DOCSLIB.ORG

Integrity, Authentication and Confidentiality in Public-Key Cryptography Houda Ferradi

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Integrity, Authentication and Confidentiality in Public-Key Cryptography Houda Ferradi Integrity, authentication and confidentiality in public-key cryptography Houda Ferradi To cite this version: Houda Ferradi. Integrity, authentication and confidentiality in public-key cryptography. Cryptography and Security [cs.CR]. Université Paris sciences et lettres, 2016. English. NNT : 2016PSLEE045. tel- 01745919 HAL Id: tel-01745919 https://tel.archives-ouvertes.fr/tel-01745919 Submitted on 28 Mar 2018 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. THÈSE DE DOCTORAT de l’Université de recherche Paris Sciences et Lettres PSL Research University Préparée à l’École normale supérieure Integrity, Authentication and Confidentiality in Public-Key Cryptography École doctorale n◦386 Sciences Mathématiques de Paris Centre Spécialité Informatique COMPOSITION DU JURY M. FOUQUE Pierre-Alain Université Rennes 1 Rapporteur M. YUNG Moti Columbia University et Snapchat Rapporteur M. FERREIRA ABDALLA Michel Soutenue par Houda FERRADI CNRS, École normale supérieure le 22 septembre 2016 Membre du jury M. CORON Jean-Sébastien Université du Luxembourg Dirigée par Membre du jury David NACCACHE École normale supérieure M. GOUBIN Louis Université de Versailles Saint-Quentin-en- Yvelines Membre du jury M. PAILLIER Pascal CryptoExperts Membre du jury M. TIBOUCHI Mehdi RESEARCH UNIVERSITY PARIS NTT Secure Platform Laboratories ÉCOLE NORMALE SUPÉRIEURE Invité Intégrité, authentification et confidentialité en cryptographie à clé publique Thèse de Doctorat en vue de l’obtention du grade de Docteur de l’École normale supérieure (spécialité informatique) présentée et soutenue publiquement le 22 septembre 2016 par HOUDA FERRADI devant le jury composé de : Directeur de thèse : David Naccache (École normale supérieure) Rapporteurs : Pierre-Alain Fouque (Université Rennes 1) Moti Yung (Columbia University et Snapchat) Examinateurs : Michel Abdalla (CNRS, École normale supérieure) Jean-Sébastien Coron (Université du Luxembourg) Louis Goubin (Université de Versailles Saint-Quentin-en-Yvelines) Pascal Paillier (CryptoExperts) Invité : Mehdi Tibouchi (NTT Secure Platform Laboratories) École doctorale 386: Sciences mathématiques de Paris Centre Unité de recherche: UMR 8548 - Département d’Informatique de l’École normale supérieure Laboratoire de recherche affilié au CNRS et a INRIA Integrity, Authentication and Confidentiality in Public-Key Cryptography Doctorate Dissertation submitted in fulfillment of the requirements for the degree of Doctor of the École normale supérieure (Specialty: Computer Science) publicly defended and presented on September 22nd, 2016 by HOUDA FERRADI to the jury consisting of : Supervisor : David Naccache (École normale supérieure) Referees : Pierre-Alain Fouque (Université Rennes 1) Moti Yung (Columbia University and Snapchat) Examiners : Michel Abdalla (CNRS, École normale supérieure) Jean-Sébastien Coron (Université du Luxembourg) Louis Goubin (Université de Versailles Saint-Quentin-en-Yvelines) Pascal Paillier (CryptoExperts) Guest member : Mehdi Tibouchi (NTT Secure Platform Laboratories) Doctoral School 386: Mathematical Sciences – Paris Centre Research unit: UMR 8548 - The École normale supérieure’s Computer Science Department A research laboratory affiliated to CNRS and INRIA ACKNOWLEDGMENTS I very warmly thank David Naccache for his advisory role, continuous good humor, friendliness and for his scientific guidance throughout the years. I am very grateful to David Pointcheval for admitting me in his research group and for funding my thesis through the French ANR Project ANR-12-INSE-0014 SIMPATIC. I express my affection to the numerous members of the ENS’ Cryptography and Security teams. I will always cherish the souvenirs of