Search

Your search keyword '"Nilanjan Datta"' showing total 64 results
Start Over Author "Nilanjan Datta"
64 results on '"Nilanjan Datta"'

1. Cascading Four Round LRW1 is Beyond Birthday Bound Secure

Author

Nilanjan Datta, Shreya Dey, Avijit Dutta, and Sougata Mandal

Subjects
Tweakable Block Cipher, Cascaded LRW1, Beyond Birthday Bound Security, Mirror Theory, Expectation Method, Computer engineering. Computer hardware, TK7885-7895
Abstract

In CRYPTO’02, Liskov et al. introduced the concept of a tweakable block cipher, a novel symmetric key primitive with promising applications. They put forth two constructions for designing such tweakable block ciphers from conventional block ciphers: LRW1 and LRW2. While subsequent efforts extended LRW2 to achieve security beyond the birthday bound (e.g., cascaded LRW2 in CRYPTO’12 by Landecker et al.), the extension of LRW1 remained unexplored until Bao et al.’s work in EUROCRYPT’20 that considered cascaded LRW1, a one-round extension of LRW1 - entailing masking the LRW1 output with the given tweak and re-encrypting it with the same block cipher. They showed that CLRW1 offers security up to 22n/3 queries. However, this result was challenged by Khairallah’s recent birthday bound distinguishing attack on cascaded LRW1, effectively refuting the security claim of Bao et al. Consequently, a pertinent research question emerges: How many rounds of cascaded LRW1 are required to obtain security beyond the birthday bound? This paper addresses this question by establishing that cascading LRW1 for four rounds suffices to ensure security beyond the birthday bound. Specifically, we demonstrate that 4 rounds of CLRW1 guarantees security for up to 23n/4 queries. Our security analysis is based from recent advancements in the mirror theory technique for tweakable random permutations, operating within the framework of the Expectation Method.

Published
2023
Full Text
View/download PDF

2. Tight Multi-User Security Bound of DbHtS

Author

Nilanjan Datta, Avijit Dutta, Mridul Nandi, and Suprita Talnikar

Subjects
DbHtS, PRF, Polyhash, Tight Multi-user Security, H-Coefficient Technique, Mirror Theory, Computer engineering. Computer hardware, TK7885-7895
Abstract

In CRYPTO’21, Shen et al. proved that Two-Keyed-DbHtS construction is secure up to 22n/3 queries in the multi-user setting independent of the number of users. Here the underlying double-block hash function H of the construction realized as the concatenation of two independent n-bit keyed hash functions (HKh,1,HKh,2), and the security holds under the assumption that each of the n-bit keyed hash function is universal and regular. The authors have also demonstrated the applicability of their result to the key-reduced variants of DbHtS MACs, including 2K-SUM-ECBC, 2K-PMAC_Plus and 2K-LightMAC_Plus without requiring domain separation technique and proved 2n/3-bit multi-user security of these constructions in the ideal cipher model. Recently, Guo and Wang have invalidated the security claim of Shen et al.’s result by exhibiting three constructions, which are instantiations of the Two-Keyed-DbHtS framework, such that each of their n-bit keyed hash functions are O(2−n) universal and regular, while the constructions themselves are secure only up to the birthday bound. In this work, we show a sufficient condition on the underlying Double-block Hash (DbH) function, under which we prove an improved 3n/4-bit multi-user security of the Two-Keyed-DbHtS construction in the ideal-cipher model. To be more precise, we show that if each of the n-bit keyed hash function is universal, regular, and cross-collision resistant then it achieves the desired security. As an instantiation, we show that two-keyed Polyhash-based DbHtS construction is multi-user secure up to 23n/4 queries in the ideal-cipher model. Furthermore, due to the generic attack on DbHtS constructions by Leurent et al. in CRYPTO’18, our derived bound for the construction is tight.

Published
2023
Full Text
View/download PDF

3. Improved Security Bound of (E/D)WCDM

Author

Nilanjan Datta, Avijit Dutta, and Kushankur Dutta

Subjects
Wegman Carter, Extended Mirror Theory, Nonce Based MAC, EWCDM, DWCDM, Computer engineering. Computer hardware, TK7885-7895
Abstract

In CRYPTO’16, Cogliati and Seurin proposed a block cipher based nonce based MAC, called Encrypted Wegman-Carter with Davies-Meyer (EWCDM), that gives 2n/3 bit MAC security in the nonce respecting setting and n/2 bit security in the nonce misuse setting, where n is the block size of the underlying block cipher. However, this construction requires two independent block cipher keys. In CRYPTO’18, Datta et al. came up with a single-keyed block cipher based nonce based MAC, called Decrypted Wegman-Carter with Davies-Meyer (DWCDM), that also provides 2n/3 bit MAC security in the nonce respecting setting and n/2 bit security in the nonce misuse setting. However, the drawback of DWCDM is that it takes only 2n/3 bit nonce. In fact, authors have shown that DWCDM cannot achieve beyond the birthday bound security with n bit nonces. In this paper, we prove that DWCDM with 3n/4 bit nonces provides MAC security up to O(23n/4) MAC queries against all nonce respecting adversaries. We also improve the MAC bound of EWCDM from 2n/3 bit to 3n/4 bit. The backbone of these two results is a refined treatment of extended mirror theory that systematically estimates the number of solutions to a system of bivariate affine equations and non-equations, which we apply on the security proofs of the constructions to achieve 3n/4 bit security.

