Making a Faster Cryptanalytic TimeMemory TradeOff


 Steven Parrish
 1 years ago
 Views:
Transcription
1 Making a Faser Crypanalyic TimeMemory TradeOff Philippe Oechslin Laboraoire de Securié e de Crypographie (LASEC) Ecole Polyechnique Fédérale de Lausanne Faculé I&C, 1015 Lausanne, Swizerland Absrac. In 1980 Marin Hellman described a crypanalyic imememory radeoff which reduces he ime of crypanalysis by using precalculaed daa sored in memory. This echnique was improved by Rives before 1982 wih he inroducion of disinguished poins which drasically reduces he number of memory lookups during crypanalysis. This improved echnique has been sudied exensively bu no new opimisaions have been published ever since. We propose a new way of precalculaing he daa which reduces by wo he number of calculaions needed during crypanalysis. Moreover, since he mehod does no make use of disinguished poins, i reduces he overhead due o he variable chain lengh, which again significanly reduces he number of calculaions. As an example we have implemened an aack on MSWindows password hashes. Using 1.4GB of daa (wo CDROMs) we can crack 99.9% of all alphanumerical passwords hashes (2 37 ) in 13.6 seconds whereas i akes 101 seconds wih he curren approach using disinguished poins. We show ha he gain could be even much higher depending on he parameers used. Key words: imememory radeoff, crypanalysis, precompuaion, fixed plainex 1 Inroducion Crypanalyic aacks based on exhausive search need a lo of compuing power or a lo of ime o complee. When he same aack has o be carried ou muliple imes, i may be possible o execue he exhausive search in advance and sore all resuls in memory. Once his precompuaion is done, he aack can be carried ou almos insanly. Alas, his mehod is no pracicable because of he large amoun of memory needed. In [4] Hellman inroduced a mehod o rade memory agains aack ime. For a cryposysem having keys, his mehod can recover a key in 2/3 operaions using 2/3 words of memory. The ypical applicaion of his mehod is he recovery of a key when he plainex and he cipherex are known. One domain where his applies is in poorly designed daa encrypion sysem where an aacker can guess he firs few byes of daa (e.g.
2 2 #include <sdio.h> ). Anoher domain are password hashes. Many popular operaing sysems generae password hashes by encryping a fixed plainex wih he user s password as key and sore he resul as he password hash. Again, if he password hashing scheme is poorly designed, he plainex and he encrypion mehod will be he same for all passwords. In ha case, he password hashes can be calculaed in advance and can be subjeced o a imememory radeoff. The imememory radeoff (wih or wihou our improvemen) is a probabilisic mehod. Success is no guaraneed and he success rae depends on he ime and memory allocaed for crypanalysis. 1.1 The original mehod Given a fixed plainex P 0 and he corresponding cipherex C 0, he mehod ries o find he key k which was used o encipher he plainex using he cipher S. We hus have: C 0 = S k (P 0 ) We ry o generae all possible cipherexs in advance by enciphering he plainex wih all possible keys. The cipherexs are organised in chains whereby only he firs and he las elemen of a chain is sored in memory. Soring only he firs and las elemen of a chain is he operaion ha yields he radeoff (saving memory a he cos of crypanalysis ime). The chains are creaed using a reducion funcion R which creaes a key from a cipher ex. The cipher ex is longer ha he key, hence he reducion. By successively applying he cipher S and he reducion funcion R we can hus creae chains of alernaing keys and cipherexs. k i S ki (P 0) C i R(C i) k i+1 The succession of R(S k (P 0 )) is wrien f(k) and generaes a key from a key which leads o chains of keys: k i f ki+1 f ki+2... m chains of lengh are creaed and heir firs and las elemens are sored in a able. Given a cipherex C we can ry o find ou if he key used o generae C is among he ones used o generae he able. To do so, we generae a chain of keys saring wih R(C) and up o he lengh. If C was indeed obained wih a key used while creaing he able hen we will evenually generae he key ha maches he las key of he corresponding chain. Tha las key has been sored in memory ogeher wih he firs key of he chain. Using he firs key of he chain he whole chain can be regeneraed and in paricular he key ha comes jus before R(C). This is he key ha was used o generae C, which is he key we are looking for. Unforunaely here is a chance ha chains saring a differen keys collide and merge. This is due o he fac ha he funcion R is an arbirary reducion
3 3 of he space of cipherexs ino he space of keys. The larger a able is, he higher is he probabiliy ha a new chain merges wih a previous one. Each merge reduces he number of disinc keys which are acually covered by a able. The chance of finding a key by using a able of m rows of keys is given in he original paper [4] and is he following: P able 1 m 1 i=1 j=0 ( i ) j+1 1 (1) The efficiency of a single able rapidly decreases wih is size. To obain a high probabiliy of success i is beer o generae muliple ables using a differen reducion funcion for each able. The probabiliy of success using l ables is hen given by: P success m 1 i=1 j=0 ( 1 i l ) j+1 Chains of differen ables can collide bu will no merge since differen reducion funcions are applied in differen ables. (2) False alarms When searching for a key in a able, finding a maching endpoin does no imply ha he key is in he able. Indeed, he key may be par of a chain which has he same endpoin bu is no in he able. In ha case generaing he chain from he saved saring poin does no yield he key, which is referred o as a false alarm. False alarms also occur when a key is in a chain ha is par of he able bu which merges wih oher chains of he able. In ha case several saring poins correspond o he same endpoin and several chains may have o be generaed unil he key is finally found. 1.2 Exising work In [2] Rives suggess o use disinguished poins as endpoins for he chains. Disinguished poins are poins for which a simple crieria holds rue (e.g. he firs en bis of a key are zero). All endpoins sored in memory are disinguished poins. When given a firs cipherex, we can generae a chain of keys unil we find a disinguished poin and only hen look i up in he memory. This grealy reduces he number of memory lookups. All following publicaions use his opimisaion. [6] describes how o opimise he able parameers, m and l o minimise he oal cos of he mehod based on he coss of memory and of processing engines. [5] shows ha he parameers of he ables can be adjused such as o increase he probabiliy of success, wihou increasing he need for memory or he crypanalysis ime. This is acually a radeoff beween precompuaion ime and success rae. However, he success rae canno be arbirarily increased. Bors noes in [1] ha disinguished poins also have he following wo advanages:
4 4 They allow for loop deecion. If a disinguished poin is no found afer enumeraing a given number of keys (say, muliple imes heir average occurrence), hen he chain can be suspeced o conain a loop and be abandoned. The resul is ha all chains in he able are free of loops. Merges can easily be deeced since wo merging chains will have he same endpoin (he nex disinguished poin afer he merge). As he endpoins have o be sored anyway he merges are discovered wihou addiional cos. [1] sugges ha i is hus easy o generae collision free ables wihou significan overhead. Merging chains are simply hrown away and addiional chains are generaed o replace hem. Generaing merge free ables is ye anoher radeoff, namely a reducion of memory a he cos of exra precompuaion. Finally [7] noes ha all calculaions used in previous papers are based on Hellman s original mehod and ha he resuls may be differen when using disinguished poins due o he variaion of chain lengh. They presen a deailed analysis which is backed up by simulaion in a purposebuil FPGA. A varian of Hellman s radeoff is presened by Fia and oar in [3]. Alhough his radeoff is less efficien, i can be rigorously analysed and can provably inver any ype of funcion. 2 Resuls of he original mehod 2.1 Bounds and parameers There are hree parameers ha can be adjused in he imememory radeoff: he lengh of he chains, he number of chains per able m and he number of ables produced l. These parameers can be adjused o saisfy he bounds on memory M, crypanalysis ime T and success rae P success. The bound on success rae is given by equaion 2. The bound on memory M is given by he number of chains per able m, he number of ables l and he amoun of memory m 0 needed o sore a saring poin and an endpoin (8 byes in our experimens). The bound in ime T is given by he average lengh of he chains, he number of ables l and he rae 1 0 a which he plainex can be enciphered ( /s in our case). This bound corresponds o he wors case where all ables have o be searched bu i does no ake ino accoun he ime spen on false alarms. M = m l m 0 T = l 0 Figure 1 illusraes he bounds for he problem of cracking alphanumerical windows passwords (complexiy of 2 37 ). The surface on he oplef graph is he bound on memory. Soluions saisfying he bound on memory lie below his surface. The surface on he boomlef graph is he bound on ime and soluions also have o be below ha surface o saisfy he bound. The graph on he righ side shows he bound on success probabiliy of 99.9% and he combinaion of he wo previous bounds. To saisfy all hree bounds, he parameers of he
