relaxing full codebook security a refined analysis of key
play

Relaxing Full-Codebook Security: A Refined Analysis of Key-Length - PowerPoint PPT Presentation

Nov 30, 2023 •322 likes •1.35k views

Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Relaxing Full-Codebook Security: A Refined Analysis of Key-Length Extension Schemes Peter Gai 1 Jooyoung Lee 2 Yannick Seurin 3 John Steinberger 4 Stefano

  1. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion The Ideal Cipher Model (ICM) k We will model the underlying block cipher E as an ideal cipher y x E Ideal Block Cipher Model • family of uniformly random permutations E k ( · ) • independent for each key • given as an oracle to all parties (incl. adversaries) Generic Security • attacks cannot exploit any weakness of E ⇒ “generic” attacks Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 7 / 29

  2. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion The Ideal Cipher Model (ICM) k We will model the underlying block cipher E as an ideal cipher y x E Ideal Block Cipher Model • family of uniformly random permutations E k ( · ) • independent for each key • given as an oracle to all parties (incl. adversaries) Generic Security • attacks cannot exploit any weakness of E ⇒ “generic” attacks Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 7 / 29

  3. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Key-Length Extension in the ICM k C P E E E q e q c q e q c 0 / 1 0 / 1 • q c construction queries to C k [ E ]( · ) or P ( · ) • q e ideal cipher queries to E ( · , · ) • it is computationally unbounded (information-theoretic sec.) • NB: generic attack with q e = 2 κ + n for any KLE scheme Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 8 / 29

  4. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Key-Length Extension in the ICM k C P E E E q e q c q e q c 0 / 1 0 / 1 • q c construction queries to C k [ E ]( · ) or P ( · ) • q e ideal cipher queries to E ( · , · ) • it is computationally unbounded (information-theoretic sec.) • NB: generic attack with q e = 2 κ + n for any KLE scheme Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 8 / 29

  5. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Key-Length Extension in the ICM k C P E E E q e q c q e q c 0 / 1 0 / 1 • q c construction queries to C k [ E ]( · ) or P ( · ) • q e ideal cipher queries to E ( · , · ) • it is computationally unbounded (information-theoretic sec.) • NB: generic attack with q e = 2 κ + n for any KLE scheme Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 8 / 29

  6. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Key-Length Extension in the ICM k C P E E E q e q c q e q c 0 / 1 0 / 1 • q c construction queries to C k [ E ]( · ) or P ( · ) • q e ideal cipher queries to E ( · , · ) • it is computationally unbounded (information-theoretic sec.) • NB: generic attack with q e = 2 κ + n for any KLE scheme Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 8 / 29

  7. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Full vs. Partial Codebook Query Accounting • most previous work sets q c = 2 n ( full codebook of C [ E ] ) ⇒ q e is the only complexity measure • too restrictive! • number of pt/ct pairs can be limited (frequent rekeying) • mode of operation may impose q c ≪ 2 n • we aim at studying the entire plan ( q c , q e ) previous log 2 ( q e ) work κ + n κ log 2 ( q c ) n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 9 / 29

  8. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Full vs. Partial Codebook Query Accounting • most previous work sets q c = 2 n ( full codebook of C [ E ] ) ⇒ q e is the only complexity measure • too restrictive! • number of pt/ct pairs can be limited (frequent rekeying) • mode of operation may impose q c ≪ 2 n • we aim at studying the entire plan ( q c , q e ) previous log 2 ( q e ) work κ + n κ log 2 ( q c ) n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 9 / 29

  9. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Full vs. Partial Codebook Query Accounting • most previous work sets q c = 2 n ( full codebook of C [ E ] ) ⇒ q e is the only complexity measure • too restrictive! • number of pt/ct pairs can be limited (frequent rekeying) • mode of operation may impose q c ≪ 2 n • we aim at studying the entire plan ( q c , q e ) previous log 2 ( q e ) work κ + n κ log 2 ( q c ) n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 9 / 29

  10. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Full vs. Partial Codebook Query Accounting • most previous work sets q c = 2 n ( full codebook of C [ E ] ) ⇒ q e is the only complexity measure • too restrictive! • number of pt/ct pairs can be limited (frequent rekeying) • mode of operation may impose q c ≪ 2 n • we aim at studying the entire plan ( q c , q e ) previous log 2 ( q e ) work κ + n this work κ log 2 ( q c ) n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 9 / 29

  11. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Outline Context: Key-Length Extension for Block Ciphers Main Lemma Randomized Cascading Plain Cascading Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 10 / 29

  12. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Randomized Key-Length Extension Schemes Very general class abiding to the following structure: k z φ 1 φ 2 φ r ρ 0 ρ 1 ρ r y x E E E z z z • the ρ i ’s are keyed permutations, potentially very simple (e.g. ρ i z ( x ) = x ⊕ z ) • encryption keys φ 1 ( k ) , . . . , φ r ( k ) can be deterministically related or independent Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 11 / 29

  13. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Induced Sequential Cipher k z φ 1 φ 2 φ r ρ 0 ρ 1 ρ r y x E E E z z z • k fixed and known ⇒ C [ E ] = block cipher construction using • independent public permutations P 1 , . . . , P r • key z • ⇒ induced sequential cipher (ISC) of C, denoted C • generalization of a key-alternating cipher • well-studied design in the Random Permutation Model Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 12 / 29

