Constrained Keys for Invertible Pseudorandom Functions. Dan Boneh, Sam Kim, and David J. Wu Stanford University
|
|
- Holly Randall
- 5 years ago
- Views:
Transcription
1 Constrained Keys for Invertible Pseudorandom Functions Dan Boneh, Sam Kim, and David J. Wu Stanford University
2 Pseudorandom Functions (PRFs) [GGM84] k R K Pseudorandom f R Funs[X, Y] Random F: K X Y x X F k, x c x X f(x) b b
3 Constrained PRFs [BW13, BGI13, KPTZ13] Constrained PRF: PRF with additional constrain functionality F: K X Y
4 Constrained PRFs [BW13, BGI13, KPTZ13] Constrained PRF: PRF with additional constrain functionality Constrain C PRF key F: K X Y
5 Constrained PRFs [BW13, BGI13, KPTZ13] Constrained PRF: PRF with additional constrain functionality Constrain C PRF key F: K X Y Constrained key Can be used to evaluate at all points x X where C x = 1
6 Constrained PRFs [BW13, BGI13, KPTZ13] Constrain C Correctness: constrained evaluation at x X where C x = 1 yields PRF value at x
7 Constrained PRFs [BW13, BGI13, KPTZ13] Constrain C Correctness: constrained evaluation at x X where C x = 1 yields PRF value at x Security: PRF value at points x X where C x = 0 are indistinguishable from random given the constrained key
8 Constrained PRFs [BW13, BGI13, KPTZ13] Constrain C Many applications: Punctured programming paradigm [SW14]
9 Constrained PRFs [BW13, BGI13, KPTZ13] Constrain C Many applications: Punctured programming paradigm [SW14] Identity-based key exchange, broadcast encryption [BW13]
10 Constrained PRFs [BW13, BGI13, KPTZ13] Constrain C Known constructions: Puncturable PRFs from one-way functions [BW13, BGI13, KPTZ13] Punctured key can be used to evaluate the PRF at all but one point
11 Constrained PRFs [BW13, BGI13, KPTZ13] Constrain C Known constructions: Puncturable PRFs from one-way functions [BW13, BGI13, KPTZ13] (Single-key) circuit-constrained PRFs from LWE [BV15]
12 Can we constrain other cryptographic primitives, such as pseudorandom permutations (PRPs)?
13 Our Results Constrained PRPs for many natural classes of constraints do not exist
14 Our Results Constrained PRPs for many natural classes of constraints do not exist However, the relaxed notion of a constrained invertible pseudorandom function (IPF) does exist
15 Pseudorandom Permutations (PRPs) F: K X X F(k, ) implements a permutation over X
16 Constrained PRPs Image of points where C x = 1 Set where C x = 1 F: K X X Constrained key enables forward and backward evaluation
17 Constrained PRPs Image of points where C x = 1 Set where C x = 1 Correctness: Forward evaluation when C x = 1
18 Correctness: Forward evaluation when C x = 1 Backward evaluation on points y if y = F(k, x) and C x = 1 Constrained PRPs Image of points where C x = 1 Set where C x = 1
19 Difficulties in Constraining PRPs Theorem (Informal). Any constrained PRP that allows issuing a constrained key that can evaluate on a non-negligible fraction of the domain is insecure. [See paper for details]
20 Difficulties in Constraining PRPs Theorem (Informal). Any constrained PRP that allows issuing a constrained key that can evaluate on a non-negligible fraction of the domain is insecure. Puncturable PRPs do not exist. [See paper for details]
21 Difficulties in Constraining PRPs Theorem (Informal). Any constrained PRP that allows issuing a constrained key that can evaluate on a non-negligible fraction of the domain is insecure. Puncturable PRPs do not exist. Open Question: Do prefix-constrained PRPs (where prefix is ω(log λ) bits) exist? [See paper for details]
22 Relaxing the Notion Theorem (Informal). Any constrained PRP that allows issuing a constrained key that can evaluate on a non-negligible fraction of the domain is insecure. Lower bound critically relies on the set of points that satisfy the constraint being a non-negligible fraction of the range of the PRP
23 Relaxing the Notion Theorem (Informal). Any constrained PRP that allows issuing a constrained key that can evaluate on a non-negligible fraction of the domain is insecure. Domain X Range Y Relaxation: Allow range to be much larger than the domain
24 Invertible Pseudorandom Functions (IPFs) Domain X Range Y An IPF F: K X Y satisfies the following properties:
25 Invertible Pseudorandom Functions (IPFs) Domain X Range Y An IPF F: K X Y satisfies the following properties: F(k, ) is injective for all k K
