Chosen-ciphertext security from subset sum

We construct a public-key encryption (PKE) scheme whose security is polynomial-time equivalent to the hardness of the Subset Sum problem. Our scheme achieves the standard notion of indistinguishability against chosen-ciphertext attacks (IND-CCA) and can be used to encrypt messages of arbitrary polynomial length, improving upon a previous construction by Lyubashevsky, Palacio, and Segev (TCC 2010) which achieved only the weaker notion of semantic security (IND-CPA) and whose concrete security decreases with the length of the message being encrypted. At the core of our construction is a trapdoor technique which originates in the work of Micciancio and Peikert (Eurocrypt 2012

Too good to be true: pitfalls of usingmean Ellenberg indicator values in vegetation analyses

Question: Mean Ellenberg indicator values (EIVs) inherit information about compositional similarity, because during their calculation species abundances (or presence–absences) are used as weights. Can this similarity issue actually be demonstrated, does it bias results of vegetation analyses correlating mean EIVs with other aspects of species composition and how often are biased studies published? Methods: In order to separate information on compositional similarity possibly present in mean EIVs, a new variable was introduced, calculated as a weighted average of randomized species EIVs. The performance of these mean randomized EIVs was compared with that of the mean real EIVs on the one hand and random values (randomized mean EIVs) on the other. To demonstrate the similarity issue, differences between samples were correlated with dissimilarity matrices based on various indices. Next, the three mean EIV variables were tested in canonical correspondence analysis (CCA), detrended correspondence analysis (DCA), analysis of variance (ANOVA) between vegetation clusters, and in regression on species richness. Subsequently, a modified permutation test of significance was proposed, taking the similarity issue into account. In addition, an inventory was made of studies published in the Journal of Vegetation Science and Applied Vegetation Science between 2000 and 2010 likely reporting biased results due to the similarity issue. Results: Using mean randomized EIVs, it is shown that compositional similarity is inherited into mean EIVs and most resembles the inter-sample distances in correspondence analysis, which itself is based on iterative weighted averaging. The use of mean EIVs produced biased results in all four analysis types examined: unrealistic (too high) explained variances in CCA, too many significant correlations with ordination axes in DCA, too many significant differences between cluster analysis groups and too high coefficients of determination in regressions on species richness. Modified permutation tests provided ecologically better interpretable results. From 95 studies using Ellenberg indicator values, 36 reported potentially biased results. Conclusions: No statistical inferences should bemade in analyses relatingmean EIVs with other variables derived from the species composition as this can produce highly biased results, leading to misinterpretation. Alternatively, a modified permutation test using mean randomized EIVs can sometimes be used

Randomized Riemannian Preconditioning for Orthogonality Constrained Problems

Optimization problems with (generalized) orthogonality constraints are prevalent across science and engineering. For example, in computational science they arise in the symmetric (generalized) eigenvalue problem, in nonlinear eigenvalue problems, and in electronic structures computations, to name a few problems. In statistics and machine learning, they arise, for example, in canonical correlation analysis and in linear discriminant analysis. In this article, we consider using randomized preconditioning in the context of optimization problems with generalized orthogonality constraints. Our proposed algorithms are based on Riemannian optimization on the generalized Stiefel manifold equipped with a non-standard preconditioned geometry, which necessitates development of the geometric components necessary for developing algorithms based on this approach. Furthermore, we perform asymptotic convergence analysis of the preconditioned algorithms which help to characterize the quality of a given preconditioner using second-order information. Finally, for the problems of canonical correlation analysis and linear discriminant analysis, we develop randomized preconditioners along with corresponding bounds on the relevant condition number

Efficient public-key cryptography with bounded leakage and tamper resilience

We revisit the question of constructing public-key encryption and signature schemes with security in the presence of bounded leakage and tampering memory attacks. For signatures we obtain the first construction in the standard model; for public-key encryption we obtain the first construction free of pairing (avoiding non-interactive zero-knowledge proofs). Our constructions are based on generic building blocks, and, as we show, also admit efficient instantiations under fairly standard number-theoretic assumptions. The model of bounded tamper resistance was recently put forward by Damgård et al. (Asiacrypt 2013) as an attractive path to achieve security against arbitrary memory tampering attacks without making hardware assumptions (such as the existence of a protected self-destruct or key-update mechanism), the only restriction being on the number of allowed tampering attempts (which is a parameter of the scheme). This allows to circumvent known impossibility results for unrestricted tampering (Gennaro et al., TCC 2010), while still being able to capture realistic tampering attack