Register now to access 7 million high quality study materials (What's Course Hero?) Course Hero is the premier provider of high quality online educational resources. With millions of study documents, online tutors, digital flashcards and free courseware, Course Hero is helping students learn more efficiently and effectively. Whether you're interested in exploring new subjects or mastering key topics for your next exam, Course Hero has the tools you need to achieve your goals.
15 Pages
013-BTBiBa
Course: CSC 774, Fall 2008School: N.C. State
Rating:
Word Count: 634
Document Preview
Science Better Computer than BiBa: Short One-time Signatures with Fast Signing and Verifying Leonid Reyzin and Natan Reyzin April 30th, 2002 Presented by: Michael Lee Introduction Problem One-time signature schemes used in broadcast authentication Needs to have efficient signing efficient verifying small public key size small signature size Goal Create a more efficient one-time signature scheme...
Unformatted Document Excerpt
Coursehero >> North Carolina >> N.C. State >> CSC 774Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.
Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.
Science
Better Computer than BiBa:
Short One-time Signatures with Fast Signing and Verifying Leonid Reyzin and Natan Reyzin April 30th, 2002 Presented by: Michael Lee
Introduction
Problem
One-time signature schemes used in broadcast authentication Needs to have
efficient signing efficient verifying small public key size small signature size
Goal
Create a more efficient one-time signature scheme than Biba
Computer Science
Previous Work
Lamport/Rabin
One-time signature schemes based on one-way functions Created efficient one-time signature scheme for use with broadcast authentication Benefits
Biba
Fast verification of signatures Small communication overhead Time to sign a message
Computer Science
Disadvantages
Overview
One-time signature scheme (HORS) which
verifies slightly faster than Biba signs faster than verifying (much faster than Biba) key and signature sizes are slightly improved for same security level compared to Biba necessary for Biba stream authentication scheme
Can be used r times instead of just once
Can be used in the Biba stream authentication scheme without modification
Computer Science
HORS: Hash to Obtain Random Subset
Pick k and t
k is linear to public key size t is linear to signature size and verification time
T = set {1,2,...,t} f = one-way function
Computer Science
HORS: Hash to Obtain Random Subset
H = hash function resulting in at most a k-element subset of T (picked from an random family of hash functions)
Infeasible that two messages result in same subset (strong collision resistance property of hash functions) SHA-1 should work for small values of r SHA-1 output split into k substrings of length log2 t each. k = 16; t = 210 (160 = 16 * 10) k = 20; t = 28 (160 = 20 * 8)
SHA-1 output k1 k2 k3 k4 k5 k6 k7 k8 k9 k10 k11 k12 k13 k14 k15 k16
Computer Science
Key Generation
Secret Key
Generate t random l-bit strings (s1, ..., st) Secret Key = (k, s1, ..., st) Use one-way function f to compute where vn = f (sn) Key Public = (k, v1, ..., vt)
Public Key
Computer Science
Sign
h = H(m) Split h into k substrings hi, ...hk of length log2 t Interpret hj as integer ij for 1 j k Signature = Ex
si1 ,..., sik
h1 = 50, then the first value in signature will be s50
SHA-1 output h3 h4 h5 h6 h7 h8 h9 h10 h11 h12 h13 h14 h15 h16
h1
h2
Computer Science
Verify
Signature (s1, ..., sk) h = H(m) Split h into k substrings hi, ...hk of length log2 t Interpert hj as integer ij for 1 j k Verify
f ( s j ) = vi j
for all j where 1 j k
Accept signature if true for all j Reject signature if false for any j f (s1) = 1074 = v50
Ex
Computer Science
Security Analysis
HORS signatures can be compromised
when the one-way property of f or H has been broken. if the attacker can cache enough signatures to forge a new signature
H (mr +1 ) H (m1 ) H (m2 ) ... H (mr )
Computer Science
1
Biba Comparison
Sign: Calls to Random Oracle/Hash Function
Biba: 2t HORS: 1 Biba: k HORS: k Biba: k HORS: 1
Computer Science
Verify: Calls to one-way function f
Verify: Calls to Random Oracle/Hash Function
1
Biba Comparison (cont.)
r-non-adaptive message attack HORS can use slightly smaller...
