Women in Combat: Issues for Congress

[Excerpt] Over the past two decades of conflict, women have served with valor and continue to serve on combat aircraft, naval vessels, and in support of ground combat operations. The expansion of roles for women in the armed forces has evolved since the early days of the military when women were restricted by law and policy from serving in certain occupations and units. Women are not precluded by law from serving in any military unit or occupational specialty. However, a 1994 Department of Defense (DOD) policy prevented women from being assigned to units below brigade level where the unit’s primary mission was to engage directly in ground combat. This policy barred women from serving in infantry, artillery, armor, combat engineers, and special operations units of battalion size or smaller. On January 24, 2013, then-Secretary of Defense Leon Panetta rescinded the rule that restricted women from serving in combat units and directed the military departments to review their occupational standards and assignment policies for implementation no later than January 1, 2016. This recent policy change followed extensive reviews by various commissions and others on issues regarding women in the military and policies for their assignment and career progression. For example, the Duncan Hunter National Defense Authorization Act for Fiscal Year 2009 (P.L. 110-417) established the Military Leadership Diversity Commission whose mandate was to conduct a study and report on the “establishment and maintenance of fair promotion and command opportunities for ethnic- and gender-specific members of the Armed Forces.” Among its recommendations, the commission stated that DOD should take deliberate steps to open additional career fields and units involved in direct ground combat to women. The commission’s recommendations prompted Congress to direct DOD, in the Ike Skelton National Defense Act for Fiscal Year 2011 (P.L. 111-383), to conduct a review to “ensure that female members have equitable opportunities to compete and excel in the Armed Forces.” With the cancellation of the policy banning women from serving in combat units, some have questioned whether current occupational standards for entry into these units should be kept in place or modified. Proponents of change maintain that the existing standards are artificially high, and act as a de facto exclusionary barrier to the entry of women into combat occupations. Defenders of the current standards view any reductions to the existing standards as potentially damaging to military readiness. Congress has established requirements, definitions, and criteria for the development and application of “gender-neutral” occupational standards, and has oversight of all DOD decisions in this matter. Congress may also consider additional issues including equal opportunity, equal responsibility (such as selective service registration), readiness and cohesion, effectiveness, and the overall manpower needs of the military

Selective-Opening Security in the Presence of Randomness Failures

We initiate the study of public-key encryption (PKE) secure against selective-opening attacks (SOA) in the presence of randomness failures, i.e., when the sender may (inadvertently) use low-quality randomness. In the SOA setting, an adversary can adaptively corrupt senders; this notion is natural to consider in tandem with randomness failures since an adversary may target senders by multiple means. Concretely, we first treat SOA security of nonce-based PKE. After formulating an appropriate definition of SOA- secure nonce-based PKE,we provide efficient constructions in the non-programmable random-oracle model, based on lossy trapdoor functions. We then lift our notion of security to the setting of hedged PKE, which ensures security as long as the sender\u27s seed, message, and nonce jointly have high entropy. This unifies the notions and strengthens the protection that nonce-based PKE provides against randomness failures even in the non-SOA setting.We lift our definitions and constructions of SOA-secure nonce-based PKE to the hedged setting as well

Luxemburg's corporatist Scandinavian welfare system and incorporation of migrants

Luxembourg is the EU and OECD member state (MS) with a permanently increasing immigra-tion and the highest share of immigrants and cross border commuters within the labour force and more so within the competitive sector. Luxembourg has a typical Bismarckian corporatist welfare system, which has developed a gener-ous and broad welfare regime over the last 100 years with a further important push during the last two decades. Since then, benefits offered muted steadily to middle class standards and providers were merged to universalistic national bodies, leaving behind the different former corporatist providers. Due to a higher dependency on welfare benefits due to the economic downturn, nearly all MS modified from the 1970s onwards their original systems, mostly in the sense of a liberalization with cutbacks in comparison to the former more generous provisions. There has been a shift in responsibility from the state to the individual citizen via different means such as a non-increase of benefits, restricting eligibility (re-commodification), restructuring schemes in a radical way (recalibration) and cost containment measures (Pierson, 2001). Luxembourg however expanded and improved its system. What is the link between immigration and the outstanding evolution of the welfare system? The steady increase of young foreign contributors (immigrants and crossers) provided Luxem-bourg with the means to develop from a corporatist model to a Scandinavian with highest provi-sions, an emerging service sector and no significant retrenchment policy. Immigrants contribute, on average, more to the different welfare insurances than they use them, given their on average younger age, given a predominantly economic immigration and given higher employment rates than those of nationals.Migrants' incorporation; corporatist; universalistic welfare regime; Luxembourg; migrants' contribution