  14. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Induced Sequential Cipher z ρ 0 ρ 1 ρ r y x P 1 P 2 P r z z z • k fixed and known ⇒ C [ E ] = block cipher construction using • independent public permutations P 1 , . . . , P r • key z • ⇒ induced sequential cipher (ISC) of C, denoted C • generalization of a key-alternating cipher • well-studied design in the Random Permutation Model Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 12 / 29

  15. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Induced Sequential Cipher z ρ 0 ρ 1 ρ r y x P 1 P 2 P r z z z • k fixed and known ⇒ C [ E ] = block cipher construction using • independent public permutations P 1 , . . . , P r • key z • ⇒ induced sequential cipher (ISC) of C, denoted C • generalization of a key-alternating cipher • well-studied design in the Random Permutation Model Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 12 / 29

  16. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Induced Sequential Cipher z ρ 0 ρ 1 ρ r y x P 1 P 2 P r z z z • k fixed and known ⇒ C [ E ] = block cipher construction using • independent public permutations P 1 , . . . , P r • key z • ⇒ induced sequential cipher (ISC) of C, denoted C • generalization of a key-alternating cipher • well-studied design in the Random Permutation Model Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 12 / 29

  17. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Induced Sequential Cipher z ρ 0 ρ 1 ρ r y x P 1 P 2 P r z z z • k fixed and known ⇒ C [ E ] = block cipher construction using • independent public permutations P 1 , . . . , P r • key z • ⇒ induced sequential cipher (ISC) of C, denoted C • generalization of a key-alternating cipher • well-studied design in the Random Permutation Model Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 12 / 29

  18. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion KLE-to-ISC Lemma k z φ 1 φ 2 φ r ρ 0 ρ 1 ρ r y x E E E z z z Allows to reduce the security analysis of a randomized KLE C to the analysis of the Induced Sequential Cipher C Lemma For any M, ( q c , q e ) ≤ rq e Adv sprp M 2 κ + Adv sprp ( q c , M ) C C Optimizing M yields a bound that depends only on q c and q e . Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 13 / 29

  19. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion KLE-to-ISC Lemma k z φ 1 φ 2 φ r ρ 0 ρ 1 ρ r y x E E E z z z Allows to reduce the security analysis of a randomized KLE C to the analysis of the Induced Sequential Cipher C Lemma For any M, ( q c , q e ) ≤ rq e Adv sprp M 2 κ + Adv sprp ( q c , M ) C C Optimizing M yields a bound that depends only on q c and q e . Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 13 / 29

  20. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion KLE-to-ISC Lemma z ρ 0 ρ 1 ρ r y x P 1 P 2 P r z z z Allows to reduce the security analysis of a randomized KLE C to the analysis of the Induced Sequential Cipher C Lemma For any M, ( q c , q e ) ≤ rq e Adv sprp M 2 κ + Adv sprp ( q c , M ) C C Optimizing M yields a bound that depends only on q c and q e . Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 13 / 29

  21. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion KLE-to-ISC Lemma z ρ 0 ρ 1 ρ r y x P 1 P 2 P r z z z Allows to reduce the security analysis of a randomized KLE C to the analysis of the Induced Sequential Cipher C Lemma For any M, ( q c , q e ) ≤ rq e Adv sprp M 2 κ + Adv sprp ( q c , M ) C C Optimizing M yields a bound that depends only on q c and q e . Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 13 / 29

  22. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Outline Context: Key-Length Extension for Block Ciphers Main Lemma Randomized Cascading Plain Cascading Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 14 / 29

  23. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Key Whitening k y x E FX construction (generic DESX) log 2 ( q e ) κ + n • additional keys hide i./o. of E • suggested by Rivest Insec. • analyzed by [KR01] Sec. • secure when q c · q e ≪ 2 κ + n κ log 2 ( q c ) • same bound when z 0 = z 1 n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 15 / 29

  24. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Key Whitening k z 0 z 1 y x E FX construction (generic DESX) log 2 ( q e ) κ + n • additional keys hide i./o. of E • suggested by Rivest Insec. • analyzed by [KR01] Sec. • secure when q c · q e ≪ 2 κ + n κ log 2 ( q c ) • same bound when z 0 = z 1 n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 15 / 29

  25. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Key Whitening k z 0 z 1 y x E FX construction (generic DESX) log 2 ( q e ) κ + n • additional keys hide i./o. of E • suggested by Rivest Insec. • analyzed by [KR01] Sec. • secure when q c · q e ≪ 2 κ + n κ log 2 ( q c ) • same bound when z 0 = z 1 n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 15 / 29

  26. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Key Whitening k z 0 z 1 y x E FX construction (generic DESX) log 2 ( q e ) κ + n • additional keys hide i./o. of E • suggested by Rivest Insec. • analyzed by [KR01] Sec. • secure when q c · q e ≪ 2 κ + n κ log 2 ( q c ) • same bound when z 0 = z 1 n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 15 / 29

  27. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Key Whitening k z z y x E FX construction (generic DESX) log 2 ( q e ) κ + n • additional keys hide i./o. of E • suggested by Rivest Insec. • analyzed by [KR01] Sec. • secure when q c · q e ≪ 2 κ + n κ log 2 ( q c ) • same bound when z 0 = z 1 n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 15 / 29

