pairing based cryptography generic groups
play

Pairing-Based Cryptography & Generic Groups Lecture 22 - PowerPoint PPT Presentation

Jul 01, 2023 •370 likes •1.44k views

Pairing-Based Cryptography & Generic Groups Lecture 22 Bilinear Pairing Bilinear Pairing Two (or three) groups with an efficient pairing operation, e: G x G G T that is bilinear Bilinear Pairing Two (or three) groups with an

  1. A NIZK For Statements Involving Pairings Groth-Sahai proofs (2008) Very useful in constructions using bilinear pairings

  2. A NIZK For Statements Involving Pairings Groth-Sahai proofs (2008) Very useful in constructions using bilinear pairings Can get “perfect” witness-indistinguishability or zero-knowledge

  3. A NIZK For Statements Involving Pairings Groth-Sahai proofs (2008) Very useful in constructions using bilinear pairings Can get “perfect” witness-indistinguishability or zero-knowledge Then, soundness will be under certain computational assumptions

  4. A NIZK For Statements Involving Pairings

  5. A NIZK For Statements Involving Pairings an e.g. statement

  6. A NIZK For Statements Involving Pairings an e.g. statement I know X,Y,Z ∈ G and integers u,v,w s.t.

  7. A NIZK For Statements Involving Pairings an e.g. statement I know X,Y,Z ∈ G and integers u,v,w s.t. e(X,A) ... e(X,Y) = 1 (pairing product)

  8. A NIZK For Statements Involving Pairings an e.g. statement I know X,Y,Z ∈ G and integers u,v,w s.t. e(X,A) ... e(X,Y) = 1 (pairing product) X au ... Z bv = B (product)

  9. A NIZK For Statements Involving Pairings an e.g. statement I know X,Y,Z ∈ G and integers u,v,w s.t. e(X,A) ... e(X,Y) = 1 (pairing product) X au ... Z bv = B (product) a v + ... + b w = c

  10. A NIZK For Statements Involving Pairings an e.g. statement I know X,Y,Z ∈ G and integers u,v,w s.t. e(X,A) ... e(X,Y) = 1 (pairing product) X au ... Z bv = B (product) a v + ... + b w = c (where A,B ∈ G, integers a,b,c are known to both)

  11. A NIZK For Statements Involving Pairings an e.g. statement I know X,Y,Z ∈ G and integers u,v,w s.t. e(X,A) ... e(X,Y) = 1 (pairing product) X au ... Z bv = B (product) a v + ... + b w = c (where A,B ∈ G, integers a,b,c are known to both) Useful in proving statements like “these two commitments are to the same value”, or “I have a signature for a message with a certain property”, when appropriate commitment/signature scheme is used

  12. Applications

  13. Applications Fancy signature schemes

  14. Applications Fancy signature schemes Short group/ring signatures

  15. Applications Fancy signature schemes Short group/ring signatures Short attribute-based signatures

  16. Applications Fancy signature schemes Short group/ring signatures Short attribute-based signatures Efficient non-interactive proof of correctness of shuffle

  17. Applications Fancy signature schemes Short group/ring signatures Short attribute-based signatures Efficient non-interactive proof of correctness of shuffle Non-interactive anonymous credentials

  18. Applications Fancy signature schemes Short group/ring signatures Short attribute-based signatures Efficient non-interactive proof of correctness of shuffle Non-interactive anonymous credentials ...

  19. Some More Assumptions

  20. Some More Assumptions C-BDH Assumption: For random (a,b,c), given (g a ,g b ,g c ) infeasible to compute g abc

  21. Some More Assumptions C-BDH Assumption: For random (a,b,c), given (g a ,g b ,g c ) infeasible to compute g abc Strong DH Assumption: For random x, given (g,g x ) infeasible to find (y,g 1/x+y ). (But can check: e(g x g y , g 1/x+y ) = e(g,g).)

