multilinear maps from lattices
play

Multilinear maps from lattices Constructions, attacks, and - PowerPoint PPT Presentation

Jan 17, 2024 •687 likes •2.17k views

Multilinear maps from lattices Constructions, attacks, and applications Yilei Chen (Visa Research) Crypto Innovation School Shanghai 2019 1 What are multilinear maps? 2 3 Cool. So what are the multilinear maps in cryptography? 4

  1. GGH15 > (Ring)LWE analogy: in a nutshell A, S 1 A+E 1 ,..., S k A+E k → ∏SA+E mod q > GGH15: (also appear as “cascaded LWE” in [ Koppula-Waters 16], [ Alamati-Peikert 16]) A 0 D 1 = S 1 A 1 +E 1 , A 1 D 2 = S 2 A 2 +E 2 mod q D i is sampled using the trapdoor of A i-1 39

  2. GGH15 > (Ring)LWE analogy: in a nutshell A, S 1 A+E 1 ,..., S k A+E k → ∏SA+E mod q > GGH15: (also appear as “cascaded LWE” in [ Koppula-Waters 16], [ Alamati-Peikert 16]) A 0 D 1 = S 1 A 1 +E 1 , A 1 D 2 = S 2 A 2 +E 2 mod q D i is sampled using the trapdoor of A i-1 = mod q D 1 S 1 A 1 +E 1 A 0 = mod q D 2 S 2 A 2 +E 2 A 1 40

  3. Zoom in the most important relation of S is the eigenvalue of D this talk A i-1 D i x = A i S i + E mod q D i is sampled using the trapdoor of A i-1 41

  4. GGH15 > (Ring)LWE analogy: in a nutshell A, S 1 A+E 1 ,..., S k A+E k → ∏SA+E mod q > GGH15: (also appear as “cascaded LWE” in [ Koppula-Waters 16], [ Alamati-Peikert 16]) A 0 D 1 = S 1 A 1 +E 1 , A 1 D 2 = S 2 A 2 +E 2 mod q D i is sampled using the trapdoor of A i-1 Publish A 0 , D 1 , D 2 as the encodings of S 1 , S 2 42

  5. GGH15 > (Ring)LWE analogy: in a nutshell A, S 1 A+E 1 ,..., S k A+E k → ∏SA+E mod q > GGH15: (also appear as “cascaded LWE” in [ Koppula-Waters 16], [ Alamati-Peikert 16]) A 0 D 1 = S 1 A 1 +E 1 , A 1 D 2 = S 2 A 2 +E 2 mod q D i is sampled using the trapdoor of A i-1 Publish A 0 , D 1 , D 2 as the encodings of S 1 , S 2 Eval = A 0 D 1 D 2 = (S 1 A 1 +E 1 )D 2 = S 1 S 2 A 2 + S 1 E 2 + E 1 D 2 mod q functionality small 43

  6. A toy example of GGH15 eval D 1,1 D 2,1 D 3,1 D 4,1 A 0 D 1,0 D 2,0 D 3,0 D 4,0 Eval(0110) = A 0 D 1,0 D 2,1 D 3,1 D 4,0 A i-1 D i, b = x A i S i, b + E mod q 44

  7. A toy example of GGH15 eval ( ) D 2,1 D 3,1 D 4,1 + S 1,1 E 1,1 A 1 + S 1,0 E 1,0 D 2,0 D 3,0 D 4,0 Eval(0110) = A 0 D 1,0 D 2,1 D 3,1 D 4,0 = (s 1,0 A 1 +E 1,0 )D 2,1 D 3,1 D 4,0 A i-1 D i, b = x A i S i, b + E mod q 45

  8. D 2,1 D 3,1 D 4,1 S 1,1 A 1 S 1,0 D 2,0 D 3,0 D 4,0 Eval(0110) + “small” = A 0 D 1,0 D 2,1 D 3,1 D 4,0 = (s 1,0 A 1 +E 1,0 )D 2,1 D 3,1 D 4,0 = s 1,0 A 1 D 2,1 D 3,1 D 4,0 + “small” A toy example of GGH15 eval 46