  28. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion 2XOR construction [GT12] φ ( k ) k z z y x E E 2XOR construction log 2 ( q e ) FX • combines key-whitening and κ + n cascading • same whitening key z κ + n 2 • φ such that ∀ k , φ ( k ) � = k • [GT12] proved (tight) security κ log 2 ( q c ) for q c = 2 n and q e ≪ 2 κ + n / 2 n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 16 / 29

  29. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion 2XOR construction [GT12] φ ( k ) k z z y x E E 2XOR construction log 2 ( q e ) FX • combines key-whitening and κ + n cascading • same whitening key z κ + n 2 • φ such that ∀ k , φ ( k ) � = k • [GT12] proved (tight) security κ log 2 ( q c ) for q c = 2 n and q e ≪ 2 κ + n / 2 n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 16 / 29

  30. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion 2XOR construction [GT12] φ ( k ) k z z y x E E 2XOR construction log 2 ( q e ) FX • combines key-whitening and κ + n cascading • same whitening key z κ + n 2 • φ such that ∀ k , φ ( k ) � = k • [GT12] proved (tight) security κ log 2 ( q c ) for q c = 2 n and q e ≪ 2 κ + n / 2 n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 16 / 29

  31. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Refined Analysis of 2XOR φ ( k ) k z z y x E E log 2 ( q e ) We (tightly) complete the picture: FX κ + n • for 1 ≤ q c ≤ 2 n / 2 : same security bound as FX κ + n 2 • for 2 n / 2 ≤ q c ≤ 2 n : secure when q e ≪ 2 κ + n / 2 κ log 2 ( q c ) n 0 n 2 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 17 / 29

  32. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Refined Analysis of 2XOR φ ( k ) k z z y x E E log 2 ( q e ) We (tightly) complete the picture: FX κ + n 2XOR • for 1 ≤ q c ≤ 2 n / 2 : same security bound as FX κ + n 2 • for 2 n / 2 ≤ q c ≤ 2 n : secure when q e ≪ 2 κ + n / 2 κ log 2 ( q c ) n 0 n 2 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 17 / 29

  33. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Refined Analysis of 2XOR φ ( k ) k z z y x E E log 2 ( q e ) We (tightly) complete the picture: FX κ + n 2XOR • for 1 ≤ q c ≤ 2 n / 2 : same security bound as FX κ + n 2 • for 2 n / 2 ≤ q c ≤ 2 n : secure when q e ≪ 2 κ + n / 2 κ log 2 ( q c ) n 0 n 2 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 17 / 29

  34. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion 3XOR: Final Whitening Step Helps φ ( k ) k z z z y x E E 3XOR construction • add a final whitening step • induced sequential cipher = 2-round Even-Mansour cipher with identical keys ⇒ analyzed by [CLL + 14] • we can apply the KLE-to-ISC Lemma Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 18 / 29

  35. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion 3XOR: Final Whitening Step Helps z z z y x P 1 P 2 3XOR construction • add a final whitening step • induced sequential cipher = 2-round Even-Mansour cipher with identical keys ⇒ analyzed by [CLL + 14] • we can apply the KLE-to-ISC Lemma Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 18 / 29

  36. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion 3XOR: Final Whitening Step Helps z z z y x P 1 P 2 3XOR construction • add a final whitening step • induced sequential cipher = 2-round Even-Mansour cipher with identical keys ⇒ analyzed by [CLL + 14] • we can apply the KLE-to-ISC Lemma Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 18 / 29

  37. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion 3XOR: Final Whitening Step Helps φ ( k ) k z z z y x E E log 2 ( q e ) 2XOR (tight) κ + n κ + 3 n 4 κ + 2 n 3 κ + n log 2 ( q c ) 2 n 0 n n 2 n 3 n 4 2 3 4 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 18 / 29

  38. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion 3XOR: Final Whitening Step Helps φ ( k ) k z z z y x E E log 2 ( q e ) 2XOR (tight) κ + n 3XOR κ + 3 n 4 κ + 2 n 3 κ + n log 2 ( q c ) 2 n 0 n n 2 n 3 n 4 2 3 4 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 18 / 29

  39. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion 3XOR: Final Whitening Step Helps φ ( k ) k z z z y x E E log 2 ( q e ) 2XOR (tight) κ + n 3XOR κ + 3 n 4 κ + 2 n 3 κ + n log 2 ( q c ) 2 n 0 n n 2 n 3 n 4 2 3 4 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 18 / 29

  40. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion 3XOR: Final Whitening Step Helps φ ( k ) k z z z y x E E log 2 ( q e ) 2XOR (tight) κ + n 3XOR Gaži’s generic attack [Gaz13] κ + 3 n 4 κ + 2 n 3 κ + n log 2 ( q c ) 2 n 0 n n 2 n 3 n 4 2 3 4 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 18 / 29

  41. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion 3XOR: Final Whitening Step Helps φ ( k ) k z z z y x E E log 2 ( q e ) κ + n 3XOR Gaži’s generic attack [Gaz13] Insec. ? κ + 3 n 4 κ + 2 n 3 Sec. ? κ + n log 2 ( q c ) 2 n 0 n n 2 n 3 n 4 2 3 4 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 18 / 29

  42. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion A 2-call Construction without Rekeying φ ( k ) k z z z y x E E • drawback of 2XOR and 3XOR constructions: call the block cipher E with two distinct keys • we propose a construction calling E twice with the same key • π is a linear orthomorphism • security bound qualitatively similar to 3XOR Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 19 / 29

