How to Encrypt Properly with RSA

Size: px
Start display at page:

Download "How to Encrypt Properly with RSA"

Transcription

1 RSA Laboatoies CyptoBytes. Volume 5, No. 1 Winte/Sping 2002, pages ow to Encypt Popely with RSA David Pointcheval Dépt d Infomatique, ENS CNRS, 45 ue d Ulm, Pais Cedex 05, Fance URL: Abstact. In 1993, Bellae and Rogaway fomalized the concept of a andom oacle, impoted fom complexity theoy fo cyptogaphic puposes. This new tool allowed them to pesent seveal asymmetic encyption and signatue schemes that ae both efficient and povably secue (in the andom oacle model). The Optimal Asymmetic Encyption Padding (OAEP) is the most significant application of the andom oacle model to date. It gives an efficient RSA encyption scheme with a stong secuity guaantee (semantic secuity against chosen-ciphetext attacks). Afte Bleichenbache s devastating attack on RSA PKCS #1 v1.5 in 1998, RSA OAEP became the natual successo (RSA PKCS #1 v2.0) and thus a de facto intenational standad. Supisingly, Shoup ecently showed that the oiginal poof of secuity fo OAEP is incoect. Without a poof, RSA OAEP cannot be tusted to povide an adequate level of secuity. Luckily, shotly afte Shoup s discovey a fomal and complete poof was found in joint wok by the autho and othes that eaffimed the stong level of secuity povided by RSA OAEP. oweve, this new secuity poof still does not guaantee secuity fo key sizes used in pactice due to the inefficiency of the secuity eduction (the eduction to inveting RSA takes quadatic time). Recent altenatives to OAEP, such as OAEP +, SAEP +, and REACT, admit moe efficient poofs and thus povide adequate secuity fo key sizes used in pactice. 1 Asymmetic Encyption In 1978, Rivest, Shami, and Adleman poposed the fist candidate tapdoo pemutation [30]. A tapdoo pemutation pimitive is a function f that anyone can compute efficiently; howeve, inveting f is had unless we ae also given some tapdoo infomation. iven the tapdoo infomation, inveting f becomes easy. Naively, a tapdoo pemutation defines a simple public key encyption scheme: the desciption of f is the public key and the tapdoo is the secet key. Unfotunately, encyption in this naive public key system is deteministic and hence cannot be secue, as discussed below. Befoe we can claim that a cyptosystem is secue (o insecue) we must pecisely define what secuity actually means. The fomalization of secuity notions stated aound the time when RSA was poposed and took seveal yeas to convege (see [18] fo a suvey on this topic). Today, the accepted secuity equiement fo an encyption scheme is called semantic secuity against an adaptive chosen-ciphetext attack [29] o IND CCA fo shot. To undestand this concept we point out that secuity is always defined in tems of two paametes: (1) the attacke s capabilities, namely what the attacke can do duing the attack, and (2) the attacke s goals, namely what the attacke is tying to do. 1. Attacke s capabilities: The stongest attacke capability in the standad model is called adaptive chosen-ciphetext attack and is denoted by (CCA) [29]. This means that the advesay has the ability to decypt any ciphetext of his choice except fo some challenge ciphetext (imagine the attacke is able to exploit a decyption box that will decypt anything except fo some known challenge ciphetext). c RSA Secuity Inc

2 2 2. Attacke s goal: The standad secuity goal is called semantic secuity [19] (also known as indistinguishability of ciphetexts ), and is denoted by (IND). Roughly speaking, the attacke s goal is to deduce just one bit of infomation about the decyption of some given ciphetext. We say that a system is semantically secue if no efficient attacke can achieve this goal. We note that a deteministic encyption algoithm can neve give semantic secuity. An encyption scheme that is semantically secue unde an adaptive chosen-ciphetext attack is said to be IND CCA secue. IND CCA secuity implies that even with full access to the decyption oacle, the attacke is not able to deduce one bit of infomation about the decyption of a given challenge ciphetext. IND CCA may seem vey stong, but such attacks ae possible in some eal wold scenaios. In fact, CCAlike attacks have been used to beak pactical implementations, as we will see late. Futhemoe, semantic secuity is equied fo high confidentiality, namely when the message space is limited (such as yes o no, buy o sell ). As a consequence, IND CCA is accepted as the equied secuity level fo pactical encyption schemes. One can obtain many othe secuity notions by combining diffeent attacke goals with vaious attacke capabilities. Fo example, anothe secuity goal is called nonmalleability [15, 7]. ee the attacke is given some ciphetext and his goal is to build anothe ciphetext such that the plaintexts ae meaningfully elated. Non-malleability is known to be equivalent to semantic secuity unde an adaptive chosen-ciphetext attack [3]. Fo this eason, IND CCA secuity is sometimes called non-malleability. Similaly, one can also conside diffeent attacke capabilities based on the oacles given to the attacke [25, 29, 9, 20, 26]. As mentioned above, the most poweful attacke capability in the classical model is the decyption oacle itself, which decypts any ciphetext (except the challenge ciphetext). This classical model gives the cyptogaphic engine to the advesay as a black box to which he can make queies and eceive coect answes in constant time. It thus excludes timing attacks [21], simple and diffeential powe analyses [22] as well, and othe diffeential fault analyses [8, 12]. 2 The RSA-based Cyptosystems 2.1 The Plain RSA The RSA pemutation, poposed by Rivest, Shami and Adleman [30], is the most well known tapdoo pemutation. Its one-wayness is believed to be as stong as intege factoization. The RSA setup consists of choosing two lage pime numbes p and q, and computing the RSA modulus n = pq. The public key is n togethe with an exponent e (elatively pime to ϕ(n) = (p 1)(q 1)). The secet key d is defined to be the invese of e modulo ϕ(n). Encyption and decyption is defined as follows: E n,e (m) = m e mod n D n,d (c) = c d mod n. This pimitive does not povide by itself an IND CCA secue encyption scheme. Unde a slightly stonge assumption than the intactability of the intege factoization, it gives a cyptosystem that is only one-way unde chosen-plaintext attacks a vey weak level of secuity. Semantic secuity fails because encyption is deteministic. Even wose, unde a CCA attack, the attacke can fully decypt a challenge ciphetext C = m e mod n using the homomophic popety of RSA: E n,e (m 1 ) E n,e (m 2 ) = E n,e (m 1 m 2 mod n) mod n.

3 To decypt C = m e mod n using a CCA attack do: (1) compute C = C 2 e mod n, (2) give C ( C) to the decyption oacle, and (3) the oacle etuns 2m mod n fom which the advesay can deduce m. To ovecome RSA this simple CCA attack, pactical RSA-based cyptosystems andomly pad the plaintext pio to encyption. This andomizes the ciphetext and eliminates the homomophic popety The RSA PKCS #1 v1.5 Encyption A widely deployed padding fo RSA-based encyption is defined in the PKCS #1 v1.5 standad: fo any modulus 2 8(k 1) n < 2 8k, in ode to encypt an l byte-long message m (fo l k 11), one andomly chooses a k 3 l byte-long andom sting (with only non-zeo bytes). Then, one defines the k-byte long sting M = 02 0 m (see figue 1) which is theeafte encypted with the RSA pemutation, C = M e mod n. When decypting a ciphetext C, the decypto applies RSA invesion by computing M = C d mod n and then checks that the esult M matches the expected fomat 02 * 0 *. If so, the decypto outputs the last pat as the plaintext. Othewise, the ciphetext is ejected. 0 2 non-zeo bytes 0 m moe than 8 bytes Fig. 1. PKCS #1 v1.5 Fomat Intuitively, this padding seems sufficient to ule out the above weaknesses of the plain RSA system, but without any fomal poof o guaantee. Supisingly, in 1998, Bleichenbache [9] showed that a simple active attack can completely beak RSA PKCS #1. This attack applies to eal systems such as a Web seve using SSL v3.0. These seves often output a specific failue message in case of an invalid ciphetext. This enables an attacke to test whethe the two most significant bytes of a challenge ciphetext C ae equal to 02. If so, the attacke leans the following bound on the decyption of C: 2 2 8(k 2) C d mod n < 3 2 8(k 2). Due to the andom self-educibility of the RSA pemutation, in paticula the homomophism Cs e = M e s e = (Ms) e mod n, the complete decyption of C can be ecoveed afte a elatively small numbe of queies. Only a few million queies ae needed with a 1024-bit modulus. Bleichenbache s attack had an impact on many pactical systems and standads bodies, which suddenly became awae of the impotance of fomal secuity aguments. Nevetheless, the weak PKCS #1 v1.5 padding is still used in the TLS potocol [33]. The TLS specification now appeas to defend against Bleichenbache s attack using a technique fo which no poof of secuity has yet been published. Cetain simple attacks ae still possible (fo example, plaintext-checking attacks [26] can be easily un, even if they seem ineffective). The lesson hee is that standads should ely as much as possible on fully analyzed constuctions and avoid ad-hoc techniques.

