gr bner bases a tools for cryptology
play

Grbner Bases: a Tools for Cryptology Jean-Charles Faugre PolSys - - PowerPoint PPT Presentation

Feb 03, 2024 •214 likes •1.26k views

Grbner Bases: a Tools for Cryptology Jean-Charles Faugre PolSys - INRIA/UPMC ECRYPT II Summer School on Tools 2012 Plan Grbner Bases: a Tools for Cryptology Introduction to Algebraic Cryptanalysis and Grbner bases. Part I

  1. F5: compute Groebner ( � f 1 , . . . , f k � ) , d + 1 ) Matrix in degree d m 1 m 2 m 3 m 4 m 5 . . . u 1 f 1 1 x x x x   . . . . ...   Matrix in degree d + 1 .   . 0 x x x   . . .   u r 1 f 1 0 0 1 x x   t 1 t 2 t 3 t 4 t 5 . . .   . . .   . . . . . .     . . . . . . .   . . . . . . .    . . .  .   v rk − 1 f k − 1 0 0 1 x x . . .      . . .  w 1 x j f k 0 1 x x x   . . .           w 1 x j + 1 f k 0 0 1 x x   w 1 f k 0 0 0 1 x    . . .  . . .         . . . . . . .   w 2 f k 0 0 0 0 1 . . . . . . .   . . . .  . . . . . .    w 1 x n f k  0 0 0 1 x   . . .    . α j w 1 = x α 1   if · · · x . 1 j . . . .

  2. F5: compute Groebner ( � f 1 , . . . , f k � ) , d + 1 ) Matrix in degree d m 1 m 2 m 3 m 4 m 5 . . . u 1 f 1 1 x x x x   . . . . ...   Matrix in degree d + 1 .   . 0 x x x   . . .   u r 1 f 1 0 0 1 x x   t 1 t 2 t 3 t 4 t 5 . . .   . . .   . . . . . .     . . . . . . .   . . . . . . .    . . .  .   v rk − 1 f k − 1 0 0 1 x x . . .      . . .  w 1 x j f k 0 1 x x x   . . .           w 1 x j + 1 f k 0 0 1 x x   w 1 f k 0 0 0 1 x    . . .  . . .         . . . . . . .   w 2 f k 0 0 0 0 1 . . . . . . .   . . . .  . . . . . .    w 1 x n f k  0 0 0 1 x   . . .    . α j w 1 = x α 1   if · · · x . 1 j . . . . Remove w 1 x j + 1 f k iff w 1 x j + 1 ∈ LT ( � f 1 , . . . , f k − 1 � )

  3. F5: compute Groebner ( � f 1 , . . . , f k � ) , d + 1 ) Matrix in degree d m 1 m 2 m 3 m 4 m 5 . . . u 1 f 1 1 x x x x   . . . . ...   Matrix in degree d + 1 .   . 0 x x x   . . .   u r 1 f 1 0 0 1 x x   t 1 t 2 t 3 t 4 t 5 . . .   . . .   . . . . . .     . . . . . . .   . . . . . . .    . . .  .   v rk − 1 f k − 1 0 0 1 x x . . .      . . .  w 1 x j f k 0 1 x x x   . . .           w 1 x j + 1 f k 0 0 1 x x   w 1 f k 0 0 0 1 x    . . .  . . .         . . . . . . .   w 2 f k 0 0 0 0 1 . . . . . . .   . . . .  . . . . . .    w 1 x n f k  0 0 0 1 x   . . .    . α j w 1 = x α 1   if · · · x . 1 j . . . . Remove w 1 x j + 1 f k iff w 1 x j + 1 ∈ LT ( Groebner ( � f 1 , . . . , f k − 1 � ) , d − 1 )

  4. Structure inside Gröbner basis computation F 4 / F 5 algorithms develop specifjc linear algebra algorithms and implementations. linear algebra: a key step for Gröbner bases � take into account the specific properties of the matrices. Minrank: [Issac 2010] 935s − → [Pasco 2010] 73s

  5. Sparse and Fast FGLM joint work with C. Mou, L. Huot, P. Gaudry, PJ Spaenlehauer Use the sparsity Fast asymptotic version of FGLM

  6. FGLM - Bottleneck with C. Mou Input System Buchberger F 4 / F 5 rely on linear algebra Gröbner Basis: total degree FGLM: ≈ minimal polynomial Bottleneck! of some matrix Gröbner Basis: lexicographical

  7. FGLM - Bottleneck with C. Mou Input System Buchberger F 4 / F 5 rely on linear algebra Gröbner Basis: total degree FGLM: ≈ minimal polynomial Bottleneck! of some matrix Gröbner Basis: lexicographical MinRank(9,7,4) MinRank(9,8,5) Random(14, 2) Random(15, 2) Magma 2 14 2 15 D 4116 14112 Step 1 208.1s 3343.5s 7832.4s 74862.9s Step 2 1360.4s > 1 day 84374.6s > 15 days

  8. FGLM - Bottleneck with C. Mou Input System Buchberger F 4 / F 5 rely on linear algebra Gröbner Basis: total degree FGLM: ≈ minimal polynomial Bottleneck! of some matrix Gröbner Basis: lexicographical MinRank(9,7,4) MinRank(9,8,5) Random(14, 2) Random(15, 2) Magma 2 14 2 15 D 4116 14112 Step 1 208.1s 3343.5s 7832.4s 74862.9s Step 2 1360.4s > 1 day 84374.6s > 15 days Goal : a faster algorithm for the change of ordering

  9. FGLM in a nutshell Input: some Gröbner basis G 1 of I for some order < 1 D is the number of solutions NormalForm ( f ) = 0 ⇔ f ∈ I Step 1: Compute B = [ b 1 , . . . , b D ] , the canonical basis of K [ x 1 , . . . , x n ] / � G 1 � ordered according to < 1 Step 2: Construct multiplication matrices T i Multiplication matrix by x i : ( D × D ) -matrix represent: b j �− → NormalForm ( x i b j ) , j = 1 , . . . , D . ◮ change of ordering ⇋ linear algebra on T i

  10. FGLM in a nutshell Step 3: Handles terms in K [ x 1 , . . . , x n ] one by one according to < 2

  11. FGLM in a nutshell Step 3: Handles terms in K [ x 1 , . . . , x n ] one by one according to < 2 coordinate vector monomial x s v s = T s 1 1 ∙ ∙ ∙ T s n ⇒ n 1 , = s = ( s 1 , . . . , s n ) where 1 = ( 1 , 0 , . . . , 0 ) t x k ⇒ = T k 1 1 1

