7,396 Hits in 6.4 sec

Hawkes graphs [article]

Paul Embrechts, Matthias Kirchner
2017 arXiv   pre-print
We apply an estimation procedure developed in Kirchner (2016a) .  ...  The following definitions and properties are taken from Kirchner (2016a)modulo transposition as stated in Remark 1. Definition 8.  ... 
arXiv:1601.01879v2 fatcat:66usqvjmgvcujmit466pp57q5i

Inductive proof search modulo

Fabrice Nahon, Claude Kirchner, Hélène Kirchner, Paul Brauner
2009 Annals of Mathematics and Artificial Intelligence  
We present an original narrowing-based proof search method for inductive theorems in equational rewrite theories given by a rewrite system R and a set E of equalities. It has the specificity to be grounded on deduction modulo and to rely on narrowing to provide both induction variables and instantiation schemas. Whenever the equational rewrite system (R, E) has good properties of termination, sufficient completeness, and when E is constructor and variable preserving, narrowing at
more » ... st positions leads to consider only unifiers which are constructor substitutions. This is especially interesting for associative and associative-commutative theories for which the general proof search system is refined. The method is shown to be sound and refutationaly complete.
doi:10.1007/s10472-009-9154-5 fatcat:ftoa4temvfd2jaidyzg443bfla

Algorithms on Ideal over Complex Multiplication order [article]

Paul Kirchner
2016 arXiv   pre-print
We show in this paper that the Gentry-Szydlo algorithm for cyclotomic orders, previously revisited by Lenstra-Silverberg, can be extended to complex-multiplication (CM) orders, and even to a more general structure. This algorithm allows to test equality over the polarized ideal class group, and finds a generator of the polarized ideal in polynomial time. Also, the algorithm allows to solve the norm equation over CM orders and the recent reduction of principal ideals to the real suborder can
more » ... be performed in polynomial time. Furthermore, we can also compute in polynomial time a unit of an order of any number field given a (not very precise) approximation of it. Our description of the Gentry-Szydlo algorithm is different from the original and Lenstra- Silverberg's variant and we hope the simplifications made will allow a deeper understanding. Finally, we show that the well-known speed-up for enumeration and sieve algorithms for ideal lattices over power of two cyclotomics can be generalized to any number field with many roots of unity.
arXiv:1602.09037v1 fatcat:h4eyuz7sdrcu3nq7lb54g5pcya

The nearest-colattice algorithm [article]

Thomas Espitau, Paul Kirchner
2020 arXiv   pre-print
In this work, we exhibit a hierarchy of polynomial time algorithms solving approximate variants of the Closest Vector Problem (CVP). Our first contribution is a heuristic algorithm achieving the same distance tradeoff as HSVP algorithms, namely ≈β^n/2βcovol(Λ)^1/n for a random lattice Λ of rank n. Compared to the so-called Kannan's embedding technique, our algorithm allows using precomputations and can be used for efficient batch CVP instances. This implies that some attacks on lattice-based
more » ... natures lead to very cheap forgeries, after a precomputation. Our second contribution is a proven reduction from approximating the closest vector with a factor ≈ n^3/2β^3n/2β to the Shortest Vector Problem (SVP) in dimension β.
arXiv:2006.05660v2 fatcat:irkoqxjxtjhd5gj7ayb3jkm5qy

Open Access Helpdesk: Behind the Scenes

Andreas Kirchner, Hannah Schneider, Paul Schultze-Motel
2021 Zenodo  
Das BMBF-geförderte Projekt schafft ein neues Informations- und Vernetzungsangebot zum Thema Open Access. Der Helpdesk des Projekts ( berät Wissenschaftler*innen per E-Mail und Telefon zu ihren Open-Access-Fragen. Das Poster liefert einen kurzen Zwischenbericht zu den bisherigen Erfahrungen mit der Helpdesk-Beratung.
doi:10.5281/zenodo.5526716 fatcat:np3v4jw3y5hezoipxkpres7eya

Editors' introduction

Paul L Swanson, Thomas L Kirchner
1993 Japanese Journal of Religious Studies  
Paul L. Swanson Thomas L. Kirchner  ... 
doi:10.18874/jjrs.20.2-3.1993.93-94 fatcat:jf4dj5mz7va5rn3uy5q755ryhe

Algebraic and Euclidean Lattices: Optimal Lattice Reduction and Beyond [article]

Thomas Espitau and Paul Kirchner and Pierre-Alain Fouque
2019 arXiv   pre-print
The rst algorithm of section 5 was used in the rational case to solve NTRU instances in a previous paper by Kirchner and Fouque [27] , and found to perform as expected. 7.1.  ... 
arXiv:1912.04586v1 fatcat:v3a6uo45dncodenbrs24u3zr5q

Uprooting the Falcon Tree? [article]

