modern alice s adventures in cryptoland
play

Modern Alices Adventures in Cryptoland Francisco Rodr guez-Henr - PowerPoint PPT Presentation

Sep 01, 2023 •334 likes •1.61k views

Modern Alices Adventures in Cryptoland Francisco Rodr guez-Henr quez Cinvestav, M exico Latincrypt 2019 Santiago de Chile October first, 2019 Francisco Rodr guez-Henr quez Modern Alices Adventures in Cryptoland

  1. Time complexity borrowed from the xkcd site. Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (10 / 56)

  2. Running time complexity The efficiency of an algorithm is measured in terms of its input size. Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (11 / 56)

  3. Running time complexity The efficiency of an algorithm is measured in terms of its input size. ◮ For the discrete logarithm problem in F q , the input size is O (log q ) bits. Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (11 / 56)

  4. Running time complexity The efficiency of an algorithm is measured in terms of its input size. ◮ For the discrete logarithm problem in F q , the input size is O (log q ) bits. A polynomial-time algorithm is one whose running time is bounded by a polynomial in the input size: (log q ) c , where c is a constant. Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (11 / 56)

  5. Running time complexity The efficiency of an algorithm is measured in terms of its input size. ◮ For the discrete logarithm problem in F q , the input size is O (log q ) bits. A polynomial-time algorithm is one whose running time is bounded by a polynomial in the input size: (log q ) c , where c is a constant. A fully exponential-time algorithm is one whose running time is of the form q c , where c is a constant. Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (11 / 56)

  6. Running time complexity The efficiency of an algorithm is measured in terms of its input size. ◮ For the discrete logarithm problem in F q , the input size is O (log q ) bits. A polynomial-time algorithm is one whose running time is bounded by a polynomial in the input size: (log q ) c , where c is a constant. A fully exponential-time algorithm is one whose running time is of the form q c , where c is a constant. A subexponential-time algorithm as one whose running time is of the form, L q [ α , c ] = e c (log q ) α (log log q ) 1 − α , where 0 < α < 1, and c is a constant. α = 0: polynomial α = 1: fully exponential Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (11 / 56)

  7. Attacks on discrete log computation over small char F q n : Main developments in the last 30+ years Let Q be defined as Q = q n . Hellman-Reyneri 1982: Index-calculus L Q [ 1 2 , 1.414] Coppersmith 1984: L Q [ 1 3 , 1.526] Joux-Lercier 2006: L Q [ 1 3 , 1.442] when q and n are “balanced” Hayashi et al. 2012: Used an improved version of the Joux-Lercier method to compute discrete logs over the field F 3 6 · 97 Joux 2012: L Q [ 1 3 , 0.961] when q and n are “balanced” Joux 2013: L Q [ 1 4 + o (1), c ] when Q = q d · m , d a small integer (e.g. d = 2, 3) and q ≈ m G¨ olo˘ glu et al. 2013: similar to Joux 2013, BPA @ Crypto’2013 Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (12 / 56)

  8. Attacks on discrete log computation over small char F q 3 n : security level consequences Let us assume that one wants to compute discrete logarithms in the field F q 3 n , with q = 3 6 , n = 509, Notice that the group size of that field is, # F 3 6 · 509 = ⌈ log 2 (3) · 6 · 509 ⌉ = 4841 bits. Algorithm Time complexity Equiv. bit security level L q 6 n [ 1 Hellman-Reyneri 1982 2 , 1.414] 337 L q 6 n [ 1 Coppersmith 1984 3 , 1.526] 134 L q 6 n [ 1 Joux-Lercier 2006 3 , 1.442] 126 L q 6 n [ 1 Joux-Lercier 2006 3 , 1.270] 111 (as revised by Shinohara et al. 2012) L q 6 n [ 1 Joux 2012 3 , 1.175] 103 (personal estimation) L q 6 n [ 1 Joux 2013 4 , 1.530] 81 (as analyzed by Adj et al. Pairing 2013) L q 6 n [ 1 Joux-Pierrot 2014 4 , 1.530] 58 (as analyzed by Adj et al. Waifi 2014) Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (13 / 56)

  9. Recommended key sizes (circa 2013) Security RSA DL: F p DL: F 2 m ECC in bits || N || 2 || p || 2 || q || 2 m 80 1024 1024 1500 160 112 2048 2048 3500 224 128 3072 3072 4800 256 192 7680 7680 12500 384 256 15360 15360 25000 512 Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (14 / 56)

  10. Recommended key sizes (2019) Security RSA DLP: F p DL: F 2 m ECC in bits || N || 2 || p || 2 || q || 2 m ≈ 74 1024 1024 1500 160 ≈ 106 2048 2048 3500 224 4800 ∗ 128 3072 3072 256 192 7680 7680 12500 384 256 15360 15360 25000 512 Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (14 / 56)

  11. Recommended key sizes (2019) Security RSA DLP: F p DL: F 2 m ECC in bits || N || 2 || p || 2 || q || 2 m ≈ 74 1024 1024 1500 160 ≈ 106 2048 2048 3500 224 4800 ∗ 128 3072 3072 256 192 7680 7680 12500 384 256 15360 15360 25000 512 ∗ Nowadays, the extension F 2 4800 is estimated to provide a security level of around 60 bits (see [Granger-Kleinjung-Zumbr¨ agel’18], [AMOR’16]). Barbulescu-Gaudry-Joux-Thom´ e: ”A Heuristic Quasi-Polynomial Algorithm for Discrete Logarithm in Finite Fields of Small Characteristic“. EUROCRYPT 2014: 1-16 Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (14 / 56)