26 Invertible Pseudorandom Functions (IPFs) Domain X Range Y An IPF F: K X Y satisfies the following properties: F(k, ) is injective for all k K There exists an efficiently computable inverse F 1 : K Y X
27 Invertible Pseudorandom Functions (IPFs) Domain X Range Y An IPF F: K X Y satisfies the following properties: F(k, ) is injective for all k K There exists an efficiently computable inverse F 1 : K Y X F 1 k, F k, x = x for all x X
28 Invertible Pseudorandom Functions (IPFs) Domain X Range Y An IPF F: K X Y satisfies the following properties: F(k, ) is injective for all k K There exists an efficiently computable inverse F 1 : K Y X F 1 k, F k, x = x for all x X F 1 k, y = for all y not in the range of F(k, )
29 Invertible Pseudorandom Functions (IPFs) IPFs are closely related to the notion of deterministic authenticated encryption (DAE) [RS06]. IPFs can be used to build DAE, so our constrained IPF constructions imply constrained DAE. An IPF F: K X Y satisfies the following properties: F(k, ) is injective for all k K There exists an efficiently computable inverse F 1 : K Y X F 1 k, F k, x = x for all x X F 1 k, y = for all y not in the range of F(k, )
30 Invertible Pseudorandom Functions (IPFs) k R K F: K X Y Pseudorandom Set of injective functions f R InjFuns[X, Y] Random x X F k, x y Y F 1 k, y c x X f(x) y Y f 1 (y) Outputs if y has no inverse under f b b
31 Invertible Pseudorandom Functions (IPFs) k R K Pseudorandom f R InjFuns[X, Y] x X F k, x y Y F 1 k, y c x X f(x) y Y b b Random f 1 (y) When X = Y, security definition is equivalent to that for a strong PRP
32 Constrained IPFs Direct generalization of constrained PRFs Constrain C IPF key Constrained key F: K X Y
33 Constrained IPFs Direct generalization of constrained PRFs Constrain C IPF key F: K X Y Constrained key Can be used to evaluate at all points x X where C x = 1 and invert at all points y whenever y = F(k, x) for some x where C x = 1
34 A Puncturable IPF Starting point: DAE construction called synthetic IV (SIV) [RS06]
35 A Puncturable IPF x Starting point: DAE construction called synthetic IV (SIV) [RS06]
36 y 1 y 1 = PRF 1 k 1, x A Puncturable IPF x Starting point: DAE construction called synthetic IV (SIV) [RS06] PRF 1 (k 1, )
37 y 1 y 1 = PRF 1 k 1, x A Puncturable IPF x Starting point: DAE construction called synthetic IV (SIV) [RS06] PRF 1 (k 1, ) PRF 2 (k 2, )
38 y 1 y 2 y 1 = PRF 1 k 1, x y 2 = x PRF 2 (k 2, y 1 ) A Puncturable IPF x Starting point: DAE construction called synthetic IV (SIV) [RS06] PRF 1 (k 1, ) PRF 2 (k 2, )
39 y 1 y 2 y 1 = PRF 1 k 1, x y 2 = x PRF 2 (k 2, y 1 ) A Puncturable IPF x Starting point: DAE construction called synthetic IV (SIV) [RS06] PRF 1 (k 1, ) Can also be viewed as an unbalanced Feistel network (with one block set to all 0s) PRF 2 (k 2, )
40 A Puncturable IPF x y 1 PRF 1 (k 1, ) PRF 2 (k 2, ) PRF 2 (k 2, ) y 1 y 2 y 1 = PRF 1 k 1, x y 2 = x PRF 2 (k 2, y 1 )
41 A Puncturable IPF x y 1 y 2 PRF 1 (k 1, ) PRF 2 (k 2, ) PRF 2 (k 2, ) x y 1 y 2 y 1 = PRF 1 k 1, x y 2 = x PRF 2 (k 2, y 1 )
42 A Puncturable IPF x y 1 y 2 PRF 1 (k 1, ) PRF 2 (k 2, ) y 1 y 2 y 1 = PRF 1 k 1, x y 2 = x PRF 2 (k 2, y 1 ) PRF 2 (k 2, ) x Verify y 1 = PRF(k 1, x) and output if y 1 PRF(k 1, x)
43 A Puncturable IPF x How to puncture this construction? PRF 1 (k 1, ) PRF 2 (k 2, ) y 1 y 2
44 A Puncturable IPF x How to puncture this construction? First attempt: only puncture k 1 at x PRF 1 (k 1, ) PRF 2 (k 2, ) y 1 y 2
45 A Puncturable IPF x How to puncture this construction? First attempt: only puncture k 1 at x PRF 1 (k 1, ) PRF 2 (k 2, ) Given challenge y 1, y 2, can test whether y 2 PRF 2 k 2, y 1 = x y 1 y 2
46 A Puncturable IPF x PRF 1 (k 1, ) PRF 2 (k 2, ) y 1 y 2 How to puncture this construction? First attempt: only puncture k 1 at x Given challenge y 1, y 2, can test whether y 2 PRF 2 k 2, y 1 = x Second attempt: also puncture k 2 at y 1 = PRF 1 k 1, x
47 A Puncturable IPF x PRF 1 (k 1, ) PRF 2 (k 2, ) y 1 y 2 How to puncture this construction? First attempt: only puncture k 1 at x Given challenge y 1, y 2, can test whether y 2 PRF 2 k 2, y 1 = x Second attempt: also puncture k 2 at y 1 = PRF 1 k 1, x Punctured key reveals punctured point!
48 A Puncturable IPF x How to puncture this construction? First attempt: only puncture k 1 at x PRF 1 (k 1, ) PRF 2 (k 2, ) y 1 y 2 Solution: use private puncturing Second attempt: also puncture k 2 at y 1 = PRF 1 k 1, x Punctured key reveals punctured point!