5 5 M < 1.4GB Success > 0.999, min(m <1.4GB, T < 220) l l m T < 220s 0 l m m Fig. 1. Soluion space for a success probabiliy of 99.9%, a memory size of 1.4GB and a maximum of 220 seconds in our sample problem. soluion mus lie below he proruding surface in he cenre of he graph (ime and memory consrains) and above he oher surface (success rae consrain). This figure nicely illusraes he conen of [5], namely ha he success rae can be improved wihou using more memory or more ime: all he poins on he ridge in he cenre of he graph saisfy boh he bound on crypanalysis ime and memory bu some of hem are furher away from he bound of success rae han ohers. Thus he success rae can be opimised while keeping he same amoun of daa and crypanalysis ime, which is he resul of [5]. We can even go one sep furher han he auhors and sae ha he opimal poin mus lie on he ridge where he bounds on ime and memory mee, which runs along m = T M. This reduces he search for he opimal soluion by one dimension. 3 A new able srucure wih beer resuls The main limiaion of he original scheme is he fac ha when wo chains collide in a single able hey merge. We propose a new ype of chains which can collide wihin he same able wihou merging. We call our chains rainbow chains. They use a successive reducion funcion for each poin in he chain. They sar wih reducion funcion 1 and end wih reducion funcion 1. Thus if wo chains collide, hey merge only if he collision appears a he same posiion in boh chains. If he collision does no appear a he same posiion, boh chains will coninue wih a differen reducion funcion and will hus no merge. For chains of lengh, if a collision occurs, he chance of i being a merge is hus only 1. The probabiliy of success wihin a single
6 6 able of size m is given by: P able = 1 (1 m i ) (3) i=1 ( where m 1 = m and m n+1 = 1 e mn The derivaion of he success probabiliy is given in he appendix. I is ineresing o noe ha he success probabiliy of rainbow ables can be direcly compared o ha of classical ables. Indeed he success probabiliy of classical ables of size m is approximaely equal o ha of a single rainbow able of size m. In boh cases he ables cover m 2 keys wih differen reducion funcions. For each poin a collision wihin a se of m keys ( a single classical able or a column in he rainbow able) resuls in a merge, whereas collisions wih he remaining keys are no merges. The relaion beween ables of size m and a rainbow able is shown in Figure 2. The probabiliy of success are compared in Figure 3. oe ha he axes have been relabeled o creae he same scale as wih he classical case in Figure 1. Rainbow ables seem o have a slighly beer probabiliy of success bu his may jus be due o he fac ha he success rae calculaed in he former case is he exac expecaion of he probabiliy where as in he laer case i is a lower bound. To lookup a key in a rainbow able we proceed in he following manner: Firs we apply R n 1 o he cipherex and look up he resul in he endpoins of he able. If we find he endpoin we know how o rebuild he chain using he corresponding saring poin. If we don find he endpoin, we ry if we find i by applying R n 2, f n 1 o see if he key was in he second las column of he able. Then we ry o apply R n 3, f n 2, f n 1, and so forh. The oal number of calculaions we have o make is hus ( 1) 2. This is half as much as wih he classical mehod. Indeed, we need 2 calculaions o search he corresponding ables of size m. Rainbow chains share some advanages of chains ending in disinguished poins wihou suffering of heir limiaions: The number of able lookups is reduced by a facor of compared o Hellman s original mehod. Merges of rainbow chains resul in idenical endpoins and are hus deecable, as wih disinguished poins. Rainbow chains can hus be used o generae mergefree ables. oe ha in his case, he ables are no collision free. Rainbow chains have no loops, since each reducion funcion appears only once. This is beer han loop deecion and rejecion as described before, because we don spend ime on following and hen rejecing loops and he coverage of our chains is no reduced because of loops han can no be covered. Rainbow chains have a consan lengh whereas chains ending in disinguished poins have a variable lengh. As we shall see in Secion 4.1 his )
7 7 m k1 1,1 m k 1 m,1 k2 1,1 m m k 2 m,1. k 1 1,1 k 1 f 1 m,1 k 1,1 k m,1 f 1 f 1 f 1 k 1 1, f 1 f 1 f 1 k 1 m, f 2 f 2 f 2 k 2 1, f 2 f 2 f 2 k 2 m,. f 1 f 1 f 1 k 1 1, f 1 f 1 k 1 m, f f f k 1, f f f k m, m f k 1 f 2 f 1 1,1 k 1, f k 1 f 2 f 1 m,1 k m, Fig. 2. classic ables of size m on he lef and one rainbow able of size m on he righ. In boh cases merges can occur wihin a group of m keys and a collision can occur wih he remaining m( 1) keys. I akes half as many operaions o look up a key in a rainbow able han in classic ables. reduces he number of false alarms and he exra work due o false alarms. This effec can be much more imporan ha he facor of wo gained by he srucure of he able. 4 Experimenal resuls We have chosen cracking of MS Windows passwords as an example because i has a realworld significance and can be carried ou on any sandard worksaion. The password hash we ry o crack is he LanManager hash which is sill suppored by all versions of MS Windows for backward compaibiliy. The hash is generaed by cuing a 14 characers password ino wo chunks of seven characers. In each chunk, lower case characers are urned o upper case and hen he chunk is used as a key o encryp a fixed plainex wih DES. This yields wo 8 bye hashes which are concaenaed o form he 16 bye LanManager hash. Each halves of he LanManager hash can hus be aacked separaely and passwords of up o 14 alphanumerical generae only 2 37 differen 8 bye hashes (raher han bye hashes).
8 8 Success > and min(memory <1.4GB, Time < 110) l m Fig. 3. Comparison of he success rae of classical ables and rainbow ables. The upper surface represens he consrain of 99.9% success wih classical ables, he lower surface is he same consrain for rainbow ables. For rainbow ables he scale has been adjused o allow a direc comparison of boh ypes of ables m m, l l Based on Figure 1 we have chosen he parameers for classic ables o be c = 4666, m c = 8192 and for rainbow ables o be r = 4666, m r = c m c = We have generaed 4666 classic ables and one rainbow able and measured heir success rae by cracking 500 random passwords on a sandard worksaion (P4 1.5GHz, 500MB RAM). The resuls are given in he able below: classic wih DP rainbow, m, l 4666, 8192, , , 1 prediced coverage 75.5% 77.5% measured coverage 75.8% 78.8% Table 1. Measured coverage for classic ables wih disinguished poins and for rainbow ables, afer cracking of 500 password hashes This experimen clearly shows ha rainbow ables can achieve he same success rae wih he same amoun of daa as classical ables. Knowing his, i is now ineresing o compare he crypanalysis ime of boh mehods since rainbow ables should be wice as fas. In Table 2 we compare he mean crypanalysis ime, he mean number of hash operaions per crypanalysis and he mean number of false alarms per crypanalysis.
