Home
Search results “Boolean functions and cryptography research”

03:34:52
Views: 1770 HorstGoertzInstitute

50:44
On August 29, 2012, Prof. Pante Stanica from the Naval Postgraduate School, spoke on graph-theoretic tools for cryptographic Boolean functions. In this 50 minute talk, Prof Stanica discusses various properties of Boolean functions through the prism of graph theory. Cayley graphs and Nagy graphs are intorduced in this context, and new directions for further research are mentioned at the end of the talk. More details of parts of the talk can be found in his book with Thomas W. Cusick: "Cryptographic Boolean Functions and Applications," Academic Press - Elsevier, March 2009.
Views: 225 David Joyner

01:12:19
The study of monotonicity and negation complexity for Boolean functions has been prevalent in complexity theory as well as in computational learning theory, but little attention has been given to it in the cryptographic context. Recently, Goldreich and Izsak (2012) have initiated a study of whether cryptographic primitives can be monotone, and showed that one-way functions can be monotone (assuming they exist), but a pseudorandom generator cannot. In this work, we start by filling in the picture and proving that many other basic cryptographic primitives cannot be monotone. We then initiate a quantitative study of the power of negations, asking how many negations are required. We provide several lower bounds, some of them tight, for various cryptographic primitives and building blocks including one-way permutations, pseudorandom functions, small-bias generators, hard-core predicates, error-correcting codes, and randomness extractors. Among our results, we highlight the following. i) Unlike one-way functions, one-way permutations cannot be monotone. ii) We prove that pseudorandom functions require log n−O(1) negations (which is optimal up to the additive term). iii) Error-correcting codes with optimal distance parameters require log n−O(1) negations (again, optimal up to the additive term). iv) We prove a general result for monotone functions, showing a lower bound on the depth of any circuit with t negations on the bottom that computes a monotone function f in terms of the monotone circuit depth of f. This result addresses a question posed by Koroth and Sarma (2014) in the context of the circuit complexity of the Clique problem. Joint work with Siyao Guo, Igor Carboni Oliveira, and Alon Rosen.
Views: 239 Microsoft Research

16:57
Dahmun Goudarzi and Matthieu Rivain, CHES 2016. See http://www.iacr.org/cryptodb/data/paper.php?pubkey=27839
Views: 141 TheIACR

23:26
Paper by Seny Kamara and Tarik Moataz presented at Eurocrypt 2017. See https://www.iacr.org/cryptodb/data/paper.php?pubkey=28003
Views: 233 TheIACR

23:13
Brett Hemenway and Zahra Jafargholi and Rafail Ostrovsky and Alessandra Scafuro and Daniel Wichs, Crypto 2016. See http://www.iacr.org/cryptodb/data/paper.php?pubkey=27658
Views: 724 TheIACR

52:55
Machine solvers are a class of general-purpose software tools which input a set of equations and output a satisfying assignment to these equations (or a proof of unsatisfiability). Solvers are used for a variety of practical applications, from VLSI verification to transportation route planning. Recently several authors have attempted to use solvers to perform one of the most challenging tasks in modern computer science - cryptanalysis of symmetric block ciphers such as AES. To use a solver for cryptanalysis, we provide it with a known plaintext, a known ciphertext and the set of mathematical equations which use an unknown secret key to transform between the two. The solver is then expected to output the secret key which links the given plaintext and ciphertext, thus satisfying the equation set. Fortunately, solvers are not currently capable of directly attacking modern ciphers. However, the situation is drastically different when side-channel data (information leaked from the cryptographic device due to its internal structure) is introduced into the equation. This talk will introduce side-channel cryptographic attacks, survey our latest efforts in using machine solvers to attack cryptosystems, and conclude with a successful attack on the AES cipher which requires surprisingly little side-channel data and computation time. Joint work with Mathieu Renauld, Fran�ois-Xavier Standaert and Avishai Wool
Views: 103 Microsoft Research

01:03:11
UCL Computer Science Distinguished Lecture A common theme in program verification is establishing relationships between two runs of the same program or of different programs. Such relationships can be proved by semantical means, or with syntactic methods such as relational program logics and product constructions. Gilles shall present an overview of these methods and their applications to provable security, differential privacy, and secure implementations. Gilles Barthe is a research professor at the IMDEA Software Institute. His research interests include logic, formal verification, programming languages, and security. His current work focuses on verification and synthesis methods for cryptography and differential privacy. He is a member of the editorial boards of the Journal of Automated Reasoning and Journal of Computer Security. He received a Ph.D. in Mathematics from the University of Manchester, UK, in 1993, and an Habilitation à diriger les recherches in Computer Science from the University of Nice, France, in 2004.
Views: 291 UCLComputerScience

