Designing a Dynamic Group Signature Scheme using Lattices
|
|
- Dwayne Elliott
- 6 years ago
- Views:
Transcription
1 Designing a Dynamic Group Signature Scheme using Lattices M2 Internship Defense Fabrice Mouhartem Supervised by Benoît Libert ÉNS de Lyon, Team AriC, LIP 06/24/2015 Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 1/26
2 Introduction Example Smart cars Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 2/26
3 Introduction Example Smart cars Anyone Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 2/26
4 Introduction Example Smart cars Authenticity Integrity Anyone Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 2/26
5 Introduction Example Smart cars Authenticity Integrity Anonymity Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 2/26
6 Introduction Example Smart cars Authenticity Integrity Anonymity Dynamicity Add cars Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 2/26
7 Introduction Example Smart cars Authenticity Integrity Anonymity Dynamicity Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 2/26
8 Introduction Example Smart cars Authenticity Integrity Anonymity Dynamicity Traceability Trace POLICE Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 2/26
9 Introduction Motivation Definition A dynamic group signature allows a member of a group to anonymously sign a message on behalf of the group, and allow new users to join at any time. Applications: smart cars, control in public transportation, anonymous access control (e.g. in public transportation)... Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 3/26
10 Introduction Motivation Definition A dynamic group signature allows a member of a group to anonymously sign a message on behalf of the group, and allow new users to join at any time. Applications: smart cars, control in public transportation, anonymous access control (e.g. in public transportation)... Main Differences Static Group GM distributes keys GM must be trusted Cannot add new users Dynamic Group U i makes his secret certified Even colluding GM/OA cannot sign on behalf of a honest group member Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 3/26
11 Introduction Motivation Advantages of dynamically growing groups: Add users without re-running the Setup phase; Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 4/26
12 Introduction Motivation Advantages of dynamically growing groups: Add users without re-running the Setup phase; Even if everyone, including authorities, is dishonest, no one can sign in your name. Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 4/26
13 Introduction History 1991 Introduced by Chaum and Van Heyst 2003 Formal model and definitions by Bellare, Micciancio and Warinschi for static groups. Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 5/26
14 Introduction History 1991 Introduced by Chaum and Van Heyst 2000 First scalable solution by Ateniese, Camenisch, Joye and Tsudik 2003 Formal model and definitions by Bellare, Micciancio and Warinschi for static groups Model for dynamic groups by Bellare, Shi and Zhang 2006 Model for dynamic groups by Kiayias and Yung Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 5/26
15 Introduction History 1991 Introduced by Chaum and Van Heyst 2000 First scalable solution by Ateniese, Camenisch, Joye and Tsudik 2003 Formal model and definitions by Bellare, Micciancio and Warinschi for static groups Model for dynamic groups by Bellare, Shi and Zhang 2006 Model for dynamic groups by Kiayias and Yung 2010 First scheme based on lattices by Gordon, Katz and Vaikuntanathan with linear size in the max. size of the group 2013 Down to log-size by Laguillaumie, Langlois, Libert and Stehlé Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 5/26
16 Introduction History 1991 Introduced by Chaum and Van Heyst 2000 First scalable solution by Ateniese, Camenisch, Joye and Tsudik 2003 Formal model and definitions by Bellare, Micciancio and Warinschi for static groups Model for dynamic groups by Bellare, Shi and Zhang 2006 Model for dynamic groups by Kiayias and Yung 2010 First scheme based on lattices by Gordon, Katz and Vaikuntanathan with linear size in the max. size of the group 2013 Down to log-size by Laguillaumie, Langlois, Libert and Stehlé No dynamic group signature scheme based on lattices Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 5/26
17 Introduction Lattice-Based Cryptography Lattice A lattice is a discrete subgroup of R n. Can be seen as integer linear combinations of a finite set of vectors. Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 6/26
18 Introduction Lattice-Based Cryptography Lattice A lattice is a discrete subgroup of R n. Can be seen as integer linear combinations of a finite set of vectors. Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 6/26
19 Introduction Lattice-Based Cryptography Lattice A lattice is a discrete subgroup of R n. Can be seen as integer linear combinations of a finite set of vectors. Find a short vector in a lattice is hard. Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 6/26
20 Introduction Lattice-Based Cryptography Why? Simple and efficient; Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 7/26
21 Introduction Lattice-Based Cryptography Why? Simple and efficient; Conjectured resistant to a quantum adversary; Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 7/26
22 Introduction Lattice-Based Cryptography Why? Simple and efficient; Conjectured resistant to a quantum adversary; Secure under worst-case hardness assumptions; Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 7/26
23 Introduction Lattice-Based Cryptography Why? Simple and efficient; Conjectured resistant to a quantum adversary; Secure under worst-case hardness assumptions; Powerful functionalities. Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 7/26
24 Definition Outline 1 Introduction 2 Definition 3 Presentation of the Scheme 4 Conclusion Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 8/26
25 Definition Presentation GM Sign Verify Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 9/26
26 Definition Presentation Anonymity Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 9/26