Find millions of documents on Course Hero - Study Guides, Lecture Notes, Reference Materials, Practice Exams and more.
Course Hero has millions of course specific materials providing students with the best way to expand
their education.
Below is a small sample set of documents:
Below is a small sample set of documents:
Wilfrid Laurier - SENG - 311
CPSC 333 / SENG 311: Foundations of Software EngineeringInstructors Dr. Rose Joshua, ICT 548 joshuar@cpsc.ucalgary.ca Office Hours: MTW: 12-1pm Dr. Rob Walker, ICT 546 rwalker@cpsc.ucalgary.ca Office Hours: WF: 1-2pmCPSC 333 / SENG 311 Lecture 1
Portland - PS - 442
Greece in the Fifth Century B.C.Melian DialogueExcerpts from The History of the Peloponnesian War, by ThucydidesAthenians. For ourselves, we shall not trouble you with specious pretenses- either of how we have the right to our empire because we
Portland - CFS - 410
Child and Family Studies 410U: Sex and the Family Spring 2002Dr. Carol Morgaine, Ph.D Associate Professor, Child and Family Studies 6th Avenue Building 6th Avenue Building 503-725-8535 (to make 503-725-8535 (to make appointments) appointments) 503-
Mt. Holyoke - CHEM - 201
Chem 201 Additional Aspects of EquilibriaSpring 2009M. A. GomezIn the last chapter, we considered acid/base equilibria which are important in many areas of chemistry and biology. While discussing chronic beryllium disease, we mentioned that the
Castleton State College - ENV - 3130
Kanat 2009Environmental GeologyHomework Assignment Doubling TimeAnswer the questions below and present the results on graphs that are uncluttered, neat, well labeled, and properly referenced. Grammar, parts of speech, noun-verb agreement, and s
N.C. State - ST - 790
Classes of Nonseparable, Spatio-Temporal Stationary Covariance FunctionsNoel Cressie and Hsin-Cheng Huang (1999)1IntroductionLet {Z(s; t) : s D Rd ; t [0, )} denote a spatio-temporal random process observed at N space-time coordinates (s1 ;
N.C. State - ST - 511
Statistics 511Fall 05Instructor: Dr. Roger Woodard Office: Patterson 4A Phone: 515-1938 Email: woodard@stat.ncsu.edu Office Hours: Monday and Wednesday 2:30-3:30 PM Teaching associate: To Be Announced Course Web Site: Additional materials and cou
N.C. State - ST - 552
ST 552Linear ModelsSpring 2009Homework #6 - due Wednesday, 25 March 2009 * turn in just starred (*) questions *Exercises at the end of Appendix A: 72, 73 Exercises at the end of Chapter 5: 1*(see changes below) , 2, 3, 4, 7*, 11*, 14, 21*, 22
N.C. State - ST - 790
Model Selection IMS Lecture Notes - Monograph Series (2001) Volume 38The Practical Implementation of Bayesian Model SelectionHugh Chipman, Edward I. George and Robert E. McCulloch The University of Waterloo, The University of Pennsylvania and The
N.C. State - ST - 732
The SAS System 1 The GLM Procedure Class Level Information Class Levels Values
Johns Hopkins - ECE - 353
The Johns Hopkins University Department of Electrical and Computer Engineering 520.454 - Control Systems Design - Spring 2007 Problem Set #0 Problems 1. Suppose that the input to a linear, time-invariant system was u(t) = et sin(2t), and this resulte
N.C. State - CH - 331
NORTH CAROLINA STATE UNIVERSITY Department of Chemistry CH 331 Physical Chemistry Given:Name_ Practice Mid-termg = 9.81 m/s2 R = 8.314 J mol-1 K-1 = 0.08206 L atm mol-1 K-1 1 atm = 1.0133 x 105 Nm-2 = 760 Torr P = P0exp{-Mgh/RT}P2 = P1 + ln t
N.C. State - CH - 331
North Carolina State University Physical Chemistry 331 Homework #6 Name _ Section _ Due date: Friday Oct. 22 1. It is often said the the primary charge separation step of photosynthesis is the most efficient electron transfer reaction known. a. Assum
N.C. State - ACC - 410
Fall 2005 GOVERNMENT AND NONPROFIT ACCOUNTING ACCOUNTING 410 Chapter 7 The Governmental Fund Accounting Cycle - Proprietary- Type Funds Internal Service Funds (ISF) When business type activities for goods/services are supplied to other gvt. departme
Virginia Tech - ETD - 03102001
East Los Angeles College - MJ - 665
Proceedings of the 1st Conference of the European Cooperation in Informatics, Amsterdam August 9-12, 1976, pages 236-262; Lecture Notes in Computer Science 44, K Samelson ed, Springer, 1976.CONSTRUCTIVE METHODS OF PROGRAM DESIGN M. A. Jackson Micha
N.C. State - MEA - 100