  43. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion A 2-call Construction without Rekeying k k z π ( z ) z y x E E • drawback of 2XOR and 3XOR constructions: call the block cipher E with two distinct keys • we propose a construction calling E twice with the same key • π is a linear orthomorphism • security bound qualitatively similar to 3XOR Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 19 / 29

  44. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion A 2-call Construction without Rekeying k k z π ( z ) z y x E E • drawback of 2XOR and 3XOR constructions: call the block cipher E with two distinct keys • we propose a construction calling E twice with the same key • π is a linear orthomorphism • security bound qualitatively similar to 3XOR Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 19 / 29

  45. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion A 2-call Construction without Rekeying k k z π ( z ) z y x E E • drawback of 2XOR and 3XOR constructions: call the block cipher E with two distinct keys • we propose a construction calling E twice with the same key • π is a linear orthomorphism • security bound qualitatively similar to 3XOR Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 19 / 29

  46. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Independent Whitening Keys (XOR-Cascade) φ 1 ( k ) φ 2 ( k ) φ r ( k ) z 0 z 1 z r y x E E E Xor-Cascade Encryption: XCE • independent whitening keys, distinct encryption keys • induced sequential cipher = iterated Even-Mansour cipher ⇒ tightly analyzed by Chen and Steinberger [CS14] • r -round XCE is secure as long as q c · q r e ≪ 2 r ( κ + n ) • matched by Gaži’s attack [Gaz13] Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 20 / 29

  47. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Independent Whitening Keys (XOR-Cascade) z 0 z 1 z r y x P 1 P 2 P r Xor-Cascade Encryption: XCE • independent whitening keys, distinct encryption keys • induced sequential cipher = iterated Even-Mansour cipher ⇒ tightly analyzed by Chen and Steinberger [CS14] • r -round XCE is secure as long as q c · q r e ≪ 2 r ( κ + n ) • matched by Gaži’s attack [Gaz13] Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 20 / 29

  48. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Independent Whitening Keys (XOR-Cascade) φ 1 ( k ) φ 2 ( k ) φ r ( k ) z 0 z 1 z r y x E E E Xor-Cascade Encryption: XCE • independent whitening keys, distinct encryption keys • induced sequential cipher = iterated Even-Mansour cipher ⇒ tightly analyzed by Chen and Steinberger [CS14] • r -round XCE is secure as long as q c · q r e ≪ 2 r ( κ + n ) • matched by Gaži’s attack [Gaz13] Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 20 / 29

  49. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Independent Whitening Keys (XOR-Cascade) φ 1 ( k ) φ 2 ( k ) φ r ( k ) z 0 z 1 z r y x E E E Xor-Cascade Encryption: XCE • independent whitening keys, distinct encryption keys • induced sequential cipher = iterated Even-Mansour cipher ⇒ tightly analyzed by Chen and Steinberger [CS14] • r -round XCE is secure as long as q c · q r e ≪ 2 r ( κ + n ) • matched by Gaži’s attack [Gaz13] Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 20 / 29

  50. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Independent Whitening Keys (XOR-Cascade) φ 1 ( k ) φ 2 ( k ) φ r ( k ) z 0 z 1 z r y x E E E log 2 ( q e ) κ + n r = + ∞ r = 3 κ + 2 n 3 r = 2 κ + n r = 1 (FX) 2 κ log 2 ( q c ) n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 20 / 29

  51. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Independent Whitening Keys (XOR-Cascade) φ 1 ( k ) φ 2 ( k ) φ r ( k ) z 0 z 1 z r y x E E E log 2 ( q e ) κ + n r = + ∞ r = 3 κ + 2 n 3 r = 2 κ + n r = 1 (FX) 2 κ log 2 ( q c ) n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 20 / 29

  52. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Independent Whitening Keys (XOR-Cascade) φ 1 ( k ) φ 2 ( k ) φ r ( k ) z 0 z 1 z r y x E E E log 2 ( q e ) κ + n r = + ∞ r = 3 κ + 2 n 3 r = 2 κ + n r = 1 (FX) 2 κ log 2 ( q c ) n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 20 / 29

  53. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Independent Whitening Keys (XOR-Cascade) φ 1 ( k ) φ 2 ( k ) φ r ( k ) z 0 z 1 z r y x E E E log 2 ( q e ) κ + n r = + ∞ r = 3 κ + 2 n 3 r = 2 κ + n r = 1 (FX) 2 κ log 2 ( q c ) n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 20 / 29

  54. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Independent Whitening Keys (XOR-Cascade) φ 1 ( k ) φ 2 ( k ) φ r ( k ) z 0 z 1 z r y x E E E log 2 ( q e ) κ + n r = + ∞ r = 3 κ + 2 n 3 r = 2 κ + n r = 1 (FX) 2 κ log 2 ( q c ) n 0 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 20 / 29

  55. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Outline Context: Key-Length Extension for Block Ciphers Main Lemma Randomized Cascading Plain Cascading Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 21 / 29

  56. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Plain Cascade Encryption k 1 k 2 k 3 k ℓ y x E E E E Cascade Encryption • encrypt ℓ times with independent keys • ℓ = 2 does not help (meet-in-the-middle attack [DH77]) • security gain starting from ℓ = 3 [BR06] • tight bound for q c = 2 n [DLMS14]: for odd ℓ , secure when q e ≪ 2 κ + ℓ − 1 ℓ + 1 n Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 22 / 29

