How to Encrypt Properly with RSA


 Claire Collins
 1 years ago
 Views:
Transcription
1 RSA Laboatoies CyptoBytes. Volume 5, No. 1 Winte/Sping 2002, pages ow to Encypt Popely with RSA David Pointcheval Dépt d Infomatique, ENS CNRS, 45 ue d Ulm, Pais Cedex 05, Fance URL: Abstact. In 1993, Bellae and Rogaway fomalized the concept of a andom oacle, impoted fom complexity theoy fo cyptogaphic puposes. This new tool allowed them to pesent seveal asymmetic encyption and signatue schemes that ae both efficient and povably secue (in the andom oacle model). The Optimal Asymmetic Encyption Padding (OAEP) is the most significant application of the andom oacle model to date. It gives an efficient RSA encyption scheme with a stong secuity guaantee (semantic secuity against chosenciphetext attacks). Afte Bleichenbache s devastating attack on RSA PKCS #1 v1.5 in 1998, RSA OAEP became the natual successo (RSA PKCS #1 v2.0) and thus a de facto intenational standad. Supisingly, Shoup ecently showed that the oiginal poof of secuity fo OAEP is incoect. Without a poof, RSA OAEP cannot be tusted to povide an adequate level of secuity. Luckily, shotly afte Shoup s discovey a fomal and complete poof was found in joint wok by the autho and othes that eaffimed the stong level of secuity povided by RSA OAEP. oweve, this new secuity poof still does not guaantee secuity fo key sizes used in pactice due to the inefficiency of the secuity eduction (the eduction to inveting RSA takes quadatic time). Recent altenatives to OAEP, such as OAEP +, SAEP +, and REACT, admit moe efficient poofs and thus povide adequate secuity fo key sizes used in pactice. 1 Asymmetic Encyption In 1978, Rivest, Shami, and Adleman poposed the fist candidate tapdoo pemutation [30]. A tapdoo pemutation pimitive is a function f that anyone can compute efficiently; howeve, inveting f is had unless we ae also given some tapdoo infomation. iven the tapdoo infomation, inveting f becomes easy. Naively, a tapdoo pemutation defines a simple public key encyption scheme: the desciption of f is the public key and the tapdoo is the secet key. Unfotunately, encyption in this naive public key system is deteministic and hence cannot be secue, as discussed below. Befoe we can claim that a cyptosystem is secue (o insecue) we must pecisely define what secuity actually means. The fomalization of secuity notions stated aound the time when RSA was poposed and took seveal yeas to convege (see [18] fo a suvey on this topic). Today, the accepted secuity equiement fo an encyption scheme is called semantic secuity against an adaptive chosenciphetext attack [29] o IND CCA fo shot. To undestand this concept we point out that secuity is always defined in tems of two paametes: (1) the attacke s capabilities, namely what the attacke can do duing the attack, and (2) the attacke s goals, namely what the attacke is tying to do. 1. Attacke s capabilities: The stongest attacke capability in the standad model is called adaptive chosenciphetext attack and is denoted by (CCA) [29]. This means that the advesay has the ability to decypt any ciphetext of his choice except fo some challenge ciphetext (imagine the attacke is able to exploit a decyption box that will decypt anything except fo some known challenge ciphetext). c RSA Secuity Inc
2 2 2. Attacke s goal: The standad secuity goal is called semantic secuity [19] (also known as indistinguishability of ciphetexts ), and is denoted by (IND). Roughly speaking, the attacke s goal is to deduce just one bit of infomation about the decyption of some given ciphetext. We say that a system is semantically secue if no efficient attacke can achieve this goal. We note that a deteministic encyption algoithm can neve give semantic secuity. An encyption scheme that is semantically secue unde an adaptive chosenciphetext attack is said to be IND CCA secue. IND CCA secuity implies that even with full access to the decyption oacle, the attacke is not able to deduce one bit of infomation about the decyption of a given challenge ciphetext. IND CCA may seem vey stong, but such attacks ae possible in some eal wold scenaios. In fact, CCAlike attacks have been used to beak pactical implementations, as we will see late. Futhemoe, semantic secuity is equied fo high confidentiality, namely when the message space is limited (such as yes o no, buy o sell ). As a consequence, IND CCA is accepted as the equied secuity level fo pactical encyption schemes. One can obtain many othe secuity notions by combining diffeent attacke goals with vaious attacke capabilities. Fo example, anothe secuity goal is called nonmalleability [15, 7]. ee the attacke is given some ciphetext and his goal is to build anothe ciphetext such that the plaintexts ae meaningfully elated. Nonmalleability is known to be equivalent to semantic secuity unde an adaptive chosenciphetext attack [3]. Fo this eason, IND CCA secuity is sometimes called nonmalleability. Similaly, one can also conside diffeent attacke capabilities based on the oacles given to the attacke [25, 29, 9, 20, 26]. As mentioned above, the most poweful attacke capability in the classical model is the decyption oacle itself, which decypts any ciphetext (except the challenge ciphetext). This classical model gives the cyptogaphic engine to the advesay as a black box to which he can make queies and eceive coect answes in constant time. It thus excludes timing attacks [21], simple and diffeential powe analyses [22] as well, and othe diffeential fault analyses [8, 12]. 2 The RSAbased Cyptosystems 2.1 The Plain RSA The RSA pemutation, poposed by Rivest, Shami and Adleman [30], is the most well known tapdoo pemutation. Its onewayness is believed to be as stong as intege factoization. The RSA setup consists of choosing two lage pime numbes p and q, and computing the RSA modulus n = pq. The public key is n togethe with an exponent e (elatively pime to ϕ(n) = (p 1)(q 1)). The secet key d is defined to be the invese of e modulo ϕ(n). Encyption and decyption is defined as follows: E n,e (m) = m e mod n D n,d (c) = c d mod n. This pimitive does not povide by itself an IND CCA secue encyption scheme. Unde a slightly stonge assumption than the intactability of the intege factoization, it gives a cyptosystem that is only oneway unde chosenplaintext attacks a vey weak level of secuity. Semantic secuity fails because encyption is deteministic. Even wose, unde a CCA attack, the attacke can fully decypt a challenge ciphetext C = m e mod n using the homomophic popety of RSA: E n,e (m 1 ) E n,e (m 2 ) = E n,e (m 1 m 2 mod n) mod n.
