Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
Review of Integrated MikesBikes
Strategy Project Guidelines
How can my team
get an A on the Project?
Day 25
Business in
Action 6e
Bove/Thill
Project Overview
This team assignment requires you to trace the
impact of marketing, management, accounting
and fi
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
216
R. Bendlin and I. Damg
ard
2. Verify that [r1 ]d , . . . , [rm ]d , []d are dconsistent and that in each block
shared, all n + 1 entries are equal. If any player broadcasts not OK, the
protocol aborts.
3. Compute, using local multiplications, [ri (1
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
Threshold Decryption and ZeroKnowledge Proofs
207
Proof. We abbreviate FKeyGenandDecrypt by FKGD in the following. To prove
security we must construct a simulator to work on top of the ideal functionality
FKGD , such that an adversary playing with either
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
222
O. Farr`
as and C. Padr
o
This paper deals with the two lines of work in secret sharing that have been
discussed previously: first, the construction of ideal secret sharing schemes for
useful classes of access structures, in particular the ones with h
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
212
R. Bendlin and I. Damg
ard
key shares, KA keys and intermediate shares are distributed exactly the same
and in the same order.
"
We must also prove that security is still maintained in the original cryptosystem, and furthermore that correctness and se
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
200
I. Damg
ard and G.L. Mikkelsen
10. Damg
ard, I., Fujisaki, E.: A statisticallyhiding integer commitment scheme based
on groups with hidden order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS,
vol. 2501, pp. 125142. Springer, Heidelberg (2002)
11. Damg
ar
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
Ideal Hierarchical Secret Sharing Schemes
223
multipartite access structures, which are recalled in Section 4, are extremely
useful. In particular, integer polymatroids play a fundamental role. Another important tool is the geometric representation introd
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
Ideal Hierarchical Secret Sharing Schemes
229
Consider a partition = (P1 , . . . , Pm ) of a set P and the partition 0 =
(cfw_p0 , P1 , . . . , Pm ) of the set Q = P cfw_p0 . A connected matroid port =
p0 (M) on P is partite if and only if the matroid M
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
Threshold Decryption and ZeroKnowledge Proofs
217
We can base the commitment schemes needed on lattice problems, thus using assumptions we would need anyway. An ecient unconditionally binding
scheme follows from the cryptosystem in[PVW08], while an uncon
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
Threshold Decryption and ZeroKnowledge Proofs
215
of shares is consistent with a polynomial of degree at most e. The players can
locally compute u new sets of shares,
[M (z1 , . . . , zut )1 ], . . . , [M (z1 , . . . , zut )u ] := [y1 ], . . . , [yu ],
s
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
Ideal Hierarchical Secret Sharing Schemes
233
that a hierarchical access structure is ideal if and only if it is a minor of an
access structure in the family that is presented in Section 6. Therefore every
ideal hierarchical access structure is a Kvector
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
Threshold Decryption and ZeroKnowledge
Proofs for LatticeBased Cryptosystems
Rikke Bendlin and Ivan Damg
ard
Department of Computer Science, Aarhus University
cfw_rikkeb,[email protected]
Abstract. We present a variant of Regevs cryptosystem first presented
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
Ideal Hierarchical Secret Sharing Schemes
235
3. it is a tripartite access structure in one of the families T1 , T2 or T3 , or
4. it is a composition of smaller ideal weighted threshold access structures.
We present next a sketch of our proof for this res
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
Ideal Hierarchical Secret Sharing Schemes
225
A partite access structure is said to be hierarchical if q p for every
pair of participants p Pi and q Pj with i < j. That is, the participants in
the first level are hierarchically superior to those in the
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
Ideal Hierarchical Secret Sharing Schemes
227
composition of matroid ports is a matroid port, and the same applies to K vector
space access structures. A proof for these facts can be found in [17]. The access
structures that can be expressed as the compo
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
234
O. Farr`
as and C. Padr
o
problem proposed by Tassa [35] is to determine what access structures of this
form are ideal. Observe that the extreme cases = 1 and = m correspond
to the ideal hierarchical access structures in Examples 3 and 4, respectively
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
232
O. Farr`
as and C. Padr
o
Proposition 14. Let = (P1 , . . . , Pm ) be an mpartition of a set P and let
be a hierarchical access structure on P . Let x1 , . . . , xr Zm
+ be the hminimal
points of and consider si = s(xi ) = max(supp(xi ). Suppose t
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
210
R. Bendlin and I. Damg
ard
share in r, thus! obtaining
" ! " [s]. D is disqualified if the value broadcast is not in
the interval [ ut 3 q, ut 3 q]. This guarantees that
required interval
! "sis in
! "the
even if D is corrupt, since r is in the interv
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
A Hardcore Lemma for Computational
Indistinguishability: Security Amplification for
Arbitrarily Weak PRGs with Optimal Stretch
Ueli Maurer and Stefano Tessaro
Department of Computer Science, ETH Zurich, 8092 Zurich, Switzerland
cfw_maurer,[email protected]
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
Midterm Exam #1 Recap
Class Days 113
Test questions concentrated on Days 613
Teamrelated concepts evaluated through
project and peer evaluations
All assigned text readings, Powerpoint
slides, and MB manual
Review chapter learning objectives and
detaile
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
Inventory Management and
Required Decisions for Initial
Rollover in Mikes Bikes
Day 21
GAME ON!
Business in
Action 6e
Bove/Thill
Inventory Management in MikesBikes
MikesBikes
Decisions
Useful Inventory Concepts
Forecasting
Inventory Functions &
Objectives
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
Study Guide 4
1. The causes that led up to the Boxers Rebellion were primarily due to Chinese
secret organizations Society of the Righteous and Harmonious Fists led an
uprising in northern China against the spread of Western and Japanese influence
there.
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
236
O. Farr`
as and C. Padr
o
13. Ito, M., Saito, A., Nishizeki, T.: Secret sharing scheme realizing any access structure. In: Proc. IEEE Globecom 1987, pp. 99102 (1987)
14. Karnin, E.D., Greene, J.W., Hellman, M.E.: On secret sharing systems. IEEE
Trans.
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
218
A
R. Bendlin and I. Damg
ard
ZeroKnowledge Proof When q Is Not Prime
The only part of the multiparty protocol underlying our zeroknowledge proof
that does not work when q is not a prime is the step where it is verified that
the ri are binary, essent
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
226
O. Farr`
as and C. Padr
o
is a minimal qualified subset such that it is impossible to replace a participant
in it with another participant in an inferior level and still remain qualified.
We present next three examples of families of hierarchical acce
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
A Hardcore Lemma for Computational Indistinguishability
239
functions, and has subsequently been followed by a prolific line of research considering a wide range of other cryptographic primitives.
Previous Work. The only known security amplification resul
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
240
1.3
U. Maurer and S. Tessaro
A Tight Characterization of Computational Indistinguishability
Let X and Y be random variables with the same range U. Assume that we
can show that there exist events A and B defined on the choices of X and Y
by some condit
Layyah Institute Commerce & Computer Science, Layyah
Introduction to Programming
CS 102

Winter 2016
194
I. Damg
ard and G.L. Mikkelsen
reduced modulo and afterward broadcast to open = (ra mod ) + , where
0 < 3. If 0 (mod ) then a, however, if 0 (mod ) then either
a or r. To prevent the protocol from rejecting a when r the protocol is
executed a numb