thought-provoking talks in the laboratory, of your friendship and of your witty humor. The feverish intellectual thrill of discovering together the cutting edge of scientific research at Eurocrypt’15, Eurocrypt’16, Crypto’16, CHES’16 and ACNS’16 was a unique experience that words can hardly express. I am indebted to the team’s permanent members for their guidance, life-wisdom and for entrusting me with the review of several papers. The ensuing exchanges with program committee members were an unforgettable scientific experience. I am grateful to EIT ICT Labs for funding my participation at the 2014 Security & Privacy in Digital Life summer school (Trento) and to ENS for sponsoring my participation at the IACR 2016 School on Design for a Secure IoT, (Tenerife) and at the IACR 2015 School on Design and Security of Cryptographic Algorithms and Devices (Sardinia). A tribute is due to Rémi Géraud for his friendship and efforts invested in our common papers and to Fabrice Ben Hamouda for his gentleness and dedication. I thank my co-authors Michel Abdalla, Ehsan Aerabi, A. Elhadi Amirouche, Fabrice Ben Hamouda, Thomas Bourgeat, Julien Bringer, Robin Champenois, Jean-Michel Cioranesco, Jérémie Clément, Simon Cogliani, Rémi Géraud, Marc Heinrich, Julien Jainski, Diana Maimu¸t, Kostas (Konstantinos) Markanton- akis, Mehari Msgna, Paul Melotti, David Naccache, Raja Naeem Akram, David Pointcheval, Assia Tria, Antoine Voizard, Jean Vuillemin, Amaury de Wargny and Hang Zhou. I am very grateful to the academic institutions who entrusted me with lecturing duties during my Ph.D.: Université Panthéon-Assas Paris II, Université Paris Diderot-Paris VII, Université Paris-XIII-Nord and, in particular, the École normale supérieure for letting me supervise full-fledged research projects at the Informatique scientifique par la pratique master course. It my hope that my efforts motivated my students and made my courses an intellectual adventure as much as a curricular obligation. I express my recognition to Michel Abdalla, Jean-Sébastien Coron, Pierre-Alain Fouque, Louis Goubin, Pascal Paillier, Mehdi Tibouchi and Moti Yung for agreeing to serve in my thesis committee. I particularly thank my thesis referees Pierre-Alain Fouque and Moti Yung for their availability and their detailed comments on my work. I am very honored to have such a prestigious committee. The research results contained in this thesis were supported by three high-tech firms. Seeing my scientific results applied in products used by millions of customers is a thrilling feeling, for which I warmly thank Ingenico, Huawei and Tanker. I thank Google for inviting me to the Münich Ph.D. Security Summit. The intense intellectual exchanges with Google’s technical teams were an unforgettable experience. Paris, Septembre 13th, 2016. Houda Ferradi 1 CONTENTS 1 Introduction 7 1.1 Confidentiality Throughout History . .7 1.2 Integrity, Authentication & Fairness . .8 2 Mathematical and Cryptographic Preliminaries 11 2.1 Computational Hardness Assumptions . 11 2.2 Computational Security . 15 2.3 One-Way Functions . 16 2.4 Provable Security . 17 2.4.1 Theoretical Framework . 17 2.4.2 The Random Oracle Paradigm . 19 2.5 Digital Signatures . 19 2.5.1 General Framework . 19 2.5.2 Some Examples . 20 2.5.3 Security Notions for Digital Signatures . 22 2.6 Public-Key Cryptography . 24 2.6.1 General Framework . 25 2.6.2 Security Notions for Public-Key Cryptography . 25 2.7 Proof Systems . 27 2.7.1 Interactive Proofs . 27 2.7.2 Zero-Knowledge Proofs . 27 2.7.3 Applications . 28 2.7.4 Zero-Knowledge Proofs of Knowledge . 28 2.7.5 Non-Interactive Zero-Knowledge Proofs . 28 3 Results & Contributions 29 3.1 Thesis Results . 29 3.1.1 Fairness & Attestation in Cryptographic Protocols . 29 3.1.2 Zero-Knowledge Proof Systems & Authentication Protocols . 30 3.1.3 Exploring Interactions Between Natural Language, Vision & Encryption . 