What ~1.25 turned out to be or Complex poles and DVDs Ilya Mironov Microsoft Research, SVC October 3 rd, 2003.

Slides:

Advertisements

Similar presentations

Explicit Exclusive Set Systems with Applications to Broadcast Encryption David Woodruff Joint with Craig Gentry and Zulfikar Ramzan To appear in FOCS 2006.

Advertisements

Explicit Exclusive Set Systems with Applications to Broadcast Encryption David P. Woodruff MIT FOCS 2006 Craig Gentry Stanford Zulfikar Ramzan Symantec.

A Survey of Key Management for Secure Group Communications Celia Li.

Hadi Goudarzi and Massoud Pedram

Fast Algorithms For Hierarchical Range Histogram Constructions

Analysis of Algorithms

Broadcast Encryption – an overview Niv Gilboa – BGU 1.

A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Xinran Wang, Sencun Zhu and Guohong Cao The Pennsylvania State University MobiHoc’ 06.

Information Networks Small World Networks Lecture 5.

On The Algebraic Structure of Combinatorial Broadcast Encryption Schemes and Applications Serdar Pehlivanoglu (pay-live-a-no-glue) Joint work with Aggelos.

The Cache Location Problem. Overview TERCs Vs. Proxies Stability Cache location.

Ad-Hoc Networks Beyond Unit Disk Graphs

Tirgul 10 Rehearsal about Universal Hashing Solving two problems from theoretical exercises: –T2 q. 1 –T3 q. 2.

Content Protection for Recordable Media Florian Pestoni IBM Almaden Research Center.

CSE 326: Data Structures Lecture #11 B-Trees Alon Halevy Spring Quarter 2001.

Rooted Trees. More definitions parent of d child of c sibling of d ancestor of d descendants of g leaf internal vertex subtree root.

B + -Trees (Part 1) Lecture 20 COMP171 Fall 2006.

B + -Trees (Part 1). Motivation AVL tree with N nodes is an excellent data structure for searching, indexing, etc. –The Big-Oh analysis shows most operations.

B + -Trees (Part 1) COMP171. Slide 2 Main and secondary memories  Secondary storage device is much, much slower than the main RAM  Pages and blocks.

CSE 326: Data Structures B-Trees Ben Lerner Summer 2007.

CS 261 – Winter 2010 Trees. Ubiquitous – they are everywhere in CS Probably ranks third among the most used data structure: 1.Vectors and Arrays 2.Lists.

B-Trees Chapter 9. Limitations of binary search Though faster than sequential search, binary search still requires an unacceptable number of accesses.

DAST 2005 Week 4 – Some Helpful Material Randomized Quick Sort & Lower bound & General remarks…

Random walks and analysis of algorithms in cryptography Ilya Mironov Stanford University.

CS 580S Sensor Networks and Systems Professor Kyoung Don Kang Lecture 7 February 13, 2006.

Important Problem Types and Fundamental Data Structures

Sorting in Linear Time Lower bound for comparison-based sorting

DVD Decryption What happened and is it ethical?. DVD CSS n The purpose of encrypting data on DVD. n The CSS Security Model. n How that security model.

MA/CSSE 473 Day 28 Hashing review B-tree overview Dynamic Programming.

More Trees Multiway Trees and 2-4 Trees. Motivation of Multi-way Trees Main memory vs. disk ◦ Assumptions so far: ◦ We have assumed that we can store.

CS548 Advanced Information Security Presented by Gowun Jeong Mar. 9, 2010.

Quantifying the dynamics of Binary Search Trees under combined insertions and deletions BACKGROUND The complexity of many operations on Binary Search Trees.

CS 3343: Analysis of Algorithms

Database Management 9. course. Execution of queries.

Combining the strengths of UMIST and The Victoria University of Manchester COMP60611 Fundamentals of Parallel and Distributed Systems Lecture 7 Scalability.

1 CPS216: Advanced Database Systems Notes 04: Operators for Data Access Shivnath Babu.

1 Anonymous Trust: Digital Rights Management Using Broadcast Encryption Proceedings of the IEEE, Vol. 92, No. 6, June 2004.

Trevor Brown – University of Toronto B-slack trees: Space efficient B-trees.

Dong Hoon Lee CIST Korea University Efficient Communication-Storage Tradeoffs for Broadcast Encryption Schemes ( will be published.