3 To decypt C = m e mod n using a CCA attack do: (1) compute C = C 2 e mod n, (2) give C ( C) to the decyption oacle, and (3) the oacle etuns 2m mod n fom which the advesay can deduce m. To ovecome RSA this simple CCA attack, pactical RSAbased cyptosystems andomly pad the plaintext pio to encyption. This andomizes the ciphetext and eliminates the homomophic popety The RSA PKCS #1 v1.5 Encyption A widely deployed padding fo RSAbased encyption is defined in the PKCS #1 v1.5 standad: fo any modulus 2 8(k 1) n < 2 8k, in ode to encypt an l bytelong message m (fo l k 11), one andomly chooses a k 3 l bytelong andom sting (with only nonzeo bytes). Then, one defines the kbyte long sting M = 02 0 m (see figue 1) which is theeafte encypted with the RSA pemutation, C = M e mod n. When decypting a ciphetext C, the decypto applies RSA invesion by computing M = C d mod n and then checks that the esult M matches the expected fomat 02 * 0 *. If so, the decypto outputs the last pat as the plaintext. Othewise, the ciphetext is ejected. 0 2 nonzeo bytes 0 m moe than 8 bytes Fig. 1. PKCS #1 v1.5 Fomat Intuitively, this padding seems sufficient to ule out the above weaknesses of the plain RSA system, but without any fomal poof o guaantee. Supisingly, in 1998, Bleichenbache [9] showed that a simple active attack can completely beak RSA PKCS #1. This attack applies to eal systems such as a Web seve using SSL v3.0. These seves often output a specific failue message in case of an invalid ciphetext. This enables an attacke to test whethe the two most significant bytes of a challenge ciphetext C ae equal to 02. If so, the attacke leans the following bound on the decyption of C: 2 2 8(k 2) C d mod n < 3 2 8(k 2). Due to the andom selfeducibility of the RSA pemutation, in paticula the homomophism Cs e = M e s e = (Ms) e mod n, the complete decyption of C can be ecoveed afte a elatively small numbe of queies. Only a few million queies ae needed with a 1024bit modulus. Bleichenbache s attack had an impact on many pactical systems and standads bodies, which suddenly became awae of the impotance of fomal secuity aguments. Nevetheless, the weak PKCS #1 v1.5 padding is still used in the TLS potocol [33]. The TLS specification now appeas to defend against Bleichenbache s attack using a technique fo which no poof of secuity has yet been published. Cetain simple attacks ae still possible (fo example, plaintextchecking attacks [26] can be easily un, even if they seem ineffective). The lesson hee is that standads should ely as much as possible on fully analyzed constuctions and avoid adhoc techniques.
4 4 3 The Optimal Asymmetic Encyption Padding Fo some time, people have tied to povide secuity poofs fo cyptogaphic potocols in the eductionist sense [10]. To do so, one pesents an algoithm that uses an effective advesay as a subpogam to beak some undelying hadness assumption (such as the RSA assumption, o the intactability of the intege factoization). Such an algoithm is called a eduction. This eduction is said to be efficient, oughly speaking, if it does not equie too many calls to the subpogam. 3.1 The Random Oacle Model A few yeas ago, a new line of eseach stated with the goal of combining povable secuity with efficiency, still in the eductionist sense. To achieve this goal, Bellae and Rogaway [4] fomalized a heuistic suggested by Fiat and Shami [16]. This heuistic consisted in making an idealized assumption about some objects, such as hash functions, accoding to which they wee assumed to behave like tuly andom functions. This assumption, known as the andom oacle model, may seem stong, and lacking in pactical embodiments. In fact, Canetti et al. [13] gave an example of a signatue scheme which is secue in the andom oacle model, but insecue unde any instantiation of the andom oacle. oweve, one can also conside andomoaclebased poofs unde the assumption that the advesay is geneic, whateve the actual implementation of the hash function o othe idealized algoithms may be. In othe wods, we may assume that the advesay does/can not use any specific weakness of the hash functions used in pactice. Thanks to this ideal assumption, seveal efficient encyption and signatue schemes have been analyzed [5, 6, 27]. We emphasize that even fomal analyses in the andom oacle model ae not stong secuity poofs, because of the undelying ideal assumption. They do, howeve, povide stong evidence fo secuity and can futhemoe seve as the basis fo quite efficient schemes. Since people do not often want to pay moe than a negligible pice fo secuity, such an agument fo pactical schemes is moe useful than fomal secuity poofs fo inefficient schemes. m 0 k 1 s t Fig. 2. OAEP Padding
5 5 3.2 Desciption of OAEP At the time Bleichenbache published his attack on RSA PKCS #1 v1.5, the only efficient and povably secue encyption scheme based on RSA was the Optimal Asymmetic Encyption Padding (OAEP) poposed by Bellae and Rogaway [5]. OAEP can be used with any tapdoo pemutation f. To encypt a message m using the encyption scheme f OAEP, fist apply the OAEP pocedue descibed in Figue 2 ee is a andom sting and, ae hash functions. The esulting values [s t] ae then encypted using f, namely C = f(s, t). Bellae and Rogaway poved that OAEP padding used with any tapdoo pemutation f povides a semantically secue encyption scheme. By adding some edundancy (the constant value 0 k 1 at the end of the message, as shown in Figue 2), they futhemoe poved it to be weakly plaintextawae. Plaintextawaeness is a popety of encyption schemes in the andom oacle model which means that thee exists a plaintextextacto able to simulate the decyption oacle on any ciphetext (valid o not) designed by the advesay. The weak pat in the definition poposed by Bellae and Rogaway was that the plaintextextaction was just equied to wok while the advesay had not eceived any valid ciphetext fom any souce. Unfotunately, the adaptive chosenciphetext attack model gives the advesay a fulltime access to the decyption oacle, even afte eceiving the challenge ciphetext about which the advesay wants to lean infomation. This challenge is a valid ciphetext. Theefoe, semantic secuity togethe with weak plaintextawaeness only implies the semantic secuity against nonadaptive chosenciphetext attacks (a.k.a. lunchtime attacks [25], o indiffeent chosenciphetext attacks), whee the decyption oacle access is limited until the advesay has eceived the challenge ciphetext. In 1998, Bellae, Desai, Rogaway and the autho [3] coected this initial definition of plaintextawaeness, equiing the existence of a plaintextextacto able to simulate the decyption oacle on any ciphetext submitted by the advesay, even afte seeing some valid ciphetexts not encypted by the advesay himself. This stonge definition is a moe accuate model of the eal wold, whee the advesay may have access to ciphetexts via eavesdopping. We futhemoe poved that this new popety (which can only be defined in the andom oacle model) actually povides the encyption scheme with the stongest secuity level, namely semantic secuity against (adaptive) chosenciphetext attacks (IND CCA). oweve, no one eve povided OAEP with such a new plaintextextacto. Theefoe, even if eveybody believed in the stong secuity level of OAEP, it had neve been poven IND CCA unde the onewayness of the pemutation alone. 3.3 The OAEP Secuity Analyses In fact, the only fomally poven secuity esult about OAEP was its semantic secuity against lunchtime attacks, assuming the onewayness of the undelying pemutation. Until vey ecently OAEP was widely believed to also be IND CCA. Shoup s Result Shoup [32] ecently showed that it was quite unlikely that OAEP is IND CCA assuming only the onewayness of the undelying tapdoo pemutation. In fact, he showed that if thee exists a tapdoo oneway pemutation g fo which it is easy to compute g(x a) fom g(x) and a, then OAEP cannot be IND CCA secue fo an abitay tapdoo pemutation f. Refeing to this special popety of g as XOR malleability, let us biefly pesent Shoup s counteexample. Let s t denote