  12. Recommended key sizes (2019) Security RSA DLP: F p DL: F 2 m ECC in bits || N || 2 || p || 2 || q || 2 m ≈ 74 1024 1024 1500 160 ≈ 106 2048 2048 3500 224 4800 ∗ 128 3072 3072 256 192 7680 7680 12500 384 256 15360 15360 25000 512 Factorization (RSA): Using the Number Field Sieve (NFS) method leads to � � � 1 64 subexponential complexity, ≈ L N 3 , 3 , Where N is the RSA modulus 9 DLP over F p : Using index-calculus methods leads to subexponential � � � 1 64 complexity, ≈ L p 3 , 3 , 9 ECDLP: Using the Pollard’s rho method leads to exponential complexity √ π · q / 2, where q = p k is the prime field extension where the elliptic curve has been defined Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (14 / 56)

  13. Elliptic-curve-based cryptography Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (15 / 56)

  14. Elliptic-curve-based cryptography Figure: Professors Neal Koblitz and Victor Miller and many Mexican graduate students at ECC 2012 in Quer´ etaro, M´ exico Elliptic-curve-based cryptography (ECC) was independently proposed by Victor Miller and Neal Koblitz in 1985. It took more than two decades for ECC to be widely accepted and become the most popular public-key cryptographic scheme (above its archrival RSA) Nowadays ECC is massively used in everyday applications Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (16 / 56)

  15. Elliptic-curve-based cryptography An elliptic curve is defined by the set of affine points ( x , y ) ∈ F p × F p , with p > 3 an odd large prime, which satisfies the short Weierstrass equation given as, E : y 2 = x 3 + ax + b , along with a point at infinity denoted as O . Let E ( F p ) be the set of points that satisfy the elliptic curve equation above. This set forms an Abelian group with order (size) given as, # E ( F p ) = h · r , where r is a large prime and the cofactor is a small integer. Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (17 / 56)

  16. Elliptic curves E defined by a Weierstraß equation of the form y 2 = x 3 + Ax + B Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (18 / 56)

  17. Elliptic curves E defined by a Weierstraß equation of the form y 2 = x 3 + Ax + B E ( K ) set of rational points over a field K Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (18 / 56)

  18. Elliptic curves E defined by a Weierstraß equation of the form y 2 = x 3 + Ax + B E ( K ) set of rational points over a field K Additive group law over E ( K ) Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (18 / 56)

  19. Elliptic curves E defined by a Weierstraß equation of the form y 2 = x 3 + Ax + B E ( K ) set of rational points over a field K Additive group law over E ( K ) Many applications in cryptography since 1985 ◮ EC-based Diffie-Hellman key exchange ◮ EC-based Digital Signature Algorithm ◮ Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (18 / 56)

  20. Elliptic curves E defined by a Weierstraß equation of the form y 2 = x 3 + Ax + B E ( K ) set of rational points over a field K Additive group law over E ( K ) Many applications in cryptography since 1985 ◮ EC-based Diffie-Hellman key exchange ◮ EC-based Digital Signature Algorithm ◮ Interest: smaller keys than usual cryptosystems (RSA, ElGamal, ...) Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (18 / 56)

  21. Elliptic curves E defined by a Weierstraß equation of the form y 2 = x 3 + Ax + B E ( K ) set of rational points over a field K Additive group law over E ( K ) Many applications in cryptography since 1985 ◮ EC-based Diffie-Hellman key exchange ◮ EC-based Digital Signature Algorithm ◮ Interest: smaller keys than usual cryptosystems (RSA, ElGamal, ...) But there’s more: ◮ Bilinear pairings ◮ Isogenous elliptic curves Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (18 / 56)

  22. ● ● ● Group cryptography ( ● 1 , +), an additively-written cyclic group of prime order # ● 1 = ℓ Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (19 / 56)

  23. ● ● Group cryptography ( ● 1 , +), an additively-written cyclic group of prime order # ● 1 = ℓ P , a generator of the group: ● 1 = � P � Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (19 / 56)

  24. ● ● Group cryptography ( ● 1 , +), an additively-written cyclic group of prime order # ● 1 = ℓ P , a generator of the group: ● 1 = � P � Scalar multiplication: for any integer k , we have kP = P + P + · · · + P � �� � k times Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (19 / 56)

  25. ● ● Group cryptography ( ● 1 , +), an additively-written cyclic group of prime order # ● 1 = ℓ P , a generator of the group: ● 1 = � P � Scalar multiplication: for any integer k , we have kP = P + P + · · · + P � �� � k times P k Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (19 / 56)

  26. ● ● Group cryptography ( ● 1 , +), an additively-written cyclic group of prime order # ● 1 = ℓ P , a generator of the group: ● 1 = � P � Scalar multiplication: for any integer k , we have kP = P + P + · · · + P � �� � k times kP P k Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (19 / 56)

  27. ● Group cryptography ( ● 1 , +), an additively-written cyclic group of prime order # ● 1 = ℓ P , a generator of the group: ● 1 = � P � Scalar multiplication: for any integer k , we have kP = P + P + · · · + P � �� � k times kP P k Discrete logarithm: given Q ∈ ● 1 , compute k such that Q = kP Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (19 / 56)

  28. ● Group cryptography ( ● 1 , +), an additively-written cyclic group of prime order # ● 1 = ℓ P , a generator of the group: ● 1 = � P � Scalar multiplication: for any integer k , we have kP = P + P + · · · + P � �� � k times kP P k Discrete logarithm: given Q ∈ ● 1 , compute k such that Q = kP Q = k P Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (19 / 56)

  29. ● Group cryptography ( ● 1 , +), an additively-written cyclic group of prime order # ● 1 = ℓ P , a generator of the group: ● 1 = � P � Scalar multiplication: for any integer k , we have kP = P + P + · · · + P � �� � k times kP P k Discrete logarithm: given Q ∈ ● 1 , compute k such that Q = kP Q = k P k Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (19 / 56)

  30. ● Group cryptography ( ● 1 , +), an additively-written cyclic group of prime order # ● 1 = ℓ P , a generator of the group: ● 1 = � P � Scalar multiplication: for any integer k , we have kP = P + P + · · · + P � �� � k times kP P k Discrete logarithm: given Q ∈ ● 1 , compute k such that Q = kP Q = k P k Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (19 / 56)