Published
2021
Full Text
View/download PDF

4. ESTATE: A Lightweight and Low Energy Authenticated Encryption Mode

Author

Avik Chakraborti, Nilanjan Datta, Ashwin Jha, Cuauhtemoc Mancillas-López, Mridul Nandi, and Yu Sasaki

Subjects
SUNDAE, TweAES, TweGIFT, tBC, authenticated encryption, lightweight, Computer engineering. Computer hardware, TK7885-7895
Abstract

NIST has recently initiated a standardization project for efficient lightweight authenticated encryption schemes. SUNDAE, a candidate in this project, achieves optimal state size which results in low circuit overhead on top of the underlying block cipher. In addition, SUNDAE provides security in nonce-misuse scenario as well. However, in addition to the block cipher circuit, SUNDAE also requires some additional circuitry for multiplication by a primitive element. Further, it requires an additional block cipher invocation to create the starting state. In this paper, we propose a new lightweight and low energy authenticated encryption family, called ESTATE, that significantly improves the design of SUNDAE in terms of implementation costs (both hardware area and energy) and efficient processing of short messages. In particular, ESTATE does not require an additional multiplication circuit, and it reduces the number of block cipher calls by one. Moreover, it provides integrity security even under the release of unverified plaintext (or RUP) model. ESTATE is based on short-tweak tweakable block ciphers (or tBC, small ’t’ denotes short tweaks) and we instantiate it with two recently designed tBCs: TweAES and TweGIFT. We also propose a low latency variant of ESTATE, called sESTATE, that uses a round-reduced (6 rounds) variant of TweAES called TweAES-6. We provide comprehensive FPGA based hardware implementation for all the three instances. The implementation results depict that ESTATE_TweGIFT-128 (681 LUTs, 263 slices) consumes much lesser area as compared to SUNDAE_GIFT-128 (931 LUTs, 310 slices). When we moved to the AES variants, along with the area-efficiency (ESTATE_TweAES consumes 1901 LUTs, 602 slices while SUNDAE_AES-128 needs 1922 LUTs, 614 slices), we also achieve higher throughput for short messages (For 16-byte message, a throughput of 1251.10 and 945.36 Mbps for ESTATE_TweAES and SUNDAE_AES-128 respectively).

Published
2020
Full Text
View/download PDF

5. From Combined to Hybrid: Making Feedback-based AE even Smaller

Author

Avik Chakraborti, Nilanjan Datta, Ashwin Jha, Snehal Mitragotri, and Mridul Nandi

Subjects
COFB, feedback functions, authenticated encryption, lightweight, lower bound, Computer engineering. Computer hardware, TK7885-7895
Abstract

In CHES 2017, Chakraborti et al. proposed COFB, a rate-1 sequential block cipher-based authenticated encryption (AE) with only 1.5n-bit state, where n denotes the block size. They used a novel approach, the so-called combined feedback, where each block cipher input has a combined effect of the previous block cipher output and the current plaintext block. In this paper, we first study the security of a general rate-1 feedback-based AE scheme in terms of its overall internal state size. For a large class of feedback functions, we show that the overlying AE scheme can be attacked in 2r queries if the internal state size is n + r bits for some r ≥ 0. This automatically shows that a birthday bound (i.e. 2n/2 queries) secure AE scheme must have at least 1.5n-bit state, whence COFB is almost-optimal (use 1.5n-bit state and provides security up to 2n/2/n queries). We propose a new feedback function, called the hybrid feedback or HyFB, which is a hybrid composition of plaintext and ciphertext feedbacks. HyFB has a key advantage of lower XOR counts over the combined feedback function. This essentially helps in reducing the hardware footprint. Based on HyFB we propose a new AE scheme, called HyENA, that achieves the state size, rate, and security of COFB. In addition, HyENA has significantly lower XOR counts as compared to COFB, whence it is expected to have a smaller implementation as compared to COFB.

Published
2020
Full Text
View/download PDF

6. Release of Unverified Plaintext: Tight Unified Model and Application to ANYDAE

Author

Donghoon Chang, Nilanjan Datta, Avijit Dutta, Bart Mennink, Mridul Nandi, Somitra Sanadhya, and Ferdinand Sibleyras

Subjects
authenticated encryption, release of unverified plaintext, AERUP, generalization, SUNDAE, ANYDAE, Computer engineering. Computer hardware, TK7885-7895
Abstract

Authenticated encryption schemes are usually expected to offer confidentiality and authenticity. In case of release of unverified plaintext (RUP), an adversary gets separated access to the decryption and verification functionality, and has more power in breaking the scheme. Andreeva et al. (ASIACRYPT 2014) formalized RUP security using plaintext awareness, informally meaning that the decryption functionality gives no extra power in breaking confidentiality, and INT-RUP security, covering authenticity in case of RUP. We describe a single, unified model, called AERUP security, that ties together these notions: we prove that an authenticated encryption scheme is AERUP secure if and only if it is conventionally secure, plaintext aware, and INT-RUP secure. We next present ANYDAE, a generalization of SUNDAE of Banik et al. (ToSC 2018/3). ANYDAE is a lightweight deterministic scheme that is based on a block cipher with block size n and arbitrary mixing functions that all operate on an n-bit state. It is particularly efficient for short messages, it does not rely on a nonce, and it provides maximal robustness to a lack of secure state. Whereas SUNDAE is not secure under release of unverified plaintext (a fairly simple attack can be mounted in constant time), ANYDAE is. We make handy use of the AERUP security model to prove that ANYDAE achieves both conventional security as RUP security, provided that certain modest conditions on the mixing functions are met. We describe two simple instances, called MONDAE and TUESDAE, that conform to these conditions and that are competitive with SUNDAE, in terms of efficiency and optimality.

Published
2020
Full Text
View/download PDF

7. INT-RUP Secure Lightweight Parallel AE Modes

Author

Avik Chakraborti, Nilanjan Datta, Ashwin Jha, Cuauhtemoc Mancillas-López, Mridul Nandi, and Yu Sasaki

Subjects
OCB, OTR, TweGIFT, Lightweight, INT-RUP, elastic-tweak, Computer engineering. Computer hardware, TK7885-7895
Abstract

Owing to the growing demand for lightweight cryptographic solutions, NIST has initiated a standardization process for lightweight cryptographic algorithms. Specific to authenticated encryption (AE), the NIST draft demands that the scheme should have one primary member that has key length of 128 bits, and it should be secure for at least 250 − 1 byte queries and 2112 computations. Popular (lightweight) modes, such as OCB, OTR, CLOC, SILC, JAMBU, COFB, SAEB, Beetle, SUNDAE etc., require at least 128-bit primitives to meet the NIST criteria, as all of them are just birthday bound secure. Furthermore, most of them are sequential, and they either use a two pass mode or they do not offer any security when the adversary has access to unverified plaintext (RUP model). In this paper, we propose two new designs for lightweight AE modes, called LOCUS and LOTUS, structurally similar to OCB and OTR, respectively. These modes achieve notably higher AE security bounds with lighter primitives (only a 64-bit tweakable block cipher). Especially, they satisfy the NIST requirements: secure as long as the data complexity is less than 264 bytes and time complexity is less than 2128, even when instantiated with a primitive with 64-bit block and 128-bit key. Both these modes are fully parallelizable and provide full integrity security under the RUP model. We use TweGIFT-64[4,16,16,4] (also referred as TweGIFT-64), a tweakable variant of the GIFT block cipher, to instantiate our AE modes. TweGIFT-64-LOCUS and TweGIFT-64-LOTUS are significantly light in hardware implementation. To justify, we provide our FPGA based implementation results, which demonstrate that TweGIFT-64-LOCUS consumes only 257 slices and 690 LUTs, while TweGIFT-64-LOTUS consumes only 255 slices and 664 LUTs.