6 6 the output of the OAEP tansfomation on a plaintext message m. Define the oneway pemutation f as f(s t) = s g(t). Then encypting m using f OAEP gives the ciphetext C = [s g(t)]. What Shoup showed is that unde these conditions the advesay can use C to constuct a ciphetext C of a plaintext message m that is closely elated to the message m. In paticula, fo any sting δ, the advesay can constuct C which is the encyption of m = m δ. Thus, the scheme is malleable and hence not IND CCA giving C to the decyption oacle will eveal m = m δ, fom which the advesay can obtain m. m 0 k 1 m 0 k 1 s t s t (s) (s ) Fig. 3. Shoup s Attack To constuct C, the idea is fo the advesay to exploit the explicit appeaance of s in the ciphetext C. The advesay fist computes s = s, whee = δ 0 k 1 ; essentially, is simply a padded endeing of δ. The advesay then computes D = (s) (s ) using explicit knowledge of s and s and access to the andom oacle fo. Finally, by exploiting the XOR malleability of g, the advesay computes g(t ), whee t = t D. It is easy to see now that C = s g(t ) is a valid encyption of the message m. ence, the nonmalleability of f OAEP is boken. This obsevation shows that it is unlikely that one can pove that f OAEP is IND CCA secue fo abitay tapdoo pemutations f by assuming only the onewayness of f. Repaiing the OAEP Poof of Secuity To constuct a valid ciphetext C in the above attack it seems that the advesay has to quey the hash function at (s). But this seems to imply that given C the advesay can figue out the value s used to ceate C (ecall that s is the left hand side of f 1 (C)). Thus, it appeas that in ode to mount Shoup s attack the advesay must be able patly to invet f given f(s, t), the advesay must be able to expose s. We say f is patialdomain oneway if no efficient algoithm can deduce s fom C = f(s, t). Fo such tapdoo pemutations f, one could hope that Shoup s attack will fail and that f OAEP is IND CCA secue. Fujisaki, Okamoto, Sten and the autho [17] fomally poved this fact: If f is patialdomain oneway, then f OAEP is IND CCA secue. We note that patialdomain onewayness is a stonge popety than onewayness: a function might be oneway but still not patialdomain oneway. Fotunately, the homomophic popeties of RSA enable us to pove that the RSA pemutation is patialdomain oneway if and only if RSA is oneway. Moe pecisely,
7 an algoithm that can expose half of RSA 1 (C) given C can be used to completely invet the RSA pemutation. Altogethe, this poves the widely believed IND CCA secuity of RSA OAEP assuming that RSA is a tapdoo pemutation. Fo secuity paametes, and t (whose fomal definitions ae omitted hee), we obtain the following esult [17]: Let A be a CCAadvesay against the semantic secuity of RSA OAEP with unning time bounded by t and advantage ε. Then, the RSA function can be inveted with pobability geate than appoximately ε 2 /4 within time bound 2t. Unfotunately, the secuity eduction fom an RSAinvesion into an attack is quite inefficient fo pactical sizes (moe pecisely, it is quadatic in the numbe of oacle queies). ence, this eduction is meaningless unless one uses a modulus lage enough so that the RSAinvesion (o the factoization) equies much moe than computational effot. With cuent factoization techniques [23, 14], one needs to use a modulus of length moe than 4096 bits to make the eduction meaningful (see [24] fo complexity estimates of the most efficient factoing algoithms). Viewed anothe way, this eduction shows that a 1024bit modulus just povides a povable secuity level of 2 40, which is clealy inadequate given cuently pevalent levels of computing powe. (We note, howeve, that this does not mean that thee is an attack with this low complexity, only that one cannot be uled out by the available poofs of secuity.) 4 OAEP Altenatives 4.1 The OAEP + Padding Shoup also poposed a fomal secuity poof of RSA OAEP with a much moe efficient secuity eduction, but in the paticula case whee the encyption exponent e is equal to 3. oweve, many people believe that the RSA tapdoo pemutation with exponent 3 may be weake than with geate exponents. Theefoe, he also poposed a slightly modified vesion of OAEP, called OAEP + (see Figue 4), which can be poven secue unde the onewayness of the pemutation alone. It uses the vaiable edundancy R(m, ) instead of the constant 0 k 1. It is thus a bit moe inticate than the oiginal OAEP. The secuity eduction fo OAEP + is efficient, but still uns in quadatic time. 7 m R m m R(m, ) R m R(m, ) R(m, ) s t s OAEP + padding SAEP + padding Fig. 4. OAEP + and SAEP + Paddings
8 8 4.2 SAEP + Padding Boneh [11] ecently poposed a new padding scheme, SAEP +, to be used with the Rabin pimitive [28] o RSA. It is simple than OAEP, hence the name Simplified Asymmetic Encyption Padding: wheeas OAEP is a twoound Feistel netwok, SAEP + is a singleound. SAEP + has a linea time eduction fo the Rabin system (i.e., e = 2). Fo lage exponents, SAEP + has a quadatic time eduction. ence, fo lage exponents (e > 2), SAEP + does not guaantee secuity fo pactical paametes (less than two thousand bits). 4.3 The REACT Constuction Anothe altenative to OAEP is the REACT constuction, poposed by Okamoto and the autho [26] (see Figue 5). It povides an IND CCA encyption scheme fom any m m SymE RSA RSA C 1 C 2 C 3 C 1 C 2 C 3 Basic encyption ybid encyption Fig. 5. REACT weakly secue one (moe pecisely, a oneway pimitive, against plaintextchecking attacks), such as the RSA pimitive. Theefoe, the RSA REACT scheme is IND CCA secue unde the RSA assumption. Futhemoe, the secuity eduction is vey efficient, since it is in linea time without any loss in the success pobability, whateve the exponent. Consequently, it guaantees pefect equivalence with RSA invesion fo moduli which equie just a bit moe than 2 70 effot to be factoed. This is the case fo 1024 bitlong moduli, the minimal cuently advised key size. In compaison to pevious poposals, REACT is a full scheme and not just a pue padding applied to the message befoe the RSA function. Consequently, the ciphetext is a bit longe. oweve, even when used fo key tanspot, it allows integation of a symmetic encyption scheme (SymE) to achieve vey high encyption ates, as shown in the hybid constuction. In the specific case of RSA, REACT can be optimized, as explained below. 4.4 Simple RSA In an ISO epot [31], Shoup suggested a possible altenative, based on ideas fom Bellae and Rogaway [4] that povide a secue encyption scheme fom any tapdoo oneway pemutation f. Roughly speaking, simple RSA, as it is called, consists of fist encypting a andom sting using f to obtain C 0 (thus C 0 = e mod n), and then pasing () as k 0 k 1, whee is some hash function (modeled by a andom oacle). Theeafte, one encypts the message m using a symmetic encyption scheme
9 with the key k 0 to get C 1 (e.g., C 1 = m k 0 ), and authenticates the ciphetext with a MAC function using the key k 1 to get a tag T = (k 1, C 1 ). The ciphetext is the tiple (C 0, C 1, T ). This constuction is a special case of REACT, optimized fo RSA, and hence is IND CCA unde the RSA assumption. It povides a vey efficient linea time eduction. Moeove, thanks to the andom selfeducibility of RSA (which can only be used with this latte constuction, but cannot with the OAEP and SAEP vaiants), this constuction povides a high secuity level even when encypting many plaintexts [1, 2]. 9 5 Conclusion RSA OAEP is a pactical RSA encyption scheme with povable secuity in the andom oacle model. Fo pactical secuity, the cost of the eductions cannot simply be shown to be polynomial time (as in asymptotical analyses), since the eduction efficiency diectly impacts the secuity paametes needed fo the scheme. ence, when evaluating cyptogaphic constuctions, one must take into account the efficiency of the secuity poof. Inefficient poofs of secuity do not give secuity guaantees fo eal wold paametes. Only OAEP with exponents 2 o 3, SAEP + with exponent 2, and RSA REACT (o the optimization simple RSA ) with any exponent, admit fomal poofs with linea time eductions in the andom oacle model. ence only these schemes guaantee semantic secuity against chosenciphetext attacks fo pactical modulus sizes (even less than 1024 bits). The povable secuity fo othe padding schemes is meaningful only fo much lage moduli (moe than 4096 bits). Acknowledgments I wamly thank my coauthos, Mihi Bellae, Anand Desai, Eiichio Fujisaki, Tatsuaki Okamoto, Phil Rogaway and Jacques Sten fo the inteesting woks we did on asymmetic encyption, as well as Dan Boneh, PieeAlain Fouque, Victo Shoup and Yves Vehoeven fo the fuitful discussions we had. Refeences 1. O. Baudon, D. Pointcheval, and J. Sten. Extended Notions of Secuity fo Multicast Public Key Cyptosystems. In Poc. of the 27th ICALP, LNCS 1853, pages SpingeVelag, Belin, M. Bellae, A. Boldyeva, and S. Micali. Publickey Encyption in a MultiUse Setting: Secuity Poofs and Impovements. In Euocypt 00, LNCS 1807, pages SpingeVelag, Belin, M. Bellae, A. Desai, D. Pointcheval, and P. Rogaway. Relations among Notions of Secuity fo PublicKey Encyption Schemes. In Cypto 98, LNCS 1462, pages SpingeVelag, Belin, M. Bellae and P. Rogaway. Random Oacles Ae Pactical: a Paadigm fo Designing Efficient Potocols. In Poc. of the 1st CCS, pages ACM Pess, New Yok, M. Bellae and P. Rogaway. Optimal Asymmetic Encyption ow to Encypt with RSA. In Euocypt 94, LNCS 950, pages SpingeVelag, Belin, M. Bellae and P. Rogaway. The Exact Secuity of Digital Signatues ow to Sign with RSA and Rabin. In Euocypt 96, LNCS 1070, pages SpingeVelag, Belin, M. Bellae and A. Sahai. NonMalleable Encyption: Equivalence between Two Notions, and an IndistinguishabilityBased Chaacteization. In Cypto 99, LNCS 1666, pages Spinge Velag, Belin, 1999.
