how to eat your entropy and have it too recovering from
play

How to Eat Your Entropy and Have It Too (Recovering from - PowerPoint PPT Presentation

Nov 03, 2022 •315 likes •1.2k views

How to Eat Your Entropy and Have It Too (Recovering from compromise) Yevgeniy Dodis Adi Shamir Noah Stephens-Davidowitz Daniel Wichs Our Goal Our Goal Our Goal Our Goal How Does TCC Build a PRG? How Does TCC Build a PRG? PRG S 0 S 1 R

  1. How to Eat Your Entropy and Have It Too (Recovering from compromise) Yevgeniy Dodis Adi Shamir Noah Stephens-Davidowitz Daniel Wichs

  2. Our Goal

  3. Our Goal

  4. Our Goal

  5. Our Goal

  6. How Does TCC Build a PRG?

  7. How Does TCC Build a PRG? PRG S 0 S 1 R 0

  8. How Does TCC Build a PRG? PRG PRG S 2 S 0 S 1 R 1 R 0

  9. How Does TCC Build a PRG? PRG PRG PRG S 2 S 3 S 0 S 1 R 1 R 2 R 0

  10. How Does TCC Build a PRG? PRG PRG PRG S 2 S 3 S 0 S 1 R 1 R 2 R 0 Perfect randomness…

  11. Developers Build “RNGs with Input”

  12. Developers Build “RNGs with Input” next S’,R S

  13. Developers Build “RNGs with Input” next S’,R S refresh S,I S’

  14. Developers Build “RNGs with Input” next S’,R S refresh S,I S’ Entropy?

  15. Developers Build “RNGs with Input” next S’,R S refresh S,I S’ Entropy? Accumulated entropy

  16. Developers Build “RNGs with Input” next S’,R S refresh S,I S’ Entropy? Accumulated entropy H(S’) ≈ H(S) + H(I)

  17. (Limited) Formal Analysis [BH05] [DPRVW13]

  18. (Limited) Formal Analysis [BH05] [DPRVW13] First formal model (In 2005!)

  19. (Limited) Formal Analysis [BH05] [DPRVW13] First formal model (In 2005!) Recover only after full-entropy input

  20. (Limited) Formal Analysis [BH05] [DPRVW13] Gathers entropy First formal model as it comes (In 2005!) Recover only after full-entropy input

  21. (Limited) Formal Analysis [BH05] [DPRVW13] Gathers entropy First formal model as it comes (In 2005!) Recover only after But…. full-entropy input