4 4 3 The Optimal Asymmetic Encyption Padding Fo some time, people have tied to povide secuity poofs fo cyptogaphic potocols in the eductionist sense [10]. To do so, one pesents an algoithm that uses an effective advesay as a sub-pogam to beak some undelying hadness assumption (such as the RSA assumption, o the intactability of the intege factoization). Such an algoithm is called a eduction. This eduction is said to be efficient, oughly speaking, if it does not equie too many calls to the sub-pogam. 3.1 The Random Oacle Model A few yeas ago, a new line of eseach stated with the goal of combining povable secuity with efficiency, still in the eductionist sense. To achieve this goal, Bellae and Rogaway [4] fomalized a heuistic suggested by Fiat and Shami [16]. This heuistic consisted in making an idealized assumption about some objects, such as hash functions, accoding to which they wee assumed to behave like tuly andom functions. This assumption, known as the andom oacle model, may seem stong, and lacking in pactical embodiments. In fact, Canetti et al. [13] gave an example of a signatue scheme which is secue in the andom oacle model, but insecue unde any instantiation of the andom oacle. oweve, one can also conside andom-oacle-based poofs unde the assumption that the advesay is geneic, whateve the actual implementation of the hash function o othe idealized algoithms may be. In othe wods, we may assume that the advesay does/can not use any specific weakness of the hash functions used in pactice. Thanks to this ideal assumption, seveal efficient encyption and signatue schemes have been analyzed [5, 6, 27]. We emphasize that even fomal analyses in the andom oacle model ae not stong secuity poofs, because of the undelying ideal assumption. They do, howeve, povide stong evidence fo secuity and can futhemoe seve as the basis fo quite efficient schemes. Since people do not often want to pay moe than a negligible pice fo secuity, such an agument fo pactical schemes is moe useful than fomal secuity poofs fo inefficient schemes. m 0 k 1 s t Fig. 2. OAEP Padding

5 5 3.2 Desciption of OAEP At the time Bleichenbache published his attack on RSA PKCS #1 v1.5, the only efficient and povably secue encyption scheme based on RSA was the Optimal Asymmetic Encyption Padding (OAEP) poposed by Bellae and Rogaway [5]. OAEP can be used with any tapdoo pemutation f. To encypt a message m using the encyption scheme f OAEP, fist apply the OAEP pocedue descibed in Figue 2 ee is a andom sting and, ae hash functions. The esulting values [s t] ae then encypted using f, namely C = f(s, t). Bellae and Rogaway poved that OAEP padding used with any tapdoo pemutation f povides a semantically secue encyption scheme. By adding some edundancy (the constant value 0 k 1 at the end of the message, as shown in Figue 2), they futhemoe poved it to be weakly plaintext-awae. Plaintext-awaeness is a popety of encyption schemes in the andom oacle model which means that thee exists a plaintext-extacto able to simulate the decyption oacle on any ciphetext (valid o not) designed by the advesay. The weak pat in the definition poposed by Bellae and Rogaway was that the plaintext-extaction was just equied to wok while the advesay had not eceived any valid ciphetext fom any souce. Unfotunately, the adaptive chosen-ciphetext attack model gives the advesay a full-time access to the decyption oacle, even afte eceiving the challenge ciphetext about which the advesay wants to lean infomation. This challenge is a valid ciphetext. Theefoe, semantic secuity togethe with weak plaintext-awaeness only implies the semantic secuity against non-adaptive chosen-ciphetext attacks (a.k.a. lunchtime attacks [25], o indiffeent chosen-ciphetext attacks), whee the decyption oacle access is limited until the advesay has eceived the challenge ciphetext. In 1998, Bellae, Desai, Rogaway and the autho [3] coected this initial definition of plaintext-awaeness, equiing the existence of a plaintext-extacto able to simulate the decyption oacle on any ciphetext submitted by the advesay, even afte seeing some valid ciphetexts not encypted by the advesay himself. This stonge definition is a moe accuate model of the eal wold, whee the advesay may have access to ciphetexts via eavesdopping. We futhemoe poved that this new popety (which can only be defined in the andom oacle model) actually povides the encyption scheme with the stongest secuity level, namely semantic secuity against (adaptive) chosen-ciphetext attacks (IND CCA). oweve, no one eve povided OAEP with such a new plaintext-extacto. Theefoe, even if eveybody believed in the stong secuity level of OAEP, it had neve been poven IND CCA unde the one-wayness of the pemutation alone. 3.3 The OAEP Secuity Analyses In fact, the only fomally poven secuity esult about OAEP was its semantic secuity against lunchtime attacks, assuming the one-wayness of the undelying pemutation. Until vey ecently OAEP was widely believed to also be IND CCA. Shoup s Result Shoup [32] ecently showed that it was quite unlikely that OAEP is IND CCA assuming only the one-wayness of the undelying tapdoo pemutation. In fact, he showed that if thee exists a tapdoo one-way pemutation g fo which it is easy to compute g(x a) fom g(x) and a, then OAEP cannot be IND CCA secue fo an abitay tapdoo pemutation f. Refeing to this special popety of g as XOR malleability, let us biefly pesent Shoup s counte-example. Let s t denote

6 6 the output of the OAEP tansfomation on a plaintext message m. Define the oneway pemutation f as f(s t) = s g(t). Then encypting m using f OAEP gives the ciphetext C = [s g(t)]. What Shoup showed is that unde these conditions the advesay can use C to constuct a ciphetext C of a plaintext message m that is closely elated to the message m. In paticula, fo any sting δ, the advesay can constuct C which is the encyption of m = m δ. Thus, the scheme is malleable and hence not IND CCA giving C to the decyption oacle will eveal m = m δ, fom which the advesay can obtain m. m 0 k 1 m 0 k 1 s t s t (s) (s ) Fig. 3. Shoup s Attack To constuct C, the idea is fo the advesay to exploit the explicit appeaance of s in the ciphetext C. The advesay fist computes s = s, whee = δ 0 k 1 ; essentially, is simply a padded endeing of δ. The advesay then computes D = (s) (s ) using explicit knowledge of s and s and access to the andom oacle fo. Finally, by exploiting the XOR malleability of g, the advesay computes g(t ), whee t = t D. It is easy to see now that C = s g(t ) is a valid encyption of the message m. ence, the non-malleability of f OAEP is boken. This obsevation shows that it is unlikely that one can pove that f OAEP is IND CCA secue fo abitay tapdoo pemutations f by assuming only the one-wayness of f. Repaiing the OAEP Poof of Secuity To constuct a valid ciphetext C in the above attack it seems that the advesay has to quey the hash function at (s). But this seems to imply that given C the advesay can figue out the value s used to ceate C (ecall that s is the left hand side of f 1 (C)). Thus, it appeas that in ode to mount Shoup s attack the advesay must be able patly to invet f given f(s, t), the advesay must be able to expose s. We say f is patial-domain one-way if no efficient algoithm can deduce s fom C = f(s, t). Fo such tapdoo pemutations f, one could hope that Shoup s attack will fail and that f OAEP is IND CCA secue. Fujisaki, Okamoto, Sten and the autho [17] fomally poved this fact: If f is patial-domain one-way, then f OAEP is IND CCA secue. We note that patial-domain one-wayness is a stonge popety than onewayness: a function might be one-way but still not patial-domain one-way. Fotunately, the homomophic popeties of RSA enable us to pove that the RSA pemutation is patial-domain one-way if and only if RSA is one-way. Moe pecisely,