05:38
Views: 162 The Audiopedia

21:40
Paper by Felix Günther and Sogol Mazaheri presented at Crypto 2017. See https://iacr.org/cryptodb/data/paper.php?pubkey=28246
Views: 921 TheIACR

34:49
Cryptography, social networks - today the use of online tools also serves to protect the communications of terrorists and to affirm their membership in terrorist organisations. The Internet is the method of choice for communication: the number of sites calling for a "jihad" rose from 28 in 1997 to over 5,000 in 2005. The basic use of these sites for the purpose of basic classical communication began in the 2000s. It was replaced by that of social networks, allowing almost instant mass communication. Studies of the Middle East Media Research Institute (MEMRI) show that Al-Qaeda uses encryption tools for a long time: "Since 2007, Al Qaeda's use of encryption technology has been based on the platform Mujahideen Secrets, which has incorporated the support for mobile, instant messaging, and Macs." Encrypting communications was only done for emails and within the "Mujahideen Secrets" platform itself. However the year 2013 was a turning point in the spread of encryption: instant messaging in February with Pidgin, SMS in September with Twofish encryption, AES encrypted texts on web sites in December. Edward Snowden's revelations, which began in June 2013, are not the starting point of the "cryptodjihad" but seem to have acted as an accelerator. MEMRI's researchers demonstrated the use of public cryptographic tools stemming from the family of Free Software: Pidgin instant messaging tool similar to MSN allows the terrorist movement Asrar al Dardashan to encrypt their communications with OTR (for off the record). By analyzing the adoption of new tools and the use of Free Software, we see that the focus is on cryptography for mobile tools. As a cybersecurity consultant, Julie has spent three years in the Arab world (Egypt, Syria, Sudan, Lyban, Tunisia ...). For several years she's been studying the jihadist movement and the rise of anonymization and encryption techniques in the Middle East. Author of a book about the revolutions in several of these countries "There were once revolutions" (Ed. The Seagull, 2012), she now works in particular studying international conflicts on the Internet.

21:41

01:05:50
We present a Multi-Authority Attribute-Based Encryption (ABE) system. In our system, any party can become an authority and there is no requirement for any global coordination other than the creation of an initial set of common reference parameters. A party can simply act as an ABE authority by creating a public key and issuing private keys to different users that reflect their attributes. A user can encrypt data in terms of any boolean formula over attributes issued from any chosen set of authorities. Finally, our system does not require any central authority. In this talk, I will present our system and discuss its proof, which employs dual system encryption techniques. Our system uses bilinear groups of composite order, and we prove security under static assumptions in the random oracle model. This is joint work with Brent Waters.
Views: 1676 Microsoft Research

25:24
Authors: Vladimir Kolesnikov (Bell Labs), Ranjit Kumaresan (MIT), Mike Rosulek and Ni Trieu (Oregon State University) presented at CCS 2016 - the 23rd ACM Conference on Computer and Communications Security (Hofburg Palace Vienna, Austria / October 24-28, 2016) - organized by SBA Research
Views: 334 CCS 2016

25:34
Authors: Raphael Bost (Direction Générale de l’Armement – Maitrise de l’Information & Université de Rennes 1) presented at CCS 2016 - the 23rd ACM Conference on Computer and Communications Security (Hofburg Palace Vienna, Austria / October 24-28, 2016) - organized by SBA Research
Views: 381 CCS 2016

