a new look at counters don t run like marathon in a
play

A New Look at Counters: Dont Run Like Marathon in a Hundred Meter - PowerPoint PPT Presentation

Nov 24, 2023 •258 likes •673 views

A New Look at Counters: Dont Run Like Marathon in a Hundred Meter Race Directions in Authenticated Ciphers 16, Nagoya Avijit Dutta, Ashwin Jha and Mridul Nandi September 27, 2016 Indian Statistical Institute Kolkata Counters in

  1. A New Look at Counters: Don’t Run Like Marathon in a Hundred Meter Race Directions in Authenticated Ciphers ’16, Nagoya Avijit Dutta, Ashwin Jha and Mridul Nandi September 27, 2016 Indian Statistical Institute Kolkata

  2. Counters in Cryptography Classical View: • Prevents collisions on the inputs to the underlying primitive. • Encoded within message blocks: HAIFA , XORMAC , LightMAC . 1 ⟨ 0 ⟩ s , ⟨ 1 ⟩ s , ⟨ 2 ⟩ s , ⟨ 3 ⟩ s , . . . , ⟨ 2 s − 1 ⟩ s where ⟨ i ⟩ s is the s -bits binary representation of i for some fixed s . • Standalone input: CTR mode, HAIFA , GCM , SIV .

  3. log 2 L , L being Counter-Based Input Encoding Injective: X j X i j i Blockwise Collision-free: Security Needs M t n n f 2 n n M X n X Rate signifies Efficiency rate STD n s n where s the maximum permissible message length. Example For n 128 and s 64, the rate is 0 5 for any message lengths. Can we have better rate for smaller messages? M 2 X 1 n X 2 X b n f 1 f 1 n f 1 CTR n n − ℓ − n − n − n ⟨ 1 ⟩ s ∥ M 1 ⟨ 2 ⟩ s ∥ M 2 ⟨ b ⟩ s ∥ M b · · · X := � �� � � �� � � �� � − − − − − − | · · · | | |

  4. Counter-Based Input Encoding Security Needs n M n n n n f 2 n n t Blockwise Collision-free: n Injective: Rate signifies Efficiency n the maximum permissible message length. Example For n 128 and s 64, the rate is 0 5 for any message lengths. Can we have better rate for smaller messages? n n 2 f 1 X b X 1 X 2 CTR f 1 f 1 − ℓ ∀ i ̸ = j , X i ̸ = X j . − n − n − n ∀ M ̸ = M ′ , X ̸ = X ′ . ⟨ 1 ⟩ s ∥ M 1 ⟨ 2 ⟩ s ∥ M 2 ⟨ b ⟩ s ∥ M b · · · X := � �� � � �� � � �� � − − − rate STD = n − s where s = log 2 L , L being − − − | · · · | | |

  5. Counter-Based Input Encoding n n M n n n n n f 2 n t n Security Needs Blockwise Collision-free: Injective: Rate signifies Efficiency n the maximum permissible message length. Example Can we have better rate for smaller messages? n 2 f 1 CTR X 2 X b X 1 f 1 f 1 − ℓ ∀ i ̸ = j , X i ̸ = X j . − n − n − n ∀ M ̸ = M ′ , X ̸ = X ′ . ⟨ 1 ⟩ s ∥ M 1 ⟨ 2 ⟩ s ∥ M 2 ⟨ b ⟩ s ∥ M b · · · X := � �� � � �� � � �� � − − − rate STD = n − s where s = log 2 L , L being − − − | · · · | | | For n = 128 and s = 64, the rate is 0 . 5 for any message lengths.

  6. approximation of STD opt in this case? STD opt : Length Dependent Counter Scheme n Comparison Catch What if we don’t know the length? Can we have a close 3 • Computes the optimal counter size ( ≈ log 2 ℓ ) for the given message length ℓ . rate STD opt = n − log 2 ℓ • For ℓ < L , rate STD opt > rate STD . For n = 128 bits and ℓ = 2 10 bits, the rate is 0 . 92.