  12. FGLM in a nutshell Step 3: Handles terms in K [ x 1 , . . . , x n ] one by one according to < 2 coordinate vector monomial x s v s = T s 1 1 ∙ ∙ ∙ T s n ⇒ n 1 , = s = ( s 1 , . . . , s n ) where 1 = ( 1 , 0 , . . . , 0 ) t x k ⇒ = T k 1 1 1 a polynomial in G 2 a linear dependency f = � � s c s x s ⇐ = s c s v s = 0 � � i λ i x k 1 ∈ I ⇐ = i λ i T k 1 1 = 0

  13. FGLM in a nutshell Step 3: Handles terms in K [ x 1 , . . . , x n ] one by one according to < 2 coordinate vector monomial x s v s = T s 1 1 ∙ ∙ ∙ T s n ⇒ n 1 , = s = ( s 1 , . . . , s n ) where 1 = ( 1 , 0 , . . . , 0 ) t x k ⇒ = T k 1 1 1 a polynomial in G 2 a linear dependency f = � � s c s x s ⇐ = s c s v s = 0 � � i λ i x k 1 ∈ I ⇐ = i λ i T k 1 1 = 0 � change of ordering ⇋ linear algebra � O ( nD 3 ) : Gaussian elimination

  14. Sparse FGLM: Key observation 1 with C. Mou T 1 , . . . , T n are sparse, especially T 1 . DLP MinRank Cyclic10 Edwards (9,9,6) D 4096 34940 41580 Sparsity 3.4% 1.0% 16% Random(3, 14) Random(3, 40) D 2744 64000 Sparsity 4.2% 1.6% T 1 for Random(3, 10): 1000 × 1000, 6 . 86 %

  15. Sparse FGLM: Key observation 1 with C. Mou T 1 , . . . , T n are sparse, especially T 1 . DLP MinRank Cyclic10 Edwards (9,9,6) D 4096 34940 41580 Sparsity 3.4% 1.0% 16% Random(3, 14) Random(3, 40) D 2744 64000 Sparsity 4.2% 1.6% Theorem (F., Mou, 2011) n is fixed. For generic polynomial systems of degree d: � 6 1 T 1 for Random(3, 10): 1000 × 1000, 6 . 86 % % of nonzero entries ∼ d →∞ 1 π d n 2

  16. Density: theoretical bound vs practice Density of T 1 10% Random equations of degree d in 3 variables Theoretical bound 5% 3% Experimental Sparsity 1% d 10 20 30 40

  17. First case: Shape position case Assume that I is in shape position: Shape position [Becker, Mora, Marinari, and Traverso 1994] Ideal I ⊂ K [ x 1 , . . . , x n ] is in shape position if its Gröbner basis w.r.t. LEX ( x 1 < ∙ ∙ ∙ < x n ) is of the form [ f 1 ( x 1 ) , x 2 − f 2 ( x 1 ) , . . . , x n − f n ( x 1 )] .

  18. First case: Shape position case Shape position [Becker, Mora, Marinari, and Traverso 1994] Ideal I ⊂ K [ x 1 , . . . , x n ] is in shape position if its Gröbner basis w.r.t. LEX ( x 1 < ∙ ∙ ∙ < x n ) is of the form [ f 1 ( x 1 ) , x 2 − f 2 ( x 1 ) , . . . , x n − f n ( x 1 )] . Recover f 1 : Wiedemann algorithm Construct s = [ � r , T i 1 1 � : i = 0 , . . . , 2 D − 1 ] , with r a random vector ⇓ Compute ˜ f 1 from s via Berlekamp–Massey algorithm ⇓ Check deg (˜ f 1 ) = D

  19. First case: Shape position case Shape position [Becker, Mora, Marinari, and Traverso 1994] Ideal I ⊂ K [ x 1 , . . . , x n ] is in shape position if its Gröbner basis w.r.t. LEX ( x 1 < ∙ ∙ ∙ < x n ) is of the form [ f 1 ( x 1 ) , x 2 − f 2 ( x 1 ) , . . . , x n − f n ( x 1 )] . Recover f 1 : Wiedemann algorithm Construct s = [ � r , T i 1 1 � : i = 0 , . . . , 2 D − 1 ] , with r a random vector ⇓ Compute ˜ f 1 from s via Berlekamp–Massey algorithm ⇓ Check deg (˜ f 1 ) = D � shape position

  20. Shape position case Suppose f i = � D − 1 k = 0 c i , k x k 1 ( for i = 2 , . . . , n ) Recover f 2 , . . . , f n : constructing linear equations NormalForm ( x i − � D − 1 k = 0 c i , k x k 1 ) = 0 ⇓ T i 1 = � D − 1 k = 0 c i , k ∙ T k 1 1 ⇓ 1 T i 1 � = � D − 1 � r , T j k = 0 c i , k ∙ � r , T k + j 1 � , j = 0 , . . . , D − 1 1 � 1 ) j r , T i 1 � = � D − 1 � ( T t k = 0 c i , k ∙ � ( T t 1 ) k + j r , 1 � , j = 0 , . . . , D − 1

  21. Shape position case Suppose f i = � D − 1 k = 0 c i , k x k 1 ( for i = 2 , . . . , n ) Recover f 2 , . . . , f n : constructing linear equations NormalForm ( x i − � D − 1 k = 0 c i , k x k 1 ) = 0 ⇓ 1 T i 1 = � D − 1 T j k = 0 c i , k ∙ T j 1 T k 1 1 ⇓ 1 T i 1 � = � D − 1 � r , T j k = 0 c i , k ∙ � r , T k + j 1 � , j = 0 , . . . , D − 1 1 � 1 ) j r , T i 1 � = � D − 1 � ( T t k = 0 c i , k ∙ � ( T t 1 ) k + j r , 1 � , j = 0 , . . . , D − 1

  22. Shape position case Suppose f i = � D − 1 k = 0 c i , k x k 1 ( for i = 2 , . . . , n ) Recover f 2 , . . . , f n : constructing linear equations NormalForm ( x i − � D − 1 k = 0 c i , k x k 1 ) = 0 ⇓ 1 T i 1 = � D − 1 T j k = 0 c i , k ∙ T j 1 T k 1 1 ⇓ 1 T i 1 � = � D − 1 � r , T j k = 0 c i , k ∙ � r , T k + j 1 � , j = 0 , . . . , D − 1 1 � 1 ) j r , T i 1 � = � D − 1 � ( T t k = 0 c i , k ∙ � ( T t 1 ) k + j r , 1 � , j = 0 , . . . , D − 1