Pierre-Alain Fouque, Paul Kirchner, Mehdi Tibouchi, Alexandre Wallet, Yang Yu
2019 IACR Cryptology ePrint Archive  
In this paper, we initiate the study of side-channel leakage in hash-and-sign lattice-based signatures, with particular emphasis on the two efficient implementations of the original GPV latticetrapdoor paradigm for signatures, namely NIST second-round candidate FALCON and its simpler predecessor DLP. Both of these schemes implement the GPV signature scheme over NTRU lattices, achieving great speed-ups over the general lattice case. Our results are mainly threefold. First, we identify a specific
more » ... source of side-channel leakage in most implementations of those schemes. Signing in lattice-based hash-and-sign schemes involves sampling a lattice point according to a Gaussian distribution. This reduces to sampling several one-dimensional discrete Gaussian distributions with standard deviations determined by the Gram-Schmidt norms of the secret lattice basis. Our observation is that those norms often leak through timing side-channels in the implementation of the one-dimensional Gaussian samplers. Second, we elucidate the link between this leakage and the secret key, by showing that the entire secret key can be efficiently reconstructed solely from those Gram-Schmidt norms. The result makes heavy use of the algebraic structure of the corresponding schemes, which work over a power-of-two cyclotomic field. To establish it, we propose efficient algorithms of independent interest which, given the leading principal minors of the matrix associated to a totally positive field element (in the power basis for DLP and the bit-reversed order basis for FALCON) recover the element up to conjugation. In the case of those schemes, that element is f f + gḡ, where (f, g) is the NTRU-style secret key. We then show that this element combined with the verification key suffices to recover the entire secret efficiently. Third, we concretely demonstrate the side-channel attack against DLP. The challenge is that timing information only provides an approximation of the Gram-Schmidt norms (with an accuracy increasing with the number of traces), and our algebraic recovery technique needs to be combined with pruned tree search in order to apply it to approximated values. Experimentally, we show that around 2 35 DLP traces are enough to reconstruct the entire key with good probability. Carrying out a similar experiment against FALCON is left as an open problem, however, since the recursive nature of our bit-reversed order recovery algorithm does not accommodate approximate inputs easily. Nevertheless, our results do underscore the importance of constant time implementations particularly for schemes using Gaussian sampling.
dblp:journals/iacr/FouqueKTWY19 fatcat:ihqbuyjdmfg2bmyu2n35m5qf4q

Black-Box Optimization of Object Detector Scales [article]

Mohandass Muthuraja and Octavio Arriaga and Paul Plöger and Frank Kirchner and Matias Valdenegro-Toro
2020 arXiv   pre-print
Object detectors have improved considerably in the last years by using advanced CNN architectures. However, many detector hyper-parameters are generally manually tuned, or they are used with values set by the detector authors. Automatic Hyper-parameter optimization has not been explored in improving CNN-based object detectors hyper-parameters. In this work, we propose the use of Black-box optimization methods to tune the prior/default box scales in Faster R-CNN and SSD, using Bayesian
more » ... on, SMAC, and CMA-ES. We show that by tuning the input image size and prior box anchor scale on Faster R-CNN mAP increases by 2% on PASCAL VOC 2007, and by 3% with SSD. On the COCO dataset with SSD there are mAP improvement in the medium and large objects, but mAP decreases by 1% in small objects. We also perform a regression analysis to find the significant hyper-parameters to tune.
arXiv:2010.15823v1 fatcat:ab3yxoigxrcu3isrg42hhmr33i

Principles of Superdeduction

Paul Brauner, Clement Houtmann, Claude Kirchner
2007 22nd Annual IEEE Symposium on Logic in Computer Science (LICS 2007)  
In predicate logic, the proof that a theorem P holds in a theory Th is typically conducted in natural deduction or in the sequent calculus using all the information contained in the theory in a uniform way. Introduced ten years ago, Deduction modulo allows us to make use of the computational part of the theory Th for true computations modulo which deductions are performed. Focusing on the sequent calculus, this paper presents and studies the dual concept where the theory is used to enrich the
more » ... duction system with new deduction rules in a systematic, correct and complete way. We call such a new deduction system "superdeduction". We introduce a proof-term language and a cutelimination procedure both based on Christian Urban's work on classical sequent calculus. Strong normalisation is proven under appropriate and natural hypothesis, therefore ensuring the consistency of the embedded theory and of the deduction system. The proofs obtained in such a new system are much closer to the human intuition and practice. We consequently sketch how superdeduction along with deduction modulo can be used to ground the formal foundations of new extendible proof assistants like lemuridae, our prototypal implementation of superdeduction modulo. + Th 2 ∼ Th 1 ϕ, i.e. we use the theory Th 3 to prove ϕ using the extended deduction
doi:10.1109/lics.2007.37 dblp:conf/lics/BraunerHK07 fatcat:uez7vdqlbvh3jg5272onixx3rm

Fast Lattice-Based Encryption: Stretching Spring [chapter]