  31. Group cryptography ( ● 1 , +), an additively-written cyclic group of prime order # ● 1 = ℓ P , a generator of the group: ● 1 = � P � Scalar multiplication: for any integer k , we have kP = P + P + · · · + P � �� � k times kP P k Discrete logarithm: given Q ∈ ● 1 , compute k such that Q = kP Q = k P k We assume that the discrete logarithm problem (DLP) in ● 1 is hard Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (19 / 56)

  32. The Elliptic Curve Diffie-Hellman (ECDH) Protocol Algorithm 1 The elliptic curve Diffie-Hellman protocol Public parameters: Prime p , curve E / F p , point P = ( x , y ) ∈ E ( F p ) of order r Phase 1: Key pair generation Alice Bob $ $ 1: Select the private key d A ← − [1, r − 1] 1: Select the private key d B ← − [1, r − 1] 2: 2: Compute the public key Q A ← d A P Compute the public key Q B ← d B P Phase 2: Shared secret computation Alice Bob 3: Send Q A to Bob 3: Send Q B to Alice 4: 4: Compute R ← d A Q B Compute R ← d B Q A Final phase: The shared secret is x-coordinate of the point R Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (20 / 56)

  33. [Apocalyptic] scenario for the next years: The arrival of large-scale quantum computers Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (21 / 56)

  34. [Apocalyptic] scenario for the next years: The arrival of large-scale quantum computers ◮ A quantum computer implementation of Peter Shor algorithm for factorization of integer numbers will imply that the computational effort for breaking elliptic-curve discrete logs will become polynomial. ◮ In practice, this means that breaking commercial [EC]DLP would go from billions of years to hundred of hours. Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (22 / 56)

  35. [Apocalyptic] scenario for the next years: The arrival of large-scale quantum computers Along with ECC, RSA and DSA public key crypto-schemes will also go to extinction Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (22 / 56)

  36. Design problem: How to construct a post-quantum Diffie-Hellman protocol? Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (23 / 56)

  37. Answers against the [Apocalyptic] scenario: Post-Quantum Cryptography (PQC) About two years ago, NIST launched a Post-Quantum Cryptography (PQC) standardization contest. NIST stated that ’regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing.“ The main focus of the contest is to find new PQC signature/verification and shared key establishment protocols. The latter task should be done using a scheme known as Key Encapsulation Mechanism (KEM). Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (24 / 56)

  38. Answers against the [Apocalyptic] scenario: Post-Quantum Cryptography (PQC) Out of 82 initial candidates only 23 made it to the second round. The surviving candidates have been classified in five main categories. Here at Latincrypt2019 and ASCrypto 2019, we will be hearing a lot about, ◮ Lattice-based cryptography ◮ Code-based crypto ◮ Multivariate-based crypto ◮ hash-based crypto ◮ isogeny-based crypto Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (25 / 56)

  39. Design problem: How to construct a post-quantum Diffie-Hellman protocol using isogeny-based crypto? Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (26 / 56)

  40. [More] Mathematical definitions: recap An Elliptic Curve in Weierstrass short model over a finite field F q where q = p m for some prime p > 3, is given by the equation E / F q : Y 2 = X 3 + AX + B where A , B ∈ F q . The j-invariant j ( E ) of a curve acts like a fingerprint of a curve and it is given by j ( E ) = 1728 · 4 A 2 4 A 2 + 27 B 2 . A point P in E ( F q ) is a pair ( x , y ) such that x 3 + Ax + B − y 2 = 0. Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (27 / 56)

  41. [More] Mathematical definitions: recap We can Add points R := P + Q , Double a point [2] P := P + P and multiply by a scalar as, [ m ] P := P + P + · · · + P , ( m − 1)(times). The minimum integer m such that [ m ] P = O is called the order of P . The subgroup generated by P is the set { P , [2] P , [3] P , ... , [ m − 1] P , O} and is denoted by � P � . The m -torsion subgroup is defined as E [ m ] = { P ∈ E | [ m ] P = O} . Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (28 / 56)

  42. [More] Mathematical definitions: recap (Hasse’s Theorem)The number of rational points in an elliptic curve is bounded by | t |≤ 2 √ q . # E ( F q ) = q + 1 − t , E is supersingular if p | t , i.e., if # E ( F q ) = q + 1 mod p . Otherwise E is said to be ordinary. Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (29 / 56)

  43. Basic definitions of isogenies An Isogeny φ : E 0 → E 1 is an homomorphism between elliptic curves given by rational functions. Given P and Q in E 0 is fulfilled that ◮ φ ( P + Q ) = φ ( P ) + φ ( Q ), ◮ φ ( O ) = O . The Kernel of an Isogeny φ is the set K = { P ∈ E | φ ( P ) = O} . Note: In this talk the degree of an isogeny is s := # K . Let E and E ′ be two elliptic curves defined over F q . If there exists an isogeny φ : E → E ′ , then we say that E and E ′ are isogenous. Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (30 / 56)

  44. Basic definitions of isogenies Tate’s theorem states that two elliptic curves E and E ′ are isogenous over F q , iff # E ( F q ) = # E ′ ( F q ). If two elliptic curves E and E ′ are isogenous over F q , either both of them are supersingular or both of them are ordinary. Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (31 / 56)

  45. Basic definitions of isogenies Let E be an elliptic curve and P ∈ E be an order m point. Then there exists an elliptic curve E P and an isogeny φ P : E → E P such that the Kernel of φ P is � P � , i.e. φ P ( p ) = O for each p ∈ � P � . We write E P = E / � P � Moreover, given E defined over F q , and K = � P � , V´ elu’s formulas outputs E P and φ P . The running time of V´ elu’s formulas is polynomial in s = # K and log 2 ( q ). Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (32 / 56)