  23. Shape position case Suppose f i = � D − 1 k = 0 c i , k x k 1 ( for i = 2 , . . . , n ) Recover f 2 , . . . , f n : constructing linear equations NormalForm ( x i − � D − 1 k = 0 c i , k x k 1 ) = 0 ⇓ 1 T i 1 = � D − 1 T j k = 0 c i , k ∙ T j 1 T k 1 1 ⇓ 1 T i 1 � = � D − 1 � r , T j k = 0 c i , k ∙ � r , T k + j 1 � , j = 0 , . . . , D − 1 1 � 1 ) j r , T i 1 � = � D − 1 � ( T t k = 0 c i , k ∙ � ( T t 1 ) k + j r , 1 � , j = 0 , . . . , D − 1   � ( T t 1 ) 0 r , 1 � � ( T t 1 ) 1 r , 1 � � ( T t 1 ) D − 1 r , 1 �   ∙ ∙ ∙ � r , T i 1 �   � ( T t 1 ) 1 r , 1 � � ( T t 1 ) 2 r , 1 � � ( T t 1 ) D r , 1 � ∙ ∙ ∙     . . H = , b =     . . . ... . . . .   . . . � ( T t 1 ) D − 1 r , T i 1 � � ( T t 1 ) D − 1 r , 1 � � ( T t 1 ) D r , 1 � � ( T t 1 ) 2 D − 2 r , 1 � ∙ ∙ ∙

  24. Shape position case Solve: H c i = b with c i = t [ c i , 0 , . . . , c i , D − 1 ]  � � � �  � ( T t 1 ) 0 r , 1 � ( T t 1 ) 1 r , 1 ( T t 1 ) D − 1 r , 1 ∙ ∙ ∙ � �   ( T t 1 ) 1 r , 1 � ( T t 1 ) 2 r , 1 � � ( T t 1 ) D r , 1 � ∙ ∙ ∙   H =  . . .  ... . . .   . . . � � ( T t 1 ) D − 1 r , 1 � ( T t 1 ) D r , 1 � � ( T t 1 ) 2 D − 2 r , 1 � ∙ ∙ ∙ Matrix H is a Hankel matrix:

  25. Shape position case Solve: H c i = b with c i = t [ c i , 0 , . . . , c i , D − 1 ]  � � � �  � ( T t 1 ) 0 r , 1 � ( T t 1 ) 1 r , 1 ( T t 1 ) D − 1 r , 1 ∙ ∙ ∙ � �   ( T t 1 ) 1 r , 1 � ( T t 1 ) 2 r , 1 � � ( T t 1 ) D r , 1 � ∙ ∙ ∙   H =  . . .  ... . . .   . . . � � ( T t 1 ) D − 1 r , 1 � ( T t 1 ) D r , 1 � � ( T t 1 ) 2 D − 2 r , 1 � ∙ ∙ ∙ Matrix H is a Hankel matrix: Its construction is free: s = [ � r , T i 1 1 � = � ( T t 1 ) i r , 1 � : i = 0 , . . . , ( 2 D − 2 )] It is invertible: relationship between linear recurring sequences and Hankel matrices [Jonckheere and Ma 1989] Solving efficiently H x = b : complexity O ( D log 2 ( D )) [Brent, Gustavson, and Yun 1980] .

  26. Shape position case Solve: H c i = b with c i = t [ c i , 0 , . . . , c i , D − 1 ]  � � � �  � ( T t 1 ) 0 r , 1 � ( T t 1 ) 1 r , 1 ( T t 1 ) D − 1 r , 1 ∙ ∙ ∙ � �   ( T t 1 ) 1 r , 1 � ( T t 1 ) 2 r , 1 � � ( T t 1 ) D r , 1 � ∙ ∙ ∙   H =  . . .  ... . . .   . . . � � ( T t 1 ) D − 1 r , 1 � ( T t 1 ) D r , 1 � � ( T t 1 ) 2 D − 2 r , 1 � ∙ ∙ ∙ Matrix H is a Hankel matrix: Its construction is free: s = [ � r , T i 1 1 � = � ( T t 1 ) i r , 1 � : i = 0 , . . . , ( 2 D − 2 )] It is invertible: relationship between linear recurring sequences and Hankel matrices [Jonckheere and Ma 1989] Solving efficiently H x = b : complexity O ( D log 2 ( D )) [Brent, Gustavson, and Yun 1980] . Construction of � ( T t 1 ) j r , T i 1 � is also free: v is also free.

  27. Shape position case Total complexity for ideals in shape position O ( D (# T 1 + n log ( D ))) : # T 1 the number of nonzero entries in T 1 compared with O ( nD 3 ) for FGLM computing the minimal polynomial of T 1 .

  28. Shape position case Total complexity for ideals in shape position O ( D (# T 1 + n log ( D ))) : # T 1 the number of nonzero entries in T 1 compared with O ( nD 3 ) for FGLM computing the minimal polynomial of T 1 . Random polynomial systems √ n D 2 + n − 1 n be fixed / d → + ∞ : the complexity is O ( 1 n )

  29. General case (non shape position) Define a n -dimensional mapping E : Z n ≥ 0 − → K as → � r , T s 1 1 ∙ ∙ ∙ T s n ( s 1 , . . . , s n ) �− n 1 � .

  30. General case (non shape position) Define a n -dimensional mapping E : Z n ≥ 0 − → K as → � r , T s 1 1 ∙ ∙ ∙ T s n ( s 1 , . . . , s n ) �− n 1 � . According to FGLM, a polynomial f = x l + � c l x s in G 2 is c s s � = l determined by � c s T s 1 1 ∙ ∙ ∙ T s n n 1 = 0 . s � Can be found using BMS:

  31. General case (non shape position) Define a n -dimensional mapping E : Z n ≥ 0 − → K as → � r , T s 1 1 ∙ ∙ ∙ T s n ( s 1 , . . . , s n ) �− n 1 � . According to FGLM, a polynomial f = x l + � c l x s in G 2 is c s s � = l determined by � c s T s 1 1 ∙ ∙ ∙ T s n n 1 = 0 . s � Can be found using BMS: Sparse matrix = ⇒ Wiedemann algorithm = ⇒ Berlekamp–Massey = ⇒ BMS (from Coding Theory) multi-dimensional generalization of Berlekamp–Massey algorithm [Sakata 1988 & 1990; Saints and Heegard 2002]

  32. Main Algorithm General Algorithm Input : T 1 , . . . , T n Construct the linearly recurring sequence s Compute ˜ f with BM deg( ˜ f ) = D ? Yes No Recover f 2 , . . . , f n Compute F with BMS End F = G 2 ? Yes No End Compute G 2 with FGLM End Deterministic algorithm

