Encrypted statistical machine learning: new privacy preserving methods

We present two new statistical machine learning methods designed to learn on fully homomorphic encrypted (FHE) data. The introduction of FHE schemes following Gentry (2009) opens up the prospect of privacy preserving statistical machine learning analysis and modelling of encrypted data without compromising security constraints. We propose tailored algorithms for applying extremely random forests, involving a new cryptographic stochastic fraction estimator, and na\"{i}ve Bayes, involving a semi-parametric model for the class decision boundary, and show how they can be used to learn and predict from encrypted data. We demonstrate that these techniques perform competitively on a variety of classification data sets and provide detailed information about the computational practicalities of these and other FHE methods.Comment: 39 page

Design and Implementation of General Hardware Binary Multiplier (2nx 2n) Bits

In this paper, a new general 2n x 2n bits hardware multiplier based on combinatorial has been designed, implemented and analysed. First, a new design for circuit to multiply two binary numbers with 2n bits length, this new design starts with basic 2x2 bits circuit multiplier, n here equal to 1. Then based on this circuit, the 4x4 bits circuit multiplier has been designed. And based on 4x4, the 8x8 bits multiplier has been designed and continually the 16x16 bits multiplier. The final design for general 2nx2n bits multiplier has been presented. All these circuits have been mathematically proved and tested to get the final results

Practical Trade-Offs for the Prefix-Sum Problem

Given an integer array A, the prefix-sum problem is to answer sum(i) queries that return the sum of the elements in A[0..i], knowing that the integers in A can be changed. It is a classic problem in data structure design with a wide range of applications in computing from coding to databases. In this work, we propose and compare several and practical solutions to this problem, showing that new trade-offs between the performance of queries and updates can be achieved on modern hardware.Comment: Accepted by "Software: Practice and Experience", 202

A Solder-Defined Computer Architecture for Backdoor and Malware Resistance

This research is about securing control of those devices we most depend on for integrity and confidentiality. An emerging concern is that complex integrated circuits may be subject to exploitable defects or backdoors, and measures for inspection and audit of these chips are neither supported nor scalable. One approach for providing a “supply chain firewall” may be to forgo such components, and instead to build central processing units (CPUs) and other complex logic from simple, generic parts. This work investigates the capability and speed ceiling when open-source hardware methodologies are fused with maker-scale assembly tools and visible-scale final inspection. The author has designed, and demonstrated in simulation, a 36-bit CPU and protected memory subsystem that use only synchronous static random access memory (SRAM) and trivial glue logic integrated circuits as components. The design presently lacks preemptive multitasking, ability to load firmware into the SRAMs used as logic elements, and input/output. Strategies are presented for adding these missing subsystems, again using only SRAM and trivial glue logic. A load-store architecture is employed with four clock cycles per instruction. Simulations indicate that a clock speed of at least 64 MHz is probable, corresponding to 16 million instructions per second (16 MIPS), despite the architecture containing no microprocessors, field programmable gate arrays, programmable logic devices, application specific integrated circuits, or other purchased complex logic. The lower speed, larger size, higher power consumption, and higher cost of an “SRAM minicomputer,” compared to traditional microcontrollers, may be offset by the fully open architecture—hardware and firmware—along with more rigorous user control, reliability, transparency, and auditability of the system. SRAM logic is also particularly well suited for building arithmetic logic units, and can implement complex operations such as population count, a hash function for associative arrays, or a pseudorandom number generator with good statistical properties in as few as eight clock cycles per 36-bit word processed. 36-bit unsigned multiplication can be implemented in software in 47 instructions or fewer (188 clock cycles). A general theory is developed for fast SRAM parallel multipliers should they be needed