Published
2020
Full Text
View/download PDF

8. Single Key Variant of PMAC_Plus

Author

Nilanjan Datta, Avijit Dutta, Mridul Nandi, Goutam Paul, and Liting Zhang

Subjects
PMAC, PMAC_Plus, Beyond Birthday, Cover-free, PRF, Sum of PRPs, Computer engineering. Computer hardware, TK7885-7895
Abstract

At CRYPTO 2011, Yasuda proposed the PMAC_Plus message authentication code based on an n-bit block cipher. Its design principle inherits the well known PMAC parallel network with a low additional cost. PMAC_Plus is a rate-1 construction like PMAC (i.e., one block cipher call per n-bit message block) but provides security against all adversaries (under black-box model) making queries altogether consisting of roughly upto 22n/3 blocks (strings of n-bits). Even though PMAC_Plus gives higher security than the standard birthday bound security, with currently available best bound, it provides weaker security than PMAC for certain choices of adversaries. Moreover, unlike PMAC, PMAC_Plus operates with three independent block cipher keys. In this paper, we propose 1k-PMAC_Plus, the first rate-1 single keyed block cipher based BBB (Beyond Birthday Bound) secure (in standard model) deterministic MAC construction without arbitrary field multiplications. 1k-PMAC_Plus, as the name implies, is a simple one-key variant of PMAC_Plus. In addition to the key reduction, we obtain a higher security guarantee than what was proved originally for PMAC_Plus, thus an improvement in two directions.

Published
2017
Full Text
View/download PDF

9. Understanding RUP Integrity of COLM

Author

Nilanjan Datta, Atul Luykx, Bart Mennink, and Mridul Nandi

Subjects
Integrity, Release of unverified plaintext, COLM, COPA, ELmD, ELmE, Computer engineering. Computer hardware, TK7885-7895
Abstract

The authenticated encryption scheme COLM is a third-round candidate in the CAESAR competition. Much like its antecedents COPA, ELmE, and ELmD, COLM consists of two parallelizable encryption layers connected by a linear mixing function. While COPA uses plain XOR mixing, ELmE, ELmD, and COLM use a more involved invertible mixing function. In this work, we investigate the integrity of the COLM structure when unverified plaintext is released, and demonstrate that its security highly depends on the choice of mixing function. Our results are threefold. First, we discuss the practical nonce-respecting forgery by Andreeva et al. (ASIACRYPT 2014) against COPA’s XOR mixing. Then we present a noncemisusing forgery against arbitrary mixing functions with practical time complexity. Finally, by using significantly larger queries, we can extend the previous forgery to be nonce-respecting.

Published
2017
Full Text
View/download PDF

10. Double-block Hash-then-Sum: A Paradigm for Constructing BBB Secure PRF

Author

Nilanjan Datta, Avijit Dutta, Mridul Nandi, and Goutam Paul

Subjects
DbHtS, Beyond Birthday, Cover-free, Block-wise Universal, PRF, Sum of PRP, Computer engineering. Computer hardware, TK7885-7895
Abstract

SUM-ECBC (Yasuda, CT-RSA 2010) is the first beyond birthday bound (BBB) secure block cipher based deterministic MAC. After this work, some more BBB secure deterministic MACs have been proposed, namely PMAC_Plus (Yasuda, CRYPTO 2011), 3kf9 (Zhang et al., ASIACRYPT 2012) and LightMAC_Plus (Naito, ASIACRYPT 2017). In this paper, we have abstracted out the inherent design principle of all these BBB secure MACs and present a generic design paradigm to construct a BBB secure pseudo random function, namely Double-block Hash-then- Sum or in short (DbHtS). A DbHtS construction, as the name implies, computes a double block hash on the message and then sum the encrypted output of the two hash blocks. Our result renders that if the underlying hash function meets certain security requirements (namely cover-free and block-wise universal advantage is low), DbHtS construction provides 2n/3-bit security. We demonstrate the applicability of our result by instantiating all the existing beyond birthday secure deterministic MACs (e.g., SUM-ECBC, PMAC_Plus, 3kf9, LightMAC_Plus) as well as a simple two-keyed variant for each of them and some algebraic hash based constructions.

Published
2018
Full Text
View/download PDF

11. Lightweight and Side-channel Secure 4 × 4 S-Boxes from Cellular Automata Rules

Author

Ashrujit Ghoshal, Rajat Sadhukhan, Sikhar Patranabis, Nilanjan Datta, Stjepan Picek, and Debdeep Mukhopadhyay

Subjects
Lightweight, Block Ciphers, Side-channels, Threshold Implementation, Cellular Automata, Optimal S-Box, Computer engineering. Computer hardware, TK7885-7895
Abstract

This work focuses on side-channel resilient design strategies for symmetrickey cryptographic primitives targeting lightweight applications. In light of NIST’s lightweight cryptography project, design choices for block ciphers must consider not only security against traditional cryptanalysis, but also side-channel security, while adhering to low area and power requirements. In this paper, we explore design strategies for substitution-permutation network (SPN)-based block ciphers that make them amenable to low-cost threshold implementations (TI) - a provably secure strategy against side-channel attacks. The core building blocks for our strategy are cryptographically optimal 4×4 S-Boxes, implemented via repeated iterations of simple cellular automata (CA) rules. We present highly optimized TI circuits for such S-Boxes, that consume nearly 40% less area and power as compared to popular lightweight S-Boxes such as PRESENT and GIFT. We validate our claims via implementation results on ASIC using 180nm technology. We also present a comparison of TI circuits for two popular lightweight linear diffusion layer choices - bit permutations and MixColumns using almost-maximum-distance-separable (almost-MDS) matrices. We finally illustrate design paradigms that combine the aforementioned TI circuits for S-Boxes and diffusion layers to obtain fully side-channel secure SPN block cipher implementations with low area and power requirements.