7 an algoithm that can expose half of RSA 1 (C) given C can be used to completely invet the RSA pemutation. Altogethe, this poves the widely believed IND CCA secuity of RSA OAEP assuming that RSA is a tapdoo pemutation. Fo secuity paametes, and t (whose fomal definitions ae omitted hee), we obtain the following esult [17]: Let A be a CCA-advesay against the semantic secuity of RSA OAEP with unning time bounded by t and advantage ε. Then, the RSA function can be inveted with pobability geate than appoximately ε 2 /4 within time bound 2t. Unfotunately, the secuity eduction fom an RSA-invesion into an attack is quite inefficient fo pactical sizes (moe pecisely, it is quadatic in the numbe of oacle queies). ence, this eduction is meaningless unless one uses a modulus lage enough so that the RSA-invesion (o the factoization) equies much moe than computational effot. With cuent factoization techniques [23, 14], one needs to use a modulus of length moe than 4096 bits to make the eduction meaningful (see [24] fo complexity estimates of the most efficient factoing algoithms). Viewed anothe way, this eduction shows that a 1024-bit modulus just povides a povable secuity level of 2 40, which is clealy inadequate given cuently pevalent levels of computing powe. (We note, howeve, that this does not mean that thee is an attack with this low complexity, only that one cannot be uled out by the available poofs of secuity.) 4 OAEP Altenatives 4.1 The OAEP + Padding Shoup also poposed a fomal secuity poof of RSA OAEP with a much moe efficient secuity eduction, but in the paticula case whee the encyption exponent e is equal to 3. oweve, many people believe that the RSA tapdoo pemutation with exponent 3 may be weake than with geate exponents. Theefoe, he also poposed a slightly modified vesion of OAEP, called OAEP + (see Figue 4), which can be poven secue unde the one-wayness of the pemutation alone. It uses the vaiable edundancy R(m, ) instead of the constant 0 k 1. It is thus a bit moe inticate than the oiginal OAEP. The secuity eduction fo OAEP + is efficient, but still uns in quadatic time. 7 m R m m R(m, ) R m R(m, ) R(m, ) s t s OAEP + padding SAEP + padding Fig. 4. OAEP + and SAEP + Paddings

8 8 4.2 SAEP + Padding Boneh [11] ecently poposed a new padding scheme, SAEP +, to be used with the Rabin pimitive [28] o RSA. It is simple than OAEP, hence the name Simplified Asymmetic Encyption Padding: wheeas OAEP is a two-ound Feistel netwok, SAEP + is a singleound. SAEP + has a linea time eduction fo the Rabin system (i.e., e = 2). Fo lage exponents, SAEP + has a quadatic time eduction. ence, fo lage exponents (e > 2), SAEP + does not guaantee secuity fo pactical paametes (less than two thousand bits). 4.3 The REACT Constuction Anothe altenative to OAEP is the REACT constuction, poposed by Okamoto and the autho [26] (see Figue 5). It povides an IND CCA encyption scheme fom any m m SymE RSA RSA C 1 C 2 C 3 C 1 C 2 C 3 Basic encyption ybid encyption Fig. 5. REACT weakly secue one (moe pecisely, a one-way pimitive, against plaintext-checking attacks), such as the RSA pimitive. Theefoe, the RSA REACT scheme is IND CCA secue unde the RSA assumption. Futhemoe, the secuity eduction is vey efficient, since it is in linea time without any loss in the success pobability, whateve the exponent. Consequently, it guaantees pefect equivalence with RSA invesion fo moduli which equie just a bit moe than 2 70 effot to be factoed. This is the case fo 1024 bit-long moduli, the minimal cuently advised key size. In compaison to pevious poposals, REACT is a full scheme and not just a pue padding applied to the message befoe the RSA function. Consequently, the ciphetext is a bit longe. oweve, even when used fo key tanspot, it allows integation of a symmetic encyption scheme (SymE) to achieve vey high encyption ates, as shown in the hybid constuction. In the specific case of RSA, REACT can be optimized, as explained below. 4.4 Simple RSA In an ISO epot [31], Shoup suggested a possible altenative, based on ideas fom Bellae and Rogaway [4] that povide a secue encyption scheme fom any tapdoo one-way pemutation f. Roughly speaking, simple RSA, as it is called, consists of fist encypting a andom sting using f to obtain C 0 (thus C 0 = e mod n), and then pasing () as k 0 k 1, whee is some hash function (modeled by a andom oacle). Theeafte, one encypts the message m using a symmetic encyption scheme

9 with the key k 0 to get C 1 (e.g., C 1 = m k 0 ), and authenticates the ciphetext with a MAC function using the key k 1 to get a tag T = (k 1, C 1 ). The ciphetext is the tiple (C 0, C 1, T ). This constuction is a special case of REACT, optimized fo RSA, and hence is IND CCA unde the RSA assumption. It povides a vey efficient linea time eduction. Moeove, thanks to the andom self-educibility of RSA (which can only be used with this latte constuction, but cannot with the OAEP and SAEP vaiants), this constuction povides a high secuity level even when encypting many plaintexts [1, 2]. 9 5 Conclusion RSA OAEP is a pactical RSA encyption scheme with povable secuity in the andom oacle model. Fo pactical secuity, the cost of the eductions cannot simply be shown to be polynomial time (as in asymptotical analyses), since the eduction efficiency diectly impacts the secuity paametes needed fo the scheme. ence, when evaluating cyptogaphic constuctions, one must take into account the efficiency of the secuity poof. Inefficient poofs of secuity do not give secuity guaantees fo eal wold paametes. Only OAEP with exponents 2 o 3, SAEP + with exponent 2, and RSA REACT (o the optimization simple RSA ) with any exponent, admit fomal poofs with linea time eductions in the andom oacle model. ence only these schemes guaantee semantic secuity against chosen-ciphetext attacks fo pactical modulus sizes (even less than 1024 bits). The povable secuity fo othe padding schemes is meaningful only fo much lage moduli (moe than 4096 bits). Acknowledgments I wamly thank my co-authos, Mihi Bellae, Anand Desai, Eiichio Fujisaki, Tatsuaki Okamoto, Phil Rogaway and Jacques Sten fo the inteesting woks we did on asymmetic encyption, as well as Dan Boneh, Piee-Alain Fouque, Victo Shoup and Yves Vehoeven fo the fuitful discussions we had. Refeences 1. O. Baudon, D. Pointcheval, and J. Sten. Extended Notions of Secuity fo Multicast Public Key Cyptosystems. In Poc. of the 27th ICALP, LNCS 1853, pages Spinge-Velag, Belin, M. Bellae, A. Boldyeva, and S. Micali. Public-key Encyption in a Multi-Use Setting: Secuity Poofs and Impovements. In Euocypt 00, LNCS 1807, pages Spinge-Velag, Belin, M. Bellae, A. Desai, D. Pointcheval, and P. Rogaway. Relations among Notions of Secuity fo Public-Key Encyption Schemes. In Cypto 98, LNCS 1462, pages Spinge-Velag, Belin, M. Bellae and P. Rogaway. Random Oacles Ae Pactical: a Paadigm fo Designing Efficient Potocols. In Poc. of the 1st CCS, pages ACM Pess, New Yok, M. Bellae and P. Rogaway. Optimal Asymmetic Encyption ow to Encypt with RSA. In Euocypt 94, LNCS 950, pages Spinge-Velag, Belin, M. Bellae and P. Rogaway. The Exact Secuity of Digital Signatues ow to Sign with RSA and Rabin. In Euocypt 96, LNCS 1070, pages Spinge-Velag, Belin, M. Bellae and A. Sahai. Non-Malleable Encyption: Equivalence between Two Notions, and an Indistinguishability-Based Chaacteization. In Cypto 99, LNCS 1666, pages Spinge- Velag, Belin, 1999.