  57. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Plain Cascade Encryption k 1 k 2 k 3 k ℓ y x E E E E Cascade Encryption • encrypt ℓ times with independent keys • ℓ = 2 does not help (meet-in-the-middle attack [DH77]) • security gain starting from ℓ = 3 [BR06] • tight bound for q c = 2 n [DLMS14]: for odd ℓ , secure when q e ≪ 2 κ + ℓ − 1 ℓ + 1 n Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 22 / 29

  58. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Plain Cascade Encryption k 1 k 2 k 3 k ℓ y x E E E E Cascade Encryption • encrypt ℓ times with independent keys • ℓ = 2 does not help (meet-in-the-middle attack [DH77]) • security gain starting from ℓ = 3 [BR06] • tight bound for q c = 2 n [DLMS14]: for odd ℓ , secure when q e ≪ 2 κ + ℓ − 1 ℓ + 1 n Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 22 / 29

  59. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Plain Cascade Encryption k 1 k 2 k 3 k ℓ y x E E E E Cascade Encryption • encrypt ℓ times with independent keys • ℓ = 2 does not help (meet-in-the-middle attack [DH77]) • security gain starting from ℓ = 3 [BR06] • tight bound for q c = 2 n [DLMS14]: for odd ℓ , secure when q e ≪ 2 κ + ℓ − 1 ℓ + 1 n Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 22 / 29

  60. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Our Analysis of Plain Cascade Encryption k 1 k 2 k 3 k 4 k 5 y x E E E E E • use 2 independent ideal ciphers E , E ′ (key-domain separation) • reveal function table of E ′ for free ⇒ randomized KLE • apply the KLE-to-ISC Lemma • generalize analysis of key-alternating ciphers of [CS14] • our result: plain cascade of length ℓ = 2 r + 1 is secure when q c · q r e ≪ 2 r ( κ + n ) , q c ≪ 2 κ , q e ≪ 2 2 κ Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 23 / 29

  61. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Our Analysis of Plain Cascade Encryption k 1 k 2 k 3 k 4 k 5 y x E ′ E E ′ E E ′ • use 2 independent ideal ciphers E , E ′ (key-domain separation) • reveal function table of E ′ for free ⇒ randomized KLE • apply the KLE-to-ISC Lemma • generalize analysis of key-alternating ciphers of [CS14] • our result: plain cascade of length ℓ = 2 r + 1 is secure when q c · q r e ≪ 2 r ( κ + n ) , q c ≪ 2 κ , q e ≪ 2 2 κ Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 23 / 29

  62. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Our Analysis of Plain Cascade Encryption k 1 k 2 k 3 k 4 k 5 y x E ′ E E ′ E E ′ • use 2 independent ideal ciphers E , E ′ (key-domain separation) • reveal function table of E ′ for free ⇒ randomized KLE • apply the KLE-to-ISC Lemma • generalize analysis of key-alternating ciphers of [CS14] • our result: plain cascade of length ℓ = 2 r + 1 is secure when q c · q r e ≪ 2 r ( κ + n ) , q c ≪ 2 κ , q e ≪ 2 2 κ Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 23 / 29

  63. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Our Analysis of Plain Cascade Encryption k 1 k 3 k 5 y x P 2 P 4 E ′ E ′ E ′ • use 2 independent ideal ciphers E , E ′ (key-domain separation) • reveal function table of E ′ for free ⇒ randomized KLE • apply the KLE-to-ISC Lemma • generalize analysis of key-alternating ciphers of [CS14] • our result: plain cascade of length ℓ = 2 r + 1 is secure when q c · q r e ≪ 2 r ( κ + n ) , q c ≪ 2 κ , q e ≪ 2 2 κ Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 23 / 29

  64. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Our Analysis of Plain Cascade Encryption k 1 k 3 k 5 y x P 2 P 4 E ′ E ′ E ′ • use 2 independent ideal ciphers E , E ′ (key-domain separation) • reveal function table of E ′ for free ⇒ randomized KLE • apply the KLE-to-ISC Lemma • generalize analysis of key-alternating ciphers of [CS14] • our result: plain cascade of length ℓ = 2 r + 1 is secure when q c · q r e ≪ 2 r ( κ + n ) , q c ≪ 2 κ , q e ≪ 2 2 κ Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 23 / 29

  65. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Our Analysis of Plain Cascade Encryption k 1 k 3 k 5 y x P 2 P 4 E ′ E ′ E ′ • use 2 independent ideal ciphers E , E ′ (key-domain separation) • reveal function table of E ′ for free ⇒ randomized KLE • apply the KLE-to-ISC Lemma • generalize analysis of key-alternating ciphers of [CS14] • our result: plain cascade of length ℓ = 2 r + 1 is secure when q c · q r e ≪ 2 r ( κ + n ) , q c ≪ 2 κ , q e ≪ 2 2 κ Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 23 / 29

  66. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion The Case of Triple Encryption k 1 k 2 k 3 y x E E E • our bound: log 2 ( q e ) κ + n q c ≪ 2 κ 2 κ q e ≪ 2 2 κ q c · q e ≪ 2 κ + n κ + n 2 • when 2 n / 2 ≤ q c ≤ 2 n ⇒ [DLMS14] bound applies κ log 2 ( q c ) ( q e ≪ 2 κ + n / 2 ) κ n n 0 2 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 24 / 29