  46. Basic definitions of isogenies Let E be an elliptic curve and P ∈ E be an order m point. Then there exists an elliptic curve E P and an isogeny φ P : E → E P such that the Kernel of φ P is � P � , i.e. φ P ( p ) = O for each p ∈ � P � . We write E P = E / � P � Moreover, given E defined over F q , and K = � P � , V´ elu’s formulas outputs E P and φ P . The running time of V´ elu’s formulas is polynomial in s = # K and log 2 ( q ). Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (32 / 56)

  47. Basic definitions of isogenies Let E and E ′ be two elliptic curves defined over F q . If there exists a degree-1 isogeny between E and E ′ then j ( E ) = j ( E ′ ). We say that E and E ′ are isomorphic. We denote that by E ∼ = E ′ . Given an isogeny φ : E 0 → E 1 of degree d e then ◮ Then we can decompose φ as the composition φ e − 1 ◦ φ e − 2 ◦ · · · φ 1 ◦ φ 0 where φ i has degree d . ◮ There exists an isogeny ˆ φ : E 1 → E 0 (called the dual isogeny of φ ) such that, φ ◦ φ = [ d e ] and φ ◦ ˆ ˆ φ = [ d e ]. Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (33 / 56)

  48. Computing composition of isogenies Rules: Once you go down, you 2 can’t go back. 2 The only way to go 2 down along a non-blue 2 line is reaching first the 2 dot rounded by the same 2 color of the line. 2 Example: if you want to 2 go down on a red line, 2 first you need to reach 2 the red rounded circle Example for a 2 5 -isogeny. node. Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (34 / 56)

  49. Computing composition of isogenies Rules: Once you go down, you 2 can’t go back. 2 The only way to go 2 down along a non-blue 2 line is reaching first the 2 dot rounded by the same 2 color of the line. 2 Example: if you want to 2 go down on a red line, 2 first you need to reach 2 the red rounded circle Example for a 2 5 -isogeny. node. Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (34 / 56)

  50. Computing composition of isogenies Unbalanced path: Isogeny 2 evaluation oriented 2 Costs: 2 [2] : 4 2 Evaluations : 10 2 2 Fully parallelizable. (Needs 2 more than 250 cores for real 2 world implementations) 2 2 Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (35 / 56)

  51. Computing composition of isogenies 2 2 Balanced path 2 Costs: 2 [2] : 6 2 2 Evaluations : 6 2 2 2 2 Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (36 / 56)

  52. Computing composition of isogenies 2 2 Balanced path 2 Costs: 2 [2] : 6 2 2 Evaluations : 6 2 2 2 2 Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (37 / 56)

  53. Design problem: How to construct a post-quantum Diffie-Hellman protocol using isogeny-based crypto? Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (38 / 56)

  54. Diffie-Hellman like protocol using isogenies: The SIDH protocol [de Feo-Jao 2011] SIDH framework: Find a prime p of the form p = 2 e A · 3 e B − 1, Let E be a supersingular elliptic curve defined over ❋ p 2 with # E ( ❋ p 2 ) = ( p + 1) 2 . E [2 e A ]( ❋ p 2 ) = � P A , Q A � and E [3 e B ]( ❋ p 2 ) = � P B , Q B � . Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (39 / 56)

  55. Diffie-Hellman like protocol using isogenies: The SIDH protocol [de Feo-Jao 2011] SIDH framework: Find a prime p of the form p = 2 e A · 3 e B − 1, Let E be a supersingular elliptic curve defined over ❋ p 2 with # E ( ❋ p 2 ) = ( p + 1) 2 . E [2 e A ]( ❋ p 2 ) = � P A , Q A � and E [3 e B ]( ❋ p 2 ) = � P B , Q B � . General description of the SIDH protocol E E / � R A , R B � Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (39 / 56)

  56. Diffie-Hellman like protocol using isogenies: The SIDH protocol [de Feo-Jao 2011] SIDH framework: Find a prime p of the form p = 2 e A · 3 e B − 1, Let E be a supersingular elliptic curve defined over ❋ p 2 with # E ( ❋ p 2 ) = ( p + 1) 2 . E [2 e A ]( ❋ p 2 ) = � P A , Q A � and E [3 e B ]( ❋ p 2 ) = � P B , Q B � . General description of the SIDH protocol φ A E / � R A � E R A ← [ n A ] P A + [ m A ] Q A φ B R B ← [ n B ] P B + [ m B ] Q B E / � R B � E / � R A , R B � Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (39 / 56)

  57. Diffie-Hellman like protocol using isogenies: The SIDH protocol [de Feo-Jao 2011] SIDH framework: Find a prime p of the form p = 2 e A · 3 e B − 1, Let E be a supersingular elliptic curve defined over ❋ p 2 with # E ( ❋ p 2 ) = ( p + 1) 2 . E [2 e A ]( ❋ p 2 ) = � P A , Q A � and E [3 e B ]( ❋ p 2 ) = � P B , Q B � . General description of the SIDH protocol φ A E / � R A � E φ A ( P B ), φ A ( Q B ), E / � R A � R A ← [ n A ] P A + [ m A ] Q A φ B R B ← [ n B ] P B + [ m B ] Q B E / � R B � E / � R A , R B � Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (39 / 56)

  58. Diffie-Hellman like protocol using isogenies: The SIDH protocol [de Feo-Jao 2011] SIDH framework: Find a prime p of the form p = 2 e A · 3 e B − 1, Let E be a supersingular elliptic curve defined over ❋ p 2 with # E ( ❋ p 2 ) = ( p + 1) 2 . E [2 e A ]( ❋ p 2 ) = � P A , Q A � and E [3 e B ]( ❋ p 2 ) = � P B , Q B � . General description of the SIDH protocol φ A E / � R A � E φ A ( P B ), φ A ( Q B ), E / � R A � φ B ( P A ), φ B ( Q A ), E / � R B � R A ← [ n A ] P A + [ m A ] Q A φ B R B ← [ n B ] P B + [ m B ] Q B E / � R B � E / � R A , R B � Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (39 / 56)