10 10 8. E. Biham and A. Shami. Diffeential Fault Analysis of Secet Key Cyptosystems. In Cypto 97, LNCS 1294, pages Spinge-Velag, Belin, D. Bleichenbache. A Chosen Ciphetext Attack against Potocols based on the RSA Encyption Standad PKCS #1. In Cypto 98, LNCS 1462, pages Spinge-Velag, Belin, M. Blum and S. Micali. ow to eneate Cyptogaphically Stong Sequences of Pseudoandom Bits. SIAM Jounal on Computing, 13: , D. Boneh. Simplified OAEP fo the RSA and Rabin Functions. In Cypto 01, LNCS 2139, pages Spinge-Velag, Belin, D. Boneh, R. DeMillo, and R. Lipton. On the Impotance of Checking Cyptogaphic Potocols fo Faults. In Euocypt 97, LNCS 1233, pages Spinge-Velag, Belin, R. Canetti, O. oldeich, and S. alevi. The Random Oacles Methodology, Revisited. In Poc. of the 30th STOC, pages ACM Pess, New Yok, S. Cavalla, B. Dodson, A. K. Lensta, W. Lioen, P. L. Montgomey, B. Muphy,. te Riele, K. Aadal, J. ilchist,. uillem, P. Leyland, J. Machand, F. Moain, A. Muffett, Ch. Putnam, C. Putnam, and P. Zimmemann. Factoization of a 512-bit RSA Modulus. In Euocypt 00, LNCS 1807, pages Spinge-Velag, Belin, D. Dolev, C. Dwok, and M. Nao. Non-Malleable Cyptogaphy. SIAM Jounal on Computing, 30(2): , A. Fiat and A. Shami. ow to Pove Youself: Pactical Solutions of Identification and Signatue Poblems. In Cypto 86, LNCS 263, pages Spinge-Velag, Belin, E. Fujisaki, T. Okamoto, D. Pointcheval, and J. Sten. RSA OAEP is Secue unde the RSA Assumption. In Cypto 01, LNCS 2139, pages Spinge-Velag, Belin, O. oldeich. On the Foundations of Moden Cyptogaphy. In Cypto 97, LNCS 1294, pages Spinge-Velag, Belin, S. oldwasse and S. Micali. Pobabilistic Encyption. Jounal of Compute and System Sciences, 28: , C. all, I. oldbeg, and B. Schneie. Reaction Attacks Against Seveal Public-Key Cyptosystems. In Poc. of ICICS 99, LNCS, pages Spinge-Velag, P. C. Koche. Timing Attacks on Implementations of Diffie-ellman, RSA, DSS, and Othe Systems. In Cypto 96, LNCS 1109, pages Spinge-Velag, Belin, P. C. Koche, J. Jaffe, and B. Jun. Diffeential Powe Analysis. In Cypto 99, LNCS 1666, pages Spinge-Velag, Belin, A. Lensta and. Lensta. The Development of the Numbe Field Sieve, volume 1554 of Lectue Notes in Mathematics. Spinge-Velag, A. Lensta and E. Veheul. Selecting Cyptogaphic Key Sizes. In PKC 00, LNCS 1751, pages Spinge-Velag, Belin, M. Nao and M. Yung. Univesal One-Way ash Functions and Thei Cyptogaphic Applications. In Poc. of the 21st STOC, pages ACM Pess, New Yok, T. Okamoto and D. Pointcheval. REACT: Rapid Enhanced-secuity Asymmetic Cyptosystem Tansfom. In CT RSA 01, LNCS 2020, pages Spinge-Velag, Belin, D. Pointcheval and J. Sten. Secuity Aguments fo Digital Signatues and Blind Signatues. Jounal of Cyptology, 13(3): , M. O. Rabin. Digitalized Signatues. In R. Lipton and R. De Millo, editos, Foundations of Secue Computation, pages Academic Pess, New Yok, C. Rackoff and D. R. Simon. Non-Inteactive Zeo-Knowledge Poof of Knowledge and Chosen Ciphetext Attack. In Cypto 91, LNCS 576, pages Spinge-Velag, Belin, R. Rivest, A. Shami, and L. Adleman. A Method fo Obtaining Digital Signatues and Public Key Cyptosystems. Communications of the ACM, 21(2): , Febuay V. Shoup. A Poposal fo an ISO Standad fo Public-Key Encyption, decembe ISO/IEC JTC 1/SC V. Shoup. OAEP Reconsideed. In Cypto 01, LNCS 2139, pages Spinge-Velag, Belin, T. Dieks and C. Allen. The TLS Potocol, januay RFC 2246 Available fom

An Efficient Group Key Agreement Protocol for Ad hoc Networks

An Efficient Group Key Agreement Protocol for Ad hoc Networks An Efficient Goup Key Ageement Potocol fo Ad hoc Netwoks Daniel Augot, Raghav haska, Valéie Issany and Daniele Sacchetti INRIA Rocquencout 78153 Le Chesnay Fance {Daniel.Augot, Raghav.haska, Valéie.Issany,

More information

Chapter 3 Savings, Present Value and Ricardian Equivalence

Chapter 3 Savings, Present Value and Ricardian Equivalence Chapte 3 Savings, Pesent Value and Ricadian Equivalence Chapte Oveview In the pevious chapte we studied the decision of households to supply hous to the labo maket. This decision was a static decision,

More information

Ilona V. Tregub, ScD., Professor

Ilona V. Tregub, ScD., Professor Investment Potfolio Fomation fo the Pension Fund of Russia Ilona V. egub, ScD., Pofesso Mathematical Modeling of Economic Pocesses Depatment he Financial Univesity unde the Govenment of the Russian Fedeation

More information

Secure Smartcard-Based Fingerprint Authentication

Secure Smartcard-Based Fingerprint Authentication Secue Smatcad-Based Fingepint Authentication [full vesion] T. Chales Clancy Compute Science Univesity of Mayland, College Pak tcc@umd.edu Nega Kiyavash, Dennis J. Lin Electical and Compute Engineeing Univesity

More information

Software Engineering and Development

Software Engineering and Development I T H E A 67 Softwae Engineeing and Development SOFTWARE DEVELOPMENT PROCESS DYNAMICS MODELING AS STATE MACHINE Leonid Lyubchyk, Vasyl Soloshchuk Abstact: Softwae development pocess modeling is gaining

More information

Concept and Experiences on using a Wiki-based System for Software-related Seminar Papers

Concept and Experiences on using a Wiki-based System for Software-related Seminar Papers Concept and Expeiences on using a Wiki-based System fo Softwae-elated Semina Papes Dominik Fanke and Stefan Kowalewski RWTH Aachen Univesity, 52074 Aachen, Gemany, {fanke, kowalewski}@embedded.wth-aachen.de,

More information

Towards Automatic Update of Access Control Policy

Towards Automatic Update of Access Control Policy Towads Automatic Update of Access Contol Policy Jinwei Hu, Yan Zhang, and Ruixuan Li Intelligent Systems Laboatoy, School of Computing and Mathematics Univesity of Westen Sydney, Sydney 1797, Austalia

More information

Attacking an obfuscated cipher by injecting faults

Attacking an obfuscated cipher by injecting faults Attacking an obfuscated ciphe by injecting faults Matthias Jacob mjacob@cs.pinceton.edu Dan Boneh dabo@cs.stanfod.edu Edwad Felten felten@cs.pinceton.edu Abstact We study the stength of cetain obfuscation

More information

Uncertain Version Control in Open Collaborative Editing of Tree-Structured Documents

Uncertain Version Control in Open Collaborative Editing of Tree-Structured Documents Uncetain Vesion Contol in Open Collaboative Editing of Tee-Stuctued Documents M. Lamine Ba Institut Mines Télécom; Télécom PaisTech; LTCI Pais, Fance mouhamadou.ba@ telecom-paistech.f Talel Abdessalem

More information

INITIAL MARGIN CALCULATION ON DERIVATIVE MARKETS OPTION VALUATION FORMULAS

INITIAL MARGIN CALCULATION ON DERIVATIVE MARKETS OPTION VALUATION FORMULAS INITIAL MARGIN CALCULATION ON DERIVATIVE MARKETS OPTION VALUATION FORMULAS Vesion:.0 Date: June 0 Disclaime This document is solely intended as infomation fo cleaing membes and othes who ae inteested in

More information

The transport performance evaluation system building of logistics enterprises

The transport performance evaluation system building of logistics enterprises Jounal of Industial Engineeing and Management JIEM, 213 6(4): 194-114 Online ISSN: 213-953 Pint ISSN: 213-8423 http://dx.doi.og/1.3926/jiem.784 The tanspot pefomance evaluation system building of logistics

More information

STUDENT RESPONSE TO ANNUITY FORMULA DERIVATION

STUDENT RESPONSE TO ANNUITY FORMULA DERIVATION Page 1 STUDENT RESPONSE TO ANNUITY FORMULA DERIVATION C. Alan Blaylock, Hendeson State Univesity ABSTRACT This pape pesents an intuitive appoach to deiving annuity fomulas fo classoom use and attempts

More information

Spirotechnics! September 7, 2011. Amanda Zeringue, Michael Spannuth and Amanda Zeringue Dierential Geometry Project

Spirotechnics! September 7, 2011. Amanda Zeringue, Michael Spannuth and Amanda Zeringue Dierential Geometry Project Spiotechnics! Septembe 7, 2011 Amanda Zeingue, Michael Spannuth and Amanda Zeingue Dieential Geomety Poject 1 The Beginning The geneal consensus of ou goup began with one thought: Spiogaphs ae awesome.