  22. Some More Assumptions C-BDH Assumption: For random (a,b,c), given (g a ,g b ,g c ) infeasible to compute g abc Strong DH Assumption: For random x, given (g,g x ) infeasible to find (y,g 1/x+y ). (But can check: e(g x g y , g 1/x+y ) = e(g,g).) q-SDH: Given (g,g x ,...,g x^q ), infeasible to find (y,g 1/x+y )

  23. Some More Assumptions C-BDH Assumption: For random (a,b,c), given (g a ,g b ,g c ) infeasible to compute g abc Strong DH Assumption: For random x, given (g,g x ) infeasible to find (y,g 1/x+y ). (But can check: e(g x g y , g 1/x+y ) = e(g,g).) q-SDH: Given (g,g x ,...,g x^q ), infeasible to find (y,g 1/x+y ) Decision-Linear Assumption: (g,g a ,g b ,g ax ,g by , g x+y ) and (g,g a ,g b ,g ax ,g by , g z ) are indistinguishable

  24. Some More Assumptions C-BDH Assumption: For random (a,b,c), given (g a ,g b ,g c ) infeasible to compute g abc Strong DH Assumption: For random x, given (g,g x ) infeasible to find (y,g 1/x+y ). (But can check: e(g x g y , g 1/x+y ) = e(g,g).) q-SDH: Given (g,g x ,...,g x^q ), infeasible to find (y,g 1/x+y ) Decision-Linear Assumption: (g,g a ,g b ,g ax ,g by , g x+y ) and (g,g a ,g b ,g ax ,g by , g z ) are indistinguishable Variants and other assumptions, in different settings

  25. Some More Assumptions C-BDH Assumption: For random (a,b,c), given (g a ,g b ,g c ) infeasible to compute g abc Strong DH Assumption: For random x, given (g,g x ) infeasible to find (y,g 1/x+y ). (But can check: e(g x g y , g 1/x+y ) = e(g,g).) q-SDH: Given (g,g x ,...,g x^q ), infeasible to find (y,g 1/x+y ) Decision-Linear Assumption: (g,g a ,g b ,g ax ,g by , g x+y ) and (g,g a ,g b ,g ax ,g by , g z ) are indistinguishable Variants and other assumptions, in different settings When e:G 1 xG 2 → G T : DDH in G 1 and/or G 2

  26. Some More Assumptions C-BDH Assumption: For random (a,b,c), given (g a ,g b ,g c ) infeasible to compute g abc Strong DH Assumption: For random x, given (g,g x ) infeasible to find (y,g 1/x+y ). (But can check: e(g x g y , g 1/x+y ) = e(g,g).) q-SDH: Given (g,g x ,...,g x^q ), infeasible to find (y,g 1/x+y ) Decision-Linear Assumption: (g,g a ,g b ,g ax ,g by , g x+y ) and (g,g a ,g b ,g ax ,g by , g z ) are indistinguishable Variants and other assumptions, in different settings When e:G 1 xG 2 → G T : DDH in G 1 and/or G 2 When G has composite order: Pseudorandomness of random elements from a prime order subgroup of G.

  27. Cheap Crypto

  28. Cheap Crypto A significant amount of effort/ expertise required to reduce the security to (standard) hardness assumptions

  29. Cheap Crypto A significant amount of effort/ expertise required to reduce the security to (standard) hardness assumptions Or even to new “simple” assumptions

  30. Cheap Crypto A significant amount of effort/ expertise required to reduce the security to (standard) hardness assumptions Or even to new “simple” assumptions New assumptions may not have been actively attacked

  31. Cheap Crypto A significant amount of effort/ expertise required to reduce the security to (standard) hardness assumptions Or even to new “simple” assumptions New assumptions may not have been actively attacked Sometimes the resulting schemes may be quite complicated and relatively inefficient

  32. Cheap Crypto A significant amount of effort/ expertise required to reduce the security to (standard) hardness assumptions Or even to new “simple” assumptions New assumptions may not have been actively attacked Sometimes the resulting schemes may be quite complicated and relatively inefficient Quicker/cheaper alternative: Use heuristic idealizations

  33. Cheap Crypto A significant amount of effort/ expertise required to reduce the security to (standard) hardness assumptions Or even to new “simple” assumptions New assumptions may not have been actively attacked Sometimes the resulting schemes may be quite complicated and relatively inefficient Quicker/cheaper alternative: Use heuristic idealizations Random Oracle Model

  34. Cheap Crypto A significant amount of effort/ expertise required to reduce the security to (standard) hardness assumptions Or even to new “simple” assumptions New assumptions may not have been actively attacked Sometimes the resulting schemes may be quite complicated and relatively inefficient Quicker/cheaper alternative: Use heuristic idealizations Random Oracle Model Generic Group Model

