Non-black-box Simulation in the Fully Concurrent Setting, Revisited

We give a new proof of the existence of $O(n^{\epsilon})$-round public-coin concurrent zero-knowledge arguments for NP, where $\epsilon>0$ is an arbitrary constant. The security is proven in the plain model under the assumption that collision-resistant hash functions exist. (The existence of such concurrent zero-knowledge arguments was previously proven by Goyal (STOC\u2713) in the plain model under the same assumption.) In the proof, we use a new variant of the non-black-box simulation technique of Barak (FOCS\u2701). An important property of our simulation technique is that the simulator runs in a straight-line manner in the fully concurrent setting. Compared with the simulation technique of Goyal, which also has such a property, the analysis of our simulation technique is (arguably) simpler

On Constant-Round Concurrent Zero-Knowledge from a Knowledge Assumption

In this work, we consider the long-standing open question of constructing constant-round concurrent zero-knowledge protocols in the plain model. Resolving this question is known to require non-black-box techniques. We consider non-black-box techniques for zero-knowledge based on knowledge assumptions, a line of thinking initiated by the work of Hada and Tanaka (CRYPTO 1998). Prior to our work, it was not known whether knowledge assumptions could be used for achieving security in the concurrent setting, due to a number of significant limitations that we discuss here. Nevertheless, we obtain the following results: 1. We obtain the first constant round concurrent zero-knowledge argument for \textbf{NP} in the plain model based on a new variant of knowledge of exponent assumption. Furthermore, our construction avoids the inefficiency inherent in previous non-black-box techniques such that those of Barak (FOCS 2001); we obtain our result through an efficient protocol compiler. 2. Unlike Hada and Tanaka, we do not require a knowledge assumption to argue the soundness of our protocol. Instead, we use a discrete log like assumption, which we call Diffie-Hellman Logarithm Assumption, to prove the soundness of our protocol. 3. We give evidence that our new variant of knowledge of exponent assumption is in fact plausible. In particular, we show that our assumption holds in the generic group model. 4. Knowledge assumptions are especially delicate assumptions whose plausibility may be hard to gauge. We give a novel framework to express knowledge assumptions in a more flexible way, which may allow for formulation of plausible assumptions and exploration of their impact and application in cryptography.Comment: 30 pages, 3 figure

Constant-Round Concurrent Zero-Knowledge From Falsifiable Assumptions

We present a constant-round concurrent zero-knowledge protocol for \NP. Our protocol is sound against uniform polynomial-time attackers, and relies on the existence of families of collision-resistant hash functions, and a new (but in our eyes, natural) falsifiable intractability assumption: Roughly speaking, that Micali's non-interactive CS-proofs are sound for languages in $\P$

eXtended Variational Quasicontinuum Methodology for Lattice Networks with Damage and Crack Propagation

Lattice networks with dissipative interactions are often employed to analyze materials with discrete micro- or meso-structures, or for a description of heterogeneous materials which can be modelled discretely. They are, however, computationally prohibitive for engineering-scale applications. The (variational) QuasiContinuum (QC) method is a concurrent multiscale approach that reduces their computational cost by fully resolving the (dissipative) lattice network in small regions of interest while coarsening elsewhere. When applied to damageable lattices, moving crack tips can be captured by adaptive mesh refinement schemes, whereas fully-resolved trails in crack wakes can be removed by mesh coarsening. In order to address crack propagation efficiently and accurately, we develop in this contribution the necessary generalizations of the variational QC methodology. First, a suitable definition of crack paths in discrete systems is introduced, which allows for their geometrical representation in terms of the signed distance function. Second, special function enrichments based on the partition of unity concept are adopted, in order to capture kinematics in the wakes of crack tips. Third, a summation rule that reflects the adopted enrichment functions with sufficient degree of accuracy is developed. Finally, as our standpoint is variational, we discuss implications of the mesh refinement and coarsening from an energy-consistency point of view. All theoretical considerations are demonstrated using two numerical examples for which the resulting reaction forces, energy evolutions, and crack paths are compared to those of the direct numerical simulations.Comment: 36 pages, 23 figures, 1 table, 2 algorithms; small changes after review, paper title change

