DOCSLIB.ORG

Failure of the Point Blinding Countermeasure Against Fault Attack in Pairing-Based Cryptography Nadia El Mrabet, Emmanuel Fouotsa

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Failure of the Point Blinding Countermeasure Against Fault Attack in Pairing-Based Cryptography Nadia El Mrabet, Emmanuel Fouotsa Failure of the Point Blinding Countermeasure Against Fault Attack in Pairing-Based Cryptography Nadia El Mrabet, Emmanuel Fouotsa To cite this version: Nadia El Mrabet, Emmanuel Fouotsa. Failure of the Point Blinding Countermeasure Against Fault Attack in Pairing-Based Cryptography. 2015, 10.1007/978-3-319-18681-8_21. hal-01197148 HAL Id: hal-01197148 https://hal.archives-ouvertes.fr/hal-01197148 Submitted on 11 Sep 2015 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Failure of the Point Blinding Countermeasure against Fault Attack in Pairing-Based Cryptography ? Nadia EL MRABET1 and Emmanuel FOUOTSA2 (1) LIASD − Universit´eParis 8 -France - [email protected] (1) SAS - CMP Gardanne - France - [email protected] (2) Dep of Mathematics, Higher Teacher's Training College, University of Bamenda - Cameroun (2) LMNO − Universit´ede Caen - France - [email protected] Abstract. Pairings are mathematical tools that have been proven to be very useful in the con- struction of many cryptographic protocols. Some of these protocols are suitable for implementation on power constrained devices such as smart cards or smartphone which are subject to side channel attacks. In this paper, we analyse the efficiency of the point blinding countermeasure in pairing based cryptography against side channel attacks. In particular,we show that this countermeasure does not protect Miller's algorithm for pairing computation against fault attack. We then give rec- ommendation for a secure implementation of a pairing based protocol using the Miller algorithm. Key words: Miller's algorithm, Identity Based Cryptography, Side Channel Attacks, Fault Attacks, Countermeasure. 1 Introduction Pairings are bilinear maps defined on the group of rationals points of elliptic or hyper elliptic curves [36]. Nowadays, more and more protocols using pairings are proposed in the literature [10, 21, 6]. Among these protocols, only those constructed on the identity based model involve a se- cret which is one of the argument during the computation of a pairing. The implementation of a pairing based protocol is efficient enough to allow the use of pairing based cryptography on power constrained device such as smart cards and mobile phones [31, 22, 19]. Smart cards are by nature sensitive to side channel attacks. Side channel attacks are powerful attacks that use the implementation of a protocol to obtain information on the secret. They are divided into two families: invasive and non invasive attacks. Invasive attacks are based on the model of fault attacks. The execution of a protocol is disturbed, the result is then a faulty one and the analysis of this faulty result can provide information on the secret. In non invasive attacks, the information can be leaked by the time of execution, the electric consumption or the elec- tromagnetic emission of the device. Several works have investigated the robustness of identity based cryptography to side channel attacks. They are mainly focused on fault attacks [27, 37, 11, 2]. Few works consider differential power analysis attack [27, 13, 5]. As the secret during an identity based protocol can be recovered by side channel attacks, several countermeasures were proposed. Those countermeasures are the same for invasive and non invasive attacks [14]. In [16], Ghosh, Mulhopadhyay and Chowdhury proposed an analysis of countermeasures to fault attack presented in [27]: the new point blinding method and the alliterating point blinding method. They concluded that the countermeasures are not sufficient and proposed new one. However, ? This work was supported in part by the French ANR-12-INSE-0014 SIMPATIC Project. The second author is supported by The Simons Foundations through Pole of Research in Mathematics with applications to Infor- mation Security, Subsaharan Africa their explanations on the non efficiency of the countermeasure are not convincing. Later, Park et al. [28] clearly exposed the weaknesses of the point blinding technique against fault attacks described by Page and Vercauteren [27]. In this article we analyze and extend the work in [16, 28] on the efficiency of the point blinding countermeasure in pairing based cryptography. Especially, we generalize