Public Verifiability in the Covert Model (Almost) for Free

The covert security model (Aumann and Lindell, TCC 2007) offers an important security/efficiency trade-off: a covert player may arbitrarily cheat, but is caught with a certain fixed probability. This permits more efficient protocols than the malicious setting while still giving meaningful security guarantees. However, one drawback is that cheating cannot be proven to a third party, which prevents the use of covert protocols in many practical settings. Recently, Asharov and Orlandi (ASIACRYPT 2012) enhanced the covert model by allowing the honest player to generate a \emph{proof of cheating}, checkable by any third party. Their model, which we call the PVC (\emph{publicly verifiable covert}) model, offers a very compelling trade-off. Asharov and Orlandi (AO) propose a practical protocol in the PVC model, which, however, relies on a specific expensive oblivious transfer (OT) protocol incompatible with OT extension. In this work, we improve the performance of the PVC model by constructing a PVC-compatible OT extension as well as making several practical improvements to the AO protocol. As compared to the state-of-the-art OT extension-based two-party covert protocol, our PVC protocol adds relatively little: four signatures and an $\approx 67\%$ wider OT extension matrix. This is a significant improvement over the AO protocol, which requires public-key-based OTs per input bit. We present detailed estimates showing (up to orders of magnitude) concrete performance improvements over the AO protocol and a recent malicious protocol

Nonsense and the Freedom of Speech: What Meaning Means for the First Amendment

A great deal of everyday expression is, strictly speaking, nonsense. But courts and scholars have done little to consider whether or why such meaningless speech, like nonrepresentational art, falls within “the freedom of speech.” If, as many suggest, meaning is what separates speech from sound and expression from conduct, then the constitutional case for nonsense is complicated. And because nonsense is so common, the case is also important — artists like Lewis Carroll and Jackson Pollock are not the only putative “speakers” who should be concerned about the outcome. This Article is the first to explore thoroughly the relationship between nonsense and the freedom of speech; in doing so, it suggests ways to determine what “meaning” means for First Amendment purposes. The Article begins by demonstrating the scope and constitutional salience of meaningless speech, showing that nonsense is multifarious, widespread, and sometimes intertwined with traditional First Amendment values like autonomy, the marketplace of ideas, and democracy. The second part of the Article argues that exploring nonsense can illuminate the meaning of meaning itself. This, too, is an important task, for although free speech discourse often relies on the concept of meaning to chart the Amendment’s scope, courts and scholars have done relatively little to establish what it entails. Analytic philosophers, meanwhile, have spent the past century doing little else. Their efforts — echoes of which can already be heard in First Amendment doctrine — suggest that free speech doctrine is best served by finding meaning in the way words are used, rather than in their relationship to extra-linguistic concepts

Nonsense and the Freedom of Speech: What Meaning Means for the First Amendment

A great deal of everyday expression is, strictly speaking, nonsense. But courts and scholars have done little to consider whether or why such meaningless speech, like nonrepresentational art, falls within “the freedom of speech.” If, as many suggest, meaning is what separates speech from sound and expression from conduct, then the constitutional case for nonsense is complicated. And because nonsense is so common, the case is also important — artists like Lewis Carroll and Jackson Pollock are not the only putative “speakers” who should be concerned about the outcome. This Article is the first to explore thoroughly the relationship between nonsense and the freedom of speech; in doing so, it suggests ways to determine what “meaning” means for First Amendment purposes. The Article begins by demonstrating the scope and constitutional salience of meaningless speech, showing that nonsense is multifarious, widespread, and sometimes intertwined with traditional First Amendment values like autonomy, the marketplace of ideas, and democracy. The second part of the Article argues that exploring nonsense can illuminate the meaning of meaning itself. This, too, is an important task, for although free speech discourse often relies on the concept of meaning to chart the Amendment’s scope, courts and scholars have done relatively little to establish what it entails. Analytic philosophers, meanwhile, have spent the past century doing little else. Their efforts — echoes of which can already be heard in First Amendment doctrine — suggest that free speech doctrine is best served by finding meaning in the way words are used, rather than in their relationship to extra-linguistic concepts