MEA 100Introduction to Earth Systems: This is a stealth course in Environmental Science. We will emphasize a quantitative approach based on knowledge of both abiotic and biotic systems.courses.ncsu.edu/mea100/lec/001/Introduction to Earth System
Contra Costa College - COEN - 244
COEN244 Winter 2008 Section U by Dr. Aishy Amer 5 % (A 3, 4, &5) 15 % (5/6) submitted and compiled: -1 25 % submitted and did not compile: -2 53 % did not write (DNW) or did not submit: 0 2 % Note: if you did better in the final, your mark of the mid
University of Iowa - CS - 185
CS 185: Type Preservation, Constraint Solving. Types. type := base | type typeType assignment rules. (x) = T t-var x:T t1 : T 2 T 1 t2 : T 2 t-app t1 t2 : T 1 , x : T1 t : T2 t-lam x.t : T1 T2 t : T.Type Preservation Theorem. If t : T a
University of Iowa - CS - 185
CS 185, Homework 1Denotational Semantics of IMP [100 points].Your solution to this assignment is due Sept. 16th, at the start ofclass. The start of class is defined as within the first 10 minutes,so please do not be late.Recall the course col
University of Iowa - CS - 185
> I. Non-determinism and Concurrency [40 points]> For each of the following commands, first state whether it is using> guarded commands (Ch. 7), shared-variable concurrency (Ch. 8), or> communication via channels (Ch. 9). Then show all possible t
University of Iowa - CS - 185
Programming in Lambda CalculusLambda calculus syntax is nice and compact, and has severaleasy-to-define operational semantics.But can you program in it?Yes, by encoding all data as lambda-abstractions.A piece of data is encoded as a function
University of Iowa - CS - 185
CS 185: Combinators and Substitution10/16/08Last time: Scott-encoded data, in particular, unary natural numbers.0 = \ s . \ z. z1 = \ s . \ z. (s 0)2 = \ s . \ z. (s 1).Scott-encoded booleans:tt = _ff = _and = \ b1 . \ b2. _No
University of Iowa - CS - 185
CS 185, Confluence of Lambda Calculus ContinuedAs we saw last time, our goal is to prove the diamondproperty for the weak multi-step reduction relation -w-> defined inductively as follows:- refle -w-> ee -w-> e'- lambdalambda x. e -w-> la
University of Iowa - CS - 185
CS 185, Homework 3Concurrency and Lambda Calculus [100 points].Your solution to this assignment is due Friday, Oct. 31st, at 3pm.Turn in your solution to my mailbox, in the CS mail room. --I. Non-determinism and Concurrency [40 points]For eac
University of Iowa - CS - 185
CS 185: Lecture Notes on Simple Types. Syntax. The syntax of simple types is given by type := base | type typewhere base is any non-empty set of base types (for example, int or char). We use T as a meta-variable for types. The intuition is that T1
University of Iowa - CS - 185
CS 185, Homework 4Lambda Calculus and Functional Programming [100 points, 30 extra credit].Your solution to this assignment is due Wednesday, Nov. 21, at 3pm.Turn in your solution to my mailbox, in the CS mail room. --I. Confluence [30 points]
Concordia Canada - LYRA - 11247
N.C. State - CS - 312
Farm Plan homework Due: Lab on Monday Nov 21 Yesterday (Nov 15) we reviewed the basics for developing a whole farm forage plan and we walked the old Beef Teaching Unit to evaluate pastures and observe the landscape. On Nov 21 we will use a computer p
University of Iowa - IBS - 593
Directed evolution of ampicillin-resistant activity from a functionally unrelated DNA fragment: A laboratory model of molecular evolutionTakato Yano and Hiroyuki Kagamiyama*Department of Biochemistry, Osaka Medical College, Takatsuki, Osaka 569-868
University of Iowa - ME - 159
THE UNIVERSITY OF IOWA Department of Mechanical & Industrial Engineering Fracture Mechanics 58:159 Homework #1 Total Points: 20 Assigned: January 28, 2009 Due: February 09, 2009Problem 1: Consider a plate containing a circular hole of radius a, as
University of Texas - ASE - 366
N.C. State - OR - 706
Motivation, Intuition, Speculation, Theorizationy[]()()xboundary / interior points closed / open sets bounded / compact sets convex sets . . . continuous functions differentiable functions convex / concave functions Taylor Series . . .1
University of Iowa - TA - 016
1. Enter.2. Leave. 3. QuitInput your option: 1*Welcome to the parking lot!1. Enter.2. Leave. 3. QuitInput your option: 2*Good bye!1. Enter.2. Leave. 3. QuitInput your option: 1*Welcome to the parking lot!1. Enter.2. Leave. 3.