32 3.1.4 Generalization & Applications of Hierarchical Identity-Based Encryption (HIBE) . 32 3.2 Additional Results . 33 3.2.1 Trusted Computing for Embedded Devices: Defenses & Attacks . 33 3.2.2 Creating Covert Channels & Preventing Their Exploitation . 34 3.2.3 Efficient Hardware & Software Implementations . 35 3.2.4 Finding Security Flaws in Server Software . 36 3.3 Personal Bibliography . 37 3.3.1 Journal Papers . 37 3.3.2 Conference Papers . 37 3.3.3 Manuscripts & Pre-Prints . 38 4 Designing Integrity Primitives 41 4.1 Non-Interactive Attestations for Arbitrary RSA Prime Generation Algorithms . 43 4.1.1 Introduction . 43 3 4.1.2 Outline of the Approach . 44 4.1.3 Model and Analysis . 45 4.1.4 Multi-Modulus Attestation Scheme (u 2, ` = 2)................... 48 ≥ 4.1.5 Security and Parameter Choice . 49 4.1.6 Compressing the Attestation . 51 4.1.7 Parameter Settings . 51 4.1.8 Conclusion and Further Research . 52 4.1.9 Implementing the Second Hash Function 0 ...................... 53 H 4.2 Legally Fair Contract Signing Without Keystones . 55 4.2.1 Introduction . 55 4.2.2 Preliminaries . 56 4.2.3 Legally Fair Co-Signatures . 60 5 Designing Authentication Protocols 69 5.1 Slow Motion Zero Knowledge – Identifying With Colliding Commitments . 71 5.1.1 Introduction . 71 5.1.2 Building Blocks . 71 5.1.3 Commitment Pre-Processing . 72 5.1.4 Time-Lock Puzzles . 72 5.1.5 Slow Motion Zero-Knowledge Protocols . 73 5.1.6 An Example Slow Motion Zero Knowledge . 74 5.1.7 Security Proof . 77 5.1.8 Conclusion and Further Research . 81 5.2 Thrifty Zero-Knowledge: When Linear Programming Meets Cryptography . 82 5.2.1 Introduction . 82 5.2.2 Preliminaries . 82 5.2.3 Optimizing E( ) ................................... 84 P $ V 5.2.4 Thrifty Zero-Knowledge Protocols . 85 5.2.5 Thrifty SD, PKP and PPP . 86 5.3 Public-Key Based Lightweight Swarm Authentication . 89 5.3.1 Preliminaries . 89 5.3.2 Distributed Fiat-Shamir Authentication . 91 5.3.3 Security Proofs . 92 5.3.4 Variants and Implementation Trade-offs . 94 5.4 When Organized Crime Applies Academic Results . 97 5.4.1 Introduction . 97 5.4.2 Physical Analysis . 98 5.4.3 Protocol Analysis .
Load more

Recommended publications
  • Year Ends with Even More Turmoil COVER STORY Protests for Racial Justice Spin out of Control, Rocking the Revere Community and the World
    Paul Revere Charter Middle School and Magnet Center Friday, June 5, 2020 Volume 64, Issue 4 Year Ends With Even More Turmoil COVER STORY Protests for racial justice spin out of control, rocking the Revere community and the world. By NICO TROEDSSON On May 25, 2020, George Floyd, a 46-year-old African American man, died in Minne- apolis, Minnesota after a white officer knelt on George Floyd’s neck for over eight minutes, kill- ing him. Cellphone footage of this incident went viral, sparking protests across the U.S. where people came together in the hopes of ending police brutali- ty and the racial inequality that has infected some members of the police force. Some of these peaceful protests devolved into The National Guard protects the Seventh grader Anna Song studies on Zoom. Photo: Mary Shannon anarchy, as looters attacked Palisades Village. Photo: Arik Kraft small local businesses as well as big corporate shops, started fires, via Schoology to notify students and destroyed many neighbor- of the change: “Based on the Revere Perseveres hoods. current social issues affecting Faced with the school’s sudden closure, The civil unrest in Los An- the Westside of Los Angeles, we geles county has affected many will be canceling the Textbook/ Patriots make the switch to remote learning. Paul Revere students on many iPad collection, Locker clean out levels. Due to the chaos and vi- for the week of June 1st. We will By ARIK KRAFT olence in the streets, the school send you out the new schedule No one really knew on Friday the 13th of March that when has had to rethink end of the year tomorrow for collection.