53:50
Speaker: Michael Kirkpatrick · Purdue University Abstract Physically unclonable functions (PUFs) are hardware structures that create unique characteristics for distinct copies of a device. Specifically, the physical nature of manufacturing a device introduces slight variations that can be neither controlled nor predicted. PUFs quantify these differences into a random one-way function. In our work, we have explored multiple application scenarios for integrating PUFs into security systems. In the first application, we propose leveraging PUFs to bind access requests to known, trusted devices. This scheme also offers a lightweight key exchange protocol that can reduce the computational cost for low-power embedded devices. In our second work, we have designed PEAR, a portable authentication token based on PUFs that allows for privacy-preserving transactions with websites. Finally, we have created PUF ROKs, which are read-once cryptographic keys based on PUFs. In this talk, we will introduce these applications, highlighting the advantages of deploying PUFs over competing technologies, as well as presenting the results of our empirical and formal analyses of these prototypes. About the Speaker Michael S. Kirkpatrick is a Ph.D. candidate in the Department of Computer Sciences at Purdue University. His research interests lie in the realm of designing secure systems, with a special focus on the interactions between hardware, architectures, and operating systems. He received a M.S. in Computer Science and Engineering at Michigan State University in 2007 and a B.A. in Mathematics and Computer Science at Indiana University in 2001. In addition, he spent more than five years with IBM, primarily working in the area of semiconductor engineering and lithography. For more information and source of the videos visit: http://bit.ly/CERIAS_archive
Views: 2831 Christiaan008

01:46:56
SPEAKER: Francois Rodier TITLE: Asymptotic nonlinearity of Boolean functions ABSTRACT: The nonlinearity of Boolean functions on the space Fm2 is important in cryptography. It is used to measure the strength of cryptosystems when facing linear attacks. In the case low degree of approximation attacks, we examine the nonlinearity of order r of a Boolean function, which equals the number of necessary substitutions in its truth table needed to change it into a function of degree at most r. Studies aimed at the distribution of Boolean functions according to the r-th order nonlinearity. Asymptotically, a lower bound is established in the higher order cases for almost all Boolean functions, whereas a concentration point is shown in the first and second order nonlinearity case. In the case of vectorial Boolean functions, a concentration point is shown in the first order nonlinearity case. SPEAKER: Sorina Ionica TITLE: Pairing-based methods for genus 2 curve jacobians with maximal endomorphism ring ABSTRACT: Algorithms for constructing jacobians of genus 2 curves with nice cryptographic properties involve the computation of Igusa class polynomials for CM quartic fields. The CRT method used to compute these polynomials needs to find first a jacobian with maximal endomorphism ring over a finite field, and then enumerates all others jacobians having maximal endomorphism ring using horizontal isogenies. For $\ell 2$, we use Galois cohomology and the Tate pairing to compute the action of the Frobenius on the $\ell$-torsion. In view of application to Igusa class polynomials computation, we deduce an algorithm to verify whether the jacobian of a genus 2 curve has locally maximal endomorphism ring at $\ell$. Moreover, we derive a method to construct horizontal isogenies starting from a jacobian with maximal endomorphism ring.
Views: 69 Microsoft Research

14:49
Thomas De Cnudde and Oscar Reparaz and Begül Bilgin and Svetla Nikova and Ventzislav Nikov and Vincent Rijmen, CHES 2016. See http://www.iacr.org/cryptodb/data/paper.php?pubkey=27834
Views: 544 TheIACR

21:03
Yfke Dulek and Christian Schaffner and Florian Speelman, Crypto 2016. See http://www.iacr.org/cryptodb/data/paper.php?pubkey=27663
Views: 240 TheIACR

01:03:08
Quantum mechanics has profound implications for cryptography. It tells us that perfectly-secure key-exchange is possible, and that factoring is not a good basis for secure encryption. More generally, it tells us that quantum data and quantum computation are more fundamental than their classical counterparts. As a result, it stands to reason that the Internet of the future will be "fully-quantum," with all participants able to prepare, send, and compute on quantum states. In this talk, I will discuss how such an Internet might be secured. A starting point is to show how to securely transmit many large quantum states using a single short key, and how to authenticate such transmissions. Then, one can attempt to translate many of the great achievements of classical modern cryptography to the quantum setting. In some cases (such as CPA-secure encryption), this is relatively straightforward. In general however, the unique features of quantum-mechanics (such as no-cloning and the destructiveness of measurements) present significant obstacles. I will show how to overcome these obstacles in some cases, and how to design schemes for encrypting quantum states (and detecting forged states) under the strongest possible security guarantees (i.e., CCA.) I will also discuss current work on powerful primitives (such as black-box obfuscation) that are impossible classically but may exist quantumly. See more on this video at https://www.microsoft.com/en-us/research/video/internet-cryptography-quantum-world/
Views: 639 Microsoft Research