27 Definition Presentation S GM Join (cert i, sec i ) Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 9/26
28 Definition Presentation OA Open S OA Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/2015 9/26
29 Definition Dynamic Group Signature Dynamic Group Signature It is a tuple of algorithms (Setup, Join, Sign, Verify, Open) acting according to their name. Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
30 Definition Dynamic Group Signature Dynamic Group Signature It is a tuple of algorithms (Setup, Join, Sign, Verify, Open) acting according to their name. Setup: Input: security parameter λ, bound on group size N Output: public parameters Y, group manager s secret key S GM, the opening authority s secret key S OA ; Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
31 Definition Dynamic Group Signature Dynamic Group Signature It is a tuple of algorithms (Setup, Join, Sign, Verify, Open) acting according to their name. Join: interactive protocols between U i GM. Provide (cert i, sec i ) to U i. Where cert i attests the secret sec i. Update the user list along with the certificates; Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
32 Definition Dynamic Group Signature Dynamic Group Signature It is a tuple of algorithms (Setup, Join, Sign, Verify, Open) acting according to their name. Sign and Verify proceed in the obvious way; Open: Input: OA s secret S OA, M and Σ Output: i. Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
33 Definition Security Notions Three security notions Anonymity Only OA can open a signature; Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
34 Definition Security Notions Three security notions Anonymity Only OA can open a signature; Traceability Security of honest GM against malicious users who want to escape from traceability; Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
35 Definition Security Notions Three security notions Anonymity Only OA can open a signature; Traceability Security of honest GM against malicious users who want to escape from traceability; Non-frameability Security of honest members against malicious GM/OA authorities. Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
36 Definition Security Assumptions: SIS and LWE Parameters: n dimension, m n, q modulus. For A Z m n q : Small Integer Solution x Learning With Errors A = 0[q] A, A s m + e n s Z n q, e a small error. Goal: Given A Z m n q, Goal: Given ( A, A s + e ), find x Z m small. find s Z n q. Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
37 Definition Lattice-based cryptography? Lattice hard problems find a short vector in a lattice. Worst-case Hardness assumptions LWE, SIS. Average-case Security properties anonymity, traceability, non-frameability. Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
38 Presentation of the Scheme Outline 1 Introduction 2 Definition 3 Presentation of the Scheme 4 Conclusion Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
39 Presentation of the Scheme From Static to Dynamic Designed from a recent static group signature proposed by Ling, Nguyen and Wang [LNW15]. Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
40 Presentation of the Scheme From Static to Dynamic Designed from a recent static group signature proposed by Ling, Nguyen and Wang [LNW15]. Other solutions [GKV10,LLLS13] use membership certificates made of a complete basis which is problematic here. Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
41 Presentation of the Scheme From Static to Dynamic Difficulties Separate the secrets between OA and GM; Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
42 Presentation of the Scheme From Static to Dynamic Difficulties Separate the secrets between OA and GM; Bind the user to a unique public syndrome v i = D T z i Z n q for some matrix D Z m n q ; Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
43 Presentation of the Scheme From Static to Dynamic Difficulties Separate the secrets between OA and GM; Bind the user to a unique public syndrome v i = D T z i Z n q for some matrix D Z m n q ; Previous schemes based on [LLLS13] do not interact well with the non-homogeneous terms v i needed for non-frameability purposes; Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
44 Presentation of the Scheme From Static to Dynamic Difficulties Separate the secrets between OA and GM; Bind the user to a unique public syndrome v i = D T z i Z n q for some matrix D Z m n q ; Previous schemes based on [LLLS13] do not interact well with the non-homogeneous terms v i needed for non-frameability purposes; Be secure against framing attacks without compromising previous security properties; Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
45 Presentation of the Scheme From Static to Dynamic Our solution Ingredients Boyen s signature (PKC 10) Given A Z m n q and {A i } l i=0 Zm n q, the signature is a small [ ] d Z 2m q s.t. d T A A 0 + l i=1 m ia i The private key is a short T A Z m m q In our context: GM s secret is T A. = 0[q]. s.t. T A A = 0[q]. Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
46 Presentation of the Scheme From Static to Dynamic Our solution Ingredients Boyen s signature (PKC 10) Given A Z m n q and {A i } l i=0 Zm n q, the signature is a small [ ] d Z 2m q s.t. d T A A 0 + l i=1 m ia i The private key is a short T A Z m m q In our context: GM s secret is T A. = 0[q]. s.t. T A A = 0[q]. The Böhl et al. variant (Eurocrypt 13) cert i sec i [ ] T A d i A 0 + l i=1 m = z T i D + u T [q] ia i Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
47 Presentation of the Scheme From Static to Dynamic Our solution Setup: Y = (A, {A i } l i=0, B, D, u) l = log(n) (e.g. l = 30) Where: A, A 0,..., A l, B, D Z m n q and u Z n q Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
48 Presentation of the Scheme From Static to Dynamic Our solution Setup: Y = (A, {A i } l i=0, B, D, u) l = log(n) (e.g. l = 30) Where: A, A 0,..., A l, B, D Z m n q and u Z n q Join algorithm: U i GM Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