  59. Diffie-Hellman like protocol using isogenies: The SIDH protocol [de Feo-Jao 2011] SIDH framework: Find a prime p of the form p = 2 e A · 3 e B − 1, Let E be a supersingular elliptic curve defined over ❋ p 2 with # E ( ❋ p 2 ) = ( p + 1) 2 . E [2 e A ]( ❋ p 2 ) = � P A , Q A � and E [3 e B ]( ❋ p 2 ) = � P B , Q B � . General description of the SIDH protocol φ A E E / � R A � φ A ( P B ), φ A ( Q B ), E / � R A � φ B ( P A ), φ B ( Q A ), E / � R B � φ B ( R A ) ← [ n A ] φ B ( P A ) + [ m A ] φ B ( Q A ) φ B φ ′ B φ A ( R B ) ← [ n B ] φ A ( P B ) + [ m B ] φ A ( Q B ) E / � R B � E / � R A , R B � φ ′ A Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (39 / 56)

  60. Diffie-Hellman like protocol using isogenies: The SIDH protocol [de Feo-Jao 2011] SIDH framework: Find a prime p of the form p = 2 e A · 3 e B − 1, Let E be a supersingular elliptic curve defined over ❋ p 2 with # E ( ❋ p 2 ) = ( p + 1) 2 . E [2 e A ]( ❋ p 2 ) = � P A , Q A � and E [3 e B ]( ❋ p 2 ) = � P B , Q B � . General description of the SIDH protocol φ A E E / � R A � φ A ( P B ), φ A ( Q B ), E / � R A � φ B ( P A ), φ B ( Q A ), E / � R B � φ B ( R A ) ← [ n A ] φ B ( P A ) + [ m A ] φ B ( Q A ) φ B φ ′ B φ A ( R B ) ← [ n B ] φ A ( P B ) + [ m B ] φ A ( Q B ) E / � R B � E / � R A , R B � φ ′ A where the shared secret key is the j-invariant j ( E / � R A , R B � ). Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (39 / 56)

  61. The CSSI problem [Charles-Goren-Lauter 2005] The SIDH protocol bases its security guarantees in the hardness of the following hard problem, Problem (CSSI) Given the public parameters e A , e B , p, E, P A , Q A , and the elliptic curve E / � R A � , compute a degree- 2 e A isogeny φ A : E → E / � R A � . Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (40 / 56)

  62. How to [classically] attack the SIDH protocol Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (41 / 56)

  63. How to attack SIDH: The CSSI problem modeled as a collision finding problem [Adj-Cervantes-Chi-Menezes-RH’2018] Let’s write ( R , ℓ , e ) to mean either ( R A , 2, e A ) or ( R B , 3, e B ), E 1 = E , and E 2 = E / � R � . Notice that the degree-( ℓ e ) isogeny φ : E → E / � R � can be written as the composition of two degree- ℓ e / 2 isogenies. � � e ˜ R 0 = ℓ ˜ R 2 R 1 = φ ˜ R 0 ( R ) E 1 / � ˜ R 0 � E 1 E 2 φ ˜ φ ˜ R 0 R 1 Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (42 / 56)

  64. How to attack SIDH: The CSSI problem modeled as a collision finding problem [Adj-Cervantes-Chi-Menezes-RH’2018] Let’s write ( R , ℓ , e ) to mean either ( R A , 2, e A ) or ( R B , 3, e B ), E 1 = E , and E 2 = E / � R � . Therefore, E 1 and E 2 satisfies: ∀ R 1 ∈ E 1 [ ℓ e ]( ❋ p 2 ) ∀ R 2 ∈ E 2 [ ℓ e ]( ❋ p 2 ) of order ℓ e of order ℓ e j ( E 1 / � R 1 � ) j ( E 2 / � R 2 � ) E 1 E 2 just one φ [ ℓ e / 2 ] R 1 φ [ ℓ e / 2 ] R 2 collision Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (42 / 56)

  65. Meet-in-the-middle attack Let us illustrate how MITM works by an example. Let e A = 4, e B = 2, p = 2 4 · 3 2 · 5 − 1, E 1 : y 2 = x 3 + � � � � 0x040 · i + 0x1F0 x + 0x1E6 · i + 0x0C7 , P 1 = (0x16E · i + 0x1B4, 0x10B · i + 0x05F), Q 1 = (0x203 · i + 0x0CC, 0x047 · i + 0x0C5), and E 2 : y 2 = x 3 + � � � � 0x1CF · i + 0x047 x + 0x1EA · i + 0x00D . Then, the goal is to find a degree-2 4 isogeny from E 1 to E 2 using the following strategy: Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (43 / 56)

  66. Meet-in-the-middle attack First, compute the degree-2 2 isogeny tree rooted at E 1 , and store its leaves. 0x000 · i + 0x000 0x000 · i + 0x000 E 10 E 20 0x000 · i + 0x000 0x000 · i + 0x000 0x000 · i + 0x000 0x000 · i + 0x000 E 1 E 11 E 21 E 2 0x000 · i + 0x088 0x000 · i + 0x000 0x000 · i + 0x000 0x000 · i + 0x000 E 12 E 22 0x000 · i + 0x000 0x000 · i + 0x000 Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (43 / 56)

  67. Meet-in-the-middle attack First, compute the degree-2 2 isogeny tree rooted at E 1 , and store its leaves. 6 4 0x000 · i + 0x000 x 0 0 + 0x07F · i + 0x0DD i · 5 1 F x 0 E 20 0 E 10 x 0 F 9 · i + 0 B x 1 5 0 C 0x000 · i + 0x000 0 0x00A x 0 + i · 7 7 1 8 0 x 1 0x000 · i + 0x000 0 x 0 0x045 + · i 0 6 x 1 0 0x0FF · i + 0x053 E 21 E 2 0 E 1 E 11 x 1 6 0 · i + 0 x 0 1 0 8 x 0 0x000 · i + 0x000 5 0x088 · i + 0x01F 9 · i + 0 x 1 D B 9 0 x 0x000 · i + 0x000 1 0 0x10D · i + 0x25F + · i 1 3 0 0 x 0 E 22 E 12 x 0 8 1 · i + 0 x 2 C 5 0x000 · i + 0x000 0x255 · i + 0x01D Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (43 / 56)