10 10 8. E. Biham and A. Shami. Diffeential Fault Analysis of Secet Key Cyptosystems. In Cypto 97, LNCS 1294, pages SpingeVelag, Belin, D. Bleichenbache. A Chosen Ciphetext Attack against Potocols based on the RSA Encyption Standad PKCS #1. In Cypto 98, LNCS 1462, pages SpingeVelag, Belin, M. Blum and S. Micali. ow to eneate Cyptogaphically Stong Sequences of Pseudoandom Bits. SIAM Jounal on Computing, 13: , D. Boneh. Simplified OAEP fo the RSA and Rabin Functions. In Cypto 01, LNCS 2139, pages SpingeVelag, Belin, D. Boneh, R. DeMillo, and R. Lipton. On the Impotance of Checking Cyptogaphic Potocols fo Faults. In Euocypt 97, LNCS 1233, pages SpingeVelag, Belin, R. Canetti, O. oldeich, and S. alevi. The Random Oacles Methodology, Revisited. In Poc. of the 30th STOC, pages ACM Pess, New Yok, S. Cavalla, B. Dodson, A. K. Lensta, W. Lioen, P. L. Montgomey, B. Muphy,. te Riele, K. Aadal, J. ilchist,. uillem, P. Leyland, J. Machand, F. Moain, A. Muffett, Ch. Putnam, C. Putnam, and P. Zimmemann. Factoization of a 512bit RSA Modulus. In Euocypt 00, LNCS 1807, pages SpingeVelag, Belin, D. Dolev, C. Dwok, and M. Nao. NonMalleable Cyptogaphy. SIAM Jounal on Computing, 30(2): , A. Fiat and A. Shami. ow to Pove Youself: Pactical Solutions of Identification and Signatue Poblems. In Cypto 86, LNCS 263, pages SpingeVelag, Belin, E. Fujisaki, T. Okamoto, D. Pointcheval, and J. Sten. RSA OAEP is Secue unde the RSA Assumption. In Cypto 01, LNCS 2139, pages SpingeVelag, Belin, O. oldeich. On the Foundations of Moden Cyptogaphy. In Cypto 97, LNCS 1294, pages SpingeVelag, Belin, S. oldwasse and S. Micali. Pobabilistic Encyption. Jounal of Compute and System Sciences, 28: , C. all, I. oldbeg, and B. Schneie. Reaction Attacks Against Seveal PublicKey Cyptosystems. In Poc. of ICICS 99, LNCS, pages SpingeVelag, P. C. Koche. Timing Attacks on Implementations of Diffieellman, RSA, DSS, and Othe Systems. In Cypto 96, LNCS 1109, pages SpingeVelag, Belin, P. C. Koche, J. Jaffe, and B. Jun. Diffeential Powe Analysis. In Cypto 99, LNCS 1666, pages SpingeVelag, Belin, A. Lensta and. Lensta. The Development of the Numbe Field Sieve, volume 1554 of Lectue Notes in Mathematics. SpingeVelag, A. Lensta and E. Veheul. Selecting Cyptogaphic Key Sizes. In PKC 00, LNCS 1751, pages SpingeVelag, Belin, M. Nao and M. Yung. Univesal OneWay ash Functions and Thei Cyptogaphic Applications. In Poc. of the 21st STOC, pages ACM Pess, New Yok, T. Okamoto and D. Pointcheval. REACT: Rapid Enhancedsecuity Asymmetic Cyptosystem Tansfom. In CT RSA 01, LNCS 2020, pages SpingeVelag, Belin, D. Pointcheval and J. Sten. Secuity Aguments fo Digital Signatues and Blind Signatues. Jounal of Cyptology, 13(3): , M. O. Rabin. Digitalized Signatues. In R. Lipton and R. De Millo, editos, Foundations of Secue Computation, pages Academic Pess, New Yok, C. Rackoff and D. R. Simon. NonInteactive ZeoKnowledge Poof of Knowledge and Chosen Ciphetext Attack. In Cypto 91, LNCS 576, pages SpingeVelag, Belin, R. Rivest, A. Shami, and L. Adleman. A Method fo Obtaining Digital Signatues and Public Key Cyptosystems. Communications of the ACM, 21(2): , Febuay V. Shoup. A Poposal fo an ISO Standad fo PublicKey Encyption, decembe ISO/IEC JTC 1/SC V. Shoup. OAEP Reconsideed. In Cypto 01, LNCS 2139, pages SpingeVelag, Belin, T. Dieks and C. Allen. The TLS Potocol, januay RFC 2246 Available fom
An Efficient Group Key Agreement Protocol for Ad hoc Networks
An Efficient Goup Key Ageement Potocol fo Ad hoc Netwoks Daniel Augot, Raghav haska, Valéie Issany and Daniele Sacchetti INRIA Rocquencout 78153 Le Chesnay Fance {Daniel.Augot, Raghav.haska, Valéie.Issany,
More informationChapter 3 Savings, Present Value and Ricardian Equivalence
Chapte 3 Savings, Pesent Value and Ricadian Equivalence Chapte Oveview In the pevious chapte we studied the decision of households to supply hous to the labo maket. This decision was a static decision,
More informationIlona V. Tregub, ScD., Professor
Investment Potfolio Fomation fo the Pension Fund of Russia Ilona V. egub, ScD., Pofesso Mathematical Modeling of Economic Pocesses Depatment he Financial Univesity unde the Govenment of the Russian Fedeation
More informationSecure SmartcardBased Fingerprint Authentication
Secue SmatcadBased Fingepint Authentication [full vesion] T. Chales Clancy Compute Science Univesity of Mayland, College Pak tcc@umd.edu Nega Kiyavash, Dennis J. Lin Electical and Compute Engineeing Univesity
More informationSoftware Engineering and Development
I T H E A 67 Softwae Engineeing and Development SOFTWARE DEVELOPMENT PROCESS DYNAMICS MODELING AS STATE MACHINE Leonid Lyubchyk, Vasyl Soloshchuk Abstact: Softwae development pocess modeling is gaining
More informationConcept and Experiences on using a Wikibased System for Softwarerelated Seminar Papers
Concept and Expeiences on using a Wikibased System fo Softwaeelated Semina Papes Dominik Fanke and Stefan Kowalewski RWTH Aachen Univesity, 52074 Aachen, Gemany, {fanke, kowalewski}@embedded.wthaachen.de,
More informationTowards Automatic Update of Access Control Policy
Towads Automatic Update of Access Contol Policy Jinwei Hu, Yan Zhang, and Ruixuan Li Intelligent Systems Laboatoy, School of Computing and Mathematics Univesity of Westen Sydney, Sydney 1797, Austalia
More informationAttacking an obfuscated cipher by injecting faults
Attacking an obfuscated ciphe by injecting faults Matthias Jacob mjacob@cs.pinceton.edu Dan Boneh dabo@cs.stanfod.edu Edwad Felten felten@cs.pinceton.edu Abstact We study the stength of cetain obfuscation
More informationUncertain Version Control in Open Collaborative Editing of TreeStructured Documents
Uncetain Vesion Contol in Open Collaboative Editing of TeeStuctued Documents M. Lamine Ba Institut Mines Télécom; Télécom PaisTech; LTCI Pais, Fance mouhamadou.ba@ telecompaistech.f Talel Abdessalem
More informationINITIAL MARGIN CALCULATION ON DERIVATIVE MARKETS OPTION VALUATION FORMULAS
INITIAL MARGIN CALCULATION ON DERIVATIVE MARKETS OPTION VALUATION FORMULAS Vesion:.0 Date: June 0 Disclaime This document is solely intended as infomation fo cleaing membes and othes who ae inteested in