  7. STD opt : Length Dependent Counter Scheme n Comparison Catch What if we don’t know the length? Can we have a close 3 • Computes the optimal counter size ( ≈ log 2 ℓ ) for the given message length ℓ . rate STD opt = n − log 2 ℓ • For ℓ < L , rate STD opt > rate STD . For n = 128 bits and ℓ = 2 10 bits, the rate is 0 . 92. approximation of STD opt in this case?

  8. A Race over Unknown Distance 200 m 400 m 10000 m 4

  9. A Race over Unknown Distance 200 m 400 m 10000 m 4

  10. A Race over Unknown Distance 200 m 400 m 10000 m 4

  11. A Race over Unknown Distance 200 m 400 m 10000 m 4

  12. A Race over Unknown Distance 5

  13. A Race over Unknown Distance 5

  14. A Race over Unknown Distance 5

  15. A Candidate Length Independent Counter • Length Independent. • rate rate STD opt . • But, is this blockwise collision-free? Trivial Collision For n 8 and M 0 abcdefghijklmabcdef we have X 1 00 abcdef X 2 1 ghijklm and X 3 00 abcdef . Clearly, X 1 X 3 . 6 0 , 1 , 00 , 01 , 10 , 11 , 000 . . .

  16. A Candidate Length Independent Counter 8 and M X 3 . 00 abcdef . Clearly, X 1 1 ghijklm and X 3 00 abcdef X 2 X 1 0 abcdefghijklmabcdef we have For n Trivial Collision • But, is this blockwise collision-free? rate STD opt . • rate • Length Independent. 6 0 , 1 , 00 , 01 , 10 , 11 , 000 . . . ✓

  17. A Candidate Length Independent Counter 8 and M X 3 . 00 abcdef . Clearly, X 1 1 ghijklm and X 3 00 abcdef X 2 X 1 0 abcdefghijklmabcdef we have For n Trivial Collision • But, is this blockwise collision-free? • Length Independent. 6 0 , 1 , 00 , 01 , 10 , 11 , 000 . . . ✓ • rate > rate STD opt . ✓

  18. A Candidate Length Independent Counter 8 and M X 3 . 00 abcdef . Clearly, X 1 1 ghijklm and X 3 00 abcdef X 2 X 1 0 abcdefghijklmabcdef we have For n Trivial Collision • But, is this blockwise collision-free? • Length Independent. 6 0 , 1 , 00 , 01 , 10 , 11 , 000 . . . ✓ • rate > rate STD opt . ✓ ✗

  19. A Candidate Length Independent Counter • Length Independent. • But, is this blockwise collision-free? Trivial Collision 6 0 , 1 , 00 , 01 , 10 , 11 , 000 . . . ✓ • rate > rate STD opt . ✓ ✗ For n = 8 and M := 0 abcdefghijklmabcdef we have X 1 = 00 abcdef , X 2 = 1 ghijklm , and X 3 = 00 abcdef . Clearly, X 1 = X 3 .

  20. log 2 log 2 L , for L 2 64 bits, and 2 10 bits, the rate is 0.89. VAR: Message Length Independent Counter n 128 bits, L For n Comparison n log 2 2 r n . rate VAR • Add a small fixed length (r) counter that gets updated with the c n 2 n 2 c n • r • Blockwise Collision-free and Injective. • Length Independent. change in counter size. 7 000 , 001 , 0100 , . . . , 0111 , 10000 , . . . , 10111 , 110000 , . . .

  21. log 2 log 2 L , for L 2 64 bits, and 2 10 bits, the rate is 0.89. VAR: Message Length Independent Counter rate VAR 128 bits, L For n Comparison n log 2 2 r n c n n . • Add a small fixed length (r) counter that gets updated with the 2 n 2 c n • r • Blockwise Collision-free and Injective. • Length Independent. change in counter size. 7 000 , 001 , 0100 , . . . , 0111 , 10000 , . . . , 10111 , 110000 , . . . ✓ ✓

  22. VAR: Message Length Independent Counter • Add a small fixed length (r) counter that gets updated with the change in counter size. • Length Independent. • Blockwise Collision-free and Injective. n n Comparison 7 000 , 001 , 0100 , . . . , 0111 , 10000 , . . . , 10111 , 110000 , . . . ✓ ✓ • r ≈ log 2 log 2 L , for L < 2 c ( n ) , 2 ≤ c ( n ) < n . rate VAR ≈ n − r + 2 − log 2 ℓ For n = 128 bits, L = 2 64 bits, and ℓ = 2 10 bits, the rate is 0.89.