49 Presentation of the Scheme From Static to Dynamic Our solution Setup: Y = (A, {A i } l i=0, B, D, u) l = log(n) (e.g. l = 30) Where: A, A 0,..., A l, B, D Z m n q and u Z n q Join algorithm: U i z i,0 short vector in Z m v T i,0 = zt i,0 D GM Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
50 Presentation of the Scheme From Static to Dynamic Our solution Setup: Y = (A, {A i } l i=0, B, D, u) l = log(n) (e.g. l = 30) Where: A, A 0,..., A l, B, D Z m n q and u Z n q Join algorithm: U i z i,0 short vector in Z m v T i,0 = zt i,0 D v i,0 GM id i identity {0, 1} l z i,1 short vector in Z m Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
51 Presentation of the Scheme From Static to Dynamic Our solution Setup: Y = (A, {A i } l i=0, B, D, u) l = log(n) (e.g. l = 30) Where: A, A 0,..., A l, B, D Z m n q and u Z n q Join algorithm: U i z i,0 short vector in Z m v T i,0 = zt i,0 D z i = z i,0 + z i,1 v T i = z T i D Authenticate v i, id i and z i v i,0 (id i, z i,1) GM id i identity {0, 1} l z i,1 short vector in Z m Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
52 Presentation of the Scheme From Static to Dynamic Our solution Setup: Y = (A, {A i } l i=0, B, D, u) l = log(n) (e.g. l = 30) Where: A, A 0,..., A l, B, D Z m n q and u Z n q Join algorithm: U i z i,0 short vector in Z m v T i,0 = zt i,0 D z i = z i,0 + z i,1 v T i = z T i D Authenticate v i, id i and z i v i,0 (id i, z i,1) v i GM id i identity {0, 1} l z i,1 short vector in Z m d i, s.t. d T i [ A A 0 + l i=1 id i A i ] = v T i + u T [q] Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
53 Presentation of the Scheme From Static to Dynamic Our solution Setup: Y = (A, {A i } l i=0, B, D, u) l = log(n) (e.g. l = 30) Where: A, A 0,..., A l, B, D Z m n q and u Z n q Join algorithm: U i z i,0 short vector in Z m v T i,0 = zt i,0 D z i = z i,0 + z i,1 v T i = z T i D Authenticate v i, id i and z i (cert i ; sec i ) = ((id i, d i ); z i ) v i,0 (id i, z i,1) v i d i GM id i identity {0, 1} l z i,1 short vector in Z m d i, s.t. d T i [ A A 0 + l i=1 id i A i ] = v T i + u T [q] Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
54 Presentation of the Scheme From Static to Dynamic Our solution Sign algorithm: c := Enc(id i, d i ) Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
55 Presentation of the Scheme From Static to Dynamic Our solution Sign algorithm: c := Enc(id i, d i ) d T i π K := proof that c is correct and [ ] A A 0 + l i=1 id = vi T + u T [q] ia i Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
56 Presentation of the Scheme From Static to Dynamic Our solution Sign algorithm: c := Enc(id i, d i ) d T i π K := proof that c is correct and [ ] A A 0 + l i=1 id = vi T + u T [q] ia i Difference with the Ling et al. scheme We encrypt d and id i not only id i to enable signature openings. Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
57 Presentation of the Scheme From Static to Dynamic Our solution Open algorithm: OA decrypts c to get (id, d); Using id and d, OA computes the associated syndrome v; =Sign usk[i] (v i,id i ) {}}{ OA checks that (v, id, i, upk[i], sig ) is in the records and that sig is correct. If so then return i; otherwise return. Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
58 Presentation of the Scheme Efficiency Remark We use the smudging technique: making 2 distributions centered around 0 statistically close using a huge noise. Goal: D 0 + D 1 D 1 in Z or R Statistical distance: (D 0 + D 1, D 1 ) σ(d 0) σ(d 1 ) D 0 D 1 Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
59 Presentation of the Scheme Efficiency Remark We use the smudging technique: making 2 distributions centered around 0 statistically close using a huge noise. Goal: D 0 + D 1 D 1 in Z or R Statistical distance: (D 0 + D 1, D 1 ) σ(d 0) σ(d 1 ) D 0 D 1 D 0 +D 1 Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
60 Presentation of the Scheme Efficiency Consequence We need an exponential-size modulus q in the security parameter λ. Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
61 Presentation of the Scheme Efficiency Consequence We need an exponential-size modulus q in the security parameter λ. Problem Our protocol is somewhat costly. Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
62 Conclusion Outline 1 Introduction 2 Definition 3 Presentation of the Scheme 4 Conclusion Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
63 Conclusion Conclusion Main contribution First dynamic group signature based on lattice assumptions. Technical contribution We combine the Böhl et al. variant of Boyen s signature and the Ling et al. NIZK proofs. Extensions Possible extension supporting proofs of correct opening [BSZ05]. Possible use of the join protocol to certify hidden data. Open problem Prove the security without smudging: possibly more efficient parameters. Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
64 Bibliography References Mihir Bellare, Haixia Shi, Chong Zhang. Foundations of group signatures: The case of dynamic groups (CT-RSA 05) Aggelos Kiayias and Moti Yung. Secure scalable group signature with dynamic joins and separable authorities (International Journal of Security and Networks) Fabien Laguillaumie, Adeline Langlois, Benoit Libert, Damien Stehlé. Lattice-based group signature scheme with verifier-local revocation (Asiacrypt 13) San Ling, Khoa Nguyen, and Huaxiong Wang. Group Signatures from Lattices: Simpler, Tighter, Shorter, Ring-Based (PKC 15) Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
65 Thanks Question Time Thank you all for your attention! Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
66 One-Time Signature Definition A one-time signature scheme consists of a triple of algorithms Π ots = (G, S, V). Behaves like a digital signature scheme. Strong unforgeability: impossible to forge a valid signature even for a previously signed message. Usage We use one-time signature to provide CCA anonymity using Canetti-Halevi-Katz methodology. Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
67 CCA anonymity Definition No PPT adversary A can win the following game with non negligible probability: A makes open queries. A chooses M and two different (cert i, sec i ) i {0,1} A receives σ = Sign cert b,sec b (M ) for some b {0, 1} A makes other open queries A returns b, and wins if b = b Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