More informationThe transport performance evaluation system building of logistics enterprises
Jounal of Industial Engineeing and Management JIEM, 213 6(4): 194114 Online ISSN: 213953 Pint ISSN: 2138423 http://dx.doi.og/1.3926/jiem.784 The tanspot pefomance evaluation system building of logistics
More informationSTUDENT RESPONSE TO ANNUITY FORMULA DERIVATION
Page 1 STUDENT RESPONSE TO ANNUITY FORMULA DERIVATION C. Alan Blaylock, Hendeson State Univesity ABSTRACT This pape pesents an intuitive appoach to deiving annuity fomulas fo classoom use and attempts
More information2 r2 θ = r2 t. (3.59) The equal area law is the statement that the term in parentheses,
3.4. KEPLER S LAWS 145 3.4 Keple s laws You ae familia with the idea that one can solve some mechanics poblems using only consevation of enegy and (linea) momentum. Thus, some of what we see as objects
More informationSpirotechnics! September 7, 2011. Amanda Zeringue, Michael Spannuth and Amanda Zeringue Dierential Geometry Project
Spiotechnics! Septembe 7, 2011 Amanda Zeingue, Michael Spannuth and Amanda Zeingue Dieential Geomety Poject 1 The Beginning The geneal consensus of ou goup began with one thought: Spiogaphs ae awesome.
More informationEfficient Redundancy Techniques for Latency Reduction in Cloud Systems
Efficient Redundancy Techniques fo Latency Reduction in Cloud Systems 1 Gaui Joshi, Emina Soljanin, and Gegoy Wonell Abstact In cloud computing systems, assigning a task to multiple seves and waiting fo
More informationComparing Availability of Various Rack Power Redundancy Configurations
Compaing Availability of Vaious Rack Powe Redundancy Configuations By Victo Avela White Pape #48 Executive Summay Tansfe switches and dualpath powe distibution to IT equipment ae used to enhance the availability
More informationQuestions & Answers Chapter 10 Software Reliability Prediction, Allocation and Demonstration Testing
M13914 Questions & Answes Chapte 10 Softwae Reliability Pediction, Allocation and Demonstation Testing 1. Homewok: How to deive the fomula of failue ate estimate. λ = χ α,+ t When the failue times follow
More informationFirstmark Credit Union Commercial Loan Department
Fistmak Cedit Union Commecial Loan Depatment Thank you fo consideing Fistmak Cedit Union as a tusted souce to meet the needs of you business. Fistmak Cedit Union offes a wide aay of business loans and
More informationDatabase Management Systems
Contents Database Management Systems (COP 5725) D. Makus Schneide Depatment of Compute & Infomation Science & Engineeing (CISE) Database Systems Reseach & Development Cente Couse Syllabus 1 Sping 2012
More informationThings to Remember. r Complete all of the sections on the Retirement Benefit Options form that apply to your request.
Retiement Benefit 1 Things to Remembe Complete all of the sections on the Retiement Benefit fom that apply to you equest. If this is an initial equest, and not a change in a cuent distibution, emembe to
More informationAN IMPLEMENTATION OF BINARY AND FLOATING POINT CHROMOSOME REPRESENTATION IN GENETIC ALGORITHM
AN IMPLEMENTATION OF BINARY AND FLOATING POINT CHROMOSOME REPRESENTATION IN GENETIC ALGORITHM Main Golub Faculty of Electical Engineeing and Computing, Univesity of Zageb Depatment of Electonics, Micoelectonics,
More informationOverencryption: Management of Access Control Evolution on Outsourced Data
Oveencyption: Management of Access Contol Evolution on Outsouced Data Sabina De Capitani di Vimecati DTI  Univesità di Milano 26013 Cema  Italy decapita@dti.unimi.it Stefano Paaboschi DIIMM  Univesità
More informationContinuous Compounding and Annualization
Continuous Compounding and Annualization Philip A. Viton Januay 11, 2006 Contents 1 Intoduction 1 2 Continuous Compounding 2 3 Pesent Value with Continuous Compounding 4 4 Annualization 5 5 A Special Poblem
More informationNontrivial lower bounds for the least common multiple of some finite sequences of integers
J. Numbe Theoy, 15 (007), p. 393411. Nontivial lowe bounds fo the least common multiple of some finite sequences of integes Bai FARHI bai.fahi@gmail.com Abstact We pesent hee a method which allows to
More informationON THE (Q, R) POLICY IN PRODUCTIONINVENTORY SYSTEMS
ON THE R POLICY IN PRODUCTIONINVENTORY SYSTEMS Saifallah Benjaafa and JoonSeok Kim Depatment of Mechanical Engineeing Univesity of Minnesota Minneapolis MN 55455 Abstact We conside a poductioninventoy
More informationApproximation Algorithms for Data Management in Networks
Appoximation Algoithms fo Data Management in Netwoks Chistof Kick Heinz Nixdof Institute and Depatment of Mathematics & Compute Science adebon Univesity Gemany kueke@upb.de Haald Räcke Heinz Nixdof Institute
More informationResearch Article A ReputationBased Identity Management Model for Cloud Computing
Mathematical Poblems in Engineeing Volume 2015, Aticle ID 238245, 15 pages http://dx.doi.og/10.1155/2015/238245 Reseach Aticle A ReputationBased Identity Management Model fo Cloud Computing Lifa Wu, 1
More informationMULTIPLE SOLUTIONS OF THE PRESCRIBED MEAN CURVATURE EQUATION
MULTIPLE SOLUTIONS OF THE PRESCRIBED MEAN CURVATURE EQUATION K.C. CHANG AND TAN ZHANG In memoy of Pofesso S.S. Chen Abstact. We combine heat flow method with Mose theoy, supe and subsolution method with
More informationConverting knowledge Into Practice
Conveting knowledge Into Pactice Boke Nightmae srs Tend Ride By Vladimi Ribakov Ceato of Pips Caie 20 of June 2010 2 0 1 0 C o p y i g h t s V l a d i m i R i b a k o v 1 Disclaime and Risk Wanings Tading
More informationHEALTHCARE INTEGRATION BASED ON CLOUD COMPUTING
U.P.B. Sci. Bull., Seies C, Vol. 77, Iss. 2, 2015 ISSN 22863540 HEALTHCARE INTEGRATION BASED ON CLOUD COMPUTING Roxana MARCU 1, Dan POPESCU 2, Iulian DANILĂ 3 A high numbe of infomation systems ae available
More informationest using the formula I = Prt, where I is the interest earned, P is the principal, r is the interest rate, and t is the time in years.