  22. Premature Next RNG with input

  23. Premature Next RNG with input

  24. Premature Next RNG with input I

  25. Premature Next RNG with input I

  26. Premature Next RNG with input I I

  27. Premature Next RNG with input I I

  28. Premature Next I … RNG with input I I

  29. Premature Next I … RNG with input I I

  30. Premature Next I … R RNG with input I I

  31. Premature Next I … R RNG with input I I

  32. Premature Next RNG with input

  33. Premature Next RNG with input

  34. Premature Next RNG with input I

  35. Premature Next RNG with input I R

  36. Premature Next S RNG with input I R

  37. Premature Next S RNG with input I R

  38. How do we deal with this?

  39. Option 1: Don’t Let The Adversary Look RNG with input

  40. Option 1: Don’t Let The Adversary Look RNG with input I

  41. Option 1: Don’t Let The Adversary Look RNG with input I

  42. Option 1: Don’t Let The Adversary Look RNG with input I I

  43. Option 1: Don’t Let The Adversary Look RNG with input I I

  44. Option 1: Don’t Let The Adversary Look I … RNG with input I I

  45. Option 1: Don’t Let The Adversary Look I … RNG with input I I

  46. Option 1: Don’t Let The Adversary Look I … R RNG with input I I

  47. Option 1: Don’t Let The Adversary Look I … R RNG with input I I

  48. Option 2: Estimate Entropy RNG with input

  49. Option 2: Estimate Entropy RNG with input

  50. Option 2: Estimate Entropy RNG with input I

  51. Option 2: Estimate Entropy RNG with input I I

  52. Option 2: Estimate Entropy RNG with input I I

  53. Option 2: Estimate Entropy RNG ? with input I I

  54. Option 2: Estimate Entropy ? RNG ? with input I I

  55. Option 2: Estimate Entropy ? I … RNG ? with input I I

  56. Option 2: Estimate Entropy ? I … RNG RNG ? with input with input I I

  57. Option 2: Estimate Entropy ? R I … RNG RNG ? with input with input I I

  58. Option 2: Estimate Entropy ? R I … RNG RNG ? with input with input I I

  59. Option 2: Estimate Entropy ? R I … RNG RNG ? with input with input I I But we can’t estimate entropy….

  60. Option 3: Prove Impossibility

  61. Option 3: Prove Impossibility But it’s possible….

  62. Option 4: Eat Your Entropy and Have It Too

  63. Option 4: Eat Your Entropy and Have It Too …

  64. Option 4: Eat Your Entropy and Have It Too …

  65. Option 4: Eat Your Entropy and Have It Too …

  66. Option 4: Eat Your Entropy and Have It Too Unknown amount …

  67. Option 4: Eat Your Entropy and Have It Too …

  68. Option 4: Eat Your Entropy and Have It Too …

  69. Option 4: Eat Your Entropy and Have It Too …

  70. Option 4: Eat Your Entropy and Have It Too …

  71. Option 4: Eat Your Entropy and Have It Too …

  72. Option 4: Eat Your Entropy and Have It Too …

  73. Option 4: Eat Your Entropy and Have It Too …

  74. Option 4: Eat Your Entropy and Have It Too …

  75. Option 4: Eat Your Entropy and Have It Too … Adi Shamir

  76. Idea Used in Practice (but not theory…) [KSF99]’s Yarrow [FS03]’s Fortuna

  77. Idea Used in Practice (but not theory…) Only two pools [KSF99]’s Yarrow [FS03]’s Fortuna

  78. Idea Used in Practice (but not theory…) Many pools with clever scheduling Only two pools [KSF99]’s Yarrow [FS03]’s Fortuna

  79. Idea Used in Practice (but not theory…) Many pools with clever scheduling Only two pools [KSF99]’s Yarrow [FS03]’s Fortuna

  80. Idea Used in Practice (but not theory…) Many pools with clever scheduling Only two pools [KSF99]’s Yarrow [FS03]’s Fortuna

  81. Our Work

  82. Our Work • Formal model (very strong security notion)

  83. Our Work • Formal model (very strong security notion) • Provably secure construction in this model • Inspired by Fortuna • Proof in standard model (from OWF)

  84. Our Work • Formal model (very strong security notion) • Provably secure construction in this model • Inspired by Fortuna • Proof in standard model (from OWF) • Attacks on prior constructions

  85. Our Work • Formal model (very strong security notion) • Provably secure construction in this model • Inspired by Fortuna • Proof in standard model (from OWF) • Attacks on prior constructions • Formal analysis of and improvement of Fortuna • Secure in limited setting • Doubled entropy e ffj ciency

  86. Thanks!

Recommend

Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of

Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of

Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of a discrete random variable. Properties: H(x) >= 0 Entropy Entropy Lesser the probability for an event, larger the entropy.

471 views • 21 slides
Entropy and The Second Law of Thermodynamics Entropy (S)

Entropy and The Second Law of Thermodynamics Entropy (S)

Entropy and The Second Law of Thermodynamics Entropy (S) Entropy is o8en related to disorder but not strictly correct Entropy is a measure

351 views • 8 slides
Formal Modeling in Cognitive Science Lecture 25: Entropy, Joint Entropy, Conditional Entropy 1

Formal Modeling in Cognitive Science Lecture 25: Entropy, Joint Entropy, Conditional Entropy 1

Entropy Entropy Formal Modeling in Cognitive Science Lecture 25: Entropy, Joint Entropy, Conditional Entropy 1 Entropy Entropy and Information Joint Entropy Frank Keller Conditional Entropy School of Informatics University of Edinburgh

81 views • 4 slides
Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the

Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the

Outline Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the Technion) Huffman coding Arithmetic coding Lempel-Ziv coding 2 Entropy Definitions Alphabet : A finite set containing at least

402 views • 10 slides
Road detection via entropy By Anna Zaidman 1 1 What is entropy? Entropy is a mathematically

Road detection via entropy By Anna Zaidman 1 1 What is entropy? Entropy is a mathematically

Road detection via entropy By Anna Zaidman 1 1 What is entropy? Entropy is a mathematically - defined thermodynamic quantity that helps to account for the flow of energy through a thermodynamic process. 2 What is

467 views • 13 slides
E N T R O P Y S T R U C T U R E Entropy versus resolution Tomasz Downarowicz MOTIVATION

E N T R O P Y S T R U C T U R E Entropy versus resolution Tomasz Downarowicz MOTIVATION

E N T R O P Y S T R U C T U R E Entropy versus resolution Tomasz Downarowicz MOTIVATION Entropy measures exponential complexity in a topological dynamical system: topological entropy very crude, entropy function on invariant