Published
2018
Full Text
View/download PDF

12. Beetle Family of Lightweight and Secure Authenticated Encryption Ciphers

Author

Avik Chakraborti, Nilanjan Datta, Mridul Nandi, and Kan Yasuda

Subjects
Beetle, sponge, PHOTON, authenticated encryption, lightweight, permutation, Computer engineering. Computer hardware, TK7885-7895, Information technology, T58.5-58.64
Abstract

This paper presents a lightweight, sponge-based authenticated encryption (AE) family called Beetle. When instantiated with the PHOTON permutation from CRYPTO 2011, Beetle achieves the smallest footprint—consuming only a few more than 600 LUTs on FPGA while maintaining 64-bit security. This figure is significantly smaller than all known lightweight AE candidates which consume more than 1,000 LUTs, including the latest COFB-AES from CHES 2017. In order to realize such small hardware implementation, we equip Beetle with an “extremely tight” bound of security. The trick is to use combined feedback to create a difference between the cipher text block and the rate part of the next feedback (in traditional sponge these two values are the same). Then we are able to show that Beetle is provably secure up to min{c − log r, b/2, r} bits, where b is the permutation size and r and c are parameters called rate and capacity, respectively. The tight security bound allows us to select the smallest security parameters, which in turn result in the smallest footprint.

Published
2018
Full Text
View/download PDF

31. ESTATE: A Lightweight and Low Energy Authenticated Encryption Mode

Author

Yu Sasaki, Nilanjan Datta, Mridul Nandi, Ashwin Jha, Avik Chakraborti, and Cuauhtemoc Mancillas-López

Subjects
RUP, Authenticated encryption, lcsh:Computer engineering. Computer hardware, business.industry, Computer science, Applied Mathematics, lcsh:TK7885-7895, tBC, SUNDAE, Computer Science Applications, Computational Mathematics, Mode (computer interface), Low energy, TweGIFT, authenticated encryption, Estate, TweAES, business, lightweight, Software, Computer network
Abstract

NIST has recently initiated a standardization project for efficient lightweight authenticated encryption schemes. SUNDAE, a candidate in this project, achieves optimal state size which results in low circuit overhead on top of the underlying block cipher. In addition, SUNDAE provides security in nonce-misuse scenario as well. However, in addition to the block cipher circuit, SUNDAE also requires some additional circuitry for multiplication by a primitive element. Further, it requires an additional block cipher invocation to create the starting state. In this paper, we propose a new lightweight and low energy authenticated encryption family, called ESTATE, that significantly improves the design of SUNDAE in terms of implementation costs (both hardware area and energy) and efficient processing of short messages. In particular, ESTATE does not require an additional multiplication circuit, and it reduces the number of block cipher calls by one. Moreover, it provides integrity security even under the release of unverified plaintext (or RUP) model. ESTATE is based on short-tweak tweakable block ciphers (or tBC, small ’t’ denotes short tweaks) and we instantiate it with two recently designed tBCs: TweAES and TweGIFT. We also propose a low latency variant of ESTATE, called sESTATE, that uses a round-reduced (6 rounds) variant of TweAES called TweAES-6. We provide comprehensive FPGA based hardware implementation for all the three instances. The implementation results depict that ESTATE_TweGIFT-128 (681 LUTs, 263 slices) consumes much lesser area as compared to SUNDAE_GIFT-128 (931 LUTs, 310 slices). When we moved to the AES variants, along with the area-efficiency (ESTATE_TweAES consumes 1901 LUTs, 602 slices while SUNDAE_AES-128 needs 1922 LUTs, 614 slices), we also achieve higher throughput for short messages (For 16-byte message, a throughput of 1251.10 and 945.36 Mbps for ESTATE_TweAES and SUNDAE_AES-128 respectively)., IACR Transactions on Symmetric Cryptology, Volume 2020, Special Issue 1

Published
2020

32. Release of Unverified Plaintext: Tight Unified Model and Application to ANYDAE

Author

Somitra Kumar Sanadhya, Mridul Nandi, Bart Mennink, Nilanjan Datta, Avijit Dutta, Ferdinand Sibleyras, and Donghoon Chang

Subjects
Authenticated encryption, Computer science, Applied Mathematics, Plaintext, 0102 computer and information sciences, 02 engineering and technology, Adversary, Computer security model, Computer security, computer.software_genre, 01 natural sciences, Computer Science Applications, Computational Mathematics, 010201 computation theory & mathematics, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Secure state, computer, Block size, Software, Block cipher, Cryptographic nonce
Abstract

Authenticated encryption schemes are usually expected to offer confidentiality and authenticity. In case of release of unverified plaintext (RUP), an adversary gets separated access to the decryption and verification functionality, and has more power in breaking the scheme. Andreeva et al. (ASIACRYPT 2014) formalized RUP security using plaintext awareness, informally meaning that the decryption functionality gives no extra power in breaking confidentiality, and INT-RUP security, covering authenticity in case of RUP. We describe a single, unified model, called AERUP security, that ties together these notions: we prove that an authenticated encryption scheme is AERUP secure if and only if it is conventionally secure, plaintext aware, and INT-RUP secure. We next present ANYDAE, a generalization of SUNDAE of Banik et al. (ToSC 2018/3). ANYDAE is a lightweight deterministic scheme that is based on a block cipher with block size n and arbitrary mixing functions that all operate on an n-bit state. It is particularly efficient for short messages, it does not rely on a nonce, and it provides maximal robustness to a lack of secure state. Whereas SUNDAE is not secure under release of unverified plaintext (a fairly simple attack can be mounted in constant time), ANYDAE is. We make handy use of the AERUP security model to prove that ANYDAE achieves both conventional security as RUP security, provided that certain modest conditions on the mixing functions are met. We describe two simple instances, called MONDAE and TUESDAE, that conform to these conditions and that are competitive with SUNDAE, in terms of efficiency and optimality.