the attack of Park et al. [28] and expose its failure to protect the Miller algorithm, main tool in pairing computation. As the most efficient pairings are constructed on the model of the Tate pairing, we focus on the Miller algorithm, used for the Tate pairing considering Weierstrass elliptic curve. Obviously, this analysis is the same for the (optimal ) Ate, twisted Ate or pairing lattices; and for every model of elliptic curve or coordinates. The rest of this paper is organized as follows: The Section 2 presents brief concepts on pairings that are useful to understand this work. In Section 3 we present side channel attacks with emphasis on fault attacks in pairing based cryptography. In Section 4 we explicitly demonstrate that the point blinding countermeasure fails to protect the Miller algorithm against fault attack. Finally we conclude the work in Section 6. 2 Background on pairings In this section, we briefly recall basics on pairings and on the Miller algorithm [25], main tool for an efficient computation of pairings. Let E be an elliptic curve defined over a finite field Fq, with q a prime number or a power of a prime. The neutral element of the additive group law defined on the set of rational points of E is denoted P1. Let r be a large prime divisor of the group order ]E(Fq) and k the embedding degree of E with respect to r, i.e. the smallest integer k such that k r divides q − 1. The integer k is also the smallest integer such that E Fq [r] ⊂ E(Fqk ), where E Fq [r] = fP 2 E Fq :[r]P = P1g with [r]P = P + P + ::: + P and Fq is the algebraic | {z } r times closure of Fq. In general , the sizes of r, q and k are dependent from the security level and the currently recommendations are at least r > 2160 and qk > 22024 [15]. The recent results for the discrete logarithm problem [20, 3] imply that the number q must be a large prime number. The security recommendations allow the choice of k to be a product of power of 2 and 3. A consequence of the fact that k ≡ 0 mod 2 is the use of a twist representation for the point Q. This representation using a twisted elliptic curve allow the denominator elimination optimization [23]. Definition of a twisted elliptic curve. We explain here the concept of twist of elliptic curve in the context of Weierstrass elliptic curve. This will help us to understand the choice of the coordinates of points in Section 4. The quadratic twist of the elliptic curve E : y2 = x3 + ax + b ~ 1 2 3 over Fpk is the elliptic curve E : ν y = x + ax + b where f1; νg is a basis of Fqk as Fqk=2 vector space. The two curves are isomorphic via ~ : E(F k=2 ) −! E(Fqk ) q p (x; y) 7−! (x; y ν): This isomorphism is particularly useful since it enables to take the point Q 2 E(Fqk ) in 0 0 the following manner Q = (Q ) where Q = (xQ; yQ) with xQ; yQ 2 Fqk=2 . This ensures an efficient computation since many computations will be consequently done instead in the subfield Fqk=2 and more interestingly, it enables to avoid the inversions in the Miller algorithm. This elimination is the denominator elimination [23]. Indeed, if P1(x1; y1) and P2(x2; y2) are two points of the elliptic curve in Weierstrass form 2 3 E : y = x + ax + b then the function hP1;P2 with divisor Div(hP1;P2 ) = (P1) + (P2) − (P1 + P2) − (P1); `P1;P2 is hP1;P2 = where `P1;P2 is the straight line defining P1+P2 and vP1+P2 is the corresponding vP1+P2 vertical line passing through P1 + P2. Explicitly, we have y − λx − α hP1;P2 (x; y) = ; x − x3 2 y2 − y1 3x1 + a where x3 is the first coordinate of P1 + P2 and λ = if P1 6= P2, λ = if x2 − x1 2y1 P1 = P2 and α = y1 − λx1. In the particular case of doubling (P1 = P2), a straightforward computation gives, after X1 Y1 changing to Jacobian coordinates (x1 = 2 , y1 = 3 ) Z1 Z1 3 p 2 2 4 2 p 2Y1Z1 yQ ν − 2Y1 − (3X1 + aZ1 )(xQZ1 − X1) hP1;P1 (Q) = hP1;P2 (xQ; yQ ν) = 3 ; 2Y1Z1 (xQ − x3) We then remark that the denominator of the previous expression is an element of Fqk=2 and consequently will be equal to 1 during the final exponentiation. So the main expression that will be used in the Miller algorithm is: p 3 p 2 2 4 2 hP1;P1 (Q) = hP1;P2 (xQ; yQ ν) = 2Y1Z1 yQ ν − 2Y1 − (3X1 + aZ1 )(xQZ1 − X1) (1) The expression given by equation 1 is used in algorithms 1 and 2 and will be particularly useful in Section 4 to illustrate our attack. The Tate pairing. Consider a point P 2 E(Fq)[r], the principal divisor D = r(P ) − r(P1) and a function fr;P with divisor Div (fr;P ) = D. Let Q 2 E(Fqk )[r]=E(Fq) and µr be the group ∗ of r-th roots of unity in Fqk .