68 ZK Proofs Σ-protocol [Dam10] 3-move scheme: (Commit, Challenge, Answer) between 2 users. Fiat-Shamir Heuristic Make the Σ-protocol non-interactive by setting the challenge to be H(Commit, Public) Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
69 Smudging σ 2 0 = 1 σ 2 1 = 2 σ 2 = 3 Fabrice Mouhartem Dynamic Group Signature using Lattices 06/24/ /26
Signature Schemes with Efficient Protocols and Dynamic Group Signatures from Lattice Assumptions
Signature Schemes with Efficient Protocols and Dynamic Group Signatures from Lattice Assumptions Benoît Libert 1,2 San Ling 3 Fabrice Mouhartem 1 Khoa Nguyen 3 Huaxiong Wang 3 1 É.N.S. de Lyon, France
More informationSignature Schemes with Efficient Protocols and Dynamic Group Signatures from Lattice Assumptions
Signature Schemes with Efficient Protocols and Dynamic Group Signatures from Lattice Assumptions Benoît Libert 1,2 San Ling 3 Fabrice Mouhartem 1 Khoa Nguyen 3 Huaxiong Wang 3 1 É.N.S. de Lyon, France
More informationA Lattice-Based Group Signature Scheme with Message-Dependent Opening
A Lattice-Based Group Signature Scheme with Message-Dependent Opening Benoît Libert Fabrice Mouhartem Khoa Nguyen École Normale Supérieure de Lyon, France Nanyang Technological University, Singapore ACNS,
More informationZero-Knowledge Arguments for Matrix-Vector Relations and Lattice-Based Group Encryption
Zero-Knowledge Arguments for Matrix-Vector Relations and Lattice-Based Group Encryption Benoît Libert 1 San Ling 2 Fabrice Mouhartem 1 Khoa Nguyen 2 Huaxiong Wang 2 1 École Normale Supérieure de Lyon (France)
More informationZero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and Group Signatures without Trapdoors
Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and Group Signatures without Trapdoors Benoît Libert 1 San Ling 2 Khoa Nguyen 2 Huaxiong Wang 2 1 Ecole Normale
More informationMix-nets for long-term privacy
Mix-nets for long-term privacy October 2017 Núria Costa nuria.costa@scytl.com Index 1. Introdution: Previous work 2. Mix-nets 3. Lattice-based cryptography 4. Proof of a shuffle for lattice-based cryptography
More informationIntroduction Ideal lattices Ring-SIS Ring-LWE Other algebraic lattices Conclusion. Ideal Lattices. Damien Stehlé. ENS de Lyon. Berkeley, 07/07/2015
Ideal Lattices Damien Stehlé ENS de Lyon Berkeley, 07/07/2015 Damien Stehlé Ideal Lattices 07/07/2015 1/32 Lattice-based cryptography: elegant but impractical Lattice-based cryptography is fascinating:
More informationParameters Optimization of Post-Quantum Cryptography Schemes
Parameters Optimization of Post-Quantum Cryptography Schemes Qing Chen ECE 646 Presentation George Mason University 12/18/2015 Problem Introduction Quantum computer, a huge threat to popular classical
More informationLattice-based Signcryption without Random Oracles. Graduate School of Environment and Information Sciences, Yokohama National University, Japan
Lattice-based Signcryption without Random Oracles Shingo Sato Junji Shikata Graduate School of Environment and Information Sciences, Yokohama National University, Japan Overview Lattice-based Cryptography
More informationIntroduction to the Lattice Crypto Day
MAYA Introduction to the Lattice Crypto Day Phong Nguyễn http://www.di.ens.fr/~pnguyen May 2010 Summary History of Lattice-based Crypto Background on Lattices Lattice-based Crypto vs. Classical PKC Program
More informationLattice based cryptography
Lattice based cryptography Abderrahmane Nitaj University of Caen Basse Normandie, France Kuala Lumpur, Malaysia, June 23, 2014 Abderrahmane Nitaj (LMNO) Q AK ËAÓ Lattice based cryptography 1 / 54 Contents
More informationFully-Anonymous Short Dynamic Group Signatures Without Encryption
Fully-Anonymous Short Dynamic Group Signatures Without Encryption David Derler and Daniel Slamanig IAIK, Graz Universtity of Technology, Austria {david.derler daniel.slamanig}@tugraz.at Abstract. Group
More informationImprovement and Efficient Implementation of a Lattice-based Signature scheme
Improvement and Efficient Implementation of a Lattice-based Signature scheme, Johannes Buchmann Technische Universität Darmstadt TU Darmstadt August 2013 Lattice-based Signatures1 Outline Introduction
More informationFIT5124 Advanced Topics in Security. Lecture 1: Lattice-Based Crypto. I
FIT5124 Advanced Topics in Security Lecture 1: Lattice-Based Crypto. I Ron Steinfeld Clayton School of IT Monash University March 2016 Acknowledgements: Some figures sourced from Oded Regev s Lecture Notes
More informationModified Huang-Wang s Convertible Nominative Signature Scheme
Modified Huang-Wang s Convertible Nominative Signature Scheme Wei Zhao, Dingfeng Ye State Key Laboratory of Information Security Graduate University of Chinese Academy of Sciences Beijing 100049, P. R.
More informationQuadratic Time, Linear Space Algorithms for Gram-Schmidt Orthogonalization and Gaussian Sampling in Structured Lattices
1 / 24 Quadratic Time, Linear Space Algorithms for Gram-Schmidt Orthogonalization and Gaussian Sampling in Structured Lattices Vadim Lyubashevsky and Thomas Prest 2 / 24 1 Introduction: Key Sizes in Lattice-Based
More informationLattice Problems. Daniele Micciancio UC San Diego. TCC 2007 Special Event: Assumptions for cryptography
Lattice Problems Daniele Micciancio UC San Diego TCC 2007 Special Event: Assumptions for cryptography Outline Lattice Problems Introduction to Lattices, SVP, SIVP, etc. Cryptographic assumptions Average-case
More informationPseudorandom Functions and Lattices
Pseudorandom Functions and Lattices Abhishek Banerjee 1 Chris Peikert 1 Alon Rosen 2 1 Georgia Institute of Technology 2 IDC Herzliya EUROCRYPT 12 19 April 2012 Outline 1 Introduction 2 Learning with Rounding
More informationProxy Re-Encryption and Re-Signatures from Lattices
Proxy Re-Encryption and Re-Signatures from Lattices Xiong Fan Feng-Hao Liu Abstract Proxy re-encryption (PRE) and Proxy re-signature (PRS) were introduced by Blaze, Bleumer and Strauss [Eurocrypt 98].