49 A Puncturable IPF x Master key: k = (k 1, k 2 ) PRF 1 (k 1, ) PRF 2 (k 2, ) y 1 y 2
50 A Puncturable IPF x Master key: k = (k 1, k 2 ) Punctured key (punctured at x ): PRF 1 (k 1, ) PRF 2 (k 2, ) y 1 y 2
51 A Puncturable IPF PRF 1 (k 1, ) x Master key: k = (k 1, k 2 ) Punctured key (punctured at x ): k 1 punctured at x PRF 2 (k 2, ) y 1 y 2
52 A Puncturable IPF PRF 1 (k 1, ) x Master key: k = (k 1, k 2 ) Punctured key (punctured at x ): k 1 punctured at x k 2 privately punctured at PRF 1 (k 1, x ) PRF 2 (k 2, ) y 1 y 2
53 A Puncturable IPF PRF 1 (k 1, ) PRF 2 (k 2, ) x Master key: k = (k 1, k 2 ) Punctured key (punctured at x ): k 1 punctured at x k 2 privately punctured at PRF 1 (k 1, x ) y 1 = PRF 1 k 1, x y 2 = x PRF 2 (k 2, y 1 ) y 1 y 2
54 A Puncturable IPF x Master key: k = (k 1, k 2 ) PRF 1 (k 1, ) PRF 2 (k 2, ) y 1 y 2 Punctured key (punctured at x ): k 1 punctured at x k 2 privately punctured at PRF 1 (k 1, x ) y 1 = PRF 1 k 1, x y 2 = x PRF 2 (k 2, y 1 ) Indistinguishable from uniform by constrained security of PRF 2
55 A Puncturable IPF x PRF 1 (k 1, ) PRF 2 (k 2, ) y 1 y 2 Master key: k = (k 1, k 2 ) Punctured key (punctured at x ): k 1 punctured at x k 2 privately punctured at PRF 1 (k 1, x ) Hides y 1 y 1 = PRF 1 k 1, x y 2 = x PRF 2 (k 2, y 1 ) Indistinguishable from uniform by constrained security of PRF 2
56 A Puncturable IPF x PRF 1 (k 1, ) PRF 2 (k 2, ) y 1 y 2 Master key: k = (k 1, k 2 ) Punctured key (punctured at x ): k 1 punctured at x Indistinguishable k 2 privately from punctured at uniform by constrained PRF 1 (k 1, x ) security of PRF 1 Hides y 1 y 1 = PRF 1 k 1, x y 2 = x PRF 2 (k 2, y 1 ) Indistinguishable from uniform by constrained security of PRF 2
57 A Puncturable IPF PRF 1 (k 1, ) PRF 2 (k 2, ) x Master key: k = (k 1, k 2 ) Punctured key (punctured at x ): k 1 punctured at x k 2 privately punctured at PRF 1 (k 1, x ) Can be instantiated from standard lattice assumptions [BKM17, CC17, BTVW17] y 1 y 2
58 Circuit-Constrained IPFs x Master key: k = (k 1, k 2 ) PRF 1 (k 1, ) PRF 2 (k 2, ) y 1 y 2
59 Circuit-Constrained IPFs PRF 1 (k 1, ) x Master key: k = (k 1, k 2 ) For puncturing at x : Puncture k 1 at x Puncture k 2 at PRF 1 (k 1, x ) PRF 2 (k 2, ) y 1 y 2
60 Circuit-Constrained IPFs PRF 1 (k 1, ) PRF 2 (k 2, ) x Master key: k = (k 1, k 2 ) For puncturing at x : Puncture k 1 at x Puncture k 2 at PRF 1 (k 1, x ) To constrain to a circuit C: y 1 y 2
61 Circuit-Constrained IPFs PRF 1 (k 1, ) PRF 2 (k 2, ) x Master key: k = (k 1, k 2 ) For puncturing at x : Puncture k 1 at x Puncture k 2 at PRF 1 (k 1, x ) To constrain to a circuit C: Constrain k 1 to C y 1 y 2
62 Circuit-Constrained IPFs PRF 1 (k 1, ) x Master key: k = (k 1, k 2 ) For puncturing at x : Puncture k 1 at x Puncture k 2 at PRF 1 (k 1, x ) PRF 2 (k 2, ) y 1 y 2 To constrain to a circuit C: Constrain k 1 to C Difficulty: Need to constrain k 2 on a pseudorandom set (the image of PRF 1 (k 1, ) on the points allowed by C)
63 Circuit-Constrained IPFs x PRF 1 (k 1, ) PRF 2 (k 2, ) y 1 y 2 Master key: k = (k 1, k 2 ) For puncturing at x : Puncture k 1 at x Puncture k 2 at PRF 1 (k 1, x ) This set does not have a To constrain simple to circuit description C: unless Constrain PRF 1 is efficiently k 1 to C invertible Difficulty: Need to constrain k 2 on a pseudorandom set (the image of PRF 1 (k 1, ) on the points allowed by C)
64 Circuit-Constrained IPFs Master key: k = (k 1, k 2 ) See paper for construction For puncturing at x : Puncture k 1 at x Puncture k 2 at PRF 1 (k 1, x ) This set does not have a To constrain simple to circuit description C: unless Constrain PRF 1 is efficiently k 1 to C invertible Difficulty: Need to constrain k 2 on a pseudorandom set (the image of PRF 1 (k 1, ) on the points allowed by C)
65 Conclusions
66 Conclusions Can we constrain other cryptographic primitives, such as pseudorandom permutations (PRPs)?
67 Conclusions Can we constrain other cryptographic primitives, such as pseudorandom permutations (PRPs)? Constrained PRPs for many natural classes of constraints do not exist
68 Conclusions Can we constrain other cryptographic primitives, such as pseudorandom permutations (PRPs)? Constrained PRPs for many natural classes of constraints do not exist (Single-key) circuit-constrained invertible pseudorandom functions (IPFs) where the range is superpolynomially larger than the domain can be constructed from standard lattice assumptions
69 Open Problems Can we construct constrained PRPs for sufficiently restrictive constraint classes (e.g., prefix-constrained PRPs)?
70 Open Problems Can we construct constrained PRPs for sufficiently restrictive constraint classes (e.g., prefix-constrained PRPs)? Can we build puncturable IPFs from weaker assumptions?
71 Open Problems Can we construct constrained PRPs for sufficiently restrictive constraint classes (e.g., prefix-constrained PRPs)? Can we build puncturable IPFs from weaker assumptions? Can we construct a multi-key circuit-constrained IPF from standard assumptions?
72 Open Problems Can we construct constrained PRPs for sufficiently restrictive constraint classes (e.g., prefix-constrained PRPs)? Can we build puncturable IPFs from weaker assumptions? Can we construct a multi-key circuit-constrained IPF from standard assumptions? Thank you!