Load more

Recommended publications
  • Data Quality Management in Large-Scale Cyber-Physical Systems
    Data Quality Management in Large-Scale Cyber-Physical Systems Ahmed Abdulhasan Alwan School of Architecture, Computing and Engineering University of East London A thesis presented for the degree of Doctor of Philosophy July 19, 2021 Abstract Cyber-Physical Systems (CPSs) are cross-domain, multi-model, advance informa- tion systems that play a significant role in many large-scale infrastructure sectors of smart cities public services such as traffic control, smart transportation control, and environmental and noise monitoring systems. Such systems, typically, involve a substantial number of sensor nodes and other devices that stream and exchange data in real-time and usually are deployed in uncontrolled, broad environments. Thus, unexpected measurements may occur due to several internal and external factors, including noise, communication errors, and hardware failures, which may compromise these systems quality of data and raise serious concerns related to safety, reliability, performance, and security. In all cases, these unexpected measurements need to be carefully interpreted and managed based on domain knowledge and computational models. Therefore, in this research, data quality challenges were investigated, and a com- prehensive, proof of concept, data quality management system was developed to tackle unaddressed data quality challenges in large-scale CPSs. The data quality management system was designed to address data quality challenges associated with detecting: sensor nodes measurement errors, sensor nodes hardware failures, and mismatches in sensor nodes spatial and temporal contextual attributes. De- tecting sensor nodes measurement errors associated with the primary data quality dimensions of accuracy, timeliness, completeness, and consistency in large-scale CPSs were investigated using predictive and anomaly analysis models via utilising statistical and machine-learning techniques.
    [Show full text]
  • PDF Download
    Table of Contents About ICSEC 2019 ................................................................................................................... I Message from President of Prince of Songkla University .................................................. III Message from Rector of University North, Croatia ............................................................ IV Message from General Chair ................................................................................................ VI Keynote Speakers ................................................................................................................. VII Organizing Committee .......................................................................................................... XI Conference Venue ............................................................................................................... XIII Program at a Glance ........................................................................................................... XVI Technical Sessions Main Track ............................................................................................................................. 1 Special Session on Advanced Digital Media ....................................................................... 33 Special Session on Future SDN: Security, Virtualization, Systems and Architectures ....... 35 Author Index .......................................................................................................................... 36 List of Reviewers
    [Show full text]
  • Cyphyhouse: a Programming, Simulation, and Deployment Toolchain for Heterogeneous Distributed Coordination
    2020 IEEE International Conference on Robotics and Automation (ICRA) 31 May - 31 August, 2020. Paris, France CyPhyHouse: A programming, simulation, and deployment toolchain for heterogeneous distributed coordination Ritwika Ghosh1, Joao P. Jansch-Porto2, Chiao Hsieh1, Amelia Gosse2, Minghao Jiang3, Hebron Taylor2, Peter Du3, Sayan Mitra3, Geir Dullerud2 Abstract— Programming languages, libraries, and develop- With the aim of simplifying application development for ment tools have transformed the application development distributed and heterogeneous systems, we introduce CyPhy- processes for mobile computing and machine learning. This House1—an open source software toolchain for program- paper introduces CyPhyHouse—a toolchain that aims to provide similar programming, debugging, and deployment benefits for ming, simulating, and deploying mobile robotic applications. distributed mobile robotic applications. Users can develop In this work, we target distributed coordination applica- hardware-agnostic, distributed applications using the high-level, tions such as collaborative mapping [8], surveillance, de- event driven Koord programming language, without requiring livery, formation-flight, etc. with aerial drones and ground expertise in controller design or distributed network protocols. vehicles. We believe that for these applications, low-level The modular, platform-independent middleware of CyPhyHouse implements these functionalities using standard algorithms for motion control for the individual robots is standard but path planning (RRT), control (MPC), mutual exclusion, etc. tedious, and coordination across distributed (and possibly A high-fidelity, scalable, multi-threaded simulator for Koord heterogeneous) robots is particularly difficult and error- applications is developed to simulate the same application code prone. This motivates the two key abstractions provided for dozens of heterogeneous agents. The same compiled code by CyPhyHouse: (a) portability of high-level coordination can also be deployed on heterogeneous mobile platforms.