Digital analysis and simulation of nonstationary service loads

This study addresses the growing need for appropriate methods of analysis and simulation of service loads. Specifically, the study attempts to provide a method for analyzing nonstationary service loads that uses available tools of analysis, requires a modest computational facility, and reduces the results to a few parameters. The study also addresses the problem of finding a simulation method that uses these analysis parameters to provide a reproducable service load;A new presentation of the state of art of the methods of analysis and simulation of service loads is given;A nonstationary model is presented that represents the nonstationary process as a composition of two different stationary processes. These stationary processes are assembled according to a probabilistic model (generalized Poisson process) to form the nonstationary process. The idea of parameterizing the description of service loads is presented;In the analysis phase, the method of segmenting the nonstationary sequence and a statistic that estimates each segment population are used to obtain power spectrum estimates of the stationary populations which constitute the nonstationary signal. The method of smoothed periodograms was used as the computational technique of power spectrum estimation. Two different population estimators were used. A method for estimating the statistical parameters of the generalized Poisson process is given. Finally, the coefficients of two fourth order digital filters were used to describe the power spectra of the stationary processes;In the simulation phase of the proposed method, software and hardware methods are presented to generate a white random sequence of numbers, generate the generalized Poisson process, shape the white sequence into a sequence with the required power spectra and finally generate the nonstationary sequence;The proposed method of analysis and simulation of service loads was applied to a typical analog record and a typical digitized sequence of data;The proposed method is seen to be successful in providing a practical way of analyzing a nonstationary signal, presenting the analysis results in terms of few parameters, and generating a nonstationary sequence at a fast sampling rate that can be used by engineers for fatigue life prediction programs or fatigue life testing of components and structures

3D CNN methods in biomedical image segmentation

A definite trend in Biomedical Imaging is the one towards the integration of increasingly complex interpretative layers to the pure data acquisition process. One of the most interesting and looked-forward goals in the field is the automatic segmentation of objects of interest in extensive acquisition data, target that would allow Biomedical Imaging to look beyond its use as a purely assistive tool to become a cornerstone in ambitious large-scale challenges like the extensive quantitative study of the Human Brain. In 2019 Convolutional Neural Networks represent the state of the art in Biomedical Image segmentation and scientific interests from a variety of fields, spacing from automotive to natural resource exploration, converge to their development. While most of the applications of CNNs are focused on single-image segmentation, biomedical image data -being it MRI, CT-scans, Microscopy, etc- often benefits from three-dimensional volumetric expression. This work explores a reformulation of the CNN segmentation problem that is native to the 3D nature of the data, with particular interest to the applications to Fluorescence Microscopy volumetric data produced at the European Laboratories for Nonlinear Spectroscopy in the context of two different large international human brain study projects: the Human Brain Project and the White House BRAIN Initiative

Digit-slicing architectures for real-time digital filters

One of the many important algorithmic techniques in digital signal processing is real-time digital filtering. Modular sliced structures for digital filters have been proposed before, but the nature of implementation has been mainly constrained to non-recursive second order digital filters with positive values of coefficients. The aim of this research project is to extend this modular digit slicing concept to more practical higher order digital filters which are recursive and are of many forms (direct, nondirect, canonic, non-canonic). [Continues.