  33. Fast FGLM If the matrices are not sparse ...(with P. Gaudry, L. Huot and G. Renault) In the shape position case: we can apply the same algorithm. All wee need is to compute efficiently: 1 r , T ′ 2 r , ∙ ∙ ∙ , T ′ 2 D − 1 r with T ′ T ′ 1 = T t 1 1 1 1

  34. Fast FGLM If the matrices are not sparse ...(with P. Gaudry, L. Huot and G. Renault) In the shape position case: we can apply the same algorithm. All wee need is to compute efficiently: 1 r , T ′ 2 r , ∙ ∙ ∙ , T ′ 2 D − 1 r with T ′ T ′ 1 = T t 1 1 1 1 [Keller-Gehrig]: assuming that we can multiply two n × n matrices in O ( n ω ) operations (with ω < 3 ) . First we compute: 2 k with k = 1 + [ log 2 ( D )] 2 , T ′ 4 , T ′ 8 , ...., T ′ T ′ 1 , T ′ 1 1 1 1

  35. Fast FGLM If the matrices are not sparse ...(with P. Gaudry, L. Huot and G. Renault) In the shape position case: we can apply the same algorithm. All wee need is to compute efficiently: 1 r , T ′ 2 r , ∙ ∙ ∙ , T ′ 2 D − 1 r with T ′ T ′ 1 = T t 1 1 1 1 [Keller-Gehrig]: assuming that we can multiply two n × n matrices in O ( n ω ) operations (with ω < 3 ) . First we compute: 2 k with k = 1 + [ log 2 ( D )] 2 , T ′ 4 , T ′ 8 , ...., T ′ T ′ 1 , T ′ 1 1 1 1 Then : 3 r , T ′ 2 r ) = T ′ 2 ( T ′ ( T ′ 1 r , r ) 1 1 1 7 r , T ′ 6 r , T ′ 5 r , T ′ 4 r ) = T ′ 4 ( T ′ 3 r , T ′ 2 r , T ′ ( T ′ 1 r , r ) 1 1 1 1 1 1 1 ∙ ∙ ∙

  36. Fast FGLM If the matrices are not sparse ...(with P. Gaudry, L. Huot and G. Renault) In the shape position case: we can apply the same algorithm. All wee need is to compute efficiently: 1 r , T ′ 2 r , ∙ ∙ ∙ , T ′ 2 D − 1 r with T ′ T ′ 1 = T t 1 1 1 1 [Keller-Gehrig]: assuming that we can multiply two n × n matrices in O ( n ω ) operations (with ω < 3 ) . First we compute: 2 k with k = 1 + [ log 2 ( D )] 2 , T ′ 4 , T ′ 8 , ...., T ′ T ′ 1 , T ′ 1 1 1 1 Then : 3 r , T ′ 2 r ) = T ′ 2 ( T ′ ( T ′ 1 r , r ) 1 1 1 7 r , T ′ 6 r , T ′ 5 r , T ′ 4 r ) = T ′ 4 ( T ′ 3 r , T ′ 2 r , T ′ ( T ′ 1 r , r ) 1 1 1 1 1 1 1 ∙ ∙ ∙ using only matrix multiplications in O ( log ( D ) D ω ) operations.

  37. Fast FGLM with P. Gaudry, L. Huot and G. Renault Theorem Let G DRL be the DRL Gröbner basis of an ideal I in shape position. Given T 1 the multiplication matrix w.r.t. x 1 , computing the LEX Gröbner basis of I can be done in � O ( n D + D ω ) .

  38. Fast FGLM with P. Gaudry, L. Huot and G. Renault Theorem Let G DRL be the DRL Gröbner basis of an ideal I in shape position. Given T 1 the multiplication matrix w.r.t. x 1 , computing the LEX Gröbner basis of I can be done in � O ( n D + D ω ) . ☞ Theoretical/Practical Bottleneck: building the matrix T 1

  39. Fast FGLM with P. Gaudry, L. Huot and G. Renault Theorem Let G DRL be the DRL Gröbner basis of an ideal I in shape position. Given T 1 the multiplication matrix w.r.t. x 1 , computing the LEX Gröbner basis of I can be done in � O ( n D + D ω ) . ☞ Theoretical/Practical Bottleneck: building the matrix T 1 Generic Systems: T 1 can be obtained in 0 arithmetic operations. Non generic case: perform a random linear change of coordinates (Heuristic)

  40. New Strategy I F 4 , F 5 G DRL Easy to build T 1 ? Randomization NO M L G F S I ′ E t s Y a F F 4 , F 5 G ′ ⇒ T ′ DRL = 1 G LEX Fast FGLM G ′ LEX

  41. Experiments G DRL D Density Build T 1 (Build T 1 + Fast FGLM) 2 16 Random n = 16 18 . 3 % 228.6s 55410 s + 15005.3 s 2 . 0 % Cyclic 7 924 0.00s G DRL +0.04 s Cyclic 10 31990 1 . 0 % 5.67s G DRL + 525.5 s Edwards n = 4 S n + T 2 27 . 6 % 512 0.4 s 0.1 s + 0.42 s Edwards n = 4 S n + T 2 (rnd) 512 19 . 4 % 0.0 s 0.1 s + 0.02 s 2 16 Edwards n = 5 S n + T 2 > 2 days 11228 . 2 s + > 2 days 2 16 Edwards n = 5 S n + T 2 (rnd) 9 . 3 % 11.6 s 11228.2 s+7865.7 s 2 11 Bad Example, n = 11 31 . 9 % 7520.9s 0s + 7543.5s 2 11 Bad Example, n = 11 (rnd) 21 . 5 % 0.15s 5.0s + 0.2s 2 16 Bad Example, n = 16 > 2 days 0 s + > 2 days 2 16 Bad Example, n = 16 (rnd) 19 . 8 % 195.0s 38066.5 s + 14492.2 s 2 12 Eco 14 11 . 5 % 1100.1 s 926.7 s + 1102.5 s 2 12 Eco 14 (rnd) 26 . 4 % 0.1 s 926.7 s + 2.0s

  42. Multi-core implementation Two parallel versions: Using Openmp Using pthreads ☞ have to rewrite the generation of the matrix T 1 ! Comparing original C-code (Issac 2011) and the new code: D % Magma Singular C C+SSE 4096 21.2% 1408s 2623.5s 18.1s 0.73s Katsura 12