556 views • 23 slides
Chapter 2 Entropy, Relative Entropy, and Mutual Infor- mation Peng-Hua Wang Graduate Institute

Chapter 2 Entropy, Relative Entropy, and Mutual Infor- mation Peng-Hua Wang Graduate Institute

Chapter 2 Entropy, Relative Entropy, and Mutual Infor- mation Peng-Hua Wang Graduate Institute of Communication Engineering National Taipei University Chapter Outline Chap. 2 Entropy, Relative Entropy, and Mutual Information 2.1 Entropy 2.2

752 views • 51 slides
ARE THE SHANNON ENTROPY AND RESIDUAL ENTROPY SYNONYMS? H = R 0 ? MARKO POPOVIC DEPARTMENT OF

ARE THE SHANNON ENTROPY AND RESIDUAL ENTROPY SYNONYMS? H = R 0 ? MARKO POPOVIC DEPARTMENT OF

ARE THE SHANNON ENTROPY AND RESIDUAL ENTROPY SYNONYMS? H = R 0 ? MARKO POPOVIC DEPARTMENT OF CHEMISTRY AND BIOCHEMISTRY, BYU, PROVO, UT 84602, POPOVIC.PASA@GMAIL.COM Thermodynamic entropy - S (J/K) At T=0K ideal crystal imperfect

560 views • 21 slides
Huffman Encoding 13-Oct-11 Entropy Entropy is a measure of information content: the number of

Huffman Encoding 13-Oct-11 Entropy Entropy is a measure of information content: the number of

Huffman Encoding 13-Oct-11 Entropy Entropy is a measure of information content: the number of bits actually required to store data. Entropy is sometimes called a measure of surprise A highly predictable sequence contains little actual

293 views • 16 slides
Infotheory for Statistics and Learning Lecture 1 Entropy Relative entropy Mutual

Infotheory for Statistics and Learning Lecture 1 Entropy Relative entropy Mutual

Infotheory for Statistics and Learning Lecture 1 Entropy Relative entropy Mutual information f -divergence Mikael Skoglund 1/16 Entropy Over ( R , B ) , consider a discrete RV X with all probability in a countable set X B ,

538 views • 8 slides
Model Uncertainty and Robustness: Entropy Coherent and Entropy Convex Measures of Risk Roger J.

Model Uncertainty and Robustness: Entropy Coherent and Entropy Convex Measures of Risk Roger J.

Model Uncertainty and Robustness: Entropy Coherent and Entropy Convex Measures of Risk Roger J. A. Laeven Dept. of Econometrics and OR Tilburg University, CentER and Eurandom based on joint work with Mitja Stadje August 30, 2011 Entropy

442 views • 40 slides
Comparison Between Bayesian and Maximum Entropy Analysis of Flow Networks 1 Maximum Entropy

Comparison Between Bayesian and Maximum Entropy Analysis of Flow Networks 1 Maximum Entropy

Comparison Between Bayesian and Maximum Entropy Analysis of Flow Networks 1 Maximum Entropy The Maximum Entropy (MaxEnt) method is a methodology to assign or update probability distributions to describe systems which are not completely

202 views • 17 slides
Orc David Schleef Entropy Wave Inc (c) 2009 Entropy Wave Inc What is Orc A system for

Orc David Schleef Entropy Wave Inc (c) 2009 Entropy Wave Inc What is Orc A system for

Orc David Schleef Entropy Wave Inc (c) 2009 Entropy Wave Inc What is Orc A system for describing low-level computation on modern CPUs (c) 2009 Entropy Wave Inc Motivation (c) 2009 Entropy Wave Inc Motivation Want maintainable assembly

611 views • 28 slides
1) Entropy = measure of randomness 2) Entropy = measure of compressibility More random = Less

1) Entropy = measure of randomness 2) Entropy = measure of compressibility More random = Less

Introduction to Information Retrieval Entropy: a basic introduction 1) Entropy = measure of randomness 2) Entropy = measure of compressibility More random = Less compressible High entropy = high randomness/low compressibility Low entropy =

236 views • 19 slides
Is the ozone layer Is the ozone layer recovering ? recovering ? Johannes Staehelin Institute

Is the ozone layer Is the ozone layer recovering ? recovering ? Johannes Staehelin Institute

Is the ozone layer Is the ozone layer recovering ? recovering ? Johannes Staehelin Institute for Atmospheric and Climate Institute for Atmospheric and Climate Science (IACETH), Swiss Federal Institute of Technology Zrich (ETHZ) gy ( )