9.2 Inteest Objectives 1. Undestand the simple inteest fomula. 2. Use the compound inteest fomula to find futue value. 3. Solve the compound inteest fomula fo diffeent unknowns, such as the pesent value,
More informationExplicit, analytical solution of scaling quantum graphs. Abstract
Explicit, analytical solution of scaling quantum gaphs Yu. Dabaghian and R. Blümel Depatment of Physics, Wesleyan Univesity, Middletown, CT 064590155, USA Email: ydabaghian@wesleyan.edu (Januay 6, 2003)
More informationEffect of Contention Window on the Performance of IEEE 802.11 WLANs
Effect of Contention Window on the Pefomance of IEEE 82.11 WLANs Yunli Chen and Dhama P. Agawal Cente fo Distibuted and Mobile Computing, Depatment of ECECS Univesity of Cincinnati, OH 452213 {ychen,
More informationModeling and Verifying a Price Model for Congestion Control in Computer Networks Using PROMELA/SPIN
Modeling and Veifying a Pice Model fo Congestion Contol in Compute Netwoks Using PROMELA/SPIN Clement Yuen and Wei Tjioe Depatment of Compute Science Univesity of Toonto 1 King s College Road, Toonto,
More informationThe Role of Gravity in Orbital Motion
! The Role of Gavity in Obital Motion Pat of: Inquiy Science with Datmouth Developed by: Chistophe Caoll, Depatment of Physics & Astonomy, Datmouth College Adapted fom: How Gavity Affects Obits (Ohio State
More informationValuation of Floating Rate Bonds 1
Valuation of Floating Rate onds 1 Joge uz Lopez us 316: Deivative Secuities his note explains how to value plain vanilla floating ate bonds. he pupose of this note is to link the concepts that you leaned
More informationFinancing Terms in the EOQ Model
Financing Tems in the EOQ Model Habone W. Stuat, J. Columbia Business School New Yok, NY 1007 hws7@columbia.edu August 6, 004 1 Intoduction This note discusses two tems that ae often omitted fom the standad
More informationThe Binomial Distribution
The Binomial Distibution A. It would be vey tedious if, evey time we had a slightly diffeent poblem, we had to detemine the pobability distibutions fom scatch. Luckily, thee ae enough similaities between
More information9:6.4 Sample Questions/Requests for Managing Underwriter Candidates
9:6.4 INITIAL PUBLIC OFFERINGS 9:6.4 Sample Questions/Requests fo Managing Undewite Candidates Recent IPO Expeience Please povide a list of all completed o withdawn IPOs in which you fim has paticipated
More informationComparing Availability of Various Rack Power Redundancy Configurations
Compaing Availability of Vaious Rack Powe Redundancy Configuations White Pape 48 Revision by Victo Avela > Executive summay Tansfe switches and dualpath powe distibution to IT equipment ae used to enhance
More informationResearch on Risk Assessment of the Transformer Based on Life Cycle Cost
ntenational Jounal of Smat Gid and lean Enegy eseach on isk Assessment of the Tansfome Based on Life ycle ost Hui Zhou a, Guowei Wu a, Weiwei Pan a, Yunhe Hou b, hong Wang b * a Zhejiang Electic Powe opoation,
More informationGive me all I pay for Execution Guarantees in Electronic Commerce Payment Processes
Give me all I pay fo Execution Guaantees in Electonic Commece Payment Pocesses Heiko Schuldt Andei Popovici HansJög Schek Email: Database Reseach Goup Institute of Infomation Systems ETH Zentum, 8092
More informationYARN PROPERTIES MEASUREMENT: AN OPTICAL APPROACH
nd INTERNATIONAL TEXTILE, CLOTHING & ESIGN CONFERENCE Magic Wold of Textiles Octobe 03 d to 06 th 004, UBROVNIK, CROATIA YARN PROPERTIES MEASUREMENT: AN OPTICAL APPROACH Jana VOBOROVA; Ashish GARG; Bohuslav
More informationReduced Pattern Training Based on Task Decomposition Using Pattern Distributor
> PNN05P762 < Reduced Patten Taining Based on Task Decomposition Using Patten Distibuto ShengUei Guan, Chunyu Bao, and TseNgee Neo Abstact Task Decomposition with Patten Distibuto (PD) is a new task
More informationData Center Demand Response: Avoiding the Coincident Peak via Workload Shifting and Local Generation
(213) 1 28 Data Cente Demand Response: Avoiding the Coincident Peak via Wokload Shifting and Local Geneation Zhenhua Liu 1, Adam Wieman 1, Yuan Chen 2, Benjamin Razon 1, Niangjun Chen 1 1 Califonia Institute
More informationSymmetric polynomials and partitions Eugene Mukhin
Symmetic polynomials and patitions Eugene Mukhin. Symmetic polynomials.. Definition. We will conside polynomials in n vaiables x,..., x n and use the shotcut p(x) instead of p(x,..., x n ). A pemutation
More informationLife Insurance Purchasing to Reach a Bequest. Erhan Bayraktar Department of Mathematics, University of Michigan Ann Arbor, Michigan, USA, 48109
Life Insuance Puchasing to Reach a Bequest Ehan Bayakta Depatment of Mathematics, Univesity of Michigan Ann Abo, Michigan, USA, 48109 S. David Pomislow Depatment of Mathematics, Yok Univesity Toonto, Ontaio,
More informationTheory and practise of the gindex
Theoy and pactise of the gindex by L. Egghe (*), Univesiteit Hasselt (UHasselt), Campus Diepenbeek, Agoalaan, B3590 Diepenbeek, Belgium Univesiteit Antwepen (UA), Campus Die Eiken, Univesiteitsplein,
More informationEXPERIENCE OF USING A CFD CODE FOR ESTIMATING THE NOISE GENERATED BY GUSTS ALONG THE SUN ROOF OF A CAR
EXPERIENCE OF USING A CFD CODE FOR ESTIMATING THE NOISE GENERATED BY GUSTS ALONG THE SUN ROOF OF A CAR Liang S. Lai* 1, Geogi S. Djambazov 1, Choi H. Lai 1, Koulis A. Peicleous 1, and Fédéic Magoulès
More informationThe impact of migration on the provision. of UK public services (SRG.10.039.4) Final Report. December 2011
The impact of migation on the povision of UK public sevices (SRG.10.039.4) Final Repot Decembe 2011 The obustness The obustness of the analysis of the is analysis the esponsibility is the esponsibility
More informationAn Analysis of Manufacturer Benefits under Vendor Managed Systems
An Analysis of Manufactue Benefits unde Vendo Managed Systems Seçil Savaşaneil Depatment of Industial Engineeing, Middle East Technical Univesity, 06531, Ankaa, TURKEY secil@ie.metu.edu.t Nesim Ekip 1
More informationA Capacitated Commodity Trading Model with Market Power
A Capacitated Commodity Tading Model with Maket Powe Victo MatínezdeAlbéniz Josep Maia Vendell Simón IESE Business School, Univesity of Navaa, Av. Peason 1, 08034 Bacelona, Spain VAlbeniz@iese.edu JMVendell@iese.edu
More informationProgramming Assignment #1
Due: Nov 3 (11:59pm). Pogamming Assignment #1 CMSC 351 Fall 2014 Rules 1) You may only use C/C++, Java. 2) You pogam should use the standad input/output. Fo example C/C++ uses should use scanf/pintf/cin/cout
More informationThe Supply of Loanable Funds: A Comment on the Misconception and Its Implications
JOURNL OF ECONOMICS ND FINNCE EDUCTION Volume 7 Numbe 2 Winte 2008 39 The Supply of Loanable Funds: Comment on the Misconception and Its Implications. Wahhab Khandke and mena Khandke* STRCT Recently FieldsHat
More informationFast FPTalgorithms for cleaning grids
Fast FPTalgoithms fo cleaning gids Josep Diaz Dimitios M. Thilikos Abstact We conside the poblem that given a gaph G and a paamete k asks whethe the edit distance of G and a ectangula gid is at most k.