  43. Multi-core implementation Two parallel versions: Using Openmp Using pthreads ☞ have to rewrite the generation of the matrix T 1 ! Comparing original C-code (Issac 2011) and the new code: D % Magma Singular C C+SSE 4096 21.2% 1408s 2623.5s 18.1s 0.73s Katsura 12 6859 3.50% 1084s 8248s 15.3s 0.74s Random(n=3,d=19)

  44. Multi-core implementation Two parallel versions: Using Openmp Using pthreads ☞ have to rewrite the generation of the matrix T 1 ! Comparing original C-code (Issac 2011) and the new code: D % Magma Singular C C+SSE 4096 21.2% 1408s 2623.5s 18.1s 0.73s Katsura 12 6859 3.50% 1084s 8248s 15.3s 0.74s Random(n=3,d=19) More important: we can solve systems with D � 2 16 solutions. ☞ Next Talk

  45. Part II Complexity of computing Gröbner bases.

  46. Structured systems : several applications in Crypto [F .,Perret,Safey,Spaenlehauer,Bettale] [F.,Otmani,Perret,Tillich, EC] [Gaudry, F.,Huot,Renault] [F ., Lubicz, Robert, JA] Computing DLP Error Correcting Multivariate modular Elliptic Public Key Codes correspondences Crypto curves for Abelian Edwards or F 2 Varieties HFE McEliece Curves Curves Takes advantage Multi-Homogeneous of the symmetries Systems of the system to speed up the resolution

  47. Main results/examples Motivation to use the structure ! For (regular) quadratic systems: Overdetermined systems: n variables Semi-regular [Bardet, F.,Salvy] m = c n α equations � Sub Exponential if 1 < α < 2 − → if α = 2 Polynomial

  48. Main results/examples Motivation to use the structure ! For (regular) quadratic systems: Overdetermined systems: n variables Semi-regular [Bardet, F.,Salvy] m = c n α equations � Sub Exponential if 1 < α < 2 − → if α = 2 Polynomial Use the fact that we are over F q : ◮ [Bettale, F .,Perret, JMC] : Hybrid Method direct Gröbner basis approach ∼ 2 1 . 8 n hybrid approach UOV q = 2 8 , n = 60 security 2 160 → 2 76 (Gröbner) → 2 59

  49. Motivation Bilinear systems: � f i ( X , Y ) = c i , x , y x y where n = # X + # Y x ∈ X , y ∈ Y � n � ≪ 2 n � complexity is polynomial in #Solutions = # X [JSC2011,F.,Safey El Din, Spaenlehauer] Applications: ◮ MinRank/HFE: [Crypto 2008] 328233s − → [Issac 2010] 935s ◮ Challenge A 20 (Variant of McEliece): 24 hours (Magma) − → 0 . 05 sec [EC2010, F., Otmani,] Perret, Tillich]

  50. Motivation Bilinear systems: � f i ( X , Y ) = c i , x , y x y where n = # X + # Y x ∈ X , y ∈ Y � n � ≪ 2 n � complexity is polynomial in #Solutions = # X [JSC2011,F.,Safey El Din, Spaenlehauer] Applications: ◮ MinRank/HFE: [Crypto 2008] 328233s − → [Issac 2010] 935s ◮ Challenge A 20 (Variant of McEliece): 24 hours (Magma) − → 0 . 05 sec [EC2010, F., Otmani,] Perret, Tillich] Use the symmetries: ◮ [JA, F.,Lubicz,Robert] : the action of the automorphisms of the theta group > 24 hours − → 0.1 sec ◮ [F.,Huot, Renault] symmetries related to twisted Edwards Curves this talk ! � divides by 2 n − 1 the number of solutions/complexity untractable system − → 4h25min

  51. Complexity: introduction The goal is to bound the maximal degree of the polynomials during the computation. Theorem Gröbner basis of the ideal I generated by ( f 1 , . . . , f m ) for a graded monomial ordering up to degree D in � � n + D − 1 � ω � , as D → ∞ O m D D where ω is the exponent in the complexity of the matrix product over K . Goal: bound D � d max

  52. Complexity of (overdetermined) systems with M. Bardet and B. Salvy F 5 Criterion: t f j is in the matrix if t / ∈ Id ( LT < ( G j − 1 )) , where G j − 1 is a Gröbner basis of { f 1 , . . . , f j − 1 } . R d , i ( n ) number of rows in the matrix generated by F 5 when computing a Gröbner basis of [ f 1 , . . . , f i ] in degree d .

  53. Induction When d ≥ 2 : i − 1 � R d , i ( n ) = i ∙ M d − 2 ( n ) − R d − 2 , j ( n ) � �� � j = 1 � �� � number of monomials F 5 criterion degree ≤ d − 2

  54. Induction When d ≥ 2 : i − 1 + δ K , F 2 � R d , i ( n ) = i ∙ M d − 2 ( n ) − R d − 2 , j ( n ) � �� � j = 1 � �� � number of monomials F 5 criterion degree ≤ d − 2

  55. End of the computation #col = M d ( n )   Matrix   #row = R d , m ( n )   generated by F5

  56. End of the computation #col = M d ( n )   Matrix   #row = R d , m ( n )   generated by F5

  57. End of the computation #col = M d ( n )   Matrix   #row = R d , m ( n )   generated by F5 � When h d , m ( n ) = # col − # row = 0 this end of the computation ! � we found d max

  58. Generating series Theorem f i of degree d i semi-regular, i = 1 , . . . , m finite field F q then � � � � n H m = � ∞ � m 1 − ( 1 − δ K , F 2 ) z di 1 − δ K , F 2 z 2 d = 0 h d , m z d = 1 + δ K , F 2 z di 1 − z i = 1

  59. Generating series Theorem f i of degree d i semi-regular, i = 1 , . . . , m finite field F q then � � � � n H m = � ∞ � m 1 − ( 1 − δ K , F 2 ) z di 1 − δ K , F 2 z 2 d = 0 h d , m z d = 1 + δ K , F 2 z di 1 − z i = 1 Theorem (Particular case) d i = 2 , F 2 , n = m semi-regular equations: � 1 + z � n ∞ � h d , n z d = 1 + z 2 d = 0

  60. Generating series Theorem (Particular case) d i = 2 , F 2 , n = m semi-regular equations: � 1 + z � n ∞ � h d , n z d = 1 + z 2 d = 0 Example F 2 , n = m = 50 semi-regular quadratic equations � � 50 = 1 + 50 z + 1175 z 2 + 17100 z 3 + 170325 z 4 + 1202510 z 5 1 + z 1 + z 2 + 5915475 z 6 + 17831400 z 7 + 9196475 z 8 − 205886050 z 9 � z 10 � + O ☞ Hence the maximal degree occurring in the computation is 9 .