    [Show full text]
  • Design and Analysis of Secure Encryption Schemes
    UNIVERSITY OF CALIFORNIA, SAN DIEGO Design and Analysis of Secure Encryption Schemes A dissertation submitted in partial satisfaction of the requirements for the degree Doctor of Philosophy in Computer Science by Michel Ferreira Abdalla Committee in charge: Professor Mihir Bellare, Chairperson Professor Yeshaiahu Fainman Professor Adriano Garsia Professor Mohan Paturi Professor Bennet Yee 2001 Copyright Michel Ferreira Abdalla, 2001 All rights reserved. The dissertation of Michel Ferreira Abdalla is approved, and it is acceptable in quality and form for publication on micro¯lm: Chair University of California, San Diego 2001 iii DEDICATION To my father (in memorian) iv TABLE OF CONTENTS Signature Page . iii Dedication . iv Table of Contents . v List of Figures . vii List of Tables . ix Acknowledgements . x Vita and Publications . xii Fields of Study . xiii Abstract . xiv I Introduction . 1 A. Encryption . 1 1. Background . 2 2. Perfect Privacy . 3 3. Modern cryptography . 4 4. Public-key Encryption . 5 5. Broadcast Encryption . 5 6. Provable Security . 6 7. Concrete Security . 7 B. Contributions . 8 II E±cient public-key encryption schemes . 11 A. Introduction . 12 B. De¯nitions . 17 1. Represented groups . 17 2. Message Authentication Codes . 17 3. Symmetric Encryption . 19 4. Asymmetric Encryption . 21 C. The Scheme DHIES . 23 D. Attributes and Advantages of DHIES . 24 1. Encrypting with Di±e-Hellman: The ElGamal Scheme . 25 2. De¯ciencies of ElGamal Encryption . 26 3. Overcoming De¯ciencies in ElGamal Encryption: DHIES . 29 E. Di±e-Hellman Assumptions . 31 F. Security against Chosen-Plaintext Attack . 38 v G. Security against Chosen-Ciphertext Attack . 41 H. ODH and SDH .
    [Show full text]
  • One-Time and Interactive Aggregate Signatures from Lattices
    One-Time and Interactive Aggregate Signatures from Lattices Dan Boneh Sam Kim Stanford University Stanford University [email protected] [email protected] Abstract An aggregate signature scheme enables one to aggregate multiple signatures generated by different people on different messages into a short aggregate signature. We construct two signature aggregation schemes whose security is based on the standard SIS problem on lattices in the random oracle model. Our first scheme supports public aggregation of signatures, but for a one-time signature scheme. Our second scheme supports aggregation of signatures in a many-time signature scheme, but the aggregation process requires interaction among the signers. In both schemes, the size of the aggregate signature is at most logarithmic in the number of signatures being aggregated. 1 Introduction A signature scheme is a tuple of three algorithms: KeyGen generates a key pair (sk; pk), Sign(sk; m) ! σ signs a message m, and Verify(pk; m; σ) ! 0=1 verifies a signature σ on message m. A one-time signature is a signature scheme that is existentially unforgeable against an adversary that is given the public key and the signature on a single message of its choice. One-time signatures (OTS) have found many applications in cryptography. They are used to transform any existentially unforgeable signature into a strongly unforgeable signature [BS08], in several chosen-ciphertext secure public-key encryption constructions [DDN03, CHK04], in offline/online signatures [EGM96], and for authenticating streaming data [GR01]. The classic OTS scheme of Lamport [Lam79] and its Winternitz variant [BDE+13] shows that one-time signature schemes can be constructed from any one-way function.