Curves, codes, and cryptography

This thesis deals with two topics: elliptic-curve cryptography and code-based cryptography. In 2007 elliptic-curve cryptography received a boost from the introduction of a new way of representing elliptic curves. Edwards, generalizing an example from Euler and Gauss, presented an addition law for the curves x2 + y2 = c2(1 + x2y2) over non-binary fields. Edwards showed that every elliptic curve can be expressed in this form as long as the underlying field is algebraically closed. Bernstein and Lange found fast explicit formulas for addition and doubling in coordinates (X : Y : Z) representing (x, y) = (X/Z, Y/Z) on these curves, and showed that these explicit formulas save time in elliptic-curve cryptography. It is easy to see that all of these curves are isomorphic to curves x2 + y2 = 1 + dx2y2 which now are called "Edwards curves" and whose shape covers considerably more elliptic curves over a finite field than x2 + y2 = c2(1 + x2y2). In this thesis the Edwards addition law is generalized to cover all curves ax2 +y2 = 1+dx2y2 which now are called "twisted Edwards curves." The fast explicit formulas for addition and doubling presented here are almost as fast in the general case as they are for the special case a = 1. This generalization brings the speed of the Edwards addition law to every Montgomery curve. Tripling formulas for Edwards curves can be used for double-base scalar multiplication where a multiple of a point is computed using a series of additions, doublings, and triplings. The use of double-base chains for elliptic-curve scalar multiplication for elliptic curves in various shapes is investigated in this thesis. It turns out that not only are Edwards curves among the fastest curve shapes, but also that the speed of doublings on Edwards curves renders double bases obsolete for this curve shape. Elliptic curves in Edwards form and twisted Edwards form can be used to speed up the Elliptic-Curve Method for integer factorization (ECM). We show how to construct elliptic curves in Edwards form and twisted Edwards form with large torsion groups which are used by the EECM-MPFQ implementation of ECM. Code-based cryptography was invented by McEliece in 1978. The McEliece public-key cryptosystem uses as public key a hidden Goppa code over a finite field. Encryption in McEliece’s system is remarkably fast (a matrix-vector multiplication). This system is rarely used in implementations. The main complaint is that the public key is too large. The McEliece cryptosystem recently regained attention with the advent of post-quantum cryptography, a new field in cryptography which deals with public-key systems without (known) vulnerabilities to attacks by quantum computers. The McEliece cryptosystem is one of them. In this thesis we underline the strength of the McEliece cryptosystem by improving attacks against it and by coming up with smaller-key variants. McEliece proposed to use binary Goppa codes. For these codes the most effective attacks rely on information-set decoding. In this thesis we present an attack developed together with Daniel J. Bernstein and Tanja Lange which uses and improves Stern’s idea of collision decoding. This attack is faster by a factor of more than 150 than previous attacks, bringing it within reach of a moderate computer cluster. We were able to extract a plaintext from a ciphertext by decoding 50 errors in a [1024, 524] binary code. The attack should not be interpreted as destroying the McEliece cryptosystem. However, the attack demonstrates that the original parameters were chosen too small. Building on this work the collision-decoding algorithm is generalized in two directions. First, we generalize the improved collision-decoding algorithm for codes over arbitrary fields and give a precise analysis of the running time. We use the analysis to propose parameters for the McEliece cryptosystem with Goppa codes over fields such as F31. Second, collision decoding is generalized to ball-collision decoding in the case of binary linear codes. Ball-collision decoding is asymptotically faster than any previous attack against the McEliece cryptosystem. Another way to strengthen the system is to use codes with a larger error-correction capability. This thesis presents "wild Goppa codes" which contain the classical binary Goppa codes as a special case. We explain how to encrypt and decrypt messages in the McEliece cryptosystem when using wild Goppa codes. The size of the public key can be reduced by using wild Goppa codes over moderate fields which is explained by evaluating the security of the "Wild McEliece" cryptosystem against our generalized collision attack for codes over finite fields. Code-based cryptography not only deals with public-key cryptography: a code-based hash function "FSB"was submitted to NIST’s SHA-3 competition, a competition to establish a new standard for cryptographic hashing. Wagner’s generalized birthday attack is a generic attack which can be used to find collisions in the compression function of FSB. However, applying Wagner’s algorithm is a challenge in storage-restricted environments. The FSBday project showed how to successfully mount the generalized birthday attack on 8 nodes of the Coding and Cryptography Computer Cluster (CCCC) at Technische Universiteit Eindhoven to find collisions in the toy version FSB48 which is contained in the submission to NIST

Design and Implementation of Hardware Accelerators for Neural Processing Applications

Primary motivation for this work was the need to implement hardware accelerators for a newly proposed ANN structure called Auto Resonance Network (ARN) for robotic motion planning. ARN is an approximating feed-forward hierarchical and explainable network. It can be used in various AI applications but the application base was small. Therefore, the objective of the research was twofold: to develop a new application using ARN and to implement a hardware accelerator for ARN. As per the suggestions given by the Doctoral Committee, an image recognition system using ARN has been implemented. An accuracy of around 94% was achieved with only 2 layers of ARN. The network also required a small training data set of about 500 images. Publicly available MNIST dataset was used for this experiment. All the coding was done in Python. Massive parallelism seen in ANNs presents several challenges to CPU design. For a given functionality, e.g., multiplication, several copies of serial modules can be realized within the same area as a parallel module. Advantage of using serial modules compared to parallel modules under area constraints has been discussed. One of the module often useful in ANNs is a multi-operand addition. One problem in its implementation is that the estimation of carry bits when the number of operands changes. A theorem to calculate exact number of carry bits required for a multi-operand addition has been presented in the thesis which alleviates this problem. The main advantage of the modular approach to multi-operand addition is the possibility of pipelined addition with low reconfiguration overhead. This results in overall increase in throughput for large number of additions, typically seen in several DNN configurations