More information

2 r2 θ = r2 t. (3.59) The equal area law is the statement that the term in parentheses,

2 r2 θ = r2 t. (3.59) The equal area law is the statement that the term in parentheses, 3.4. KEPLER S LAWS 145 3.4 Keple s laws You ae familia with the idea that one can solve some mechanics poblems using only consevation of enegy and (linea) momentum. Thus, some of what we see as objects

More information

Efficient Redundancy Techniques for Latency Reduction in Cloud Systems

Efficient Redundancy Techniques for Latency Reduction in Cloud Systems Efficient Redundancy Techniques fo Latency Reduction in Cloud Systems 1 Gaui Joshi, Emina Soljanin, and Gegoy Wonell Abstact In cloud computing systems, assigning a task to multiple seves and waiting fo

More information

Comparing Availability of Various Rack Power Redundancy Configurations

Comparing Availability of Various Rack Power Redundancy Configurations Compaing Availability of Vaious Rack Powe Redundancy Configuations By Victo Avela White Pape #48 Executive Summay Tansfe switches and dual-path powe distibution to IT equipment ae used to enhance the availability

More information

Firstmark Credit Union Commercial Loan Department

Firstmark Credit Union Commercial Loan Department Fistmak Cedit Union Commecial Loan Depatment Thank you fo consideing Fistmak Cedit Union as a tusted souce to meet the needs of you business. Fistmak Cedit Union offes a wide aay of business loans and

More information

Questions & Answers Chapter 10 Software Reliability Prediction, Allocation and Demonstration Testing

Questions & Answers Chapter 10 Software Reliability Prediction, Allocation and Demonstration Testing M13914 Questions & Answes Chapte 10 Softwae Reliability Pediction, Allocation and Demonstation Testing 1. Homewok: How to deive the fomula of failue ate estimate. λ = χ α,+ t When the failue times follow

More information

Things to Remember. r Complete all of the sections on the Retirement Benefit Options form that apply to your request.

Things to Remember. r Complete all of the sections on the Retirement Benefit Options form that apply to your request. Retiement Benefit 1 Things to Remembe Complete all of the sections on the Retiement Benefit fom that apply to you equest. If this is an initial equest, and not a change in a cuent distibution, emembe to

More information

AN IMPLEMENTATION OF BINARY AND FLOATING POINT CHROMOSOME REPRESENTATION IN GENETIC ALGORITHM

AN IMPLEMENTATION OF BINARY AND FLOATING POINT CHROMOSOME REPRESENTATION IN GENETIC ALGORITHM AN IMPLEMENTATION OF BINARY AND FLOATING POINT CHROMOSOME REPRESENTATION IN GENETIC ALGORITHM Main Golub Faculty of Electical Engineeing and Computing, Univesity of Zageb Depatment of Electonics, Micoelectonics,

More information

Over-encryption: Management of Access Control Evolution on Outsourced Data

Over-encryption: Management of Access Control Evolution on Outsourced Data Ove-encyption: Management of Access Contol Evolution on Outsouced Data Sabina De Capitani di Vimecati DTI - Univesità di Milano 26013 Cema - Italy decapita@dti.unimi.it Stefano Paaboschi DIIMM - Univesità

More information

Database Management Systems

Database Management Systems Contents Database Management Systems (COP 5725) D. Makus Schneide Depatment of Compute & Infomation Science & Engineeing (CISE) Database Systems Reseach & Development Cente Couse Syllabus 1 Sping 2012

More information

Nontrivial lower bounds for the least common multiple of some finite sequences of integers

Nontrivial lower bounds for the least common multiple of some finite sequences of integers J. Numbe Theoy, 15 (007), p. 393-411. Nontivial lowe bounds fo the least common multiple of some finite sequences of integes Bai FARHI bai.fahi@gmail.com Abstact We pesent hee a method which allows to

More information

ON THE (Q, R) POLICY IN PRODUCTION-INVENTORY SYSTEMS

ON THE (Q, R) POLICY IN PRODUCTION-INVENTORY SYSTEMS ON THE R POLICY IN PRODUCTION-INVENTORY SYSTEMS Saifallah Benjaafa and Joon-Seok Kim Depatment of Mechanical Engineeing Univesity of Minnesota Minneapolis MN 55455 Abstact We conside a poduction-inventoy

More information

Continuous Compounding and Annualization

Continuous Compounding and Annualization Continuous Compounding and Annualization Philip A. Viton Januay 11, 2006 Contents 1 Intoduction 1 2 Continuous Compounding 2 3 Pesent Value with Continuous Compounding 4 4 Annualization 5 5 A Special Poblem

More information

Approximation Algorithms for Data Management in Networks

Approximation Algorithms for Data Management in Networks Appoximation Algoithms fo Data Management in Netwoks Chistof Kick Heinz Nixdof Institute and Depatment of Mathematics & Compute Science adebon Univesity Gemany kueke@upb.de Haald Räcke Heinz Nixdof Institute

More information

Research Article A Reputation-Based Identity Management Model for Cloud Computing

Research Article A Reputation-Based Identity Management Model for Cloud Computing Mathematical Poblems in Engineeing Volume 2015, Aticle ID 238245, 15 pages http://dx.doi.og/10.1155/2015/238245 Reseach Aticle A Reputation-Based Identity Management Model fo Cloud Computing Lifa Wu, 1

More information

MULTIPLE SOLUTIONS OF THE PRESCRIBED MEAN CURVATURE EQUATION

MULTIPLE SOLUTIONS OF THE PRESCRIBED MEAN CURVATURE EQUATION MULTIPLE SOLUTIONS OF THE PRESCRIBED MEAN CURVATURE EQUATION K.C. CHANG AND TAN ZHANG In memoy of Pofesso S.S. Chen Abstact. We combine heat flow method with Mose theoy, supe- and subsolution method with

More information

HEALTHCARE INTEGRATION BASED ON CLOUD COMPUTING

HEALTHCARE INTEGRATION BASED ON CLOUD COMPUTING U.P.B. Sci. Bull., Seies C, Vol. 77, Iss. 2, 2015 ISSN 2286-3540 HEALTHCARE INTEGRATION BASED ON CLOUD COMPUTING Roxana MARCU 1, Dan POPESCU 2, Iulian DANILĂ 3 A high numbe of infomation systems ae available

More information

est using the formula I = Prt, where I is the interest earned, P is the principal, r is the interest rate, and t is the time in years.

est using the formula I = Prt, where I is the interest earned, P is the principal, r is the interest rate, and t is the time in years. 9.2 Inteest Objectives 1. Undestand the simple inteest fomula. 2. Use the compound inteest fomula to find futue value. 3. Solve the compound inteest fomula fo diffeent unknowns, such as the pesent value,

More information

Explicit, analytical solution of scaling quantum graphs. Abstract

Explicit, analytical solution of scaling quantum graphs. Abstract Explicit, analytical solution of scaling quantum gaphs Yu. Dabaghian and R. Blümel Depatment of Physics, Wesleyan Univesity, Middletown, CT 06459-0155, USA E-mail: ydabaghian@wesleyan.edu (Januay 6, 2003)

More information

Modeling and Verifying a Price Model for Congestion Control in Computer Networks Using PROMELA/SPIN

Modeling and Verifying a Price Model for Congestion Control in Computer Networks Using PROMELA/SPIN Modeling and Veifying a Pice Model fo Congestion Contol in Compute Netwoks Using PROMELA/SPIN Clement Yuen and Wei Tjioe Depatment of Compute Science Univesity of Toonto 1 King s College Road, Toonto,

More information

Give me all I pay for Execution Guarantees in Electronic Commerce Payment Processes

Give me all I pay for Execution Guarantees in Electronic Commerce Payment Processes Give me all I pay fo Execution Guaantees in Electonic Commece Payment Pocesses Heiko Schuldt Andei Popovici Hans-Jög Schek Email: Database Reseach Goup Institute of Infomation Systems ETH Zentum, 8092

More information

Research on Risk Assessment of the Transformer Based on Life Cycle Cost

Research on Risk Assessment of the Transformer Based on Life Cycle Cost ntenational Jounal of Smat Gid and lean Enegy eseach on isk Assessment of the Tansfome Based on Life ycle ost Hui Zhou a, Guowei Wu a, Weiwei Pan a, Yunhe Hou b, hong Wang b * a Zhejiang Electic Powe opoation,

More information

Valuation of Floating Rate Bonds 1

Valuation of Floating Rate Bonds 1 Valuation of Floating Rate onds 1 Joge uz Lopez us 316: Deivative Secuities his note explains how to value plain vanilla floating ate bonds. he pupose of this note is to link the concepts that you leaned