20:45
Implementing and Proving the TLS 1.3 Record Layer Cédric Fournet (Microsoft Research) Presented at the 2017 IEEE Symposium on Security & Privacy May 22–24, 2017 San Jose, CA http://www.ieee-security.org/TC/SP2017/ ABSTRACT The record layer is the main bridge between TLS applications and internal sub-protocols. Its core functionality is an elaborate form of authenticated encryption: streams of messages for each sub-protocol (handshake, alert, and application data) are fragmented, multiplexed, and encrypted with optional padding to hide their lengths. Conversely, the subprotocols may provide fresh keys or signal stream termination to the record layer. Compared to prior versions, TLS 1.3 discards obsolete schemes in favor of a common construction for Authenticated Encryption with Associated Data (AEAD), instantiated with algorithms such as AES-GCM and ChaCha20-Polyl305. It differs from TLS 1.2 in its use of padding, associated data and nonces. It also encrypts the content-type used to multiplex between sub-protocols. New protocol features such as early application data (0-RTT and 0.5-RTT) and late handshake messages require additional keys and a more general model of stateful encryption. We build and verify a reference implementation of the TLS record layer and its cryptographic algorithms in F*, a dependency typed language where security and functional guarantees can be specified as pre- and post-conditions. We reduce the high-level security of the record layer to cryptographic assumptions on its ciphers. Each step in the reduction is verified by typing an F* module; for each step that involves a cryptographic assumption, this module precisely captures the corresponding game. We first verify the functional correctness and injectivity properties of our implementations of one-time MAC algorithms (Poly1305 and GHASH) and provide a generic proof of their security given these two properties. We show the security of a generic AEAD construction built from any secure one-time MAC and PRF. We extend AEAD, first to stream encryption, then to length-hiding, multiplexed encryption. Finally, we build a security model of the record layer against an adversary that controls the TLS sub-protocols. We compute concrete security bounds for the AES_128_GCM, AES_256_GCM, and CHACHA20_POLY1305 ciphersuites, and derive recommended limits on sent data before re-keying. We plug our implementation of the record layer into the miTLS library, confirm that they interoperate with Chrome and Firefox, and report initial performance results. Combining our functional correctness, security, and experimental results, we conclude that the new TLS record layer (as described in RFCs and cryptographic standards) is provably secure, and we provide its first verified implementation.

01:29:41
A public ledger is a tamperproof sequence of data that can be read and augmented by everyone. Shared public ledgers stand to revolutionize the way a democratic society operates. They secure all kinds of traditional transactions –such as payments, asset transfers, titling– in the exact order in which they occur; and enable totally new transactions ---such as cryptocurrencies and smart contracts. They can remove intermediaries and usher in a new paradigm for trust. As currently implemented, however, public ledgers cannot achieve their enormous potential. Algorand is a quite alternative, truly democratic, and very efficient way to implement a public ledger. Unlike prior implementations based on proof of work, it requires a negligible amount of computation, and generates a transaction history that will not “fork” with overwhelmingly high probability. Silvio Micali has received his Laurea in Mathematics from the University of Rome, and his PhD in Computer Science from the University of California at Berkeley. Since 1983 he has been on the MIT faculty. Silvio’s research interests are cryptography, zero knowledge, pseudo- random generation, secure protocols, mechanism design, and distributed ledgers. Silvio has received the Turing Award (in computer science), the Gödel Prize (in theoretical computer science), and the RSA prize (in cryptography). He is a member of the National Academy of Sciences, the National Academy of Engineering, and the American Academy of Arts and Sciences
Views: 1746 uwaterloo

29:28
Authors: Eric Crockett (Georgia Institute of Technology) and Chris Peikert (University of Michigan) presented at CCS 2016 - the 23rd ACM Conference on Computer and Communications Security (Hofburg Palace Vienna, Austria / October 24-28, 2016) - organized by SBA Research
Views: 252 CCS 2016

