Geração de números verdadeiramente aleatórios baseados em ruído quântico

Quantum Random Number Generators (QRNGs) promise information-theoretic security by exploring the intrinsic probabilistic properties of quantum mechanics. In practice, their security frequently relies on a number of assumptions over physical devices. In this thesis, a randomness generation framework that explores the amplitude quadrature fluctuations of a vacuum state was analyzed. It employs a homodyne measurement scheme, which can be implemented with low-cost components, and shows potential for high performance with remarkable stability. A mathematical description of all necessary stages was provided as security proof, considering the quantization noise introduced by the analog-to-digital converter. The impact of experimental limitations, such as the digitizer resolution or the presence of excess noise due to an unbalanced detection, was characterized. Moreover, we propose a framework to estimate the excess entropy introduced by an unbalanced detection, and its high impact within the Shannon entropy model was experimentally verified. Furthermore, a real-time dedicated QRNG scheme was implemented and validated. The variance characterization curve of the homodyne detector was measured, and the quantum fluctuations were determined to be preponderant for an impinging power PLO < 45.7mW. By estimating the worst-case min-entropy conditioned on the electronic noise, approximately 8.39 true random bits can be extracted from each sample, yielding a maximum generation rate of 8.23 Gbps. With a lengthcompatible Toeplitz-hashing algorithm, these can be extracted at 75 Mbps with an upper security bound of 2−105, which illustrates the quality of this implementation. Moreover, the generation scheme was validated and verified to pass all the statistical tests of the NIST, DieHarder, and TestU01’s SmallCrush batteries, as well as most of TestU01’s Crush evaluations. Finally, we propose a framework for time-interleaving the entropy source within a classical communication channel, which removes the need for a dedicated generation device. After assessing the conditions where quantum noise is dominant, support for generation rates up to 1.3 Gbps was observed. The random bitstream was subjected to the NIST randomness test suite and consistently passed all evaluations. Moreover, a clean quadrature phase shift keying constellation was recovered, which supports the multi-purpose function of the scheme.Geradores quânticos de números aleatórios (QRNGs) prometem sistemas informação-teoricamente seguros explorando as propriedades intrinsecamente probabilísticas da mecânica quântica. No entanto, experimentalmente, um conjunto de pressupostos é tipicamente imposto sobre os dispositivos experimentais. Nesta dissertação, analisou-se uma abordagem para geração de números aleatórios que explora as flutuações de amplitude em quadratura de um estado vácuo. Para tal, recorre-se a um esquema de deteção homodina que permite um elevado desempenho e estabilidade, requerendo apenas dispositivos de baixo custo. Um modelo matemático das diferentes etapas do gerador foi desenvolvido de forma a fornecer uma prova de segurança, e contabilizou-se o ruído de discretização introduzido pelo conversor analógico-digital. Adicionalmente, caracterizou-se o impacto de imperfeições experimentais como a resolução do conversor analógico-digital e a presença de ruído em excesso como consequência de uma deteção não balanceada. Uma abordagem para estimar esta contribuição no modelo de entropia de Shannon foi também proposta e experimentalmente verificada. Adicionalmente, uma implementação em tempo-real foi caracterizada. A curva de caracterização do detetor homodino foi experimentalmente verificada, e uma preponderância de ruído quântico observado para potências óticas inferiores a 45.7mW. Através de uma estimativa da min-entropy condicionada ao ruído eletrónico, aproximadamente 8.39 bits por medição podem ser extraídos, o que corresponde a uma taxa de geração máxima de 8.23 Gbps. Estes podem ser extraídos a uma taxa de 75 Mbps com um parâmetro de segurança de 2−105, ilustrativo da qualidade desta implementação, através de um algoritmo eficiente de multiplicação de matrizes de Toeplitz. Posteriormente, o esquema foi validado, passando todos os testes estatísticos das baterias NIST, DieHarder, e SmallCrush, assim como a maioria das avaliações contidas na bateria Crush. Por último, foi proposta uma abordagem para integrar esta fonte de entropia num canal de comunicação clássico, removendo desta forma a necessidade de uma implementação dedicada. Após avaliação das condições de preponderância do ruído quântico, foram observadas taxas de geração até 1.3 Gbps. Os números obtidos foram também submetidos à bateria de testes do NIST, passando consistentemente todas as avaliações. Adicionalmente, a constelação de modulação de amplitude em quadratura obtida viabiliza a operação multifuncional do sistema.Mestrado em Engenharia Físic