Finding Safety in Numbers with Secure Allegation Escrows

For fear of retribution, the victim of a crime may be willing to report it only if other victims of the same perpetrator also step forward. Common examples include 1) identifying oneself as the victim of sexual harassment, especially by a person in a position of authority or 2) accusing an influential politician, an authoritarian government, or ones own employer of corruption. To handle such situations, legal literature has proposed the concept of an allegation escrow: a neutral third-party that collects allegations anonymously, matches them against each other, and de-anonymizes allegers only after de-anonymity thresholds (in terms of number of co-allegers), pre-specified by the allegers, are reached. An allegation escrow can be realized as a single trusted third party; however, this party must be trusted to keep the identity of the alleger and content of the allegation private. To address this problem, this paper introduces Secure Allegation Escrows (SAE, pronounced "say"). A SAE is a group of parties with independent interests and motives, acting jointly as an escrow for collecting allegations from individuals, matching the allegations, and de-anonymizing the allegations when designated thresholds are reached. By design, SAEs provide a very strong property: No less than a majority of parties constituting a SAE can de-anonymize or disclose the content of an allegation without a sufficient number of matching allegations (even in collusion with any number of other allegers). Once a sufficient number of matching allegations exist, the join escrow discloses the allegation with the allegers' identities. We describe how SAEs can be constructed using a novel authentication protocol and a novel allegation matching and bucketing algorithm, provide formal proofs of the security of our constructions, and evaluate a prototype implementation, demonstrating feasibility in practice.Comment: To appear in NDSS 2020. New version includes improvements to writing and proof. The protocol is unchange

Public Evidence from Secret Ballots

Elections seem simple---aren't they just counting? But they have a unique, challenging combination of security and privacy requirements. The stakes are high; the context is adversarial; the electorate needs to be convinced that the results are correct; and the secrecy of the ballot must be ensured. And they have practical constraints: time is of the essence, and voting systems need to be affordable and maintainable, and usable by voters, election officials, and pollworkers. It is thus not surprising that voting is a rich research area spanning theory, applied cryptography, practical systems analysis, usable security, and statistics. Election integrity involves two key concepts: convincing evidence that outcomes are correct and privacy, which amounts to convincing assurance that there is no evidence about how any given person voted. These are obviously in tension. We examine how current systems walk this tightrope.Comment: To appear in E-Vote-Id '1

Black-Box Transformations from Passive to Covert Security with Public Verifiability

In the context of secure computation, protocols with security against covert adversaries ensure that any misbehavior by malicious parties will be detected by the honest parties with some constant probability. As such, these protocols provide better security guarantees than passively secure protocols and, moreover, are easier to construct than protocols with full security against active adversaries. Protocols that, upon detecting a cheating attempt, allow the honest parties to compute a certificate that enables third parties to verify whether an accused party misbehaved or not are called publicly verifiable. In this work, we present the first generic compilers for constructing two-party protocols with covert security and public verifiability from protocols with passive security. We present two separate compilers, which are both fully blackbox in the underlying protocols they use. Both of them only incur a constant multiplicative factor in terms of bandwidth overhead and a constant additive factor in terms of round complexity on top of the passively secure protocols they use. The first compiler applies to all two-party protocols that have no private inputs. This class of protocols covers the important class of preprocessing protocols that are used to setup correlated randomness among parties. We use our compiler to obtain the first secret-sharing based two-party protocol with covert security and public verifiability. Notably, the produced protocol achieves public verifiability essentially for free when compared with the best known previous solutions based on secret-sharing that did not provide public verifiability Our second compiler constructs protocols with covert security and public verifiability for arbitrary functionalities from passively secure protocols. It uses our first compiler to perform a setup phase, which is independent of the parties\u27 inputs as well as the protocol they would like to execute. Finally, we show how to extend our techniques to obtain multiparty computation protocols with covert security and public verifiability against arbitrary constant fractions of corruptions