More informationDirect Anonymous Attestation & TPM2.0 Getting Provably Secure Crypto into the Real-World. Anja Lehmann IBM Research Zurich
Direct Anonymous Attestation & 2.0 Getting Provably Secure Crypto into the Real-World Anja Lehmann IBM Research Zurich Direct Anonymous Attestation & Trusted Platform Module () Secure crypto processor:
More informationCryptography from worst-case complexity assumptions
Cryptography from worst-case complexity assumptions Daniele Micciancio UC San Diego LLL+25 June 2007 (Caen, France) Outline Introduction Lattices and algorithms Complexity and Cryptography Lattice based
More informationPractical Divisible E-Cash
Practical Divisible E-Cash Patrick Märtens Mathematisches Institut, Justus-Liebig-Universität Gießen patrickmaertens@gmx.de April 9, 2015 Abstract. Divisible e-cash systems allow a user to withdraw a wallet
More informationSession #6: Another Application of LWE: Pseudorandom Functions. Chris Peikert Georgia Institute of Technology
Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 1/12 Session #6: Another Application of LWE: Pseudorandom Functions Chris Peikert Georgia Institute of Technology Winter School on
More informationAn Anonymous Bidding Protocol without Any Reliable Center
Vol. 0 No. 0 Transactions of Information Processing Society of Japan 1959 Regular Paper An Anonymous Bidding Protocol without Any Reliable Center Toru Nakanishi, Toru Fujiwara and Hajime Watanabe An anonymous
More informationLattice Cryptography: Introduction and Open Problems
Lattice Cryptography: Introduction and Open Problems Daniele Micciancio Department of Computer Science and Engineering University of California, San Diego August 2015 Daniele Micciancio (UCSD) Lattice
More informationRethinking Verifiably Encrypted Signatures: A Gap in Functionality and Potential Solutions
Rethinking Verifiably Encrypted Signatures: A Gap in Functionality and Potential Solutions Theresa Calderon 1 and Sarah Meiklejohn 1 and Hovav Shacham 1 and Brent Waters 2 1 UC San Diego {tcaldero, smeiklej,
More informationOn a Possible Privacy Flaw in Direct Anonymous Attestation (DAA)
On a Possible Privacy Flaw in Direct Anonymous Attestation (DAA) Adrian Leung 1, Liqun Chen 2, and Chris J. Mitchell 1 1 Information Security Group Royal Holloway, University of London Egham, Surrey, TW20
More informationSecure Two-party Threshold ECDSA from ECDSA Assumptions. Jack Doerner, Yashvanth Kondi, Eysa Lee, and abhi shelat Northeastern University
Secure Two-party Threshold ECDSA from ECDSA Assumptions Jack Doerner, Yashvanth Kondi, Eysa Lee, and abhi shelat Northeastern University Elliptic Curve Digital Signature Algorithm Digital Signature Algorithm
More informationEfficient Implementation of Lattice-based Cryptography for Embedded Devices
Efficient Implementation of Lattice-based Cryptography for Embedded Devices Tobias Oder Ruhr-University Bochum Workshop on Cryptography for the Internet of Things and Cloud 2017 09.11.2017 Lattice-based
More informationEfficient Designated Confirmer Signatures Without Random Oracles or General Zero-Knowledge Proofs (Extended Abstract)
Efficient Designated Confirmer Signatures Without Random Oracles or General Zero-Knowledge Proofs (Extended Abstract) Craig Gentry 1, David Molnar 2 and Zulfikar Ramzan 1 1 DoCoMo USA Labs, {cgentry,ramzan}@docomolabs-usa.com
More informationProgrammable Hash Functions and their applications
Programmable Hash Functions and their applications Dennis Hofheinz, Eike Kiltz CWI, Amsterdam Leiden - June 2008 Programmable Hash Functions 1 Overview 1. Hash functions 2. Programmable hash functions
More informationImplementing Candidate Graded Encoding Schemes from Ideal Lattices
Implementing Candidate Graded Encoding Schemes from Ideal Lattices Martin R. Albrecht 1, Catalin Cocis 2, Fabien Laguillaumie 3 and Adeline Langlois 4 1. Information Security Group, Royal Holloway, University
More informationHOW LOW CAN YOU GO? SHORT STRUCTURE-PRESERVING SIGNATURES FOR DIFFIE-HELLMAN VECTORS
HOW LOW CAN YOU GO? SHORT STRUCTURE-PRESERVING SIGNATURES FOR DIFFIE-HELLMAN VECTORS Essam Ghadafi University of the West of England IMA International Conference on Cryptography and Coding 2017 OUTLINE
More informationA New Lattice-Based Cryptosystem Mixed with a Knapsack
A New Lattice-Based Cryptosystem Mixed with a Knapsack Yanbin Pan and Yingpu Deng and Yupeng Jiang and Ziran Tu Key Laboratory of Mathematics Mechanization Academy of Mathematics and Systems Science,Chinese
More informationLattices and Cryptography:An Overview of Recent Results October with Emphasis 12, 2006on RSA 1 / and 61 N. Cryptosystems.
Lattices and Cryptography:An Overview of Recent Results with Emphasis on RSA and NTRU Cryptosystems. Petros Mol NYU Crypto Seminar October 12, 2006 Lattices and Cryptography:An Overview of Recent Results
More informationComputational Independence
Computational Independence Björn Fay mail@bfay.de December 20, 2014 Abstract We will introduce different notions of independence, especially computational independence (or more precise independence by
More informationMULTI-BIT CRYPTOSYSTEMS BASED ON LATTICE PROBLEMS
MULTI-BIT CRYPTOSYSTEMS BASED ON LATTICE PROBLEMS PKC 2007 Akinori Kawachi, Keisuke Tanaka, and Keita Xagawa (Tokyo Institute of Technology) Agenda Background Our Results Conclusion Agenda Background Lattices
More informationPUF-Based UC-Secure Commitment without Fuzzy Extractor
PUF-Based UC-Secure Commitment without Fuzzy Extractor Huanzhong Huang Department of Computer Science, Brown University Joint work with Feng-Hao Liu Advisor: Anna Lysyanskaya May 1, 2013 Abstract Cryptographic
More informationModelling Anti-Terrorist Surveillance Systems from a Queueing Perspective
Systems from a Queueing Perspective September 7, 2012 Problem A surveillance resource must observe several areas, searching for potential adversaries. Problem A surveillance resource must observe several
More informationPractical Round-Optimal Blind Signatures in the Standard Model