  68. Meet-in-the-middle attack Second, compute degree-2 2 isogenies at E 2 until the match is found. 6 0 4 x 0 1 0 0 x 1 0x07F · i + 0x0DD 0x0A0 · i + 0x1B3 · + i i + · 5 0 F x 0 x 1 D 0 C 0 F E 10 x 3 E 20 0 2 F x 9 0 · + i + · i 0 D x 4 B 1 1 0 5 0 x C 0 x 1 0 x 0x00A 0x05B 2 0 7 + · i + i · 0 7 7 x 1 8 0 0 0 x x 1 0 2 x 4 0 0 7 6 + 0x045 0x07F · i + 0x0DD · i · i + 0 0 6 x 1 2 0 x 1 8 0x0FF · i + 0x053 0x22D · i + 0x228 E 1 E 11 0 x E 21 E 2 1 6 0 · i + 0 x 0 1 0 x 8 0 0 0 5 0x088 · i + 0x01F 0 0x000 · i + 0x000 9 x 0 · + i + i 0 · x 0 1 0 D B 9 0 x 0 x x 0 0 0 1 0 + 0x10D · i + 0x25F 0x000 · i + 0x000 · i + i 1 · 0 3 x 0 0 0 x 0 0 E 12 0 x 0 E 22 0 0 8 0 1 0 x · i + + 0 · i x 0 2 0 C 0 x 5 0x255 · i + 0x01D 0x000 · i + 0x000 Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (43 / 56)

  69. Meet-in-the-middle attack Then, we can reconstruct φ A : E 1 → E 2 by composing the following isogenies: ❋ p 2 -isomorphism ˆ ˆ φ 0 φ 1 φ 2 φ 3 E 1 − → E 10 − → E 100 − − − − − − − − − − → E 210 − → E 21 − → E 2 ψ 4 6 0 x 0 1 x 0 0 1 + 0x07F · i + 0x0DD 0x0A0 · i + 0x1B3 · i i + 5 · 0 F x 1 0 x D 0 C E 10 0 F x 0 3 E 20 F x 2 9 0 · + i + i · 0 D B x 1 4 5 1 0 0 0 x C x 1 0 0x00A 0x05B 2 x 7 0 · + i + i · 0 7 x 7 0 1 8 0 1 0 x 2 x x 0 4 0 7 6 0 + 0x045 0x07F · i + 0x0DD · i i + · 6 0 0 0 1 x x 2 x 2 1 0 4 8 1 · i 0x0FF · i + 0x053 + 0x22D · i + 0x228 0 x 1 0 6 8 E E 1 E 11 x 3 E 21 E 2 1 6 2 0 0 x · i + 0x144 · i + 0x14E + · i 0 4 x 1 4 0 0 x 1 8 0 0 x 0 0 0 5 0x088 · i + 0x01F 0x000 · i + 0x000 9 x 0 · i + + i · 0 0 x 0 1 D x B 9 0 x 0 0 0 0 x 0 1 0x10D · i + 0x25F 0x000 · i + 0x000 · + i + · i 1 0 x 3 0 x 0 0 0 0 0 E 12 x 0 E 22 0 0 0 8 1 x 0 · + i + i 0 · x 2 0 0 C x 5 0 0x255 · i + 0x01D 0x000 · i + 0x000 Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (43 / 56)

  70. Meet-in-the-middle attack Now, let λ be the discrete log of φ A ( Q A ) in base φ A ( P A ) (or vice versa). Then, the secret kernel of Alice is � Q A − [ λ ] P A � (or P A − [ λ ] Q A ). In our toy example, λ = 3. 6 0 4 x 0 1 x 0 1 0 + 0x07F · i + 0x0DD 0x0A0 · i + 0x1B3 · i + · i 5 0 F x 1 0 D 0 x C E 10 0 x 3 F E 20 0 2 F x 9 0 · + i + i 0 D · x B 1 1 4 5 x 0 0 0 C x 0 1 0x00A 0x05B 2 x 0 7 · + i i + · 7 0 7 x 1 0 0 8 0 1 x 0 2 x x 4 0 7 6 0 + 0x045 0x07F · i + 0x0DD · i i + 0 · 0 6 0 x 1 x 2 x 2 1 0 4 1 8 · i + 0x0FF · i + 0x053 0x22D · i + 0x228 0 x 1 6 E 1 E 11 0 E 8 E 21 E 2 x 1 3 6 x 2 0 0 · + i 0x144 · i + 0x14E + i · 0 x 4 0 1 1 4 0 x x 8 0 0 0 0 0 5 0x088 · i + 0x01F 0x000 · i + 0x000 x 9 0 · + i + i 0 · 0 x 1 0 D 0 x B 9 x x 0 0 0 1 0 0 + 0x10D · i + 0x25F 0x000 · i + 0x000 · i i + · 0 1 x 0 3 0 x 0 0 0 E 12 0 x 0 0 0 E 22 8 0 1 x · 0 i + + · i 0 x 0 2 0 C x 5 0 0x255 · i + 0x01D 0x000 · i + 0x000 Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (43 / 56)

  71. Meet-in-the-middle attack Clearly, The average-case time complexity is 1.5 N and it has space complexity N , where N ≈ ( ℓ A + 1) ℓ e A / 2 − 1 ≈ p 1 / 4 (Infeasible for N ≥ 2 80 ). A Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (44 / 56)

  72. Meet-in-the-middle attack Clearly, The average-case time complexity is 1.5 N and it has space complexity N , where N ≈ ( ℓ A + 1) ℓ e A / 2 − 1 ≈ p 1 / 4 (Infeasible for N ≥ 2 80 ). A Consequently, using m processors and w cells of memory, the running time of MITM is approximately ( w / m + N / m ) N w ≈ N 2 / ( w · m ) ≈ p 1 / 2 / ( w · m ). Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (44 / 56)