More information

Comparing Availability of Various Rack Power Redundancy Configurations

Comparing Availability of Various Rack Power Redundancy Configurations Compaing Availability of Vaious Rack Powe Redundancy Configuations White Pape 48 Revision by Victo Avela > Executive summay Tansfe switches and dual-path powe distibution to IT equipment ae used to enhance

More information

Financing Terms in the EOQ Model

Financing Terms in the EOQ Model Financing Tems in the EOQ Model Habone W. Stuat, J. Columbia Business School New Yok, NY 1007 hws7@columbia.edu August 6, 004 1 Intoduction This note discusses two tems that ae often omitted fom the standad

More information

9:6.4 Sample Questions/Requests for Managing Underwriter Candidates

9:6.4 Sample Questions/Requests for Managing Underwriter Candidates 9:6.4 INITIAL PUBLIC OFFERINGS 9:6.4 Sample Questions/Requests fo Managing Undewite Candidates Recent IPO Expeience Please povide a list of all completed o withdawn IPOs in which you fim has paticipated

More information

Converting knowledge Into Practice

Converting knowledge Into Practice Conveting knowledge Into Pactice Boke Nightmae srs Tend Ride By Vladimi Ribakov Ceato of Pips Caie 20 of June 2010 2 0 1 0 C o p y i g h t s V l a d i m i R i b a k o v 1 Disclaime and Risk Wanings Tading

More information

Effect of Contention Window on the Performance of IEEE 802.11 WLANs

Effect of Contention Window on the Performance of IEEE 802.11 WLANs Effect of Contention Window on the Pefomance of IEEE 82.11 WLANs Yunli Chen and Dhama P. Agawal Cente fo Distibuted and Mobile Computing, Depatment of ECECS Univesity of Cincinnati, OH 45221-3 {ychen,

More information

The Role of Gravity in Orbital Motion

The Role of Gravity in Orbital Motion ! The Role of Gavity in Obital Motion Pat of: Inquiy Science with Datmouth Developed by: Chistophe Caoll, Depatment of Physics & Astonomy, Datmouth College Adapted fom: How Gavity Affects Obits (Ohio State

More information

YARN PROPERTIES MEASUREMENT: AN OPTICAL APPROACH

YARN PROPERTIES MEASUREMENT: AN OPTICAL APPROACH nd INTERNATIONAL TEXTILE, CLOTHING & ESIGN CONFERENCE Magic Wold of Textiles Octobe 03 d to 06 th 004, UBROVNIK, CROATIA YARN PROPERTIES MEASUREMENT: AN OPTICAL APPROACH Jana VOBOROVA; Ashish GARG; Bohuslav

More information

The Binomial Distribution

The Binomial Distribution The Binomial Distibution A. It would be vey tedious if, evey time we had a slightly diffeent poblem, we had to detemine the pobability distibutions fom scatch. Luckily, thee ae enough similaities between

More information

A Capacitated Commodity Trading Model with Market Power

A Capacitated Commodity Trading Model with Market Power A Capacitated Commodity Tading Model with Maket Powe Victo Matínez-de-Albéniz Josep Maia Vendell Simón IESE Business School, Univesity of Navaa, Av. Peason 1, 08034 Bacelona, Spain VAlbeniz@iese.edu JMVendell@iese.edu

More information

Reduced Pattern Training Based on Task Decomposition Using Pattern Distributor

Reduced Pattern Training Based on Task Decomposition Using Pattern Distributor > PNN05-P762 < Reduced Patten Taining Based on Task Decomposition Using Patten Distibuto Sheng-Uei Guan, Chunyu Bao, and TseNgee Neo Abstact Task Decomposition with Patten Distibuto (PD) is a new task

More information

Symmetric polynomials and partitions Eugene Mukhin

Symmetric polynomials and partitions Eugene Mukhin Symmetic polynomials and patitions Eugene Mukhin. Symmetic polynomials.. Definition. We will conside polynomials in n vaiables x,..., x n and use the shotcut p(x) instead of p(x,..., x n ). A pemutation

More information

Data Center Demand Response: Avoiding the Coincident Peak via Workload Shifting and Local Generation

Data Center Demand Response: Avoiding the Coincident Peak via Workload Shifting and Local Generation (213) 1 28 Data Cente Demand Response: Avoiding the Coincident Peak via Wokload Shifting and Local Geneation Zhenhua Liu 1, Adam Wieman 1, Yuan Chen 2, Benjamin Razon 1, Niangjun Chen 1 1 Califonia Institute

More information

Life Insurance Purchasing to Reach a Bequest. Erhan Bayraktar Department of Mathematics, University of Michigan Ann Arbor, Michigan, USA, 48109

Life Insurance Purchasing to Reach a Bequest. Erhan Bayraktar Department of Mathematics, University of Michigan Ann Arbor, Michigan, USA, 48109 Life Insuance Puchasing to Reach a Bequest Ehan Bayakta Depatment of Mathematics, Univesity of Michigan Ann Abo, Michigan, USA, 48109 S. David Pomislow Depatment of Mathematics, Yok Univesity Toonto, Ontaio,

More information

The impact of migration on the provision. of UK public services (SRG.10.039.4) Final Report. December 2011

The impact of migration on the provision. of UK public services (SRG.10.039.4) Final Report. December 2011 The impact of migation on the povision of UK public sevices (SRG.10.039.4) Final Repot Decembe 2011 The obustness The obustness of the analysis of the is analysis the esponsibility is the esponsibility

More information

EXPERIENCE OF USING A CFD CODE FOR ESTIMATING THE NOISE GENERATED BY GUSTS ALONG THE SUN- ROOF OF A CAR

EXPERIENCE OF USING A CFD CODE FOR ESTIMATING THE NOISE GENERATED BY GUSTS ALONG THE SUN- ROOF OF A CAR EXPERIENCE OF USING A CFD CODE FOR ESTIMATING THE NOISE GENERATED BY GUSTS ALONG THE SUN- ROOF OF A CAR Liang S. Lai* 1, Geogi S. Djambazov 1, Choi -H. Lai 1, Koulis A. Peicleous 1, and Fédéic Magoulès

More information

An Analysis of Manufacturer Benefits under Vendor Managed Systems

An Analysis of Manufacturer Benefits under Vendor Managed Systems An Analysis of Manufactue Benefits unde Vendo Managed Systems Seçil Savaşaneil Depatment of Industial Engineeing, Middle East Technical Univesity, 06531, Ankaa, TURKEY secil@ie.metu.edu.t Nesim Ekip 1

More information

The Predictive Power of Dividend Yields for Stock Returns: Risk Pricing or Mispricing?

The Predictive Power of Dividend Yields for Stock Returns: Risk Pricing or Mispricing? The Pedictive Powe of Dividend Yields fo Stock Retuns: Risk Picing o Mispicing? Glenn Boyle Depatment of Economics and Finance Univesity of Cantebuy Yanhui Li Depatment of Economics and Finance Univesity

More information

Programming Assignment #1

Programming Assignment #1 Due: Nov 3 (11:59pm). Pogamming Assignment #1 CMSC 351 Fall 2014 Rules 1) You may only use C/C++, Java. 2) You pogam should use the standad input/output. Fo example C/C++ uses should use scanf/pintf/cin/cout

More information

The Supply of Loanable Funds: A Comment on the Misconception and Its Implications

The Supply of Loanable Funds: A Comment on the Misconception and Its Implications JOURNL OF ECONOMICS ND FINNCE EDUCTION Volume 7 Numbe 2 Winte 2008 39 The Supply of Loanable Funds: Comment on the Misconception and Its Implications. Wahhab Khandke and mena Khandke* STRCT Recently Fields-Hat

More information

Fast FPT-algorithms for cleaning grids

Fast FPT-algorithms for cleaning grids Fast FPT-algoithms fo cleaning gids Josep Diaz Dimitios M. Thilikos Abstact We conside the poblem that given a gaph G and a paamete k asks whethe the edit distance of G and a ectangula gid is at most k.

