In the following link,
http://www.z80.info/z80syntx.htm#DAA
I got confused over the condition for setting H flag. The description says to look at the table but unlike C where there is the column C after DAA, for H there is only H before DAA...
So, how should H be updated after DAA? Thanks for the help!! Appreciate it! :)
Sean Young's document (PDF; Page 18) provides the exact circumstances. In short, if you added then H is set exactly when you end up with a result greater than 9 in the low nibble. If you subtracted then H is set exactly when it was set prior to the operation and the result in the low nibble is less than 6.
Related
I am learning to utilize flush+reload method to get private key of RSA.
I read related papers
flush+reload and found its open source code (flush+reloa flush+reloa).
And I experimented according to the tutorial.
I am very grateful for these open source codes.
But with these open source codes, I always have a very confusing question. It's just that they don't introduce what the correct result looks like (if I know the correct result, I can reproduce them faster, and better observe the impact of the paper's idea on the experiment).
For example, the experiment of Flush+Reload on RSA. The bottom image presents an optimized RSA implementation, known as CRT-RSA.
According to the introduction of the paper, as long as the Square-Reduce-Multiply in the encryption process is detected, the private key can also be restored.
The paper states:
Square-Reduce-Multiply-Reduce indicate a set bit. Sequences of
Square-Reduce which are not followed by Multiply indicate a clear bit.
But according to the previous description this seems to restore dp and dq. Because the above code is calculating mp = c^dp mod p and mq = c^dq mod q.
The paper states:
Hence, knowing dp (and, symmetrically, dq) is sufficient for factoring
n and breaking the encryption
By reading the paper and source code, I found that he always checks whether the following three cache lines are used when decrypting.
probe 0x080f7607 S #mpih-mul.c:270 (First cache line in mpih_sqr_n())
probe 0x080f6c45 r #mpih-div.c:329 (Loop in default case in mpihelp_divrem())
probe 0x080f6fa8 M #mpih-mul.c:121 (First cache line of mul_n())
After that, the author directly gave the bit error rate.
This feels suspicious. I measured the access latency of the three cache lines above during decryption. And restore them to 01 bits according to the following introduction.
Square-Reduce-Multiply-Reduce indicate a set bit. Sequences of
Square-Reduce which are not followed by Multiply indicate a clear bit.
How can I calculate the bit error rate? Does this restore dp or dq? or something else?
How to get the correct dp and dq for comparison?
Thanks!
What they leak
I don't know which example specifically you are talking about.
If you clarify this (e.g., by adding a link) I may be able to edit this and provide a better answer.
When attacking RSA, it is usually assumed that N and e (the public modulus and exponent) are known.
To break RSA, we need to recover the private exponent d.
However, there are multiple ways to reconstruct d:
Since N = p * q, leaking either p or q will trivially recover p = N / q (or q = N / p respectively).
Knowing p and q, we can calculate d = e^(-1) mod phi(N) (where phi(N) = (p-1) * (q-1)).
Of course, leaking d itself will also suffice.
To break CRT-RSA, leaking either dq or dp can be used to calculate one of the primes p or q, thus recovering d.
Bit Error Rate
To get the bit error rate, you have to know the correct result, then you calculate it the following way:
number of incorrectly leaked bits / total bits of the secret
For example, if I leak the bits 10001, but the correct key is 10101, the bit error rate is:
1 / 5 = 20%
Since one of the leaked bits is incorrect.
I've been searching the web for over an hour. I cannot find help on this one.
Instructions: Make a list called possible_ms that goes from -10 to 10 inclusive, in increments of 0.1.
When I create the list and try to iterate over it by increments of .1, I get: TypeError: 'float' object cannot be interpreted as an integer.
So then, I make all the integers floats, still does not work.
Finally, after over an hour, I click to show the solution. It also does not make sense.
Solution: possible_ms = [m * 0.1 for m in range(-100, 101)]
Can someone please explain this logic to me? Is it when you multiply the .1 times 91, you get 9.1? So maybe with the .1 multiplier through a range of -100 to 100, it reduces it to -10 to 10 and allows the .1 to go through it? Yes? No?