9 9 Wha we see from able 2 is ha our mehod is acually abou 7 imes faser han he original mehod. Indeed, each crypanalysis incurs an average of 9.3M hash calculaions wih he improved mehod whereas he original mehod incurs 67.2M calculaions. A facor of wo is explained by he srucure of he ables. The remaining speedup is caused by he fac ha here are more false alarms wih disinguished poins (2.8 imes more in average) and ha hese false alarms generae more work. Boh effecs are due o he fac ha wih disinguished poins, he lengh of he chains is no consan. 4.1 The imporance of being consan Faal aracion: Variaions in chain lengh inroduce variaions in merge probabiliy. Wihin a given se of chains (e.g. one able) he longer chains will have more chances o merge wih oher chains han he shor ones. Thus he merges will creae larger rees of longer chains and smaller rees of shorer chains. This has a doubly negaive effec when false alarms occur. False alarm will more probably happen wih large rees because here are more possibiliies o merge ino a large ree han ino a small one. A single merge ino a large ree creaes more false alarms since he ree conains more chains and all chains have o be generaed o confirm he false alarm. Thus false alarms will no only end o happen wih longer chains, hey will also end o happen in larger ses. Larger overhead: Addiionally o he aracion effec of longer chains, he number of calculaions needed o confirm a false alarm on a variable lengh chains is larger han wih consan lengh chains. When he lengh of a chain is no known he whole chain has o be regeneraed o confirm he false alarm. Wih consan lengh chains we can coun he number of calculaions done o reach he end of a chain and hen know exacly a wha posiion o expec he key. We hus only have o generae a fracion of a chain o confirm he false alarm. Moreover, wih rainbow chains, false alarms will occur more ofen when we look a he longer chains (i.e. saring a he columns more o he lef of a able). Forunaely, his is also where he par of he chain ha has o be generaed o confirm he false alarms is he shores. Boh hese effecs can be seen in Table 2 by looking a he number of endpoins found, he number of false alarms and he number of calculaions per false alarm, in case of failure. Wih disinguished poins each maching poin generaes abou 4 false alarms and he mean lengh of he chains generaed is abou Wih rainbow chains here are only abou 2.5 false alarms per endpoin found and only 1500 keys generaed per false alarm. The fac ha longer chains yield more merges has been noed in [7] wihou menioning ha i increases he probabiliy and overhead of false alarms. As a resul, he auhors propose o only use chains which are wihin a cerain range of lengh. This reduces he problems due o he variaion of lengh bu i also reduces he coverage ha can be achieved wih one reducion funcion and increases he precalculaion effor.
10 10 classic wih DP rainbow raio, m, l 4666, 8192, , , 1 1 mean crypanalysis ime o success 68.9s 9.37s 7.4 o failure 181.0s 26.0s 7.0 average 96.1s 12.9s 7.4 mean nbr of hash calculaions o success 48.3M 6.77M 7.1 o failure 126M 18.9M 6.7 average 67.2M 9.34M 7.2 mean nbr of searches o success o failure average mean nbr of maching endpoins found o success o failure average mean nbr of false alarms o success o failure average mean nbr of hash calculaions per false alarms o success o failure average Table 2. saisics for classic ables wih disinguished poins and for rainbow ables 4.2 Increasing he gain even furher We have calculaed he expeced gain over classical ables by considering he wors case where a key has o be searched in all columns of a rainbow able and wihou couning he false alarms. While a rainbow able is searched from he amoun of calculaion increases quadraicly from 1 o 2 1 2, whereas in classical ables i increases linearly o 2. If he key is found early, he gain may hus be much higher (up o a facor of ). This addiional gain is parly se off by he fac ha in rainbow ables, false alarms ha occur in he beginning of he search, even if rarer, are he ones ha generae he mos overhead. Sill, i should be possible o consruc a (possibly pahological) case where rainbow ables have an arbirary large gain over classical ables. One way of doing i is o require a success rae very close o 100% and a large. The examples in he lieraure ofen use a success rae of up o 80% wih 1/3 ables of order of 1/3 chains of 1/3 poins. Such a configuraion can be replaced wih a single rainbow able of order of 2/3 rows of 1/3 keys. For some applicaions a success rae of 80% may be sufficien, especially if here are several samples of cipherex available and we
11 11 need o recover jus any key. In our example of password recovery we are ofen ineresed in only one paricular password (e.g. he adminisraor s password). In ha case we would raher have a near perfec success rae. High success raes lead o configuraions where he number of ables is several imes larger han he lengh of he chains. Thus we end up having several rainbow ables (5 in our example). Using a high success rae yields a case were we ypically will find he key early and we only rarely have o search all rows of all ables. To benefi from his fac we have o make sure ha we do no search he five rainbow ables sequenially bu ha we firs look up he las column of each able and hen only move o he second las column of each able. Using his procedure we reach a gain of 12 when using five ables o reach 99.9% success rae compared o he gain of 7 we had wih a single able and 78% success rae. More deails are given in he nex secion. 4.3 Cracking Windows passwords in seconds Afer having noiced ha rainbow chains perform much beer han classical ones, we have creaed a larger se of ables o achieve our goal of 99.9% success rae. The measuremens on he firs able show ha we would need 4.45 ables of lines and 4666 columns. We have chosen o generae 5 ables of lines in order o have an ineger number of ables and o respec he memory consrain of 1.4GB. On he oher hand we have generaed ables of 4666 columns and 7501 lines. The resuls are given in Table 3. We have cracked 500 passwords, wih 100% success in boh cases. classic wih DP rainbow raio rainbow sequenial raio, m, l 4666, 7501, , 35M, , 35M, 5 1 crypanalysis ime 101.4s s 7.5 hash calculaions 90.3M 7.4M M 7.6 false alarms (fa) hashes per fa effor spen on fa 80% 76% % 1.1 success rae 100% 100% 1 100% 1 Table 3. Crypanalysis saisics wih a se of ables yielding a success rae of 99.9%. From he middle column we see ha rainbow ables need 12 imes less calculaions. The gain in crypanalysis ime is only 1.5 imes beer due o disk accesses. On a worksaion wih 500MB of RAM a beer gain in ime (7.5) can be achieved by resricing he search o one rainbow able a a ime (rainbow sequenial). From able 3 we see ha rainbow ables need 12 imes less calculaions han classical ables wih disinguished poins. Unforunaely he gain in ime is only a facor of 1.5. This is because we have o randomly access 1.4GB of daa on a worksaion ha has 500MB of RAM. In he previous measuremens wih a