    [Show full text]
  • Behavioral Types in Programming Languages
    Behavioral Types in Programming Languages Behavioral Types in Programming Languages iv Davide Ancona, DIBRIS, Università di Genova, Italy Viviana Bono, Dipartimento di Informatica, Università di Torino, Italy Mario Bravetti, Università di Bologna, Italy / INRIA, France Joana Campos, LaSIGE, Faculdade de Ciências, Universidade de Lisboa, Portugal Giuseppe Castagna, CNRS, IRIF, Univ Paris Diderot, Sorbonne Paris Cité, Paris, France Pierre-Malo Deniélou, Royal Holloway, University of London, UK Simon J. Gay, School of Computing Science, University of Glasgow, UK Nils Gesbert, Université Grenoble Alpes, France Elena Giachino, Università di Bologna, Italy / INRIA, France Raymond Hu, Department of Computing, Imperial College London, UK Einar Broch Johnsen, Institutt for informatikk, Universitetet i Oslo, Norway Francisco Martins, LaSIGE, Faculdade de Ciências, Universidade de Lisboa, Portugal Viviana Mascardi, DIBRIS, Università di Genova, Italy Fabrizio Montesi, University of Southern Denmark Rumyana Neykova, Department of Computing, Imperial College London, UK Nicholas Ng, Department of Computing, Imperial College London, UK Luca Padovani, Dipartimento di Informatica, Università di Torino, Italy Vasco T. Vasconcelos, LaSIGE, Faculdade de Ciências, Universidade de Lisboa, Portugal Nobuko Yoshida, Department of Computing, Imperial College London, UK Boston — Delft Foundations and Trends R in Programming Languages Published, sold and distributed by: now Publishers Inc. PO Box 1024 Hanover, MA 02339 United States Tel. +1-781-985-4510 www.nowpublishers.com [email protected] Outside North America: now Publishers Inc. PO Box 179 2600 AD Delft The Netherlands Tel. +31-6-51115274 The preferred citation for this publication is D. Ancona et al.. Behavioral Types in Programming Languages. Foundations and Trends R in Programming Languages, vol. 3, no.
    [Show full text]
  • Insight MFR By
    Manufacturers, Publishers and Suppliers by Product Category 11/6/2017 10/100 Hubs & Switches ASCEND COMMUNICATIONS CIS SECURE COMPUTING INC DIGIUM GEAR HEAD 1 TRIPPLITE ASUS Cisco Press D‐LINK SYSTEMS GEFEN 1VISION SOFTWARE ATEN TECHNOLOGY CISCO SYSTEMS DUALCOMM TECHNOLOGY, INC. GEIST 3COM ATLAS SOUND CLEAR CUBE DYCONN GEOVISION INC. 4XEM CORP. ATLONA CLEARSOUNDS DYNEX PRODUCTS GIGAFAST 8E6 TECHNOLOGIES ATTO TECHNOLOGY CNET TECHNOLOGY EATON GIGAMON SYSTEMS LLC AAXEON TECHNOLOGIES LLC. AUDIOCODES, INC. CODE GREEN NETWORKS E‐CORPORATEGIFTS.COM, INC. GLOBAL MARKETING ACCELL AUDIOVOX CODI INC EDGECORE GOLDENRAM ACCELLION AVAYA COMMAND COMMUNICATIONS EDITSHARE LLC GREAT BAY SOFTWARE INC. ACER AMERICA AVENVIEW CORP COMMUNICATION DEVICES INC. EMC GRIFFIN TECHNOLOGY ACTI CORPORATION AVOCENT COMNET ENDACE USA H3C Technology ADAPTEC AVOCENT‐EMERSON COMPELLENT ENGENIUS HALL RESEARCH ADC KENTROX AVTECH CORPORATION COMPREHENSIVE CABLE ENTERASYS NETWORKS HAVIS SHIELD ADC