East Los Angeles College - COMS - 12200
Hardware/Software Interface : Part 3So far, we have ignored the topic of function calls. A function call can be split into two partsThe caller part is what makes the function call. The callee part is the actual function itself.To implement funct
Wilfrid Laurier - MATH - 249
Math 249 Lecture 08: Inverse Functions, One-to-one Functions. Objective: To learn the meaning of one-to-one functions and inverse functions, how to determine whether a function is one-to-one, and how to find inverse functions of one-to-one functions
Wilfrid Laurier - MATH - 249
Math 249 L05/L06 (Fall 2007) Worksheet 7 1. p.205 #27. 2. p.205 #29. 3. p.205 #32. 4. p.218 #44. 5. p.218 #32. 6. p.218 #34. 7. p.228 #38. 8. p.228 #50. 9. p.228 #52.November 5-9, 20071
Wilfrid Laurier - MATH - 249
Math 249 Lecture 27: Logarithmic Dierentiation Objective: To learn the method of logarithmic dierentiation. Concepts: To nd the derivative of y = f (x)g(x) . f (x)g(x) = eln(f (x) Logarithmic Dierentiation Examples. 1. Find the derivative of the fo
Middlebury - ECON - 0340
November 8, 2005Bush, Meeting Panama's Leader, Endorses Widening of the CanalBy ELISABETH BUMILLERPANAMA, Nov. 7 - President Bush on Monday endorsed widening the Panama Canal and cited progress in reaching a free-trade agreement with Panama's pr
Wilfrid Laurier - PMAT - 445
PMAT 445 (Winter 2007) Midterm 2 1. Dene the following. (a) (10 marks) Interior pointMarch 14, 2007(b) (10 marks) Connected sets (If you use the term separated sets dene it too) (c) (10 marks) Directional derivative2. (30 marks) Prove this theo
Wilfrid Laurier - MATH - 403
MATH 403 (Winter 2007) Assignment 3Due: March 7, 20071. Use the - characterization of continuity to verify that the following functions are continuous at the given points. (a) (3 marks) f (x) = 3x - 7y, at point p = (4, 2) . (b) (5 marks) g (x)
University of Iowa - PSYCHOLOGY - 31174
University of Iowa - PSYCHOLOGY - 31174
LSA 33:144/Psych 31:174 Mind and Behavior: Natural Science and Cognition after Darwin Brief Essay 2 DUE: March 11 (Please provide two copies of this essay when you turn it in.)Write a 2 - 4 page essay addressing the following question:B.F. Skinne
University of Iowa - PSYCHOLOGY - 31241
AuditoryProcessingPhysical Dimension Amplitude Frequency ComplexityPerceptual Dimension Loudness Pitch TimbreW. W. NortonW. W. NortonW. W. NortonW. W. NortonMapping the Auditory System in Rhesus MonkeysTheUniversityofIowa Departmentof
Allan Hancock College - ELEC - 2041
Overview ELEC2041 Microprocessors and Interfacing Lectures 24: Compiler, Assembler, Linker and Loader I http:/webct.edtec.unsw.edu.au/ Compiler Assembler Linker Loader ExampleMay 2006 Saeid Nooshabadi saeid@unsw.edu.auELEC2041 lec24-linker-I
Allan Hancock College - ELEC - 2041
Overview ELEC2041 Microprocessors and Interfacing Lectures 25: Compiler, Assembler, Linker and Loader II http:/webct.edtec.unsw.edu.au/ Assembler Linker Loader ExampleMay 2006 Saeid NooshabadiELEC2041 lec25-linker.II.1saeid@unsw.edu.auSae
N.C. State - CS - 746