12 12 single able, he able would say in he filesysem cache, which is no possible wih five ables. Insead of upgrading he worksaion o 1.5GB of RAM we chose o implemen an approach where we search in each rainbow able sequenially. This allows us o illusrae he discussion from he end of he previous secion. When we search he key in all ables simulaneously raher han sequenially, we work wih shorer chains and hus generae less work (7.4M operaions raher han 11.8M). Shorer chains also mean ha we have less false alarms (1311 per key cracked, raher han 2773). Bu shor chains also mean ha calculaions needed o confirm a false alarm are higher (4321 agains 3080). I is ineresing o noe ha in all cases, he calculaions due o false alarms make abou 75% of he crypanalysis effor. Looking a he generic parameers of he radeoff we also noe ha he precalculaion of he ables has needed an effor abou 10 imes higher han calculaing a full dicionary. The large effor is due o he probabilisic naure of he mehod and i could be reduced o hree imes a full dicionary if we would accep 90% success rae raher ha han 99.9%. 5 An oulook a perfec ables Rainbow ables and classic ables wih disinguished poins boh have he propery ha merging chains can be deeced because of heir idenical endpoins. Since he ables have o be sored by endpoin anyway, i seems very promising o creae perfec ables by removing all chains ha merge wih chains ha are already in he able. In he case of disinguished poins we can even choose o reain he longes chain of a se of merging chains o maximise he coverage of he able. The success rae of rainbow ables and ables wih disinguished poins are easy o calculae, a leas if we assume ha chains wih disinguished poins have a average lengh of. In ha case i is sraigh forward o see ha a rainbow able of size m has he same success rae han ables of size m. Indeed, in he former case we have rows of m disinc keys where in he laer case we have ables conaining m disinc keys each. Ideally we would wan o consruc a single perfec able ha covers he complee domain of keys. The challenge abou perfec ables is o predic how many nonmerging chains of lengh i is possible o generae. For rainbow chains his can be calculaed in he same way as we calculae he success rae for nonperfec ables. Since we evaluae he number of disinc poins in each column of he able, we need only look a he number of disinc poins in he las column o know how many disinc chains here will be. ( ˆP able = 1 e m where m 1 = and m n+1 = 1 e mn ) (4) For chains delimied by disinguished poins, his calculaion is far more complex. Because of he faal aracion described above, he longer chains will be merged ino large rees. Thus when eliminaing merging chains we will eliminae
13 13 more longer chains han shorer ones. A single experimen wih 16 million chains of lengh 4666 shows ha afer eliminaion of all merges (by keeping he longes chain), only 2% of he chains remain and heir average lengh has decreased from 4666 o 386! To keep an average lengh of 4666 we have o eliminae 96% of he remaining chains o reain only he longes 4% (14060) of hem. The precalculaion effor involved in generaing maximum size perfec ables is prohibiive (). To be implemenable a soluion would use a se of ables which are smaller han he larges possible perfec ables. More advanced analysis of perfec ables is he focus of our curren effor. We conjecure ha because of he limied number of available nonmerging chains, i migh acually be more efficien o use nearperfec ables. 6 Conclusions We have inroduced a new way of generaing precompued daa in Hellman s original crypanalyic imememory radeoff. Our opimisaion has he same propery as he use of disinguished poins, namely ha i reduces he number of able lookups by a facor which is equal o he lengh of he chains. For an equivalen success rae our mehod reduces he number of calculaions needed for crypanalysis by a facor of wo agains he original mehod and by an even more imporan facor (12 in our experimen) agains disinguished poins. We have shown ha he reason for his exra gain is he variable lengh of chains ha are delimied by disinguished poins which resuls in more false alarms and more overhead per false alarm. We conjecure ha wih differen parameers (e.g. a higher success rae) he gain could be even much larger han he facor of 12 found in our experimen. These facs make our mehod a very aracive replacemen for he original mehod improved wih disinguished poins. The fac ha our mehod yields chains ha have a consan lengh also grealy simplifies he analysis of he mehod as compared o variable lengh chains using disinguished poins. I also avoids he exra precalculaion effor which occurs when variable lengh chains have o be discarded because hey have an inappropriae lengh or conain a loop. Consan lengh could even prove o be advanageous for hardware implemenaions. Finally our experimen has demonsraed ha he imememory radeoff allows anybody owning a modern personal compuer o break crypographic sysems which were believed o be secure when implemened years ago and which are sill in use oday. This goes o demonsrae he imporance of phasing ou old crypographic sysems when beer sysems exis o replace hem. In paricular, since memory has he same imporance as processing speed for his ype of aack, ypical worksaions benefi doubly from he progress of echnology. Acknowledgemens The auhor wishes o hank Maxime Mueller for implemening a firs version of he experimen.
14 14 References 1. J. Bors, B. Preneel, and J. Vandewalle. On imememory radeoff beween exhausive key search and able precompuaion. In P. H.. de Wih and M. van der SchaarMirea, ediors, 19h Symp. on Informaion Theory in he Benelux, pages , Veldhoven (L), Werkgemeenschap Informaie en Communicaieheorie, Enschede (L). 2. D.E. Denning. Crypography and Daa Securiy, page 100. AddisonWesley, Amos Fia and Moni aor. Rigorous ime/space radeoffs for invering funcions. In STOC 1991, pages , M. E. Hellman. A crypanalyic imememory rade off. IEEE Transacions on Informaion Theory, IT26: , Kim and Masumoo. Achieving higher success probabiliy in imememory radeoff crypanalysis wihou increasing memory size. TIEICE: IEICE Transacions on Communicaions/Elecronics/Informaion and Sysems, Koji KUSUDA and Tsuomu MATSUMOTO. Opimizaion of imememory radeoff crypanalysis and is applicaion o DES, FEAL32, and skipjack. IEICE Transacions on Fundamenals, E79A(1):35 48, January F.X. Sandaer, G. Rouvroy, J.J. Quisquaer, and J.D. Lega. A imememory radeoff using disinguished poins: ew analysis & FPGA resuls. In proceedings of CHES 2002, pages Springer Verlag, Appendix The success rae of a single rainbow able can be calculaed by looking a each column of he able and reaing i as a classical occupancy problem. We sar wih m 1 = m disinc keys in he firs column. In he second column he m 1 keys are randomly disribued over he keyspace of size, generaing m 2 disinc keys: ( m 2 = (1 1 1 ) m1 ( ) 1 e m 1 Each column i has m i disinc keys. The success rae of he able is hus: ) P = 1 (1 m i ) i=1 where ( m 1 = m, m n+1 = 1 e mn ) The resul is no in a closed form and has o be calculaed numerically. This is no disadvanage agains he success rae of classical ables since he large number of erms in he sum of ha equaion requires a numerical inerpolaion. The same approach can be used o calculae he number of nonmerging chains ha can be generaed. Since merging chains are recognised by heir idenical endpoin, he number of disinc keys in he las column m is he number
15 15 of nonmerging chains. The maximum number of chains can be reached when choosing every single key in he key space as a saring poin. ( m 1 =, m n+1 = 1 e mn ) The success probabiliy of a able wih he maximum number of nonmerging chains is: ˆP = 1 (1 m ) 1 e m oe ha he effor o build such a able is.
PROFIT TEST MODELLING IN LIFE ASSURANCE USING SPREADSHEETS PART ONE
Profi Tes Modelling in Life Assurance Using Spreadshees PROFIT TEST MODELLING IN LIFE ASSURANCE USING SPREADSHEETS PART ONE Erik Alm Peer Millingon 2004 Profi Tes Modelling in Life Assurance Using Spreadshees
More informationChapter 1.6 Financial Management
Chaper 1.6 Financial Managemen Par I: Objecive ype quesions and answers 1. Simple pay back period is equal o: a) Raio of Firs cos/ne yearly savings b) Raio of Annual gross cash flow/capial cos n c) = (1
More informationThe Application of Multi Shifts and Break Windows in Employees Scheduling
The Applicaion of Muli Shifs and Brea Windows in Employees Scheduling Evy Herowai Indusrial Engineering Deparmen, Universiy of Surabaya, Indonesia Absrac. One mehod for increasing company s performance
More informationMultiprocessor SystemsonChips
Par of: Muliprocessor SysemsonChips Edied by: Ahmed Amine Jerraya and Wayne Wolf Morgan Kaufmann Publishers, 2005 2 Modeling Shared Resources Conex swiching implies overhead. On a processing elemen,
More informationDuration and Convexity ( ) 20 = Bond B has a maturity of 5 years and also has a required rate of return of 10%. Its price is $613.