  9. ( ) D 3,1 D 4,1 + S 1,1 S 2,1 E 2,1 A 2 + S 1,0 S 2,0 E 2,0 D 3,0 D 4,0 Eval(0110) + “small” = A 0 D 1,0 D 2,1 D 3,1 D 4,0 = (s 1,0 A 1 +E 1,0 )D 2,1 D 3,1 D 4,0 = s 1,0 A 1 D 2,1 D 3,1 D 4,0 + “small” A toy example = s 1,0 (s 2,1 A 2 +E 2,1 )D 3,1 D 4,0 + “small” of GGH15 eval 47

  10. D 3,1 D 4,1 S 1,1 S 2,1 A 2 S 1,0 S 2,0 D 3,0 D 4,0 + Eval(0110) “still small” = A 0 D 1,0 D 2,1 D 3,1 D 4,0 = (s 1,0 A 1 +E 1,0 )D 2,1 D 3,1 D 4,0 = s 1,0 A 1 D 2,1 D 3,1 D 4,0 + “small” A toy example = s 1,0 (s 2,1 A 2 +E 2,1 )D 3,1 D 4,0 + “small” = s 1,0 s 2,1 A 2 D 3,1 D 4,0 + “still small” of GGH15 eval 48

  11. S 1,1 S 2,1 S 3,1 S 4,1 A 4 S 1,0 S 2,0 S 3,0 S 4,0 “still small” + Eval(0110) = A 0 D 1,0 D 2,1 D 3,1 D 4,0 = (s 1,0 A 1 +E 1,0 )D 2,1 D 3,1 D 4,0 = s 1,0 A 1 D 2,1 D 3,1 D 4,0 + “small” A toy example = s 1,0 (s 2,1 A 2 +E 2,1 )D 3,1 D 4,0 + “small” = s 1,0 s 2,1 A 2 D 3,1 D 4,0 + “still small” of GGH15 eval = s 1,0 s 2,1 s 3,1 A 3 D 4,0 + “still smallish” = s 1,0 s 2,1 s 3,1 s 4,0 A 4 + “small” 49

  12. S 1,1 S 2,1 S 3,1 S 4,1 A 4 S 1,0 S 2,0 S 3,0 S 4,0 + “small” e t a u l a v E D 1,1 D 2,1 D 3,1 D 4,1 A toy example A 0 of GGH15 eval D 1,0 D 2,0 D 3,0 D 4,0 50

  13. Functionality D 1,1 D 2,1 D 3,1 D 4,1 A 0 D 1,0 D 2,0 D 3,0 D 4,0 A 0 , S 1 A 1 +E 1 ,..., S k A k +E k → ∏SA k +E mod q Functionality: evaluate and test whether ∏S is zero or not. (Designing GGH15 applications: put structures in S i, b ) 51

  14. Functionality D 1,1 D 2,1 D 3,1 D 4,1 and Security A 0 D 1,0 D 2,0 D 3,0 D 4,0 A 0 , S 1 A 1 +E 1 ,..., S k A k +E k → ∏SA k +E mod q Functionality: evaluate and test whether ∏S is zero or not. (Designing GGH15 applications: put structures in S i, b ) Security (intuitively): hides S i, b for all i, b 52

  15. Functionality & Security S D 1,1 +E = A 1 A 0 toy examples S S = +E A 0 D 1,0 A 1 ∏SA 2 +E S D 2,1 = +E A 2 A 1 F(00) = 0 S F(01) = 1 F(10) = 1 = +E D 2,0 A 2 A 1 S F(11) = 1 53

  16. Functionality & Security S D 1,1 +E = A 1 A 0 toy examples S S = +E A 0 D 1,0 A 1 S S D 2,1 = +E A 2 A 1 S Claim: this construction hides all the structures in the S matrices. S = +E D 2,0 A 2 A 1 S 54

