SHA-3 and The Hash Function Keccak
|
|
- Chastity Stella Johnson
- 6 years ago
- Views:
Transcription
1 Chistof Paa Jan Pelzl SHA-3 and The Hash Function Keccak An extension chapte fo Undestanding Cyptogaphy A Textbook fo Students and Pactitiones Spinge
2 2
3 Table of Contents 1 The Hash Function Keccak and the Upcoming SHA-3 Standad Bief Histoy of the SHA Family of Hash Functions High-level Desciption of Keccak Input Padding and Geneating of Output The Function Keccak- f (o the Keccak- f Pemutation) Theta (θ) Step Steps Rho (ρ) and Pi (π) Chi (χ) Step Iota (ι) Step Implementation in Softwae and Hadwae Discussion and Futhe Reading Lessons Leaned Poblems Refeences v
4
5 Chapte 1 The Hash Function Keccak and the Upcoming SHA-3 Standad This document 1 is a stand-alone desciption of the Keccak hash function which is the basis of the upcoming SHA-3 standad. The desciption is consistent with the appoach used in ou book Undestanding Cyptogaphy A Textbook fo Students and Pactiones [11]. If you own the book, this document can be consideed Chapte 11b. Howeve, the book is most cetainly not necessay fo using the SHA-3 desciption in this document. You may want to check the companion web site of Undestanding Cyptogaphy fo moe infomation on Keccak: In this chapte you will lean: A bief histoy of the SHA-3 selection pocess A high-level desciption of SHA-3 The intenal stuctue of SHA-3 A discussion of the softwae and hadwae implementation of SHA-3 A poblem set and ecommended futhe eadings 1 We would like to thank the Keccak designes as well as Pawel Swieczynski and Chistian Zenge fo thei extemely helpful input to this document. Thanks go also to Fiedich Wieme fo doing the gaphics in this chapte. 1
6 2 1 The Hash Function Keccak and the Upcoming SHA-3 Standad 1.1 Bief Histoy of the SHA Family of Hash Functions A lage numbe of hash functions have been poposed ove the last two decades. In pactice, by fa the most popula ones have been the hash algoithms of what is called the MD4 family. MD5, the SHA family and RIPEMD ae all based on the pinciples of MD4. This message digest algoithm was developed by Ronald Rivest. MD4 was an innovative idea because it was especially designed to allow vey efficient softwae implementation. It uses 32-bit vaiables, and all opeations ae bitwise Boolean functions such as logical AND, OR, XOR and negation. All subsequent hash functions in the MD4 family ae based on the same softwae-fiendly pinciples. A stengthened vesion of MD4, named MD5, was poposed by Rivest in Both hash functions compute a 128-bit output, i.e., they possess a collision esistance of about MD5 became extemely widely used, e.g., in Intenet secuity potocols, fo computing checksums of files o fo stoing of passwod hashes. Thee wee, howeve, ealy signs of potential weaknesses. Thus, NIST, the US National Institute of Standads and Technology, published a new message digest standad, which was coined the Secue Hash Algoithm (SHA), in This is the fist membe of the SHA family and is officially called SHA, even though it is nowadays commonly efeed to as SHA-0. In 1995, SHA-0 was modified to SHA-1. The diffeence between the SHA-0 and SHA-1 algoithms lies in an impoved schedule of the compession function. Both algoithms have an output length of 160 bit. In 1996, a patial attack against the hash function MD5, on which SHA-0 is based, by Hans Dobbetin led to moe and moe expets ecommending SHA-1 as a eplacement fo the widely used MD5. Since then, SHA-1 has gained wide adoption in numeous poducts and standads. In the absence of analytical attacks, the maximum collision esistance of SHA- 0 and SHA-1 is about 2 80, which is not a good fit if they ae used in potocols togethe with algoithms such as AES, which has a secuity level of bits. Similaly, most public-key schemes can offe highe secuity levels, fo instance, elliptic cuves can have secuity levels of 128 bits if 256 bits cuves ae used. Thus, in 2001 NIST intoduced thee moe vaiants of SHA-1: SHA-256, SHA-384 and SHA-512, with message digest lengths of 256, 384 and 512 bits, espectively. A futhe modification, SHA-224, was intoduced in 2004 in ode to fit the secuity level of 3DES. These fou hash functions ae often efeed to as SHA-2. In 2004, collision-finding attacks against MD5 and SHA-0 whee announced by Xiaoyun Wang. One yea late it was claimed that the attack could be extended to SHA-1 and it was claimed that a collision seach would take 2 63 steps, which is consideably less than the 2 80 achieved by the bithday attack. It should be noted that the attack has neve been successfully applied against SHA-1 at the time of witing, i.e., about eight yeas afte the attack had been descibed. In any case, the Wang attack should be taken seious and NIST held two public wokshops to assess the status of SHA and to solicit public input on its cyptogaphic hash function policy and standad. Subsequently, NIST decided to develop an additional hash function, to be named SHA-3, though a public competition. This
7 1.2 High-level Desciption of Keccak 3 appoach is quite simila to the selection pocess of AES in the late 1990s. Howeve, unlike AES which was clealy meant as a eplacement fo DES, it was planned that SHA-2 and SHA-3 should co-exist assuming thee ae no new attacks against SHA- 2. In fact, at the time of witing, i.e., ealy 2013, SHA-2 is still consideed highly secue. Fo that easons both SHA-2 and SHA-3, once it is finalized, will both be fedeal US standads. Below is a ough time line of the SHA-3 selection pocess: Novembe 2, 2007: NIST announces the SHA-3 call fo algoithm. Octobe 31, 2008: 64 submissions ae eceived fom the intenational cyptogaphy community. Decembe 2008: NIST selects 51 algoithms fo Round 1 of the SHA-3 competition. July 2009: Afte much input fom the scientific community, NIST selects 14 Round 2 algoithms. Decembe 9, 2010: NIST announces five Round 3 candidates. These ae the hash functions: BLAKE by Jean-Philippe Aumasson, Luca Henzen, Willi Meie, and Raphael C.-W. Phan Gøstl by Paveen Gauavaam, Las Knudsen, Kystian Matusiewicz, Floian Mendel, Chistian Rechbege, Matin Schläffeand Søen S. Thomsen JH by Hongjun Wu Keccak by Guido Betoni, Joan Daemen, Michaël Peetesand Gilles Van Assche Skein by Buce Schneie, Stefan Lucks, Niels Feguson, Doug Whiting, Mihi Bellae, Tadayoshi Kohno, Jon Callas and Jesse Walke Octobe 2, 2012: NIST selects Keccak as basis fo the SHA-3 hash function 2. It should be stessed that Keccak has a quite diffeent intenal stuctue than hash functions that belong to the MD4 family, including SHA-1 and SHA-2. Please see Section 1.6 fo moe infomation on the SHA-3 competition. 1.2 High-level Desciption of Keccak In the following we will descibe the hash function Keccak. Keccak has seveal paametes that can be chosen by the use. At the time of witing, NIST has not made a final decision which paametes will be used fo the SHA-3 standad. Thus, all efeences to SHA-3 ae peliminay. We will update this document in the futue should thee be changes with espect to the SHA-3 paametes. A cental equiement by NIST fo the SHA-3 hash function was the suppot of the following output lengths: 2 Like AES, Keccak was designed by a team of Euopean cyptogaphes. One membe of the Keccak team, Joan Daemen fom Belgium, is also one of the two AES designes.