Graduae School of Business Adminisraion Universiy of Virginia UVAF38 Duraion and Convexiy he price of a bond is a funcion of he promised paymens and he marke required rae of reurn. Since he promised
More informationcooking trajectory boiling water B (t) microwave 0 2 4 6 8 101214161820 time t (mins)
Alligaor egg wih calculus We have a large alligaor egg jus ou of he fridge (1 ) which we need o hea o 9. Now here are wo accepable mehods for heaing alligaor eggs, one is o immerse hem in boiling waer
More informationChapter 8: Regression with Lagged Explanatory Variables
Chaper 8: Regression wih Lagged Explanaory Variables Time series daa: Y for =1,..,T End goal: Regression model relaing a dependen variable o explanaory variables. Wih ime series new issues arise: 1. One
More informationINTEREST RATE FUTURES AND THEIR OPTIONS: SOME PRICING APPROACHES
INTEREST RATE FUTURES AND THEIR OPTIONS: SOME PRICING APPROACHES OPENGAMMA QUANTITATIVE RESEARCH Absrac. Exchangeraded ineres rae fuures and heir opions are described. The fuure opions include hose paying
More informationRealtime Particle Filters
Realime Paricle Filers Cody Kwok Dieer Fox Marina Meilă Dep. of Compuer Science & Engineering, Dep. of Saisics Universiy of Washingon Seale, WA 9895 ckwok,fox @cs.washingon.edu, mmp@sa.washingon.edu Absrac
More informationIndividual Health Insurance April 30, 2008 Pages 167170
Individual Healh Insurance April 30, 2008 Pages 167170 We have received feedback ha his secion of he e is confusing because some of he defined noaion is inconsisen wih comparable life insurance reserve
More information17 Laplace transform. Solving linear ODE with piecewise continuous right hand sides
7 Laplace ransform. Solving linear ODE wih piecewise coninuous righ hand sides In his lecure I will show how o apply he Laplace ransform o he ODE Ly = f wih piecewise coninuous f. Definiion. A funcion
More informationBALANCE OF PAYMENTS. First quarter 2008. Balance of payments
BALANCE OF PAYMENTS DATE: 20080530 PUBLISHER: Balance of Paymens and Financial Markes (BFM) Lena Finn + 46 8 506 944 09, lena.finn@scb.se Camilla Bergeling +46 8 506 942 06, camilla.bergeling@scb.se
More informationThe Grantor Retained Annuity Trust (GRAT)
WEALTH ADVISORY Esae Planning Sraegies for closelyheld, family businesses The Granor Reained Annuiy Trus (GRAT) An efficien wealh ransfer sraegy, paricularly in a low ineres rae environmen Family business
More informationHedging with Forwards and Futures
Hedging wih orwards and uures Hedging in mos cases is sraighforward. You plan o buy 10,000 barrels of oil in six monhs and you wish o eliminae he price risk. If you ake he buyside of a forward/fuures
More informationThe Transport Equation
The Transpor Equaion Consider a fluid, flowing wih velociy, V, in a hin sraigh ube whose cross secion will be denoed by A. Suppose he fluid conains a conaminan whose concenraion a posiion a ime will be
More informationWhy Did the Demand for Cash Decrease Recently in Korea?
Why Did he Demand for Cash Decrease Recenly in Korea? Byoung Hark Yoo Bank of Korea 26. 5 Absrac We explores why cash demand have decreased recenly in Korea. The raio of cash o consumpion fell o 4.7% in
More informationMathematics in Pharmacokinetics What and Why (A second attempt to make it clearer)
Mahemaics in Pharmacokineics Wha and Why (A second aemp o make i clearer) We have used equaions for concenraion () as a funcion of ime (). We will coninue o use hese equaions since he plasma concenraions
More informationChapter 2 Problems. 3600s = 25m / s d = s t = 25m / s 0.5s = 12.5m. Δx = x(4) x(0) =12m 0m =12m
Chaper 2 Problems 2.1 During a hard sneeze, your eyes migh shu for 0.5s. If you are driving a car a 90km/h during such a sneeze, how far does he car move during ha ime s = 90km 1000m h 1km 1h 3600s = 25m
More informationTEMPORAL PATTERN IDENTIFICATION OF TIME SERIES DATA USING PATTERN WAVELETS AND GENETIC ALGORITHMS
TEMPORAL PATTERN IDENTIFICATION OF TIME SERIES DATA USING PATTERN WAVELETS AND GENETIC ALGORITHMS RICHARD J. POVINELLI AND XIN FENG Deparmen of Elecrical and Compuer Engineering Marquee Universiy, P.O.
More informationChabot College Physics Lab RC Circuits Scott Hildreth
Chabo College Physics Lab Circuis Sco Hildreh Goals: Coninue o advance your undersanding of circuis, measuring resisances, currens, and volages across muliple componens. Exend your skills in making breadboard
More informationA Note on Using the Svensson procedure to estimate the risk free rate in corporate valuation
A Noe on Using he Svensson procedure o esimae he risk free rae in corporae valuaion By Sven Arnold, Alexander Lahmann and Bernhard Schwezler Ocober 2011 1. The risk free ineres rae in corporae valuaion
More informationTSGRAN Working Group 1 (Radio Layer 1) meeting #3 Nynashamn, Sweden 22 nd 26 th March 1999
TSGRAN Working Group 1 (Radio Layer 1) meeing #3 Nynashamn, Sweden 22 nd 26 h March 1999 RAN TSGW1#3(99)196 Agenda Iem: 9.1 Source: Tile: Documen for: Moorola Macrodiversiy for he PRACH Discussion/Decision
More informationUSE OF EDUCATION TECHNOLOGY IN ENGLISH CLASSES
USE OF EDUCATION TECHNOLOGY IN ENGLISH CLASSES Mehme Nuri GÖMLEKSİZ Absrac Using educaion echnology in classes helps eachers realize a beer and more effecive learning. In his sudy 150 English eachers were
More information1 HALFLIFE EQUATIONS
R.L. Hanna Page HALFLIFE EQUATIONS The basic equaion ; he saring poin ; : wrien for ime: x / where fracion of original maerial and / number of halflives, and / log / o calculae he age (# ears): age (halflife)
More informationMorningstar Investor Return
Morningsar Invesor Reurn Morningsar Mehodology Paper Augus 31, 2010 2010 Morningsar, Inc. All righs reserved. The informaion in his documen is he propery of Morningsar, Inc. Reproducion or ranscripion
More informationJournal Of Business & Economics Research September 2005 Volume 3, Number 9
Opion Pricing And Mone Carlo Simulaions George M. Jabbour, (Email: jabbour@gwu.edu), George Washingon Universiy YiKang Liu, (yikang@gwu.edu), George Washingon Universiy ABSTRACT The advanage of Mone Carlo
More informationStock Trading with Recurrent Reinforcement Learning (RRL) CS229 Application Project Gabriel Molina, SUID 5055783
Sock raing wih Recurren Reinforcemen Learning (RRL) CS9 Applicaion Projec Gabriel Molina, SUID 555783 I. INRODUCION One relaively new approach o financial raing is o use machine learning algorihms o preic
More informationPrincipal components of stock market dynamics. Methodology and applications in brief (to be updated ) Andrei Bouzaev, bouzaev@ya.