  35. Cheap Crypto A significant amount of effort/ expertise required to reduce the security to (standard) hardness assumptions Or even to new “simple” assumptions New assumptions may not have been actively attacked Sometimes the resulting schemes may be quite complicated and relatively inefficient Quicker/cheaper alternative: Use heuristic idealizations Random Oracle Model Generic Group Model Useful in at least “prototyping” new primitives (e.g. IBE)

  36. Generic Group Model

  37. Generic Group Model A group is modeled as an oracle, which uses “handles” to represent group elements

  38. Generic Group Model A group is modeled as an oracle, which uses “handles” to represent group elements The oracle maintains an internal table mapping group elements to handles one-to-one. Handles are generated arbitrarily in response to queries (say, randomly, or “symbolically”)

  39. Generic Group Model A group is modeled as an oracle, which uses “handles” to represent group elements The oracle maintains an internal table mapping group elements to handles one-to-one. Handles are generated arbitrarily in response to queries (say, randomly, or “symbolically”) Provides the following operations:

  40. Generic Group Model A group is modeled as an oracle, which uses “handles” to represent group elements The oracle maintains an internal table mapping group elements to handles one-to-one. Handles are generated arbitrarily in response to queries (say, randomly, or “symbolically”) Provides the following operations: Sample: pick random x and return Handle(x)

  41. Generic Group Model A group is modeled as an oracle, which uses “handles” to represent group elements The oracle maintains an internal table mapping group elements to handles one-to-one. Handles are generated arbitrarily in response to queries (say, randomly, or “symbolically”) Provides the following operations: Sample: pick random x and return Handle(x) Multiply: On input two handles h 1 and h 2 , return Handle(Elem( h 1 ).Elem( h 2 ))

  42. Generic Group Model A group is modeled as an oracle, which uses “handles” to represent group elements The oracle maintains an internal table mapping group elements to handles one-to-one. Handles are generated arbitrarily in response to queries (say, randomly, or “symbolically”) Provides the following operations: Sample: pick random x and return Handle(x) Multiply: On input two handles h 1 and h 2 , return Handle(Elem( h 1 ).Elem( h 2 )) Raise: On input a handle h and integer a (can be negative), return Handle(Elem(h) a )

  43. Generic Group Model A group is modeled as an oracle, which uses “handles” to represent group elements The oracle maintains an internal table mapping group elements to handles one-to-one. Handles are generated arbitrarily in response to queries (say, randomly, or “symbolically”) Provides the following operations: Sample: pick random x and return Handle(x) Multiply: On input two handles h 1 and h 2 , return Handle(Elem( h 1 ).Elem( h 2 )) Raise: On input a handle h and integer a (can be negative), return Handle(Elem(h) a ) In addition, if modeling a group with bilinear pairing, also provides the pairing operation and operations for the target group

  44. Generic Group Model A group is modeled as an oracle, which uses “handles” to represent group elements The oracle maintains an internal table mapping group elements to handles one-to-one. Handles are generated arbitrarily in response to queries (say, randomly, or “symbolically”) Provides the following operations: Sample: pick random x and return Handle(x) Multiply: On input two handles h 1 and h 2 , return Handle(Elem( h 1 ).Elem( h 2 )) Raise: On input a handle h and integer a (can be negative), return Handle(Elem(h) a ) In addition, if modeling a group with bilinear pairing, also provides the pairing operation and operations for the target group Discrete-log assumption, DDH (or B-DDH), DLin etc. are true in GGM

  45. Generic Group Model

  46. Generic Group Model Cryptographic scheme will be defined in the generic group model

  47. Generic Group Model Cryptographic scheme will be defined in the generic group model Typically an underlying group of exponentially large order

  48. Generic Group Model Cryptographic scheme will be defined in the generic group model Typically an underlying group of exponentially large order Adversary knows the underlying group structure, and may perform unlimited computations, but is allowed to query the oracle only a polynomial number of times over all

  49. Generic Group Model Cryptographic scheme will be defined in the generic group model Typically an underlying group of exponentially large order Adversary knows the underlying group structure, and may perform unlimited computations, but is allowed to query the oracle only a polynomial number of times over all Can write the discrete log of every handle as a linear polynomial (or a quadratic polynomial, if allowing pairing) in variables corresponding to the sampling operation. An “accidental collision” if two formally different polynomials give same value