  67. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion The Case of Triple Encryption k 1 k 2 k 3 y x E E E • our bound: log 2 ( q e ) κ + n q c ≪ 2 κ 2 κ q e ≪ 2 2 κ q c · q e ≪ 2 κ + n κ + n 2 • when 2 n / 2 ≤ q c ≤ 2 n ⇒ [DLMS14] bound applies κ log 2 ( q c ) ( q e ≪ 2 κ + n / 2 ) κ n n 0 2 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 24 / 29

  68. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion The Case of Triple Encryption k 1 k 2 k 3 y x E E E • our bound: log 2 ( q e ) κ + n q c ≪ 2 κ 2 κ q e ≪ 2 2 κ q c · q e ≪ 2 κ + n κ + n 2 • when 2 n / 2 ≤ q c ≤ 2 n ⇒ [DLMS14] bound applies κ log 2 ( q c ) ( q e ≪ 2 κ + n / 2 ) κ n n 0 2 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 24 / 29

  69. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion The Case of Triple Encryption k 1 k 2 k 3 y x E E E • our bound: log 2 ( q e ) κ + n q c ≪ 2 κ ? 2 κ q e ≪ 2 2 κ q c · q e ≪ 2 κ + n κ + n 2 • when 2 n / 2 ≤ q c ≤ 2 n ⇒ [DLMS14] bound applies κ log 2 ( q c ) ( q e ≪ 2 κ + n / 2 ) κ n n 0 2 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 24 / 29

  70. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Conclusion I log 2 ( q e ) κ + n κ + 3 n 4 κ + 2 n 3 κ + n 2 κ log 2 ( q c ) n n n 0 2 n 3 n 4 2 3 4 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 25 / 29

  71. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Conclusion I log 2 ( q e ) FX (tight) κ + n κ + 3 n 4 κ + 2 n 3 κ + n 2 κ log 2 ( q c ) n n n 0 2 n 3 n 4 2 3 4 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 25 / 29

  72. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Conclusion I log 2 ( q e ) FX (tight) κ + n 2XOR (tight) κ + 3 n 4 κ + 2 n 3 κ + n 2 κ log 2 ( q c ) n n n 0 2 n 3 n 4 2 3 4 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 25 / 29

  73. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Conclusion I log 2 ( q e ) FX (tight) κ + n 2XOR (tight) triple encryption κ + 3 n 4 κ + 2 n 3 κ + n 2 κ log 2 ( q c ) n n n 0 2 n 3 n 4 2 3 4 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 25 / 29

  74. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Conclusion I log 2 ( q e ) FX (tight) κ + n 2XOR (tight) triple encryption κ + 3 n 3XOR 4 κ + 2 n 3 κ + n 2 κ log 2 ( q c ) n n n 0 2 n 3 n 4 2 3 4 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 25 / 29

  75. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Conclusion I log 2 ( q e ) FX (tight) κ + n 2XOR (tight) triple encryption κ + 3 n 3XOR 4 2-r. xor-cascade (tight) κ + 2 n 3 (ind. whit. keys) κ + n 2 κ log 2 ( q c ) n n n 0 2 n 3 n 4 2 3 4 Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 25 / 29

  76. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Conclusion II • our results seem to advocate in favor of xor-cascade rather than plain cascade • e.g. triple encryption (3 E -calls) has similar security as • FX (1 E -call) for q c ≤ 2 n / 2 • 2XOR (2 E -calls) for 2 n / 2 ≤ q c ≤ 2 n • but this is in the ideal cipher model (information-theoretic) • FX seems to have other “computational” issues (see time-memory-data trade-off by Dinur, EC 2015) Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 26 / 29

  77. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Conclusion II • our results seem to advocate in favor of xor-cascade rather than plain cascade • e.g. triple encryption (3 E -calls) has similar security as • FX (1 E -call) for q c ≤ 2 n / 2 • 2XOR (2 E -calls) for 2 n / 2 ≤ q c ≤ 2 n • but this is in the ideal cipher model (information-theoretic) • FX seems to have other “computational” issues (see time-memory-data trade-off by Dinur, EC 2015) Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 26 / 29

  78. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Conclusion II • our results seem to advocate in favor of xor-cascade rather than plain cascade • e.g. triple encryption (3 E -calls) has similar security as • FX (1 E -call) for q c ≤ 2 n / 2 • 2XOR (2 E -calls) for 2 n / 2 ≤ q c ≤ 2 n • but this is in the ideal cipher model (information-theoretic) • FX seems to have other “computational” issues (see time-memory-data trade-off by Dinur, EC 2015) Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 26 / 29

  79. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Conclusion II • our results seem to advocate in favor of xor-cascade rather than plain cascade • e.g. triple encryption (3 E -calls) has similar security as • FX (1 E -call) for q c ≤ 2 n / 2 • 2XOR (2 E -calls) for 2 n / 2 ≤ q c ≤ 2 n • but this is in the ideal cipher model (information-theoretic) • FX seems to have other “computational” issues (see time-memory-data trade-off by Dinur, EC 2015) Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 26 / 29

  80. Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion The end. . . Thanks for your attention! Comments or questions? Gaži, Lee, Seurin, Steinberger, Tessaro Relaxing Full-Codebook Security FSE 2015 27 / 29