  23. Counter Function Family (CFF) Definition: fixed length CFF; variable length CFF otherwise. What can we say about the security relevant properties? 8 CTR is a family of counter functions { ctr ℓ : ℓ ≤ L } where ∀ ℓ ≤ L , ctr ℓ : N → { 0 , 1 } < n . • Length Independent: For STD counter function family std ℓ ( i ) = ⟨ i ⟩ s , ∀ ℓ, i . • Length Dependent: For STD opt counter function family opt ℓ ( i ) = ⟨ i ⟩ log 2 ℓ , ∀ ℓ, i . • For a given ℓ , if ∀ i ̸ = j , | ctr ℓ ( i ) | = | ctr ℓ ( j ) | , we say that CTR is a

  24. Counter Function Family (CFF) Definition: fixed length CFF; variable length CFF otherwise. What can we say about the security relevant properties? 8 CTR is a family of counter functions { ctr ℓ : ℓ ≤ L } where ∀ ℓ ≤ L , ctr ℓ : N → { 0 , 1 } < n . • Length Independent: For STD counter function family std ℓ ( i ) = ⟨ i ⟩ s , ∀ ℓ, i . • Length Dependent: For STD opt counter function family opt ℓ ( i ) = ⟨ i ⟩ log 2 ℓ , ∀ ℓ, i . • For a given ℓ , if ∀ i ̸ = j , | ctr ℓ ( i ) | = | ctr ℓ ( j ) | , we say that CTR is a

  25. M i and b Prefix-free and Injective CFFs b What about injective property? prefix-free CFF. CTR is a blockwise collision-free encoding if and only if it is CTR is a Blockwise Collision-free Lemma: Prefix-free n ctr i n 1 i is the least integer b that satisfies, 1 Prefix-free: ctr i X i , where each X b X 1 length message M , CTR M For any CFF as an Encoding Function: CTR is prefix-free if 9 ∀ ℓ ≤ L , ∀ i ̸ = j ∈ b ( ℓ ) , ctr ℓ ( i ) is not a prefix of ctr ℓ ( j ) .

  26. Prefix-free and Injective CFFs Prefix-free: What about injective property? prefix-free CFF. CTR is a blockwise collision-free encoding if and only if it is CTR is a Blockwise Collision-free Lemma: Prefix-free 9 CFF as an Encoding Function: b CTR is prefix-free if ∀ ℓ ≤ L , ∀ i ̸ = j ∈ b ( ℓ ) , ctr ℓ ( i ) is not a prefix of ctr ℓ ( j ) . For any ℓ length message M , CTR ( M ) = ( X 1 , . . . , X b ( ℓ ) ) , where each X i = ctr ℓ ( i ) ∥ M i and b ( ℓ ) is the least integer b that satisfies, ∑ ℓ + 1 ≤ ( n − | ctr ℓ ( i ) | ) ≤ ℓ + n . i = 1

  27. Prefix-free and Injective CFFs Prefix-free: What about injective property? prefix-free CFF. CTR is a blockwise collision-free encoding if and only if it is CTR is a b CFF as an Encoding Function: CTR is prefix-free if 9 ∀ ℓ ≤ L , ∀ i ̸ = j ∈ b ( ℓ ) , ctr ℓ ( i ) is not a prefix of ctr ℓ ( j ) . For any ℓ length message M , CTR ( M ) = ( X 1 , . . . , X b ( ℓ ) ) , where each X i = ctr ℓ ( i ) ∥ M i and b ( ℓ ) is the least integer b that satisfies, ∑ ℓ + 1 ≤ ( n − | ctr ℓ ( i ) | ) ≤ ℓ + n . i = 1 Lemma: Prefix-free ⇔ Blockwise Collision-free