Secret-Sharing for NP

A computational secret-sharing scheme is a method that enables a dealer, that has a secret, to distribute this secret among a set of parties such that a "qualified" subset of parties can efficiently reconstruct the secret while any "unqualified" subset of parties cannot efficiently learn anything about the secret. The collection of "qualified" subsets is defined by a Boolean function. It has been a major open problem to understand which (monotone) functions can be realized by a computational secret-sharing schemes. Yao suggested a method for secret-sharing for any function that has a polynomial-size monotone circuit (a class which is strictly smaller than the class of monotone functions in P). Around 1990 Rudich raised the possibility of obtaining secret-sharing for all monotone functions in NP: In order to reconstruct the secret a set of parties must be "qualified" and provide a witness attesting to this fact. Recently, Garg et al. (STOC 2013) put forward the concept of witness encryption, where the goal is to encrypt a message relative to a statement "x in L" for a language L in NP such that anyone holding a witness to the statement can decrypt the message, however, if x is not in L, then it is computationally hard to decrypt. Garg et al. showed how to construct several cryptographic primitives from witness encryption and gave a candidate construction. One can show that computational secret-sharing implies witness encryption for the same language. Our main result is the converse: we give a construction of a computational secret-sharing scheme for any monotone function in NP assuming witness encryption for NP and one-way functions. As a consequence we get a completeness theorem for secret-sharing: computational secret-sharing scheme for any single monotone NP-complete function implies a computational secret-sharing scheme for every monotone function in NP

Server-Aided Revocable Predicate Encryption: Formalization and Lattice-Based Instantiation

Efficient user revocation is a necessary but challenging problem in many multi-user cryptosystems. Among known approaches, server-aided revocation yields a promising solution, because it allows to outsource the major workloads of system users to a computationally powerful third party, called the server, whose only requirement is to carry out the computations correctly. Such a revocation mechanism was considered in the settings of identity-based encryption and attribute-based encryption by Qin et al. (ESORICS 2015) and Cui et al. (ESORICS 2016), respectively. In this work, we consider the server-aided revocation mechanism in the more elaborate setting of predicate encryption (PE). The latter, introduced by Katz, Sahai, and Waters (EUROCRYPT 2008), provides fine-grained and role-based access to encrypted data and can be viewed as a generalization of identity-based and attribute-based encryption. Our contribution is two-fold. First, we formalize the model of server-aided revocable predicate encryption (SR-PE), with rigorous definitions and security notions. Our model can be seen as a non-trivial adaptation of Cui et al.'s work into the PE context. Second, we put forward a lattice-based instantiation of SR-PE. The scheme employs the PE scheme of Agrawal, Freeman and Vaikuntanathan (ASIACRYPT 2011) and the complete subtree method of Naor, Naor, and Lotspiech (CRYPTO 2001) as the two main ingredients, which work smoothly together thanks to a few additional techniques. Our scheme is proven secure in the standard model (in a selective manner), based on the hardness of the Learning With Errors (LWE) problem.Comment: 24 page

Fiat-Shamir for highly sound protocols is instantiable

The Fiat–Shamir (FS) transformation (Fiat and Shamir, Crypto '86) is a popular paradigm for constructing very efficient non-interactive zero-knowledge (NIZK) arguments and signature schemes from a hash function and any three-move interactive protocol satisfying certain properties. Despite its wide-spread applicability both in theory and in practice, the known positive results for proving security of the FS paradigm are in the random oracle model only, i.e., they assume that the hash function is modeled as an external random function accessible to all parties. On the other hand, a sequence of negative results shows that for certain classes of interactive protocols, the FS transform cannot be instantiated in the standard model. We initiate the study of complementary positive results, namely, studying classes of interactive protocols where the FS transform does have standard-model instantiations. In particular, we show that for a class of “highly sound” protocols that we define, instantiating the FS transform via a q-wise independent hash function yields NIZK arguments and secure signature schemes. In the case of NIZK, we obtain a weaker “q-bounded” zero-knowledge flavor where the simulator works for all adversaries asking an a-priori bounded number of queries q; in the case of signatures, we obtain the weaker notion of random-message unforgeability against q-bounded random message attacks. Our main idea is that when the protocol is highly sound, then instead of using random-oracle programming, one can use complexity leveraging. The question is whether such highly sound protocols exist and if so, which protocols lie in this class. We answer this question in the affirmative in the common reference string (CRS) model and under strong assumptions. Namely, assuming indistinguishability obfuscation and puncturable pseudorandom functions we construct a compiler that transforms any 3-move interactive protocol with instance-independent commitments and simulators (a property satisfied by the Lapidot–Shamir protocol, Crypto '90) into a compiled protocol in the CRS model that is highly sound. We also present a second compiler, in order to be able to start from a larger class of protocols, which only requires instance-independent commitments (a property for example satisfied by the classical protocol for quadratic residuosity due to Blum, Crypto '81). For the second compiler we require dual-mode commitments. We hope that our work inspires more research on classes of (efficient) 3-move protocols where Fiat–Shamir is (efficiently) instantiable