  61. Asymptotic estimate biggest real root of � 1 + z � n � 1 dz h d , n = 1 + z 2 z d + 1 2 i π C 1 λ 0 n − λ 1 1 3 + O ( 1 d n = n 3 ) 4 1 n 3 λ 0 1 n 3 + O ( 1 d n ≈ 11 . 11360 + 1 . 0034n 3 ) 1 n � √ √ 3 ≈ 11 . 13 where λ 0 = 3 / 2 3 + 5 / 2 + 1 / 2 72 + 42 the expression of λ 1 contains the biggest real root of the Airy function (solution of ∂ 2 y ∂ z 2 − zy = 0) The formula is almost exact when n ≥ 3 !

  62. Maximal degree 16 Maximal Degree in the Gröbner basis computation random system 14 12 10 8 6 HFE 128<d<513 HFE 16<d<129 4 HFE 3<d<17 2 n 0 01 02 03 04 05 06 07 08 09 0 100

  63. Complexity of overdetermined systems Some examples n variables, K any field m equations (semi-regular) of degree d : Under regularity assumption: Specifications d max d = 2 , m = n n+1

  64. Complexity of overdetermined systems Some examples n variables, K any field m equations (semi-regular) of degree d : Under regularity assumption: Specifications d max d = 2 , m = n n+1 n + 1 d = 2 , m = n + 1 2

  65. Complexity of overdetermined systems Some examples n variables, K any field m equations (semi-regular) of degree d : Under regularity assumption: Specifications d max d = 2 , m = n n+1 n + 1 d = 2 , m = n + 1 2 n d = 2 , m = 2 n 11 . 63

  66. Complexity of overdetermined systems Some examples n variables, K any field m equations (semi-regular) of degree d : Under regularity assumption: Specifications d max d = 2 , m = n n+1 n + 1 d = 2 , m = n + 1 2 n d = 2 , m = 2 n 11 . 63 n d = 2 , m = 5 n 35 . 71 n d = 2 , m = 10 n 76 . 92

  67. Complexity of overdetermined systems Some examples n variables, K any field m equations (semi-regular) of degree d : Under regularity assumption: Specifications d max d = 2 , m = n n+1 n + 1 d = 2 , m = n + 1 2 n d = 2 , m = 2 n 11 . 63 n d = 2 , m = 5 n 35 . 71 n d = 2 , m = 10 n 76 . 92 d = α n , m = 2 n α n if α < 0 . 29

  68. Complexity: overdetermined systems k is a constant (does not depend on n ). d i total degree of f i . Under regularity assumption: m Degree d max m ≤ n K , d i = 2 m + 1 ( Macaulay bound) n + 1 � m ≤ n K 1 + ( d i − 1 ) ( Macaulay bound) i = 1 � m m n + k K , d i = 2 2 − h k , 1 2 + o ( 1 ) � n + k � n + k � d 2 i − 1 d i − 1 n + k K − h k , 1 + o ( 1 ) 2 6 i = 1 i = 1 � � 1 3 − 1 . 47 + 1 . 71 n − 1 n − 2 n 3 + O 2 n K , d i = 2 11 . 6569 + 1 . 04 n 3 � 1 − a 1 ( k − 1 3 + O ( 1 ) k n K , d i = 2 2 − k ( k − 1 )) n + 6 n 1 2 ( k ( k − 1 )) 3 − 1 . 58 + O ( n − 1 1 n 3 ) n F 2 , d i = 2 11 . 1360 + 1 . 0034 n � � � k n F 2 , d i = 2 − k + 1 2 + 1 � 2 k ( k − 5 ) − 1 + 2 ( k + 2 ) k ( k + 2 ) n 2

  69. Classification Classification: m number of polynomials, n number of variables Complexity m = cste n single exponential m = cste n α sub exponential m = cste n 2 polynomial

  70. Bilinear Equations in Algebraic Attacks: Motivation Powerful attack somewhat similar to Lattice attacks: we consider k vectors v i = [ . . . , v i , j , . . . ] with v i , j ∈ Z Try to find: ( λ 1 , . . . , λ k ) ∈ Z k such that k � λ i v i is small i = 1

  71. Bilinear Equations in Algebraic Attacks: Motivation Powerful attack somewhat similar to Lattice attacks: we consider k vectors v i = [ . . . , v i , j , . . . ] with v i , j ∈ Z Try to find: ( λ 1 , . . . , λ k ) ∈ Z k such that k � λ i v i is small i = 1 using LLL : find a ≈ small vector in Polynomial Time

  72. Bilinear Equations in Algebraic Attacks: Motivation For k quadratic multivariate polynomials f i ∈ K [ x 1 , . . . , x n ] : � ∂ 2 f l � f l �→ H ( f l ) = M l = matrix representation of f i ∂ x i ∂ x j 1 � i , j � n Try to find: ( λ 1 , . . . , λ k ) ∈ K k such that: k � λ i M i is “small” i = 1

  73. Bilinear Equations in Algebraic Attacks: Motivation For k quadratic multivariate polynomials f i ∈ K [ x 1 , . . . , x n ] : � ∂ 2 f l � f l �→ H ( f l ) = M l = matrix representation of f i ∂ x i ∂ x j 1 � i , j � n Try to find: ( λ 1 , . . . , λ k ) ∈ K k such that: k � λ i M i is of small rank i = 1

  74. Bilinear Equations in Algebraic Attacks: Motivation For k quadratic multivariate polynomials f i ∈ K [ x 1 , . . . , x n ] : � ∂ 2 f l � f l �→ H ( f l ) = M l = matrix representation of f i ∂ x i ∂ x j 1 � i , j � n Try to find: ( λ 1 , . . . , λ k ) ∈ K k such that: k � λ i M i is of rank r Minrank Problem i = 1

  75. Bilinear Equations in Algebraic Attacks: Motivation For k quadratic multivariate polynomials f i ∈ K [ x 1 , . . . , x n ] : � ∂ 2 f l � f l �→ H ( f l ) = M l = matrix representation of f i ∂ x i ∂ x j 1 � i , j � n Try to find: ( λ 1 , . . . , λ k ) ∈ K k such that: k � λ i M i is of rank r Minrank Problem i = 1 That is to say: in some basis � k i = 1 λ i f i depends only on r variables.