8 4 1 The Hash Function Keccak and the Upcoming SHA-3 Standad 224 bits 256 bits 384 bits 512 bits If a collision seach attack is applied to the hash function an attack that due to the bithday paadox is in pinciple always feasible as we ecall fom Section of Undestanding Cyptogaphy [11] SHA-3 with 256, 384 and 512 bit output shows an attack complexity of appoximately 2 128, and 2 256, espectively. This is an exact match fo the cyptogaphic stength that the thee key lengths of AES povide against bute-foce attacks (cf. [11, Chapte 6.2.4]). Similaly, 3DES has a cyptogaphic stength of 2 112, and SHA-3 with 224 bit output shows the same esistance against collision attacks. It tuns out that Keccak also allows the geneation of abitaily many output bits. This is entiely diffeent fom the hash functions SHA-1 and SHA-2 that output a block of fixed length. Because of this behavio, SHA-3 can be used in two pinciple modes: SHA-2 Replacement Mode In this mode, SHA-3 poduces a fixed-length output of 224, 256, 384, o 512 bits, as descibed above. Vaiable-length Output Mode This mode allows to use SHA-3 fo the geneation of abitaily many output bits. Thee ae many applications in cyptogaphy, e.g., when using SHA-3 as a steam ciphe o fo geneating pseudo-andom bits. Unlike SHA-1 and SHA-2, Keccak does not ely on the Mekle Damgåd constuction. Rathe, the hash function is based on what is called a sponge constuction. Afte the pe-pocessing (which divides the message into blocks and povides padding), the sponge constuction consists of two phases: Absobing (o input) phase The message blocks x i ae passed to the algoithm and pocessed. Squeezing (o output) phase An output of configuable length is computed. Figue 1.1 shows a high-level diagam of Keccak. Fo both phases the same function is being used. This function is named Keccak- f. Figue 1.2 shows how the sponge constuction eads in the input blocks x i, and how the output blocks y j ae geneated. The sponge constuction allows abitay-length outputs y 0 y n. When SHA-3 is used as SHA-2 eplacement only the fist bits of the fist output block y 0 ae equied. Thee ae seveal paametes with which the input and output sizes as well as the secuity level of Keccak can be configued. The coesponding paametes ae: b is the width of the state, i.e., b = + c (cf. Figue 1.2). b in tun depends on the exponent l and can take the following values: b = 25 2 l, l = 0,1,...,6
9 1.2 High-level Desciption of Keccak 5 Keccak m pepoc.... x 1 x 0 inne Keccak y n... y 0 = h(m) absobing phase squeezing phase sponge constuction Fig. 1.1 High-level view on Keccak x 0 x 1 x t-1 y u c f f... f f... f y 0 y 1 absobing squeezing Fig. 1.2 Absobing and squeezing phases of the sponge constuction That means the state can have a width of b {25,50,100,200,400,800,1600}. Note that the two small paametes b = 25 and b = 50 ae only toy values fo analyzing the algoithm and should not be used in pactice. is called the bit ate. is equal to the length of one message block x i, cf. Figue 1.2 c is called the capacity. It must hold that + c is a valid state width, i.e., + c = b {25,50,100,200,400,800,1600} Fo SHA-3 a state of b = 1600 bits is used. In this case the two bit ates = 1344 and = 1088 ae allowed, fom which the two capacities c = 256 and c = 512, espectively, follow. When used as SHA-2 eplacement mode, SHA-3 uses the paametes given in Table 1.1. The secuity level denotes the numbe of computations an attacke has to pefom in ode to beak the hash function, e.g., a secuity level of 128 bits implies that an advesay has to pefom computations (cf. [11, Section 6.2.4]). Note that the paametes ae not standadized yet. Inteestingly, the message padding is diffeent fo each of the fou output lengths, as will be explained in Section 1.3.
10 6 1 The Hash Function Keccak and the Upcoming SHA-3 Standad Table 1.1 The paametes of SHA-3 when used as SHA-2 eplacement b c secuity level hash (state) output [bits] [bits] [bits] [bits] [bits] Let s look at Figue 1.2. We can see that the main thing we need to develop is the function Keccak- f. Befoe we do this, we intoduce the input padding and output geneation. 1.3 Input Padding and Geneating of Output Pio to the actual pocessing of a message m by the hash function, the input has to be padded 3. One eason fo this is that the padded input has a length which is a multiple of bits. (We ecall fom Figue 1.2 that blocks of bits ae fed into SHA- 3.) Thee ae also secuity consideations which equie the specific padding used in SHA-3. The padding ule fo an input message m is as follows: pad(m) = m P10 1 =...,x 1,x 0 The scheme appends a pedetemined bit sting P followed by a 1, then by the smallest numbe of 0s and a teminating 1 such that the total length of the new sting is a multiple of. Note that the sting 0 = 0 0 can be the empty sting, i.e., it can consist of no zeos. The value of P depends on the mode and the output length in which SHA-3 is being used and is given in Table 1.2. When using the hash function Table 1.2 Poposed input padding fo SHA-3 mode output length P 10 1 SHA-2 eplacement SHA-2 eplacement SHA-2 eplacement SHA-2 eplacement vaiable-length output abitay as SHA-2 eplacement, the minimum numbe of bits appended by the padding ule is seven (i.e., the bits o ), and the maximum numbe of padding bits appended is + 1. The latte case occus if the last message block consists of 3 Note that the padding ules fo SHA-3 descibed in this section ae not finalized by NIST at the time of witing.
11 1.4 The Function Keccak- f (o the Keccak- f Pemutation) 7 6 bits. In the othe mode, i.e., using SHA-3 with vaiable output length, at least 6 bits ae added and at most 5 bits. At the end of the padding pocess we obtain a seies of blocks x i, whee each block x i has a length of bits. Output When using the SHA-2 eplacement mode the last evocation of the function Keccak- f, i.e., the last ound of the absobing phase, will poduce the hash output which is pat of y 0 (cf. Figue 1.2). In contast, when the vaiable-length output mode is used, the squeezing phase of the sponge constuction allows to compute as many hash output blocks as desied by the use. As one can see fom Figue 1.2, Keccak computes chunks of output bits. In the case of SHA-3, = 1344 o = 1088, i.e., y 0 is aleady 1344 o 1088, espectively, bits long. If SHA-3 is used as SHA- 2 eplacement, only 224, 256, 384, o 512 bits ae equied. In ode to obtain the desied output length, the least significant bits of y 0 ae used as hash output and the emaining bits of y 0 ae discaded. When using Keccak in the vaiable-length output mode, all bits of y 0 can be used as well as, of couse, all subsequent output blocks y 1,y 2, The Function Keccak- f (o the Keccak- f Pemutation) The function Keccak- f is at the heat of the hash algoithm and is used in both phases of the sponge constuction, cf. Figue 1.2. Keccak- f is also efeed to as Keccak- f pemutation. The latte name stems fom the fact that the function pemutes the 2 b input values, i.e., evey b-bit intege is mapped to exactly one b-bit output intege in a bijective manne 4 (a one-to-one mapping). We look now at the inne stuctue of Keccak- f, which is visualized in Figue 1.3. c f c c b Round 1 b... b Round n b c b θ ρ π χ ι b Fig. 1.3 Intenal stuctue of function Keccak- f 4 Note that such a pemutation function is diffeent fom the bit pemutations that ae utilized within DES.
