scholarly journals Multi-moduli NTTs for Saber on Cortex-M3 and Cortex-M4

2021 ◽  
pp. 127-151
Author(s):  
Amin Abdulrahman ◽  
Jiun-Peng Chen ◽  
Yu-Jia Chen ◽  
Vincent Hwang ◽  
Matthias J. Kannwischer ◽  
...  
Keyword(s):  
Recent Work ◽  
Design Space ◽  
Close Relation ◽  
Speed Optimization ◽  
Memory Time ◽  
Standardization Process ◽  
Post Quantum Cryptography ◽  
Open Question ◽  
Base Polynomial ◽  
The U.S

The U.S. National Institute of Standards and Technology (NIST) has designated ARM microcontrollers as an important benchmarking platform for its Post-Quantum Cryptography standardization process (NISTPQC). In view of this, we explore the design space of the NISTPQC finalist Saber on the Cortex-M4 and its close relation, the Cortex-M3. In the process, we investigate various optimization strategies and memory-time tradeoffs for number-theoretic transforms (NTTs).Recent work by [Chung et al., TCHES 2021 (2)] has shown that NTT multiplication is superior compared to Toom–Cook multiplication for unprotected Saber implementations on the Cortex-M4 in terms of speed. However, it remains unclear if NTT multiplication can outperform Toom–Cook in masked implementations of Saber. Additionally, it is an open question if Saber with NTTs can outperform Toom–Cook in terms of stack usage. We answer both questions in the affirmative. Additionally, we present a Cortex-M3 implementation of Saber using NTTs outperforming an existing Toom–Cook implementation. Our stack-optimized unprotected M4 implementation uses around the same amount of stack as the most stack-optimized Toom–Cook implementation while being 33%-41% faster. Our speed-optimized masked M4 implementation is 16% faster than the fastest masked implementation using Toom–Cook. For the Cortex-M3, we outperform existing implementations by 29%-35% in speed. We conclude that for both stack- and speed-optimization purposes, one should base polynomial multiplications in Saber on the NTT rather than Toom–Cook for the Cortex-M4 and Cortex-M3. In particular, in many cases, multi-moduli NTTs perform best.

scholarly journals Complexity of super-coherence problems in ASP

2013 ◽  
Vol 14 (3) ◽  
pp. 339-361 ◽  
Author(s):  
MARIO ALVIANO ◽  
WOLFGANG FABER ◽  
STEFAN WOLTRAN
Keyword(s):  
Recent Work ◽  
Practical Interest ◽  
Answer Set Programming ◽  
Large Fragment ◽  
Database Theory ◽  
Magic Set ◽  
Open Question ◽  
The Given ◽  
Difficult Part ◽  
Answer Set

AbstractAdapting techniques from database theory in order to optimize Answer Set Programming (ASP) systems, and in particular the grounding components of ASP systems, is an important topic in ASP. In recent years, the Magic Set method has received some interest in this setting, and a variant of it, called Dynamic Magic Set, has been proposed for ASP. However, this technique has a caveat, because it is not correct (in the sense of being query-equivalent) for all ASP programs. In a recent work, a large fragment of ASP programs, referred to assuper-coherent programs, has been identified, for which Dynamic Magic Set is correct. The fragment contains all programs which possess at least one answer set, no matter which set of facts is added to them. Two open question remained: How complex is it to determine whether a given program is super-coherent? Does the restriction to super-coherent programs limit the problems that can be solved? Especially the first question turned out to be quite difficult to answer precisely. In this paper, we formally prove that deciding whether a propositional program is super-coherent is Π3P-complete in the disjunctive case, while it is Π2P-complete for normal programs. The hardness proofs are the difficult part in this endeavor: We proceed by characterizing the reductions by the models and reduct models which the ASP programs should have, and then provide instantiations that meet the given specifications. Concerning the second question, we show that all relevant ASP reasoning tasks can be transformed into tasks over super-coherent programs, although this transformation is more of theoretical than practical interest.

scholarly journals Some Recent Work of the U.S. Geological Survey in the Western States 1

Nature ◽  
1905 ◽  
Vol 71 (1845) ◽  
pp. 450-452
Author(s):  
G. W. L.
Keyword(s):  
Recent Work ◽  
Geological Survey ◽  
The U.S

ON THE SPECIFIC HEAT OF COPPER FROM −78° TO 0 °C.