    [Show full text]
  • Modern Cryptography: Lecture 13 Digital Signatures
    Modern Cryptography: Lecture 13 Digital Signatures Daniel Slamanig Organizational ● Where to find the slides and homework? – https://danielslamanig.info/ModernCrypto18.html ● ow to conta!t me? – [email protected] ● #utor: Karen Klein – [email protected] ● Offi!ial page at #', )o!ation et!. – https://tiss.tuwien.ac.at/!ourse/!o$rseDetails.+html?dswid=86-2&dsrid,6/0. !ourseNr,102262&semester,2018W ● #utorial, #U site – https://tiss.tuwien.ac.at/!ourse/!o$rseAnnouncement.+html?dswid=4200.dsr id,-51.!ourseNum6er,10206-.!ourseSemester,2018W ● 8+am for the se!ond part: Thursday 31.21.2210 15:00-1/:00 (Tutorial slot; 2/26 Overview Digital Signatures message m / :m( σ; secret key skA Inse!$re !hannel p$bli! key pkA p$bli! key pkA σ σ :, 7igskA:m; 6 :, =rfypkA:m( ; 3: pkA -/26 Digital Signatures: Intuitive Properties Can 6e seen as the p$6li!9key analog$e of M3Cs with p$6li! >erifiability ● Integrity protection: 3ny modifi!ation of a signed message !an 6e detected ● 7o$r!e a$thenti!ity: The sender of a signed message !an be identified ● Non9rep$diation: The signer !annot deny ha>ing signed :sent) a message 7e!$rity :intuition;: sho$ld 6e hard to !ome $p with a signat$re for a message that has not 6een signed by the holder of the pri>ate key 5/26 Digital Signatures: pplications *igital signat$res ha>e many applications and are at the heart of implementing p$6lic9key !ryptography in practice ● <ss$ing !ertifi!ates 6y CAs (?$6lic %ey <nfrastr$!t$res;: 6inding of identities to p$6lic keys ● @$ilding authenticated !hannels: a$thenti!ate parties :ser>ers; in sec$rity proto!ols :e.g.( TL7; or se!$re messaging :Whats3pp( 7ignal, ...; ● Code signing: a$thenti!ate software/firmware :$pdates; ● 7ign do!$ments :e.g.( !ontra!ts;: )egal reg$lations define when digital signat$res are eq$ivalent to handwritten signat$res ● 7ign transa!tions: $sed in the !rypto!$rren!y realm ● et!.
    [Show full text]
  • Pattern Discrimination PATTERN
    Apprich, Chun, Cramer, Steyerl Pattern Discrimination Pattern PATTERN DISCRIMINATION APPRICH CHUN CRAMER STEYERL Pattern Discrimination IN SEARCH OF MEDIA Götz Bachman, Timon Beyes, Mercedes Bunz, and Wendy Hui Kyong Chun, Series Editors Communication Machine Markets Pattern Discrimination Remain Pattern Discrimination Clemens Apprich, Wendy Hui Kyong Chun, Florian Cramer, and Hito Steyerl IN SEARCH OF MEDIA University of Minnesota Press Minneapolis London meson press In Search of Media is a joint collaboration between meson press and the University of Minnesota Press. Bibliographical Information of the German National Library The German National Library lists this publication in the Deutsche Nationalbibliografie (German National Bibliography); detailed bibliographic information is available online at portal.d-nb.de. Published in 2018 by meson press (Lüneburg, Germany ) in collaboration with the University of Minnesota Press (Minneapolis, USA). Design concept: Torsten Köchlin, Silke Krieg Cover image: Sascha Pohflepp ISBN (PDF): 978-3-95796-145-7 DOI: 10.14619/1457 The digital edition of this publication can be downloaded freely at: meson.press. The print edition is available from University of Minnesota Press at: www.upress.umn.edu. This Publication is licensed under CC-BY-NC-4.0 International. To view a copy of this license, visit: creativecommons.org/ licenses/by-nc/4.0/ Contents Series Foreword vii Introduction ix Clemens Apprich [ 1 ] A Sea of Data: Pattern Recognition and Corporate Animism (Forked Version) 1 Hito Steyerl [ 2 ] Crapularity Hermeneutics: Interpretation as the Blind Spot of Analytics, Artificial Intelligence, and Other Algorithmic Producers of the Postapocalyptic Present 23 Florian Cramer [ 3 ] Queerying Homophily 59 Wendy Hui Kyong Chun [ 4 ] Data Paranoia: How to Make Sense of Pattern Discrimination 99 Clemens Apprich Authors 123 Series Foreword “Media determine our situation,” Friedrich Kittler infamously wrote in his Introduction to Gramophone, Film, Typewriter.