12 8 1 The Hash Function Keccak and the Upcoming SHA-3 Standad The function consists of n ounds. Each ound has an input which consists of b = + c bits. The numbe of ounds depends on the paamete l: n = l As mentioned in Subsection 1.2, l also detemines the state width b = 25 2 l. Table 1.3 shows the coesponding numbe of ounds as a function of the state width. We note that fo SHA-3 thee ae n = 24 ounds because l = 6. The ounds ae iden- Table 1.3 Numbe of ounds within Keccak- f (fo SHA-3: b = 1600 and n = 24) state width b # ounds [bits] n tical except the ound constant RC[i] which takes a diffeent value in each ound i. The ound constants ae only used in the Iota Step of the ound function, cf. Subsection As shown in Figue 1.3, each ound consists of a sequence of five steps denoted by Geek lettes: θ (theta), ρ (ho), π (pi), χ (chi) and ι (iota). Each step manipulates the entie state. The state can be viewed as a 3-dimensional aay as shown in Figue 1.4. The state aay consists of b = 5 5 w bits, whee w = 2 l. As mentioned Fig. 1.4 The state of Keccak whee each small cube epesents one bit. Fo SHA-3, the state is a bit aay. (Gaphic taken fom [4] and used with pemission by the Keccak designes.) above,one has to choose l = 6 fo SHA-3 and thus:
13 1.4 The Function Keccak- f (o the Keccak- f Pemutation) 9 w = 64 bits The w bits fo a given (x,y) coodinate ae called a lane (i.e., the bits in the wod along the z-axis). In the following we descibe the five steps θ, ρ, π, χ and ι of Keccak- f. Inteestingly, even though one has to compute the θ Step fist, the ode in which the emaining fou steps ae executed does not matte. Reades with a backgound in hadwae design will ecognize that the steps ae elatively hadwae-fiendly. This means that Keccak can be implemented quite compact in digital hadwae esulting in high pefomance and, sometimes moe impotantly, with less enegy usage than the moe softwae-oiented SHA-1 and SHA-2 algoithms Theta (θ) Step The easiest way to gasp the function of the θ Step is to view the state as a twodimensional aay (moe pecisely: a 5 5 aay), whee each aay element consists of a single wod with w bits, as shown in Figue 1.4. If we denote this aay by A(x, y), with x, y = 0, 1,..., 4, the θ Step pefoms the following opeation: C[x] = A[x,0] A[x,1] A[x,2] A[x,3] A[x,4], x = 0,1,2,3,4 D[x] = C[x 1] ot(c[x + 1],1), x = 0,1,2,3,4 A[x,y] = A[x,y] D[x], x,y = 0,1,2,3,4 C[x] and D[x] ae one-dimensional aays which contain five wods of length w bits. denotes the bit-wise XOR opeation of the two w-bit opeands, and ot(c[], 1) denotes a otation of the opeand by one bit. This otation is in the diection of the z- axis if we conside Figue 1.4. Note that all indices ae taken modulo 5, e.g., C[ 1] efes to C[4]. Figue 1.5 shows the θ Step on a bit level. Roughly speaking, evey bit is eplaced by the XOR sum of 10 bits in its neighbohood and the oiginal bit itself. To be exact: One adds to the bit being pocessed the five bits foming the column to the left plus the column which is on the ight and one position to the font. Remembe that thee ae a total of 25w = = 1600 bits in the state. It is a good mental execise to figue out how Figue 1.5 follows fom the pseudo code above Steps Rho (ρ) and Pi (π) The next two steps compute an auxiliay 5 5 aay B fom the state aay A. Note that B[i, j] efes to a wod with w bits. Both steps can be expessed jointly by the following simple pseudo-code. B[y,2x + 3y] = ot(a[x,y],[x,y]), x,y = 0,1,2,3,4
14 10 1 The Hash Function Keccak and the Upcoming SHA-3 Standad Fig. 1.5 The θ Step of Keccak- f (Gaphic taken fom [4] and used with pemission by the Keccak designes.) ot(a[],i) otates one wod of A by i bit positions. The numbe of otations is specified by [x,y] which is a table with intege values that ae efeed to as otation offsets, given in Table 1.4 below. Note that the table enties ae constants. The opeation of the ρ and π Step is quite easy: They take each of the 25 lanes (i.e., wods with w bits) of the state aay A, otate it by a fixed numbe of positions (this is the Rho Step), and place the otated lane at a diffeent position in the new aay B (this is the Pi Step) 5. As an example, let s look at the lane at location [3,1], i.e., the w-bit wod A[3,1]. Fist, this wod is otated by 55 bit positions, cf. Table 1.4 fo x = 3,y = 1. The otated wod is then placed in the B aay at location B[1, ] = B[1,4]. Note that the indices ae computed modulo 5. Table 1.4 The otation constants (aka otation offsets) x = 3 x = 4 x = 0 x = 1 x = 2 y= y= y= y= y= Chi (χ) Step The χ Step manipulates the B aay computed in the pevious step and places the esult in the state aay A. The χ Step opeates on lanes, i.e., wods with w bits. The 5 Rho can be thought of as a mnemonic fo otation, and Pi fo pemuation.
15 1.4 The Function Keccak- f (o the Keccak- f Pemutation) 11 pseudo code of the step is as follows: A[x,y] = B[x,y] (( B[x + 1,y]) B[x + 2,y]), x,y = 0,1,2,3,4 whee B[i, j] denotes the bitwise complement of the lane at addess [i, j], and is the bitwise Boolean AND opeation of the two opeands. As in all othe steps, the indices ae to be taken modulo 5. Descibing the opeation vebally, one could say that the χ Steps takes the lane at location [x,y] and XORs it with the logical AND of the lane at addess [x + 2,y] and the invese at location [x + 1,y]. Figue 1.6 visualizes the step. Again, it is helpful to find out how the figue is elated to the pseudo code above. Fig. 1.6 The χ Step of Keccak- f. The uppe ow epesents five lanes of the B aay, wheeas the lowe ow shows five lanes of the state aay A. (Gaphic taken fom [4] and used with pemission by the Keccak designes.) Iota (ι) Step The Iota Step is the most staightfowad one. It adds a pedefined w-bit constant to the lane at location [0,0] of the state aay A: A[0,0] = A[0,0] RC[i] The constant RC[i] diffes depending on which ound i is being executed. We ecall fom Table 1.5 that the numbe of ounds n vaies with the paamete b chosen fo Keccak. Fo SHA-3, thee ae n = 24 ounds. The coesponding ound constants RC[0]...RC[23] ae shown in Table 1.5
16 12 1 The Hash Function Keccak and the Upcoming SHA-3 Standad Table 1.5 The ound constants RC[i], whee each constant is 64 bits long and given in hexadecimal notation RC[ 0] = 0x RC[12] = 0x B RC[ 1] = 0x RC[13] = 0x B RC[ 2] = 0x A RC[14] = 0x RC[ 3] = 0x RC[15] = 0x RC[ 4] = 0x B RC[16] = 0x RC[ 5] = 0x RC[17] = 0x RC[ 6] = 0x RC[18] = 0x A RC[ 7] = 0x RC[19] = 0x A RC[ 8] = 0x A RC[20] = 0x RC[ 9] = 0x RC[21] = 0x RC[10] = 0x RC[22] = 0x RC[11] = 0x A RC[23] = 0x Implementation in Softwae and Hadwae When computing the hash algoithm, the majoity of time is spent on Keccak- f. Thus, the following discussion will focus on implementing this function in softwae and hadwae. If Keccak is used as SHA-3, the state is 1600 bits which is stoed in 25 wods of 64 bits each (cf. Figue 1.4). On 64 bit CPUs, which ae in the majoity of moden PCs, one 64 bit lane can be stoed natually in one egiste. Also, most 32 bit CPUs fom Intel and AMD suppot some instuctions on 64 bits, especially bitwise Boolean opeations which ae the main opeations in the five steps of Keccak- f. Geneally speaking, Keccak is quite amenable to softwae implementation. It shaes this popety with the othe SHA hash algoithms. A highly optimized SHA-3 implementation on moden Intel Coe CPUs can be executed at a ate of about 13 cycles/byte which tanslates, e.g., to a thoughput of appoximately 230 MByte/s (o about 1.84 Gbit/s) if the pocesso is clocked at 3 GHz. On 8 bit CPUs, which ae vey popula in embedded systems, SHA-3 can be implemented at about 1110 cycles/byte. Assuming a clock fequency of 10 MHz, this esults in a thoughput of about 9 kbyte/s, o oughly 72 kbit/s. Keccak tuns out to be vey well suited fo hadwae implementations. The algoithm is consideably moe efficient in hadwae than SHA-2. A high-speed paallelized achitectue can easily achieve thoughputs of 30 Gbit/sec o beyond with an aea of about 100,000 gate equivalences. On the othe hand of the pefomance spectum, a vey small seial hadwae engine with less than 10,000 gate equivalences can still achieve thoughputs of seveal 10 Mbit/sec. 1.6 Discussion and Futhe Reading The SHA-3 Selection Pocess The Request fo Candidate Algoithm by NIST, the US National Institute of Standads and Technology, was issued in The