1933 ◽  
Vol 9 (1) ◽  
pp. 84-93 ◽  
Author(s):  
S. M. Dockerty
Keyword(s):  
Specific Heat ◽  
Recent Work ◽  
Adiabatic Calorimetry ◽  
Close Relation ◽  
Experimental Curve ◽  
Electrical Heating ◽  
Maximum Deviation ◽  
Specific Heats ◽  
Expected Values

This paper is a continuation of recent work by H. L. Bronson, H. M. Chisholm, and the author (3) on the specific heats of tungsten, molybdenum, and copper from 0° to 500 °C. The "method of electrical heating" and adiabatic calorimetry have been extended to determine the specific heat of copper from −78° to 0 °C.The equation previously given for the specific heat of copper contained only the first two terms of the Debye expansion and was found not to hold below −30 °C. The following equation containing four terms of the Debye expansion fits the experimental curve from −78° to 500 °C. with a maximum deviation of only about 0.05%,[Formula: see text]where the units are joules per gram per °K. The constants of this equation were determined empirically and their close relation to theoretically expected values has been discussed.

scholarly journals “Clear Eyes, Full Hearts, Can’t Lose”: Friday Night Lights and Victorian Fictions of Provincial Life

2014 ◽  
Author(s):  
Amy M. King
Keyword(s):  
High School ◽  
Everyday Life ◽  
Recent Work ◽  
Television Series ◽  
High School Football ◽  
Class Mobility ◽  
Football Team ◽  
Night Lights ◽  
Friday Night ◽  
The U.S

Friday Night Lights, the 2006-2011 television series about a Texas high school football team, owes a debt to readers of Victorian fictions of everyday life and provincial fiction. Habituated to the quotidian, readers of Victorian fictions of provincial life are arguably the best equipped for understanding the critically-acclaimed television series, for in it, like the fiction that precedes it, hardly anything of moment happens. Plot and telos are hardly the point; the series locates its energies in the stuff of everyday life rather than in the logic of suspense. Recent work on the provincial novel helps us understand the politics of FNL in a way that goes beyond its own explicit themes of race, class mobility, and education. That both the Democratic and Republican candidates for the U.S. presidency in 2012 used the fictional team’s mantra—“Clear Eyes, Full Heart, Can’t Lose”—suggests the extent to which the ideas of the show tapped into a politics about nation. Paradoxically, the show’s deliberately provincial scope allowed it symbolically to unify the nation.

scholarly journals Will You Cross the Threshold for Me?

2021 ◽  
pp. 722-761
Author(s):  
Prasanna Ravi ◽  
Martianus Frederic Ezerman ◽  
Shivam Bhasin ◽  
Anupam Chattopadhyay ◽  
Sujoy Sinha Roy
Keyword(s):  
Experimental Validation ◽  
Side Channel ◽  
Secret Key ◽  
Intermediate Variable ◽  
Side Channels ◽  
Different Types ◽  
Protection Strategies ◽  
Standardization Process ◽  
Post Quantum Cryptography ◽  
Decryption Oracle

In this work, we propose generic and novel side-channel assisted chosenciphertext attacks on NTRU-based key encapsulation mechanisms (KEMs). These KEMs are IND-CCA secure, that is, they are secure in the chosen-ciphertext model. Our attacks involve the construction of malformed ciphertexts. When decapsulated by the target device, these ciphertexts ensure that a targeted intermediate variable becomes very closely related to the secret key. An attacker, who can obtain information about the secret-dependent variable through side-channels, can subsequently recover the full secret key. We propose several novel CCAs which can be carried through by using side-channel leakage from the decapsulation procedure. The attacks instantiate three different types of oracles, namely a plaintext-checking oracle, a decryptionfailure oracle, and a full-decryption oracle, and are applicable to two NTRU-based schemes, which are NTRU and NTRU Prime. The two schemes are candidates in the ongoing NIST standardization process for post-quantum cryptography. We perform experimental validation of the attacks on optimized and unprotected implementations of NTRU-based schemes, taken from the open-source pqm4 library, using the EM-based side-channel on the 32-bit ARM Cortex-M4 microcontroller. All of our proposed attacks are capable of recovering the full secret key in only a few thousand chosen ciphertext queries on all parameter sets of NTRU and NTRU Prime. Our attacks, therefore, stress on the need for concrete side-channel protection strategies for NTRUbased KEMs.

