non uniform concrete security an example cracks in the
play

Non-uniform Concrete security: an example cracks in the concrete: - PowerPoint PPT Presentation

Mar 10, 2024 •261 likes •1.13k views

Non-uniform Concrete security: an example cracks in the concrete: What is the best NIST P-256 the power of free precomputation discrete-log attack algorithm? D. J. Bernstein ECDL input: P-256 points P , University of Illinois at

  1. Non-uniform Concrete security: an example cracks in the concrete: What is the best NIST P-256 the power of free precomputation discrete-log attack algorithm? D. J. Bernstein ECDL input: P-256 points P❀ ◗ , University of Illinois at Chicago & where P is a standard generator. Technische Universiteit Eindhoven ECDL output: log P ◗ . Tanja Lange Standard definition of “best”: Technische Universiteit Eindhoven minimize “time”. Full 53-page paper, including progress towards formalizing collision resistance: eprint.iacr.org/2012/318

  2. Non-uniform Concrete security: an example cracks in the concrete: What is the best NIST P-256 the power of free precomputation discrete-log attack algorithm? D. J. Bernstein ECDL input: P-256 points P❀ ◗ , University of Illinois at Chicago & where P is a standard generator. Technische Universiteit Eindhoven ECDL output: log P ◗ . Tanja Lange Standard definition of “best”: Technische Universiteit Eindhoven minimize “time”. Full 53-page paper, More generally, allow attacks with including progress towards ❁ 100% success probability; formalizing collision resistance: analyze tradeoffs between eprint.iacr.org/2012/318 “time” and success probability. This talk focuses on high prob.

  3. Non-uniform Concrete security: an example P-256 discrete- ✮ in the concrete: total TLS-ECDHE-P-256 What is the best NIST P-256 wer of free precomputation Should TLS discrete-log attack algorithm? Bernstein ECDL input: P-256 points P❀ ◗ , University of Illinois at Chicago & where P is a standard generator. echnische Universiteit Eindhoven ECDL output: log P ◗ . Lange Standard definition of “best”: echnische Universiteit Eindhoven minimize “time”. 53-page paper, More generally, allow attacks with including progress towards ❁ 100% success probability; rmalizing collision resistance: analyze tradeoffs between eprint.iacr.org/2012/318 “time” and success probability. This talk focuses on high prob.

  4. Concrete security: an example P-256 discrete-log ✮ concrete: total TLS-ECDHE-P-256 What is the best NIST P-256 free precomputation Should TLS users discrete-log attack algorithm? ECDL input: P-256 points P❀ ◗ , Illinois at Chicago & where P is a standard generator. Universiteit Eindhoven ECDL output: log P ◗ . Standard definition of “best”: Universiteit Eindhoven minimize “time”. er, More generally, allow attacks with rogress towards ❁ 100% success probability; ion resistance: analyze tradeoffs between eprint.iacr.org/2012/318 “time” and success probability. This talk focuses on high prob.

  5. Concrete security: an example P-256 discrete-log attack ✮ total TLS-ECDHE-P-256 break! What is the best NIST P-256 recomputation Should TLS users worry? discrete-log attack algorithm? ECDL input: P-256 points P❀ ◗ , Chicago & where P is a standard generator. Eindhoven ECDL output: log P ◗ . Standard definition of “best”: Eindhoven minimize “time”. More generally, allow attacks with ❁ 100% success probability; resistance: analyze tradeoffs between eprint.iacr.org/2012/318 “time” and success probability. This talk focuses on high prob.

  6. Concrete security: an example P-256 discrete-log attack ✮ total TLS-ECDHE-P-256 break! What is the best NIST P-256 Should TLS users worry? discrete-log attack algorithm? ECDL input: P-256 points P❀ ◗ , where P is a standard generator. ECDL output: log P ◗ . Standard definition of “best”: minimize “time”. More generally, allow attacks with ❁ 100% success probability; analyze tradeoffs between “time” and success probability. This talk focuses on high prob.

  7. Concrete security: an example P-256 discrete-log attack ✮ total TLS-ECDHE-P-256 break! What is the best NIST P-256 Should TLS users worry? discrete-log attack algorithm? No. Many researchers have ECDL input: P-256 points P❀ ◗ , tried and failed to find good where P is a standard generator. P-256 discrete-log attacks. ECDL output: log P ◗ . Standard definition of “best”: minimize “time”. More generally, allow attacks with ❁ 100% success probability; analyze tradeoffs between “time” and success probability. This talk focuses on high prob.

