Abstract not found

Differential Power Analysis, first introduced by Kocher et al. in [14], is a powerful technique allowing to recover secret smart card information by monitoring power signals. In [14] a specific DPA attack against smart-cards running the DES algorithm was described. As few as 1000 encryptions were sufficient to recover the secret key. In this paper we generalize DPA attack to elliptic curve (EC) cryptosystems and describe a DPA on EC Diffie-Hellman key exchange and EC El-Gamal type encryption. Those attacks enable to recover the private key stored inside the smart-card. Moreover, we suggest countermeasures that thwart our attack.

ABSTRACT: Let � be a random Boolean formula that is an instance of 3-SAT. We consider the problem of computing the least real number � such that if the ratio of the number of clauses over the number of variables of � strictly exceeds �, then � is almost certainly unsatisfiable. By a well-known and more or less straightforward argument, it can be shown that ��5.191. This upper bound was improved by Kamath et al. to 4.758 by first providing new improved bounds for the occupancy problem. There is strong experimental evidence that the value of � is around 4.2. In this work, we define, in terms of the random formula �, a decreasing sequence of random variables such that, if the expected value of any one of them converges to zero, then � is almost certainly unsatisfiable. By letting the expected value of the first term of the sequence converge to zero, we obtain, by simple and elementary computations, an upper bound for � equal to 4.667. From the expected value of the second term of the sequence, we get the value 4.601�. In general, by letting the

We define general algebraic frameworks for shortest-distance problems based on the structure of semirings. We give a generic algorithm for finding single-source shortest distances in a weighted directed graph when the weights satisfy the conditions of our general semiring framework. The same algorithm can be used to solve efficiently classical shortest paths problems or to find the k-shortest distances in a directed graph. It can be used to solve single-source shortest-distance problems in weighted directed acyclic graphs over any semiring. We examine several semirings and describe some specific instances of our generic algorithms to illustrate their use and compare them with existing methods and algorithms. The proof of the soundness of all algorithms is given in detail, including their pseudocode and a full analysis of their running time complexity.

We lower the upper bound for the threshold for random 3-SAT from 4.6011 to 4.596 through two different approaches, both giving the same result. (Assuming the threshold exists, as is generally believed but still not rigorously shown.) In both approaches, we start with a sum over all truth assignments that appears in an upper bound by Kirousis et al. to the the probability that a random 3-SAT formula is satisfiable. In the first approach, this sum is reformulated as the partition function of a spin system consisting of n sites each of which may assume the values 0 or 1. We then obtain an asymptotic expression for this function that results from the application of an optimization technique from statistical

. We present e#cient non-malleable commitment schemes based on standard assumptions such as RSA and Discrete-Log, and under the condition that the network provides publicly available RSA or Discrete-Log parameters generated by a trusted party. Our protocols require only three rounds and a few modular exponentiations. We also discuss the di#erence between the notion of non-malleable commitment schemes used by Dolev, Dwork and Naor [DDN00] and the one given by Di Crescenzo, Ishai and Ostrovsky [DIO98]. 1 Introduction Loosely speaking, a commitment scheme is non-malleable if one cannot transform the commitment of another person's secret into one of a related secret. Such non-malleable schemes are for example important for auctions over the Internet: it is necessary that one cannot generate a valid commitment of a bid b + 1 after seeing the commitment of an unknown bid b of another participant. Unfortunately, this property is not achieved by commitment schemes in general, because ...

The automatic sequence is the central concept at the intersection of formal language theory and number theory. It was introduced by Cobham, and has been extensively studied by Christol, Kamae, Mendes France and Rauzy, and other writers. Since the range of automatic sequences is nite, however, their descriptive power is severely limited.

Arising from research in the computer science community, constraint programming is a fairly new technique for solving optimization problems. For those familiar with mathematical programming, a number of language barriers make it difficult to understand the concepts of constraint programming. In this short tutorial on constraint programming, we explain how it relates to familiar mathematical programming concepts and how constraint programming and mathematical programming technologies are complementary. We assume a minimal background in linear and integer programming. G eorge Dantzig [1963] invented the simplex method for linear programming in 1947 and first described it in a paper entitled “Programming in a linear structure ” [Dantzig 1948, 1949]. Fifty years later, linear programming is now a strategictechnique used by thousands of businesses trying to optimize their global operations. In the mid-1980s, researchers developed constraint programming as a computer science technique by combining developments in the artificial intelligence community with the development of new computer programming languages. Fifteen years later, constraint programming is now being seen as an important technique that complements traditional mathematical programming technologies as businesses continue to look for ways to optimize their business operations. Developed independently as a technique within the computer science literature, constraint programming is now getting attention from the operations research com-

This paper describes a novel hardware accelerator for Monte Carlo (MC) simulation, and illustrates its implementation in field programmable gate array (FPGA) technology for speeding up financial applications. Our accelerator is based on a generic architecture, which combines speed and flexibility by integrating a pipelined MC core with an on-chip instruction processor. We develop a generic number system representation for determining the choice of number representation that meets numerical precision requirements. Our approach is then used in a complex financial engineering application, involving the Brace, G¸atarek and Musiela (BGM) interest rate model for pricing derivatives. We address, in our BGM model, several challenges including the generation of Gaussian distributed random numbers and pipelining of the MC simulation. Our BGM application, based on an off-the-shelf system with a Xilinx XC2VP30 device at 50 MHz, is over 25 times faster than software running on a 1.5 GHz Intel Pentium machine. 1

. We consider digit expansions in base q 2 with arbitrary integer digits such that the length of the expansion plus the sum of the absolute values of the digits is minimal. Since this does not determine a unique minimal representation, we describe some reduced minimal expansions. We completely characterize its syntactical properties, give a simple algorithm to compute the reduced minimal expansion and a formula to compute a single digit without having to compute the others, and we calculate the average cost of such an expansion. 1. Introduction On several occasions, representations of integers in redundant number systems have been studied. The motivation usually comes from various applications where \better" representations of an integer result in faster computations. We give an example from public key cryptography using elliptic curves: These cryptosystems rely on the fact that it is rather easy to compute a multiple nP of a given point on an elliptic curve E(F q ), but there is no...