Principal componens of sock marke dynamics Mehodology and applicaions in brief o be updaed Andrei Bouzaev, bouzaev@ya.ru Why principal componens are needed Objecives undersand he evidence of more han one
More informationChapter 4: Exponential and Logarithmic Functions
Chaper 4: Eponenial and Logarihmic Funcions Secion 4.1 Eponenial Funcions... 15 Secion 4. Graphs of Eponenial Funcions... 3 Secion 4.3 Logarihmic Funcions... 4 Secion 4.4 Logarihmic Properies... 53 Secion
More informationOption PutCall Parity Relations When the Underlying Security Pays Dividends
Inernaional Journal of Business and conomics, 26, Vol. 5, No. 3, 22523 Opion Puall Pariy Relaions When he Underlying Securiy Pays Dividends Weiyu Guo Deparmen of Finance, Universiy of Nebraska Omaha,
More informationDouble Entry System of Accounting
CHAPTER 2 Double Enry Sysem of Accouning Sysem of Accouning \ The following are he main sysem of accouning for recording he business ransacions: (a) Cash Sysem of Accouning. (b) Mercanile or Accrual Sysem
More informationAutomatic measurement and detection of GSM interferences
Auomaic measuremen and deecion of GSM inerferences Poor speech qualiy and dropped calls in GSM neworks may be caused by inerferences as a resul of high raffic load. The radio nework analyzers from Rohde
More informationEfficient Onetime Signature Schemes for Stream Authentication *
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING, 61164 (006) Efficien Oneime Signaure Schemes for Sream Auhenicaion * YONGSU PARK AND YOOKUN CHO + College of Informaion and Communicaions Hanyang Universiy
More informationRandom Walk in 1D. 3 possible paths x vs n. 5 For our random walk, we assume the probabilities p,q do not depend on time (n)  stationary
Random Walk in D Random walks appear in many cones: diffusion is a random walk process undersanding buffering, waiing imes, queuing more generally he heory of sochasic processes gambling choosing he bes
More informationPrice elasticity of demand for crude oil: estimates for 23 countries
Price elasiciy of demand for crude oil: esimaes for 23 counries John C.B. Cooper Absrac This paper uses a muliple regression model derived from an adapaion of Nerlove s parial adjusmen model o esimae boh
More informationRisk Modelling of Collateralised Lending
Risk Modelling of Collaeralised Lending Dae: 4112008 Number: 8/18 Inroducion This noe explains how i is possible o handle collaeralised lending wihin Risk Conroller. The approach draws on he faciliies
More informationSampling TimeBased Sliding Windows in Bounded Space
Sampling TimeBased Sliding Windows in Bounded Space Rainer Gemulla Technische Universiä Dresden 01062 Dresden, Germany gemulla@inf.udresden.de Wolfgang Lehner Technische Universiä Dresden 01062 Dresden,
More informationTerm Structure of Prices of Asian Options
Term Srucure of Prices of Asian Opions Jirô Akahori, Tsuomu Mikami, Kenji Yasuomi and Teruo Yokoa Dep. of Mahemaical Sciences, Risumeikan Universiy 111 Nojihigashi, Kusasu, Shiga 5258577, Japan Email:
More informationTask is a schedulable entity, i.e., a thread
RealTime Scheduling Sysem Model Task is a schedulable eniy, i.e., a hread Time consrains of periodic ask T:  s: saring poin  e: processing ime of T  d: deadline of T  p: period of T Periodic ask T
More informationChapter 7. Response of FirstOrder RL and RC Circuits
Chaper 7. esponse of FirsOrder L and C Circuis 7.1. The Naural esponse of an L Circui 7.2. The Naural esponse of an C Circui 7.3. The ep esponse of L and C Circuis 7.4. A General oluion for ep and Naural
More informationCALCULATION OF OMX TALLINN
CALCULATION OF OMX TALLINN CALCULATION OF OMX TALLINN 1. OMX Tallinn index...3 2. Terms in use...3 3. Comuaion rules of OMX Tallinn...3 3.1. Oening, realime and closing value of he Index...3 3.2. Index
More informationMarket Liquidity and the Impacts of the Computerized Trading System: Evidence from the Stock Exchange of Thailand
36 Invesmen Managemen and Financial Innovaions, 4/4 Marke Liquidiy and he Impacs of he Compuerized Trading Sysem: Evidence from he Sock Exchange of Thailand Sorasar Sukcharoensin 1, Pariyada Srisopisawa,
More informationCHARGE AND DISCHARGE OF A CAPACITOR
REFERENCES RC Circuis: Elecrical Insrumens: Mos Inroducory Physics exs (e.g. A. Halliday and Resnick, Physics ; M. Sernheim and J. Kane, General Physics.) This Laboraory Manual: Commonly Used Insrumens:
More informationAcceleration Lab Teacher s Guide
Acceleraion Lab Teacher s Guide Objecives:. Use graphs of disance vs. ime and velociy vs. ime o find acceleraion of a oy car.. Observe he relaionship beween he angle of an inclined plane and he acceleraion
More informationSKF Documented Solutions
SKF Documened Soluions Real world savings and we can prove i! How much can SKF save you? Le s do he numbers. The SKF Documened Soluions Program SKF is probably no he firs of your supplier parners o alk
More informationConstant Data Length Retrieval for Video Servers with Variable Bit Rate Streams
IEEE Inernaional Conference on Mulimedia Compuing & Sysems, June 173, 1996, in Hiroshima, Japan, p. 151155 Consan Lengh Rerieval for Video Servers wih Variable Bi Rae Sreams Erns Biersack, Frédéric Thiesse,
More informationMarkit Excess Return Credit Indices Guide for price based indices
Marki Excess Reurn Credi Indices Guide for price based indices Sepember 2011 Marki Excess Reurn Credi Indices Guide for price based indices Conens Inroducion...3 Index Calculaion Mehodology...4 Semiannual
More informationAppendix D Flexibility Factor/Margin of Choice Desktop Research
Appendix D Flexibiliy Facor/Margin of Choice Deskop Research Cheshire Eas Council Cheshire Eas Employmen Land Review Conens D1 Flexibiliy Facor/Margin of Choice Deskop Research 2 Final Ocober 2012 \\GLOBAL.ARUP.COM\EUROPE\MANCHESTER\JOBS\200000\22348900\4
More informationSinglemachine Scheduling with Periodic Maintenance and both Preemptive and. Nonpreemptive jobs in Remanufacturing System 1
Absrac number: 050407 Singlemachine Scheduling wih Periodic Mainenance and boh Preempive and Nonpreempive jobs in Remanufacuring Sysem Liu Biyu hen Weida (School of Economics and Managemen Souheas Universiy
More informationMaking Use of Gate Charge Information in MOSFET and IGBT Data Sheets
Making Use of ae Charge Informaion in MOSFET and IBT Daa Shees Ralph McArhur Senior Applicaions Engineer Advanced Power Technology 405 S.W. Columbia Sree Bend, Oregon 97702 Power MOSFETs and IBTs have
More informationA Universal Pricing Framework for Guaranteed Minimum Benefits in Variable Annuities *
A Universal Pricing Framework for Guaraneed Minimum Benefis in Variable Annuiies * Daniel Bauer Deparmen of Risk Managemen and Insurance, Georgia Sae Universiy 35 Broad Sree, Alana, GA 333, USA Phone:
