Results 1  10
of
46
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems
, 1999
"... Differential Power Analysis, first introduced by Kocher et al. in [14], is a powerful technique allowing to recover secret smart card information by monitoring power signals. In [14] a specific DPA attack against smartcards running the DES algorithm was described. As few as 1000 encryptions were su ..."
Abstract

Cited by 162 (2 self)
 Add to MetaCart
Differential Power Analysis, first introduced by Kocher et al. in [14], is a powerful technique allowing to recover secret smart card information by monitoring power signals. In [14] a specific DPA attack against smartcards running the DES algorithm was described. As few as 1000 encryptions were sufficient to recover the secret key. In this paper we generalize DPA attack to elliptic curve (EC) cryptosystems and describe a DPA on EC DiffieHellman key exchange and EC ElGamal type encryption. Those attacks enable to recover the private key stored inside the smartcard. Moreover, we suggest countermeasures that thwart our attack.
Approximating the unsatisfiability threshold of random formulas
, 1998
"... ABSTRACT: Let � be a random Boolean formula that is an instance of 3SAT. We consider the problem of computing the least real number � such that if the ratio of the number of clauses over the number of variables of � strictly exceeds �, then � is almost certainly unsatisfiable. By a wellknown and m ..."
Abstract

Cited by 82 (14 self)
 Add to MetaCart
ABSTRACT: Let � be a random Boolean formula that is an instance of 3SAT. We consider the problem of computing the least real number � such that if the ratio of the number of clauses over the number of variables of � strictly exceeds �, then � is almost certainly unsatisfiable. By a wellknown and more or less straightforward argument, it can be shown that ��5.191. This upper bound was improved by Kamath et al. to 4.758 by first providing new improved bounds for the occupancy problem. There is strong experimental evidence that the value of � is around 4.2. In this work, we define, in terms of the random formula �, a decreasing sequence of random variables such that, if the expected value of any one of them converges to zero, then � is almost certainly unsatisfiable. By letting the expected value of the first term of the sequence converge to zero, we obtain, by simple and elementary computations, an upper bound for � equal to 4.667. From the expected value of the second term of the sequence, we get the value 4.601�. In general, by letting the
SEMIRING FRAMEWORKS AND ALGORITHMS FOR SHORTESTDISTANCE PROBLEMS
, 2002
"... We define general algebraic frameworks for shortestdistance problems based on the structure of semirings. We give a generic algorithm for finding singlesource shortest distances in a weighted directed graph when the weights satisfy the conditions of our general semiring framework. The same algorit ..."
Abstract

Cited by 72 (20 self)
 Add to MetaCart
We define general algebraic frameworks for shortestdistance problems based on the structure of semirings. We give a generic algorithm for finding singlesource shortest distances in a weighted directed graph when the weights satisfy the conditions of our general semiring framework. The same algorithm can be used to solve efficiently classical shortest paths problems or to find the kshortest distances in a directed graph. It can be used to solve singlesource shortestdistance problems in weighted directed acyclic graphs over any semiring. We examine several semirings and describe some specific instances of our generic algorithms to illustrate their use and compare them with existing methods and algorithms. The proof of the soundness of all algorithms is given in detail, including their pseudocode and a full analysis of their running time complexity.
Bounding the unsatisfiability threshold of random 3SAT
"... We lower the upper bound for the threshold for random 3SAT from 4.6011 to 4.596 through two different approaches, both giving the same result. (Assuming the threshold exists, as is generally believed but still not rigorously shown.) In both approaches, we start with a sum over all truth assignments ..."
Abstract

Cited by 43 (3 self)
 Add to MetaCart
We lower the upper bound for the threshold for random 3SAT from 4.6011 to 4.596 through two different approaches, both giving the same result. (Assuming the threshold exists, as is generally believed but still not rigorously shown.) In both approaches, we start with a sum over all truth assignments that appears in an upper bound by Kirousis et al. to the the probability that a random 3SAT formula is satisfiable. In the first approach, this sum is reformulated as the partition function of a spin system consisting of n sites each of which may assume the values 0 or 1. We then obtain an asymptotic expression for this function that results from the application of an optimization technique from statistical
The Ring of kRegular Sequences
, 1992
"... The automatic sequence is the central concept at the intersection of formal language theory and number theory. It was introduced by Cobham, and has been extensively studied by Christol, Kamae, Mendes France and Rauzy, and other writers. Since the range of automatic sequences is nite, however, their ..."
Abstract

Cited by 39 (7 self)
 Add to MetaCart
The automatic sequence is the central concept at the intersection of formal language theory and number theory. It was introduced by Cobham, and has been extensively studied by Christol, Kamae, Mendes France and Rauzy, and other writers. Since the range of automatic sequences is nite, however, their descriptive power is severely limited.
Efficient NonMalleable Commitment Schemes
 In Crypto 2000, SpringerVerlag (LNCS 1880
, 2000
"... . We present e#cient nonmalleable commitment schemes based on standard assumptions such as RSA and DiscreteLog, and under the condition that the network provides publicly available RSA or DiscreteLog parameters generated by a trusted party. Our protocols require only three rounds and a few mo ..."
Abstract