53:57
This talk is part of the CrySP Speaker Series on Privacy. For more information and to view other talks in the series, go to: https://crysp.uwaterloo.ca/speakers/ Constraining Pseudorandom Functions Privately David Wu, Stanford University May 10, 2016 https://crysp.uwaterloo.ca/speakers/20160510-Wu Abstract: In a constrained pseudorandom function (PRF), the holder of the master secret key is able to derive constrained keys with respect to a boolean circuit C. The constrained key can be used to evaluate the PRF on all inputs x for which C(x) = 1. In almost all existing constructions of constrained PRFs, the constrained key itself reveals its underlying constraints. We introduce the concept of private constrained PRFs, which are constrained PRFs with the additional property that the constrained keys do not reveal their constraints. Our main notion of privacy captures the intuition that an adversary, given a constrained key for one of two circuits, is unable to tell which circuit is associated with its key. As a primitive, private constrained PRFs have many natural applications in searchable symmetric encryption, deniable encryption, and more. In this talk, I will introduce our notion of privacy for private constrained PRFs, and describe some of their applications. Finally, I will show how we can construct private constrained PRFs for different classes of constraints using indistinguishability obfuscation or concrete assumptions on multilinear maps. Joint work with Dan Boneh and Kevin Lewi Bio: David Wu is a third-year PhD student in the Department of Computer Science at Stanford University, advised by Dan Boneh. He works on a mix of problems in applied and theoretical cryptography. On the applied side, his work has primarily focused on developing new cryptographic protocols for different privacy-preserving applications, such as database queries, machine learning, and navigation. On the theoretical side, he has worked on constructing new cryptographic primitives from multilinear maps, as well as on several problems related to functional encryption. David is the recipient of an NSF Graduate Research Fellowship.
Views: 216 CrySP at UWaterloo

15:06
Paper by Yashvanth Kondi and Arpita Patra presented at Crypto 2017. See https://www.iacr.org/cryptodb/data/paper.php?pubkey=28217
Views: 147 TheIACR

28:07
Technical talks from the Real World Crypto conference series.
Views: 1746 Real World Crypto

09:31
Views: 29864 LiveOverflow

24:46
Authors: Jonas Schneider, Nils Fleischhacker (CISPA, Saarland University), Dominique Schröder (Friedrich-Alexander-University Erlangen-Nürnberg) and Michael Backes (CISPA, Saarland University) presented at CCS 2016 - the 23rd ACM Conference on Computer and Communications Security (Hofburg Palace Vienna, Austria / October 24-28, 2016) - organized by SBA Research
Views: 143 CCS 2016

29:16
Authors: Kevin Lewi and David J. Wu (Stanford University) presented at CCS 2016 - the 23rd ACM Conference on Computer and Communications Security (Hofburg Palace Vienna, Austria / October 24-28, 2016) - organized by SBA Research
Views: 466 CCS 2016

10:35
Views: 145175 Sujoy Krishna Das

03:33

06:41
Views: 62041 Sujoy Krishna Das

01:08:03
In the last few years garbled circuits (GC) have been elevated from being merely a component in Yao's protocol for secure two-party computation, to a cryptographic primitive in its own right, following the growing number of applications that use GCs. Zero-Knowledge (ZK) protocols is one of these examples: In a recent paper Jawurek et al. [JKO13] showed that GCs can be used to construct efficient ZK proofs for unstructured languages. In this work we show that due to the property of this particular scenario (i.e., one of the parties knows all the secret input bits, and therefore all intermediate values in the computation), we can construct more efficient garbling schemes specifically tailored to this goal. As a highlight of our result, in one of our constructions only one ciphertext per gate needs to be communicated and XOR gates never require any cryptographic operations. In addition to making a step forward towards more practical ZK, we believe that our contribution is also interesting from a conceptual point of view: in the terminology of Bellare et al. [BHR12] our garbling schemes achieve au- thenticity, but no privacy nor obliviousness, therefore representing the first natural separation between those notions. The paper this talk is based on was presented at Eurocrypt 2015 and is a joint work with Jesper Buus Nielsen and Claudio Orlandi
Views: 243 Microsoft Research

21:33
Yuanxi Dai and John P. Steinberger, Crypto 2016. See http://www.iacr.org/cryptodb/data/paper.php?pubkey=27683
Views: 234 TheIACR

19:23
Paper by Xiong Fan and Chaya Ganesh and Vladimir Kolesnikov presented at Eurocrypt 2017. See https://iacr.org/cryptodb/data/paper.php?pubkey=28035
Views: 67 TheIACR

39:20
Noam Nisan - On the borders of Border's Theorem Border's theorem characterizes the possible (interim) allocation probabilities in a single item auction. It has received much interest lately in Algorithmic Mechanism Design as it allows optimization in Mechanism Design using polynomial-size linear programs rather than the natural exponential-size ones. Known Generalizations of Border's theorem beyond the simple case of single item auctions are either very limited or are only approximate. This talk will explain why significant extensions of Border’s theorem are impossible, assuming standard Computational Complexity assumption. Our proof will take us on a journey from simple questions regarding marginal probabilities in probability spaces, to Revenue maximization in Mechanism Design, to Boolean function Analysis, to #P, and back. Joint work with Parikshit Gopalan and Tim Roughgarden.
Views: 165 Microsoft Research