TELECOMMUNICATIONS AXIOM MEMORY COMPU‐CALL, INC EPIPHAN SYSTEMS HAWKING TECHNOLOGY ADDERTECHNOLOGY AXIS COMMUNICATIONS COMPUTER LAB EQUINOX SYSTEMS HERITAGE TRAVELWARE ADD‐ON COMPUTER PERIPHERALS AZIO CORPORATION COMPUTERLINKS ETHERNET DIRECT HEWLETT PACKARD ENTERPRISE ADDON STORE B & B ELECTRONICS COMTROL ETHERWAN HIKVISION DIGITAL TECHNOLOGY CO. LT ADESSO BELDEN CONNECTGEAR EVANS CONSOLES HITACHI ADTRAN BELKIN COMPONENTS CONNECTPRO EVGA.COM HITACHI DATA SYSTEMS ADVANTECH AUTOMATION CORP. BIDUL & CO CONSTANT TECHNOLOGIES INC Exablaze HOO TOO INC AEROHIVE NETWORKS BLACK BOX COOL GEAR EXACQ TECHNOLOGIES INC HP AJA VIDEO SYSTEMS BLACKMAGIC DESIGN USA CP TECHNOLOGIES EXFO INC HP INC ALCATEL BLADE NETWORK TECHNOLOGIES CPS EXTREME NETWORKS HUAWEI ALCATEL LUCENT BLONDER TONGUE LABORATORIES CREATIVE LABS EXTRON HUAWEI SYMANTEC TECHNOLOGIES ALLIED TELESIS BLUE COAT SYSTEMS CRESTRON ELECTRONICS F5 NETWORKS IBM ALLOY COMPUTER PRODUCTS LLC BOSCH SECURITY CTC UNION TECHNOLOGIES CO FELLOWES ICOMTECH INC ALTINEX, INC.
    [Show full text]
  • Products Newsletter Emergiing Trends, Cuttiing-Edge Technollogiies, and Research Breakthroughs Iin Power Ellectroniics
    Products Newsletter Emergiing Trends, Cuttiing-Edge Technollogiies, and Research Breakthroughs iin Power Ellectroniics ​ ​ ​ November 20, 2020 | Issue 7 IEEE Power Electronics Magazine To empower next-generation engineers with hands-on skills in control and power electronics, Qing- Chang Zhong, Yeqin Wang, Yiting Dong, Beibei Ren, and Mohammad Amin have developed a versatile experimental tool that lowers the barriers to go real from simulations to experiments for various power electronic systems. Their Smart Grid Research and Educational Kit, which is a reconfigurable, open-source, multifunctional power electronic converter with the capability of directly downloading codes from MATLAB/Simulink. Besides minimizing the time, cost, and efforts needed to develop hardware systems, it removes the burden of coding. Read more in the September 2020 issue of IEEE Power Electronics Magazine! IEEE Transactions on Power Electronics (TPEL) The December 2020 Issue presents 86 papers with the latest research in power electronics! December Highlighted Papers: On Beat Frequency Oscillation of Two-Stage Wireless Power Receivers Kerui Li, Siew-Chong Tan, and Ron Shu Yuen Hui Novel iGSE-C Loss Modeling of X7R Ceramic Capacitors David Menzi, Dominik Bortis, Grayson Zulauf, Morris Heller, and Johann W. Kolar December Papers with Active/Multimedia Content Analysis and Design of the LLC LED Driver Based on State-Space Representation Direct Time- Domain Solution by Maikel Menke, João P. Duranti, Leandro Roggia, Fábio E. Bisogno, Rodrigo V. Tambara, Álysson R. Seidel provides a PowerPoint Presentation elucidating each step development of the proposed design procedure during the design of the LLC LED driver. In addition, the authors offer three Wolfram Mathematica notebook script files.
