Results 1  10
of
70
RegionBased Memory Management
, 1997
"... This paper describes a memory management discipline for programs that perform dynamic memory allocation and deallocation. At runtime, all values are put into regions. The store consists of a stack of regions. All points of region allocation and deallocation are inferred automatically, using a type ..."
Abstract

Cited by 294 (8 self)
 Add to MetaCart
This paper describes a memory management discipline for programs that perform dynamic memory allocation and deallocation. At runtime, all values are put into regions. The store consists of a stack of regions. All points of region allocation and deallocation are inferred automatically, using a type and effect based program analysis. The scheme does not assume the presence of a garbage collector. The scheme was first presented by Tofte and Talpin (1994); subsequently, it has been tested in The ML Kit with Regions, a regionbased, garbagecollection free implementation of the Standard ML Core language, which includes recursive datatypes, higherorder functions and updatable references (Birkedal et al. 96, Elsman and Hallenberg 95). This paper defines a regionbased dynamic semantics for a skeletal programming language extracted from Standard ML. We present the inference system which specifies where regions can be allocated and deallocated and a detailed proof that the system is sound wi...
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems
, 1999
"... Differential Power Analysis, first introduced by Kocher et al. in [14], is a powerful technique allowing to recover secret smart card information by monitoring power signals. In [14] a specific DPA attack against smartcards running the DES algorithm was described. As few as 1000 encryptions were su ..."
Abstract

Cited by 189 (2 self)
 Add to MetaCart
Differential Power Analysis, first introduced by Kocher et al. in [14], is a powerful technique allowing to recover secret smart card information by monitoring power signals. In [14] a specific DPA attack against smartcards running the DES algorithm was described. As few as 1000 encryptions were sufficient to recover the secret key. In this paper we generalize DPA attack to elliptic curve (EC) cryptosystems and describe a DPA on EC DiffieHellman key exchange and EC ElGamal type encryption. Those attacks enable to recover the private key stored inside the smartcard. Moreover, we suggest countermeasures that thwart our attack.
Fast Key Exchange with Elliptic Curve Systems
, 1995
"... The DiffieHellman key exchange algorithm can be implemented using the group of points on an elliptic curve over the field F 2 n . A software version of this using n = 155 can be optimized to achieve computation rates that are significantly faster than nonelliptic curve versions with a similar leve ..."
Abstract

Cited by 106 (2 self)
 Add to MetaCart
The DiffieHellman key exchange algorithm can be implemented using the group of points on an elliptic curve over the field F 2 n . A software version of this using n = 155 can be optimized to achieve computation rates that are significantly faster than nonelliptic curve versions with a similar level of security. The fast computation of reciprocals in F 2 n is the key to the highly efficient implementation described here. March 31, 1995 Department of Computer Science The University of Arizona Tucson, AZ 1 Introduction The DiffieHellman key exchange algorithm [10] is a very useful method for initiating a conversation between two previously unintroduced parties. It relies on exponentiation in a large group, and the software implementation of the group operation is usually computationally intensive. The algorithm has been proposed as an Internet standard [13], and the benefit of an efficient implementation would be that it could be widely deployed across a variety of platforms, greatl...
Approximating the unsatisfiability threshold of random formulas
, 1998
"... ABSTRACT: Let � be a random Boolean formula that is an instance of 3SAT. We consider the problem of computing the least real number � such that if the ratio of the number of clauses over the number of variables of � strictly exceeds �, then � is almost certainly unsatisfiable. By a wellknown and m ..."
Abstract

Cited by 82 (14 self)
 Add to MetaCart
ABSTRACT: Let � be a random Boolean formula that is an instance of 3SAT. We consider the problem of computing the least real number � such that if the ratio of the number of clauses over the number of variables of � strictly exceeds �, then � is almost certainly unsatisfiable. By a wellknown and more or less straightforward argument, it can be shown that ��5.191. This upper bound was improved by Kamath et al. to 4.758 by first providing new improved bounds for the occupancy problem. There is strong experimental evidence that the value of � is around 4.2. In this work, we define, in terms of the random formula �, a decreasing sequence of random variables such that, if the expected value of any one of them converges to zero, then � is almost certainly unsatisfiable. By letting the expected value of the first term of the sequence converge to zero, we obtain, by simple and elementary computations, an upper bound for � equal to 4.667. From the expected value of the second term of the sequence, we get the value 4.601�. In general, by letting the
SEMIRING FRAMEWORKS AND ALGORITHMS FOR SHORTESTDISTANCE PROBLEMS
, 2002
"... We define general algebraic frameworks for shortestdistance problems based on the structure of semirings. We give a generic algorithm for finding singlesource shortest distances in a weighted directed graph when the weights satisfy the conditions of our general semiring framework. The same algorit ..."
Abstract