  8. Concrete security: an example P-256 discrete-log attack ✮ total TLS-ECDHE-P-256 break! What is the best NIST P-256 Should TLS users worry? discrete-log attack algorithm? No. Many researchers have ECDL input: P-256 points P❀ ◗ , tried and failed to find good where P is a standard generator. P-256 discrete-log attacks. ECDL output: log P ◗ . Standard conjecture: Standard definition of “best”: For each ♣ ✷ [0 ❀ 1], minimize “time”. each P-256 ECDL algorithm with success probability ✕ ♣ More generally, allow attacks with takes “time” ✕ 2 128 ♣ 1 ❂ 2 . ❁ 100% success probability; analyze tradeoffs between Similar conjectures for AES-128, “time” and success probability. RSA-3072, etc.: see, e.g., This talk focuses on high prob. 2005 Bellare–Rogaway.

  9. Concrete security: an example P-256 discrete-log attack ✮ Concrete total TLS-ECDHE-P-256 break! is the best NIST P-256 Another Should TLS users worry? discrete-log attack algorithm? Each TLS-ECDHE-P-256 No. Many researchers have with succes ✕ ♣ input: P-256 points P❀ ◗ , ♣ ❂ tried and failed to find good takes “time” ✕ P is a standard generator. P-256 discrete-log attacks. output: log P ◗ . Standard conjecture: Standard definition of “best”: For each ♣ ✷ [0 ❀ 1], minimize “time”. each P-256 ECDL algorithm with success probability ✕ ♣ generally, allow attacks with takes “time” ✕ 2 128 ♣ 1 ❂ 2 . ❁ success probability; analyze tradeoffs between Similar conjectures for AES-128, and success probability. RSA-3072, etc.: see, e.g., talk focuses on high prob. 2005 Bellare–Rogaway.

  10. y: an example P-256 discrete-log attack ✮ Concrete reductions total TLS-ECDHE-P-256 break! est NIST P-256 Another conjecture: Should TLS users worry? attack algorithm? Each TLS-ECDHE-P-256 No. Many researchers have with success probabilit ✕ ♣ P-256 points P❀ ◗ , takes “time” ✕ 2 128 ♣ ❂ tried and failed to find good P standard generator. P-256 discrete-log attacks. log P ◗ . Standard conjecture: definition of “best”: For each ♣ ✷ [0 ❀ 1], ”. each P-256 ECDL algorithm with success probability ✕ ♣ allow attacks with takes “time” ✕ 2 128 ♣ 1 ❂ 2 . ❁ probability; tradeoffs between Similar conjectures for AES-128, success probability. RSA-3072, etc.: see, e.g., cuses on high prob. 2005 Bellare–Rogaway.

  11. example P-256 discrete-log attack ✮ Concrete reductions total TLS-ECDHE-P-256 break! P-256 Another conjecture: Should TLS users worry? rithm? Each TLS-ECDHE-P-256 attack No. Many researchers have with success probability ✕ ♣ oints P❀ ◗ , takes “time” ✕ 2 128 ♣ 1 ❂ 2 . tried and failed to find good P generator. P-256 discrete-log attacks. P ◗ Standard conjecture: est”: For each ♣ ✷ [0 ❀ 1], each P-256 ECDL algorithm with success probability ✕ ♣ attacks with takes “time” ✕ 2 128 ♣ 1 ❂ 2 . ❁ y; Similar conjectures for AES-128, robability. RSA-3072, etc.: see, e.g., prob. 2005 Bellare–Rogaway.

  12. P-256 discrete-log attack ✮ Concrete reductions total TLS-ECDHE-P-256 break! Another conjecture: Should TLS users worry? Each TLS-ECDHE-P-256 attack No. Many researchers have with success probability ✕ ♣ takes “time” ✕ 2 128 ♣ 1 ❂ 2 . tried and failed to find good P-256 discrete-log attacks. Standard conjecture: For each ♣ ✷ [0 ❀ 1], each P-256 ECDL algorithm with success probability ✕ ♣ takes “time” ✕ 2 128 ♣ 1 ❂ 2 . Similar conjectures for AES-128, RSA-3072, etc.: see, e.g., 2005 Bellare–Rogaway.