Korea University CRYPTO ‘05 Jung Yeon Hwang, Dong Hoon Lee, Jong In Lim Generic Transformation for Scalable Broadcast Encryption Schemes.

March 7 & 9, Csci 2111: Data and File Structures Week 8, Lectures 1 & 2 Multi-Level Indexing and B-Trees.

CS261 – Recitation 5 Fall Outline Assignment 3: Memory and Timing Tests Binary Search Algorithm Binary Search Tree Add/Remove examples 1.

Binary Trees, Binary Search Trees RIZWAN REHMAN CENTRE FOR COMPUTER STUDIES DIBRUGARH UNIVERSITY.

Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia

David Luebke 1 10/25/2015 CS 332: Algorithms Skip Lists Hash Tables.

Week 10Complexity of Algorithms1 Hard Computational Problems Some computational problems are hard Despite a numerous attempts we do not know any efficient.

CMSC 341 B- Trees D. Frey with apologies to Tom Anastasio.

MA/CSSE 473 Day 28 Dynamic Programming Binomial Coefficients Warshall's algorithm Student questions?

CSED101 INTRODUCTION TO COMPUTING TREE 2 Hwanjo Yu.

Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.

CSE 326 Killer Bee-Trees David Kaplan Dept of Computer Science & Engineering Autumn 2001 Where was that root?

Lecture 11COMPSCI.220.FS.T Balancing an AVLTree Two mirror-symmetric pairs of cases to rebalance the tree if after the insertion of a new key to.

1 Multi-Level Indexing and B-Trees. 2 Statement of the Problem When indexes grow too large they have to be stored on secondary storage. However, there.

Computer Science Revocation and Tracing Schemes for Stateless Receivers Dalit Naor, Moni Naor, Jeff Lotspiech Presented by Attila Altay Yavuz CSC 774 In-Class.

B-TREE. Motivation for B-Trees So far we have assumed that we can store an entire data structure in main memory What if we have so much data that it won’t.

Chair for Network- and Data-Security

Lecture 9COMPSCI.220.FS.T Lower Bound for Sorting Complexity Each algorithm that sorts by comparing only pairs of elements must use at least 

Dynamics of Binary Search Trees under batch insertions and deletions with duplicates ╛ BACKGROUND The complexity of many operations on Binary Search Trees.

MA/CSSE 473 Day 30 B Trees Dynamic Programming Binomial Coefficients Warshall's algorithm No in-class quiz today Student questions?

TreeCast: A Stateless Addressing and Routing Architecture for Sensor Networks Santashil PalChaudhuri, Shu Du, Ami K. Saha, and David B. Johnson Department.

Security of Broadcast Networks 1. Overview r Broadcast networks are used mostly for TV r Historical development r Commercial models r One-way or Two-way.

CENG 3511 External Sorting. CENG 3512 Outline Introduction Heapsort Multi-way Merging Multi-step merging Replacement Selection in heap-sort.

A Signature-like Primitive for Broadcast-encryption- based Systems Jeffrey Lotspiech IBM Almaden Research Center.

Liang, Introduction to Java Programming, Tenth Edition, (c) 2013 Pearson Education, Inc. All rights reserved. 1 Chapter 23 Sorting.

Greedy Algorithms Alexandra Stefan.

Distributed and Parallel Processing

CPS216: Data-intensive Computing Systems

Greedy Algorithms Alexandra Stefan.

CSE 326: Data Structures Lecture #10 B-Trees

Presentation transcript:

What ~1.25 turned out to be or Complex poles and DVDs Ilya Mironov Microsoft Research, SVC October 3 rd, 2003

One-to-One Communications AliceBob

One-to-Many Communications Alice BobCarlZing

One-to-Many Communications Alice BobCarlZing

One-to-Many Communications Alice BobCarlZing

One-to-Many Communications Alice BobCarlZing

Broadcast Alice BobCarlZing

Broadcast Alice BobCarlZing

Real Life Examples of Broadcast Pay-per-view Pay-per-view Satellite radio, TV (“dishes”) Satellite radio, TV (“dishes”) DVD players DVD players Stateless receivers

Broadcast encryption source receivers k kk k kk kk k k k  One rogue user compromises the whole system  Very little overhead

Broadcast encryption source receivers k 1, k 2, k 3, k 4, k 5,…, k n k1k1 k2k2 k3k3 k4k4 k5k5 k6k6 k7k7 knkn … broadcast E[k 1,k], E[k 2,k],…, E[k n,k], E[k,M]