Cited by 76 (20 self)
 Add to MetaCart
We define general algebraic frameworks for shortestdistance problems based on the structure of semirings. We give a generic algorithm for finding singlesource shortest distances in a weighted directed graph when the weights satisfy the conditions of our general semiring framework. The same algorithm can be used to solve efficiently classical shortest paths problems or to find the kshortest distances in a directed graph. It can be used to solve singlesource shortestdistance problems in weighted directed acyclic graphs over any semiring. We examine several semirings and describe some specific instances of our generic algorithms to illustrate their use and compare them with existing methods and algorithms. The proof of the soundness of all algorithms is given in detail, including their pseudocode and a full analysis of their running time complexity.
Bounding the unsatisfiability threshold of random 3SAT
"... We lower the upper bound for the threshold for random 3SAT from 4.6011 to 4.596 through two different approaches, both giving the same result. (Assuming the threshold exists, as is generally believed but still not rigorously shown.) In both approaches, we start with a sum over all truth assignments ..."
Abstract

Cited by 42 (3 self)
 Add to MetaCart
We lower the upper bound for the threshold for random 3SAT from 4.6011 to 4.596 through two different approaches, both giving the same result. (Assuming the threshold exists, as is generally believed but still not rigorously shown.) In both approaches, we start with a sum over all truth assignments that appears in an upper bound by Kirousis et al. to the the probability that a random 3SAT formula is satisfiable. In the first approach, this sum is reformulated as the partition function of a spin system consisting of n sites each of which may assume the values 0 or 1. We then obtain an asymptotic expression for this function that results from the application of an optimization technique from statistical
Efficient NonMalleable Commitment Schemes
 In Crypto 2000, SpringerVerlag (LNCS 1880
, 2000
"... . We present e#cient nonmalleable commitment schemes based on standard assumptions such as RSA and DiscreteLog, and under the condition that the network provides publicly available RSA or DiscreteLog parameters generated by a trusted party. Our protocols require only three rounds and a few mo ..."
Abstract

Cited by 39 (3 self)
 Add to MetaCart
. We present e#cient nonmalleable commitment schemes based on standard assumptions such as RSA and DiscreteLog, and under the condition that the network provides publicly available RSA or DiscreteLog parameters generated by a trusted party. Our protocols require only three rounds and a few modular exponentiations. We also discuss the di#erence between the notion of nonmalleable commitment schemes used by Dolev, Dwork and Naor [DDN00] and the one given by Di Crescenzo, Ishai and Ostrovsky [DIO98]. 1 Introduction Loosely speaking, a commitment scheme is nonmalleable if one cannot transform the commitment of another person's secret into one of a related secret. Such nonmalleable schemes are for example important for auctions over the Internet: it is necessary that one cannot generate a valid commitment of a bid b + 1 after seeing the commitment of an unknown bid b of another participant. Unfortunately, this property is not achieved by commitment schemes in general, because ...
The Ring of kRegular Sequences
, 1992
"... The automatic sequence is the central concept at the intersection of formal language theory and number theory. It was introduced by Cobham, and has been extensively studied by Christol, Kamae, Mendes France and Rauzy, and other writers. Since the range of automatic sequences is nite, however, their ..."
Abstract

Cited by 37 (7 self)
 Add to MetaCart
The automatic sequence is the central concept at the intersection of formal language theory and number theory. It was introduced by Cobham, and has been extensively studied by Christol, Kamae, Mendes France and Rauzy, and other writers. Since the range of automatic sequences is nite, however, their descriptive power is severely limited.
HIDE: an infrastructure for efficiently protecting information leakage on the address bus
 In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOSXI
, 2004
"... ABSTRACT + XOMbased secure processor has recently been introduced as a mechanism to provide copy and tamper resistant execution. XOM provides support for encryption/decryption and integrity checking. However, neither XOM nor any other current approach adequately addresses the problem of information ..."
Abstract

Cited by 34 (1 self)
 Add to MetaCart
ABSTRACT + XOMbased secure processor has recently been introduced as a mechanism to provide copy and tamper resistant execution. XOM provides support for encryption/decryption and integrity checking. However, neither XOM nor any other current approach adequately addresses the problem of information leakage via the address bus. This paper shows that without address bus protection, the XOM model is severely crippled. Two realistic attacks are shown and experiments show that 70 % of the code might be cracked and sensitive data might be exposed leading to serious security breaches. Although the problem of address bus leakage has been widely acknowledged both in industry and academia, no practical solution has ever been proposed that can provide an adequate security guarantee. The main reason is that the problem is very difficult to solve in practice due to severe performance degradation which accompanies most of the solutions. This paper presents an infrastructure called HIDE (Hardwaresupport for leakageImmune Dynamic Execution) which provides a solution consisting of chunklevel protection with hardware support and a flexible interface which can be orchestrated through the proposed compiler optimization and user specifications that allow utilizing underlying hardware solution more efficiently to provide better security guarantees. Our results show that protecting both data and code with a high level of security guarantee is possible with negligible performance penalty (1.3 % slowdown).