  76. Two algebraic modelings: structured equations M = M 0 − � k i = 1 λ i M i . The Kipnis-Shamir modeling The minors modeling Rank ( M ) ≤ r ⇔ ∃ x ( 1 ) , . . . , x ( m − r ) ∈ Ker ( M ) . Rank ( M ) ≤ r �  I m − r  all minors of size ( r + 1 ) of M vanish.       M ∙ x ( 1 ) x ( m − r ) = 0 .   1 1  . . .  . . .   � m � 2 equations of degree r + 1. . . .   . . .   r + 1   x ( 1 ) x ( m − r ) k variables. r r . . . Few variables, lots of equations, high m ( m − r ) bilinear equations. degree !! k + r ( m − r ) variables. Applications of bilinear equations in Crypto: Cryptanalysis of HFE and MinRank [CRYPTO’08, ISSAC’10, PKC’11]. Cryptanalysis of McEliece [EUROCRYPT’10].

  77. Bilinear systems joint work with M. Safey El Din and PJ Spaenlehauer F = ( f 1 , . . . , f m ) : system of homogeneous bilinear equations . � f i ( X , Y ) = c i , x , y x y where n = # X + # Y x ∈ X , y ∈ Y     ∂ f 1 ∂ f 1 ∂ f 1 ∂ f 1 . . . . . . ∂ y 0 ∂ y ny ∂ x 0 ∂ x nx     . . . . . .     . . . . . . jac X ( F i ) = jac Y ( F i ) = . . . . . .     ∂ f i ∂ f i ∂ f i ∂ f i . . . . . . ∂ x 0 ∂ x nx ∂ y 0 ∂ y ny Euler relations � � ∂ f ∂ f f = x j = y j . ∂ x j ∂ y j       f 1 x 0 y 0       . . . . . .  = jac X ( F i ) ∙  = jac Y ( F i ) ∙     . . . f i x n x y n y

  78. Trivial Syzygies of Bilinear Systems An example with small parameters: n x = n y = 2 , m = 4 We rewrite the usual trivial syzygie as: � � � � f 1 f 2 � � 0 = f 2 f 1 − f 1 f 2 = � � f 1 f 2

Recommend

Grbner Bases. Applications in Cryptology Algorithms Buchberger and Macaulay Ecient

Grbner Bases. Applications in Cryptology Algorithms Buchberger and Macaulay Ecient

Grbner - Crypto J.-C. Faugre Plan Grbner bases: properties Zero dim solve Grbner Bases. Applications in Cryptology Algorithms Buchberger and Macaulay Ecient Algorithms F 5 algorithm Jean-Charles Faugre Complexity result

2.52k views • 183 slides
Grbner Bases. Applications in Cryptology Description of the Cipher Families Feistel cipher:

Grbner Bases. Applications in Cryptology Description of the Cipher Families Feistel cipher:

Grbner - Crypto J.-C. Faugre Plan Grbner bases: properties Grbner Bases. Applications in Cryptology Description of the Cipher Families Feistel cipher: FLURRY Feistel cipher modelling Jean-Charles Faugre Algorithms Buchberger

694 views • 57 slides
Cryptology Cryptology = Cryptography + Cryptanalysis Usage: SSL/TLS, ssh, gpg GSM, Wifi,

Cryptology Cryptology = Cryptography + Cryptanalysis Usage: SSL/TLS, ssh, gpg GSM, Wifi,

An introduction to Cryptology 1 2015/03/ EMA, Franceville, Gabon Damien Robert quipe LFANT, Inria Bordeaux Sud-Ouest Institut de Mathmatiques de Bordeaux quipe MACISA, Laboratoire International de Recherche en Informatique et

809 views • 61 slides
Security building blocks: cryptology Markus Peuhkuri 2005-02-08 Lecture topics Cryptology

Security building blocks: cryptology Markus Peuhkuri 2005-02-08 Lecture topics Cryptology

Security building blocks: cryptology Markus Peuhkuri 2005-02-08 Lecture topics Cryptology Encryption Secure hash Security and cryptology Information security = crypto? A significant art by

422 views • 7 slides
Acids and Bases List as many things that you can about acids or bases in 15 seconds. Share

Acids and Bases List as many things that you can about acids or bases in 15 seconds. Share

Acids and Bases List as many things that you can about acids or bases in 15 seconds. Share with table mates. List brainstorm Make foldable Science Definitions Acids: Link to vid Hydronium Bases: pH: pH scale

162 views • 15 slides
Information Transmission Chapter 6 Cryptology OVE EDFORS ELECTRICAL AND INFORMATION TECHNOLOGY

Information Transmission Chapter 6 Cryptology OVE EDFORS ELECTRICAL AND INFORMATION TECHNOLOGY

1 Information Transmission Chapter 6 Cryptology OVE EDFORS ELECTRICAL AND INFORMATION TECHNOLOGY Learning outcomes After this lecture the student should undertand what cryptology is and how it is used, be familiar with the crypto

307 views • 18 slides
Introduction to Cryptology Laboratory for cryptologic algorithms Arjen K. Lenstra What is

Introduction to Cryptology Laboratory for cryptologic algorithms Arjen K. Lenstra What is

Introduction to Cryptology Laboratory for cryptologic algorithms Arjen K. Lenstra What is Cryptology? The art and science of secret writing What this talk could be: ------------------------------------

959 views • 59 slides
Understanding Tax Bases Staff Presentation July 20, 2005 Clean Tax Bases What is in the

Understanding Tax Bases Staff Presentation July 20, 2005 Clean Tax Bases What is in the

1 Understanding Tax Bases Staff Presentation July 20, 2005 Clean Tax Bases What is in the tax base? o There are numerous deductions, credits and exclusions in the current code Many are designed to make system more progressive

723 views • 45 slides
Acids and Bases Slide 3 / 208 Table of Contents: Acids and Bases Click on the topic to go to

Acids and Bases Slide 3 / 208 Table of Contents: Acids and Bases Click on the topic to go to

Slide 1 / 208 Slide 2 / 208 Acids and Bases Slide 3 / 208 Table of Contents: Acids and Bases Click on the topic to go to that section Properties of Acids and Bases Conjugate Acid and Base Pairs Amphoteric Substances Strong Acids

1.37k views • 99 slides
Acids and Bases Slide 3 / 208 Table of Contents: Acids and Bases Click on the topic to go to

Acids and Bases Slide 3 / 208 Table of Contents: Acids and Bases Click on the topic to go to

Slide 1 / 208 Slide 2 / 208 Acids and Bases Slide 3 / 208 Table of Contents: Acids and Bases Click on the topic to go to that section Properties of Acids and Bases Conjugate Acid and Base Pairs Amphoteric Substances Strong Acids

1.01k views • 70 slides
Wind Turbine Bases Agenda 1. CSIC Who we are and what we do. 2. Wind Turbine Bases

Wind Turbine Bases Agenda 1. CSIC Who we are and what we do. 2. Wind Turbine Bases

Research on Options for Wind Turbine Bases Agenda 1. CSIC Who we are and what we do. 2. Wind Turbine Bases Understanding the Problem. 3. Collaborative Approach Working together to develop solutions. 4. Next Steps For the project, and CSIC.