Published
2020

33. INT-RUP Secure Lightweight Parallel AE Modes

Author

Ashwin Jha, Yu Sasaki, Avik Chakraborti, Cuauhtemoc Mancillas-López, Mridul Nandi, and Nilanjan Datta

Subjects
OTR, OCB, lcsh:Computer engineering. Computer hardware, Lightweight, business.industry, Computer science, Applied Mathematics, INT, lcsh:TK7885-7895, INT-RUP, Computer Science Applications, Computational Mathematics, Embedded system, TweGIFT, elastic-tweak, Hardware_ARITHMETICANDLOGICSTRUCTURES, business, Software
Abstract

Owing to the growing demand for lightweight cryptographic solutions, NIST has initiated a standardization process for lightweight cryptographic algorithms. Specific to authenticated encryption (AE), the NIST draft demands that the scheme should have one primary member that has key length of 128 bits, and it should be secure for at least 250 − 1 byte queries and 2112 computations. Popular (lightweight) modes, such as OCB, OTR, CLOC, SILC, JAMBU, COFB, SAEB, Beetle, SUNDAE etc., require at least 128-bit primitives to meet the NIST criteria, as all of them are just birthday bound secure. Furthermore, most of them are sequential, and they either use a two pass mode or they do not offer any security when the adversary has access to unverified plaintext (RUP model). In this paper, we propose two new designs for lightweight AE modes, called LOCUS and LOTUS, structurally similar to OCB and OTR, respectively. These modes achieve notably higher AE security bounds with lighter primitives (only a 64-bit tweakable block cipher). Especially, they satisfy the NIST requirements: secure as long as the data complexity is less than 264 bytes and time complexity is less than 2128, even when instantiated with a primitive with 64-bit block and 128-bit key. Both these modes are fully parallelizable and provide full integrity security under the RUP model. We use TweGIFT-64[4,16,16,4] (also referred as TweGIFT-64), a tweakable variant of the GIFT block cipher, to instantiate our AE modes. TweGIFT-64-LOCUS and TweGIFT-64-LOTUS are significantly light in hardware implementation. To justify, we provide our FPGA based implementation results, which demonstrate that TweGIFT-64-LOCUS consumes only 257 slices and 690 LUTs, while TweGIFT-64-LOTUS consumes only 255 slices and 664 LUTs., IACR Transactions on Symmetric Cryptology, Volume 2019, Issue 4

Published
2020

36. Power Efficiency of S-Boxes: From a Machine-Learning-Based Tool to a Deterministic Model

Author

Debdeep Mukhopadhyay, Nilanjan Datta, and Rajat Sadhukhan

Subjects
business.industry, Computer science, Supervised learning, Evolutionary algorithm, Cryptography, 02 engineering and technology, 020202 computer hardware & architecture, Computer engineering, Hardware and Architecture, Logic gate, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Electrical and Electronic Engineering, business, Representation (mathematics), Boolean function, Electrical efficiency, Software, Deterministic system
Abstract

Designing cryptographically good and power-efficient $4\times 4$ S-boxes is a challenging problem in the era of lightweight cryptography. Although the optimal cryptographic properties are easy to determine, verifying the power efficiency of an S-box is nontrivial. The conventional approach of determining the power consumption using commercially available CAD tools is highly time-consuming, which becomes formidable while dealing with a large pool of S-boxes. This mandates the development of automation that should quickly characterize the power efficiency from the Boolean function representation of an S-box. In this paper, we present a supervised machine-learning-assisted automated framework to resolve the problem for $4\times 4$ S-boxes, which turns out to be 14 times faster than the traditional approach. The key idea is to extrapolate the knowledge of literal counts, AND–OR–NOT gate counts in the sum-of-products (SOP) form of the underlying Boolean functions to predict the dynamic power efficiency. We demonstrate the effectiveness of our framework by reporting on a set of power-efficient (involutive) optimal S-boxes from a large set of S-boxes. We also develop a deterministic model using results obtained from supervised learning to predict the dynamic power of an S-box that can be used in an evolutionary algorithm to generate cryptographically good and low-power S-boxes.

Published
2019

37. Postauricular sinus: a case report

Author

Soumick R. Sahoo, Pallavi Nayak, and Nilanjan Datta

Subjects
General Engineering
Abstract

Post auricular sinus is a rare variant of the preauricular sinus in which sinus opening is located posterior to the tragus. Surgical excision of the sinus tract with its branches should be done in cases presenting with recurrent infections. There are 2 approaches unidirectional and bidirectional and the choice of approach depends on the preference of the surgeon. In our case right side post-auricular sinus was noted in a 35-year-old male which was surgically excised by unidirectional approach.

Published
2022

38. SCADFA: Combined SCA+DFA Attacks on Block Ciphers with Practical Validations

Author

Sikhar Patranabis, Nilanjan Datta, Shivam Bhasin, Debdeep Mukhopadhyay, Jakub Breier, and Dirmanto Jap

Subjects
Differential fault analysis, Computer science, 02 engineering and technology, Fault injection, Adversary, 020202 computer hardware & architecture, Theoretical Computer Science, Attack model, Microcontroller, Computational Theory and Mathematics, Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, Algorithm, Software, Block cipher
Abstract

We present the first practically realizable side-channel assisted fault attack on any block-ciphers having bit-permutation with optimal diffusion, that can retrieve the round key efficiently using random nibble faults. The attack demonstrates how side-channel leakage can allow the adversary to precisely determine the fault mask resulting from a nibble fault injection instance. We first demonstrate the viability of such attack model via side-channel analysis experiments on top of a laser-based fault injection setup, targeting a PRESENT-80 and GIFT-128 (two popular block-ciphers based on bit-permutation having optimal diffusion) implementation on an ATmega328P microcontroller. Subsequently, we present a differential fault analysis (DFA) exploiting the knowledge of the output fault mask in the target round to recover multiple last round keys nibbles independently and in parallel. We show that the combined attack can recover the last round key of PRESENT-80 and GIFT-128 with 4 random nibble fault injections in the best case. In the average case, the number of random nibble faults required for PRESENT-80 and GIFT-128 are 9-18 and 6-9 respectively.