Recommend

Timers and Counters Hardware Timing, Counters What are Timers/Counters Hardware provided

Timers and Counters Hardware Timing, Counters What are Timers/Counters Hardware provided

Timers and Counters Hardware Timing, Counters What are Timers/Counters Hardware provided module which counts Timers count clock cycles Counters count arbitrary signal change Counts up to threshold then sets interrupt flag CPU

328 views • 31 slides
Hardware Counters for non-Intel Systems (and tools for Frontier) AMD CPU Counters @Gruber

Hardware Counters for non-Intel Systems (and tools for Frontier) AMD CPU Counters @Gruber

Hardware Counters for non-Intel Systems (and tools for Frontier) AMD CPU Counters @Gruber (LIKWID) the PFM hardware unit hasnt changed in years IBS still works some counters lie (important ones like vector ops and

422 views • 6 slides
LA Marathon-SRLA Presentation Marathon Pacing Strategies Pacing Strategies Getting Started

LA Marathon-SRLA Presentation Marathon Pacing Strategies Pacing Strategies Getting Started

LA Marathon-SRLA Presentation Marathon Pacing Strategies Pacing Strategies Getting Started Choose your marathon goal Consider training technique Factor in race Conditions Getting Started-Marathon Goal Goal #1 Just finish

145 views • 10 slides
High resolution frequency counters E. Rubiola FEMTO-ST Institute, CNRS and Universit de

High resolution frequency counters E. Rubiola FEMTO-ST Institute, CNRS and Universit de

High resolution frequency counters E. Rubiola FEMTO-ST Institute, CNRS and Universit de Franche Comt 28 May 2008 Outline 1. Digital hardware 2. Basic counters 3. Microwave counters 4. Interpolation time-interval amplifier

565 views • 53 slides
TRAILS NORTH SYMPOSIUM 2016 MARATHON SNO-KICKERS The Marathon Sno-Kickers is a volunteer

TRAILS NORTH SYMPOSIUM 2016 MARATHON SNO-KICKERS The Marathon Sno-Kickers is a volunteer

TRAILS NORTH SYMPOSIUM 2016 MARATHON SNO-KICKERS The Marathon Sno-Kickers is a volunteer snowmobile club who are part of the Ontario Federation of Snowmobile Clubs and Algoma Snow Plan Affiliation. History of Marathon Sno-Kickers The club

845 views • 20 slides
Techniques for Digital Systems Registers, shift registers, counters SOURCE:

Techniques for Digital Systems Registers, shift registers, counters SOURCE:

CSE140L: Components and Design Techniques for Digital Systems Registers, shift registers, counters SOURCE: http://www.pitt.edu/~kmram/132/lectures/registers+counters.pdf 1 Sources: TSR, Katz, Boriello &amp; Vahid D Latch Truth Table CLK R

200 views • 15 slides
MARATHON TR TRAINING MIKE IKE GRATTON LONDON MARATHON WIN INNER 1983 BACKGROUND 1967:

MARATHON TR TRAINING MIKE IKE GRATTON LONDON MARATHON WIN INNER 1983 BACKGROUND 1967:

MARATHON TR TRAINING MIKE IKE GRATTON LONDON MARATHON WIN INNER 1983 BACKGROUND 1967: British Forces Schools 800m 2 nd 2:10 / age 13 1970: English Schools Inter 1,500m 7 th 4.07 /age 15 1974: English Schools Senior

318 views • 13 slides
A training guide for women with diabetes Katherine Clark Dr Kate Bramham Preparation for the

A training guide for women with diabetes Katherine Clark Dr Kate Bramham Preparation for the

PREGNANCY: THE KIDNEY MARATHON A training guide for women with diabetes Katherine Clark Dr Kate Bramham Preparation for the marathon Running the Marathon Finishing the marathon Diabetic nephropathy and pregnancy the perfect storm Poor