  73. Collision search problem: Modeling Let S be a finite set of size N . The goal is to find a collision for a random 1 4 . function f : S → S . Note: Recall that in the case of SIDH, N ≈ = p Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (45 / 56)

  74. van Oorschot-Wiener (VW) collision search First, let us define an element x of S to be distinguished if it has some easily-testable distinguishing property, and let θ be the proportion of elements of S that are distinguished. Francisco Rodr´ ıguez-Henr´ ıquez Modern Alice’s Adventures in Cryptoland (46 / 56)

Recommend

Introduction to Alice Alice is named in honor of Lewis Carroll s Alice in Wonderland Slides

Introduction to Alice Alice is named in honor of Lewis Carroll s Alice in Wonderland Slides

3/18/13 CS101 Lecture 20 Introduction to Alice Alice is named in honor of Lewis Carroll s Alice in Wonderland Slides Credit: Joel Adams, Alice in Action With thanks to John Magee for his guidance about these materials Alice A modern

447 views • 26 slides
= = = f f BOB BOB not does like not like = Alice Bob Alice Bob not Bob Coecke

= = = f f BOB BOB not does like not like = Alice Bob Alice Bob not Bob Coecke

picture logic for info-flow in language and physics (incl. the Lambek vs. Lambek battle) That flowin phyling October 2010 ALICE ALICE f f f f = = = f f BOB BOB not does like not like = Alice Bob Alice Bob not Bob

1.06k views • 94 slides
01 Meet ALICE ALICE A sset L imited I ncome C onstrained E mployed ALICE How we learned

01 Meet ALICE ALICE A sset L imited I ncome C onstrained E mployed ALICE How we learned

01 Meet ALICE ALICE A sset L imited I ncome C onstrained E mployed ALICE How we learned about ALICE How we got organized ALICE Steering Committee ALICE Research Advisory Committee ALICE Marketing Workgroup 28 United Ways

366 views • 21 slides
= = = f f BOB BOB meaning vectors of words not does like not like = Alice Bob Alice

= = = f f BOB BOB meaning vectors of words not does like not like = Alice Bob Alice

The logic of quantum mechanics - take II Bob Coecke arXiv:1204.3458 ALICE ALICE f f f f = = = f f BOB BOB meaning vectors of words not does like not like = Alice Bob Alice Bob not pregroup grammar An alternative

1.29k views • 118 slides
Dr Stephen Crabbe September 17 th , 2014 The Adventures of Tom Sawyer (1876) Adventures of

Dr Stephen Crabbe September 17 th , 2014 The Adventures of Tom Sawyer (1876) Adventures of

Looking backwards to look forward: Mark Twain and best practice for developing clear and effective content in our globalised, digitally-connected world Dr Stephen Crabbe September 17 th , 2014 The Adventures of Tom Sawyer (1876) Adventures of

437 views • 21 slides
2018 ALICE Report Overview Do You Know ALICE? ALICE is an acronym that stands for Asset

2018 ALICE Report Overview Do You Know ALICE? ALICE is an acronym that stands for Asset

2018 ALICE Report Overview Do You Know ALICE? ALICE is an acronym that stands for Asset Limited, Income Constrained, Employed. ALICE households have earnings above the Federal Poverty Level, but below a basic cost-of-living threshold. 2

292 views • 10 slides
MODERN 1 MODERN 2 MODERN 3 MODERN 4 MODERN A peep at some distant orb has power to raise

MODERN 1 MODERN 2 MODERN 3 MODERN 4 MODERN A peep at some distant orb has power to raise

MODERN 1 MODERN 2 MODERN 3 MODERN 4 MODERN A peep at some distant orb has power to raise and purify our thoughts like a strain picture, or a passage from the grander poets. It always does one good. 5 MODERN 6 MODERN 7 MODERN 8

524 views • 24 slides
= = = f f BOB BOB meaning vectors of words not does like = not like Alice Bob Alice

= = = f f BOB BOB meaning vectors of words not does like = not like Alice Bob Alice

The logic of quantum mechanics - take II arXiv:1204.3458 ALICE ALICE f f f f = = = f f BOB BOB meaning vectors of words not does like = not like Alice Bob Alice Bob not pregroup grammar genesis genesis

978 views • 79 slides
= = = f f BOB BOB meaning vectors of words not does like not like = Alice Bob Alice

= = = f f BOB BOB meaning vectors of words not does like not like = Alice Bob Alice

Physics, Language, Maths &amp; Music (partly in arXiv:1204.3458) Bob Coecke, Oxford, CS-Quantum SyFest, Vienna, July 2013 ALICE ALICE f f f f = = = f f BOB BOB meaning vectors of words not does like not like = Alice Bob

1.03k views • 83 slides
Introduction to Alice 23 October 2012 Alice is named in honor of Lewis Carroll s Alice in

Introduction to Alice 23 October 2012 Alice is named in honor of Lewis Carroll s Alice in

10/22/12 CS101 Lecture 16 Introduction to Alice 23 October 2012 Alice is named in honor of Lewis Carroll s Alice in Wonderland Slides Credit: Joel Adams, Alice in Action With thanks to John Magee for his guidance about these materials

548 views • 27 slides
Adventures in Elm GOTO Chicago, 24 May 2016 Adventures in Elm Events, Reproducibility, and

Adventures in Elm GOTO Chicago, 24 May 2016 Adventures in Elm Events, Reproducibility, and

Adventures in Elm GOTO Chicago, 24 May 2016 Adventures in Elm Events, Reproducibility, and Kindness question your principles @jessitron Adventures in Elm Events, Reproducibility, and Kindness Data Data In Out Server UI Everything My

646 views • 39 slides
Alice TPC DCS 1 ALICE underground ACR CR1 CR2 CR3 CR4 PLUG ~50m ~15m ALICE BEAM DETECTOR