  13. P-256 discrete-log attack ✮ Concrete reductions total TLS-ECDHE-P-256 break! Another conjecture: Should TLS users worry? Each TLS-ECDHE-P-256 attack No. Many researchers have with success probability ✕ ♣ takes “time” ✕ 2 128 ♣ 1 ❂ 2 . tried and failed to find good P-256 discrete-log attacks. Why should users have any Standard conjecture: confidence in this conjecture? For each ♣ ✷ [0 ❀ 1], How many researchers each P-256 ECDL algorithm have really tried to break with success probability ✕ ♣ ECDHE-P-256? ECDSA-P-256? takes “time” ✕ 2 128 ♣ 1 ❂ 2 . ECIES-P-256? ECMQV-P-256? Similar conjectures for AES-128, Other P-256-based protocols? RSA-3072, etc.: see, e.g., Far less attention than for ECDL. 2005 Bellare–Rogaway.

  14. discrete-log attack ✮ Concrete reductions Provable TLS-ECDHE-P-256 break! Another conjecture: Prove: if TLS users worry? Each TLS-ECDHE-P-256 attack a TLS-ECDHE-P-256 Many researchers have with success probability ✕ ♣ then there takes “time” ✕ 2 128 ♣ 1 ❂ 2 . and failed to find good a P-256 discrete-log attacks. with simila Why should users have any and success Standard conjecture: confidence in this conjecture? each ♣ ✷ [0 ❀ 1], How many researchers P-256 ECDL algorithm have really tried to break success probability ✕ ♣ ECDHE-P-256? ECDSA-P-256? “time” ✕ 2 128 ♣ 1 ❂ 2 . ECIES-P-256? ECMQV-P-256? r conjectures for AES-128, Other P-256-based protocols? RSA-3072, etc.: see, e.g., Far less attention than for ECDL. Bellare–Rogaway.

Recommend

Non-uniform cracks in the concrete Daniel J. Bernstein University of Illinois at Chicago Joint

Non-uniform cracks in the concrete Daniel J. Bernstein University of Illinois at Chicago Joint

Non-uniform cracks in the concrete Daniel J. Bernstein University of Illinois at Chicago Joint work with: Tanja Lange Technische Universiteit Eindhoven Paper coming soon, including detailed credits and historical discussion. Classic

283 views • 14 slides
Non-uniform cracks in the concrete: the power of free precomputation D. J. Bernstein University

Non-uniform cracks in the concrete: the power of free precomputation D. J. Bernstein University

Non-uniform cracks in the concrete: the power of free precomputation D. J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Tanja Lange Technische Universiteit Eindhoven Full 53-page paper, including

477 views • 36 slides
Non-uniform cracks in the concrete: the power of free precomputation Daniel J. Bernstein

Non-uniform cracks in the concrete: the power of free precomputation Daniel J. Bernstein

Non-uniform cracks in the concrete: the power of free precomputation Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Tanja Lange Technische Universiteit Eindhoven eprint.iacr.org/2012/318 ,

1.02k views • 62 slides
STUDY OF THERMAL CRACKS IN CONCRETE STRUCTURES USING PROBABILITY THEORY Masami Ishikawa Tohoku

STUDY OF THERMAL CRACKS IN CONCRETE STRUCTURES USING PROBABILITY THEORY Masami Ishikawa Tohoku

STUDY OF THERMAL CRACKS IN CONCRETE STRUCTURES USING PROBABILITY THEORY Masami Ishikawa Tohoku Gakuin University, Japan Masahiro Yurugi Former Prof. of Hirosaki University, Japan JSCE Standard Spec. for concrete structures Definition of Crack

204 views • 16 slides
Fixing Cracks in the Concrete: Random Oracles with Auxiliary Input, Revisited Yevgeniy Dodis

Fixing Cracks in the Concrete: Random Oracles with Auxiliary Input, Revisited Yevgeniy Dodis

Fixing Cracks in the Concrete: Random Oracles with Auxiliary Input, Revisited Yevgeniy Dodis New York University Joint work with Siyao Guo (Simons Institute, UC Berkeley) Jonathan Katz (University of Maryland) Hash Functions Are Ubiquitous

650 views • 40 slides
How to Decide Which Cracks Practical Case of . . . Should be Repaired First: Empirical

How to Decide Which Cracks Practical Case of . . . Should be Repaired First: Empirical

Which Cracks Should . . . To Make a Proper . . . How Cracks Grow: A . . . Case of Very Short Cracks How to Decide Which Cracks Practical Case of . . . Should be Repaired First: Empirical Dependence . . . Beyond Paris Law Theoretical