509 views • 27 slides
1 Plasma Entropy In ideal MHD, specific entropy is conserved along a flow path: where:

1 Plasma Entropy In ideal MHD, specific entropy is conserved along a flow path: where:

Plasma Entropy in the Magnetosphere Joachim Raeder 1 , Kai Germaschewski 1 , LiWei Lin 1 Space Science Center, University of New Hampshire, Durham, NH 03824, USA Congre ASTRONUM, Biarritz, France, July 2, 2013 Basic Structure of the

499 views • 11 slides
Computing and Communications 2. Information Theory -Entropy Ying Cui Department of Electronic

Computing and Communications 2. Information Theory -Entropy Ying Cui Department of Electronic

1896 1920 1987 2006 Computing and Communications 2. Information Theory -Entropy Ying Cui Department of Electronic Engineering Shanghai Jiao Tong University, China 2017, Autumn 1 Outline Entropy Joint entropy and conditional

778 views • 50 slides
Entropy and gravitational interaction c 1 Milutin Blagojevi c i Branislav Cvetkovi 1 Institut

Entropy and gravitational interaction c 1 Milutin Blagojevi c i Branislav Cvetkovi 1 Institut

Introduction Black hole entropy in MB model Black hole entropy in PGT Entropy of conformally flat black holes Conclusion Entropy and gravitational interaction c 1 Milutin Blagojevi c i Branislav Cvetkovi 1 Institut za fiziku, Beograd

331 views • 31 slides
Maximum Entropy Beyond Fact to Explain Selecting Probability Maximum Entropy . . . Explaining a

Maximum Entropy Beyond Fact to Explain Selecting Probability Maximum Entropy . . . Explaining a

Need to Select a . . . Maximum Entropy . . . Simple Examples of . . . A Natural Question Maximum Entropy Beyond Fact to Explain Selecting Probability Maximum Entropy . . . Explaining a Value: . . . Distributions Explaining a . . . Need

446 views • 33 slides
Recovering Minerals and Bitumen Recovering Minerals and Bitumen from Oil Sands Tailings from Oil

Recovering Minerals and Bitumen Recovering Minerals and Bitumen from Oil Sands Tailings from Oil

An Emerging Opportunity Recovering Minerals and Bitumen Recovering Minerals and Bitumen from Oil Sands Tailings from Oil Sands Tailings AGM Feb 21, 2008 1 Forward-looking information This presentation contains forward-looking information

600 views • 23 slides
From Recovering Time to Timing Recovery: Some Challenges for the TAU Community Andrew B. Kahng

From Recovering Time to Timing Recovery: Some Challenges for the TAU Community Andrew B. Kahng

From Recovering Time to Timing Recovery: Some Challenges for the TAU Community Andrew B. Kahng Depts. of CSE and ECE UC San Diego abk@ucsd.edu http://vlsicad.ucsd.edu/~abk TAU-2016 Keynote: In Search of Lost Time Recovering

946 views • 47 slides
Entropy Change in Entropy Reversible Isobaric Process Ideal Gas in a Reversible Process Free

Entropy Change in Entropy Reversible Isobaric Process Ideal Gas in a Reversible Process Free

Entropy Change in Entropy Reversible Isobaric Process Ideal Gas in a Reversible Process Free Expansion of an Ideal Gas Microscopic Interpretation of Entropy Entropy and the Second Law of Thermodynamics

466 views • 11 slides
Recovering a compact Hausdorff space X from the Compatibility Ordering on C ( X ) Martin Rmoutil

Recovering a compact Hausdorff space X from the Compatibility Ordering on C ( X ) Martin Rmoutil

Recovering a compact Hausdorff space X from the Compatibility Ordering on C ( X ) Martin Rmoutil (joint with Tomasz Kania) Prague, 29 July 2016 TOPOSYM Martin Rmoutil (University of Warwick) Recovering X from the Compatibility Ordering on C ( X

531 views • 38 slides
Chapter 4 Entropy Rates of a Stochastic Process Peng-Hua Wang Graduate Inst. of Comm.

Chapter 4 Entropy Rates of a Stochastic Process Peng-Hua Wang Graduate Inst. of Comm.

Chapter 4 Entropy Rates of a Stochastic Process Peng-Hua Wang Graduate Inst. of Comm. Engineering National Taipei University Chapter Outline Chap. 4 Entropy Rates of a Stochastic Process 4.1 Markov Chains 4.2 Entropy Rate 4.3 Example: Entropy

256 views • 13 slides

More recommend