  50. Generic Group Model Cryptographic scheme will be defined in the generic group model Typically an underlying group of exponentially large order Adversary knows the underlying group structure, and may perform unlimited computations, but is allowed to query the oracle only a polynomial number of times over all Can write the discrete log of every handle as a linear polynomial (or a quadratic polynomial, if allowing pairing) in variables corresponding to the sampling operation. An “accidental collision” if two formally different polynomials give same value Negligible probability of accidental collision: by “Schwartz- Zippel Lemma”, number of zeroes of a (non-zero) low-degree multi-variate polynomial is bounded

  51. Generic Group Model Cryptographic scheme will be defined in the generic group model Typically an underlying group of exponentially large order Adversary knows the underlying group structure, and may perform unlimited computations, but is allowed to query the oracle only a polynomial number of times over all Can write the discrete log of every handle as a linear polynomial (or a quadratic polynomial, if allowing pairing) in variables corresponding to the sampling operation. An “accidental collision” if two formally different polynomials give same value Negligible probability of accidental collision: by “Schwartz- Zippel Lemma”, number of zeroes of a (non-zero) low-degree multi-variate polynomial is bounded And an exhaustive analysis in terms of formal polynomials to show requisite security properties

  52. Generic Group Model

  53. Generic Group Model What does security in GGM mean?

  54. Generic Group Model What does security in GGM mean? Secure against adversaries who do not “look inside” the group

  55. Generic Group Model What does security in GGM mean? Secure against adversaries who do not “look inside” the group Risk: There maybe a simple attack against our construction because of some specific (otherwise benign) structure in the group

  56. Generic Group Model What does security in GGM mean? Secure against adversaries who do not “look inside” the group Risk: There maybe a simple attack against our construction because of some specific (otherwise benign) structure in the group No “if this scheme is broken, so are many others” guarantee

  57. Generic Group Model What does security in GGM mean? Secure against adversaries who do not “look inside” the group Risk: There maybe a simple attack against our construction because of some specific (otherwise benign) structure in the group No “if this scheme is broken, so are many others” guarantee Better practice: when possible identify simple (new) assumptions sufficient for the security of the scheme. Then prove the assumption in the generic group model

  58. “Knowledge” Assumptions

  59. “Knowledge” Assumptions KEA-1: Given (g,g a ) for a random generator g and random a, if a PPT adversary extends it to a DDH tuple (g,g a ,g b ,g ab ) then it “must know” b

  60. “Knowledge” Assumptions KEA-1: Given (g,g a ) for a random generator g and random a, if a PPT adversary extends it to a DDH tuple (g,g a ,g b ,g ab ) then it “must know” b KEA-3: Given (g,g a ,g b ,g ab ) for random g,a,b, if a PPT adversary outputs (h,h b ), then it “must know” c 1 , c 2 such that h=g c1 (g a ) c2 (and h b =(g b ) c1 (g ab ) c2 )

  61. “Knowledge” Assumptions KEA-1: Given (g,g a ) for a random generator g and random a, if a PPT adversary extends it to a DDH tuple (g,g a ,g b ,g ab ) then it “must know” b KEA-3: Given (g,g a ,g b ,g ab ) for random g,a,b, if a PPT adversary outputs (h,h b ), then it “must know” c 1 , c 2 such that h=g c1 (g a ) c2 (and h b =(g b ) c1 (g ab ) c2 ) By “fixing” KEA-2 (which forgot to consider c 1 )

  62. “Knowledge” Assumptions KEA-1: Given (g,g a ) for a random generator g and random a, if a PPT adversary extends it to a DDH tuple (g,g a ,g b ,g ab ) then it “must know” b KEA-3: Given (g,g a ,g b ,g ab ) for random g,a,b, if a PPT adversary outputs (h,h b ), then it “must know” c 1 , c 2 such that h=g c1 (g a ) c2 (and h b =(g b ) c1 (g ab ) c2 ) By “fixing” KEA-2 (which forgot to consider c 1 ) KEA-DH: Given g, if a PPT adversary extends it to a DDH tuple (g,g a ,g b ,g ab ) then it “must know” either a or b