17 1.6 Discussion and Futhe Reading 13 fou citeia fo selecting the new hash function wee secuity, pefomance, cyptogaphic matuity (i.e., how well an algoithm is undestood and has been analyzed) and divesity (i.e., how dissimila the intenal stuctue is fom SHA-2). Afte the submissions wee eceived in late 2008, thee wee fou yeas duing which the 51 algoithms consideed by NIST undewent intensive analysis by the intenational scientific community. The main focus was to cyptanalyze the algoithms and to study thei pefomance. The official NIST website has many esouces about the competition, including the official epots at the end of Round 1, 2 and 3 [10]. The best oveview of the multifaceted selection effot is the SHA-3 Zoo poject [1] povided by ECRYPT (Euopean Netwok of Excellence in Cyptogaphy). The SHA-3 Zoo is a wiki-like web esouce which in paticula (i) povides an oveview of each SHA-3 algoithm and (ii) summaizes the cyptanalysis of each hash function. Regading Keccak, the official efeence descibing the algoithm is document [8]. The fou algoithm designes maintain a website with many useful infomation on the hash function [3], including softwae and hadwae code (HDL), and a pseudo code desciption of Keccak which can be quite useful fo implementes [5]. Keccak vs. SHA-2 Keccak is based on a sponge constuction and has thus a quite diffeent stuctue fom hash functions that belong to the MD4 family, such as SHA- 1 and SHA-2. As mentioned in Section 1.1, even though seious weaknesses wee found in SHA-1 in 2004, they have until now not caied ove to SHA-2, which is an ensemble of hash functions which ae consideably stonge than SHA-1. Many symmetic cypto eseaches seiously doubt that the SHA-1 attack will eve pose a pactical theat against SHA-2. As a esult of this development thee will eventually be two hash functions (to be exact: the SHA-2 family and the SHA-3 family) which will be NIST standads. This is not necessaily a bad situation fo the following easons. Fist, SHA-2 and Keccak ae based on vey diffeent design pinciples. Should thee eve be a majo cyptanalytical beakthough (and this is a big should) against one of the hash functions, thee is a high likelihood that the attack will not apply to the othe one. Second, SHA-2 and Keccak posses diffeent implementation chaacteistics. Thus, fo a given application it can be beneficial to be able to select the algoithm which shows the moe favoable behavio fo the given platfom. Fo instance, Keccak is moe hadwae-fiendly and is bette suited fo embedded application that ae powe o cost constained, which is often tue fo battey-poweed devices (cf. the paagaph on implementation below). Finally, Keccak is moe vesatile and can be used fo moe puposes than mee hashing, which can be attactive fo cetain applications. Sponge Constuctions and the Secuity of Keccak The sponge constuction, o sponge function, is a new appoach to building hash functions. It was poposed by the Keccak designes on an ECRYPT wokshop in In geneal, a sponge constuction can be viewed as function which takes an abitay sized input and computes an output of any length needed by the use. A sponge constuction can easily be built by iteating a given pemutation function f. Inteestingly, a sponge constuction can also be used fo building steam ciphes and message authentication codes (MACs). A geneal intoduction to and moe esouces about sponge con-
18 14 1 The Hash Function Keccak and the Upcoming SHA-3 Standad stuctions can be found on the The Sponge Functions Cone website maintained by the Keccak designes [3]. A moe exhaustive teatment, including much moe about the theoy behind sponge constuctions and thei secuity popeties, is povided in efeence [7]. As pat of the SHA-3 competition thee have been extensive effots by the scientific community to discove weaknesses in Keccak (and, of couse, all othe SHA-3 candidate algoithms). To date, thee appeas no attack which has even a emote chance of success. To give the eade an idea of the state-of-the-at: The best attack known so fa equies about (!) steps and only woks against a scaled-down vesion of Keccak with 8 ounds. We ecall fom Section 1.4 that SHA-3 equies 24 ounds. An oveview on the vaious eseach papes dealing with the secuity analysis of Keccak can be found in efeence [6]. Keccak Implementation Thee is a host of low-level implementation ticks available in ode to speed-up Keccak on moden 32 and 64 bit CPUs. A good oveview is povided in efeence [9]. A benchmak test suite which automatically povides pefomance measuements is ebacs, which was ceated as pat of ECRYPT and is maintained by Dan Benstein and Tanja Lange [2]. ebacs povides pefomance numbes fo SHA-3 and many othe hash functions, symmetic and asymmetic algoithms on a lage vaiety of softwae platfoms. As stated in Section 1.5, SHA-3 shows a simila pefomance as SHA-1 on moden 64 bit CPUs. The situation is diffeent in hadwae. Keccak is consideably moe efficient than SHA-1 and the othe finalist algoithms of the SHA-3 competition. In one compaison, which took the thoughput-to-aea atio into account, Keccak was by a facto of about 5 moe efficient than the othe finalist hash functions and SHA-1. Two ecommended efeences which povide absolute numbes and also discuss the difficulties of poviding eliable hadwae compaisons ae [12] and [13]. 1.7 Lessons Leaned Keccak was developed as pat of a five-yea intenational hash function competition administeed by NIST. At the time of witing, the SHA-3 standad is being specified based on Keccak. SHA-3 will become a fedeal US standad and will co-exist togethe with SHA- 2. Both seem vey secue at the moment, i.e., thee ae no attacks known with a easonable chance of success in pactice. Keccak is based on a sponge constuction and has thus a quite diffeent intenal stuctue than SHA-1 and SHA-2. Keccak can be opeated with the output lengths 224, 256, 384 and 512 bits and in contast to the block-based functions SHA-1 and SHA-2 with an abitay output length. Keccak is oughly as fast in softwae than SHA-1 but consideably moe efficient (fast, little enegy) in hadwae and thus well suited fo embedded applications.
19 1.7 Poblems 15 Poblems 1.1. Assume that SHA-3 is used as a eplacement fo SHA-2 with an output size of 256 bits. In a given softwae implementation a thoughput of 120 MBytes/s is achieved. The same implementation is now used fo SHA-3 with 384 output bits. What is the thoughput of the latte implementation? (Hint: You just have to study Subsection 1.2.) 1.2. We want to hash a shot message consisting of the two bytes 0xCCCC with SHA-3. The hash function should be used as a eplacement fo SHA-2 with 256 bits. What is the message afte padding? Povide an answe in binay notation Keccak- f is a pemutation, i.e., evey of the 2 d input values gets a unique output value assigned in a bijective (i.e., one-to-one) manne. In this poblem we will study how pemutation functions ae diffeent fom the bit pemutations that ae used within DES, e.g., the P o IP pemutation. Let s conside a toy example, a function with 2 I/O bits. How many diffeent bit pemutations exist with 2 input and output bits? Daw one diagam fo each possible bit pemutation. Now we conside a pemutation function f that has 2 input and output bits. How many diffeent (i) input values and (ii) output values exist? Moe impotantly: How many diffeent pemutations exist, i.e., how many diffeent bijective (oneto-one) mappings exist between the input and output? List all possible pemutations. You can do this in a table which has in its leftmost column all input combinations listed, and fo each possible pemutation you wite a new column to the ight? (You may want to wite you solution on a piece of pape in landscape oientation.) It tuns out that a bit pemutation is a subset of the pemutation function. In the example above, which of the pemutation geneated by f ae the bit pemutations? In geneal: How many pemutations functions ae thee fo d input bits, and how many bit pemutations ae thee fo this case? 1.4. We conside Keccak- f with an input state A whee all 1600 bits have the value 0. What is the state afte the fist ound? 1.5. Descibe vebally how Figue 1.5 follows fom the pseudo code of the θ Step in Subsection We conside a SHA-3 state A whee all 1600 bits have the value 0 except the bits whose z coodinate is equal to zeo, i.e., A[x,y,0] = 1. How many state bits have the value 1? By looking at Figue 1.4, whee ae those bits located? We apply now the θ Step to A. What is the new state?
20
21 Refeences 1. The SHA-3 Zoo Dan Benstein and Tanja Lange (eds.). ebacs: ECRYPT Benchmaking of Cyptogaphic Systems Guido Betoni, Joan Daemen, Michaël Peetes and Gilles Van Assche. The Keccak sponge function family Guido Betoni, Joan Daemen, Michaël Peetes and Gilles Van Assche. The Keccak sponge function family Files Guido Betoni, Joan Daemen, Michaël Peetes and Gilles Van Assche. The Keccak sponge function family Specification summay. summay.html. 6. Guido Betoni, Joan Daemen, Michaël Peetes and Gilles Van Assche. The Keccak sponge function family Thid-paty cyptanalysis. paty.html. 7. Guido Betoni, Joan Daemen, Michaël Peetes and Gilles Van Assche. Cyptogaphic sponge functions, Guido Betoni, Joan Daemen, Michaël Peetes and Gilles Van Assche. The Keccak Refeence, Guido Betoni, Joan Daemen, Michaël Peetes, Gilles Van Assche and Ronny Van Kee. Keccak implementation oveview, Keccak-implementation-3.2.pdf. 10. National Institute of Standads and Technology. Cyptogaphic Hash Algoithm Competition Chistof Paa and Jan Pelzl. Undestanding Cyptogaphy - A Textbook fo Students and Pactitiones. Spinge, S. Matsuo, M. Knezevic, P. Schaumont, I. Vebauwhede, A. Satoh, K. Sakiyama and K. Ota. How can we conduct fai and consistent hadwae evaluation fo SHA-3 candidate?, NIST 2nd SHA-3 Candidate Confeence. 13. Xu Guo, Sinan Huang, Leyla Nazhandali and Patick Schaumont. Fai and Compehensive Pefomance Evaluation of 14 Second Round SHA-3 ASIC Implementations, NIST 2nd SHA-3 Candidate Confeence. 17
Module 6 STILL IMAGE COMPRESSION STANDARDS
Module 6 STILL IMAE COMPRESSION STANDARDS Lesson 17 JPE-2000 Achitectue and Featues Instuctional Objectives At the end of this lesson, the students should be able to: 1. State the shotcomings of JPE standad.