scholarly journals Security analysis of Subterranean 2.0

2021 ◽  
Author(s):  
Ling Song ◽  
Yi Tu ◽  
Danping Shi ◽  
Lei Hu
Keyword(s):  
Security Analysis ◽  
Differential Analysis ◽  
Round Function ◽  
State Recovery ◽  
Linear Layer ◽  
Non Linear ◽  
Standardization Process ◽  
Open Question ◽  
First Time ◽  
Bias Evaluation

AbstractSubterranean 2.0 is a cipher suite that can be used for hashing, authenticated encryption, MAC computation, etc. It was designed by Daemen, Massolino, Mehrdad, and Rotella, and has been selected as a candidate in the second round of NIST’s lightweight cryptography standardization process. Subterranean 2.0 is a duplex-based construction and utilizes a single-round permutation in the duplex. It is the simplicity of the round function that makes it an attractive target of cryptanalysis. In this paper, we examine the single-round permutation in various phases of Subterranean 2.0 and specify three related attack scenarios that deserve further investigation: keystream biases in the keyed squeezing phase, state collisions in the keyed absorbing phase, and one-round differential analysis in the nonce-misuse setting. To facilitate cryptanalysis in the first two scenarios, we novelly propose a set of size-reduced toy versions of Subterranean 2.0: Subterranean-m. Then we make an observation for the first time on the resemblance between the non-linear layer in the round function of Subterranean 2.0 and SIMON’s round function. Inspired by the existing work on SIMON, we propose explicit formulas for computing the exact correlation of linear trails of Subterranean 2.0 and other ciphers utilizing similar non-linear operations. We then construct our models for searching trails to be used in the keystream bias evaluation and state collision attacks. Our results show that most instances of Subterranean-m are secure in the first two attack scenarios but there exist instances that are not. Further, we find a flaw in the designers’ reasoning of Subterranean 2.0’s linear bias but support the designers’ claim that there is no linear bias measurable from at most $$2^{96}$$ 2 96 data blocks. Due to the time-consuming search, the security of Subterranean 2.0 against the state collision attack in keyed modes still remains an open question. Finally, we observe that one-round differentials allow to recover state bits in the nonce-misuse setting. By proposing nested one-round differentials, we obtain a sufficient number of state bits, leading to a practical state recovery with only 20 repetitions of the nonce and 88 blocks of data. It is noted that our work does not threaten the security of Subterranean 2.0.

scholarly journals Political Activity Indicators in Public Opinion Surveys

2020 ◽  
Vol 31 (4) ◽  
Author(s):  
Vladas Gaidys
Keyword(s):  
Public Opinion ◽  
Close Relation ◽  
Political Activity ◽  
Main Attention ◽  
Negative Attitudes ◽  
Positive Attitudes ◽  
Public Opinion Surveys ◽  
Before And After ◽  
The Difference ◽  
Open Question

Indicators of regular public opinion surveys are analysed in the aspect of political activity. The main attention of analysis was focused on the indicators of voting preferences ‘will not vote’, ‘don’t know’ and ‘no answer’, also on frequencies of mentioning popular politicians in an open question, neutral answers to questions about trust in President and Seimas. The empirical basis of the paper is surveys conducted in 1989–2020 and the joined file of eleven surveys in 2019. The analysis of the data shows the difference in the answers ‘don’t know who to vote for’ before and after the elections: after the elections a considerably bigger part of respondents have their opinion on voting preferences. In an open question ‘Which politicians, in your opinion, best represent your interests?’, the highest result was fixed in 1989–1990, in the time of the highest political activity in society, and the lowest was fixed in the 20s. The neutral evaluations of President are in a close connection with positive attitudes to this institution and the neutral evaluations of Seimas are in a close relation with negative attitudes to this institution.