Cited by 35 (2 self)
 Add to MetaCart
. We present e#cient nonmalleable commitment schemes based on standard assumptions such as RSA and DiscreteLog, and under the condition that the network provides publicly available RSA or DiscreteLog parameters generated by a trusted party. Our protocols require only three rounds and a few modular exponentiations. We also discuss the di#erence between the notion of nonmalleable commitment schemes used by Dolev, Dwork and Naor [DDN00] and the one given by Di Crescenzo, Ishai and Ostrovsky [DIO98]. 1 Introduction Loosely speaking, a commitment scheme is nonmalleable if one cannot transform the commitment of another person's secret into one of a related secret. Such nonmalleable schemes are for example important for auctions over the Internet: it is necessary that one cannot generate a valid commitment of a bid b + 1 after seeing the commitment of an unknown bid b of another participant. Unfortunately, this property is not achieved by commitment schemes in general, because ...
HIDE: an infrastructure for efficiently protecting information leakage on the address bus
 In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOSXI
, 2004
"... ABSTRACT + XOMbased secure processor has recently been introduced as a mechanism to provide copy and tamper resistant execution. XOM provides support for encryption/decryption and integrity checking. However, neither XOM nor any other current approach adequately addresses the problem of information ..."
Abstract

Cited by 28 (1 self)
 Add to MetaCart
ABSTRACT + XOMbased secure processor has recently been introduced as a mechanism to provide copy and tamper resistant execution. XOM provides support for encryption/decryption and integrity checking. However, neither XOM nor any other current approach adequately addresses the problem of information leakage via the address bus. This paper shows that without address bus protection, the XOM model is severely crippled. Two realistic attacks are shown and experiments show that 70 % of the code might be cracked and sensitive data might be exposed leading to serious security breaches. Although the problem of address bus leakage has been widely acknowledged both in industry and academia, no practical solution has ever been proposed that can provide an adequate security guarantee. The main reason is that the problem is very difficult to solve in practice due to severe performance degradation which accompanies most of the solutions. This paper presents an infrastructure called HIDE (Hardwaresupport for leakageImmune Dynamic Execution) which provides a solution consisting of chunklevel protection with hardware support and a flexible interface which can be orchestrated through the proposed compiler optimization and user specifications that allow utilizing underlying hardware solution more efficiently to provide better security guarantees. Our results show that protecting both data and code with a high level of security guarantee is possible with negligible performance penalty (1.3 % slowdown).
Program does not equal program: Constraint programming and its relationship to mathematical programming
 Interfaces
"... Arising from research in the computer science community, constraint programming is a fairly new technique for solving optimization problems. For those familiar with mathematical programming, a number of language barriers make it difficult to understand the concepts of constraint programming. In this ..."
Abstract

Cited by 26 (1 self)
 Add to MetaCart
Arising from research in the computer science community, constraint programming is a fairly new technique for solving optimization problems. For those familiar with mathematical programming, a number of language barriers make it difficult to understand the concepts of constraint programming. In this short tutorial on constraint programming, we explain how it relates to familiar mathematical programming concepts and how constraint programming and mathematical programming technologies are complementary. We assume a minimal background in linear and integer programming. G eorge Dantzig [1963] invented the simplex method for linear programming in 1947 and first described it in a paper entitled “Programming in a linear structure ” [Dantzig 1948, 1949]. Fifty years later, linear programming is now a strategictechnique used by thousands of businesses trying to optimize their global operations. In the mid1980s, researchers developed constraint programming as a computer science technique by combining developments in the artificial intelligence community with the development of new computer programming languages. Fifteen years later, constraint programming is now being seen as an important technique that complements traditional mathematical programming technologies as businesses continue to look for ways to optimize their business operations. Developed independently as a technique within the computer science literature, constraint programming is now getting attention from the operations research com
Reconfigurable acceleration for Monte Carlo based financial simulation
 in Proc. ICFPT, 2005
, 2005
"... This paper describes a novel hardware accelerator for Monte Carlo (MC) simulation, and illustrates its implementation in field programmable gate array (FPGA) technology for speeding up financial applications. Our accelerator is based on a generic architecture, which combines speed and flexibility by ..."
Abstract

Cited by 17 (12 self)
 Add to MetaCart
This paper describes a novel hardware accelerator for Monte Carlo (MC) simulation, and illustrates its implementation in field programmable gate array (FPGA) technology for speeding up financial applications. Our accelerator is based on a generic architecture, which combines speed and flexibility by integrating a pipelined MC core with an onchip instruction processor. We develop a generic number system representation for determining the choice of number representation that meets numerical precision requirements. Our approach is then used in a complex financial engineering application, involving the Brace, G¸atarek and Musiela (BGM) interest rate model for pricing derivatives. We address, in our BGM model, several challenges including the generation of Gaussian distributed random numbers and pipelining of the MC simulation. Our BGM application, based on an offtheshelf system with a Xilinx XC2VP30 device at 50 MHz, is over 25 times faster than software running on a 1.5 GHz Intel Pentium machine. 1