More information

Referral service and customer incentive in online retail supply Chain

Referral service and customer incentive in online retail supply Chain Refeal sevice and custome incentive in online etail supply Chain Y. G. Chen 1, W. Y. Zhang, S. Q. Yang 3, Z. J. Wang 4 and S. F. Chen 5 1,,3,4 School of Infomation Zhejiang Univesity of Finance and Economics

More information

Review Graph based Online Store Review Spammer Detection

Review Graph based Online Store Review Spammer Detection Review Gaph based Online Stoe Review Spamme Detection Guan Wang, Sihong Xie, Bing Liu, Philip S. Yu Univesity of Illinois at Chicago Chicago, USA gwang26@uic.edu sxie6@uic.edu liub@uic.edu psyu@uic.edu

More information

On the Security of A Provably Secure Certificate Based Ring Signature Without Pairing

On the Security of A Provably Secure Certificate Based Ring Signature Without Pairing Intenational Jounal of Netwok Secuity, Vol.17, No.2, PP.129-134, Ma. 2015 129 On the Secuity of A Povably Secue Cetificate Based Ring Signatue Without Paiing Ji Geng 1, Hu Xiong 1,2, Fagen Li 1, and Zhiguang

More information

MATHEMATICAL SIMULATION OF MASS SPECTRUM

MATHEMATICAL SIMULATION OF MASS SPECTRUM MATHEMATICA SIMUATION OF MASS SPECTUM.Beánek, J.Knížek, Z. Pulpán 3, M. Hubálek 4, V. Novák Univesity of South Bohemia, Ceske Budejovice, Chales Univesity, Hadec Kalove, 3 Univesity of Hadec Kalove, Hadec

More information

RSA OAEP is Secure under the RSA Assumption

RSA OAEP is Secure under the RSA Assumption This is a revised version of the extended abstract RSA OAEP is Secure under the RSA Assumption which appeared in Advances in Cryptology Proceedings of CRYPTO 2001 (19 23 august 2001, Santa Barbara, California,

More information

30 H. N. CHIU 1. INTRODUCTION. Recherche opérationnelle/operations Research

30 H. N. CHIU 1. INTRODUCTION. Recherche opérationnelle/operations Research RAIRO Rech. Opé. (vol. 33, n 1, 1999, pp. 29-45) A GOOD APPROXIMATION OF THE INVENTORY LEVEL IN A(Q ) PERISHABLE INVENTORY SYSTEM (*) by Huan Neng CHIU ( 1 ) Communicated by Shunji OSAKI Abstact. This

More information

An Introduction to Omega

An Introduction to Omega An Intoduction to Omega Con Keating and William F. Shadwick These distibutions have the same mean and vaiance. Ae you indiffeent to thei isk-ewad chaacteistics? The Finance Development Cente 2002 1 Fom

More information

Automatic Testing of Neighbor Discovery Protocol Based on FSM and TTCN*

Automatic Testing of Neighbor Discovery Protocol Based on FSM and TTCN* Automatic Testing of Neighbo Discovey Potocol Based on FSM and TTCN* Zhiliang Wang, Xia Yin, Haibin Wang, and Jianping Wu Depatment of Compute Science, Tsinghua Univesity Beijing, P. R. China, 100084 Email:

More information

Episode 401: Newton s law of universal gravitation

Episode 401: Newton s law of universal gravitation Episode 401: Newton s law of univesal gavitation This episode intoduces Newton s law of univesal gavitation fo point masses, and fo spheical masses, and gets students pactising calculations of the foce

More information

On Some Functions Involving the lcm and gcd of Integer Tuples

On Some Functions Involving the lcm and gcd of Integer Tuples SCIENTIFIC PUBLICATIONS OF THE STATE UNIVERSITY OF NOVI PAZAR SER. A: APPL. MATH. INFORM. AND MECH. vol. 6, 2 (2014), 91-100. On Some Functions Involving the lcm and gcd of Intege Tuples O. Bagdasa Abstact:

More information

arxiv:1110.2612v1 [q-fin.st] 12 Oct 2011

arxiv:1110.2612v1 [q-fin.st] 12 Oct 2011 Maket inefficiency identified by both single and multiple cuency tends T.Toká 1, and D. Hováth 1, 1 Sos Reseach a.s., Stojáenská 3, 040 01 Košice, Slovak Republic Abstact axiv:1110.2612v1 [q-fin.st] 12

More information

Financial Planning and Risk-return profiles

Financial Planning and Risk-return profiles Financial Planning and Risk-etun pofiles Stefan Gaf, Alexande Kling und Jochen Russ Pepint Seies: 2010-16 Fakultät fü Mathematik und Witschaftswissenschaften UNIERSITÄT ULM Financial Planning and Risk-etun

More information

Mechanics 1: Motion in a Central Force Field

Mechanics 1: Motion in a Central Force Field Mechanics : Motion in a Cental Foce Field We now stud the popeties of a paticle of (constant) ass oving in a paticula tpe of foce field, a cental foce field. Cental foces ae ve ipotant in phsics and engineeing.

More information

Optimizing Content Retrieval Delay for LT-based Distributed Cloud Storage Systems

Optimizing Content Retrieval Delay for LT-based Distributed Cloud Storage Systems Optimizing Content Retieval Delay fo LT-based Distibuted Cloud Stoage Systems Haifeng Lu, Chuan Heng Foh, Yonggang Wen, and Jianfei Cai School of Compute Engineeing, Nanyang Technological Univesity, Singapoe

More information

Exam #1 Review Answers

Exam #1 Review Answers xam #1 Review Answes 1. Given the following pobability distibution, calculate the expected etun, vaiance and standad deviation fo Secuity J. State Pob (R) 1 0.2 10% 2 0.6 15 3 0.2 20 xpected etun = 0.2*10%

More information

Saturated and weakly saturated hypergraphs

Saturated and weakly saturated hypergraphs Satuated and weakly satuated hypegaphs Algebaic Methods in Combinatoics, Lectues 6-7 Satuated hypegaphs Recall the following Definition. A family A P([n]) is said to be an antichain if we neve have A B

More information

Risk Sensitive Portfolio Management With Cox-Ingersoll-Ross Interest Rates: the HJB Equation

Risk Sensitive Portfolio Management With Cox-Ingersoll-Ross Interest Rates: the HJB Equation Risk Sensitive Potfolio Management With Cox-Ingesoll-Ross Inteest Rates: the HJB Equation Tomasz R. Bielecki Depatment of Mathematics, The Notheasten Illinois Univesity 55 Noth St. Louis Avenue, Chicago,

More information

Alarm transmission through Radio and GSM networks

Alarm transmission through Radio and GSM networks Alam tansmission though Radio and GSM netwoks 2015 Alam tansmission though Radio netwok RR-IP12 RL10 E10C E10C LAN RL1 0 R11 T10 (T10U) Windows MONAS MS NETWORK MCI > GNH > GND > +E > DATA POWER DATA BUS

More information

METHODOLOGICAL APPROACH TO STRATEGIC PERFORMANCE OPTIMIZATION

METHODOLOGICAL APPROACH TO STRATEGIC PERFORMANCE OPTIMIZATION ETHODOOGICA APPOACH TO STATEGIC PEFOANCE OPTIIZATION ao Hell * Stjepan Vidačić ** Željo Gaača *** eceived: 4. 07. 2009 Peliminay communication Accepted: 5. 0. 2009 UDC 65.02.4 This pape pesents a matix

More information

867 Product Transfer and Resale Report

867 Product Transfer and Resale Report 867 Poduct Tansfe and Resale Repot Functional Goup ID=PT Intoduction: This X12 Tansaction Set contains the fomat and establishes the data contents of the Poduct Tansfe and Resale Repot Tansaction Set (867)

More information

Chris J. Skinner The probability of identification: applying ideas from forensic statistics to disclosure risk assessment

Chris J. Skinner The probability of identification: applying ideas from forensic statistics to disclosure risk assessment Chis J. Skinne The pobability of identification: applying ideas fom foensic statistics to disclosue isk assessment Aticle (Accepted vesion) (Refeeed) Oiginal citation: Skinne, Chis J. (2007) The pobability

More information

Channel selection in e-commerce age: A strategic analysis of co-op advertising models

Channel selection in e-commerce age: A strategic analysis of co-op advertising models Jounal of Industial Engineeing and Management JIEM, 013 6(1):89-103 Online ISSN: 013-0953 Pint ISSN: 013-843 http://dx.doi.og/10.396/jiem.664 Channel selection in e-commece age: A stategic analysis of

More information

An Epidemic Model of Mobile Phone Virus

An Epidemic Model of Mobile Phone Virus An Epidemic Model of Mobile Phone Vius Hui Zheng, Dong Li, Zhuo Gao 3 Netwok Reseach Cente, Tsinghua Univesity, P. R. China zh@tsinghua.edu.cn School of Compute Science and Technology, Huazhong Univesity

More information

Seshadri constants and surfaces of minimal degree

Seshadri constants and surfaces of minimal degree Seshadi constants and sufaces of minimal degee Wioletta Syzdek and Tomasz Szembeg Septembe 29, 2007 Abstact In [] we showed that if the multiple point Seshadi constants of an ample line bundle on a smooth

More information

Power and Sample Size Calculations for the 2-Sample Z-Statistic

Power and Sample Size Calculations for the 2-Sample Z-Statistic Powe and Sample Size Calculations fo the -Sample Z-Statistic James H. Steige ovembe 4, 004 Topics fo this Module. Reviewing Results fo the -Sample Z (a) Powe and Sample Size in Tems of a oncentality Paamete.