Published
2019

39. <tex-math id='M1'>\begin{document}$\textsf{DWCDM+}$\end{document}</tex-math>: A BBB secure nonce based MAC

Author

Kan Yasuda, Nilanjan Datta, Mridul Nandi, and Avijit Dutta

Subjects
Algebra and Number Theory, Computer Networks and Communications, Applied Mathematics, 020206 networking & telecommunications, 0102 computer and information sciences, 02 engineering and technology, 01 natural sciences, Microbiology, Combinatorics, 010201 computation theory & mathematics, ComputingMethodologies_DOCUMENTANDTEXTPROCESSING, 0202 electrical engineering, electronic engineering, information engineering, Discrete Mathematics and Combinatorics, Cryptographic nonce, Mathematics
Abstract

In CRYPTO 2016, Cogliati and Seurin have proposed a nonce-based MAC called Encrypted Wegman-Carter with Davies-Meyer ( \begin{document}$\textsf{EWCDM}$\end{document} ), from an \begin{document}$n$\end{document} -bit block cipher \begin{document}$\textsf{E}$\end{document} and an \begin{document}$n$\end{document} -bit almost xor universal hash function \begin{document}$\textsf{H}$\end{document} as \begin{document}$\textsf{E}_{K_2}\bigl(\textsf{E}_{K_1}(N)\oplus N\oplus \textsf{H}_{K_h}(M)\bigr),$ \end{document} for a nonce \begin{document}$N$\end{document} and a message \begin{document}$M$\end{document} that provides roughly \begin{document}$2n/3$\end{document} -bit MAC security. However, obtaining the similar security using a single block cipher key was posed as an open research problem. In this paper, we present Decrypted Wegman-Carter with Davies-Meyer ( \begin{document}$\textsf{DWCDM+}$\end{document} ) construction based on a single block cipher key that provides \begin{document}$2n/3$\end{document} -bit MAC security from an \begin{document}$n$\end{document} -bit block cipher \begin{document}$\textsf{E}$\end{document} and an \begin{document}$n$\end{document} -bit \begin{document}$k$\end{document} -regular ( \begin{document}$\forall k \leq n$\end{document} ), almost xor universal hash function \begin{document}$\textsf{H}$\end{document} as \begin{document} $ \textsf{E}^{-1}_{K}\bigl(\textsf{E}_{K}(N)\oplus N \oplus \textsf{H}_{K_h}(M)\bigr). $ \end{document} \begin{document}$\textsf{DWCDM+}$\end{document} is structurally very similar to its predecessor \begin{document}$\textsf{EWCDM}$\end{document} except that the facts that (i) the number of block cipher keys reduced from \begin{document}$2$\end{document} to \begin{document}$1$\end{document} and (ⅱ) the outer encryption call is replaced by a decryption one. To make the construction truely single-keyed, here we derive the hash key \begin{document}$K_h$\end{document} as the block cipher output of a fixed string \begin{document}$0^{n-2} \| 10$\end{document} as long as the hash key is of \begin{document}$n$\end{document} bits. We show that if the nonce space is restricted to \begin{document}$(n-1)$\end{document} bits, \begin{document}$\textsf{DWCDM+}$\end{document} is secured roughly up to \begin{document}$2^{2n/3}$\end{document} MAC queries ( \begin{document}$2^{n/2}$\end{document} MAC queries) and \begin{document}$2^n$\end{document} verification queries against nonce respecting (nonce misuse resp.) adversaries.

Published
2019

40. On the optimality of non-linear computations for symmetric key primitives

Author

Mridul Nandi, Avik Chakraborti, and Nilanjan Datta

Subjects
Computer science, Computation, 0102 computer and information sciences, 68p25, 01 natural sciences, 03 medical and health sciences, 0302 clinical medicine, 94a40, 94a62, chunk, QA1-939, Applied mathematics, block-function, business.industry, Applied Mathematics, affine mode, Computer Science Applications, Computational Mathematics, Nonlinear system, Symmetric-key algorithm, 010201 computation theory & mathematics, block-cipher, 030220 oncology & carcinogenesis, ComputingMethodologies_DOCUMENTANDTEXTPROCESSING, business, Mathematics
Abstract

A block is an n-bit string, and a (possibly keyed) block-function is a non-linear mapping that maps one block to another, e.g., a block-cipher. In this paper, we consider various symmetric key primitives with {\ell} block inputs and raise the following question: what is the minimum number of block-function invocations required for a mode to be secure? We begin with encryption modes that generate {\ell^{\prime}} block outputs and show that at least {(\ell+\ell^{\prime}-1)} block-function invocations are necessary to achieve the PRF security. In presence of a nonce, the requirement of block-functions reduces to {\ell^{\prime}} blocks only. If {\ell=\ell^{\prime}} , in order to achieve SPRP security, the mode requires at least {2\ell} many block-function invocations. We next consider length preserving r-block (called chunk) online encryption modes and show that, to achieve online PRP security, each chunk should have at least {2r-1} many and overall at least {2r\ell-1} many block-functions for {\ell} many chunks. Moreover, we show that it can achieve online SPRP security if each chunk contains at least {2r} non-linear block-functions. We next analyze affine MAC modes and show that an integrity-secure affine MAC mode requires at least {\ell} many block-function invocations to process an {\ell} block message. Finally, we consider affine mode authenticated encryption and show that in order to achieve INT-RUP security or integrity security under a nonce-misuse scenario, either (i) the number of non-linear block-functions required to generate the ciphertext is more than {\ell} or (ii) the number of extra non-linear block-functions required to generate the tag depends on {\ell} .

Published
2018

41. From Combined to Hybrid: Making Feedback-based AE even Smaller

Author

Mridul Nandi, Nilanjan Datta, Avik Chakraborti, Snehal Mitragotri, and Ashwin Jha

Subjects
COFB, Computational Mathematics, lcsh:Computer engineering. Computer hardware, Applied Mathematics, lcsh:TK7885-7895, authenticated encryption, feedback functions, lower bound, lightweight, Software, Computer Science Applications, Mathematics
Abstract

In CHES 2017, Chakraborti et al. proposed COFB, a rate-1 sequential block cipher-based authenticated encryption (AE) with only 1.5n-bit state, where n denotes the block size. They used a novel approach, the so-called combined feedback, where each block cipher input has a combined effect of the previous block cipher output and the current plaintext block. In this paper, we first study the security of a general rate-1 feedback-based AE scheme in terms of its overall internal state size. For a large class of feedback functions, we show that the overlying AE scheme can be attacked in 2r queries if the internal state size is n + r bits for some r ≥ 0. This automatically shows that a birthday bound (i.e. 2n/2 queries) secure AE scheme must have at least 1.5n-bit state, whence COFB is almost-optimal (use 1.5n-bit state and provides security up to 2n/2/n queries). We propose a new feedback function, called the hybrid feedback or HyFB, which is a hybrid composition of plaintext and ciphertext feedbacks. HyFB has a key advantage of lower XOR counts over the combined feedback function. This essentially helps in reducing the hardware footprint. Based on HyFB we propose a new AE scheme, called HyENA, that achieves the state size, rate, and security of COFB. In addition, HyENA has significantly lower XOR counts as compared to COFB, whence it is expected to have a smaller implementation as compared to COFB., IACR Transactions on Symmetric Cryptology, Volume 2020, Special Issue 1