624 views • 31 slides
Detecting Cracks under Bushings Detecting Cracks under Bushings in Aircraft Structures in

Detecting Cracks under Bushings Detecting Cracks under Bushings in Aircraft Structures in

Inno Innovative Materials tive Materials Air Force Research Center for Nondestructive Testin Testing T Tech chnologies, es, I Inc. c. Laboratory Evaluation Detecting Cracks under Bushings Detecting Cracks under Bushings in Aircraft

308 views • 12 slides
Better Concrete Security for Half-Gates Garbling (in the Multi-Instance Setting) Chun Guo,

Better Concrete Security for Half-Gates Garbling (in the Multi-Instance Setting) Chun Guo,

Better Concrete Security for Half-Gates Garbling (in the Multi-Instance Setting) Chun Guo, Jonathan Katz, Xiao Wang, Chenkai Weng, Yu Yu All widely used GCs have a birthday-bound security Explicit attack GC based on fix-key block cipher

313 views • 7 slides
Curriculum on The Cadet Corps Uniform Class A Uniform Class A Uniform Agenda C1. Class A

Curriculum on The Cadet Corps Uniform Class A Uniform Class A Uniform Agenda C1. Class A

Curriculum on The Cadet Corps Uniform Class A Uniform Class A Uniform Agenda C1. Class A Uniform CLASS A UNIFORM C1. Wear the Class A Uniform to standard. Class A Uniform Known as Black Service Uniform or Class A Worn mainly

502 views • 14 slides
twenty one service loads x load factors concrete holds no tension failure criteria is

twenty one service loads x load factors concrete holds no tension failure criteria is

E LEMENTS OF A RCHITECTURAL S TRUCTURES : Concrete Beam Design F ORM, B EHAVIOR, AND D ESIGN composite of concrete and steel ARCH 614 D R. A NNE N ICHOLS American Concrete Institute (ACI) S PRING 2019 design for maximum stresses

253 views • 6 slides
nineteen service loads x load factors concrete holds no tension failure criteria is

nineteen service loads x load factors concrete holds no tension failure criteria is

A RCHITECTURAL S TRUCTURES : Concrete Beam Design F ORM, B EHAVIOR, AND D ESIGN composite of concrete and steel A RCH 331 D R. A NNE N ICHOLS American Concrete Institute (ACI) S UMMER 2018 design for maximum stresses lecture limit

641 views • 9 slides
On the Concrete Security of Goldreichs PRG Yann Rotella Joint work with Geoffroy Couteau,

On the Concrete Security of Goldreichs PRG Yann Rotella Joint work with Geoffroy Couteau,

On the Concrete Security of Goldreichs PRG Yann Rotella Joint work with Geoffroy Couteau, Aurlien Dupin, Pierrick Maux and Mlissa Rossi January 31, 2019 Introduction A subexponential-time attack Algebraic cryptanalysis

1.22k views • 53 slides
Curriculum on The Cadet Corps Uniform Wear It WIth honor Class C Uniform Class C Uniform

Curriculum on The Cadet Corps Uniform Wear It WIth honor Class C Uniform Class C Uniform

Curriculum on The Cadet Corps Uniform Wear It WIth honor Class C Uniform Class C Uniform Agenda B1. Class C Uniform CLASS C UNIFORM B1. Wear the Class C Uniform to standard. Class C Uniform Fully described in CR 1-8, Chp. 8 Headgear

185 views • 14 slides
Better Concrete Security for Half-Gates Garbling (in the Multi-Instance Setting) Chun Guo

Better Concrete Security for Half-Gates Garbling (in the Multi-Instance Setting) Chun Guo

Better Concrete Security for Half-Gates Garbling (in the Multi-Instance Setting) Chun Guo Jonathan Katz Xiao Wang Chenkai Weng Yu Yu Yaos garbled circuits Two-party computation (2PC) Multiple optimizations

376 views • 20 slides
Inverse scattering for obstacles and cracks with impedance boundary conditions Fahmi Ben Hassen

Inverse scattering for obstacles and cracks with impedance boundary conditions Fahmi Ben Hassen

Introduction Obstacle scattering Inverse scattering for cracks List-to-do Inverse scattering for obstacles and cracks with impedance boundary conditions Fahmi Ben Hassen ENIT-LAMSIN, Tunis PICOF12, Palaiseau April 2011 Introduction