  17. Recall decisional LWE + E A S x A , ≈ computational A U , Permutation - LWE: A(1) A(1) S + E A(2) x A(2) S , A(3) A(3) S ≈ computational A(1) , U A(2) A(3) 55

  18. Functionality & Security S D 1,1 +E = A 1 A 0 toy examples S S = +E A 0 D 1,0 A 1 S S D 2,1 = +E A 2 A 1 S Claim: this construction hides all the structures in the S matrices. S = +E D 2,0 A 2 A 1 S 56

  19. Functionality & Security S D 1,1 +E = A 1 A 0 toy examples S S = +E A 0 D 1,0 A 1 S D 2,1 = U 2,1 A 1 = U 2,0 D 2,0 A 1 Permutation LWE 57

  20. Functionality & Security S D 1,1 +E = A 1 A 0 toy examples S S = +E A 0 D 1,0 A 1 S D 2,1 = U 2,1 A 1 = U 2,0 D 2,0 A 1 Turn off the trapdoor using GPV 58

  21. Functionality & Security U 1,1 D 1,1 = A 0 toy examples = U 1,0 A 0 D 1,0 D 2,1 = U 2,1 A 1 = U 2,0 D 2,0 A 1 Permutation LWE 59

  22. Functionality & Security U 1,1 D 1,1 = A 0 toy examples = U 1,0 A 0 D 1,0 D 2,1 = U 2,1 A 1 = U 2,0 D 2,0 A 1 Turn off the trapdoor using GPV 60

  23. Ok, looks simple. Are there insecure examples? 61

  24. For example, let S 2 = 0 in Insecurity A 0 D 1 = S 1 A 1 +E 1 , A 1 D 2 = S 2 A 2 +E 2 mod q example = mod q D 1 S 1 A 1 +E 1 A 0 = mod q D 2 E 2 A 1 62

  25. For example, let S 2 = 0 in Insecurity A 0 D 1 = S 1 A 1 +E 1 , A 1 D 2 = S 2 A 2 +E 2 mod q example D 2 becomes a “weak trapdoor” of A 1 , then S 1 is in danger = mod q D 1 S 1 A 1 +E 1 A 0 = mod q D 2 E 2 A 1 63

  26. For example, let S 2 = 0 in Insecurity A 0 D 1 = S 1 A 1 +E 1 , A 1 D 2 = S 2 A 2 +E 2 mod q example D 2 becomes a “weak trapdoor” of A 1 , then S 1 is in danger Eval = A 0 D 1 D 2 = (S 1 A 1 +E 1 )D 2 = S 1 E 2 + E 1 D 2 mod q Recover S 1 E 2 + E 1 D 2 over integers, can do many things. = mod q D 1 S 1 A 1 +E 1 A 0 = mod q D 2 E 2 A 1 64

  27. Plan of today: 1. Introduction 2. The GGH15 construction: functionality and security overview 3. Applications Open problems will be mentioned throughout the talk 65

  28. Private constrained PRFs [ Canetti, Chen 17 ] Witness encryption Multiparty key agreement [ Chen, Vaikuntanathan, Wee 18 ] Multilinear maps Indistinguishability obfuscation Deniable encryption Lockable obfuscation (Compute-then-Compare obf.) Broadcast encryption Reduction from LWE; Candidates exists; Broken 66

  29. What are private constrained PRFs? 67

  30. Private constrained Pseudorandom Function in 3 slides 68

  31. Private constrained Pseudorandom Function in 3 slides A truly random function PRF a d v With oracle access to either left or right 69

  32. Private constrained Pseudorandom Function in 3 slides original key Privately modified key a d v either the original key or the modified one Private key owner 70

  33. What are private constrained PRFs? Fine, so why is it useful? 71

  34. H i d e t h e p r o g r a i m n t h e c o n s t r a i n t Reminiscent of obfuscation ...

  35. Theorem [ Canetti Chen 17 ]: Two-key PCPRF (for a circuit class C) implies obfuscation (for C) Construction: Obf = ( K[C], K[Original] ) Obfuscation Eval(x): check consistency Eval( K[C], x) =? Eval( K[Original], x) C Z 73