  63. “Knowledge” Assumptions KEA-1: Given (g,g a ) for a random generator g and random a, if a PPT adversary extends it to a DDH tuple (g,g a ,g b ,g ab ) then it “must know” b KEA-3: Given (g,g a ,g b ,g ab ) for random g,a,b, if a PPT adversary outputs (h,h b ), then it “must know” c 1 , c 2 such that h=g c1 (g a ) c2 (and h b =(g b ) c1 (g ab ) c2 ) By “fixing” KEA-2 (which forgot to consider c 1 ) KEA-DH: Given g, if a PPT adversary extends it to a DDH tuple (g,g a ,g b ,g ab ) then it “must know” either a or b All provable in the generic group model (for g with large order)

  64. “Knowledge” Assumptions KEA-1: Given (g,g a ) for a random generator g and random a, if a PPT adversary extends it to a DDH tuple (g,g a ,g b ,g ab ) then it “must know” b KEA-3: Given (g,g a ,g b ,g ab ) for random g,a,b, if a PPT adversary outputs (h,h b ), then it “must know” c 1 , c 2 such that h=g c1 (g a ) c2 (and h b =(g b ) c1 (g ab ) c2 ) By “fixing” KEA-2 (which forgot to consider c 1 ) KEA-DH: Given g, if a PPT adversary extends it to a DDH tuple (g,g a ,g b ,g ab ) then it “must know” either a or b All provable in the generic group model (for g with large order) Even if the group has a bilinear pairing operation

  65. Today

  66. Today Bilinear Pairings

Recommend

Pairing-Based Cryptography & Generic Groups Lecture 21 Bilinear Pairing Bilinear Pairing

Pairing-Based Cryptography & Generic Groups Lecture 21 Bilinear Pairing Bilinear Pairing

Pairing-Based Cryptography & Generic Groups Lecture 21 Bilinear Pairing Bilinear Pairing Two (or three) groups with an efficient pairing operation, e: G x G G T that is bilinear Bilinear Pairing Two (or three) groups with an

1.67k views • 118 slides
Pairing-Based Cryptography & Generic Groups Lecture 22 1 Bilinear Pairing 2 Bilinear

Pairing-Based Cryptography & Generic Groups Lecture 22 1 Bilinear Pairing 2 Bilinear

Pairing-Based Cryptography & Generic Groups Lecture 22 1 Bilinear Pairing 2 Bilinear Pairing Two (or three) groups with an efficient pairing operation, e: G x G G T that is bilinear 2 Bilinear Pairing Two (or three) groups

1.06k views • 102 slides
Pairing based cryptography Antoine Joux DGA/SPOTI and University de Versailles

Pairing based cryptography Antoine Joux DGA/SPOTI and University de Versailles

Pairing based cryptography Antoine Joux DGA/SPOTI and University de Versailles St-Quentin-en-Yvelines France 1 Introduction: EC in cryptography Starting point: 1985 (V. Miller) Discrete logarithm based

487 views • 45 slides
Arithmetic Operators for Pairing-Based Cryptography Jean-Luc Beuchat Laboratory of Cryptography

Arithmetic Operators for Pairing-Based Cryptography Jean-Luc Beuchat Laboratory of Cryptography

Arithmetic Operators for Pairing-Based Cryptography Jean-Luc Beuchat Laboratory of Cryptography and Information Security Graduate School of Systems and Information Engineering University of Tsukuba 1-1-1 Tennodai, Tsukuba Ibaraki, 305-8573,

896 views • 58 slides
Hardware Operators for Pairing-Based Cryptography Part I: Because size matters Jean-Luc

Hardware Operators for Pairing-Based Cryptography Part I: Because size matters Jean-Luc

Hardware Operators for Pairing-Based Cryptography Part I: Because size matters Jean-Luc Beuchat Laboratory of Cryptography and Informantion Security University of Tsukuba, Japan jeanluc.beuchat@gmail.com Joint work with: enaire, LIP,

1.73k views • 139 slides
Attribute-Based Cryptography Lecture 21 And Pairing-Based Cryptography 1 Identity-Based

Attribute-Based Cryptography Lecture 21 And Pairing-Based Cryptography 1 Identity-Based

Attribute-Based Cryptography Lecture 21 And Pairing-Based Cryptography 1 Identity-Based Encryption 2 Identity-Based Encryption In PKE, KeyGen produces a random (PK,SK) pair 2 Identity-Based Encryption In PKE, KeyGen produces a random

1.47k views • 114 slides
Exponentiating in Pairing Groups Joppe W. Bos, Craig Costello, and Michael Naehrig SAC 2013

Exponentiating in Pairing Groups Joppe W. Bos, Craig Costello, and Michael Naehrig SAC 2013

Exponentiating in Pairing Groups Joppe W. Bos, Craig Costello, and Michael Naehrig SAC 2013 Vancouver, Canada August 16, 2013 Exponentiating in Pairing Groups The pairing explosion The big (bilinear) bang: [Jou00] , [SOK00] , [BF01] . . . . .