Practical Round-Optimal Blind Signatures in the Standard Model Georg Fuchsbauer 1,, Christian Hanser 2,, and Daniel Slamanig 2, 1 Institute of Science and Technology Austria georg.fuchsbauer@ist.ac.at
More informationAleator: Random Beacon via Scalable Threshold Signatures
Aleator: Random Beacon via Scalable Threshold Signatures Robert Chen Mentored by Alin Tomescu PRIMES Computer Science Conference 10/13/18 1 Why Scalability? Scalable threshold signature scheme Increased
More informationBitcoin. CS 161: Computer Security Prof. Raluca Ada Popa. April 11, 2019
Bitcoin CS 161: Computer Security Prof. Raluca Ada Popa April 11, 2019 What is Bitcoin? Bitcoin is a cryptocurrency: a digital currency whose rules are enforced by cryptography and not by a trusted party
More informationEfficient Fully-Leakage Resilient One-More Signature Schemes Antonio Faonio
SESSION ID: CRYP-R03 Efficient Fully-Leakage Resilient One-More Signature Schemes Antonio Faonio IMDEA Software Institute 1/20 2/20 3/20 Digital Signature - Existential Unforgeability CMA 3/20 Digital
More informationPrivate Auctions with Multiple Rounds and Multiple Items
Private Auctions with Multiple Rounds and Multiple Items Ahmad-Reza Sadeghi Universität des Saarlandes FR 6.2 Informatik D-66041 Saarbrücken, Germany sadeghi@cs.uni-sb.de Matthias Schunter IBM Zurich Research
More informationBitcoin. CS 161: Computer Security Prof. Raluca Ada Poipa. April 24, 2018
Bitcoin CS 161: Computer Security Prof. Raluca Ada Poipa April 24, 2018 What is Bitcoin? Bitcoin is a cryptocurrency: a digital currency whose rules are enforced by cryptography and not by a trusted party
More informationDiscrete Ziggurat: A Time-Memory Trade-off for Sampling from a Gaussian Distribution over the Integers
Discrete Ziggurat: A Time-Memory Trade-off for Sampling from a Gaussian Distribution over the Integers Johannes Buchmann, Daniel Cabarcas, Florian Göpfert, Andreas Hülsing, Patrick Weiden Technische Universität
More informationPhysical Unclonable Functions (PUFs) and Secure Processors. Srini Devadas Department of EECS and CSAIL Massachusetts Institute of Technology
Physical Unclonable Functions (PUFs) and Secure Processors Srini Devadas Department of EECS and CSAIL Massachusetts Institute of Technology 1 Security Challenges How to securely authenticate devices at
More informationChosen Ciphertext Security via UCE
PKC 2014 @Buenos Aires 3/26~3/28 Chosen Ciphertext Security via UCE Takahiro Matsuda (RISEC, AIST) Goichiro Hanaoka (RISEC, AIST) t-matsuda@aist.go.jp 2014/3/26 Wed. 1 This Work UCE: Universal Computational
More informationA Transferrable E-cash Payment System. Abstract
Fuw-Yi Yang 1, Su-Hui Chiu 2 and Chih-Wei Hsu 3 Department of Computer Science and Information Engineering, Chaoyang University of Technology, Taiwan 1,3 Office of Accounting, Chaoyang University of Technology,
More informationHawk and Aucitas: e-auction schemes from the Helios and Civitas e-voting schemes
Hawk and Aucitas: e-auction schemes from the Helios and Civitas e-voting schemes Adam McCarthy 1, Ben Smyth 1, and Elizabeth A. Quaglia 2 1 INRIA Paris-Rocquencourt, France 2 ENS, Paris, France Abstract.
More informationRecursive Lattice Reduction
Recursive Lattice Reduction Thomas Plantard Willy Susilo Centre for Computer and Information Security Research Universiy of Wollongong http://www.uow.edu.au/ thomaspl thomaspl@uow.edu.au Plantard and Susilo
More informationAnonymity of E-Cash Protocols. Erman Ayday
Anonymity of E-Cash Protocols Erman Ayday Disclaimer It is debatable that anonymous e-cash protocols are also useful for black market and money laundering 2 Bitcoin S. Nakamoto, 2008 A software-based online
More informationLoyalty program on the Credits blockchain platform Building a program with blockchain and smart contracts. Issuing tokens as loyalty points.
Loyalty program on the Credits blockchain platform Building a program with blockchain and smart contracts. Issuing tokens as loyalty points. Disadvantages of the current loyalty programs Complicated procedure
More informationAdaptive Secure-Channel Free Public- Encryption with Keyword Search Impli Release Encryption. Author(s)Emura, Keita; Miyaji, Atsuko; Omote,
JAIST Reposi https://dspace.j Title Encryption with Keyword Search Impli Release Encryption Author(s)Emura, Keita; Miyaji, Atsuko; Omote, Citation Lecture Notes in Computer Science, 7 102-118 Issue Date
More informationOn the Feasibility of Extending Oblivious Transfer
On the Feasibility of Extending Oblivious Transfer Yehuda Lindell Hila Zarosim Dept. of Computer Science Bar-Ilan University, Israel lindell@biu.ac.il,zarosih@cs.biu.ac.il January 23, 2013 Abstract Oblivious
More informationBlockchain and the possible impact on testing. New technology needs new testing?
Specialisten in vooruitgang Blockchain and the possible impact on testing. New technology needs new testing? Jeroen Rosink TestCon Vilnius October 18 th 2018 Software testen Business Process Transformation
More informationYao s Minimax Principle
Complexity of algorithms The complexity of an algorithm is usually measured with respect to the size of the input, where size may for example refer to the length of a binary word describing the input,
More informationOn the statistical leak of the GGH13 multilinear map and its variants
On the statistical leak of the GGH13 multilinear map and its variants Léo Ducas 1, Alice Pellet--Mary 2 1 Cryptology Group, CWI, Amsterdam 2 LIP, ENS de Lyon. 25th April, 2017 A. Pellet-Mary On the statistical
More informationwhitepaper Abstract Introduction Features Special Functionality Roles in DiQi network Application / Use cases Conclusion
whitepaper Abstract Introduction Features Special Functionality Roles in DiQi network Application / Use cases Conclusion Abstract DiQi (pronounced Dee Chi) is a decentralized platform for smart property.
More informationRepublic Protocol. A decentralized dark pool exchange providing atomic swaps for Ethereum-based assets and Bitcoin.