    [Show full text]
  • Quantum Cryptography Without Basis Switching 2004
    Quantum Cryptography Without Basis Switching Christian Weedbrook B.Sc., University of Queensland, 2003. A thesis submitted for the degree of Bachelor of Science Honours in Physics The Australian National University October 2004 ii iii Listen, do you want to know a secret? Do you promise not to tell? - John Lennon and Paul McCartney iv Declaration This thesis is an account of research undertaken with the supervision of Dr Ping Koy Lam, Dr Tim Ralph and Dr Warwick Bowen between February 2004 and October 2004. It is a partial fulfilment of the requirements for the degree of a Bachelor of Science with Honours in theoretical physics at the Australian National University, Canberra, Australia. Except where acknowledged in the customary manner, the material presented in this thesis is, to the best of my knowledge, original and has not been submitted in whole or part for a degree in any university. Christian Weedbrook 29th October 2004 v vi Acknowledgements During the three years of residency, it was the relationships that got you through. - J.D., Scrubs I have met a lot of people during my Honours year, and a lot of people to thank and be thankful for. First I would like to thank my supervisors Ping Koy Lam, Tim Ralph, Warwick Bowen and my “unofficial” supervisor Andrew Lance. Ping Koy, thank you for your positive approach and enthusiasm. It was excellent having you as my supervisor, as you have many ideas and the ability to know the best way to proceed. I would like to thank you for my scholarship and also for organizing that I could do my Honours at ANU, and to spend some time up at UQ.
    [Show full text]
  • Assessing Electronic Voice Phenomena Through Speech Science Cassie C
    Eastern Kentucky University Encompass Honors Theses Student Scholarship Spring 2017 Assessing Electronic Voice Phenomena through Speech Science Cassie C. Axtell Eastern Kentucky University, [email protected] Follow this and additional works at: https://encompass.eku.edu/honors_theses Recommended Citation Axtell, Cassie C., "Assessing Electronic Voice Phenomena through Speech Science" (2017). Honors Theses. 415. https://encompass.eku.edu/honors_theses/415 This Open Access Thesis is brought to you for free and open access by the Student Scholarship at Encompass. It has been accepted for inclusion in Honors Theses by an authorized administrator of Encompass. For more information, please contact [email protected]. i EASTERN KENTUCKY UNIVERSITY Assessment of Electronic Voice Phenomena through Speech Science Honors Thesis Submitted In Partial Fulfillment of the Requirements of HON 420 Spring 2017 By Cassie Axtell Mentor Dr. Charlotte Hubbard Department of Special Education ii Assessment of Electronic Voice Phenomena through Speech Science Cassie Axtell Dr. Charlotte Hubbard; Department of Special Education Abstract Electronic Voice Phenomena (EVP) are unexplained voices captured on audio recording, allegedly paranormal in nature (Buckner & Buckner, 2012). Little research exists on listener’s perception of EVPs to date. The field of speech science involves the study of the production, transmission, and perception of human speech. Many concrete elements from the study of speech science have the potential to be applied to the interpretation of EVP content. Several works of literature were reviewed to assess current EVP analysis practices Interviews were conducted with various paranormal investigation societies across the nation to gather information on the general practices involved in EVP collection, analysis, interpretation, and use.