Covert Security with Public Verifiability: Faster, Leaner, and Simpler

The notion of covert security for secure two-party computation serves as a compromise between the traditional semi-honest and malicious security definitions. Roughly, covert security ensures that cheating behavior is detected by the honest party with reasonable probability. It provides more realistic guarantees than semi-honest security with significantly less overhead than is required by malicious security. The rationale for covert security is that it dissuades cheating by parties that care about their reputation and do not want to risk being caught. Further thought, however, shows that a much stronger disincentive is obtained if the honest party can generate a publicly verifiable certificate of misbehavior when cheating is detected. While the corresponding notion of publicly verifiable covert (PVC) security has been explored, existing PVC protocols are complex and less efficient than the best-known covert protocols, and have impractically large certificates. We propose a novel PVC protocol that significantly improves on prior work. Our protocol uses only ``off-the-shelf\u27\u27 primitives (in particular, it avoids signed oblivious transfer) and, for deterrence factor 1/2, has only 20-40% overhead (depending on the circuit size and network bandwidth) compared to state-of-the-art semi-honest protocols. Our protocol also has, for the first time, constant-size certificates of cheating (e.g., 354 bytes long at the 128-bit security level). As our protocol offers strong security guarantees with low overhead, we suggest that it is the best choice for many practical applications of secure two-party computation

Environmentalism, performance and applications: uncertainties and emancipations

This introductory article for a themed edition on environmentalism provides a particular context for those articles that follow, each of which engages with different aspects of environmentalism and performance in community-related settings. Responding to the proposition that there is a lacuna in the field of applied drama and environmentalism (Bottoms, 2010), we suggest that the more significant lack is that of ecocriticism. As the articles in this journal testify, there are many examples of applied theatre practice; what is required is sustained and rigorous critical engagement. It is to the gap of ecocriticism that we address this issue, signalling what we hope is the emergence of a critical field. One response to the multiple challenges of climate change is to more transparently locate the human animal within the environment, as one agent amongst many. Here, we seek to transparently locate the critic, intertwining the personal – ourselves, human actants – with global environmental concerns. This tactic mirrors much contemporary writing on climate change and its education, privileging personal engagement – a shift we interrogate as much as we perform. The key trope we anchor is that of uncertainty: the uncertainties that accompany stepping into a new research environment; the uncertainties arising from multiple relations (human and non-human); the uncertainties of scientific fact; the uncertainties of forecasting the future; and the uncertainties of outcomes – including those of performance practices. Having analysed a particular turn in environmental education (towards social learning) and the failure to successfully combine ‘art and reality’ in recent UK mainstream theatre events, such uncertainties lead to our suggestion for an ‘emancipated’ environmentalism. In support of this proposal, we offer up a reflection on a key weekend of performance practice that brought us to attend to the small – but not insignificant – and to consider first hand the complex relationships between environmental ‘grand narratives’ and personal experiential encounters. Locating ourselves within the field and mapping out some of the many conceptual challenges attached to it serves to introduce the territories which the following journal articles expand upon

The free encyclopaedia that anyone can edit: the shifting values of Wikipedia editors

Wikipedia is often held up as an example of the potential of the internet to foster open, free and non-commercial collaboration. However such discourses often conflate these values without recognising how they play out in reality in a peer-production community. As Wikipedia is evolving, it is an ideal time to examine these discourses and the tensions that exist between its initial ideals and the reality of commercial activity in the encyclopaedia. Through an analysis of three failed proposals to ban paid advocacy editing in the English language Wikipedia, this paper highlights the shift in values from the early editorial community that forked encyclopaedic content over the threat of commercialisation, to one that today values the freedom that allows anyone to edit the encyclopaedia