311 views • 16 slides
Finite field multiplication combining AMNS and DFT approach for Pairing Based Cryptography Nadia

Finite field multiplication combining AMNS and DFT approach for Pairing Based Cryptography Nadia

Finite field multiplication combining AMNS and DFT approach for Pairing Based Cryptography Nadia El Mrabet (1) and Christophe Negre (2) (1) Team Arith/LIRMM, Universit e Montpellier 2 (2) Team DALI/ELIAUS, Universit e de Perpignan

753 views • 49 slides
Attribute-Based Cryptography Lecture 21 And Pairing-Based Cryptography Identity-Based

Attribute-Based Cryptography Lecture 21 And Pairing-Based Cryptography Identity-Based

Attribute-Based Cryptography Lecture 21 And Pairing-Based Cryptography Identity-Based Encryption Identity-Based Encryption In PKE, KeyGen produces a random (PK,SK) pair Identity-Based Encryption In PKE, KeyGen produces a random (PK,SK) pair

1.65k views • 115 slides
Cryptography via Burnside Groups Antonio R. Nicolosi Stevens Institute of Technology Based on

Cryptography via Burnside Groups Antonio R. Nicolosi Stevens Institute of Technology Based on

Cryptography via Burnside Groups Antonio R. Nicolosi Stevens Institute of Technology Based on work w/ G.Baumslag, N.Fazio, K.Iga, L.Perret, V.Shpilrain and W.E.Skeith III Mathematics of Cryptography September 1, 2015. University of California,

1.01k views • 88 slides
A Generalized Brezing-Weng Algorithm for Constructing Pairing-Friendly Ordinary Abelian Varieties

A Generalized Brezing-Weng Algorithm for Constructing Pairing-Friendly Ordinary Abelian Varieties

Abelian Varieties and Pairing-Based Cryptography Constructing Pairing-Friendly Abelian Varieties Analyzing the Algorithm A Generalized Brezing-Weng Algorithm for Constructing Pairing-Friendly Ordinary Abelian Varieties David Freeman Stanford

537 views • 16 slides
Pairing Pairing is the process by which we condition ourselves, the teaching materials, and

Pairing Pairing is the process by which we condition ourselves, the teaching materials, and

Pairing & Manding Vincent J. Carbone Ed.D., BCBA-D NYS Licensed Behavior Analyst Carbone Clinic New York Boston Dubai www.CarboneClinic.com www.TheCarboneclinic.ae IESCUM Parma, Italy December 1,2 & 3, 2016 1 Pairing

622 views • 35 slides
Pairing time-reversal states J = 0 + (a) +m -m k F k F K k F + L.N.

Pairing time-reversal states J = 0 + (a) +m -m k F k F K k F + L.N.

Nuclear pairing from microscopic forces (with applications) Paolo Finelli Dept. of Physics and Astronomy, University of Bologna paolo. fj nelli@bo.infn.it Based on Phys. Rev. C 90, 044003 Published 21 October 2014 Pairing time-reversal

674 views • 22 slides
Secure Device Pairing What is device pairing? What is

Secure Device Pairing What is device pairing? What is

Secure Device Pairing What is device pairing? What is device pairing? What is the problem? The wireless communica8on channel is rela8vely easy to

298 views • 9 slides
New Generic Attacks on Hash-based MACs G. Leurent (Inria) New Generic Attacks on Hash-based MACs

New Generic Attacks on Hash-based MACs G. Leurent (Inria) New Generic Attacks on Hash-based MACs

Introduction New generic attacks HMAC-GOST key-recovery Conclusion New Generic Attacks on Hash-based MACs G. Leurent (Inria) New Generic Attacks on Hash-based MACs Asiacrypt 2013 1 / 22 . . . . . . . . . . . . . . . . . Gatan Leurent,