01:16
Institution: National Research University Higher School of Economics Specialization: "Introduction to Discrete Mathematics for Computer Science" _________________________________________________________________ URL: https://www.coursera.org/specializations/discrete-mathematics _________________________________________________________________ HSE online courses catalogue: https://elearning.hse.ru/en/mooc/ About the Specialization: Discrete Math is needed to see mathematical structures in the object you work with, and understand their properties. This ability is important for software engineers, data scientists, security and financial analysts (it is not a coincidence that math puzzles are often used for interviews). We cover the basic notions and results (combinatorics, graphs, probability, number theory) that are universally needed. To deliver techniques and ideas in discrete mathematics to the learner we extensively use interactive puzzles specially created for this specialization. To bring the learners experience closer to IT-applications we incorporate programming examples, problems and projects in our courses. Authors: HSE, UCSD Taught by: Vladimir Podolskii, Michael Levin, Alexander S. Kulikov E-mail: [email protected]
Views: 455 Courses in Russia

57:36
Discrete Mathematics by Dr. Sugata Gangopadhyay & Dr. Aditi Gangopadhyay,Department of Mathematics,IIT Roorkee.For more details on NPTEL visit http://nptel.ac.in
Views: 1039 nptelhrd

30:58
Technical talks from the Real World Crypto conference series.
Views: 781 Real World Crypto

19:16
Talk at pkc 2010. Authors: David Mandell Freeman, Oded Goldreich, Eike Kiltz, Alon Rosen, Gil Segev. See http://www.iacr.org/cryptodb/data/paper.php?pubkey=23423
Views: 284 TheIACR

01:23:10
In this talk, I would like to discuss three research works. First, related to quantum applications, I would like to discuss the quantum partial search algorithms. Specifically, I will discuss how to generalize the single target block search case into the multiple target block search case. At the same time, I will show how to achieve sure success of the partial search. Second, related to quantum cryptanalysis, I would like to discuss how the quantum computer can be used for analyzing the Boolean functions, specially some secure properties. I will explain how Grover search algorithm can be used for analyzing the weight of Boolean functions where the weight is the ratio of solutions over the input. Its generalization for asymmetric case and multiple weights cases will be discussed. At the same time their optimality has been proved. Meanwhile for the actual secure primitives I will describe how the quantum computation can be used for resiliency checking problem. Third, related to quantum computer system, I would like to show an addition circuit on the 2D NTC architecture and their optimality. At the same time I will propose a way how to generated quantum LDPC code from any binary matrix. Also some current works on the layout and scheduling of logical tiles will be discussed. In each category, I will explain some future work. For example, quantum machine learning on the Boolean functions, quantum query/circuit complexities on the secure property checking, and the quantum error-correction code conversion methods will be touched.
Views: 86 Microsoft Research

55:55
Dynamic Searchable Symmetric Encryption allows a client to store a dynamic collection of encrypted documents with a server, and later quickly carry out keyword searches on these encrypted documents, while revealing minimal information to the server. In this paper we present a new dynamic SSE scheme that is simpler and more efficient than existing schemes while revealing less information to the server than prior schemes, achieving fully adaptive security against honest-but-curious servers. We implemented a prototype of our scheme and demonstrated its efficiency on datasets from prior work. Apart from its concrete efficiency, our scheme is also simpler: in particular, it does not require the server to support any operation other than upload and download of data. Thus the server in our scheme can be based solely on a cloud storage service, rather than a cloud computation service as well, as in prior work. In building our dynamic SSE scheme, we introduce a new primitive called Blind Storage, which allows a client to store a set of files on a remote server in such a way that the server does not learn how many files are stored, or the lengths of the individual files; as each file is retrieved, the server learns about its existence (and can notice the same file being downloaded subsequently), but the file’s name and contents are not revealed. This is a primitive with several applications other than SSE, and is of independent interest.
Views: 581 Microsoft Research

04:33
Views: 81256 Sujoy Krishna Das

01:18:18
MIT 6.858 Computer Systems Security, Fall 2014 View the complete course: http://ocw.mit.edu/6-858F14 Instructor: Nickolai Zeldovich In this lecture, Professor Zeldovich discusses how to cryptographically protect network communications, as well as how to integrate cryptographic protection of network traffic into the web security model. License: Creative Commons BY-NC-SA More information at http://ocw.mit.edu/terms More courses at http://ocw.mit.edu
Views: 72000 MIT OpenCourseWare