More information

Definitions and terminology

Definitions and terminology I love the Case & Fai textbook but it is out of date with how monetay policy woks today. Please use this handout to supplement the chapte on monetay policy. The textbook assumes that the Fedeal Reseve

More information

Distributed Computing and Big Data: Hadoop and MapReduce

Distributed Computing and Big Data: Hadoop and MapReduce Distibuted Computing and Big Data: Hadoop and Map Bill Keenan, Diecto Tey Heinze, Achitect Thomson Reutes Reseach & Development Agenda R&D Oveview Hadoop and Map Oveview Use Case: Clusteing Legal Documents

More information

UNIVERSIDAD DE CANTABRIA TESIS DOCTORAL

UNIVERSIDAD DE CANTABRIA TESIS DOCTORAL UNIVERSIDAD DE CANABRIA Depatamento de Ingenieía de Comunicaciones ESIS DOCORAL Cyogenic echnology in the Micowave Engineeing: Application to MIC and MMIC Vey Low Noise Amplifie Design Juan Luis Cano de

More information

PAN STABILITY TESTING OF DC CIRCUITS USING VARIATIONAL METHODS XVIII - SPETO - 1995. pod patronatem. Summary

PAN STABILITY TESTING OF DC CIRCUITS USING VARIATIONAL METHODS XVIII - SPETO - 1995. pod patronatem. Summary PCE SEMINIUM Z PODSTW ELEKTOTECHNIKI I TEOII OBWODÓW 8 - TH SEMIN ON FUNDMENTLS OF ELECTOTECHNICS ND CICUIT THEOY ZDENĚK BIOLEK SPŠE OŽNO P.., CZECH EPUBLIC DLIBO BIOLEK MILITY CDEMY, BNO, CZECH EPUBLIC

More information

An application of stochastic programming in solving capacity allocation and migration planning problem under uncertainty

An application of stochastic programming in solving capacity allocation and migration planning problem under uncertainty An application of stochastic pogamming in solving capacity allocation and migation planning poblem unde uncetainty Yin-Yann Chen * and Hsiao-Yao Fan Depatment of Industial Management, National Fomosa Univesity,

More information

Top K Nearest Keyword Search on Large Graphs

Top K Nearest Keyword Search on Large Graphs Top K Neaest Keywod Seach on Lage Gaphs Miao Qiao, Lu Qin, Hong Cheng, Jeffey Xu Yu, Wentao Tian The Chinese Univesity of Hong Kong, Hong Kong, China {mqiao,lqin,hcheng,yu,wttian}@se.cuhk.edu.hk ABSTRACT

More information

Optimal Capital Structure with Endogenous Bankruptcy:

Optimal Capital Structure with Endogenous Bankruptcy: Univesity of Pisa Ph.D. Pogam in Mathematics fo Economic Decisions Leonado Fibonacci School cotutelle with Institut de Mathématique de Toulouse Ph.D. Dissetation Optimal Capital Stuctue with Endogenous

More information

CONCEPTUAL FRAMEWORK FOR DEVELOPING AND VERIFICATION OF ATTRIBUTION MODELS. ARITHMETIC ATTRIBUTION MODELS

CONCEPTUAL FRAMEWORK FOR DEVELOPING AND VERIFICATION OF ATTRIBUTION MODELS. ARITHMETIC ATTRIBUTION MODELS CONCEPUAL FAMEOK FO DEVELOPING AND VEIFICAION OF AIBUION MODELS. AIHMEIC AIBUION MODELS Yui K. Shestopaloff, is Diecto of eseach & Deelopment at SegmentSoft Inc. He is a Docto of Sciences and has a Ph.D.

More information

VISCOSITY OF BIO-DIESEL FUELS

VISCOSITY OF BIO-DIESEL FUELS VISCOSITY OF BIO-DIESEL FUELS One of the key assumptions fo ideal gases is that the motion of a given paticle is independent of any othe paticles in the system. With this assumption in place, one can use

More information

Conjunctive Query Answering for the Description Logic SHIQ

Conjunctive Query Answering for the Description Logic SHIQ Jounal of Atificial Intelligence Reseach 31 (2008) 157-204 Submitted 06/07; published 01/08 Conjunctive Quey Answeing fo the Desciption Logic SHIQ Bite Glimm Ian Hoocks Oxfod Univesity Computing Laboatoy,

More information

Statistics and Data Analysis

Statistics and Data Analysis Pape 274-25 An Extension to SAS/OR fo Decision System Suppot Ali Emouznead Highe Education Funding Council fo England, Nothavon house, Coldhabou Lane, Bistol, BS16 1QD U.K. ABSTRACT This pape exploes the

More information

Improving Network Security Via Cyber-Insurance A Market Analysis

Improving Network Security Via Cyber-Insurance A Market Analysis 1 Impoving Netwok Secuity Via Cybe-Insuance A Maket Analysis RANJAN PAL, LEANA GOLUBCHIK, KONSTANTINOS PSOUNIS Univesity of Southen Califonia PAN HUI Hong Kong Univesity of Science and Technology Recent

More information

Regulatory requirements and commercial banks' lending rate: some theoretical perspectives

Regulatory requirements and commercial banks' lending rate: some theoretical perspectives Saat C. hal (India ans and an Systems, Volume 5, Issue 2, 200 Regulatoy equiements and commecial bans' lending ate: some theoetical pespectives Abstact This pape demonstates theoetically how the egulatoy

More information

Faithful Comptroller s Handbook

Faithful Comptroller s Handbook Faithful Comptolle s Handbook Faithful Comptolle s Handbook Selection of Faithful Comptolle The Laws govening the Fouth Degee povide that the faithful comptolle be elected, along with the othe offices

More information

Japan s trading losses reach JPY20 trillion

Japan s trading losses reach JPY20 trillion IEEJ: Mach 2014. All Rights Reseved. Japan s tading losses each JPY20 tillion Enegy accounts fo moe than half of the tading losses YANAGISAWA Akia Senio Economist Enegy Demand, Supply and Foecast Goup

More information

THE DISTRIBUTED LOCATION RESOLUTION PROBLEM AND ITS EFFICIENT SOLUTION

THE DISTRIBUTED LOCATION RESOLUTION PROBLEM AND ITS EFFICIENT SOLUTION IADIS Intenational Confeence Applied Computing 2006 THE DISTRIBUTED LOCATION RESOLUTION PROBLEM AND ITS EFFICIENT SOLUTION Jög Roth Univesity of Hagen 58084 Hagen, Gemany Joeg.Roth@Fenuni-hagen.de ABSTRACT

More information

Promised Lead-Time Contracts Under Asymmetric Information

Promised Lead-Time Contracts Under Asymmetric Information OPERATIONS RESEARCH Vol. 56, No. 4, July August 28, pp. 898 915 issn 3-364X eissn 1526-5463 8 564 898 infoms doi 1.1287/ope.18.514 28 INFORMS Pomised Lead-Time Contacts Unde Asymmetic Infomation Holly

More information

Carter-Penrose diagrams and black holes

Carter-Penrose diagrams and black holes Cate-Penose diagams and black holes Ewa Felinska The basic intoduction to the method of building Penose diagams has been pesented, stating with obtaining a Penose diagam fom Minkowski space. An example

More information

Research and the Approval Process

Research and the Approval Process Reseach and the Appoval Pocess Emeic Heny y Maco Ottaviani z Febuay 2014 Abstact An agent sequentially collects infomation to obtain a pincipal s appoval, such as a phamaceutical company seeking FDA appoval

More information

A framework for the selection of enterprise resource planning (ERP) system based on fuzzy decision making methods

A framework for the selection of enterprise resource planning (ERP) system based on fuzzy decision making methods A famewok fo the selection of entepise esouce planning (ERP) system based on fuzzy decision making methods Omid Golshan Tafti M.s student in Industial Management, Univesity of Yazd Omidgolshan87@yahoo.com

More information