Published
2020
Full Text
View/download PDF

42. Button battery: a case of neglected foreign body nose

Author

Soumick Ranjan Sahoo and Nilanjan Datta

Subjects
otorhinolaryngologic diseases
Abstract

Button batteries are amongst the most dangerous foreign bodies which can accidentally be put by the child in their nostril and causes extensive tissue damage. The longer the foreign body is lodged in the nostril the more is the damage which can occur. Such foreign bodies in the nose may immediately be reported or sometimes may be reported later on with complains of unilateral foul-smelling rhinorrhoea. Whatever, may be the case the button battery needs to be immediately removed. In addition to removing the foreign body ENT surgeon needs to manage complications such as necrosis of septum, septal perforation etc. We are reporting a case of button battery in a 5-year-old child which was inserted in the left nostril one and half months back. Patient was posted in OT and button battery removed under general anaesthesia. Complication such as necrosed septum, granulations and septal perforation were noted on nasal endoscopy and were managed conservatively.

Published
2022

44. A Machine Learning Based Approach to Predict Power Efficiency of S-Boxes

Author

Debdeep Mukhopadhyay, Nilanjan Datta, and Rajat Sadhukhan

Subjects
business.industry, Computer science, 020208 electrical & electronic engineering, 02 engineering and technology, Machine learning, computer.software_genre, 020202 computer hardware & architecture, Set (abstract data type), Support vector machine, Dynamic demand, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Overhead (computing), Artificial intelligence, business, Boolean function, Representation (mathematics), computer, Electrical efficiency
Abstract

In the era of lightweight cryptography, designing cryptographically good and power efficient 4 × 4 S-boxes is a widely discussed problem. While the optimal cryptographic properties are easy to verify, it is not very straightforward to verify whether a S-box is power efficient or not. The traditional approach is to explicitly determine the dynamic power consumption using commercially available CAD tools and report accordingly based on a pre-defined threshold value. However, this procedure is highly time consuming, and the overhead becomes formidable while dealing with a set of S-boxes from a large space. This mandates development of an automation tool which should be able to quickly characterize the power efficiency from the Boolean function representation of an S-box. In this paper, we present a supervised machine learning (ML) assisted automated framework to resolve the problem for 4 × 4 S-boxes, which turns out to be approximately 14 times faster (using AND-OR-NOT gates) than the traditional approach. The key idea is to extrapolate the knowledge of the literal counts of various functional forms, AND-OR-NOT gate counts in the simplified SOP form of the underlying Boolean functions corresponding to the S-box to predict the dynamic power efficiency. We demonstrate the effectiveness of our framework by reporting a set of power efficient S-boxes from a large set of 4 × 4 optimal S-boxes. The experimental results and performance of our novel technique depicts its superiority with high efficiency and low time overhead.

Published
2019

45. Encrypt or Decrypt? To Make a Single-Key Beyond Birthday Secure Nonce-Based MAC

Author

Kan Yasuda, Mridul Nandi, Nilanjan Datta, and Avijit Dutta

Subjects
Physics, business.industry, Hash function, 0102 computer and information sciences, 02 engineering and technology, Encryption, 01 natural sciences, Combinatorics, 010201 computation theory & mathematics, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, business, Block cipher, Cryptographic nonce
Abstract

At CRYPTO 2016, Cogliati and Seurin have proposed a highly secure nonce-based MAC called Encrypted Wegman-Carter with Davies-Meyer (\(\textsf {EWCDM}\)) construction, as \(\textsf {E}_{K_2}\bigl (\textsf {E}_{K_1}(N)\oplus N\oplus \textsf {H}_{K_h}(M)\bigr )\) for a nonce N and a message M. This construction achieves roughly \(2^{2n/3}\) bit MAC security with the assumption that \(\textsf {E}\) is a PRP secure n-bit block cipher and \(\textsf {H}\) is an almost xor universal n-bit hash function. In this paper we propose Decrypted Wegman-Carter with Davies-Meyer (\(\textsf {DWCDM}\)) construction, which is structurally very similar to its predecessor \(\textsf {EWCDM}\) except that the outer encryption call is replaced by decryption. The biggest advantage of \(\textsf {DWCDM}\) is that we can make a truly single key MAC: the two block cipher calls can use the same block cipher key \(K=K_1=K_2\). Moreover, we can derive the hash key as \(K_h=\textsf {E}_K(1)\), as long as \(|K_h|=n\). Whether we use encryption or decryption in the outer layer makes a huge difference; using the decryption instead enables us to apply an extended version of the mirror theory by Patarin to the security analysis of the construction. \(\textsf {DWCDM}\) is secure beyond the birthday bound, roughly up to \(2^{2n/3}\) MAC queries and \(2^n\) verification queries against nonce-respecting adversaries. \(\textsf {DWCDM}\) remains secure up to \(2^{n/2}\) MAC queries and \(2^n\) verification queries against nonce-misusing adversaries.

Published
2018

46. Practical Fault Attacks on Minalpher: How to Recover Key with Minimum Faults?

Author

Mridul Nandi, Nilanjan Datta, and Avik Chakraborti

Subjects
Discrete mathematics, Keyspace, geography, geography.geographical_feature_category, Computer science, 010103 numerical & computational mathematics, 02 engineering and technology, State (functional analysis), Fault (geology), Nibble, 01 natural sciences, Permutation, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, 0101 mathematics, Fault model, Cryptographic nonce
Abstract

This work presents two differential fault attacks (or DFA) on Minalpher, a second round CAESAR candidate under practical fault model with as few faults as possible. Minalpher uses a new primitive called tweakable Even-Mansour, based on a permutation-based block-cipher proposed by Even and Mansour and to the best of our knowledge, no practical DFA has yet been reported on it. In the first DFA, only two random faults have been injected on two consecutive 4-bit nibbles (i.e. within total 8 bits) of a specific internal state. We show that (i) if both the faults are injected at the same nibble the key-space for the intermediate key can be reduced significantly from \(2^{256}\) to \(2^{32}\) and (ii) if the faults are injected at different positions, the key-space for the intermediate key can be reduced further to only \(2^{16}\). In the second DFA, we first consider two faults into a single nibble, which reduces the keyspace from \(2^{256}\) to \(2^{48}\). Moreover, we show that one additional fault (i.e. total three faults) helps to reduce the key-space significantly to \(2^{8}\). We can compute the correct intermediate key by observing a few more plain-text, cipher-text pairs, which helps in computing valid cipher-text, tag pairs for any message and associated data under a fixed nonce.