759 views • 52 slides
1 Definition of a simple generic class Why generic programming (cont.) class Pair <T> {

1 Definition of a simple generic class Why generic programming (cont.) class Pair <T> {

Topics background and goals of generic programming basics of generic classes = parameterized types generic methods for general algorithms inheritance rules for generic types Generic programming in Java bounded type parameters

261 views • 5 slides
Generic norms and metrics on countable Abelian groups Michal Doucha University of Franche-Comt

Generic norms and metrics on countable Abelian groups Michal Doucha University of Franche-Comt

Generic norms and metrics on countable Abelian groups Michal Doucha University of Franche-Comt e, Besan con, France July 27, 2016 Michal Doucha Generic norms and metrics on countable Abelian groups Plan of the talk Objective For a

641 views • 35 slides
Reveal Secrets in Adoring Poitras A generic attack on white-box cryptography Junwei Wang

Reveal Secrets in Adoring Poitras A generic attack on white-box cryptography Junwei Wang

Reveal Secrets in Adoring Poitras A generic attack on white-box cryptography Junwei Wang CryptoExperts University of Luxembourg University of Paris 8 ECRYPT-NET School on Correct and Secure Implementation October 11, 2017, Crete Outline 1

595 views • 26 slides
Outcome Outcome- -Based Education (OBE) Based Education (OBE) and Generic Skills (GS) and

Outcome Outcome- -Based Education (OBE) Based Education (OBE) and Generic Skills (GS) and

Chemical Engineering Department Workshop, 15 - 17 December 2007 Outcome Outcome- -Based Education (OBE) Based Education (OBE) and Generic Skills (GS) and Generic Skills (GS) Prof. Dr. Shahrin Mohammad Civil Engineering Faculty Universiti

1.17k views • 32 slides
T2Pair: Secure and Usable Pairing for Heterogeneous IoT Devices Xiaopeng Li, Qiang Zeng , Lannan

T2Pair: Secure and Usable Pairing for Heterogeneous IoT Devices Xiaopeng Li, Qiang Zeng , Lannan

T2Pair: Secure and Usable Pairing for Heterogeneous IoT Devices Xiaopeng Li, Qiang Zeng , Lannan Luo, Tongbo Luo CCS 2020 IoT Pairing Pairing is supposed to establish a secure communication channel IoT pairing is important for adding

345 views • 21 slides
Topological simplicity of automorphism groups of some generic ab-initio structures Zaniar

Topological simplicity of automorphism groups of some generic ab-initio structures Zaniar

Review of Generic structures Review of automorphism group of a countable structure Topological simplicity Topological simplicity of automorphism groups of some generic ab-initio structures Zaniar Ghadernezhad Institut f ur Mathematische

339 views • 20 slides
A New Family of Pairing-Friendly Elliptic Curves Michael Scott and Aurore Guillevic MIRACL.com

A New Family of Pairing-Friendly Elliptic Curves Michael Scott and Aurore Guillevic MIRACL.com

A New Family of Pairing-Friendly Elliptic Curves Michael Scott and Aurore Guillevic MIRACL.com Universit de Lorraine, CNRS, Inria, LORIA, Nancy, France WAIFI 2018, Bergen, Norway, June 1416 1 / 24 Pairings in cryptography ( G 1 , +) , ( G

473 views • 24 slides
15-853:Algorithms in the Real World Cryptography #2 15-853 Page 1 Cryptography Outline

15-853:Algorithms in the Real World Cryptography #2 15-853 Page 1 Cryptography Outline

15-853:Algorithms in the Real World Cryptography #2 15-853 Page 1 Cryptography Outline Introduction: terminology, cryptanalysis, security Private-Key Algorithms: Rijndael, DES Number Theory Groups Public-Key Algorithms: RSA, ElGamal,

525 views • 26 slides
Topological Cooper-pairing based on spin-orbit interactions 753 Topological Superconductors

Topological Cooper-pairing based on spin-orbit interactions 753 Topological Superconductors

Frontiers of Nanoscience International Center for Theoretical Physics Trieste, August 23 September 1, 2015 Topological Cooper-pairing based on spin-orbit interactions 753 Topological Superconductors or Superfluids Why are they of

358 views • 16 slides

More recommend