979 views • 81 slides
On the measurement of frequency and of its sample variance with high-resolution counters Enrico

On the measurement of frequency and of its sample variance with high-resolution counters Enrico

1 E. Rubiola &amp; Al. High-res. counters On the measurement of frequency and of its sample variance with high-resolution counters Enrico Rubiola#, Franois Vernotte%, Vincent Giordano# # FEMTO-ST Institute, Dept. LPMO, Besanon, France %

258 views • 15 slides
COUNTERS REMOTE LDL-xxx-06/26 LNL-xxx-27 LGL-xxx-27 LDL-xxx-06 LDL-xxx-06 LDL-xxx-06

COUNTERS REMOTE LDL-xxx-06/26 LNL-xxx-27 LGL-xxx-27 LDL-xxx-06 LDL-xxx-06 LDL-xxx-06

REMOTE COLLECTION COUNTERS REMOTE LDL-xxx-06/26 LNL-xxx-27 LGL-xxx-27 LDL-xxx-06 LDL-xxx-06 LDL-xxx-06 LDL-xxx-06 Possibility of connecting in one line with low multidecks LDL-xxx-07 LDL-xxx-07 LDL-xxx-07 LDL-xxx-07 LDL-xxx-07

1k views • 82 slides
Counter/Timers Overview ATmega328P has two _____ and one ______ counters. Can configure to

Counter/Timers Overview ATmega328P has two _____ and one ______ counters. Can configure to

13.1 13.2 Counter/Timers Overview ATmega328P has two _____ and one ______ counters. Can configure to count at some frequency up to some value (a.k.a. ________________), generate an _____________ Unit 13 Timers and Counters and

646 views • 5 slides
REPRESENTING THE UNIVERSITY OF JOHANNESBURG AT THE SHELL ECO-MARATHON CONTENTS 01 The Shell

REPRESENTING THE UNIVERSITY OF JOHANNESBURG AT THE SHELL ECO-MARATHON CONTENTS 01 The Shell

REPRESENTING THE UNIVERSITY OF JOHANNESBURG AT THE SHELL ECO-MARATHON CONTENTS 01 The Shell Eco-marathon 02 Introduction 03 Technical Aspects 04 Technical Budget 05 Sponsorships 06 Multi-Disciplinary Team 07 Off Track Awards 08 Exposure

234 views • 20 slides
Winter School Day 3: Decoding / Phrase-based models MT Marathon 28 January 2009 MT Marathon

Winter School Day 3: Decoding / Phrase-based models MT Marathon 28 January 2009 MT Marathon

Winter School Day 3: Decoding / Phrase-based models MT Marathon 28 January 2009 MT Marathon Spring School, Lecture 3 28 January 2009 1 Statistical Machine Translation Components: Translation model, language model, decoder

572 views • 53 slides
Learning Outcomes I understand the control inputs to counters I can design logic to control

Learning Outcomes I understand the control inputs to counters I can design logic to control

2-2.1 2-2.2 Learning Outcomes I understand the control inputs to counters I can design logic to control the inputs of Spiral 2-2 counters to create a desired count sequence I understand how smaller adder blocks can be combined to

401 views • 16 slides
Scintillation Counters Unlike many other particle detectors, which exploit the ionisation produced

Scintillation Counters Unlike many other particle detectors, which exploit the ionisation produced

Detectors for Nuclear and Particle Physics Scintillation Counters Unlike many other particle detectors, which exploit the ionisation produced by the passage of a charged particle, scintillation counters rely on the atomic or molecular excitation

331 views • 5 slides
Docker &amp; Mesos/Marathon in production at OVH Balthazar Rouberol https://ovh.to/6bRrkAn 1

Docker &amp; Mesos/Marathon in production at OVH Balthazar Rouberol https://ovh.to/6bRrkAn 1