389 views • 25 slides
PBIBD and its applications in Cryptology Bimal Roy Indian Statistical Institute www.isical.ac.in/

PBIBD and its applications in Cryptology Bimal Roy Indian Statistical Institute www.isical.ac.in/

PBIBD and its applications in Cryptology Bimal Roy Indian Statistical Institute www.isical.ac.in/ bimal In this talk ... We will first describe the combinatorial framework of PBIBD And then proceed to show its applications in Cryptology 1.

578 views • 29 slides
A New Publication Model for FSE: IACR Transactions on Symmetric Cryptology (ToSC) Bart Preneel

A New Publication Model for FSE: IACR Transactions on Symmetric Cryptology (ToSC) Bart Preneel

Rump Session 2016 A New Publication Model for FSE: IACR Transactions on Symmetric Cryptology (ToSC) Bart Preneel COSIC KU Leuven and iMinds FSE ToSC Fast Software Encryption IACR Transactions on Symmetric Cryptology =

303 views • 5 slides
Acids and Bases List as many things that you can about acids or bases in 15 seconds. Share

Acids and Bases List as many things that you can about acids or bases in 15 seconds. Share

Acids and Bases List as many things that you can about acids or bases in 15 seconds. Share with table mates. List brainstorm Acids All acid formulas start with hydrogen Look for the pattern on the next slide Patterns? HCl

350 views • 12 slides
Bases: Sodium Acetate Example 10 -3 M in 1 L 1. List all species present Five total H + ,

Bases: Sodium Acetate Example 10 -3 M in 1 L 1. List all species present Five total H + ,

CEE 680 Lecture #10 2/5/2020 Print version Updated: 5 February 2020 Lecture #10 Acids &amp; Bases: Analytical Solutions with simplifying assumptions IV (Stumm &amp; Morgan, Chapt.3 ) (Benjamin, Chapt. 4) David Reckhow CEE 680 #10 1 Bases:

487 views • 5 slides
Bases Martian base CS Basics 1) Bases 2, 4, 8, 16, etc. Octal Emmanuel Benoist

Bases Martian base CS Basics 1) Bases 2, 4, 8, 16, etc. Octal Emmanuel Benoist

Bases Martian base CS Basics 1) Bases 2, 4, 8, 16, etc. Octal Emmanuel Benoist Hexadecimal Conversions Fall Term 2016-17 Arithmetic in hexadecimal Binary Hex as shorthand for binary Berner Fachhochschule | Haute cole

364 views • 12 slides
(Types A-D) gl ( m | n )

(Types A-D) gl ( m | n )

Motivation Quantum Supergroups of Basic Type Lyndon Theory PBW Bases Canonical Bases Representation Theory C ANONICAL BASES AND QUANTUM SHUFFLE SUPERALGEBRAS OF BASIC TYPE Sean Clark University of Virginia (joint with David Hill and

512 views • 34 slides
G -bases in free objects of Topological Algebra (Local) -bases in topological and uniform

G -bases in free objects of Topological Algebra (Local) -bases in topological and uniform

G -bases in free objects of Topological Algebra (Local) -bases in topological and uniform spaces Taras Banakh and Arkady Leiderman Lviv &amp; Kielce Prague, 29 July 2016 T.Banakh G -bases in free objects of Topological Algebra (Local)

1.48k views • 102 slides
Message authentication and cryptographic hashing 2MMC10 Cryptology Andreas H ulsing

Message authentication and cryptographic hashing 2MMC10 Cryptology Andreas H ulsing

Message authentication and cryptographic hashing 2MMC10 Cryptology Andreas H ulsing September 20, 2018 A. H ulsing 2MMC10 Cryptology 1 / 12 Message authentication Sometimes we want more than secrecy! Acknowledgement of receipt,

262 views • 22 slides
Acids and Bases Slide 3 / 208 Slide 4 / 208 Table of Contents: Acids and Bases Click on the

Acids and Bases Slide 3 / 208 Slide 4 / 208 Table of Contents: Acids and Bases Click on the

Slide 1 / 208 Slide 2 / 208 Acids and Bases Slide 3 / 208 Slide 4 / 208 Table of Contents: Acids and Bases Click on the topic to go to that section Properties of Acids and Bases Properties of Conjugate Acid and Base Pairs Acids and

517 views • 50 slides
Thinking Like a Chemist About Acids and Bases UNIT 6 DAY 5 What are we going to learn today?

Thinking Like a Chemist About Acids and Bases UNIT 6 DAY 5 What are we going to learn today?

Thinking Like a Chemist About Acids and Bases UNIT 6 DAY 5 What are we going to learn today? Thinking Like a Chemist in the Context of the Chemical Equilibrium Acids and Bases Dredge up what you know about acids/bases Weak Acids/Weak Bases

434 views • 11 slides
Bushwhacking your way around a bootloader Rebecca &quot;.bx&quot; Shapiro 2018.11.16 Tools and

Bushwhacking your way around a bootloader Rebecca &quot;.bx&quot; Shapiro 2018.11.16 Tools and

Bushwhacking your way around a bootloader Rebecca &quot;.bx&quot; Shapiro 2018.11.16 Tools and techniques for traversing treacherous code bases -or- How I managed to develop understanding of U-Boot Blackhoodie Berlin 1 / 33 whoami Dr. .bx

864 views • 69 slides
Thinking Like a Chemist About Equilibrium &amp; Acids and Bases UNIT 6 DAY 8 RAQ What are we

Thinking Like a Chemist About Equilibrium &amp; Acids and Bases UNIT 6 DAY 8 RAQ What are we

Thinking Like a Chemist About Equilibrium &amp; Acids and Bases UNIT 6 DAY 8 RAQ What are we going to learn today? REVIEW Equilibrium Behavior of Acids/Bases: Aqueous Solutions Neutralization Reactions IMPORTANT INFORMATION Class

451 views • 19 slides
Foundations I Fall, 2016 Ionic Bases of Cellular Potentials Ionic Bases of Cellular Potentials

Foundations I Fall, 2016 Ionic Bases of Cellular Potentials Ionic Bases of Cellular Potentials

Foundations I Fall, 2016 Ionic Bases of Cellular Potentials Ionic Bases of Cellular Potentials All living cells have membrane potentials The resting membrane potential comes about from an unequal distribution of permeant ions inside and

753 views • 53 slides

More recommend