    [Show full text]
  • Homomorphic Encryption: Working and Analytical Assessment DGHV, Helib, Paillier, FHEW and HE in Cloud Security
    Master of Science in Computer Science February 2017 Homomorphic Encryption: Working and Analytical Assessment DGHV, HElib, Paillier, FHEW and HE in cloud security Srinivas Divya Papisetty Faculty of Computing Blekinge Institute of Technology SE-371 79 Karlskrona Sweden This thesis is submitted to the Faculty of Computing at Blekinge Institute of Technology in partial fulfillment of the requirements for the degree of Master of Science in Computer Science. The thesis is equivalent to 20 weeks of full time studies. Contact Information: Author(s): Srinivas Divya Papisetty E-mail: [email protected] University advisor: Dr. Emiliano Casalicchio Dept. of Computer Science & Engineering Faculty of Computing Internet : www.bth.se Blekinge Institute of Technology Phone : +46 455 38 50 00 SE-371 79 Karlskrona, Sweden Fax : +46 455 38 50 57 i i ABSTRACT Context. Secrecy has kept researchers spanning over centuries engaged in the creation of data protection techniques. With the growing rate of data breach and intervention of adversaries in confidential data storage and communication, efficient data protection has found to be a challenge. Homomorphic encryption is one such data protection technique in the cryptographic domain which can perform arbitrary computations on the enciphered data without disclosing the original plaintext or message. The first working fully homomorphic encryption scheme was proposed in the year 2009 and since then there has been a tremendous increase in the development of homomorphic encryption schemes such that they can be applied to a wide range of data services that demand security. All homomorphic encryption schemes can be categorized as partially homomorphic (PHE), somewhat homomorphic (SHE), leveled homomorphic (LHE), and fully homomorphic encryption (FHE).
    [Show full text]
  • How Machine Learning Has Been Applied in Software Engineering?
    How Machine Learning Has Been Applied in Software Engineering? Olimar Teixeira Borges a, Julia Colleoni Couto b, Duncan Dubugras A. Ruiz c and Rafael Prikladnicki1 d School of Technology, PUCRS, Porto Alegre, Brazil Keywords: Software Engineering, Machine Learning, Mapping Study. Abstract: Machine Learning (ML) environments are composed of a set of techniques and tools, which can help in solving problems in a diversity of areas, including Software Engineering (SE). However, due to a large number of possible configurations, it is a challenge to select the ML environment to be used for a specific SE domain issue. Helping software engineers choose the most suitable ML environment according to their needs would be very helpful. For instance, it is possible to automate software tests using ML models, where the model learns software behavior and predicts possible problems in the code. In this paper, we present a mapping study that categorizes the ML techniques and tools reported as useful to solve SE domain issues. We found that the most used algorithm is Na¨ıve Bayes and that WEKA is the tool most SE researchers use to perform ML experiments related to SE. We also identified that most papers use ML to solve problems related to SE quality. We propose a categorization of the ML techniques and tools that are applied in SE problem solving, linking with the Software Engineering Body of Knowledge (SWEBOK) knowledge areas. 1 INTRODUCTION automated to reduce human effort and project cost. However, to automate these tasks using ML, we need Machine Learning (ML) is an Artificial Intelligence to have the SE project’s data to explore.
    [Show full text]
  • Comparison of Three Common Statistical Programs Available to Washington State County Assessors: SAS, SPSS and NCSS
    Washington State Department of Revenue Comparison of Three Common Statistical Programs Available to Washington State County Assessors: SAS, SPSS and NCSS February 2008 Abstract: This summary compares three common statistical software packages available to county assessors in Washington State. This includes SAS, SPSS and NCSS. The majority of the summary is formatted in tables which allow the reader to more easily make comparisons. Information was collected from various sources and in some cases includes opinions on software performance, features and their strengths and weaknesses. This summary was written for Department of Revenue employees and county assessors to compare statistical software packages used by county assessors and as a result should not be used as a general comparison of the software packages. Information not included in this summary includes the support infrastructure, some detailed features (that are not described in this summary) and types of users. Contents General software information.............................................................................................. 3 Statistics and Procedures Components................................................................................ 8 Cost Estimates ................................................................................................................... 10 Other Statistics Software ................................................................................................... 13 General software information Information in this section was
    [Show full text]