    [Show full text]
  • Three Puzzles on Mathematics, Computation, and Games
    P. I. C. M. – 2018 Rio de Janeiro, Vol. 1 (551–606) THREE PUZZLES ON MATHEMATICS, COMPUTATION, AND GAMES G K Abstract In this lecture I will talk about three mathematical puzzles involving mathemat- ics and computation that have preoccupied me over the years. The first puzzle is to understand the amazing success of the simplex algorithm for linear programming. The second puzzle is about errors made when votes are counted during elections. The third puzzle is: are quantum computers possible? 1 Introduction The theory of computing and computer science as a whole are precious resources for mathematicians. They bring up new questions, profound new ideas, and new perspec- tives on classical mathematical objects, and serve as new areas for applications of math- ematics and mathematical reasoning. In my lecture I will talk about three mathematical puzzles involving mathematics and computation (and, at times, other fields) that have preoccupied me over the years. The connection between mathematics and computing is especially strong in my field of combinatorics, and I believe that being able to person- ally experience the scientific developments described here over the past three decades may give my description some added value. For all three puzzles I will try to describe in some detail both the large picture at hand, and zoom in on topics related to my own work. Puzzle 1: What can explain the success of the simplex algorithm? Linear program- ming is the problem of maximizing a linear function subject to a system of linear inequalities. The set of solutions to the linear inequalities is a convex polyhedron P .
    [Show full text]
  • EFFECTS of FACE IMAGES and FACE PAREIDOLIA on CONSUMERS' RESPONSES to PRINT ADVERTISING Gianluigi Guido
    EFFECTS OF FACE IMAGES AND FACE PAREIDOLIA ON CONSUMERS’ RESPONSES TO PRINT ADVERTISING Gianluigi Guido, (corresponding author) Department of Management, Economics, Mathematics, and Statistics University of Salento, Ecotekne Campus, Via per Monteroni, 73100 Lecce, Italy +39 0832 298601, [email protected] Marco Pichierri, Department of Management, Economics, Mathematics, and Statistics University of Salento, Ecotekne Campus, Via per Monteroni, 73100 Lecce, Italy [email protected] Giovanni Pino, Department of Management, Economics, Mathematics, and Statistics University of Salento, Ecotekne Campus, Via per Monteroni, 73100 Lecce, Italy [email protected] Rajan Nataraajan, Department of Economics, Auburn University Auburn, AL 36849, [email protected] 1 EFFECTS OF FACE IMAGES AND FACE PAREIDOLIA ON CONSUMERS’ RESPONSES TO PRINT ADVERTISING Abstract The present research investigates whether print advertisements featuring faces (i.e., “face ads”) or face-like images (i.e., “pareidolian ads”) are better able to capture consumer attention than ads that do not include such elements. In two studies, the research examined the effects of exposing consumers to print ads containing faces or pareidolian images for short time lapses (0.5, 1, and 3 seconds). The results show that both ad types capture viewers’ attention and are more frequently recognized than advertisements that do not feature faces or face-like objects. Moreover, both face ads and pareidolian ads increase brand recognition and ad preference. The theoretical and operational implications are discussed. Keywords: Faces, pareidolia, orienting response, attention, ad preference, ad recognition, brand recognition. Management Slant • Ads featuring human faces and “face-like” (i.e., pareidolian) images capture greater attention and preference than other ads in short time lapses.
    [Show full text]
  • Blind Schnorr Signatures in the Algebraic Group Model
    An extended abstract of this work appears in EUROCRYPT’20. This is the full version. Blind Schnorr Signatures and Signed ElGamal Encryption in the Algebraic Group Model Georg Fuchsbauer1, Antoine Plouviez2, and Yannick Seurin3 1 TU Wien, Austria 2 Inria, ENS, CNRS, PSL, Paris, France 3 ANSSI, Paris, France first.last@{tuwien.ac.at,ens.fr,m4x.org} January 16, 2021 Abstract. The Schnorr blind signing protocol allows blind issuing of Schnorr signatures, one of the most widely used signatures. Despite its practical relevance, its security analysis is unsatisfactory. The only known security proof is rather informal and in the combination of the generic group model (GGM) and the random oracle model (ROM) assuming that the “ROS problem” is hard. The situation is similar for (Schnorr-)signed ElGamal encryption, a simple CCA2-secure variant of ElGamal. We analyze the security of these schemes in the algebraic group model (AGM), an idealized model closer to the standard model than the GGM. We first prove tight security of Schnorr signatures from the discrete logarithm assumption (DL) in the AGM+ROM. We then give a rigorous proof for blind Schnorr signatures in the AGM+ROM assuming hardness of the one-more discrete logarithm problem and ROS. As ROS can be solved in sub-exponential time using Wagner’s algorithm, we propose a simple modification of the signing protocol, which leaves the signatures unchanged. It is therefore compatible with systems that already use Schnorr signatures, such as blockchain protocols. We show that the security of our modified scheme relies on the hardness of a problem related to ROS that appears much harder.