OpenFHE: Open-Source Fully Homomorphic Encryption Library

Fully Homomorphic Encryption (FHE) is a powerful cryptographic primitive that enables performing computations over encrypted data without having access to the secret key. We introduce OpenFHE, a new open-source FHE software library that incorporates selected design ideas from prior FHE projects, such as PALISADE, HElib, and HEAAN, and includes several new design concepts and ideas. The main new design features can be summarized as follows: (1) we assume from the very beginning that all implemented FHE schemes will support bootstrapping and scheme switching; (2) OpenFHE supports multiple hardware acceleration backends using a standard Hardware Abstraction Layer (HAL); (3) OpenFHE includes both user-friendly modes, where all maintenance operations, such as modulus switching, key switching, and bootstrapping, are automatically invoked by the library, and compiler-friendly modes, where an external compiler makes these decisions. This paper focuses on high-level description of OpenFHE design, and the reader is pointed to external OpenFHE references for a more detailed/technical description of the software library

CiFHER: A Chiplet-Based FHE Accelerator with a Resizable Structure

Fully homomorphic encryption (FHE) is in the spotlight as a definitive solution for privacy, but the high computational overhead of FHE poses a challenge to its practical adoption. Although prior studies have attempted to design ASIC accelerators to mitigate the overhead, their designs require excessive amounts of chip resources (e.g., areas) to contain and process massive data for FHE operations. We propose CiFHER, a chiplet-based FHE accelerator with a resizable structure, to tackle the challenge with a cost-effective multi-chip module (MCM) design. First, we devise a flexible architecture of a chiplet core whose configuration can be adjusted to conform to the global organization of chiplets and design constraints. The distinctive feature of our core is a recomposable functional unit providing varying computational throughput for number-theoretic transform (NTT), the most dominant function in FHE. Then, we establish generalized data mapping methodologies to minimize the network overhead when organizing the chips into the MCM package in a tiled manner, which becomes a significant bottleneck due to the technology constraints of MCMs. Also, we analyze the effectiveness of various algorithms, including a novel limb duplication algorithm, on the MCM architecture. A detailed evaluation shows that a CiFHER package composed of 4 to 64 compact chiplets provides performance comparable to state-of-the-art monolithic ASIC FHE accelerators with significantly lower package-wide power consumption while reducing the area of a single core to as small as 4.28mm$^2$.Comment: 15 pages, 9 figure

The Quality of the New Generator Sequence Improvent to Spread the Color System’s Image Transmission

This paper shows a new technic applicable for the digital devices that are the result of the finite’s effect precision in the chaotic dynamics used in the coupled technic and the chaotic map’s perturbation technics used for the generation of a Pseudo-Random Number Generator (PRNGs).The use of the pseudo- chaotic sequences coupled to the orbit perturbation method in the chaotic logistic map and the NewPiece-Wise Linear Chaotic Map (NPWLCM). The pseudo random number generator’s originality proposed from the perturbation of the chaotic recurrence. Furthermore the outputs of the binary sequences with NPWLCM are reconstructed conventionally with the Bernoulli’s sequences shifts map to change the shapes with the bitwise permetation then the results in simulation are shown in progress.After being perturbed, the chaotic system can generate the chaotic binary sequences in uniform distribution and the statistical properties invulnerable analysis. This generator also has many advantages in the possible useful applications of spread spectrum digitalimages, such as sensitive secret keys, random uniform distribution of pixels in Crypto system in secure and synchronize communication

RISE: RISC-V SoC for En/decryption Acceleration on the Edge for Homomorphic Encryption

Today edge devices commonly connect to the cloud to use its storage and compute capabilities. This leads to security and privacy concerns about user data. Homomorphic Encryption (HE) is a promising solution to address the data privacy problem as it allows arbitrarily complex computations on encrypted data without ever needing to decrypt it. While there has been a lot of work on accelerating HE computations in the cloud, little attention has been paid to the message-to-ciphertext and ciphertext-to-message conversion operations on the edge. In this work, we profile the edge-side conversion operations, and our analysis shows that during conversion error sampling, encryption, and decryption operations are the bottlenecks. To overcome these bottlenecks, we present RISE, an area and energy-efficient RISC-V SoC. RISE leverages an efficient and lightweight pseudo-random number generator core and combines it with fast sampling techniques to accelerate the error sampling operations. To accelerate the encryption and decryption operations, RISE uses scalable, data-level parallelism to implement the number theoretic transform operation, the main bottleneck within the encryption and decryption operations. In addition, RISE saves area by implementing a unified en/decryption datapath, and efficiently exploits techniques like memory reuse and data reordering to utilize a minimal amount of on-chip memory. We evaluate RISE using a complete RTL design containing a RISC-V processor interfaced with our accelerator. Our analysis reveals that for message-to-ciphertext conversion and ciphertext-to-message conversion, using RISE leads up to 6191.19X and 2481.44X more energy-efficient solution, respectively, than when using just the RISC-V processor