Can a Weld in Welded Structure Be Made With Zero Residual Stress?

2015 ◽  
Author(s):  
Stanislav Tchernov ◽  
John A. Goldak
Keyword(s):  
Residual Stress ◽  
Optimization Problem ◽  
Design Space ◽  
Design Parameters ◽  
Cpu Time ◽  
Welded Structure ◽  
Transverse Distance ◽  
Heated Area ◽  
Open Question ◽  
Heater Design

While solving a sequence of seventeen optimization projects to predict the values of the side heater parameters that would be expected to minimize camber distortion in an edge welded bar, the design parameters that reduced distortion to effectively zero were not unique. This raised the question if any of the designs that minimized the distortion effectively to zero also minimized the residual stress. To answer this question three different measures of residual stress were evaluated for all 1451 designs. The Computational Weld Mechanics (CWM) optimization problem is to find the best point in the 4D space of side heater design parameters: flux, heated area, longitudinal and transverse distance from the weld such that the final residual stress is as low as possible (minimized). To evaluate the objective function for each point in the 4D design space, the associated 3D transient non-linear thermal visco-elastic-plastic stress analyzes was solved. A FEM mesh with 6600 8-node brick elements and 9438 nodes was solved for 166 time steps in 10 minutes of single-core CPU time. In the seventeen optimization projects, 1451 weld analyses were solved in 75 quad-core CPU hours by one person in two calendar weeks. The residual stress was effectively reduced to zero in some designs. These designs also reduced distortion to effectively zero. Whether a design that effectively reduces the residual stress to zero is unique remains an open question.

scholarly journals Designing Efficient Dyadic Operations for Cryptographic Applications

2020 ◽  
Vol 14 (1) ◽  
pp. 95-109
Author(s):  
Gustavo Banegas ◽  
Paulo S. L. M. Barreto ◽  
Edoardo Persichetti ◽  
Paolo Santini
Keyword(s):  
Automorphism Group ◽  
Quantum Cryptography ◽  
Coding Theory ◽  
Linear Codes ◽  
Key Exchange ◽  
Independent Interest ◽  
Symmetric Matrices ◽  
Cryptographic Primitives ◽  
Standardization Process ◽  
Post Quantum Cryptography

AbstractCryptographic primitives from coding theory are some of the most promising candidates for NIST’s Post-Quantum Cryptography Standardization process. In this paper, we introduce a variety of techniques to improve operations on dyadic matrices, a particular type of symmetric matrices that appear in the automorphism group of certain linear codes. Besides the independent interest, these techniques find an immediate application in practice. In fact, one of the candidates for the Key Exchange functionality, called DAGS, makes use of quasi-dyadic matrices to provide compact keys for the scheme.

Realism, Naturalism, and Moral Semantics

2001 ◽  
Vol 18 (2) ◽  
pp. 154-176 ◽  
Author(s):  
David O. Brink
Keyword(s):  
Recent Work ◽  
Philosophy Of Language ◽  
Moral Realism ◽  
Direct Reference ◽  
Ethical Naturalism ◽  
Moral Beliefs ◽  
First Approximation ◽  
Open Question Argument ◽  
The World ◽  
Open Question

The prospects for moral realism and ethical naturalism have been important parts of recent debates within metaethics. As a first approximation,moral realismis the claim that there are facts or truths about moral matters that are objective in the sense that they obtain independently of the moral beliefs or attitudes of appraisers.Ethical naturalismis the claim that moral properties of people, actions, and institutions are natural, rather than occult or supernatural, features of the world. Though these metaethical debates remain unsettled, several people, myself included, have tried to defend the plausibility of both moral realism and ethical naturalism. I, among others, have appealed to recent work in the philosophy of language—in particular, to so-called theories of “direct reference” —to defend ethical naturalism against a variety of semantic worries, including G. E. Moore's “open question argument.” In response to these arguments, critics have expressed doubts about the compatibility of moral realism and direct reference. In this essay, I explain these doubts, and then sketch the beginnings of an answer—but understanding both the doubts and my answer requires some intellectual background.

Sign in / Sign up

Export Citation Format

Share Document