More informationConversion Functions for Symmetric Key Ciphers
Jounal of Infomation Assuance and Secuity 2 (2006) 41 50 Convesion Functions fo Symmetic Key Ciphes Deba L. Cook and Angelos D. Keomytis Depatment of Compute Science Columbia Univesity, mail code 0401
More informationA Memory Efficient Array Architecture for Real-Time Motion Estimation
A Memoy Efficient Aay Achitectue fo Real-Time Motion Estimation Vasily G. Moshnyaga and Keikichi Tamau Depatment of Electonics & Communication, Kyoto Univesity Sakyo-ku, Yoshida-Honmachi, Kyoto 66-1, JAPAN
More informationJournal of World s Electrical Engineering and Technology J. World. Elect. Eng. Tech. 1(1): 12-16, 2012
2011, Scienceline Publication www.science-line.com Jounal of Wold s Electical Engineeing and Technology J. Wold. Elect. Eng. Tech. 1(1): 12-16, 2012 JWEET An Efficient Algoithm fo Lip Segmentation in Colo
More informationIP Network Design by Modified Branch Exchange Method
Received: June 7, 207 98 IP Netwok Design by Modified Banch Method Kaiat Jaoenat Natchamol Sichumoenattana 2* Faculty of Engineeing at Kamphaeng Saen, Kasetsat Univesity, Thailand 2 Faculty of Management
More informationANALYTIC PERFORMANCE MODELS FOR SINGLE CLASS AND MULTIPLE CLASS MULTITHREADED SOFTWARE SERVERS
ANALYTIC PERFORMANCE MODELS FOR SINGLE CLASS AND MULTIPLE CLASS MULTITHREADED SOFTWARE SERVERS Daniel A Menascé Mohamed N Bennani Dept of Compute Science Oacle, Inc Geoge Mason Univesity 1211 SW Fifth
More informationSegmentation of Casting Defects in X-Ray Images Based on Fractal Dimension
17th Wold Confeence on Nondestuctive Testing, 25-28 Oct 2008, Shanghai, China Segmentation of Casting Defects in X-Ray Images Based on Factal Dimension Jue WANG 1, Xiaoqin HOU 2, Yufang CAI 3 ICT Reseach
More informationDetection and Recognition of Alert Traffic Signs
Detection and Recognition of Alet Taffic Signs Chia-Hsiung Chen, Macus Chen, and Tianshi Gao 1 Stanfod Univesity Stanfod, CA 9305 {echchen, macuscc, tianshig}@stanfod.edu Abstact Taffic signs povide dives
More informationRANDOM IRREGULAR BLOCK-HIERARCHICAL NETWORKS: ALGORITHMS FOR COMPUTATION OF MAIN PROPERTIES
RANDOM IRREGULAR BLOCK-HIERARCHICAL NETWORKS: ALGORITHMS FOR COMPUTATION OF MAIN PROPERTIES Svetlana Avetisyan Mikayel Samvelyan* Matun Kaapetyan Yeevan State Univesity Abstact In this pape, the class
More informationControlled Information Maximization for SOM Knowledge Induced Learning
3 Int'l Conf. Atificial Intelligence ICAI'5 Contolled Infomation Maximization fo SOM Knowledge Induced Leaning Ryotao Kamimua IT Education Cente and Gaduate School of Science and Technology, Tokai Univeisity
More informationProf. Feng Liu. Fall /17/2016
Pof. Feng Liu Fall 26 http://www.cs.pdx.edu/~fliu/couses/cs447/ /7/26 Last time Compositing NPR 3D Gaphics Toolkits Tansfomations 2 Today 3D Tansfomations The Viewing Pipeline Mid-tem: in class, Nov. 2
More informationImage Enhancement in the Spatial Domain. Spatial Domain
8-- Spatial Domain Image Enhancement in the Spatial Domain What is spatial domain The space whee all pixels fom an image In spatial domain we can epesent an image by f( whee x and y ae coodinates along
More informationTHE THETA BLOCKCHAIN
THE THETA BLOCKCHAIN Theta is a decentalized video steaming netwok, poweed by a new blockchain and token. By Theta Labs, Inc. Last Updated: Nov 21, 2017 esion 1.0 1 OUTLINE Motivation Reputation Dependent
More informationUCB CS61C : Machine Structures
inst.eecs.bekeley.edu/~cs61c UCB CS61C : Machine Stuctues Lectue SOE Dan Gacia Lectue 28 CPU Design : Pipelining to Impove Pefomance 2010-04-05 Stanfod Reseaches have invented a monitoing technique called
More informationPositioning of a robot based on binocular vision for hand / foot fusion Long Han
2nd Intenational Confeence on Advances in Mechanical Engineeing and Industial Infomatics (AMEII 26) Positioning of a obot based on binocula vision fo hand / foot fusion Long Han Compute Science and Technology,
More informationOptical Flow for Large Motion Using Gradient Technique
SERBIAN JOURNAL OF ELECTRICAL ENGINEERING Vol. 3, No. 1, June 2006, 103-113 Optical Flow fo Lage Motion Using Gadient Technique Md. Moshaof Hossain Sake 1, Kamal Bechkoum 2, K.K. Islam 1 Abstact: In this
More informationConfiguring RSVP-ATM QoS Interworking
Configuing RSVP-ATM QoS Intewoking Last Updated: Januay 15, 2013 This chapte descibes the tasks fo configuing the RSVP-ATM QoS Intewoking featue, which povides suppot fo Contolled Load Sevice using RSVP
More informationCommunication vs Distributed Computation: an alternative trade-off curve
Communication vs Distibuted Computation: an altenative tade-off cuve Yahya H. Ezzeldin, Mohammed amoose, Chistina Fagouli Univesity of Califonia, Los Angeles, CA 90095, USA, Email: {yahya.ezzeldin, mkamoose,
More informationA Minutiae-based Fingerprint Matching Algorithm Using Phase Correlation
A Minutiae-based Fingepint Matching Algoithm Using Phase Coelation Autho Chen, Weiping, Gao, Yongsheng Published 2007 Confeence Title Digital Image Computing: Techniques and Applications DOI https://doi.og/10.1109/dicta.2007.4426801
More informationObstacle Avoidance of Autonomous Mobile Robot using Stereo Vision Sensor
Obstacle Avoidance of Autonomous Mobile Robot using Steeo Vision Senso Masako Kumano Akihisa Ohya Shin ichi Yuta Intelligent Robot Laboatoy Univesity of Tsukuba, Ibaaki, 35-8573 Japan E-mail: {masako,
More informationKeccak discussion. Soham Sadhu. January 9, 2012
Keccak discussion Soham Sadhu January 9, 2012 Keccak (pronounced like Ketchak ) is a cryptographic hash function designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche. Keccak is
More informationEmbeddings into Crossed Cubes
Embeddings into Cossed Cubes Emad Abuelub *, Membe, IAENG Abstact- The hypecube paallel achitectue is one of the most popula inteconnection netwoks due to many of its attactive popeties and its suitability
More informationMultidimensional Testing
Multidimensional Testing QA appoach fo Stoage netwoking Yohay Lasi Visuality Systems 1 Intoduction Who I am Yohay Lasi, QA Manage at Visuality Systems Visuality Systems the leading commecial povide of
More informationFACE VECTORS OF FLAG COMPLEXES
FACE VECTORS OF FLAG COMPLEXES ANDY FROHMADER Abstact. A conjectue of Kalai and Eckhoff that the face vecto of an abitay flag complex is also the face vecto of some paticula balanced complex is veified.