On designing hardware accelerator-based systems: interfaces, taxes and benefits

Complementary Metal Oxide Semiconductor (CMOS) Technology scaling has slowed down. One promising approach to sustain the historic performance improvement of computing systems is to utilize hardware accelerators. Today, many commercial computing systems integrate one or more accelerators, with each accelerator optimized to efficiently execute specific tasks. Over the years, there has been a substantial amount of research on designing hardware accelerators for machine learning (ML) training and inference tasks. Hardware accelerators are also widely employed to accelerate data privacy and security algorithms. In particular, there is currently a growing interest in the use of hardware accelerators for accelerating homomorphic encryption (HE) based privacy-preserving computing. While the use of hardware accelerators is promising, a realistic end-to-end evaluation of an accelerator when integrated into the full system often reveals that the benefits of an accelerator are not always as expected. Simply assessing the performance of the accelerated portion of an application, such as the inference kernel in ML applications, during performance analysis can be misleading. When designing an accelerator-based system, it is critical to evaluate the system as a whole and account for all the accelerator taxes. In the first part of our research, we highlight the need for a holistic, end-to-end analysis of workloads using ML and HE applications. Our evaluation of an ML application for a database management system (DBMS) shows that the benefits of offloading ML inference to accelerators depend on several factors, including backend hardware, model complexity, data size, and the level of integration between the ML inference pipeline and the DBMS. We also found that the end-to-end performance improvement is bottlenecked by data retrieval and pre-processing, as well as inference. Additionally, our evaluation of an HE video encryption application shows that while HE client-side operations, i.e., message-to- ciphertext and ciphertext-to-message conversion operations, are bottlenecked by number theoretic transform (NTT) operations, accelerating NTT in hardware alone is not sufficient to get enough application throughput (frame rate per second) improvement. We need to address all bottlenecks such as error sampling, encryption, and decryption in message-to-ciphertext and ciphertext-to-message conversion pipeline. In the second part of our research, we address the lack of a scalable evaluation infrastructure for building and evaluating accelerator-based systems. To solve this problem, we propose a robust and scalable software-hardware framework for accelerator evaluation, which uses an open-source RISC-V based System-on-Chip (SoC) design called BlackParrot. This framework can be utilized by accelerator designers and system architects to perform an end-to-end performance analysis of coherent and non-coherent accelerators while carefully accounting for the interaction between the accelerator and the rest of the system. In the third part of our research, we present RISE, which is a full RISC-V SoC designed to efficiently perform message-to-ciphertext and ciphertext-to-message conversion operations. RISE comprises of a BlackParrot core and an efficient custom-designed accelerator tailored to accelerate end-to-end message-to-ciphertext and ciphertext-to-message conversion operations. Our RTL-based evaluation demonstrates that RISE improves the throughput of the video encryption application by 10x-27x for different frame resolutions

Valuation of Multiple Exercise Options

Multiple exercise options may be considered as generalizations of American-style options as they provide the holder more than one exercise right. Examples of financial derivatives and real options with these properties have become more prevalent over the past decade and appear in sectors ranging from insurance to energy industries. Throughout the thesis particular attention is paid to swing options although we note that the methods described are equally applicable to other types of multiple exercise options. This thesis presents two novel methods for pricing multiple exercise option by simulation; the forest of stochastic trees and the forest of stochastic meshes. The proposed methods are of particular use in cases where there are potentially a large number (3 or more) of assets underlying the contract and/or if a number of risk factors are desirable for modelling the underlying price process. These valuation methods result in positively- and negatively-biased estimators for the true option value. We prove the sign of the estimator bias and show that these estimators are consistent for the true option value. A confidence interval for the true option value is easily constructed. Examples confirm that the implementation of these methods is correct and consistent with the theoretical properties of the estimators. This thesis also explores in detail a number of methods meant to enhance the effectiveness of the proposed simulation methods. These include using high performance computing techniques which include both parallel computing techniques on CPU-clusters and General purpose Graphics Processing Units (GPGPU) that take advantage of relatively inexpensive processors. Additionally we explore bias-corrected estimators for the option values which attempt to estimate the bias introduced at each time step by the estimator and then subtract this result. These improvements are desirable due to the computationally intensive nature of both methods

데이터사이언스를 위한 확률과 통계

이 노트는 본저자가 2020넌 가을학기 서울대학교 데이터사이언스대학원에서 강의한 ‘데이터사이언스를 위한 확률과 통계(Probability and Statistics for Data Science)’ 과목의 강의 슬라이드를 모아서 출간한 것이

General Purpose Programming on Modern Graphics Hardware

I start with a brief introduction to the graphics processing unit (GPU) as well as general-purpose computation on modern graphics hardware (GPGPU). Next, I explore the motivations for GPGPU programming, and the capabilities of modern GPUs (including advantages and disadvantages). Also, I give the background required for further exploring GPU programming, including the terminology used and the resources available. Finally, I include a comprehensive survey of previous and current GPGPU work, and end with a look at the future of GPU programming