    [Show full text]
  • Bernhard Esslinger: Cryptool – Cryptography for the Masses
    CrypTool Cryptography for the masses Prof. Bernhard Esslinger (presentation layout done with some help from Gonzalo; pictures by pixabay) Cryptography everywhere … In the digital era, we are all cryptography consumers, whether we know it or not. Whenever we use the mobile telephone, withdraw money from an ATM, go shopping to an e-commerce site using SSL, or use a messenger, we are using cryptographic services which protect the confidentiality, integrity, and authenticity of our data. The world as we know it wouldn’t exist without cryptography. Cryptography challenges education Around all of us perceived as difficult lack of understanding curricula teachers need useful tools Context of Cryptography CrypTool today: 5 products version 1.x http://www.cryptool.org/en/cryptool1 http://www.cryptool.org/en/ct2 https://github.com/jcryptool/ http://www.cryptool-online.org http://www.mysterytwisterc3.org/ CrypTool Portal: website today JCrypTool: User presentation https://github.com/jcryptool/core/wiki/jcryptool_us er_presentation/jcryptool_presentation_en.pdf CrypTool 2: Sample screen CrypTool: founded 1998 like … • Attac, Paris • Google, Menlo Park • CrypTool, Frankfurt CrypTool 1: Two warnings • legal • worrywarts besides the warnings: CT1 still made it Playful learning Serious tool CrypTool can be used to visualize many concepts of cryptology: including digital signatures, symmetric, asymmetric and hybrid encryption, protocols, cryptanalysis, etc. CrypTool 1 package Self-contained Documentation (online help, readme, CTB, presentation; programs later website) Stories CrypTool 1 Self-contained programs Flash animations The Dialogue of the Sisters The Chinese Labyrinth There are two stories included dealing with number theory and cryptography: • In "The Dialogue of the Sisters" the title-role sisters use a variant of the RSA algorithm, in order to communicate securely.
    [Show full text]
  • Cryptology with Jcryptool V1.0
    www.cryptool.org Cryptology with JCrypTool (JCT) A Practical Introduction to Cryptography and Cryptanalysis Prof Bernhard Esslinger and the CrypTool team Nov 24th, 2020 JCrypTool 1.0 Cryptology with JCrypTool Agenda Introduction to the e-learning software JCrypTool 2 Applications within JCT – a selection 22 How to participate 87 JCrypTool 1.0 Page 2 / 92 Introduction to the software JCrypTool (JCT) Overview JCrypTool – A cryptographic e-learning platform Page 4 What is cryptology? Page 5 The Default Perspective of JCT Page 6 Typical usage of JCT in the Default Perspective Page 7 The Algorithm Perspective of JCT Page 9 The Crypto Explorer Page 10 Algorithms in the Crypto Explorer view Page 11 The Analysis tools Page 13 Visuals & Games Page 14 General operation instructions Page 15 User settings Page 20 Command line parameters Page 21 JCrypTool 1.0 Page 3 / 92 JCrypTool – A cryptographic e-learning platform The project Overview . JCrypTool – abbreviated as JCT – is a free e-learning software for classical and modern cryptology. JCT is platform independent, i.e. it is executable on Windows, MacOS and Linux. It has a modern pure-plugin architecture. JCT is developed within the open-source project CrypTool (www.cryptool.org). The CrypTool project aims to explain and visualize cryptography and cryptanalysis in an easy and understandable way while still being correct from a scientific point of view. The target audience of JCT are mainly: ‐ Pupils and students ‐ Teachers and lecturers/professors ‐ Employees in awareness campaigns ‐ People interested in cryptology. As JCT is open-source software, everyone is capable of implementing his own plugins.
    [Show full text]