Recommend

Documenting cross-national comparability of survey data: the Online Codebook & Analysis of the

Documenting cross-national comparability of survey data: the Online Codebook & Analysis of the

Documenting cross-national comparability of survey data: the Online Codebook & Analysis of the Generations & Gender Programme Arianna Caporali arianna.caporali@ined.fr Institut national dtudes dmographiques, INED Abstract In

458 views • 13 slides
On the Security Margin of TinyJAMBU with Refined Differential and Linear Cryptanalysis Dhiman Saha

On the Security Margin of TinyJAMBU with Refined Differential and Linear Cryptanalysis Dhiman Saha

On the Security Margin of TinyJAMBU with Refined Differential and Linear Cryptanalysis Dhiman Saha 1 Yu Sasaki 2 Danping Shi 3,4 Ferdinand Sibleyras 5 Siwei Sun 3,4 Yingjie Zhang 3,4 1 de.ci.phe.red Lab, Department of Electrical Engineering and

444 views • 40 slides
2. Coding-Theoretic Foundations Source alphabet S Target alphabet {0, 1} Categories of

2. Coding-Theoretic Foundations Source alphabet S Target alphabet {0, 1} Categories of

2. Coding-Theoretic Foundations Source alphabet S Target alphabet {0, 1} Categories of source encoding: 1. Codebook methods: Symbols ( S ) Codewords ( W ) - Implicit / explicit codebook - Static / dynamic codebook -

413 views • 12 slides
Security analysis of a Full-Body Scanner Keaton Mowery, Eric Wustrow, Tom Wypych, Corey

Security analysis of a Full-Body Scanner Keaton Mowery, Eric Wustrow, Tom Wypych, Corey

Security analysis of a Full-Body Scanner Keaton Mowery, Eric Wustrow, Tom Wypych, Corey Singleton, Chris Comfort, Eric Rescorla, Stephen Checkoway, J. Alex Halderman, Hovav Shacham How many people been through airport security in the USA? TSA

733 views • 16 slides
Pattern Recognition Part 5: Codebook Training Gerhard Schmidt Christian-Albrechts-Universitt

Pattern Recognition Part 5: Codebook Training Gerhard Schmidt Christian-Albrechts-Universitt

Pattern Recognition Part 5: Codebook Training Gerhard Schmidt Christian-Albrechts-Universitt zu Kiel Faculty of Engineering Institute of Electrical and Information Engineering Digital Signal Processing and System Theory Codebook Training

698 views • 47 slides
An Implementation and Analysis of the Refined Projection Method For (Jacobi-)Davidson Type Methods

An Implementation and Analysis of the Refined Projection Method For (Jacobi-)Davidson Type Methods

An Implementation and Analysis of the Refined Projection Method For (Jacobi-)Davidson Type Methods Lingfei Wu Department of Computer Science College of William and Mary Advisor: Professor Andreas Stathopoulos March 18, 2015 SIAM CSE15 1 / 13

474 views • 13 slides
Millimeter Wave Hybrid Beamforming with DFT-MUB Aided Precoder Codebook Design K. Satyanarayana

Millimeter Wave Hybrid Beamforming with DFT-MUB Aided Precoder Codebook Design K. Satyanarayana

Millimeter Wave Hybrid Beamforming with DFT-MUB Aided Precoder Codebook Design K. Satyanarayana University of Southampton & InterDigital Supervisors: Mohammed El-Hajjar , Ping-Heng Kuo , Alain Mourad , Lajos Hanzo

404 views • 18 slides
An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries Dennis Andriesse , Xi Chen

An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries Dennis Andriesse , Xi Chen

An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries Dennis Andriesse , Xi Chen , Victor van der Veen , Asia Slowinska , Herbert Bos Vrije Universiteit Amsterdam Lastline, Inc. USENIX Security 2016

508 views • 19 slides
But amidst this relaxing, serene beauty, big problems are revealed the next day Difficult to

But amidst this relaxing, serene beauty, big problems are revealed the next day Difficult to

Deciphering my new onset Brain Fog Mark Drangsholt, D.D.S. M.P.H, Ph.D. Professor and Chair Department of Oral Medicine University of Washington Seattle USA drangs@uw.edu But amidst this relaxing, serene beauty, big problems are

804 views • 33 slides
Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar

Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar

Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar Pandey Indian Statistical Institute Kolkata January 14, 2012 Sumit Kumar Pandey Relaxing IND-CCA: Indistinguishability Against Chosen Outline 1

624 views • 37 slides
Codebook and Marker Sequence Design for Synchronization-Correcting Codes Victor Buttigieg 1 Johann

Codebook and Marker Sequence Design for Synchronization-Correcting Codes Victor Buttigieg 1 Johann

Outline Introduction System Description Bound Results Closure Codebook and Marker Sequence Design for Synchronization-Correcting Codes Victor Buttigieg 1 Johann A. Briffa 2 1 Department of Communications and Computer Engineering University

632 views • 29 slides
Log In Display Rates in Codebook Select View Jobs Tab Add Date & Time, Select Start the Job

Log In Display Rates in Codebook Select View Jobs Tab Add Date & Time, Select Start the Job

Log In Display Rates in Codebook Select View Jobs Tab Add Date & Time, Select Start the Job The DBS Tradesman App can be found on the DBS Portal by clicking on this Yellow box that appears on the right hand side of the Logon page on your