Constraining Pseudorandom Functions Privately
Constraining Pseudorandom Functions Privately David Wu Stanford University Joint work with Dan Boneh and Kevin Lewi Pseudorandom Functions (PRFs) [GGM84] : Pseudorandom Funs, Random, Constrained PRFs [BW13,
More informationProtecting Patient Privacy in Genomic Analysis
Protecting Patient Privacy in Genomic Analysis David Wu Stanford University based on joint works with: Gill Bejerano, Bonnie Berger, Johannes A. Birgmeier, Dan Boneh, Hyunghoon Cho, and Karthik A. Jagadeesh
More informationProtecting Patient Privacy in Genomic Analysis
Protecting Patient Privacy in Genomic Analysis David Wu Stanford University based on joint works with: Gill Bejerano, Bonnie Berger, Johannes A. Birgmeier, Dan Boneh, Hyunghoon Cho, and Karthik A. Jagadeesh
More informationSecure Grouping and Aggregation with MapReduce
1/27 Secure Grouping and Aggregation with MapReduce Radu Ciucanu Matthieu Giraud Pascal Lafourcade Lihua Ye 28 July 2018 SECRYPT, Porto 2/27 Example of Grouping and Aggregation Name Department Salary Alice
More informationDesign Strategies for ARX with Provable Bounds: SPARX and LAX
Design Strategies for ARX with Provable Bounds: SPARX and LAX Daniel Dinu 1, Léo Perrin 1, Aleksei Udovenko 1, Vesselin Velichkov 1, Johann Großschädl 1, Alex Biryukov 1 1 SnT, University of Luxembourg
More informationSeamless Audio Splicing for ISO/IEC Transport Streams
Seamless Audio Splicing for ISO/IEC 13818 Transport Streams A New Framework for Audio Elementary Stream Tailoring and Modeling Seyfullah Halit Oguz, Ph.D. and Sorin Faibish EMC Corporation Media Solutions
More informationChapter IV. Information Transfer Rate
The goal of the experiments on information transfer rate was to assess the dynamic information transmission capabilities with the TACTUATOR. The IT rate is defined as the product of information transfer
More informationAuthentication in dynamic groups using Identity-based Signatures
Nils gentschen Felde, Sophia Grundner-Culemann, Tobias Guggemos Munich Network Management-Team Ludwig-Maximilians-Universität München Authentication in dynamic groups using Identity-based Signatures October
More informationLECTURE 5: REACTIVE AND HYBRID ARCHITECTURES
Reactive Architectures LECTURE 5: REACTIVE AND HYBRID ARCHITECTURES An Introduction to MultiAgent Systems http://www.csc.liv.ac.uk/~mjw/pubs/imas There are many unsolved (some would say insoluble) problems
More informationThe Knapsack Problem
Spring 2010 Chris Christensen HNR 304 The Knapsack Problem In 1978, Merkel and Hellman published a public-key encryption system based upon the knapsack problem ("Hiding information and signatures in trapdoor
More informationA Brief Introduction to Bayesian Statistics
A Brief Introduction to Statistics David Kaplan Department of Educational Psychology Methods for Social Policy Research and, Washington, DC 2017 1 / 37 The Reverend Thomas Bayes, 1701 1761 2 / 37 Pierre-Simon
More informationCPSC 121 Some Sample Questions for the Final Exam
CPSC 121 Some Sample Questions for the Final Exam [0] 1. Tautologies and Contradictions: Determine whether the following statements are tautologies (definitely true), contradictions (definitely false),
More informationSome Thoughts on the Principle of Revealed Preference 1
Some Thoughts on the Principle of Revealed Preference 1 Ariel Rubinstein School of Economics, Tel Aviv University and Department of Economics, New York University and Yuval Salant Graduate School of Business,
More informationStephan Kleber, Rens W. van der Heijden, Henning Kopp, Frank Kargl Terrorist Fraud resistance of DBPs employing PUFs
Stephan Kleber, Rens W. van der Heijden, Henning Kopp, Frank Kargl 12.03.2015 Terrorist Fraud resistance of DBPs employing PUFs NetSys 2015 2 Terrorist Fraud resistance of DBPs employing PUFs S. Kleber,
More informationA Decision-Theoretic Approach to Evaluating Posterior Probabilities of Mental Models
A Decision-Theoretic Approach to Evaluating Posterior Probabilities of Mental Models Jonathan Y. Ito and David V. Pynadath and Stacy C. Marsella Information Sciences Institute, University of Southern California
More informationEstimating Heterogeneous Choice Models with Stata
Estimating Heterogeneous Choice Models with Stata Richard Williams Notre Dame Sociology rwilliam@nd.edu West Coast Stata Users Group Meetings October 25, 2007 Overview When a binary or ordinal regression
More informationA Computational Theory of Belief Introspection
A Computational Theory of Belief Introspection Kurt Konolige Artificial Intelligence Center SRI International Menlo Park, California 94025 Abstract Introspection is a general term covering the ability
More informationOn the diversity principle and local falsifiability
On the diversity principle and local falsifiability Uriel Feige October 22, 2012 1 Introduction This manuscript concerns the methodology of evaluating one particular aspect of TCS (theoretical computer
More informationLearning Deterministic Causal Networks from Observational Data
Carnegie Mellon University Research Showcase @ CMU Department of Psychology Dietrich College of Humanities and Social Sciences 8-22 Learning Deterministic Causal Networks from Observational Data Ben Deverett
More informationPlan Recognition through Goal Graph Analysis
Plan Recognition through Goal Graph Analysis Jun Hong 1 Abstract. We present a novel approach to plan recognition based on a two-stage paradigm of graph construction and analysis. First, a graph structure
More informationTopology of prion proteins