Alice TPC DCS 1 ALICE underground ACR CR1 CR2 CR3 CR4 PLUG ~50m ~15m ALICE BEAM DETECTOR

Alice TPC DCS 1 ALICE underground ACR CR1 CR2 CR3 CR4 PLUG ~50m ~15m ALICE BEAM DETECTOR ~55m 2 5.6.02 L.Jirdn Access ACR CR1 CR2 Cavern only CR3 accessible during CR4 shutdowns ! PLUG ~50m ~15m ALIC BEAM E DETECTO R ~55m 3

413 views • 30 slides
DIGITAL SIGNATURES 1 / 74 Signing by hand ALICE Pay Bob $100 COSMO ALICE

DIGITAL SIGNATURES 1 / 74 Signing by hand ALICE Pay Bob $100 COSMO ALICE

DIGITAL SIGNATURES 1 / 74 Signing by hand ALICE Pay Bob $100 COSMO ALICE Cosmo Alice Alice Bank =? no yes pay Bob Dont 2 / 74 Signing electronically SIGFILE scan Alice 101 1

654 views • 43 slides
Pine Grove Area School District ALiCE Implementation What is ALiCE? ALiCE is an options-based

Pine Grove Area School District ALiCE Implementation What is ALiCE? ALiCE is an options-based

Pine Grove Area School District ALiCE Implementation What is ALiCE? ALiCE is an options-based response which can increase survivability when faced with an active intruder situation. The program relies on the premise of providing information ,

195 views • 18 slides
Optimizing with persistent data structures Adventures in CPS soup Andy Wingo ~ wingo@igalia.com

Optimizing with persistent data structures Adventures in CPS soup Andy Wingo ~ wingo@igalia.com

Optimizing with persistent data structures Adventures in CPS soup Andy Wingo ~ wingo@igalia.com wingolog.org ~ @andywingo Agenda SSA and CPS: Tribal lore A modern CPS Programs as values: structure Programs as values: transformation

701 views • 52 slides
Alice The 3D Object-Oriented Programming Environment Presentation by: Tom Goff What is Alice?

Alice The 3D Object-Oriented Programming Environment Presentation by: Tom Goff What is Alice?

Alice The 3D Object-Oriented Programming Environment Presentation by: Tom Goff What is Alice? Alice is a freely available, innovative way of teaching OOP concepts to students through storytelling. The user acts like the director of movie

308 views • 17 slides
Events (Alice In Ac.on, Ch 6) Slides Credit: Joel Adams, Alice in

Events (Alice In Ac.on, Ch 6) Slides Credit: Joel Adams, Alice in

CS 101 Lecture 26/27 Events (Alice In Ac.on, Ch 6) Slides Credit: Joel Adams, Alice in Action Objectives Programming to respond to events Create new events in Alice Create handler methods for Alice events

392 views • 17 slides
with ALICE at the LHC M. Gagliardi (INFN Torino) for the ALICE collaboration Workshop on

with ALICE at the LHC M. Gagliardi (INFN Torino) for the ALICE collaboration Workshop on

Quarkonium and heavy flavour physics with ALICE at the LHC M. Gagliardi (INFN Torino) for the ALICE collaboration Workshop on discovery physics at the LHC Kruger National Park (SA) 06/12/2010 1 Outline Physics motivation(s) The ALICE

956 views • 34 slides
ALICE Masterclass Magorzata Janik Before we start. Do you have the ALICE Masterclass files

ALICE Masterclass Magorzata Janik Before we start. Do you have the ALICE Masterclass files

ALICE Masterclass Magorzata Janik Before we start. Do you have the ALICE Masterclass files on your computer? If not, please copy them from USB stick to your local machine NOW! If you dont have ALICE software on the system

629 views • 29 slides
The Adventures of NIKA2 from the AoD perspective Bilal Ladjelate - Observing the millimeter

The Adventures of NIKA2 from the AoD perspective Bilal Ladjelate - Observing the millimeter

The Adventures of NIKA2 from the AoD perspective Bilal Ladjelate - Observing the millimeter Universe with the NIKA2 Camera Outline of these adventures Review of the di ff erent pools Overview of projects observed Evolution of NIKA2

310 views • 28 slides
TCP spoofing Alice trusts Bob (e.g., logins on Alice are allowed with no password if TCP

TCP spoofing Alice trusts Bob (e.g., logins on Alice are allowed with no password if TCP

TCP spoofing Alice trusts Bob (e.g., logins on Alice are allowed with no password if TCP connection comes from host Bob) Mallory wants to impersonate Bob when opening a TCP/IP: TCP TCP connection to Alice Steps M kills B (e.g.,

349 views • 3 slides
ALICE TPC Simulation and Reconstruction Tom Junk Fourth DUNE Near Detector Workshop March 22,

ALICE TPC Simulation and Reconstruction Tom Junk Fourth DUNE Near Detector Workshop March 22,

ALICE TPC Simulation and Reconstruction Tom Junk Fourth DUNE Near Detector Workshop March 22, 2018 Summary We propose to build a copy of the ALICE gas TPC, using the ALICE readout planes ALICE is a highly capable three-dimensional

428 views • 38 slides
Ik ben Alice In the documentary Im Alice we see a glimpse on how social bots make their

Ik ben Alice In the documentary Im Alice we see a glimpse on how social bots make their

Ik ben Alice In the documentary Im Alice we see a glimpse on how social bots make their introduction to the caretakers home. She is there to take over the communication and story-sharing role of a caretaker or family. Benjamin W.

614 views • 19 slides
Modern Data Management and Governance Benjamin Pecheux Data Management and Governance for Better

Modern Data Management and Governance Benjamin Pecheux Data Management and Governance for Better

Modern Data Management and Governance Benjamin Pecheux Data Management and Governance for Better Crowdsourced Data Applications Adventures in Crowdsourcing Webinar Series FHWA EDC-5 January 28, 2020 Agenda What is data management?

457 views • 20 slides

More recommend