  36. Jumping ahead, if you publish two constrained keys, there is an attack … In the rest of the talk, we will focus on: 1-key secure PCPRFs. 74

  37. D e c r y p t a n d e v a l 1-key PCPRF => Reusable Garbled Circuits

  38. Theorem [ Canetti Chen 17 ] 1-key PCPRF implies 1-key private-key functional encryption (reusable garbled circuits). Construction: from normal encryption Sym and PCPRF F Enc(m;r): ct = Enc Sym.K (m;r); tag = F[K](ct) FSK[Sym.K, F.K, C]: constrained key for the “decryption and eval” functionality C(Dec Sym.K ( . )) Eval: compute F[C(Dec Sym.K ( . ))](ct), and compare with tag

  39. Applications of PCPRFs: *Obfuscation Reusable garbled circuits Privately-detectable watermarking Maybe more … 77

  40. What are private constrained PRFs? Why is it useful? How to construct? 78

  41. Step 1: We need a PRF. Step 2: Add a constraint privately. 79

  42. [ Banerjee, Peikert, Rosen ’12 ] Subset-product & rounding ... s 1,1 s 2,1 s n,1 A Key: mod q ... s 1,0 s 2,0 s n,0 F(x) = { ∏s i,xi A } 2 Eval: s i,b are LWE secrets from low-norm distributions 80

  43. Rounding: {t} p : Z q -> Z p Compute t*p/q, then round to the nearest integer In this talk, p=2, q/p>exp(L), q/p ∼ super-polynomial q Amount of noise 81

  44. [ Banerjee, Peikert, Rosen 12 ] Uniform Small Unspecified Proof of pseudorandomness A is public, S i,xi are secret S 1,1 S 2,1 S 3,1 S 4,1 A mod q S 1,0 S 2,0 S 3,0 S 4,0 F(x) = { ∏s i,xi A } 2 Main observation: After rounding, can inject noises without changing functionality whp. 82

  45. [ Banerjee, Peikert, Rosen 12 ] Uniform Small Unspecified Proof of pseudorandomness A is public, S i,xi are secret S 1,1 S 2,1 S 3,1 S 4,1 A mod q S 1,0 S 2,0 S 3,0 S 4,0 F(x) = { ∏s i,xi A } 2 F(0110) = { s 1,0 s 2,1 s 3,1 s 4,0 A } 2 83

  46. [ Banerjee, Peikert, Rosen 12 ] Uniform Small Unspecified Proof of pseudorandomness A is public, S i,xi are secret S 1,1 S 2,1 S 3,1 S 4,1 A mod q S 1,0 S 2,0 S 3,0 S 4,0 F(x) = { ∏s i,xi A } 2 F(0110) = { s 1,0 s 2,1 s 3,1 s 4,0 A } 2 ≈ s { s 1,0 s 2,1 s 3,1 (s 4,0 A+E 4,0 ) } 2 84

  47. [ Banerjee, Peikert, Rosen 12 ] Uniform Small Unspecified Proof of pseudorandomness A is public, S i,xi are secret S 1,1 S 2,1 S 3,1 S 4,1 A mod q S 1,0 S 2,0 S 3,0 S 4,0 F(x) = { ∏s i,xi A } 2 F(0110) = { s 1,0 s 2,1 s 3,1 s 4,0 A } 2 ≈ s { s 1,0 s 2,1 s 3,1 (s 4,0 A+E 4,0 ) } 2 ≈ c { s 1,0 s 2,1 s 3,1 Y ***0 } 2 85

  48. [ Banerjee, Peikert, Rosen 12 ] Uniform Small Unspecified Proof of pseudorandomness A is public, S i,xi are secret S 1,1 S 2,1 S 3,1 S 4,1 A mod q S 1,0 S 2,0 S 3,0 S 4,0 F(x) = { ∏s i,xi A } 2 F(0110) = { s 1,0 s 2,1 s 3,1 s 4,0 A } 2 ≈ s { s 1,0 s 2,1 s 3,1 (s 4,0 A+E 4,0 ) } 2 ≈ c { s 1,0 s 2,1 s 3,1 Y ***0 } 2 ≈ s { s 1,0 s 2,1 (s 3,1 Y ***0 +E 3,1 ) } 2 86