Republic Protocol A decentralized dark pool exchange providing atomic swaps for Ethereum-based assets and Bitcoin. December 18, 2017 Taiyang Zhang, Loong Wang Abstract The market capitalization and trading
More informationGame Theoretic Notions of Fairness in Multi-Party Coin Toss
TCC 28 (Goa) Game Theoretic Notions of Fairness in Multi-Party Coin Toss Kai-Min Chung, Yue Guo, Wei-Kai Lin, Rafael Pass, and Elaine Shi Nov 3, 28 Who Gets to TCC in Goa? Soft merge of A and B Only one
More informationWill Bitcoin and the Block Chain change the way we Live and Work? Martyn Thomas CBE FREng Livery Company Professor of Information Technology
Will Bitcoin and the Block Chain change the way we Live and Work? Martyn Thomas CBE FREng Livery Company Professor of Information Technology 1 2 Money A way of storing and transferring value Value based
More informationGEOSURE PROTECTION PLAN
GEOSURE PROTECTION PLAN I. SCOPE/INTRODUCTION The GeoSure Protection Plan is designed to provide protection against economic loss resulting from specific types of risks associated with certain SSL Certificates
More informationOn the Balasubramanian-Koblitz Results
On the Balasubramanian-Koblitz Results Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata India palash@isical.ac.in Institute of Mathematical Sciences, 22 nd February 2012 As Part
More informationLATTICES AND CRYPTOGRAPHY
LATTICES AND CRYPTOGRAPHY Abderrahmane Nitaj Laboratoire de Mathe matiques Nicolas Oresme University de Caen, France Nouakchott, February 15-26, 2016 Abderrahmane Nitaj (LMNO, Caen) LATTICES AND CRYPTOGRAPHY
More informationSecure E-Auction For Mobile Users With Low-Capability Devices In Wireless Network
Secure E-Auction For Mobile Users With Low-Capability Devices In Wireless Network Kun Peng Institute for Infocomm Research Abstract. The existing secure e-auction schemes are shown to be too costly for
More informationExtended Security Arguments for (Ring) Signature Schemes
Extended Security Arguments for (Ring) Signature Schemes Sidi Mohamed El Yousfi Alaoui 1, Özgür Dagdelen1, Pascal Véron 2, David Galindo 3, and Pierre-Louis Cayrel 4 1 CASED Center for Advanced Security
More informationThe BitShares Blockchain
The BitShares Blockchain Introduction Stichting BitShares Blockchain Foundation Zutphenseweg 6 7418 AJ Deventer Netherlands Chamber of Commerce: 66190169 http://www.bitshares.foundation info@bitshares.foundation
More informationMulti-bit Cryptosystems Based on Lattice Problems
Multi-bit Cryptosystems Based on Lattice Problems Akinori Kawachi, Keisuke Tanaka, and Keita Xagawa Department of Mathematical and Computing Sciences, Tokyo Institute of Technology, W8-55, 2-12-1 Ookayama
More informationHandout 4: Deterministic Systems and the Shortest Path Problem
SEEM 3470: Dynamic Optimization and Applications 2013 14 Second Term Handout 4: Deterministic Systems and the Shortest Path Problem Instructor: Shiqian Ma January 27, 2014 Suggested Reading: Bertsekas
More informationG5212: Game Theory. Mark Dean. Spring 2017
G5212: Game Theory Mark Dean Spring 2017 Why Game Theory? So far your microeconomic course has given you many tools for analyzing economic decision making What has it missed out? Sometimes, economic agents
More informationBitcoin, Blockchain Technology, Block Chain Ecosystem : What You Need to Know?
Bitcoin, Blockchain Technology, Block Chain Ecosystem : What You Need to Know? Speaker : Zuriati Ahmad Zukarnain Designation : Associate Professor Company : Universiti Putra Malaysia Bitcoin, Blockchain
More informationEfficient Zero-Knowledge Contingent Payments in Cryptocurrencies Without Scripts
Efficient Zero-Knowledge Contingent Payments in Cryptocurrencies Without Scripts Wacław Banasi, Stefan Dziembowsi, and Daniel Malinowsi University of Warsaw Abstract. One of the most promising innovations
More informationDavid Chuum. Centre for Mathematics and Computer Science Kruislaan SJ Amsterdam
Online Cash Checks David Chuum Centre for Mathematics and Computer Science Kruislaan 413 1098SJ Amsterdam INTRODUCTION Savings of roughly an order of magnitude in space, storage, and bandwidth over previously
More informationCombining Differential Privacy and Secure Multiparty Computation
Combining Differential Privacy and Secure Multiparty Computation Martin Pettai, Peeter Laud {martin.pettai peeter.laud}@cyber.ee December 11th, 2015 Introduction Problem Institutions have data about individuals
More informationRewriting Codes for Flash Memories Based Upon Lattices, and an Example Using the E8 Lattice
Rewriting Codes for Flash Memories Based Upon Lattices, and an Example Using the E Lattice Brian M. Kurkoski kurkoski@ice.uec.ac.jp University of Electro-Communications Tokyo, Japan Workshop on Application
More informationCryptographic Combinatorial Securities Exchanges
Cryptographic Combinatorial Securities Exchanges Christopher Thorpe and David C. Parkes Harvard University School of Engineering and Applied Sciences cat@seas.harvard.edu, parkes@seas.harvard.edu Abstract.