15:33
Paper by Axel Mathieu-Mahias and Michaël Quisquater, presented at CHES 2018. See https://www.iacr.org/cryptodb/data/paper.php?pubkey=28959
Views: 24 TheIACR

14:22
Views: 31366 Sujoy Krishna Das

23:08
Talk 1: Cynthia Dwork and Vitaly Feldman Privacy-preserving Prediction ABSTRACT. Ensuring differential privacy of models learned from sensitive user data is an important goal that has been studied extensively in recent years. It is now known that for some basic learning problems, especially those involving high-dimensional data, producing an accurate private model requires much more data than learning without privacy. At the same time, in many applications it is not necessary to expose the model itself. Instead users may be allowed to query the prediction model on their inputs only through an appropriate interface. Here we formulate the problem of ensuring privacy of individual predictions and investigate the overheads required to achieve it in several standard models of classification and regression. We first describe a simple baseline approach based on training several models on disjoint subsets of data and using standard private aggregation techniques to predict. We show that this approach has nearly optimal sample complexity for (realizable) PAC learning of any class of Boolean functions. At the same time, without strong assumptions on the data distribution, the aggregation step introduces a substantial overhead. We demonstrate that this overhead can be avoided for the well-studied class of thresholds on a line and for a number of standard settings of convex regression. The analysis of our algorithm for learning thresholds relies crucially on strong generalization guarantees that we establish for all prediction private algorithms. Talk 2: Vitaly Feldman and Thomas Steinke Calibrating Noise to Variance in Adaptive Data Analysis ABSTRACT. Datasets are often used multiple times and each successive analysis may depend on the outcome of previous analyses. Standard techniques for ensuring generalization and statistical validity do not account for this adaptive dependence. A recent line of work studies the challenges that arise from such adaptive data reuse by considering the problem of answering a sequence of queries'' about the data distribution where each query may depend arbitrarily on answers to previous queries. The strongest results obtained for this problem rely on differential privacy -- a strong notion of algorithmic stability with the important property that it composes'' well when data is reused. However the notion is rather strict, as it requires stability under replacement of an arbitrary data element. The simplest algorithm is to add Gaussian (or Laplace) noise to distort the empirical answers. However, analysing this technique using differential privacy yields suboptimal accuracy guarantees when the queries have low variance. Here we propose a relaxed notion of stability that also composes adaptively. We demonstrate that a simple and natural algorithm based on adding noise scaled to the standard deviation of the query provides our notion of stability. This implies an algorithm that can answer statistical queries about the dataset with substantially improved accuracy guarantees for low-variance queries. The only previous approach that provides such accuracy guarantees is based on a more involved differentially private median-of-means algorithm and its analysis exploits stronger group'' stability of the algorithm.
Views: 63 COLT