  49. [ Banerjee, Peikert, Rosen 12 ] Uniform Small Unspecified Proof of pseudorandomness A is public, S i,xi are secret S 1,1 S 2,1 S 3,1 S 4,1 A mod q S 1,0 S 2,0 S 3,0 S 4,0 F(x) = { ∏s i,xi A } 2 F(0110) = { s 1,0 s 2,1 s 3,1 s 4,0 A } 2 ≈ s { s 1,0 s 2,1 s 3,1 (s 4,0 A+E 4,0 ) } 2 ≈ c { s 1,0 s 2,1 s 3,1 Y ***0 } 2 ≈ s { s 1,0 s 2,1 (s 3,1 Y ***0 +E 3,1 ) } 2 ≈ c { s 1,0 s 2,1 Y **10 } 2 ≈ … ≈{ Y 0110 } 2 87

  50. [ Banerjee, Peikert, Rosen ’12 ] Subset-product & rounding ... s 1,1 s 2,1 s n,1 A Key: mod q ... s 1,0 s 2,0 s n,0 F(x) = { ∏s i,xi A } 2 Eval: Exercise: show that taking matrix subset-product without rounding does not give a PRF. 88

  51. [ Banerjee, Peikert, Rosen ’12 ] Subset-product & rounding ... s 1,1 s 2,1 s n,1 A Key: mod q ... s 1,0 s 2,0 s n,0 F(x) = { ∏s i,xi A } 2 Eval: Open problem: prove or disprove that when q is a polynomial, the construction is a PRF. 89

  52. ... s 1,1 s 2,1 s n,1 A Key: mod q ... s 1,0 s 2,0 s n,0 F(x) = { ∏s i,xi A } 2 Eval: What we need in addition to build a Private Constrained PRF: + Embed structures in the secret terms to perform functionality (Barrington’s theorem) + A proper public mode of the function (GGH15 encoding) 90

  53. Imagine the GGH15 encoding of the PRF S 1,1 S 2,1 S 3,1 S 4,1 A 4 S 1,0 S 2,0 S 3,0 S 4,0 + “small” e t a u l a v E D 1,1 D 2,1 D 3,1 D 4,1 A 0 D 1,0 D 2,0 D 3,0 D 4,0 91

  54. Barrington’s theorem (used to embed a circuit into the key) 92

  55. 93 (Bonus) Barrington 1986: log-depth boolean circuits can be recognized by subset products of permutation matrices of width 5. Example: how to represent an AND gate P -1 Q -1 P Q 1 I I I I 0 Input wire 1 Input wire 2 Input wire 1 Input wire 2

  56. 94 (Bonus) Barrington 1986: log-depth boolean circuits can be recognized by subset products of permutation matrices of width 5. Example: how to represent an AND gate 0 and 0 1 I I I I 0 Input wire 1 Input wire 2 Input wire 1 Input wire 2

  57. 95 (Bonus) Barrington 1986: log-depth boolean circuits can be recognized by subset products of permutation matrices of width 5. Example: how to represent an AND gate 0 and 1 Q -1 Q 1 I I 0 Input wire 1 Input wire 2 Input wire 1 Input wire 2

  58. 96 (Bonus) Barrington 1986: log-depth boolean circuits can be recognized by subset products of permutation matrices of width 5. Example: how to represent an AND gate 1 and 0 P -1 P 1 I I 0 Input wire 1 Input wire 2 Input wire 1 Input wire 2

  59. 97 (Bonus) Barrington 1986: log-depth boolean circuits can be recognized by subset products of permutation matrices of width 5. Example: how to represent an AND gate 1 and 1 PQP -1 Q -1 = C ≠ I P -1 Q -1 P Q 1 0 Input wire 1 Input wire 2 Input wire 1 Input wire 2