Tohoku Knot Seminar(Oct. 15, 2011) Topology of prion proteins A joint work with Kayo Yoshida Akio Kawauchi Osaka City University Preprint is available from http://www.sci.osakacu.ac.jp/~kawauchi/topologyofprionproteins.pdf
More informationAssurance Activities Ensuring Triumph, Avoiding Tragedy Tony Boswell
Assurance Activities Ensuring Triumph, Avoiding Tragedy Tony Boswell CLEF Technical Manager SiVenture 1 Overview What are Assurance Activities? How do they relate to earlier CC work? What are we looking
More informationUNIVERSITY OF OSLO DEPARTMENT OF ECONOMICS
UNIVERSITY OF OSLO DEPARTMENT OF ECONOMICS Take home exam: ECON5200/9200 Advanced Microeconomics Exam period: Monday 11 December at 09.00 to Thursday 14 December at 15.00 Guidelines: Submit your exam answer
More informationList of Figures. List of Tables. Preface to the Second Edition. Preface to the First Edition
List of Figures List of Tables Preface to the Second Edition Preface to the First Edition xv xxv xxix xxxi 1 What Is R? 1 1.1 Introduction to R................................ 1 1.2 Downloading and Installing
More informationIEEE SIGNAL PROCESSING LETTERS, VOL. 13, NO. 3, MARCH A Self-Structured Adaptive Decision Feedback Equalizer
SIGNAL PROCESSING LETTERS, VOL 13, NO 3, MARCH 2006 1 A Self-Structured Adaptive Decision Feedback Equalizer Yu Gong and Colin F N Cowan, Senior Member, Abstract In a decision feedback equalizer (DFE),
More informationACE Personal Trainer Manual, 4 th edition. Chapter 10: Resistance Training: Programming and Progressions
ACE Personal Trainer Manual, 4 th edition Chapter 10: Resistance Training: Programming and Progressions 1 Learning Objectives This session, which is based on Chapter 10 of the ACE Personal Trainer Manual,
More informationDynamic Causal Modeling
Dynamic Causal Modeling Hannes Almgren, Frederik van de Steen, Daniele Marinazzo daniele.marinazzo@ugent.be @dan_marinazzo Model of brain mechanisms Neural populations Neural model Interactions between
More informationModel calibration and Bayesian methods for probabilistic projections
ETH Zurich Reto Knutti Model calibration and Bayesian methods for probabilistic projections Reto Knutti, IAC ETH Toy model Model: obs = linear trend + noise(variance, spectrum) 1) Short term predictability,
More informationPERFUSION MRI CONTRAST BASED TECHNIQUES
PERFUSION MRI CONTRAST BASED TECHNIQUES by Kenny K Israni Mar 28, 2006 PERFUSION - MRI Dynamic Susceptibility contrast Dynamic Relaxivity contrast STEADY-STATE STATE TECHNIQUES Steady-state Susceptibility
More informationLecture 2: Learning and Equilibrium Extensive-Form Games
Lecture 2: Learning and Equilibrium Extensive-Form Games III. Nash Equilibrium in Extensive Form Games IV. Self-Confirming Equilibrium and Passive Learning V. Learning Off-path Play D. Fudenberg Marshall
More informationCourse Syllabus. Operating Systems, Spring 2016, Meni Adler, Danny Hendler and Amnon Meisels 1 3/14/2016
Course Syllabus. Introduction - History; Views; Concepts; Structure 2. Process Management - Processes; State + Resources; Threads; Unix implementation of Processes 3. Scheduling Paradigms; Unix; Modeling
More informationJitter-aware time-frequency resource allocation and packing algorithm
Jitter-aware time-frequency resource allocation and packing algorithm The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters. Citation As
More informationHow an Understanding of Neuroscience Helps Create and Sustain a Thriving Workforce
How an Understanding of Neuroscience Helps Create and Sustain a Thriving Workforce Stefanie Nieto Johnson, MSW ACC 2018 NSWM Conference San Diego, California * All information/materials used only with
More informationOptimal Delivery of Chemotherapeutic Agents in Cancer
16th European Symposium on Computer Aided Process Engineering and 9th International Symposium on Process Systems Engineering W. Marquardt, C. Pantelides (Editors) 2006 Published by Elsevier B.V. 1643 Optimal
More informationOpportunities and Challenges for HIV and STD Data Sharing: Data to Care Realities PLENARY 4 11/28/2017
Opportunities and Challenges for HIV and STD Data Sharing: Data to Care Realities PLENARY 4 11/28/2017 Julie Arena, J.D. Health Program Specialist, CDPH Office of AIDS Will Wheeler, Ph.D., MPH Clinical
More informationLecture 2: Foundations of Concept Learning
Lecture 2: Foundations of Concept Learning Cognitive Systems - Machine Learning Part I: Basic Approaches to Concept Learning Version Space, Candidate Elimination, Inductive Bias last change October 18,
More informationCreating a Leading Global HBV Therapeutics Company. ARB-1467 Update Call December 12, 2016
Creating a Leading Global HBV Therapeutics Company ARB-1467 Update Call December 12, 2016 NASDAQ: ABUS www.arbutusbio.com Forward Looking Statements This presentation contains forward-looking statements
More informationmicrorna-21 contributes to kinase signalling in fibroblasts Thum et al (2008), Nature AOP December 1, 2008
microrna-21 contributes to myocardial disease by stimulating MAP kinase signalling in fibroblasts Thum et al (2008), Nature AOP December 1, 2008 Safe Harbor Statement This presentation includes forward-looking
More informationImproving Envelopment in Data Envelopment Analysis by Means of Unobserved DMUs: An Application of Banking Industry
Journal of Quality Engineering and Production Optimization Vol. 1, No. 2, PP. 71-80, July Dec. 2015 Improving Envelopment in Data Envelopment Analysis by Means of Unobserved DMUs: An Application of Banking
More informationWill now consider in detail the effects of relaxing the assumption of infinite-population size.