Crossing-Over and Recombination Updated 2/20/06 Required Readings: Fu, H. et al., 2002. Recombination rates between adjacent genic and retrotransposon regions in maize vary by 2 orders of magnitude. PNAS 99:1082-1087. Yao, H. et al. 2002. Molecular c
N.C. State - MA - 242
MA 242Fall, 1999Final Exam - SOLUTIONSL. K. Norris1. (15 pts) The position vector of a moving particle is given by r(t) = (t2 - 1)i + (t3 - t + 1) + t2 k (a) Find the velocity and acceleration vectors of the particle for t 0. 5 points SOLUTI
N.C. State - MA - 242
MA 242 Section 009Fall, 1999Test #1L. K. Norris(You must show your work to receive partial credit)1. (10 pts) Sketch the surfaces given by the following equations: (a) z + 9 = x2 + y 2 , (b) y 2 + 4z 2 = x2 + 9SOLUTION: The rst is an elli
N.C. State - MA - 401
A Summary of Various SL Problems L.K. Norris No. 1 2 3 4 SL Type Regular Regular Periodic Regular ODE y + y = 0 y + y = 0 y + y = 0 y + y = 0 Boundary Conditions y(0) = y() = 0 y (0) = y () = 0 y() = y() y () = y () y(0) = 0 y() + y () = 0 Eigenvalue
N.C. State - MA - 242
N.C. State - MA - 242
Middlebury - MATH - 0410
MATH 410 HOMEWORK #3 (due Wednesday, February 25)Spring 2009I. Look at our handout for the gambler's ruin probabilities. For p < q, consider the chance of winning when you are 25, 10 or 5 units away from the goal N. Observe that these probabiliti
N.C. State - AEE - 526
The Joy of Using ExcelNCSU Agricultural & Extension Education AEE 526Excel is a _ Program A. layout B. record keeping C. data base D. spreadsheet CORRECT ANSWER: spreadsheetNCSU Agricultural & Extension Education AEE 526What is Excel
University of Iowa - M - 170
What Every Computer Scientist Should Know About Floating Point ArithmeticENote This document is an edited reprint of the paper What Every Computer Scientist Should Know About Floating-Point Arithmetic, by David Goldberg, published in the March,
University of Texas - PSY - 355
Attention What is attention? Low level attention Serial and parallel searchWhat is attention? How is the word used? Examples Something fluttering caught my attention I didnt see you, I was paying attention to the game. I struggled to pay at
University of Iowa - HEPSUN - 29140
Exam 2 Practice Material Physics 29:140 1. Do Problems 4.2 -4.4, 5.2-5.6, 10.7-10.8 in Squires 2. For fun look at Problem 10.6 in Squires. Here you will see that the spherical harmonics, Ylm 's are precisely the simultaneous eigenstates of L2 and Lz
University of Iowa - HEPSUN - 29105
1 Hobbie, Intermediate Physics for Medicine and Biology, 3rd. ed.ErrataLast modified: Apr. 19, 1999 Most of these corrections were found by students in my classes during the 1997-1998 academic year. I am particularly grateful to In-young Choi, who
University of Iowa - HEPSUN - 29140
HW 3, 29:140 Due Wednesday, 17 September, 2008 (10 points each problem.) 1. (Give yourself ample time for this one.) Consider again a classical point particle in a central potential given by: V (r) = krl , where k is a constant and l is an integer, r
University of Iowa - ECN - 56244
PROCEEDINGS of the HUMAN FACTORS AND ERGONOMICS SOCIETY 43rd ANNUAL MEETING - 199951THE USE OF PREDICTIVE DISPLAYS FOR AIDING CONTROLLER SITUATION AWARENESS Mica Endsley SA Technologies Randy Sollenberger & Earl Stein Federal Aviation Administrat