  60. Representation of the constraint predicate: branching program 1 B 1,1 B 2,1 B 3,1 ... B L,1 0 B 1,0 B 2,0 B 3,0 ... B L,0 Eval: ∏B z(i),x_z(i) = I or C Steps 1 2 3 ... L Input z(1) z(2) z(3) ... z(L) 98

  61. We set the secrets like: S S 1,1 S 2,1 S 3,1 S 4,1 A 4 S S 1,0 S 2,0 S 3,0 S 4,0 S S S Representation of secrets (to be encoded by GGH15): B i,b ⊗ s i,b S S S S e.g. I ⊗ s = P ⊗ s = S S S S 99 S S

  62. PCPRF for NC1 constraints (permutation branching programs) 100

Recommend

More Efficient Cryptographic Multilinear Maps from Ideal Lattices Ron Steinfeld Clayton School

More Efficient Cryptographic Multilinear Maps from Ideal Lattices Ron Steinfeld Clayton School

Introduction GGH Construction GGHLite Conclusions More Efficient Cryptographic Multilinear Maps from Ideal Lattices Ron Steinfeld Clayton School of IT Monash University, Australia (Based on joint work with A. Langlois and D. Stehl e, ENS

706 views • 39 slides
Multilinear Maps over the Integers From Design to Security Tancrde Lepoint CryptoExperts The

Multilinear Maps over the Integers From Design to Security Tancrde Lepoint CryptoExperts The

Multilinear Maps over the Integers From Design to Security Tancrde Lepoint CryptoExperts The Mathematics of Modern Cryptography Workshop, July 10th 2015 Timeline: The Hype Cycle of Multilinear Maps 2 / 30 visibility Timeline time 2 / 30

1.61k views • 112 slides
Obfuscation and Weak Multilinear Maps Mark Zhandry Princeton

Obfuscation and Weak Multilinear Maps Mark Zhandry Princeton

Obfuscation and Weak Multilinear Maps Mark Zhandry Princeton University Joint work with Saikrishna Badrinarayanan , Sanjam Garg, Eric Miles, Pratyay Mukherjee, Amit Sahai,

762 views • 49 slides
Private Outsourcing of Polynomial Evaluation and Matrix Multiplication using Multilinear Maps

Private Outsourcing of Polynomial Evaluation and Matrix Multiplication using Multilinear Maps

Private Outsourcing of Polynomial Evaluation and Matrix Multiplication using Multilinear Maps Liang Feng Zhang, Reihaneh Safavi-Naini Institute for Security, Privacy and Information Assurance Department of Computer Science University of

197 views • 19 slides
A Survey of Computational Assumptions on Bilinear and Multilinear Maps Allison Bishop IEX and

A Survey of Computational Assumptions on Bilinear and Multilinear Maps Allison Bishop IEX and

A Survey of Computational Assumptions on Bilinear and Multilinear Maps Allison Bishop IEX and Columbia University Group Basics There are two kinds of people in this world. Those who like additive group notation, and those who like

657 views • 31 slides
Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from

Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from

Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from Degree-5 Multilinear maps Prabhanjan Ananth Amit Sahai Constructions of iO All current constructions of iO are based on multilinear maps [GGHRSW13,

649 views • 39 slides
Cryptanalysis of the New CLT Multilinear Map over the Integers May 11, 2016 Cheon, Fouque, Lee,

Cryptanalysis of the New CLT Multilinear Map over the Integers May 11, 2016 Cheon, Fouque, Lee,

Cryptanalysis of the New CLT Multilinear Map over the Integers May 11, 2016 Cheon, Fouque, Lee, Minuad, Ryu Cryptanlysis of CLT15 Maps May 11, 2016 1 / 26 Jung Hee Cheon 1 , Pierre-Alain Fouque 2 , 3 , Changmin Lee 1 , Brice Minaud 2 , Hansol

456 views • 28 slides
Tamari-like intervals and planar maps Wenjie Fang TU Graz Workshop on Enumerative Combinatorics,