FINITE POPULATION SIZE: GENETIC DRIFT READING: Nielsen & Slatkin pp. 21-27 Will now consider in detail the effects of relaxing the assumption of infinite-population size. Start with an extreme case: a
More informationTitle: A new statistical test for trends: establishing the properties of a test for repeated binomial observations on a set of items
Title: A new statistical test for trends: establishing the properties of a test for repeated binomial observations on a set of items Introduction Many studies of therapies with single subjects involve
More informationUtrophin Modulation: A Universal Treatment Approach to DMD. End Duchenne Tour April 2018
Utrophin Modulation: A Universal Treatment Approach to DMD April 2018 Legal Disclaimer Statements in this presentation, other than statements of historical fact, constitute forward-looking statements within
More informationArtificial Cognitive Systems
Artificial Cognitive Systems David Vernon Carnegie Mellon University Africa vernon@cmu.edu www.vernon.eu Artificial Cognitive Systems 1 Carnegie Mellon University Africa Lecture 2 Paradigms of Cognitive
More informationPlan Recognition through Goal Graph Analysis
Plan Recognition through Goal Graph Analysis Jun Hong 1 Abstract. We present a novel approach to plan recognition based on a two-stage paradigm of graph construction and analysis. First, a graph structure
More informationA Survey of Techniques for Optimizing Multiresponse Experiments
A Survey of Techniques for Optimizing Multiresponse Experiments Flavio S. Fogliatto, Ph.D. PPGEP / UFRGS Praça Argentina, 9/ Sala 402 Porto Alegre, RS 90040-020 Abstract Most industrial processes and products
More informationLecture 2.1 What is Perception?
Lecture 2.1 What is Perception? A Central Ideas in Perception: Perception is more than the sum of sensory inputs. It involves active bottom-up and topdown processing. Perception is not a veridical representation
More informationTesting the robustness of anonymization techniques: acceptable versus unacceptable inferences - Draft Version
Testing the robustness of anonymization techniques: acceptable versus unacceptable inferences - Draft Version Gergely Acs, Claude Castelluccia, Daniel Le étayer 1 Introduction Anonymization is a critical
More informationReference Dependence In the Brain
Reference Dependence In the Brain Mark Dean Behavioral Economics G6943 Fall 2015 Introduction So far we have presented some evidence that sensory coding may be reference dependent In this lecture we will
More informationObjective: Understand Bayes Rule. Bayesian Perception. Priors and Perception. Structure
Bayesian Perception Objective: Understand Bayes Rule If I hadn t believed it, I would never have seen it Anon. Reverend Thomas Bayes (1701-1761) p(s j I) = p(i S j ) p(s j ) / p(i) or (almost) equivalently
More informationSolutions for Chapter 2 Intelligent Agents
Solutions for Chapter 2 Intelligent Agents 2.1 This question tests the student s understanding of environments, rational actions, and performance measures. Any sequential environment in which rewards may
More informationNormality and Faults in Logic-Based Diagnosis*
Normality and Faults in Logic-Based Diagnosis* David Poole Department of Computer Science, University of British Columbia, Vancouver, B. C, Canada, V6T1W5 poole@cs.ubc.ca Abstract Is there one logical
More informationBayesOpt: Extensions and applications
BayesOpt: Extensions and applications Javier González Masterclass, 7-February, 2107 @Lancaster University Agenda of the day 9:00-11:00, Introduction to Bayesian Optimization: What is BayesOpt and why it
More informationICS 606. Intelligent Autonomous Agents 1. Intelligent Autonomous Agents ICS 606 / EE 606 Fall Reactive Architectures
Intelligent Autonomous Agents ICS 606 / EE 606 Fall 2011 Nancy E. Reed nreed@hawaii.edu 1 Lecture #5 Reactive and Hybrid Agents Reactive Architectures Brooks and behaviors The subsumption architecture
More informationThe Message or the Messenger? Inferring Virality and Diffusion Structure from Online Petition Signature Data
The Message or the Messenger? Inferring Virality and Diffusion Structure from Online Petition Signature Data Chi Ling Chan, Justin Lai, Bryan Hooi*, Todd Davies Stanford University * Carnegie Mellon University
More informationLicensure Portability Resource Guide FSBPT. Ethics & Legislation Committee Foreign Educated Standards 12/17/2015
2015 Licensure Portability Resource Guide FSBPT Ethics & Legislation Committee Foreign Educated Standards 12/17/2015 Licensure Portability Resource Guide Introduction In the current health care environment,
More informationMATH : Design and Analysis of Clinical Trials
MATH 654-102: Design and Analysis of Clinical Trials MID-TERM EXAM Spring, 2012 (Time allowed: TWO AND HALF HOURS) INSTRUCTIONS TO STUDENTS: 1. This test contains FIVE questions and comprises SIX printed
More informationPositive and Unlabeled Relational Classification through Label Frequency Estimation
Positive and Unlabeled Relational Classification through Label Frequency Estimation Jessa Bekker and Jesse Davis Computer Science Department, KU Leuven, Belgium firstname.lastname@cs.kuleuven.be Abstract.