More informationA New Finite Word-length Optimization Method Design for LDPC Decoder
A New Finite Wod-length Optimization Method Design fo LDPC Decode Jinlei Chen, Yan Zhang and Xu Wang Key Laboatoy of Netwok Oiented Intelligent Computation Shenzhen Gaduate School, Habin Institute of Technology
More informationAny modern computer system will incorporate (at least) two levels of storage:
1 Any moden compute system will incopoate (at least) two levels of stoage: pimay stoage: andom access memoy (RAM) typical capacity 32MB to 1GB cost pe MB $3. typical access time 5ns to 6ns bust tansfe
More informationIP Multicast Simulation in OPNET
IP Multicast Simulation in OPNET Xin Wang, Chien-Ming Yu, Henning Schulzinne Paul A. Stipe Columbia Univesity Reutes Depatment of Compute Science 88 Pakway Dive South New Yok, New Yok Hauppuage, New Yok
More informationLecture # 04. Image Enhancement in Spatial Domain
Digital Image Pocessing CP-7008 Lectue # 04 Image Enhancement in Spatial Domain Fall 2011 2 domains Spatial Domain : (image plane) Techniques ae based on diect manipulation of pixels in an image Fequency
More informationADDING REALISM TO SOURCE CHARACTERIZATION USING A GENETIC ALGORITHM
ADDING REALISM TO SOURCE CHARACTERIZATION USING A GENETIC ALGORITHM Luna M. Rodiguez*, Sue Ellen Haupt, and Geoge S. Young Depatment of Meteoology and Applied Reseach Laboatoy The Pennsylvania State Univesity,
More informationTopic -3 Image Enhancement
Topic -3 Image Enhancement (Pat 1) DIP: Details Digital Image Pocessing Digital Image Chaacteistics Spatial Spectal Gay-level Histogam DFT DCT Pe-Pocessing Enhancement Restoation Point Pocessing Masking
More informationTowards Adaptive Information Merging Using Selected XML Fragments
Towads Adaptive Infomation Meging Using Selected XML Fagments Ho-Lam Lau and Wilfed Ng Depatment of Compute Science and Engineeing, The Hong Kong Univesity of Science and Technology, Hong Kong {lauhl,
More informationLecture 8 Introduction to Pipelines Adapated from slides by David Patterson
Lectue 8 Intoduction to Pipelines Adapated fom slides by David Patteson http://www-inst.eecs.bekeley.edu/~cs61c/ * 1 Review (1/3) Datapath is the hadwae that pefoms opeations necessay to execute pogams.
More informationA Shape-preserving Affine Takagi-Sugeno Model Based on a Piecewise Constant Nonuniform Fuzzification Transform
A Shape-peseving Affine Takagi-Sugeno Model Based on a Piecewise Constant Nonunifom Fuzzification Tansfom Felipe Fenández, Julio Gutiéez, Juan Calos Cespo and Gacián Tiviño Dep. Tecnología Fotónica, Facultad
More informationMulti-azimuth Prestack Time Migration for General Anisotropic, Weakly Heterogeneous Media - Field Data Examples
Multi-azimuth Pestack Time Migation fo Geneal Anisotopic, Weakly Heteogeneous Media - Field Data Examples S. Beaumont* (EOST/PGS) & W. Söllne (PGS) SUMMARY Multi-azimuth data acquisition has shown benefits
More informationAn Unsupervised Segmentation Framework For Texture Image Queries
An Unsupevised Segmentation Famewok Fo Textue Image Queies Shu-Ching Chen Distibuted Multimedia Infomation System Laboatoy School of Compute Science Floida Intenational Univesity Miami, FL 33199, USA chens@cs.fiu.edu
More informationQuery Language #1/3: Relational Algebra Pure, Procedural, and Set-oriented
Quey Language #1/3: Relational Algeba Pue, Pocedual, and Set-oiented To expess a quey, we use a set of opeations. Each opeation takes one o moe elations as input paamete (set-oiented). Since each opeation
More information= dv 3V (r + a 1) 3 r 3 f(r) = 1. = ( (r + r 2
Random Waypoint Model in n-dimensional Space Esa Hyytiä and Joma Vitamo Netwoking Laboatoy, Helsinki Univesity of Technology, Finland Abstact The andom waypoint model (RWP) is one of the most widely used
More informationXFVHDL: A Tool for the Synthesis of Fuzzy Logic Controllers
XFVHDL: A Tool fo the Synthesis of Fuzzy Logic Contolles E. Lago, C. J. Jiménez, D. R. López, S. Sánchez-Solano and A. Baiga Instituto de Micoelectónica de Sevilla. Cento Nacional de Micoelectónica, Edificio
More informationdc - Linux Command Dc may be invoked with the following command-line options: -V --version Print out the version of dc
- CentOS 5.2 - Linux Uses Guide - Linux Command SYNOPSIS [-V] [--vesion] [-h] [--help] [-e sciptexpession] [--expession=sciptexpession] [-f sciptfile] [--file=sciptfile] [file...] DESCRIPTION is a evese-polish
More informationA Two-stage and Parameter-free Binarization Method for Degraded Document Images
A Two-stage and Paamete-fee Binaization Method fo Degaded Document Images Yung-Hsiang Chiu 1, Kuo-Liang Chung 1, Yong-Huai Huang 2, Wei-Ning Yang 3, Chi-Huang Liao 4 1 Depatment of Compute Science and
More informationA Consistent, User Friendly Interface for Running a Variety of Underwater Acoustic Propagation Codes
Poceedings of ACOUSTICS 6 - Novembe 6, Chistchuch, New Zealand A Consistent, Use Fiendly Inteface fo Running a Vaiety of Undewate Acoustic Popagation Codes Alec J Duncan, Amos L Maggi Cente fo Maine Science
More informationModeling a shared medium access node with QoS distinction
Modeling a shaed medium access node with QoS distinction Matthias Gies, Jonas Geutet Compute Engineeing and Netwoks Laboatoy (TIK) Swiss Fedeal Institute of Technology Züich CH-8092 Züich, Switzeland email:
More informationAlso available at ISSN (printed edn.), ISSN (electronic edn.) ARS MATHEMATICA CONTEMPORANEA 3 (2010)
Also available at http://amc.imfm.si ISSN 1855-3966 (pinted edn.), ISSN 1855-3974 (electonic edn.) ARS MATHEMATICA CONTEMPORANEA 3 (2010) 109 120 Fulleene patches I Jack E. Gave Syacuse Univesity, Depatment
More informationThe Java Virtual Machine. Compiler construction The structure of a frame. JVM stacks. Lecture 2
Compile constuction 2009 Lectue 2 Code geneation 1: Geneating code The Java Vitual Machine Data types Pimitive types, including intege and floating-point types of vaious sizes and the boolean type. The
More informationExtract Object Boundaries in Noisy Images using Level Set. Final Report
Extact Object Boundaies in Noisy Images using Level Set by: Quming Zhou Final Repot Submitted to Pofesso Bian Evans EE381K Multidimensional Digital Signal Pocessing May 10, 003 Abstact Finding object contous
More informationUser Group testing report
Use Goup testing epot Deliveable No: D6.10 Contact No: Integated Poject No. 506723: SafetyNet Aconym: SafetyNet Title: Building the Euopean Road Safety Obsevatoy Integated Poject, Thematic Pioity 6.2 Sustainable
More informationHigh performance CUDA based CNN image processor
High pefomance UDA based NN image pocesso GEORGE VALENTIN STOIA, RADU DOGARU, ELENA RISTINA STOIA Depatment of Applied Electonics and Infomation Engineeing Univesity Politehnica of Buchaest -3, Iuliu Maniu
More informationSlotted Random Access Protocol with Dynamic Transmission Probability Control in CDMA System
Slotted Random Access Potocol with Dynamic Tansmission Pobability Contol in CDMA System Intaek Lim 1 1 Depatment of Embedded Softwae, Busan Univesity of Foeign Studies, itlim@bufs.ac.k Abstact In packet
More informationPerformance Optimization in Structured Wireless Sensor Networks
5 The Intenational Aab Jounal of Infomation Technology, Vol. 6, o. 5, ovembe 9 Pefomance Optimization in Stuctued Wieless Senso etwoks Amine Moussa and Hoda Maalouf Compute Science Depatment, ote Dame
More informationMethods for history matching under geological constraints Jef Caers Stanford University, Petroleum Engineering, Stanford CA , USA
Methods fo histoy matching unde geological constaints Jef Caes Stanfod Univesity, Petoleum Engineeing, Stanfod CA 9435-222, USA Abstact Two geostatistical methods fo histoy matching ae pesented. Both ely
More informationConservation Law of Centrifugal Force and Mechanism of Energy Transfer Caused in Turbomachinery
Poceedings of the 4th WSEAS Intenational Confeence on luid Mechanics and Aeodynamics, Elounda, Geece, August 1-3, 006 (pp337-34) Consevation Law of Centifugal oce and Mechanism of Enegy Tansfe Caused in
More informationFrequency Domain Approach for Face Recognition Using Optical Vanderlugt Filters
Optics and Photonics Jounal, 016, 6, 94-100 Published Online August 016 in SciRes. http://www.scip.og/jounal/opj http://dx.doi.og/10.436/opj.016.68b016 Fequency Domain Appoach fo Face Recognition Using
More informationn If S is in convex position, then thee ae exactly k convex k-gons detemined by subsets of S. In geneal, howeve, S may detemine fa fewe convex k-gons.