388 views • 35 slides
Abstraction Relaxing Synchronous Composition with Clock publics ou privs. recherche franais

Abstraction Relaxing Synchronous Composition with Clock publics ou privs. recherche franais

HAL Id: hal-00645333 scientifjques de niveau recherche, publis ou non, with Clock Abstraction. Hardware Design and Functional Languages Workshop, Mar 2009, York, Albert Cohen, Louis Mandel, Florence Plateau, Marc Pouzet. Relaxing Synchronous

490 views • 19 slides
NEW CULINARY EXPERIENCE Let Happy Jack do the cooking for you! REFINED RUSTICITY The cuisine

NEW CULINARY EXPERIENCE Let Happy Jack do the cooking for you! REFINED RUSTICITY The cuisine

NEW CULINARY EXPERIENCE Let Happy Jack do the cooking for you! REFINED RUSTICITY The cuisine of the future will see the expression of a new "refined rusticity", to seek in modern memories and emotions of the past . Enjoy the

282 views • 9 slides
Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols 01 Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief introduction to security protocols; Model checking of security protocols, particularly using the process

1.28k views • 110 slides
Learning Semantic Visual Codebook for Action Recognition by Embedding into Concept Space Behrouz

Learning Semantic Visual Codebook for Action Recognition by Embedding into Concept Space Behrouz

Learning Semantic Visual Codebook for Action Recognition by Embedding into Concept Space Behrouz Saghafi Using Spatio-temporal Features Action recognition using silhouettes or optical flow encounters difficulties when dealing with non-uniform

556 views • 27 slides
Relaxing Exclusive Control in Boolean Games Arianna Novaro IRIT, University of Toulouse F.

Relaxing Exclusive Control in Boolean Games Arianna Novaro IRIT, University of Toulouse F.

Relaxing Exclusive Control in Boolean Games Arianna Novaro IRIT, University of Toulouse F. Belardinelli U. Grandi A. Herzig D. Longin E. Lorini L. Perrussel SEGA Workshop, Prague 2018 Relaxing Exclusive Control in Boolean Games SEGA 2018

471 views • 30 slides
Softplus Log In Display Rates in Codebook Select View Jobs Tab Add Date & Time, Select Start

Softplus Log In Display Rates in Codebook Select View Jobs Tab Add Date & Time, Select Start

Flexijob Softplus Log In Display Rates in Codebook Select View Jobs Tab Add Date & Time, Select Start the Job The DBS Tradesman App can be found on Google Playstore. This App will incur charges from the developer. App will allow you to

398 views • 35 slides
Refined Cauchy/Littlewood identities and partition functions of the six-vertex model Michael

Refined Cauchy/Littlewood identities and partition functions of the six-vertex model Michael

Refined Cauchy/Littlewood identities and partition functions of the six-vertex model Michael Wheeler LPTHE (UPMC Paris 6), CNRS (Collaboration with Dan Betea and Paul Zinn-Justin ) 26 June, 2014 . . . . . . Michael Wheeler Refined Cauchy

487 views • 36 slides
Project 1 Robert Windisch Automated security check for WordPress plugins Static Code Analysis

Project 1 Robert Windisch Automated security check for WordPress plugins Static Code Analysis

Project 1 Robert Windisch Automated security check for WordPress plugins Static Code Analysis Powered by RIPS Technologies High-tech company based in Bochum, Germany Supports the full feature stack of the PHP language Detects

1.06k views • 47 slides
Whether youre relaxing on the 600m beach or trying your skills windsurfing for the first time,

Whether youre relaxing on the 600m beach or trying your skills windsurfing for the first time,

A magnificent resort surrounded by the coconut groves and the glistening Caribbean sea. Whether youre relaxing on the 600m beach or trying your skills windsurfing for the first time, theres something for the whole family here.

491 views • 27 slides
In theoretic Fgm ( X invariant k GW 1) us GW . = Ijf , M ) invariant refined ( M )

In theoretic Fgm ( X invariant k GW 1) us GW . = Ijf , M ) invariant refined ( M )

X.ge#ofQu4sche-s Virtual surfaced on . Introduction O . surface X Ici smooth CE Hak tf ( X ,Z ) , 2) projective e , . In theoretic Fgm ( X invariant k GW 1) us GW . = Ijf , M ) invariant refined ( M ) MTH ( v ) VW

537 views • 17 slides
Program Analysis with PREfast & SAL Erik Poll Digital Security group Radboud University

Program Analysis with PREfast & SAL Erik Poll Digital Security group Radboud University

Software Security Program Analysis with PREfast & SAL Erik Poll Digital Security group Radboud University Nijmegen 1 Static analysis aka source code analysis Automated analysis at compile time to find potential bugs Broad range of

499 views • 36 slides
Relaxing Constraints on Inflation Models with the Curvaton February 15, 2005 @ Sendai Int.

Relaxing Constraints on Inflation Models with the Curvaton February 15, 2005 @ Sendai Int.

Relaxing Constraints on Inflation Models with the Curvaton February 15, 2005 @ Sendai Int. Workshop Windows to New Paradigm in Particle Physics Tomo Takahashi ICRR, University of Tokyo Ref. Moroi, T.T. , Toyoda, [hep-ph/0501007]

521 views • 25 slides

More recommend