More informationAnti-IL-33 (ANB020) Program
Anti-IL-33 (ANB020) Program Phase 2a Peanut Allergy Clinical Trial Interim Data Update March 26 th 2018 NASDAQ: ANAB Safe Harbor Statement This presentation and the accompanying oral presentation contain
More informationAdvances in model-based gene-set analysis
Advances in model-based gene-set analysis Michael Newton, UW Madison BBB-7, February 13, 2014 Copyright M.A. Newton first a short story about tumor polyclonality normal tissue tumor tissue The Biology
More informationWord Association Type and the Temporal Stacking of Responses
JOURNAL OF VERBAL LEARNING AND VERBAL BEHAVIOR 9, 207-211 (1970) Word Association Type and the Temporal Stacking of Responses JOHN C. MASTERS University of Minnesota, Minneapolis, Minnesota 55455 GARY
More informationGame Theoretic Statistics
Game Theoretic Statistics Glenn Shafer CWI, Amsterdam, December 17, 2018 Game theory as an alternative foundation for probability Using the game theoretic foundation in statistics 1 May 2019 2 ON THE BACK
More informationPART - A 1. Define Artificial Intelligence formulated by Haugeland. The exciting new effort to make computers think machines with minds in the full and literal sense. 2. Define Artificial Intelligence
More informationGoal Recognition through Goal Graph Analysis
Journal of Artificial Intelligence Research 15 (2001) 1-30 Submitted 11/00; published 7/01 Goal Recognition through Goal Graph Analysis Jun Hong School of Information and Software Engineering University
More informationImage, Identity and New Media - The notion of identity. Laurent Di Filippo
Image, Identity and New Media - The notion of identity Laurent Di Filippo laurent.difilippo@im.uu.se Aims of the Course Investigate some definitions of the notion of identity Undertand how to use this
More informationUniversity of Bristol - Explore Bristol Research. Peer reviewed version. Link to publication record in Explore Bristol Research PDF-document
Araiza Illan, D., Pipe, A. G., & Eder, K. I. (2016). Intelligent Agent-Based Stimulation for Testing RoboticaSoftware in Human-Robot Interaction. arxiv, [1604.05508]. Peer reviewed version Link to publication
More informationStructural Equation Modeling (SEM)
Structural Equation Modeling (SEM) Today s topics The Big Picture of SEM What to do (and what NOT to do) when SEM breaks for you Single indicator (ASU) models Parceling indicators Using single factor scores
More informationLearning the Fine-Grained Information Status of Discourse Entities
Learning the Fine-Grained Information Status of Discourse Entities Altaf Rahman and Vincent Ng Human Language Technology Research Institute The University of Texas at Dallas Plan for the talk What is Information
More informationEIF PROGRAMME REPORT TODDLER-PARENT PSYCHOTHERAPY JULY 2016 FOUNDATIONS FOR LIFE
EIF PROGRAMME REPORT TODDLER-PARENT PSYCHOTHERAPY JULY 2016 2 How to read an EIF Programme Report This Programme Report should be read in conjunction with our guidance on How to read an EIF Programme Report,
More informationC/S/E/L :2008. On Analytical Rigor A Study of How Professional Intelligence Analysts Assess Rigor. innovations at the intersection of people,
C/S/E/L :2008 innovations at the intersection of people, technology, and work. On Analytical Rigor A Study of How Professional Intelligence Analysts Assess Rigor Daniel J. Zelik The Ohio State University
More informationArtificial Intelligence and Human Thinking. Robert Kowalski Imperial College London
Artificial Intelligence and Human Thinking Robert Kowalski Imperial College London 1 Artificial Intelligence and Human Thinking The Abductive Logic Programming (ALP) agent model as a unifying framework
More informationNew ways of analysing sequences of actions (with an application to the predatory behaviour of Eurobellia Moesta)
March 31 1984 Outline of a seminar given in Cambridge 1 by H. Rouanet and J.-M. Bernard 2 New ways of analysing sequences of actions (with an application to the predatory behaviour of Eurobellia Moesta)
More informationColor Science and Spectrum Inversion: A Reply to Nida-Rümelin
Consciousness and Cognition 8, 566 570 (1999) Article ID ccog.1999.0418, available online at http://www.idealibrary.com on Color Science and Spectrum Inversion: A Reply to Nida-Rümelin Peter W. Ross Department
More informationModule 3 - Scientific Method
Module 3 - Scientific Method Distinguishing between basic and applied research. Identifying characteristics of a hypothesis, and distinguishing its conceptual variables from operational definitions used
More informationCryptography and related topics in Privacy, Security and Theoretical Computer Science.
Dakshita Khurana Phone: +1 (720) 272 7189 Email: dakshita@cs.ucla.edu WebURL: http://web.cs.ucla.edu/~dakshita/ Research Interests Cryptography and related topics in Privacy, Security and Theoretical Computer
More informationLegislative Report: 5010/ICD-10 --------------------------------- WEDI EHR Work Group: Electronic Health Record Product and Vendor Profile Site (Draft) Robert M. Tennant MGMA Co-chair, WEDI EHR WG HR 4157
More informationTitle: New Perspectives on the Synthetic Control Method. Authors: Eli Ben-Michael, UC Berkeley,
Title: New Perspectives on the Synthetic Control Method Authors: Eli Ben-Michael, UC Berkeley, ebenmichael@berkeley.edu Avi Feller, UC Berkeley, afeller@berkeley.edu [presenting author] Jesse Rothstein,
More informationUSPSTF Draft Recommendations Investor Call. October 6, 2015
USPSTF Draft Recommendations Investor Call October 6, 2015 v Safe Harbor Statement Certain statements made in this presentation contain forward-looking statements within the meaning of Section 27A of the
More information1 What is an Agent? CHAPTER 2: INTELLIGENT AGENTS
1 What is an Agent? CHAPTER 2: INTELLIGENT AGENTS http://www.csc.liv.ac.uk/ mjw/pubs/imas/ The main point about agents is they are autonomous: capable of acting independently, exhibiting control over their
More informationRANDOMIZATION. Outline of Talk
RANDOMIZATION Basic Ideas and Insights Marvin Zelen Harvard University Graybill Conference Ft.Collins, Colorado June 11, 2008 Outline of Talk Introduction Randomized vs. Observational Studies Conditioning
More informationLiver Transplants For Alcoholics, By: Nathan Patel. Brudney s discussion on the issue of liver transplants for alcoholics attempts to
Liver Transplants For Alcoholics, By: Nathan Patel Brudney s discussion on the issue of liver transplants for alcoholics attempts to defend their moral rights to liver donation. The ratio of available
More informationDear Member: We look forward to serving you. Sincerely, Express Scripts
Dear Member: Welcome to Express Scripts, the company Eastern Kentucky University has chosen to manage your prescription drug plan. As one of the nation s leading prescription benefit managers, Express
More informationCOMMITMENT. &SOLUTIONS Act like someone s life depends on what we do. UNPARALLELED
Presented to: 4th Annual SERC Doctoral Students Forum 16 December 2016 UNPARALLELED COMMITMENT &SOLUTIONS Act like someone s life depends on what we do. U.S. ARMY ARMAMENT RESEARCH, DEVELOPMENT & ENGINEERING
More informationIntroduction. We can make a prediction about Y i based on X i by setting a threshold value T, and predicting Y i = 1 when X i > T.