01:19
Views: 822 Rezky Wulandari

09:26
http://www.youtube.com/sujoyn70 Today I'll tell you how to calculate Simple Interest(SI) & Compound Interest(CI) using the Casio fx-991ES Scientific Calculator, also tell you some special formulas related to Compound Interest. And how to find-out the answer directly on the Casio fx-991ES Scientific Calculator by programming the calculator! Topics Included- 1. Calculating Simple Interest(SI) on Casio fx-991ES 2. Formulas for interest compounded annually,compounded half-yearly,compounded quarterly, compounded monthly and compounded daily. 3. Compound Interest(CI) Calculations on Casio fx-991ES- i) Word problem- In how much time will the principle treble(triple) itself at given rate of interest,compounded annually? ii) Word problem- In how much time will the principle double itself at given rate of interest,compounded semi-annually? 4. Finding the time value directly on the Casio fx-991ES Scientific Calculator by programming the calculator. I make videos on Statistics,Numerical Methods, Business & Financial Mathematics,Operation Research,Computer Science & Engineering(CSE),Android Application Reviews,India Travel & Tourism,Street Foods,Life Tips and many other topics. And a series of videos showing how to use your scientific calculators Casio fx-991ES & fx-82MS to do maths easily. Subscribe to my youtube channel below- http://www.youtube.com/sujoyn70 My blog- http://www.sujoyn70.blogspot.com Incoming Tags- z score statistics,find mean median mode statistics in ms excel,variance,standard deviation,linear regression,data processing,confidence intervals,average value,probability theory,binomial distribution,matrix,random numbers,error propagation,t statistics analysis,hypothesis testing,theorem,chi square,time series,data collection,sampling,p value,scatterplots,statistics lectures,statistics tutorials,business mathematics statistics,share stock market statistics in calculator,business analytics,GTA,continuous frequency distribution,statistics mathematics in real life,modal class,n is even,n is odd,median mean of series of numbers,math help,Sujoy Krishna Das,n+1/2 element,measurement of variation,measurement of central tendency,range of numbers,interquartile range,casio fx991,casio fx82,casio fx570,casio fx115es,casio 9860,casio 9750,casio 83gt,TI BAII+ financial,casio piano,casio calculator tricks and hacks,how to cheat in exam and not get caught,grouped interval data,equation of triangle rectangle curve parabola hyperbola,graph theory,operation research(OR),numerical methods,decision making,pie chart,bar graph,computer data analysis,histogram,statistics formula,matlab tutorial,find arithmetic mean geometric mean,find population standard deviation,find sample standard deviation,how to use a graphic calculator,pre algebra,pre calculus,absolute deviation,TI Nspire,TI 84 TI83 calculator tutorial,texas instruments calculator,grouped data,set theory,IIT JEE,AIEEE,GCSE,CAT,MAT,SAT,MAT,MBBS,JELET,JEXPO,VOCLET,Indiastudychannel,IAS,IPS,IFS,GATE,B-Tech,M-Tech,AMIE,MBA,BBA,BCA,MCA,XAT,TOEFL,CBSE,ICSE,HS,WBUT,SSC,IUPAC,Narendra Modi,Sachin Tendulkar Farewell Speech,Dhoom 3,Arvind Kejriwal,maths revision,how to score good marks in exams,how to pass math exams easily,JEE 12th physics chemistry maths PCM,JEE maths shortcut techniques,quadratic equations,competition exams tips and ticks,competition maths,govt job,JEE KOTA,college math,mean value theorem,L hospital rule,tech guru awaaz,derivation,cryptography,iphone 5 fingerprint hack,crash course,CCNA,converting fractions,solve word problem,cipher,game theory,GDP,how to earn money online on youtube,demand curve,computer science,prime factorization,LCM & GCF,gauss elimination,vector,complex numbers,number systems,vector algebra,logarithm,trigonometry,organic chemistry,electrical math problem,eigen value eigen vectors,runge kutta,gauss jordan,simpson 1/3 3/8 trapezoidal rule,solved problem example,newton raphson,interpolation,integration,differentiation,regula falsi,programming,algorithm,gauss seidel,gauss jacobi,taylor series,iteration,binary arithmetic,logic gates,matrix inverse,determinant of matrix,matrix calculator program,sex in ranchi,sex in kolkata,vogel approximation VAM optimization problem,North west NWCR,Matrix minima,Modi method,assignment problem,transportation problem,simplex,k map,boolean algebra,android,casio FC 200v 100v financial,management mathematics tutorials,net present value NPV,time value of money TVM,internal rate of return IRR Bond price,present value PV and future value FV of annuity casio,simple interest SI & compound interest CI casio,break even point,comedy,quantitative aptitude, cognitive computing,IBM Watson
Views: 41565 Sujoy Krishna Das

53:54
"We present a new scheme for quantum homomorphic encryption which is compact and allows for efficient evaluation of arbitrary polynomial-sized quantum circuits. Building on the framework of Broadbent and Jeffery and recent results in the area of instantaneous non-local quantum computation, we show how to construct quantum gadgets that allow perfect correction of the errors which occur during the homomorphic evaluation of T gates on encrypted quantum data. Our scheme can be based on any classical (leveled) fully homomorphic encryption (FHE) scheme and requires no computational assumptions besides those already used by the classical scheme. The size of our quantum gadget depends on the space complexity of the classical decryption function -- which aligns well with the current efforts to minimize the complexity of the decryption function. Our scheme (or slight variants of it) offers a number of additional advantages such as ideal compactness, the ability to supply gadgets ""on demand"", circuit privacy for the evaluator against passive adversaries, and a three-round scheme for blind delegated quantum computation which puts only very limited demands on the quantum abilities of the client."
Views: 191 Microsoft Research