usefulness of explaining rationale (e.g., as complimented for the NISTIR); ◮ encouragement to move forward. These elements are helpful for the next step ... designing a roadmap 20/30

  77. 5. Step 3: preliminary roadmap Outline 1. Introduction 2. Preliminaries 3. Step 1: NISTIR 4. Step 2: NTCW 5. Step 3: preliminary roadmap 6. Final remarks 21/30

  78. 5. Step 3: preliminary roadmap Preliminary roadmap (ongoing) We are writing a draft “preliminary roadmap” clker.com/clipart-15840.html 22/30

  79. 5. Step 3: preliminary roadmap Preliminary roadmap (ongoing) We are writing a draft “preliminary roadmap” (getting a map; deciding where to go; thinking how to get there) clker.com/clipart-15840.html 22/30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Toward Criteria for Standardization of Multi-Party Threshold Schemes for Cryptographic Primitives

Toward Criteria for Standardization of Multi-Party Threshold Schemes for Cryptographic Primitives

Toward Criteria for Standardization of Multi-Party Threshold Schemes for Cryptographic Primitives Lus T. A. N. Brando* Cryptographic Technology Group National Institute of Standards and Technology (Gaithersburg, USA) Presentation on August

828 views • 63 slides
The Role of External Quality Assessment Schemes The Role of External Quality Assessment Schemes

The Role of External Quality Assessment Schemes The Role of External Quality Assessment Schemes

The Role of External Quality Assessment Schemes The Role of External Quality Assessment Schemes for Laboratory Proficiency and Standardization for Laboratory Proficiency and Standardization Hans-Peter Grunert 1,2,3 , Vanessa Lindig 1,3 und Heinz

254 views • 13 slides
Confium: an open-source framework to support threshold cryptography standardization NIST MPTS

Confium: an open-source framework to support threshold cryptography standardization NIST MPTS

Confium: an open-source framework to support threshold cryptography standardization NIST MPTS 2020 November 5, 2020 Ronald Tse, Ribose Jointly prepared by Daniel Wyatt, Nickolay Olshevsky, Jeffrey Lau Mozilla Thunderbirds OpenPGP email is

392 views • 14 slides
Recent Schemes for X X Increasing the Quantum Z Z Fault-tolerance U L Threshold Ben

Recent Schemes for X X Increasing the Quantum Z Z Fault-tolerance U L Threshold Ben

Recent Schemes for X X Increasing the Quantum Z Z Fault-tolerance U L Threshold Ben Reichardt Berkeley Z Z X X X X Z Z Z X X X X Z X X Z Z Z Z Z X X X X Z X X Z Z Z X X Z Z Z X X X Z Z Z Z

333 views • 31 slides
Lets talk about multi-party threshold schemes Computer Security Division, N ational I nstitute

Lets talk about multi-party threshold schemes Computer Security Division, N ational I nstitute

Lets talk about multi-party threshold schemes Computer Security Division, N ational I nstitute of S tandards and T echnology (Gaithersburg, USA) Presentation* at MPTS 2020 NIST Workshop on M ulti- P arty T hreshold S chemes November 4, 2020,

738 views • 51 slides
( t,w ) Threshold schemes " A master key ! (e.g. for a Certificate Authority) is very very

( t,w ) Threshold schemes " A master key ! (e.g. for a Certificate Authority) is very very

( t,w ) Threshold schemes " A master key ! (e.g. for a Certificate Authority) is very very sensitive to exposure or loss exposure makes the whole system untrustable loss makes system inaccessible " extra copies increases

329 views • 4 slides
Threshold Automata: dynamics and complexity Studium Institute-Orleans Universidad Adolfo Ibanez-

Threshold Automata: dynamics and complexity Studium Institute-Orleans Universidad Adolfo Ibanez-

Threshold Automata: dynamics and complexity Studium Institute-Orleans Universidad Adolfo Ibanez- Chile LIFO-Universit dOrlans Antonio.chacc@gmail.com Topics: 1) Threshold Networks. 2) Updating schemes and dynamics over undirected

833 views • 47 slides
Securing DNSSEC Keys via Threshold ECDSA From Generic MPC Kris Shrishak TU Darmstadt, Germany

Securing DNSSEC Keys via Threshold ECDSA From Generic MPC Kris Shrishak TU Darmstadt, Germany

Securing DNSSEC Keys via Threshold ECDSA From Generic MPC Kris Shrishak TU Darmstadt, Germany November 6, 2020 NIST Workshop on Multi-Party Threshold Schemes 2020 Based on work published at ESORICS20 with Anders Dalskov, Marcel Keller,

775 views • 63 slides
Standardization Using Output Goal Tables Standardization Concepts The purpose of

Standardization Using Output Goal Tables Standardization Concepts The purpose of

Standardization Using Output Goal Tables Standardization Concepts The purpose of standardization is to reduce variability in fish catchability (q); a more constant q helps CPUE data track population trends more accurately Components to

413 views • 13 slides
Watershed Below TMDL Threshold At TMDL Threshold Above TMDL Threshold Water Quality Overview

Watershed Below TMDL Threshold At TMDL Threshold Above TMDL Threshold Water Quality Overview

Nantucket Harbor Watershed Below TMDL Threshold At TMDL Threshold Above TMDL Threshold Water Quality Overview Routine monitoring: June-September. Water quality, dissolved oxygen, algae, eelgrass. Work with State agencies to

631 views • 19 slides
TEST STANDARDIZATION: SOME PRACTICAL GUIDANCE Why standardization matters: a review LEARNING

TEST STANDARDIZATION: SOME PRACTICAL GUIDANCE Why standardization matters: a review LEARNING

TEST STANDARDIZATION: SOME PRACTICAL GUIDANCE Why standardization matters: a review LEARNING Impact of the testing setting POL and de-centralized testing on standardization examples considerations OBJECTIVES Systematically managing the

558 views • 20 slides
Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure countermeasure Against (first) order power analysis based on multi party computation and secret sharing 2 Outline Threshold Implementations

990 views • 58 slides
Protocols, Checklists and I HAVE NOTHING TO DISCLOSE Standardization Steven L. Clark, M.D.