  • STATA January 1993 TECHNICAL STB-11 BULLETIN a Publication to Promote Communication Among Stata Users
    STATA January 1993 TECHNICAL STB-11 BULLETIN A publication to promote communication among Stata users Editor Associate Editors Joseph Hilbe J. Theodore Anagnoson, Cal. State Univ., LA Department of Sociology Richard DeLeon, San Francisco State Univ. Arizona State University Paul Geiger, USC School of Medicine Tempe, Arizona 85287 Lawrence C. Hamilton, Univ. of New Hampshire 602-860-1446 FAX Stewart West, Baylor College of Medicine [email protected] EMAIL Subscriptions are available from Stata Corporation, email [email protected], telephone 979-696-4600 or 800-STATAPC, fax 979-696-4601. Current subscription prices are posted at www.stata.com/bookstore/stb.html. Previous Issues are available individually from StataCorp. See www.stata.com/bookstore/stbj.html for details. Submissions to the STB, including submissions to the supporting files (programs, datasets, and help files), are on a nonexclusive, free-use basis. In particular, the author grants to StataCorp the nonexclusive right to copyright and distribute the material in accordance with the Copyright Statement below. The author also grants to StataCorp the right to freely use the ideas, including communication of the ideas to other parties, even if the material is never published in the STB. Submissions should be addressed to the Editor. Submission guidelines can be obtained from either the editor or StataCorp. Copyright Statement. The Stata Technical Bulletin (STB) and the contents of the supporting files (programs, datasets, and help files) are copyright c by StataCorp. The contents of the supporting files (programs, datasets, and help files), may be copied or reproduced by any means whatsoever, in whole or in part, as long as any copy or reproduction includes attribution to both (1) the author and (2) the STB.
    [Show full text]
  • Reproducible Research in Computational Harmonic Analysis
    R EPRODUCIBLE RESEARCH Reproducible Research in Computational Harmonic Analysis Scientific computation is emerging as absolutely central to the scientific method, but the prevalence of very relaxed practices is leading to a credibility crisis. Reproducible computational research, in which all details of computations—code and data—are made conveniently available to others, is a necessary response to this crisis. The authors review their approach to reproducible research and describe how it has evolved over time, discussing the arguments for and against working reproducibly. assive computation is transform- academic scientist likely has more in common ing science, as researchers from with a large corporation’s information technol- numerous fields launch ambitious ogy manager than with a philosophy or English projects involving large-scale com- professor at the same university. Mputations. Emblems of our age include A rapid transition is now under way—visible particularly over the past two decades—that will • data mining for subtle patterns in vast data- finish with computation as absolutely central to bases; and scientific enterprise. However, the transition is • massive simulations of a physical system’s com- very far from completion. In fact, we believe that plete evolution repeated numerous times, as the dominant mode of scientific computing has al- simulation parameters vary systematically. ready brought us to a state of crisis. The prevalence of very relaxed attitudes about communicating ex- The traditional image of the scientist as a soli- perimental details and validating results is causing tary person working in a laboratory with beakers a large and growing credibility gap. It’s impossible and test tubes is long obsolete.
    [Show full text]
  • On Cross Joining De Bruijn Sequences
    On cross joining de Bruijn sequences Johannes Mykkeltveit and Janusz Szmidt Abstract. We explain the origins of Boolean feedback functions of nonlinear feedback shift registers (NLFSRs) of fixed order n generating de Bruijn binary sequences. They all come into existence by cross joining operations starting from one maximum period feedback shift register, e.g., a linear one which always exists for any order n. The result obtained yields some constructions of NLFSRs generating maximum period 2n − 1 binary sequences. 1. Introduction The task of this note is to get insight into construction of Boolean feedback functions of NLFSRs generating maximum period binary sequences. At the Inter- national Workshop on Coding and Cryptography 2013 in Bergen we discussed the problem whether it was true or not that an arbitrary de Bruijn sequence could be obtained by applying cross-join pair operations to a given one. It seems that this has been a several decades old unsolved problem. In this note we solve this prob- lem in the affirmative. In terms of Boolean feedback functions this result indicates which algebraic operations must be applied to get all feedback functions generating de Bruijn sequences starting from a given one. The same results are true when one deals with modified de Bruijn sequences of period 2n − 1 and the corresponding feedback functions. Feedback shift registers (FSRs) are useful in generating periodic sequences, and that is the task for which they are mostly used in communication and cryptographic systems. Linear feedback shift registers (LFSRs) and NLFSRs are the main buiding blocks of many stream ciphers.
    [Show full text]