More informationarxiv:1110.2612v1 [qfin.st] 12 Oct 2011
Maket inefficiency identified by both single and multiple cuency tends T.Toká 1, and D. Hováth 1, 1 Sos Reseach a.s., Stojáenská 3, 040 01 Košice, Slovak Republic Abstact axiv:1110.2612v1 [qfin.st] 12
More informationReferral service and customer incentive in online retail supply Chain
Refeal sevice and custome incentive in online etail supply Chain Y. G. Chen 1, W. Y. Zhang, S. Q. Yang 3, Z. J. Wang 4 and S. F. Chen 5 1,,3,4 School of Infomation Zhejiang Univesity of Finance and Economics
More informationReview Graph based Online Store Review Spammer Detection
Review Gaph based Online Stoe Review Spamme Detection Guan Wang, Sihong Xie, Bing Liu, Philip S. Yu Univesity of Illinois at Chicago Chicago, USA gwang26@uic.edu sxie6@uic.edu liub@uic.edu psyu@uic.edu
More informationOn the Security of A Provably Secure Certificate Based Ring Signature Without Pairing
Intenational Jounal of Netwok Secuity, Vol.17, No.2, PP.129134, Ma. 2015 129 On the Secuity of A Povably Secue Cetificate Based Ring Signatue Without Paiing Ji Geng 1, Hu Xiong 1,2, Fagen Li 1, and Zhiguang
More informationMATHEMATICAL SIMULATION OF MASS SPECTRUM
MATHEMATICA SIMUATION OF MASS SPECTUM.Beánek, J.Knížek, Z. Pulpán 3, M. Hubálek 4, V. Novák Univesity of South Bohemia, Ceske Budejovice, Chales Univesity, Hadec Kalove, 3 Univesity of Hadec Kalove, Hadec
More informationThe Predictive Power of Dividend Yields for Stock Returns: Risk Pricing or Mispricing?
The Pedictive Powe of Dividend Yields fo Stock Retuns: Risk Picing o Mispicing? Glenn Boyle Depatment of Economics and Finance Univesity of Cantebuy Yanhui Li Depatment of Economics and Finance Univesity
More informationAn Introduction to Omega
An Intoduction to Omega Con Keating and William F. Shadwick These distibutions have the same mean and vaiance. Ae you indiffeent to thei iskewad chaacteistics? The Finance Development Cente 2002 1 Fom
More informationEpisode 401: Newton s law of universal gravitation
Episode 401: Newton s law of univesal gavitation This episode intoduces Newton s law of univesal gavitation fo point masses, and fo spheical masses, and gets students pactising calculations of the foce
More informationAutomatic Testing of Neighbor Discovery Protocol Based on FSM and TTCN*
Automatic Testing of Neighbo Discovey Potocol Based on FSM and TTCN* Zhiliang Wang, Xia Yin, Haibin Wang, and Jianping Wu Depatment of Compute Science, Tsinghua Univesity Beijing, P. R. China, 100084 Email:
More informationOn Some Functions Involving the lcm and gcd of Integer Tuples
SCIENTIFIC PUBLICATIONS OF THE STATE UNIVERSITY OF NOVI PAZAR SER. A: APPL. MATH. INFORM. AND MECH. vol. 6, 2 (2014), 91100. On Some Functions Involving the lcm and gcd of Intege Tuples O. Bagdasa Abstact:
More informationMechanics 1: Motion in a Central Force Field
Mechanics : Motion in a Cental Foce Field We now stud the popeties of a paticle of (constant) ass oving in a paticula tpe of foce field, a cental foce field. Cental foces ae ve ipotant in phsics and engineeing.
More informationFinancial Planning and Riskreturn profiles
Financial Planning and Risketun pofiles Stefan Gaf, Alexande Kling und Jochen Russ Pepint Seies: 201016 Fakultät fü Mathematik und Witschaftswissenschaften UNIERSITÄT ULM Financial Planning and Risketun
More informationOptimizing Content Retrieval Delay for LTbased Distributed Cloud Storage Systems
Optimizing Content Retieval Delay fo LTbased Distibuted Cloud Stoage Systems Haifeng Lu, Chuan Heng Foh, Yonggang Wen, and Jianfei Cai School of Compute Engineeing, Nanyang Technological Univesity, Singapoe
More informationRSA OAEP is Secure under the RSA Assumption
This is a revised version of the extended abstract RSA OAEP is Secure under the RSA Assumption which appeared in Advances in Cryptology Proceedings of CRYPTO 2001 (19 23 august 2001, Santa Barbara, California,
More informationSaturated and weakly saturated hypergraphs
Satuated and weakly satuated hypegaphs Algebaic Methods in Combinatoics, Lectues 67 Satuated hypegaphs Recall the following Definition. A family A P([n]) is said to be an antichain if we neve have A B
More informationExam #1 Review Answers
xam #1 Review Answes 1. Given the following pobability distibution, calculate the expected etun, vaiance and standad deviation fo Secuity J. State Pob (R) 1 0.2 10% 2 0.6 15 3 0.2 20 xpected etun = 0.2*10%
More informationAlarm transmission through Radio and GSM networks
Alam tansmission though Radio and GSM netwoks 2015 Alam tansmission though Radio netwok RRIP12 RL10 E10C E10C LAN RL1 0 R11 T10 (T10U) Windows MONAS MS NETWORK MCI > GNH > GND > +E > DATA POWER DATA BUS
More information30 H. N. CHIU 1. INTRODUCTION. Recherche opérationnelle/operations Research
RAIRO Rech. Opé. (vol. 33, n 1, 1999, pp. 2945) A GOOD APPROXIMATION OF THE INVENTORY LEVEL IN A(Q ) PERISHABLE INVENTORY SYSTEM (*) by Huan Neng CHIU ( 1 ) Communicated by Shunji OSAKI Abstact. This
More informationRisk Sensitive Portfolio Management With CoxIngersollRoss Interest Rates: the HJB Equation
Risk Sensitive Potfolio Management With CoxIngesollRoss Inteest Rates: the HJB Equation Tomasz R. Bielecki Depatment of Mathematics, The Notheasten Illinois Univesity 55 Noth St. Louis Avenue, Chicago,
More informationMETHODOLOGICAL APPROACH TO STRATEGIC PERFORMANCE OPTIMIZATION
ETHODOOGICA APPOACH TO STATEGIC PEFOANCE OPTIIZATION ao Hell * Stjepan Vidačić ** Željo Gaača *** eceived: 4. 07. 2009 Peliminay communication Accepted: 5. 0. 2009 UDC 65.02.4 This pape pesents a matix
More informationUNIVERSIDAD DE CANTABRIA TESIS DOCTORAL
UNIVERSIDAD DE CANABRIA Depatamento de Ingenieía de Comunicaciones ESIS DOCORAL Cyogenic echnology in the Micowave Engineeing: Application to MIC and MMIC Vey Low Noise Amplifie Design Juan Luis Cano de
More informationDefinitions and terminology
I love the Case & Fai textbook but it is out of date with how monetay policy woks today. Please use this handout to supplement the chapte on monetay policy. The textbook assumes that the Fedeal Reseve
More informationChannel selection in ecommerce age: A strategic analysis of coop advertising models
Jounal of Industial Engineeing and Management JIEM, 013 6(1):89103 Online ISSN: 0130953 Pint ISSN: 013843 http://dx.doi.og/10.396/jiem.664 Channel selection in ecommece age: A stategic analysis of
More informationChris J. Skinner The probability of identification: applying ideas from forensic statistics to disclosure risk assessment
Chis J. Skinne The pobability of identification: applying ideas fom foensic statistics to disclosue isk assessment Aticle (Accepted vesion) (Refeeed) Oiginal citation: Skinne, Chis J. (2007) The pobability
More informationAn Epidemic Model of Mobile Phone Virus
An Epidemic Model of Mobile Phone Vius Hui Zheng, Dong Li, Zhuo Gao 3 Netwok Reseach Cente, Tsinghua Univesity, P. R. China zh@tsinghua.edu.cn School of Compute Science and Technology, Huazhong Univesity
More informationPower and Sample Size Calculations for the 2Sample ZStatistic
Powe and Sample Size Calculations fo the Sample ZStatistic James H. Steige ovembe 4, 004 Topics fo this Module. Reviewing Results fo the Sample Z (a) Powe and Sample Size in Tems of a oncentality Paamete.