Protocols, Checklists and I HAVE NOTHING TO DISCLOSE Standardization Steven L. Clark, M.D.

Protocols, Checklists and I HAVE NOTHING TO DISCLOSE Standardization Steven L. Clark, M.D. Texas Childrens Hospital/Baylor College of Medicine AUDIENCE RESPONSE QUESTION PROTOCOLS AND STANDARDIZATION Rationale for standardization How

266 views • 11 slides
Standardization Considerations Standardization Positioning for Town of Cary Parks, Recreation

Standardization Considerations Standardization Positioning for Town of Cary Parks, Recreation

Standardization Considerations Standardization Positioning for Town of Cary Parks, Recreation & Cultural Resources CURRENT SITUATION IMAGE CONTROL: CPRCR has so much to ofger, yet, the message of its programs, benefjts and ownership may

789 views • 21 slides
Updated and latest news from international standardization International ISO standardization

Updated and latest news from international standardization International ISO standardization

Updated and latest news from international standardization International ISO standardization seminar for the reliability technology and cost area. Statoil Business Centre, Stavanger, 26 April 2016 Runar steb, Advisor, Statoil ISO/TC 67/WG4

676 views • 18 slides
Threshold resummation far from threshold GGI, Firenze, September 7 th , 2011 Giovanni Ridolfi

Threshold resummation far from threshold GGI, Firenze, September 7 th , 2011 Giovanni Ridolfi

Threshold resummation far from threshold GGI, Firenze, September 7 th , 2011 Giovanni Ridolfi Universit` a di Genova and INFN Genova, Italy Plan of the talk: 1. When is threshold resummation relevant? 2. Ambiguities in resummed results

939 views • 69 slides
9

9

9

513 views • 25 slides
Statistical Inference for Incomplete Ranking Data: The Case of Rank-Dependent Coarsening Mohsen

Statistical Inference for Incomplete Ranking Data: The Case of Rank-Dependent Coarsening Mohsen

Statistical Inference for Incomplete Ranking Data: The Case of Rank-Dependent Coarsening Mohsen Ahmadi Fahandar 1 ullermeier 1 es Couso 2 Eyke H In 1 Intelligent Systems Group, Paderborn University, Germany 2 Department of Statistics,

485 views • 27 slides
Products Committee Aug 13, 2014 Agenda MIL-STD-129 / FED-STD-123 Discussion Greg Rollins, 1.

Products Committee Aug 13, 2014 Agenda MIL-STD-129 / FED-STD-123 Discussion Greg Rollins, 1.

Coalition General/Office Products Committee Aug 13, 2014 Agenda MIL-STD-129 / FED-STD-123 Discussion Greg Rollins, 1. Director, Center for Acquisition Support (QSAA), FAS, GSA DoD EMALL Rick Augustine, EMALL Supply 2. Representative,

254 views • 9 slides
Future Airspace Strategy Modernising the UK Airspace System FUTURE AIRSPACE STRATEGY DEPLOYMENT

Future Airspace Strategy Modernising the UK Airspace System FUTURE AIRSPACE STRATEGY DEPLOYMENT

Sustainable growth in Aviation is dependent on the modernisation of our Airspace System to tackle key areas inefficiency and generate significant benefits for passengers, industry and the environment. Future Airspace Strategy Modernising

782 views • 38 slides
CSCI 246 Class 8 ASYMPTOTIC NOTATION Quiz Questions Lecture 14: What is the Big- O

CSCI 246 Class 8 ASYMPTOTIC NOTATION Quiz Questions Lecture 14: What is the Big- O

CSCI 246 Class 8 ASYMPTOTIC NOTATION Quiz Questions Lecture 14: What is the Big- O notation for Euclids Algorithm runtime? Lecture 15: Show f(n) = 10n + 5 is in O(n 2 ) Notes Modified Office Hours Today Midterm

454 views • 16 slides
Regression analysis Tamuno Alfred, PhD Biostatistician DataCamp Designing and Analyzing

Regression analysis Tamuno Alfred, PhD Biostatistician DataCamp Designing and Analyzing

DataCamp Designing and Analyzing Clinical Trials in R DESIGNING AND ANALYZING CLINICAL TRIALS IN R Regression analysis Tamuno Alfred, PhD Biostatistician DataCamp Designing and Analyzing Clinical Trials in R Explanatory variables DataCamp

973 views • 65 slides
Decidability Decidability p.1/27 Topics Discuss the power of algorithms

Decidability Decidability p.1/27 Topics Discuss the power of algorithms

Decidability Decidability p.1/27 Topics Discuss the power of algorithms to solve problems Demonstrate that some problems can be solved by algorithms while other cannot Explore the limits of algorithmic solvability

477 views • 27 slides
St Josephs Institution Junior A Lasallian school of the

St Josephs Institution Junior A Lasallian school of the

St Josephs Institution Junior A Lasallian school of the brothers P4 Technology Integration Outline Rationale for the Technology Integration How does it look like in the class Cost and Financing

701 views • 34 slides

More recommend