Diagnostic Tests 1 Introduction Suppose we have a quantitative measurement X i on experimental or observed units i = 1,..., n, and a characteristic Y i = 0 or Y i = 1 (e.g. case/control status). The measurement
More informationChapter 8 Multioperand Addition
Chapter 8 Multioperand Addition Using Two-Operand Adders Carry-Save Adders Wallace and Dadda Trees Parallel Counters Generalized Parallel Counters Adding Multiple Signed Numbers Ch 8. Multioperand Addition
More informationTest design automation: equivalence classes, boundaries, edges and corner cases
Abstract design automation: equivalence classes, boundaries, edges and corner cases George B. Sherwood cover.com, LLC Colts Neck, NJ USA An embedded functions feature is under development for the cover.com
More informationTowards Desynchronization of Multi-hop Topologies
Towards Desynchronization of Multi-hop Topologies Julius Degesys and Radhika Nagpal School of Engineering and Applied Sciences, Harvard University E-mail: {degesys,rad}@eecs.harvard.edu Abstract In this
More informationThe FAO method to estimate the Prevalence of Undernourishment Undernourishment
The FAO method to estimate the Prevalence of Undernourishment Undernourishment Conceptually it is the condition of not being adequately nourished Operationally, it is the condition by which a household
More informationStepwise Knowledge Acquisition in a Fuzzy Knowledge Representation Framework
Stepwise Knowledge Acquisition in a Fuzzy Knowledge Representation Framework Thomas E. Rothenfluh 1, Karl Bögl 2, and Klaus-Peter Adlassnig 2 1 Department of Psychology University of Zurich, Zürichbergstraße
More informationMMSE Interference in Gaussian Channels 1
MMSE Interference in Gaussian Channels Shlomo Shamai Department of Electrical Engineering Technion - Israel Institute of Technology 202 Information Theory and Applications Workshop 5-0 February, San Diego
More informationInference of Isoforms from Short Sequence Reads
Inference of Isoforms from Short Sequence Reads Tao Jiang Department of Computer Science and Engineering University of California, Riverside Tsinghua University Joint work with Jianxing Feng and Wei Li
More informationarxiv: v3 [stat.ml] 27 Mar 2018
ATTACKING THE MADRY DEFENSE MODEL WITH L 1 -BASED ADVERSARIAL EXAMPLES Yash Sharma 1 and Pin-Yu Chen 2 1 The Cooper Union, New York, NY 10003, USA 2 IBM Research, Yorktown Heights, NY 10598, USA sharma2@cooper.edu,
More information@sssftnhs. sssft.nhs.uk
Research Title Developing professional identity in occupational therapy: a phenomenological study of newly qualified staff and their experiences in the preceptorship period. Research Aims The overall aim
More informationStochastic Elements in Models to Support Disease Control Policy How Much Detail is Enough?
Stochastic Elements in Models to Support Disease Control Policy How Much Detail is Enough? MARGARET BRANDEAU Department of Management Science & Engineering Department of Medicine Stanford University Agenda
More informationCHAPTER 6 HUMAN BEHAVIOR UNDERSTANDING MODEL
127 CHAPTER 6 HUMAN BEHAVIOR UNDERSTANDING MODEL 6.1 INTRODUCTION Analyzing the human behavior in video sequences is an active field of research for the past few years. The vital applications of this field
More informationPre-Marital Sexual Anxiety among Adolescents
EUROPEAN ACADEMIC RESEARCH Vol. II, Issue 4/ July 2014 ISSN 2286-4822 www.euacademic.org Impact Factor: 3.1 (UIF) DRJI Value: 5.9 (B+) Pre-Marital Sexual Anxiety among Adolescents ARUN PAUL MPhil, Department
More informationUnifying Data-Directed and Goal-Directed Control: An Example and Experiments
Unifying Data-Directed and Goal-Directed Control: An Example and Experiments Daniel D. Corkill, Victor R. Lesser, and Eva Hudlická Department of Computer and Information Science University of Massachusetts
More informationCOMPARATIVE STUDY OF JOB SATISFACTION OF PROFESSIONAL COLLEGE AND ACADEMIC COLLEGE TEACHERS OF SANT GADGE BABA AMRAVATI UNIVERSITY
COMPARATIVE STUDY OF JOB SATISFACTION OF PROFESSIONAL COLLEGE AND ACADEMIC COLLEGE TEACHERS OF SANT GADGE BABA AMRAVATI UNIVERSITY Junghare Gaurav Prabhakarrao* *Scholar, S.G.B., Amravati University, Amravati
More information19th AWCBR (Australian Winter Conference on Brain Research), 2001, Queenstown, AU
19th AWCBR (Australian Winter Conference on Brain Research), 21, Queenstown, AU https://www.otago.ac.nz/awcbr/proceedings/otago394614.pdf Do local modification rules allow efficient learning about distributed
More informationThe Mythos of Model Interpretability
The Mythos of Model Interpretability Zachary C. Lipton https://arxiv.org/abs/1606.03490 Outline What is interpretability? What are its desiderata? What model properties confer interpretability? Caveats,
More information