Tamari-like intervals and planar maps Wenjie Fang TU Graz Workshop on Enumerative Combinatorics,

Tamari-like lattices Planar Maps Bijections Extensions Discussion Tamari-like intervals and planar maps Wenjie Fang TU Graz Workshop on Enumerative Combinatorics, 19 October 2017 Erwin Schr odinger Institute Tamari-like lattices Planar

737 views • 35 slides
Mult ltilinear Maps From Id Ideal Lattic ices Sanjam Garg (IBM) Joint work with Craig Gentry

Mult ltilinear Maps From Id Ideal Lattic ices Sanjam Garg (IBM) Joint work with Craig Gentry

Mult ltilinear Maps From Id Ideal Lattic ices Sanjam Garg (IBM) Joint work with Craig Gentry (IBM) and Shai Halevi (IBM) Outline Bilinear Maps: Recall and Applications Motivating Multilinear maps Our Results Definitions of

694 views • 52 slides
Random colored lattices Olivier Bernardi Joint work with Mireille Bousquet-M elou (CNRS)

Random colored lattices Olivier Bernardi Joint work with Mireille Bousquet-M elou (CNRS)

Random colored lattices Olivier Bernardi Joint work with Mireille Bousquet-M elou (CNRS) IGERT talk, Brandeis University, February 2013 Random lattices, Random surfaces Maps A map is a way of gluing polygons in order to form a connected

1.28k views • 74 slides
Lattices from Codes or Codes from Lattices Amin Sakzad Dept of Electrical and Computer Systems

Lattices from Codes or Codes from Lattices Amin Sakzad Dept of Electrical and Computer Systems

Recall Cycle-Free Codes and Lattices Lattices from Codes Codes from Lattices Lattices from Codes or Codes from Lattices Amin Sakzad Dept of Electrical and Computer Systems Engineering Monash University amin.sakzad@monash.edu Oct. 2013

851 views • 55 slides
Lecture 9: Theta functions and lattices May 12, 2020 1 / 7 Lattices in R n A lattice is an

Lecture 9: Theta functions and lattices May 12, 2020 1 / 7 Lattices in R n A lattice is an

Lecture 9: Theta functions and lattices May 12, 2020 1 / 7 Lattices in R n A lattice is an additive subgroup R n such that Z n ( is free on n generators) b Z R R n ( spans the whole real vector space) # n +

246 views • 7 slides
Partitioning via Non-Linear Polynomial Functions: More Compact IBEs from Ideal Lattices and

Partitioning via Non-Linear Polynomial Functions: More Compact IBEs from Ideal Lattices and

Partitioning via Non-Linear Polynomial Functions: More Compact IBEs from Ideal Lattices and Bilinear Maps Shuichi Katsumata (The University of Tokyo) Shota Yamada (AIST) ASIACRYPT Born in 1991 (Japan) Me Born in 1991 (Japan) Background

850 views • 62 slides
Transcendental lattices and supersingular reduction lattices of a singular K3 surface Keio, 2007

Transcendental lattices and supersingular reduction lattices of a singular K3 surface Keio, 2007

Transcendental lattices and supersingular reduction lattices of a singular K3 surface Keio, 2007 September Ichiro Shimada (Hokkaido University, Sapporo, JAPAN) By a lattice, we mean a finitely generated free Z -module equipped with a

611 views • 31 slides
Algebraic models for multilinear dependence Jason Morton Stanford University February 21, 2009

Algebraic models for multilinear dependence Jason Morton Stanford University February 21, 2009

Algebraic models for multilinear dependence Jason Morton Stanford University February 21, 2009 NSF Tensor Workshop Joint work with Lek-Heng Lim of U.C. Berkeley J. Morton (Stanford) Algebraic models for multilinear dependence 2/21/09 NSF

504 views • 37 slides
CS371m - Mobile Computing Maps Using Google Maps This lecture focuses on using Google Maps

CS371m - Mobile Computing Maps Using Google Maps This lecture focuses on using Google Maps

CS371m - Mobile Computing Maps Using Google Maps This lecture focuses on using Google Maps inside an Android app Alternatives Exist: Open Street Maps http://www.openstreetmap.org/ If you simply want to display a "standard

1.15k views • 79 slides
Lattices from Octonion Algebras Octonion Algebras Lattices via Octonion Algebras Nelson G.