More informationWorking Paper No. 482. Net Intergenerational Transfers from an Increase in Social Security Benefits
Working Paper No. 482 Ne Inergeneraional Transfers from an Increase in Social Securiy Benefis By Li Gan Texas A&M and NBER Guan Gong Shanghai Universiy of Finance and Economics Michael Hurd RAND Corporaion
More informationMTH6121 Introduction to Mathematical Finance Lesson 5
26 MTH6121 Inroducion o Mahemaical Finance Lesson 5 Conens 2.3 Brownian moion wih drif........................... 27 2.4 Geomeric Brownian moion........................... 28 2.5 Convergence of random
More informationANALYSIS AND COMPARISONS OF SOME SOLUTION CONCEPTS FOR STOCHASTIC PROGRAMMING PROBLEMS
ANALYSIS AND COMPARISONS OF SOME SOLUTION CONCEPTS FOR STOCHASTIC PROGRAMMING PROBLEMS R. Caballero, E. Cerdá, M. M. Muñoz and L. Rey () Deparmen of Applied Economics (Mahemaics), Universiy of Málaga,
More informationChapter 2 Kinematics in One Dimension
Chaper Kinemaics in One Dimension Chaper DESCRIBING MOTION:KINEMATICS IN ONE DIMENSION PREVIEW Kinemaics is he sudy of how hings moe how far (disance and displacemen), how fas (speed and elociy), and how
More informationµ r of the ferrite amounts to 1000...4000. It should be noted that the magnetic length of the + δ
Page 9 Design of Inducors and High Frequency Transformers Inducors sore energy, ransformers ransfer energy. This is he prime difference. The magneic cores are significanly differen for inducors and high
More informationPerformance Center Overview. Performance Center Overview 1
Performance Cener Overview Performance Cener Overview 1 ODJFS Performance Cener ce Cener New Performance Cener Model Performance Cener Projec Meeings Performance Cener Execuive Meeings Performance Cener
More informationAnalysis of Pricing and Efficiency Control Strategy between Internet Retailer and Conventional Retailer
Recen Advances in Business Managemen and Markeing Analysis of Pricing and Efficiency Conrol Sraegy beween Inerne Reailer and Convenional Reailer HYUG RAE CHO 1, SUG MOO BAE and JOG HU PARK 3 Deparmen of
More informationInductance and Transient Circuits
Chaper H Inducance and Transien Circuis Blinn College  Physics 2426  Terry Honan As a consequence of Faraday's law a changing curren hrough one coil induces an EMF in anoher coil; his is known as muual
More informationReturn Calculation of U.S. Treasury Constant Maturity Indices
Reurn Calculaion of US Treasur Consan Mauri Indices Morningsar Mehodolog Paper Sepeber 30 008 008 Morningsar Inc All righs reserved The inforaion in his docuen is he proper of Morningsar Inc Reproducion
More informationUNDERSTANDING THE DEATH BENEFIT SWITCH OPTION IN UNIVERSAL LIFE POLICIES. Nadine Gatzert
UNDERSTANDING THE DEATH BENEFIT SWITCH OPTION IN UNIVERSAL LIFE POLICIES Nadine Gazer Conac (has changed since iniial submission): Chair for Insurance Managemen Universiy of ErlangenNuremberg Lange Gasse
More informationStatistical Analysis with Little s Law. Supplementary Material: More on the Call Center Data. by SongHee Kim and Ward Whitt
Saisical Analysis wih Lile s Law Supplemenary Maerial: More on he Call Cener Daa by SongHee Kim and Ward Whi Deparmen of Indusrial Engineering and Operaions Research Columbia Universiy, New York, NY 1799
More informationC FastDealing Property Trading Game C
AGES 8+ C FasDealing Propery Trading Game C Y Collecor s Ediion Original MONOPOLY Game Rules plus Special Rules for his Ediion. CONTENTS Game board, 6 Collecible okens, 28 Tile Deed cards, 16 Wha he Deuce?
More informationKeldysh Formalism: Nonequilibrium Green s Function
Keldysh Formalism: Nonequilibrium Green s Funcion Jinshan Wu Deparmen of Physics & Asronomy, Universiy of Briish Columbia, Vancouver, B.C. Canada, V6T 1Z1 (Daed: November 28, 2005) A review of Nonequilibrium
More informationCLASSIFICATION OF REINSURANCE IN LIFE INSURANCE
CLASSIFICATION OF REINSURANCE IN LIFE INSURANCE Kaarína Sakálová 1. Classificaions of reinsurance There are many differen ways in which reinsurance may be classified or disinguished. We will discuss briefly
More informationDDoS Attacks Detection Model and its Application
DDoS Aacks Deecion Model and is Applicaion 1, MUHAI LI, 1 MING LI, XIUYING JIANG 1 School of Informaion Science & Technology Eas China Normal Universiy No. 500, DongChuan Road, Shanghai 0041, PR. China
More informationEntropy: From the Boltzmann equation to the Maxwell Boltzmann distribution
Enropy: From he Bolzmann equaion o he Maxwell Bolzmann disribuion A formula o relae enropy o probabiliy Ofen i is a lo more useful o hink abou enropy in erms of he probabiliy wih which differen saes are
More informationOptimal Investment and Consumption Decision of Family with Life Insurance
Opimal Invesmen and Consumpion Decision of Family wih Life Insurance Minsuk Kwak 1 2 Yong Hyun Shin 3 U Jin Choi 4 6h World Congress of he Bachelier Finance Sociey Torono, Canada June 25, 2010 1 Speaker
More informationChapter 6: Business Valuation (Income Approach)
Chaper 6: Business Valuaion (Income Approach) Cash flow deerminaion is one of he mos criical elemens o a business valuaion. Everyhing may be secondary. If cash flow is high, hen he value is high; if he
More informationII.1. Debt reduction and fiscal multipliers. dbt da dpbal da dg. bal
Quarerly Repor on he Euro Area 3/202 II.. Deb reducion and fiscal mulipliers The deerioraion of public finances in he firs years of he crisis has led mos Member Saes o adop sizeable consolidaion packages.
More informationPresent Value Methodology
Presen Value Mehodology Econ 422 Invesmen, Capial & Finance Universiy of Washingon Eric Zivo Las updaed: April 11, 2010 Presen Value Concep Wealh in Fisher Model: W = Y 0 + Y 1 /(1+r) The consumer/producer
More informationRC, RL and RLC circuits
Name Dae Time o Complee h m Parner Course/ Secion / Grade RC, RL and RLC circuis Inroducion In his experimen we will invesigae he behavior of circuis conaining combinaions of resisors, capaciors, and inducors.
More informationLEASING VERSUSBUYING
LEASNG VERSUSBUYNG Conribued by James D. Blum and LeRoy D. Brooks Assisan Professors of Business Adminisraion Deparmen of Business Adminisraion Universiy of Delaware Newark, Delaware The auhors discuss
More informationDYNAMIC MODELS FOR VALUATION OF WRONGFUL DEATH PAYMENTS
DYNAMIC MODELS FOR VALUATION OF WRONGFUL DEATH PAYMENTS Hong Mao, Shanghai Second Polyechnic Universiy Krzyszof M. Osaszewski, Illinois Sae Universiy Youyu Zhang, Fudan Universiy ABSTRACT Liigaion, exper
More informationACTUARIAL FUNCTIONS 1_05
ACTUARIAL FUNCTIONS _05 User Guide for MS Office 2007 or laer CONTENT Inroducion... 3 2 Insallaion procedure... 3 3 Demo Version and Acivaion... 5 4 Using formulas and synax... 7 5 Using he help... 6 Noaion...