Counting Convex Polygons in Plana Point Sets Joseph S. B. Mitchell a;1, Günte Rote b, Gopalakishnan Sundaam c, and Gehad Woeginge b a Applied Mathematics and Statistics, SUNY Stony Book, NY 11794-3600.
More informationA Novel Automatic White Balance Method For Digital Still Cameras
A Novel Automatic White Balance Method Fo Digital Still Cameas Ching-Chih Weng 1, Home Chen 1,2, and Chiou-Shann Fuh 3 Depatment of Electical Engineeing, 2 3 Gaduate Institute of Communication Engineeing
More informationInformation Retrieval. CS630 Representing and Accessing Digital Information. IR Basics. User Task. Basic IR Processes
CS630 Repesenting and Accessing Digital Infomation Infomation Retieval: Basics Thosten Joachims Conell Univesity Infomation Retieval Basics Retieval Models Indexing and Pepocessing Data Stuctues ~ 4 lectues
More informationCS 2461: Computer Architecture 1 Program performance and High Performance Processors
Couse Objectives: Whee ae we. CS 2461: Pogam pefomance and High Pefomance Pocessos Instucto: Pof. Bhagi Naahai Bits&bytes: Logic devices HW building blocks Pocesso: ISA, datapath Using building blocks
More informationOPTIMAL KINEMATIC SYNTHESIS OF CRANK & SLOTTED LEVER QUICK RETURN MECHANISM FOR SPECIFIC STROKE & TIME RATIO
OPTIMAL KINEMATIC SYNTHESIS OF CRANK & SLOTTED LEVER QUICK RETURN MECHANISM FOR SPECIFIC STROKE & TIME RATIO Zeeshan A. Shaikh 1 and T.Y. Badguja 2 1,2 Depatment of Mechanical Engineeing, Late G. N. Sapkal
More informationEfficient Execution Path Exploration for Detecting Races in Concurrent Programs
IAENG Intenational Jounal of Compute Science, 403, IJCS_40_3_02 Efficient Execution Path Exploation fo Detecting Races in Concuent Pogams Theodous E. Setiadi, Akihiko Ohsuga, and Mamou Maekaa Abstact Concuent
More informationIllumination methods for optical wear detection
Illumination methods fo optical wea detection 1 J. Zhang, 2 P.P.L.Regtien 1 VIMEC Applied Vision Technology, Coy 43, 5653 LC Eindhoven, The Nethelands Email: jianbo.zhang@gmail.com 2 Faculty Electical
More informationA New and Efficient 2D Collision Detection Method Based on Contact Theory Xiaolong CHENG, Jun XIAO a, Ying WANG, Qinghai MIAO, Jian XUE
5th Intenational Confeence on Advanced Mateials and Compute Science (ICAMCS 2016) A New and Efficient 2D Collision Detection Method Based on Contact Theoy Xiaolong CHENG, Jun XIAO a, Ying WANG, Qinghai
More informationExtended Perspective Shadow Maps (XPSM) Vladislav Gusev, ,
Extended Pespective Shadow Maps (XPSM) http://xpsm.og Vladislav Gusev,.8.27, xmvlad@gmail.com Figue : XPSM esults (~4 objects in a scene, 536x536 shadow map). Intoduction Shadows ae one of the most impotant
More informationAssessment of Track Sequence Optimization based on Recorded Field Operations
Assessment of Tack Sequence Optimization based on Recoded Field Opeations Matin A. F. Jensen 1,2,*, Claus G. Søensen 1, Dionysis Bochtis 1 1 Aahus Univesity, Faculty of Science and Technology, Depatment
More informationA modal estimation based multitype sensor placement method
A modal estimation based multitype senso placement method *Xue-Yang Pei 1), Ting-Hua Yi 2) and Hong-Nan Li 3) 1),)2),3) School of Civil Engineeing, Dalian Univesity of Technology, Dalian 116023, China;
More informationPoint-Biserial Correlation Analysis of Fuzzy Attributes
Appl Math Inf Sci 6 No S pp 439S-444S (0 Applied Mathematics & Infomation Sciences An Intenational Jounal @ 0 NSP Natual Sciences Publishing o Point-iseial oelation Analysis of Fuzzy Attibutes Hao-En hueh
More informationData mining based automated reverse engineering and defect discovery
Data mining based automated evese engineeing and defect discovey James F. Smith III, ThanhVu H. Nguyen Naval Reseach Laboatoy, Code 5741, Washington, D.C., 20375-5000 ABSTRACT A data mining based pocedue
More informationHISTOGRAMS are an important statistic reflecting the
JOURNAL OF L A T E X CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 1 D 2 HistoSketch: Disciminative and Dynamic Similaity-Peseving Sketching of Steaming Histogams Dingqi Yang, Bin Li, Laua Rettig, and Philippe
More informationModelling, simulation, and performance analysis of a CAN FD system with SAE benchmark based message set
Modelling, simulation, and pefomance analysis of a CAN FD system with SAE benchmak based message set Mahmut Tenuh, Panagiotis Oikonomidis, Peiklis Chachalakis, Elias Stipidis Mugla S. K. Univesity, TR;
More informationLecture 27: Voronoi Diagrams
We say that two points u, v Y ae in the same connected component of Y if thee is a path in R N fom u to v such that all the points along the path ae in the set Y. (Thee ae two connected components in the
More informationLecture Topics ECE 341. Lecture # 12. Control Signals. Control Signals for Datapath. Basic Processing Unit. Pipelining
EE 341 Lectue # 12 Instucto: Zeshan hishti zeshan@ece.pdx.edu Novembe 10, 2014 Potland State Univesity asic Pocessing Unit ontol Signals Hadwied ontol Datapath contol signals Dealing with memoy delay Pipelining
More informationUser Specified non-bonded potentials in gromacs
Use Specified non-bonded potentials in gomacs Apil 8, 2010 1 Intoduction On fist appeaances gomacs, unlike MD codes like LAMMPS o DL POLY, appeas to have vey little flexibility with egads to the fom of
More informationView Synthesis using Depth Map for 3D Video
View Synthesis using Depth Map fo 3D Video Cheon Lee and Yo-Sung Ho Gwangju Institute of Science and Technology (GIST) 1 Oyong-dong, Buk-gu, Gwangju, 500-712, Republic of Koea E-mail: {leecheon, hoyo}@gist.ac.k
More informationImprovement of First-order Takagi-Sugeno Models Using Local Uniform B-splines 1
Impovement of Fist-ode Takagi-Sugeno Models Using Local Unifom B-splines Felipe Fenández, Julio Gutiéez, Gacián Tiviño and Juan Calos Cespo Dep. Tecnología Fotónica, Facultad de Infomática Univesidad Politécnica
More informationGravitational Shift for Beginners
Gavitational Shift fo Beginnes This pape, which I wote in 26, fomulates the equations fo gavitational shifts fom the elativistic famewok of special elativity. Fist I deive the fomulas fo the gavitational
More information(a, b) x y r. For this problem, is a point in the - coordinate plane and is a positive number.
Illustative G-C Simila cicles Alignments to Content Standads: G-C.A. Task (a, b) x y Fo this poblem, is a point in the - coodinate plane and is a positive numbe. a. Using a tanslation and a dilation, show
More informationA VECTOR PERTURBATION APPROACH TO THE GENERALIZED AIRCRAFT SPARE PARTS GROUPING PROBLEM
Accepted fo publication Intenational Jounal of Flexible Automation and Integated Manufactuing. A VECTOR PERTURBATION APPROACH TO THE GENERALIZED AIRCRAFT SPARE PARTS GROUPING PROBLEM Nagiza F. Samatova,
More information5 4 THE BERNOULLI EQUATION
185 CHATER 5 the suounding ai). The fictional wok tem w fiction is often expessed as e loss to epesent the loss (convesion) of mechanical into themal. Fo the idealied case of fictionless motion, the last
More informationAttacking an Obfuscated Cipher by Injecting Faults
Attacking an Obfuscated Ciphe by Injecting Faults Matthias Jacob 1, Dan Boneh 2, and Edwad Felten 1 1 Pinceton Univesity {mjacob,felten}@cs.pinceton.edu 2 Stanfod Univesity dabo@cs.stanfod.edu Abstact.