Docker &amp; Mesos/Marathon in production at OVH Balthazar Rouberol https://ovh.to/6bRrkAn 1 About Docker at OVH 2014-2015: Home-made container orchestrator, Sailabove, based on LXC 2016: Switch to Docker &amp; Mesos/Marathon 6

487 views • 19 slides
ABBOTT World Marathon Majors 2 To provide global leadership in elite and mass participation

ABBOTT World Marathon Majors 2 To provide global leadership in elite and mass participation

ABBOTT World Marathon Majors 2 To provide global leadership in elite and mass participation marathons The Abbott World Marathon Majors is a series of six of the largest and most renowned marathons in the world: 1. Tokyo Marathon 2. Boston

470 views • 12 slides
Group of Seven Lake Superior Trail Pic Island by Lawren Harris Marathon The Group of Seven

Group of Seven Lake Superior Trail Pic Island by Lawren Harris Marathon The Group of Seven

Group of Seven Lake Superior Trail Pic Island by Lawren Harris Marathon The Group of Seven Canadian Landscape Painters in Marathon from 1921 - 1928 The Proposed Route of Group of Seven Trail Phase One Current Activities: Created of

364 views • 17 slides
EASM 2014 match-up hypothesis lies in advertising research that examined the impact of different

EASM 2014 match-up hypothesis lies in advertising research that examined the impact of different

ASSESSING THE RELATIONSHIPS BETWEEN IMAGE CONGRUENCE, TOURIST SATISFACTION, AND REVISITING INTENTION IN MARATHON TOURISM: THE CASE OF SHANGHAI INTERNATIONAL MARATHON Submitting author: Dr Luke Lunhua Mao University of New Mexico, Health,

73 views • 3 slides
Proportional Counters, CCDs and Polarimeters Joe Hill USRA/CRESST NASA Goddard Spaceflight

Proportional Counters, CCDs and Polarimeters Joe Hill USRA/CRESST NASA Goddard Spaceflight

Proportional Counters, CCDs and Polarimeters Joe Hill USRA/CRESST NASA Goddard Spaceflight Center Outline The Ideal Detector X-ray Astronomy Early History Proportional Counters CCDs Polarimeters What characteristics would

615 views • 48 slides
Practical Application of NEBA in the Decommissioning World Louisa Dunn, Marathon Oil 21 st

Practical Application of NEBA in the Decommissioning World Louisa Dunn, Marathon Oil 21 st

Practical Application of NEBA in the Decommissioning World Louisa Dunn, Marathon Oil 21 st October 2016 Introduction to Marathon Oil U.K. 2 Brae Platforms Brae Alpha East Brae Brae Bravo 3 Application of Net Environmental Benefit Analysis

706 views • 24 slides
Luminescence free counting of 3 H facilitated by Hidex 300 SL/600 SL TDCR triple coincidence

Luminescence free counting of 3 H facilitated by Hidex 300 SL/600 SL TDCR triple coincidence

Luminescence free counting of 3 H facilitated by Hidex 300 SL/600 SL TDCR triple coincidence counters Risto Juvonen LSC 2017 Copenhagen, 4.5.2017 Hidex 300 SL and 600 SL Automatic TDCR Liquid Scintillation Counters Automatic vial counters

255 views • 11 slides
Chapter 8 Properties of counters Abstract Datatypes We might also require that our

Chapter 8 Properties of counters Abstract Datatypes We might also require that our

Ch.8: Abstract Datatypes Ch.8: Abstract Datatypes Plan Plan Chapter 8 Properties of counters Abstract Datatypes We might also require that our representation should satisfy some obvious properties. The following should hold for any counters

107 views • 10 slides
History Ancient Greece Year One History | UKS2 | Ancient Greece | The Battle of Marathon Ai Aim

History Ancient Greece Year One History | UKS2 | Ancient Greece | The Battle of Marathon Ai Aim

History Ancient Greece Year One History | UKS2 | Ancient Greece | The Battle of Marathon Ai Aim I can compare the different city states. I can write an account of the Battle of Marathon from the point of view of a key eye witness.

543 views • 17 slides

More recommend