Cryptography

The Oberwolfach workshop Cryptography brought together scientists from cryptography with mathematicians specializing in the algorithmic problems underlying cryptographic security. The goal of the workshop was to stimulate interaction and collaboration that enables a holistic approach to designing cryptography from the mathematical foundations to practical applications. The workshop covered basic computational problems such as factoring and computing discrete logarithms and short vectors. It addressed fundamental research results leading to innovative cryptography for protecting security and privacy in cloud applications. It also covered some practical applications

Data-based mechanistic modelling, forecasting, and control.

This article briefly reviews the main aspects of the generic data based mechanistic (DBM) approach to modeling stochastic dynamic systems and shown how it is being applied to the analysis, forecasting, and control of environmental and agricultural systems. The advantages of this inductive approach to modeling lie in its wide range of applicability. It can be used to model linear, nonstationary, and nonlinear stochastic systems, and its exploitation of recursive estimation means that the modeling results are useful for both online and offline applications. To demonstrate the practical utility of the various methodological tools that underpin the DBM approach, the article also outlines several typical, practical examples in the area of environmental and agricultural systems analysis, where DBM models have formed the basis for simulation model reduction, control system design, and forecastin

Fiat-Shamir for highly sound protocols is instantiable

The Fiat–Shamir (FS) transformation (Fiat and Shamir, Crypto '86) is a popular paradigm for constructing very efficient non-interactive zero-knowledge (NIZK) arguments and signature schemes from a hash function and any three-move interactive protocol satisfying certain properties. Despite its wide-spread applicability both in theory and in practice, the known positive results for proving security of the FS paradigm are in the random oracle model only, i.e., they assume that the hash function is modeled as an external random function accessible to all parties. On the other hand, a sequence of negative results shows that for certain classes of interactive protocols, the FS transform cannot be instantiated in the standard model. We initiate the study of complementary positive results, namely, studying classes of interactive protocols where the FS transform does have standard-model instantiations. In particular, we show that for a class of “highly sound” protocols that we define, instantiating the FS transform via a q-wise independent hash function yields NIZK arguments and secure signature schemes. In the case of NIZK, we obtain a weaker “q-bounded” zero-knowledge flavor where the simulator works for all adversaries asking an a-priori bounded number of queries q; in the case of signatures, we obtain the weaker notion of random-message unforgeability against q-bounded random message attacks. Our main idea is that when the protocol is highly sound, then instead of using random-oracle programming, one can use complexity leveraging. The question is whether such highly sound protocols exist and if so, which protocols lie in this class. We answer this question in the affirmative in the common reference string (CRS) model and under strong assumptions. Namely, assuming indistinguishability obfuscation and puncturable pseudorandom functions we construct a compiler that transforms any 3-move interactive protocol with instance-independent commitments and simulators (a property satisfied by the Lapidot–Shamir protocol, Crypto '90) into a compiled protocol in the CRS model that is highly sound. We also present a second compiler, in order to be able to start from a larger class of protocols, which only requires instance-independent commitments (a property for example satisfied by the classical protocol for quadratic residuosity due to Blum, Crypto '81). For the second compiler we require dual-mode commitments. We hope that our work inspires more research on classes of (efficient) 3-move protocols where Fiat–Shamir is (efficiently) instantiable

Co-simulation of Continuous Systems: A Tutorial

Co-simulation consists of the theory and techniques to enable global simulation of a coupled system via the composition of simulators. Despite the large number of applications and growing interest in the challenges, the field remains fragmented into multiple application domains, with limited sharing of knowledge. This tutorial aims at introducing co-simulation of continuous systems, targeted at researchers new to the field