The solution you explain is perfect Shaun :). I will give you my review and hope it helps
Array creation through list comprehension is cool but you don't want to achieve cool in programming, you want to achieve readability and good practices (again, I emphasise that it is perfectly valid) (this is not only my opinion, it is stated on the Introduction to Computation and Programming Using Python, MIT book page 64 under the title "List comprehension"). Maybe if you see it in regular notation you may understand it better
for m in range (-100, 101):
print(m*0.1)
As you explained in your solution you have to iterate form -10 to 10 in steps of 0.1. Iterating in floats steps on python is not possible. That is why the solution extends the range to -100, 100 and multiply it by 0.1 to allow it to travel the way it is asked. You were right in your explanation. Hope it helped and learned something else about good practices and readability (always remember that your code is not only coded for a solution, but also for other programmers that are going to work with it), if you have any other doubt, don't hesitate to ask it :)
My class is using Nasm assembly and I was trying to figure out different ways to shift, we know the instructions shr/sar, shl/sal, ror, rcr, rol, rcl. But would I shift right and set the leftmost bit to whatever I want.
For example:
I have 11010011, and shifting right would produce _1101001 cf=1,
is there a shift in which I can carry in a number to the leftmost bit?
Thanks!
edit:
My only thoughts are using bit-wise operations and if the leftmost bit isn't what I want I can flip it using the not operator.
For example the number ends up as 1 1101001 and I wanted 0 1101001,
1 1101001 & 01101001 = 01101001
or,
0 1101001 | 11101001 = 11101001
The easiest way would be to simply set the bit to what you want using AND or OR operations.
If you want the high bit set to 1, use input OR 1000000.
If you want it set to 0, use input AND 01111111.
The remaining bits will be unchanged.
Could you help me please to find a complement of a language, which ends with abab - (a|b)*abab (over an alphabet {a,b})
I guess, the complement must contain all string, that don't end with abab.
One can try to do it with Rij-Algorithm after building a DFA for complement of (a|b)*abab, but pleaseee, help me to understand how it works without Automaton and Rij (because that Automaton has 5 states).
Ok, the words are not allowed to end with abab. There are 24 ways for four letters of a's and b's at the end. Okay, abab must be erased so there are 15 combinations. Does it mean, that the complement-language is (a|b)*.(union of all those combinations of a's and b's without abab)? But does (a|b) still stay the same at the beginning?
Help me please to understand this.
Maybe I quiet don't understand you, but isn't it much simplier. I'e (a|b)*(a|bb|aab|bbab) or event (a|b)*(a|(b|(a|bb)a)b)?
P.S. Don't forget that there is words shorter than abab and all of them should be included too. I.e. (a|b){0,3} (where {0,3} denotes amount of repeats [0; 3])
I came across this statement as code, on a programming puzzle web site.
(i. >./) (0 >. +)/#:|.\ a
Wondering, what language has these type of syntax?
That's probably the J programming language. For example, here's a page that mentions the (i. >./) idiom
(I wanted to say Perl as a joke ;)
K has some really weird syntax. Also, on the list are APL, R and some other weird languages, which are pretty powerful for their purposes, and in some cases, use their own character set.
My guess would be that this is closer to K than anything else.
APL had that sort of syntax. Not that exact syntax but near the same level of readability. Did the web site not offer a clue?
Forth, as well, had similar syntax (R> . .#) but it still tended to have spaces between words, unlike your sample.
Update:
Actually, it does look like APL or a variant thereof. See this link here for the line:
(i. >./) z NB. Hook. Linear index of pivot
The comments at the top of that file:
NB. AMENDMENT: "A Change for the Better"
NB. Vector, vol. 9, No. 3 (January 1993) p.134-140. Used J Version 5
NB. x i} m Amend was amended in Version 4 and further amended
NB. in J Release 2
NB. Executes with J Release 2.05, March 1995
so it's the J variant of APL. See here if you want to enhance your migraines.
Perfectly valid c++ code. Just give me a couple of #define directives, and this cryptic code will print a "Mary has a little lamb"...
Just kidding, but why not? Preprocessor may translate almost anything into a valid code...