Charles Bouillaguet, Claire Delaplace, Pierre-Alain Fouque, Paul Kirchner
2017 Lecture Notes in Computer Science  
The SPRING pseudo-random function (PRF) has been described by Banerjee, Brenner, Leurent, Peikert and Rosen at FSE 2014. It is quite fast, only 4.5 times slower than the AES (without hardware acceleration) when used in counter mode. SPRING is similar to the PRF of Banerjee, Peikert and Rosen from EUROCRYPT 2012, whose security relies on the hardness of the Learning With Rounding (LWR) problem, which can itself be reduced to hard lattice problems. However, there is no such chain of reductions
more » ... ating SPRING to lattice problems, because it uses small parameters for efficiency reasons. Consequently, the heuristic security of SPRING is evaluated using known attacks and the complexity of the best known algorithms for breaking the underlying hard problem. In this paper, we revisit the efficiency and security of SPRING when used as a pseudo-random generator. We propose a new variant which is competitive with the AES in counter mode without hardware AES acceleration, and about four times slower than AES with hardware acceleration. In terms of security, we improve some previous analysis of SPRING and we estimate the security of our variant against classical algorithms and attacks. Finally, we implement our variant using AVX2 instructions, resulting in high performances on high-end desktop computers.
doi:10.1007/978-3-319-59879-6_8 fatcat:z5plchfuh5gg3a2ie65l6gwzly

Efficient and Provable White-Box Primitives [chapter]

Pierre-Alain Fouque, Pierre Karpman, Paul Kirchner, Brice Minaud
2016 Lecture Notes in Computer Science  
In recent years there have been several attempts to build white-box block ciphers whose implementation aims to be incompressible. This includes the weak white-box ASASA construction by Bouillaguet, Biryukov and Khovratovich from Asiacrypt 2014, and the recent space-hard construction by Bogdanov and Isobe at CCS 2016. In this article we propose the first constructions aiming at the same goal while offering provable security guarantees. Moreover we propose concrete instantiations of our
more » ... ons, which prove to be quite efficient and competitive with prior work. Thus provable security comes with a surprisingly low overhead.
doi:10.1007/978-3-662-53887-6_6 fatcat:3k6pw6wt5zcgzkb67b5zwh4zrm

Homomorphic Evaluation of Lattice-Based Symmetric Encryption Schemes [article]

Pierre-Alain Fouque, Benjamin Hadjibeyli, Paul Kirchner
2018 IACR Cryptology ePrint Archive  
Optimizing performance of Fully Homomorphic Encryption (FHE) is nowadays an active trend of research in cryptography. One way of improvement is to use a hybrid construction with a classical symmetric encryption scheme to transfer encrypted data to the Cloud. This allows to reduce the bandwidth since the expansion factor of symmetric schemes (the ratio between the ciphertext and the plaintext length) is close to one, whereas for FHE schemes it is in the order of 1,000 to 1,000,000. However, such
more » ... a construction requires the decryption circuit of the symmetric scheme to be easy to evaluate homomorphically. Several works have studied the cost of homomorphically evaluating classical block ciphers, and some recent works have suggested new homomorphic oriented constructions of block ciphers or stream ciphers. Since the multiplication gate of FHE schemes significantly increases the noise of the ciphertext, we cannot afford too many multiplication stages in the decryption circuit. Consequently, FHE-friendly symmetric encryption schemes have a decryption circuit with small multiplication depth. We aim at minimizing the cost of the homomorphic evaluation of the decryption of symmetric encryption schemes. To do so, we focus on schemes based on learning problems: Learning With Errors (LWE), Learning Parity with Noise (LPN) and Learning With Rounding (LWR). We show that they have lower multiplicative depth than usual block ciphers, and hence allow more FHE operations before a heavy bootstrapping becomes necessary. Moreover, some of them come with a security proof. Finally, we implement our schemes in HElib. Experimental evidence shows that they achieve lower amortized and total running time than previous performance from the literature: our schemes are from 10 to 10,000 more efficient for the time per bit and the total running time is also reduced by a factor between 20 to 10,000. Of independent interest, the security of our LWR-based scheme is related to LWE and we provide an efficient security proof that allows to take smaller parameters.
dblp:journals/iacr/FouqueHK18 fatcat:ryrx3yaeujdibaywyzysoteoiu

Pierre-Paul Prud'hons "La Justice et la Vengeance divine poursuivant le Crime": Mahnender Appell und asthetischer Genuss

Thomas Kirchner
1991 Zeitschrift für Kunstgeschichte  
Moreau de la Sarthe, Bd. 2, Paris 1806, S. 56-62. 6 s Ebd., Bd. 1, Paris 1806, S. 14. 66 Siehe dazu Thomas Kirchner, Physiognomie als Zeichen.  ...  Pierre-Paul Prud'hon, La Justice et la Vengeance divine poursuivant le Crime, 1808, Paris, Musee du Louvre, Ausschnitt verkürzt ausgedrückt -die Gleichung »moralisch gut = schön« und »moralisch  ... 
doi:10.2307/1482572 fatcat:jvjlavxmmfby3e3ipmiou2kd6a

Getting Rid of Linear Algebra in Number Theory Problems [article]

Paul Kirchner, Pierre-Alain Fouque
2020 IACR Cryptology ePrint Archive  
McCurley published a subexponential algorithm for computing an imaginary class group [62] in 1987; Kirchner slightly improved the complexity to L |∆| (1 + o(1)) [42] .  ... 
dblp:journals/iacr/KirchnerF20 fatcat:ejas5sc4pngxtikrgh5l4kwen4
« Previous Showing results 1 — 15 out of 7,396 results