More information1.4 Phase Line and Bifurcation Diag
Dynamical Systems: Pat 2 2 Bifucation Theoy In pactical applications that involve diffeential equations it vey often happens that the diffeential equation contains paametes and the value of these paametes
More information867 Product Transfer and Resale Report
867 Poduct Tansfe and Resale Repot Functional Goup ID=PT Intoduction: This X12 Tansaction Set contains the fomat and establishes the data contents of the Poduct Tansfe and Resale Repot Tansaction Set (867)
More informationDistributed Computing and Big Data: Hadoop and MapReduce
Distibuted Computing and Big Data: Hadoop and Map Bill Keenan, Diecto Tey Heinze, Achitect Thomson Reutes Reseach & Development Agenda R&D Oveview Hadoop and Map Oveview Use Case: Clusteing Legal Documents
More informationPAN STABILITY TESTING OF DC CIRCUITS USING VARIATIONAL METHODS XVIII  SPETO  1995. pod patronatem. Summary
PCE SEMINIUM Z PODSTW ELEKTOTECHNIKI I TEOII OBWODÓW 8  TH SEMIN ON FUNDMENTLS OF ELECTOTECHNICS ND CICUIT THEOY ZDENĚK BIOLEK SPŠE OŽNO P.., CZECH EPUBLIC DLIBO BIOLEK MILITY CDEMY, BNO, CZECH EPUBLIC
More informationAn application of stochastic programming in solving capacity allocation and migration planning problem under uncertainty
An application of stochastic pogamming in solving capacity allocation and migation planning poblem unde uncetainty YinYann Chen * and HsiaoYao Fan Depatment of Industial Management, National Fomosa Univesity,
More informationSeshadri constants and surfaces of minimal degree
Seshadi constants and sufaces of minimal degee Wioletta Syzdek and Tomasz Szembeg Septembe 29, 2007 Abstact In [] we showed that if the multiple point Seshadi constants of an ample line bundle on a smooth
More informationTop K Nearest Keyword Search on Large Graphs
Top K Neaest Keywod Seach on Lage Gaphs Miao Qiao, Lu Qin, Hong Cheng, Jeffey Xu Yu, Wentao Tian The Chinese Univesity of Hong Kong, Hong Kong, China {mqiao,lqin,hcheng,yu,wttian}@se.cuhk.edu.hk ABSTRACT
More informationVISCOSITY OF BIODIESEL FUELS
VISCOSITY OF BIODIESEL FUELS One of the key assumptions fo ideal gases is that the motion of a given paticle is independent of any othe paticles in the system. With this assumption in place, one can use
More informationOptimal Capital Structure with Endogenous Bankruptcy:
Univesity of Pisa Ph.D. Pogam in Mathematics fo Economic Decisions Leonado Fibonacci School cotutelle with Institut de Mathématique de Toulouse Ph.D. Dissetation Optimal Capital Stuctue with Endogenous
More informationResearch and the Approval Process
Reseach and the Appoval Pocess Emeic Heny y Maco Ottaviani z Febuay 2014 Abstact An agent sequentially collects infomation to obtain a pincipal s appoval, such as a phamaceutical company seeking FDA appoval
More informationConjunctive Query Answering for the Description Logic SHIQ
Jounal of Atificial Intelligence Reseach 31 (2008) 157204 Submitted 06/07; published 01/08 Conjunctive Quey Answeing fo the Desciption Logic SHIQ Bite Glimm Ian Hoocks Oxfod Univesity Computing Laboatoy,
More informationCONCEPTUAL FRAMEWORK FOR DEVELOPING AND VERIFICATION OF ATTRIBUTION MODELS. ARITHMETIC ATTRIBUTION MODELS
CONCEPUAL FAMEOK FO DEVELOPING AND VEIFICAION OF AIBUION MODELS. AIHMEIC AIBUION MODELS Yui K. Shestopaloff, is Diecto of eseach & Deelopment at SegmentSoft Inc. He is a Docto of Sciences and has a Ph.D.
More informationStatistics and Data Analysis
Pape 27425 An Extension to SAS/OR fo Decision System Suppot Ali Emouznead Highe Education Funding Council fo England, Nothavon house, Coldhabou Lane, Bistol, BS16 1QD U.K. ABSTRACT This pape exploes the
More informationImproving Network Security Via CyberInsurance A Market Analysis
1 Impoving Netwok Secuity Via CybeInsuance A Maket Analysis RANJAN PAL, LEANA GOLUBCHIK, KONSTANTINOS PSOUNIS Univesity of Southen Califonia PAN HUI Hong Kong Univesity of Science and Technology Recent
More informationJapan s trading losses reach JPY20 trillion
IEEJ: Mach 2014. All Rights Reseved. Japan s tading losses each JPY20 tillion Enegy accounts fo moe than half of the tading losses YANAGISAWA Akia Senio Economist Enegy Demand, Supply and Foecast Goup
More informationCarterPenrose diagrams and black holes
CatePenose diagams and black holes Ewa Felinska The basic intoduction to the method of building Penose diagams has been pesented, stating with obtaining a Penose diagam fom Minkowski space. An example
More informationTHE DISTRIBUTED LOCATION RESOLUTION PROBLEM AND ITS EFFICIENT SOLUTION
IADIS Intenational Confeence Applied Computing 2006 THE DISTRIBUTED LOCATION RESOLUTION PROBLEM AND ITS EFFICIENT SOLUTION Jög Roth Univesity of Hagen 58084 Hagen, Gemany Joeg.Roth@Fenunihagen.de ABSTRACT
More informationFaithful Comptroller s Handbook
Faithful Comptolle s Handbook Faithful Comptolle s Handbook Selection of Faithful Comptolle The Laws govening the Fouth Degee povide that the faithful comptolle be elected, along with the othe offices
More informationA formalism of ontology to support a software maintenance knowledgebased system
A fomalism of ontology to suppot a softwae maintenance knowledgebased system Alain Apil 1, JeanMac Deshanais 1, and Reine Dumke 2 1 École de Technologie Supéieue, 1100 NoteDame West, Monteal, Canada
More information