More informationCryptography Assignment 4
Cryptography Assignment 4 Michael Orlov (orlovm@cs.bgu.ac.il) Yanik Gleyzer (yanik@cs.bgu.ac.il) May 19, 2003 Solution for Assignment 4. Abstract 1 Question 1 A simplified DES round is given by g( L, R,
More informationA Simple and Secure Credit Card-based Payment System
A Simple and Secure Credit Card-based Payment System Chi Po Cheong University of Macau, Macau SAR, China webster@macau.ctm.net Abstract Today, online shopping plays an important role in our life. More
More informationHow Fair is Your Protocol? A Utility-based Approach to Protocol Optimality
How Fair is Your Protocol? A Utility-based Approach to Protocol Optimality ABSTRACT Juan Garay Yahoo Labs garay@yahoo-inc.com Björn Tackmann UC San Diego btackmann@eng.ucsd.edu The security of distributed
More informationFifty Shades of Blockchain
Fifty Shades of Blockchain The Trust Machine, Distributed Trust Network, Bitcoin, Ethereum, Distributed Ledger... Smart Contracts Slide 1/21 Cong, He, & Zheng Blockchain Disruption and Smart Contracts
More informationCeremonies for End-to-End Verifiable Elections
Ceremonies for End-to-End Verifiable Elections Aggelos Kiayias *1, Thomas Zacharias 1, and Bingsheng Zhang 2 1 School of Informatics, University of Edinburgh, UK 2 Security Lancaster Research Centre, Lancaster
More informationLecture 8 : The dual lattice and reducing SVP to MVP
CSE 206A: Lattice Algorithms and Applications Spring 2007 Lecture 8 : The dual lattice and reducing SVP to MVP Lecturer: Daniele Micciancio Scribe: Scott Yilek 1 Overview In the last lecture we explored
More informationUse of the Proof-of-Stake Algorithm for Distributed Consensus in Blockchain Protocol for Cryptocurrency
University of Connecticut OpenCommons@UConn Honors Scholar Theses Honors Scholar Program Spring 4-27-2018 Use of the Proof-of-Stake Algorithm for Distributed Consensus in Blockchain Protocol for Cryptocurrency
More informationMarkov Decision Processes
Markov Decision Processes Robert Platt Northeastern University Some images and slides are used from: 1. CS188 UC Berkeley 2. AIMA 3. Chris Amato Stochastic domains So far, we have studied search Can use
More informationComputer Security. 13. Blockchain & Bitcoin. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 13. Blockchain & Bitcoin Paul Krzyzanowski Rutgers University Spring 2018 April 18, 2018 CS 419 2018 Paul Krzyzanowski 1 Bitcoin & Blockchain Bitcoin cryptocurrency system Introduced
More informationCryptographic Combinatorial Securities Exchanges
Cryptographic Combinatorial Securities Exchanges Christopher Thorpe and David C. Parkes Harvard University School of Engineering and Applied Sciences cat@seas.harvard.edu, parkes@seas.harvard.edu Abstract.
More informationLower Bounds on Implementing Robust and Resilient Mediators
Lower Bounds on Implementing Robust and Resilient Mediators Ittai Abraham 1, Danny Dolev 2, and Joseph Y. Halpern 3 1 Hebrew University. ittaia@cs.huji.ac.il 2 Hebrew University. dolev@cs.huji.ac.il 3
More informationBounding Optimal Expected Revenues for Assortment Optimization under Mixtures of Multinomial Logits
Bounding Optimal Expected Revenues for Assortment Optimization under Mixtures of Multinomial Logits Jacob Feldman School of Operations Research and Information Engineering, Cornell University, Ithaca,
More informationStrong Accumulators from Collision-Resistant Hashing
INRIA Sophia Antipolis March 2009 Strong Accumulators from Collision-Resistant Hashing Philippe Camacho (University of Chile Alejandro Hevia (University of Chile Marcos Kiwi (University of Chile Roberto
More informationThe Blockchain Identity
Innovation and Cryptoventures The Blockchain Identity Campbell R. Harvey Duke University and NBER Revised January 19, 2018 3 Blockchain is a technology There is no the blockchain blockchain is a technology.
More informationThe Blockchain Trevor Hyde
The Blockchain Trevor Hyde Bitcoin I Bitcoin is a cryptocurrency introduced in 2009 by the mysterious Satoshi Nakomoto. I Satoshi Nakomoto has never been publicly identified. Bitcoin Over the past year
More informationAlternative Consensus
Alternative Consensus Rethinking Bitcoin-like Consensus Design Hong-Sheng Zhou Virginia Commonwealth University Outline Towards a unified view of blockchain design A design example: 2-hop blockchain A
More informationEquity correlations implied by index options: estimation and model uncertainty analysis
1/18 : estimation and model analysis, EDHEC Business School (joint work with Rama COT) Modeling and managing financial risks Paris, 10 13 January 2011 2/18 Outline 1 2 of multi-asset models Solution to
More informationFinal exam solutions
EE365 Stochastic Control / MS&E251 Stochastic Decision Models Profs. S. Lall, S. Boyd June 5 6 or June 6 7, 2013 Final exam solutions This is a 24 hour take-home final. Please turn it in to one of the
More informationContract Theory in Continuous- Time Models
Jaksa Cvitanic Jianfeng Zhang Contract Theory in Continuous- Time Models fyj Springer Table of Contents Part I Introduction 1 Principal-Agent Problem 3 1.1 Problem Formulation 3 1.2 Further Reading 6 References
More informationBuilding Blockchain Solutions
Provide Authenticity and Trust to all information you create, process, store and distribute Digital Disruption Is Here The application of new digital technologies causes seismic upheavals in all markets:
More informationAuctions. Felix Brandt. October 1, 2009
Auctions Felix Brandt October 1, 2009 1 Introduction Auctions are key mechanisms for allocating scarce resources among multiple parties. While traditionally auctions have mainly been applied to the selling
More informationWill Blockchain Change the Audit? Zhiyong Li. Jianghan University, Wuhan, China. Introduction. The Blockchain Technology
China-USA Business Review, June 2017, Vol. 16, No. 6, 294-298 doi: 10.17265/1537-1514/2017.06.006 D DAVID PUBLISHING Will Blockchain Change the Audit? Zhiyong Li Jianghan University, Wuhan, China Blockchain
More informationMODELLING VOLATILITY SURFACES WITH GARCH
MODELLING VOLATILITY SURFACES WITH GARCH Robert G. Trevor Centre for Applied Finance Macquarie University robt@mafc.mq.edu.au October 2000 MODELLING VOLATILITY SURFACES WITH GARCH WHY GARCH? stylised facts
More information