Published
2017

47. The Iterated Random Function Problem

Author

Nicky Mouha, Nilanjan Datta, Mrudil Nandi, Avijit Dutta, and Ritam Bhaumik

Subjects
060201 languages & linguistics, Discrete mathematics, Provable security, Random function, 06 humanities and the arts, 02 engineering and technology, Random permutation, Domain (mathematical analysis), Combinatorics, Pseudorandom function family, Iterated function, Bounded function, 0602 languages and literature, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Special case, Mathematics
Abstract

At CRYPTO 2015, Minaud and Seurin introduced and studied the iterated random permutation problem, which is to distinguish the r-th iterate of a random permutation from a random permutation. In this paper, we study the closely related iterated random function problem, and prove the first almost-tight bound in the adaptive setting. More specifically, we prove that the advantage to distinguish the r-th iterate of a random function from a random function using q queries is bounded by \(O(q^2r(\log r)^3/N)\), where N is the size of the domain. In previous work, the best known bound was \(O(q^2r^2/N)\), obtained as a direct result of interpreting the iterated random function problem as a special case of CBC-MAC based on a random function. For the iterated random function problem, the best known attack has an advantage of \(\varOmega (q^2r/N)\), showing that our security bound is tight up to a factor of \((\log r)^3\).

Published
2017

49. MANAGEMENT OF STHAULYA (OBESITY) THROUGH KUNJAL KRIYA

Author

Nilanjan Datta, Kanchan Chowdhury, and Mangalagowri V. Rao

Subjects
Starvation, Immune defense, medicine.medical_specialty, business.industry, Excess weight, Pharmaceutical Science, Physiology, Disease, medicine.disease, Obesity, Positive energy, Endocrinology, Diabetes mellitus, Internal medicine, Drug Discovery, medicine, medicine.symptom, Metabolic syndrome, business
Abstract

In modern sedentary society, obesity (Sthaulya) is the most hazardous fact or which is the main underlying cause of life threatening disease like Diabetes Mellitus, Atherosclerosis, Cardio vascular disease etc. The accumulation of excess body fat, not simply excess weight that can be muscle or fat , is called obesity. Adipocytes s how an adaptation to starvation, in exercise energetic and in the immune defense against pathogens. Excessive accumulation of adipocyte is the result of sustained positive energy balance in abdomen, leading to chronic inflammation. The highly palatable foo ds with hidden fats and sugar can cause metabolic syndrome and obesity. Ayurveda and Yoga are the collection of principles of life that took birth with the world itself and is not liable to changes at anytime and anywhere. Both Shastras have mentioned puri ficatory processes to maintain healthy life. The purification through Shatkarma (also known as Shatkriya like Dhaut i, Basti, Neti, Tratak, Lauliki and Kapalbhati) is mention ed first in Hath Yoga Pradipika and Kunjal Kriya is one of them. Kunjal is a type o f Antardhauti, also known by the name “Gajakarani”. Kunjal Kriya alleviates the Kapha Dosha and increased Medo Dhatu in obese individuals and controls the Sthaulya.

Published
2013

50. ELmD: A Pipelineable Authenticated Encryption and Its Hardware Implementation

Author

Mridul Nandi, Nilanjan Datta, Cuauhtemoc Mancillas-López, Lilian Bossuet, Laboratoire Hubert Curien [Saint Etienne] (LHC), Institut d'Optique Graduate School (IOGS)-Université Jean Monnet [Saint-Étienne] (UJM)-Centre National de la Recherche Scientifique (CNRS), Indian Statistical Institute [Kolkata], and ANR-13-INSE-0002,TSUNAMY,Gestion logicielle et matérielle de la sécurité des données pour des plateformes manycore(2013)

Subjects
Key Wrap, Authenticated encryption, Plaintext-aware encryption, Computer science, Data_MISCELLANEOUS, Sponge function, 02 engineering and technology, computer.software_genre, Encryption, Disk encryption hardware, Theoretical Computer Science, Multiple encryption, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Filesystem-level encryption, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Authenticated Encryption EME Misuse Resistant Pipeline Implementation, Authentication, business.industry, Client-side encryption, Plaintext, 020202 computer hardware & architecture, Disk encryption theory, Deterministic encryption, Computational Theory and Mathematics, Disk encryption, Hardware and Architecture, Probabilistic encryption, 56-bit encryption, 40-bit encryption, 020201 artificial intelligence & image processing, Attribute-based encryption, Link encryption, On-the-fly encryption, business, computer, Software, Computer hardware, Computer network, Cryptographic nonce
Abstract

International audience; Authenticated encryption schemes which resist misuse of nonce at some desired level of privacy are two-pass or Macthen- Encrypt constructions (inherently inefficient but provide full privacy) and online constructions like McOE, sponge-type authenticated encryptions (such as duplex) and COPA. Only the last one is almost parallelizable except that for associated data processing, the final block-cipher call is sequential (it needs to wait for the encryption of all the previous ones). In this paper, we design a new online secure authenticated encryption, called ELmD or Encrypt-Linear mix-Decrypt, which is completely (two-stage) parallel (even in associated data) and fully pipeline implementable. It also provides full privacy when associated data is not repeated. Like COPA, our construction is based on EME, an Encrypt-Mix-Encrypt type SPRP construction (secure against chosen plaintext and ciphertext). But unlike EME, we have used an online computable efficient linear mixing instead of a non-linear mixing. We have also provided the hardware implementation of the construction and compare the performance with similar constructions like COPA and EME2.

Published
2016

Catalog

Books, media, physical & digital resources
See catalog results