More informationDEADLOCK AVOIDANCE IN BATCH PROCESSES. M. Tittus K. Åkesson
DEADLOCK AVOIDANCE IN BATCH PROCESSES M. Tittus K. Åkesson Univesity College Boås, Sweden, e-mail: Michael.Tittus@hb.se Chalmes Univesity of Technology, Gothenbug, Sweden, e-mail: ka@s2.chalmes.se Abstact:
More informationCryptanalysis of Hwang-Chang s a Time-Stamp Protocol for Digital Watermarking
Cyptanalysis of Hwang-Chang s a Time-Stamp Potocol fo Digital Watemaking *Jue-Sam Chou, Yalin Chen 2, Chung-Ju Chan 3 Depatment of Infomation Management, Nanhua Univesity Chiayi 622 Taiwan, R.O.C *: coesponding
More informationSYSTEM LEVEL REUSE METRICS FOR OBJECT ORIENTED SOFTWARE : AN ALTERNATIVE APPROACH
I J C A 7(), 202 pp. 49-53 SYSTEM LEVEL REUSE METRICS FOR OBJECT ORIENTED SOFTWARE : AN ALTERNATIVE APPROACH Sushil Goel and 2 Rajesh Vema Associate Pofesso, Depatment of Compute Science, Dyal Singh College,
More informationClustering Interval-valued Data Using an Overlapped Interval Divergence
Poc. of the 8th Austalasian Data Mining Confeence (AusDM'9) Clusteing Inteval-valued Data Using an Ovelapped Inteval Divegence Yongli Ren Yu-Hsn Liu Jia Rong Robet Dew School of Infomation Engineeing,
More informationA Full-mode FME VLSI Architecture Based on 8x8/4x4 Adaptive Hadamard Transform For QFHD H.264/AVC Encoder
20 IEEE/IFIP 9th Intenational Confeence on VLSI and System-on-Chip A Full-mode FME VLSI Achitectue Based on 8x8/ Adaptive Hadamad Tansfom Fo QFHD H264/AVC Encode Jialiang Liu, Xinhua Chen College of Infomation
More informationA ROI Focusing Mechanism for Digital Cameras
A ROI Focusing Mechanism fo Digital Cameas Chu-Hui Lee, Meng-Feng Lin, Chun-Ming Huang, and Chun-Wei Hsu Abstact With the development and application of digital technologies, the digital camea is moe popula
More informationOn the Conversion between Binary Code and Binary-Reflected Gray Code on Boolean Cubes
On the Convesion between Binay Code and BinayReflected Gay Code on Boolean Cubes The Havad community has made this aticle openly available. Please shae how this access benefits you. You stoy mattes Citation
More informationAdaptation of Motion Capture Data of Human Arms to a Humanoid Robot Using Optimization
ICCAS25 June 2-5, KINTEX, Gyeonggi-Do, Koea Adaptation of Motion Captue Data of Human Ams to a Humanoid Robot Using Optimization ChangHwan Kim and Doik Kim Intelligent Robotics Reseach Cente, Koea Institute
More informationAutomatically Testing Interacting Software Components
Automatically Testing Inteacting Softwae Components Leonad Gallaghe Infomation Technology Laboatoy National Institute of Standads and Technology Gaithesbug, MD 20899, USA lgallaghe@nist.gov Jeff Offutt
More informationSpiral Recognition Methodology and Its Application for Recognition of Chinese Bank Checks
Spial Recognition Methodology and Its Application fo Recognition of Chinese Bank Checks Hanshen Tang 1, Emmanuel Augustin 2, Ching Y. Suen 1, Olivie Baet 2, Mohamed Cheiet 3 1 Cente fo Patten Recognition
More informationSimulation and Performance Evaluation of Network on Chip Architectures and Algorithms using CINSIM
J. Basic. Appl. Sci. Res., 1(10)1594-1602, 2011 2011, TextRoad Publication ISSN 2090-424X Jounal of Basic and Applied Scientific Reseach www.textoad.com Simulation and Pefomance Evaluation of Netwok on
More information3D Hand Trajectory Segmentation by Curvatures and Hand Orientation for Classification through a Probabilistic Approach
3D Hand Tajectoy Segmentation by Cuvatues and Hand Oientation fo Classification though a Pobabilistic Appoach Diego R. Faia and Joge Dias Abstact In this wok we pesent the segmentation and classification
More informationApproaches to Automatic Programming
MITSUBISHI ELECTRIC RESEARCH LABORATORIES http://www.mel.com Appoaches to Automatic Pogamming Chales Rich, Richad C. Wates TR92-04 July 1992 Abstact This pape is an oveview of cuent appoaches to automatic
More informationDynamic Multiple Parity (DMP) Disk Array for Serial Transaction Processing
IEEE TRANSACTIONS ON COMPUTERS, VOL. 50, NO. 9, SEPTEMBER 200 949 Dynamic Multiple Paity (DMP) Disk Aay fo Seial Tansaction Pocessing K.H. Yeung, Membe, IEEE, and T.S. Yum, Senio Membe, IEEE AbstactÐThe
More informationThe EigenRumor Algorithm for Ranking Blogs
he EigenRumo Algoithm fo Ranking Blogs Ko Fujimua N Cybe Solutions Laboatoies N Copoation akafumi Inoue N Cybe Solutions Laboatoies N Copoation Masayuki Sugisaki N Resonant Inc. ABSRAC he advent of easy
More informationA Mathematical Implementation of a Global Human Walking Model with Real-Time Kinematic Personification by Boulic, Thalmann and Thalmann.
A Mathematical Implementation of a Global Human Walking Model with Real-Time Kinematic Pesonification by Boulic, Thalmann and Thalmann. Mashall Badley National Cente fo Physical Acoustics Univesity of
More informationUsing SPEC SFS with the SNIA Emerald Program for EPA Energy Star Data Center Storage Program Vernon Miller IBM Nick Principe Dell EMC
Using SPEC SFS with the SNIA Emeald Pogam fo EPA Enegy Sta Data Cente Stoage Pogam Venon Mille IBM Nick Pincipe Dell EMC v6 Agenda Backgound on SNIA Emeald/Enegy Sta fo block Intoduce NAS/File test addition;
More informationTESSELLATIONS. This is a sample (draft) chapter from: MATHEMATICAL OUTPOURINGS. Newsletters and Musings from the St. Mark s Institute of Mathematics
TESSELLATIONS This is a sample (daft) chapte fom: MATHEMATICAL OUTPOURINGS Newslettes and Musings fom the St. Mak s Institute of Mathematics James Tanton www.jamestanton.com This mateial was and can still
More informationGCC-AVR Inline Assembler Cookbook Version 1.2
GCC-AVR Inline Assemble Cookbook Vesion 1.2 About this Document The GNU C compile fo Atmel AVR isk pocessos offes, to embed assembly language code into C pogams. This cool featue may be used fo manually
More informationART GALLERIES WITH INTERIOR WALLS. March 1998
ART GALLERIES WITH INTERIOR WALLS Andé Kündgen Mach 1998 Abstact. Conside an at galley fomed by a polygon on n vetices with m pais of vetices joined by inteio diagonals, the inteio walls. Each inteio wall
More informationThe International Conference in Knowledge Management (CIKM'94), Gaithersburg, MD, November 1994.
The Intenational Confeence in Knowledge Management (CIKM'94), Gaithesbug, MD, Novembe 994. Hashing by Poximity to Pocess Duplicates in Spatial Databases Walid G. Aef Matsushita Infomation Technology Laboatoy
More informationComparisons of Transient Analytical Methods for Determining Hydraulic Conductivity Using Disc Permeameters
Compaisons of Tansient Analytical Methods fo Detemining Hydaulic Conductivity Using Disc Pemeametes 1,,3 Cook, F.J. 1 CSRO Land and Wate, ndoooopilly, Queensland The Univesity of Queensland, St Lucia,
More informationPrioritized Traffic Recovery over GMPLS Networks
Pioitized Taffic Recovey ove GMPLS Netwoks 2005 IEEE. Pesonal use of this mateial is pemitted. Pemission fom IEEE mu be obtained fo all othe uses in any cuent o futue media including epinting/epublishing
More information