More informationTable of contents Chapter 1 Interest rates and factors Chapter 2 Level annuities Chapter 3 Varying annuities
Table of conens Chaper 1 Ineres raes and facors 1 1.1 Ineres 2 1.2 Simple ineres 4 1.3 Compound ineres 6 1.4 Accumulaed value 10 1.5 Presen value 11 1.6 Rae of discoun 13 1.7 Consan force of ineres 17
More informationModule 3 Design for Strength. Version 2 ME, IIT Kharagpur
Module 3 Design for Srengh Lesson 2 Sress Concenraion Insrucional Objecives A he end of his lesson, he sudens should be able o undersand Sress concenraion and he facors responsible. Deerminaion of sress
More information1.2 Goals for Animation Control
A Direc Manipulaion Inerface for 3D Compuer Animaion Sco Sona Snibbe y Brown Universiy Deparmen of Compuer Science Providence, RI 02912, USA Absrac We presen a new se of inerface echniques for visualizing
More informationDistributing Human Resources among Software Development Projects 1
Disribuing Human Resources among Sofware Developmen Proecs Macario Polo, María Dolores Maeos, Mario Piaini and rancisco Ruiz Summary This paper presens a mehod for esimaing he disribuion of human resources
More informationMeasuring macroeconomic volatility Applications to export revenue data, 19702005
FONDATION POUR LES ETUDES ET RERS LE DEVELOPPEMENT INTERNATIONAL Measuring macroeconomic volailiy Applicaions o expor revenue daa, 1970005 by Joël Cariolle Policy brief no. 47 March 01 The FERDI is a
More informationAnswer, Key Homework 2 David McIntyre 45123 Mar 25, 2004 1
Answer, Key Homework 2 Daid McInyre 4123 Mar 2, 2004 1 This prinou should hae 1 quesions. Muliplechoice quesions may coninue on he ne column or page find all choices before making your selecion. The
More informationCRISES AND THE FLEXIBLE PRICE MONETARY MODEL. Sarantis Kalyvitis
CRISES AND THE FLEXIBLE PRICE MONETARY MODEL Saranis Kalyviis Currency Crises In fixed exchange rae regimes, counries rarely abandon he regime volunarily. In mos cases, raders (or speculaors) exchange
More informationThe Real Business Cycle paradigm. The RBC model emphasizes supply (technology) disturbances as the main source of
Prof. Harris Dellas Advanced Macroeconomics Winer 2001/01 The Real Business Cycle paradigm The RBC model emphasizes supply (echnology) disurbances as he main source of macroeconomic flucuaions in a world
More informationInformation Theoretic Evaluation of Change Prediction Models for LargeScale Software
Informaion Theoreic Evaluaion of Change Predicion Models for LargeScale Sofware Mina Askari School of Compuer Science Universiy of Waerloo Waerloo, Canada maskari@uwaerloo.ca Ric Hol School of Compuer
More informationDistributed Online Localization in Sensor Networks Using a Moving Target
Disribued Online Localizaion in Sensor Neworks Using a Moving Targe Aram Galsyan 1, Bhaskar Krishnamachari 2, Krisina Lerman 1, and Sundeep Paem 2 1 Informaion Sciences Insiue 2 Deparmen of Elecrical EngineeringSysems
More information9. Capacitor and Resistor Circuits
ElecronicsLab9.nb 1 9. Capacior and Resisor Circuis Inroducion hus far we have consider resisors in various combinaions wih a power supply or baery which provide a consan volage source or direc curren
More informationForecasting, Ordering and Stock Holding for Erratic Demand
ISF 2002 23 rd o 26 h June 2002 Forecasing, Ordering and Sock Holding for Erraic Demand Andrew Eaves Lancaser Universiy / Andalus Soluions Limied Inroducion Erraic and slowmoving demand Demand classificaion
More information4. International Parity Conditions
4. Inernaional ariy ondiions 4.1 urchasing ower ariy he urchasing ower ariy ( heory is one of he early heories of exchange rae deerminaion. his heory is based on he concep ha he demand for a counry's currency
More information11/6/2013. Chapter 14: Dynamic ADAS. Introduction. Introduction. Keeping track of time. The model s elements
Inroducion Chaper 14: Dynamic DS dynamic model of aggregae and aggregae supply gives us more insigh ino how he economy works in he shor run. I is a simplified version of a DSGE model, used in cuingedge
More informationThe Greek financial crisis: growing imbalances and sovereign spreads. Heather D. Gibson, Stephan G. Hall and George S. Tavlas
The Greek financial crisis: growing imbalances and sovereign spreads Heaher D. Gibson, Sephan G. Hall and George S. Tavlas The enry The enry of Greece ino he Eurozone in 2001 produced a dividend in he
More informationThe Impact of Surplus Distribution on the Risk Exposure of With Profit Life Insurance Policies Including Interest Rate Guarantees.
The Impac of Surplus Disribuion on he Risk Exposure of Wih Profi Life Insurance Policies Including Ineres Rae Guaranees Alexander Kling 1 Insiu für Finanz und Akuarwissenschafen, Helmholzsraße 22, 89081
More informationPredicting Stock Market Index Trading Signals Using Neural Networks
Predicing Sock Marke Index Trading Using Neural Neworks C. D. Tilakarane, S. A. Morris, M. A. Mammadov, C. P. Hurs Cenre for Informaics and Applied Opimizaion School of Informaion Technology and Mahemaical
More informationAs widely accepted performance measures in supply chain management practice, frequencybased service
MANUFACTURING & SERVICE OPERATIONS MANAGEMENT Vol. 6, No., Winer 2004, pp. 53 72 issn 523464 eissn 5265498 04 060 0053 informs doi 0.287/msom.030.0029 2004 INFORMS On Measuring Supplier Performance Under
More informationImprovement of a TCP Incast Avoidance Method for Data Center Networks
Improvemen of a Incas Avoidance Mehod for Daa Cener Neworks Kazuoshi Kajia, Shigeyuki Osada, Yukinobu Fukushima and Tokumi Yokohira The Graduae School of Naural Science and Technology, Okayama Universiy
More informationPATHWISE PROPERTIES AND PERFORMANCE BOUNDS FOR A PERISHABLE INVENTORY SYSTEM
PATHWISE PROPERTIES AND PERFORMANCE BOUNDS FOR A PERISHABLE INVENTORY SYSTEM WILLIAM L. COOPER Deparmen of Mechanical Engineering, Universiy of Minnesoa, 111 Church Sree S.E., Minneapolis, MN 55455 billcoop@me.umn.edu
More informationThe Impact of Surplus Distribution on the Risk Exposure of With Profit Life Insurance Policies Including Interest Rate Guarantees
1 The Impac of Surplus Disribuion on he Risk Exposure of Wih Profi Life Insurance Policies Including Ineres Rae Guaranees Alexander Kling Insiu für Finanz und Akuarwissenschafen, Helmholzsraße 22, 89081
More informationARCH 2013.1 Proceedings
Aricle from: ARCH 213.1 Proceedings Augus 14, 212 Ghislain Leveille, Emmanuel Hamel A renewal model for medical malpracice Ghislain Léveillé École d acuaria Universié Laval, Québec, Canada 47h ARC Conference
More informationModelBased Monitoring in LargeScale Distributed Systems
ModelBased Monioring in LargeScale Disribued Sysems Diploma Thesis Carsen Reimann Chemniz Universiy of Technology Faculy of Compuer Science Operaing Sysem Group Advisors: Prof. Dr. Winfried Kalfa Dr.
More informationBALANCE OF PAYMENTS AND FINANCIAL MA REPORT 2015. All officiell statistik finns på: www.scb.se Statistikservice: tfn 08506 948 01
RKET BALANCE OF PAYMENTS AND FINANCIAL MA REPORT 2015 All officiell saisik finns på: www.scb.se Saisikservice: fn 08506 948 01 All official saisics can be found a: www.scb.se Saisics service, phone +46
More information