964 views • 68 slides
twenty two service loads x load factors concrete holds no tension failure criteria is

twenty two service loads x load factors concrete holds no tension failure criteria is

A RCHITECTURAL S TRUCTURES : Concrete Beam Design F ORM, B EHAVIOR, AND D ESIGN composite of concrete and steel ARCH 331 D R. A NNE N ICHOLS American Concrete Institute (ACI) S PRING 2018 design for maximum stresses lecture limit

346 views • 9 slides
Winter Uniform If out of uniform students must present a note of explanation to their Year Level

Winter Uniform If out of uniform students must present a note of explanation to their Year Level

Student Presentation Policy February 01, 2018 Summer Uniform If out of uniform students must present a note of explanation to their Year Level Coordinator who will issue a uniform pass. Summer Uniform (Terms 1&4) - Academic The summer

421 views • 3 slides
OVERVIEW 1 What is the Uniform Guidance? Rules that set uniform standards for the award and

OVERVIEW 1 What is the Uniform Guidance? Rules that set uniform standards for the award and

Uniform Guidance Procurement Requirements for NC Local Governments Norma Houston NC State Treasurers Conference June 26, 2018 OVERVIEW 1 What is the Uniform Guidance? Rules that set uniform standards for the award and expenditure of

731 views • 28 slides
On the Concrete Security of Goldreichs Pseudorandom Generator Geo ff roy Couteau - Aurlien

On the Concrete Security of Goldreichs Pseudorandom Generator Geo ff roy Couteau - Aurlien

On the Concrete Security of Goldreichs Pseudorandom Generator Geo ff roy Couteau - Aurlien Dupin - Pierrick Maux - Mlissa Rossi - Yann Rotella ASIACRYPT 2018/12/04 1 1 Goldreich Pseudorandom Generator (Goldreich TOCT 2000)

795 views • 64 slides
Concrete Recycling in Pavement Applications Update on the FHWA Concrete Recycling Initiative

Concrete Recycling in Pavement Applications Update on the FHWA Concrete Recycling Initiative

Concrete Recycling in Pavement Applications Update on the FHWA Concrete Recycling Initiative Tara Cavalline, Ph.D., P.E. UNC Charlotte tcavalline@uncc.edu Presentation to National Concrete consortium September 20, 2017 Concrete Recycling

618 views • 26 slides
Uniform Guidance aka UG, UniGui HUGE: CSU Harnessing Uniform Guidance Effectively An update

Uniform Guidance aka UG, UniGui HUGE: CSU Harnessing Uniform Guidance Effectively An update

Uniform Guidance aka UG, UniGui HUGE: CSU Harnessing Uniform Guidance Effectively An update for SFSU Faculty and Staff Uniform Guidance Most significant change in research administration in 50 years Uniform Guidance Reform History Feb

673 views • 33 slides
Non-Uniform Computation Lecture 10 Non-Uniform Computational Models: Circuits 1 Non-Uniform

Non-Uniform Computation Lecture 10 Non-Uniform Computational Models: Circuits 1 Non-Uniform

Non-Uniform Computation Lecture 10 Non-Uniform Computational Models: Circuits 1 Non-Uniform Computation 2 Non-Uniform Computation Uniform: Same program for all (the infinitely many) inputs 2 Non-Uniform Computation Uniform: Same program

1.36k views • 107 slides
MAZENOD COLLEGE STUDENT PRESENTATION POLICY SUMMER UNIFORM If out of uniform students must

MAZENOD COLLEGE STUDENT PRESENTATION POLICY SUMMER UNIFORM If out of uniform students must

MAZENOD COLLEGE STUDENT PRESENTATION POLICY SUMMER UNIFORM If out of uniform students must present a note of explanation to their Year Level Coordinator who will issue a uniform pass. Summer Uniform (Terms 1 & 4) - Academic The summer

305 views • 3 slides
Use of Concrete Maturity For Use of Concrete Maturity For Measuring In-Place Strength of

Use of Concrete Maturity For Use of Concrete Maturity For Measuring In-Place Strength of

Use of Concrete Maturity For Use of Concrete Maturity For Measuring In-Place Strength of Measuring In-Place Strength of Concrete Concrete Prasad Rangaraju, Ph.D., P.E. Assistant Professor Department of Civil Engineering Clemson University

1.08k views • 63 slides

More recommend