Lattices from Octonion Algebras Octonion Algebras Lattices via Octonion Algebras Nelson G.

Nelson, Cintya, Sueli Lattices Lattices from Octonion Algebras Octonion Algebras Lattices via Octonion Algebras Nelson G. Brasil Junior 1 Cintya W. O. Benedito 2 Examples Sueli I. R. Costa 1 1 Institute of Mathematics, Statistics and

650 views • 6 slides
The endpoint multilinear Kakeya theorem via the BorsukUlam/LusternikSchnirelmann theorem

The endpoint multilinear Kakeya theorem via the BorsukUlam/LusternikSchnirelmann theorem

. . . . . . . . . . . . . . . . The endpoint multilinear Kakeya theorem via the BorsukUlam/LusternikSchnirelmann theorem After L. Guth, A. Carbery, I. Valdimarsson Pavel Zorin-Kranich University of Bonn Kopp, October 2017

327 views • 20 slides
Unification on Subvarieties of Introduction Algebraic Unification Pseudocomplemented lattices

Unification on Subvarieties of Introduction Algebraic Unification Pseudocomplemented lattices

Unification on Subvarieties of Pseudocomple- mented lattices L.M. Cabrer Unification on Subvarieties of Introduction Algebraic Unification Pseudocomplemented lattices Fragments of Heyting algebras P-Lattices Definition Duality

570 views • 33 slides
Computational complexity of lattice problems and cyclic lattices Lenny Fukshansky Claremont

Computational complexity of lattice problems and cyclic lattices Lenny Fukshansky Claremont

Lattices Computational complexity Complexity of cyclic lattices Well-rounded cyclic lattices Computational complexity of lattice problems and cyclic lattices Lenny Fukshansky Claremont McKenna College Undergraduate Summer Research Program

1.17k views • 65 slides
Oscillatory 1 Philip T. Gressman, University of Pennsylvania multilinear Joint work with

Oscillatory 1 Philip T. Gressman, University of Pennsylvania multilinear Joint work with

Oscillatory 1 Philip T. Gressman, University of Pennsylvania multilinear Joint work with Ellen Urheim Radon-like transforms In honor of the 90th birthday of Guido Weiss 2 Problem Statement This falls within the framework of Christ,

425 views • 10 slides
Numerical methods for the best low multilinear rank approximation of higher-order tensors M.

Numerical methods for the best low multilinear rank approximation of higher-order tensors M.

Introduction Some applications Algorithms Local minima Numerical methods for the best low multilinear rank approximation of higher-order tensors M. Ishteva 1 .-A. Absil 1 S. Van Huffel 2 L. De Lathauwer 2 , 3 P 1 Department of Mathematical

461 views • 45 slides
Some topological lattices. Walter Taylor Algebras Lattices in Hawaii 2018 Honoring R. Freese, W.

Some topological lattices. Walter Taylor Algebras Lattices in Hawaii 2018 Honoring R. Freese, W.

Some topological lattices. Walter Taylor Algebras Lattices in Hawaii 2018 Honoring R. Freese, W. Lampe, J. B. Nation May 24, 2018 Our subject matter. We will be concerned with some finite two-dimensional simplicial complexes, such as (Three

796 views • 57 slides
An enumerative relationship between maps and 4-regular maps Michael La Croix April 9, 2008 An

An enumerative relationship between maps and 4-regular maps Michael La Croix April 9, 2008 An

An enumerative relationship between maps and 4-regular maps Michael La Croix April 9, 2008 An enumerative relationship between maps and 4-regular maps Outline 1 Background Surfaces Maps Rooted Maps 2 Map Enumeration A Counting Problem A

1.28k views • 126 slides

More recommend