Broadcast encryption source receivers k 1, k 2, k 3, k 4, k 5,…, k n k1k1 k2k2 k3k3 k4k4 k5k5 k6k6 k7k7 knkn …  Too many keys  Simple user revocation

Botched attempts CSS (most famous for the DeCSS crack) CSS (most famous for the DeCSS crack) CPRM (IBM, Intel, Matsushita, Toshiba) Can revoke only 10,000 devices in 3Mb CPRM (IBM, Intel, Matsushita, Toshiba) Can revoke only 10,000 devices in 3Mb

Subset-cover framework (Naor-Naor-Lotspiech’01) S3S3 S5S5 S6S6 S1S1 S2S2 S4S4 S7S7 S8S8

S3S3 S5S5 S6S6 S1S1 S2S2 S4S4 S7S7 S8S8 k3k3 k4k4 k5k5 u receiver u knows keys:

Key distribution Based on some formal characteristic: e.g., DVD player’s serial number Based on some formal characteristic: e.g., DVD player’s serial number Using some real-life descriptors: Using some real-life descriptors: — CMU students/faculty — researchers — Pennsylvania state residents — college-educated

Broadcast using subset cover S3S3 S5S5 S6S6 S1S1 S8S8 S 10 header uses k 1, k 3, k 5, k 6, k 8, k 10

Subtree difference All receivers are associated with the leaves of a full binary tree k0k0 k 00 k 01 k 0…0 k 0…1 k 1…1

Subtree differences i j special set S i,j

Subtree difference

Greedy algorithm Easy greedy algorithm for constructing a subtree cover for any set of revoked users Easy greedy algorithm for constructing a subtree cover for any set of revoked users

Greedy algorithm Find a node such that both of its children have exactly one revoked descendant Find a node such that both of its children have exactly one revoked descendant

Greedy algorithm Add (at most) two sets to the cover Add (at most) two sets to the cover

Greedy algorithm Revoke the entire subtree Revoke the entire subtree

Greedy algorithm Could be less than two sets Could be less than two sets

Average-case analysis R - number of revoked users R - number of revoked users C – number of sets in the cover C ≤ 2R-1 averaged over sets of fixed size [NNL’01] averaged over sets of fixed size [NNL’01] E[C] ≤ 1.38R simulation experiments give [NNL’01] simulation experiments give [NNL’01] E[C] ~ R 1.25

Hypothesis 1.25… = 5/4

Different Model Revoke each user independently at random with probability p Revoke each user independently at random with probability p

Exact formula where If a user is revoked with probability p«1:

Exact formula where If a user is revoked with probability p«1:

Asymptotic p E[C]/E[R]

Asymptotic … … p

Exact formula where If a user is revoked with probability p«1:

Singularities of f Function f cannot be analytically continued beyond the unit disk

One approach 5 pages of dense computations – series, o, O, lim, etc. produce only the constant term

Mellin transform

Approximation where For small q

The Mellin Transform Poles at 0, -1, -2, -3, … and

Complex poles …

Mellin transform

Approximation where p = 1-q

Asymptotic E[C]/E[R] … … 3log 2 4/3 p

Average-case analysis R - number of revoked users C – number of sets in the cover If a user is revoked with probability p«1: E[C] ≈ E[R]

Knuth and de Bruijn Solution communicated by de Bruijn to Knuth for analysis of the radix- exchange sort algorithm (vol. 3, 1 st ed, p. 131) Solution communicated by de Bruijn to Knuth for analysis of the radix- exchange sort algorithm (vol. 3, 1 st ed, p. 131) De Bruijn, Knuth, Rice, “The average height of planted plane trees,” 1972 De Bruijn, Knuth, Rice, “The average height of planted plane trees,” 1972

Further reading Flajolet, Gourdon, Dumas, “Mellin transform and asymptotics: Harmonics sums”, Theor. Comp. Sc., 123(2), 1994 Flajolet, Gourdon, Dumas, “Mellin transform and asymptotics: Harmonics sums”, Theor. Comp. Sc., 123(2), 1994

Back-up slides

Halevy-Shamir scheme Noticed that subtree differences are decomposable: Noticed that subtree differences are decomposable:

Halevy-Shamir scheme Fewer special sets reduce memory requirement on receivers Fewer special sets reduce memory requirement on receivers

Improvement For practical parameters save additionally 20% compared to the Halevy-Shamir scheme For practical parameters save additionally 20% compared to the Halevy-Shamir scheme