Effects of climate extremes on the terrestrial carbon cycle : concepts, processes and potential future impacts

This article is protected by copyright. All rights reserved. Acknowledgements This work emerged from the CARBO-Extreme project, funded by the European Community’s 7th framework programme under grant agreement (FP7-ENV-2008-1-226701). We are grateful to the Reviewers and the Subject Editor for helpful guidance. We thank to Silvana Schott for graphic support. Mirco Miglivacca provided helpful comments on the manuscript. Michael Bahn acknowledges support from the Austrian Science Fund (FWF; P22214-B17). Sara Vicca is a postdoctoral research associate of the Fund for Scientific Research – Flanders. Wolfgang Cramer contributes to the Labex OT-Med (n° ANR-11- LABX-0061) funded by the French government through the A*MIDEX project (n° ANR-11-IDEX-0001-02). Flurin Babst acknowledges support from the Swiss National Science Foundation (P300P2_154543).Peer reviewedPublisher PD

Crack Front Waves and the dynamics of a rapidly moving crack

Crack front waves are localized waves that propagate along the leading edge of a crack. They are generated by the interaction of a crack with a localized material inhomogeneity. We show that front waves are nonlinear entities that transport energy, generate surface structure and lead to localized velocity fluctuations. Their existence locally imparts inertia, which is not incorporated in current theories of fracture, to initially "massless" cracks. This, coupled to crack instabilities, yields both inhomogeneity and scaling behavior within fracture surface structure.Comment: Embedded Latex file including 4 figure

Linear-Time Zero-Knowledge Proofs for Arithmetic Circuit Satisfiability

We give computationally efficient zero-knowledge proofs of knowledge for arithmetic circuit satisfiability over a large field. For a circuit with N addition and multiplication gates, the prover only uses O(N) multiplications and the verifier only uses O(N) additions in the field. If the commitments we use are statistically binding, our zero-knowledge proofs have unconditional soundness, while if the commitments are statistically hiding we get computational soundness. Our zero-knowledge proofs also have sub-linear communication if the commitment scheme is compact. Our construction proceeds in three steps. First, we give a zero-knowledge proof for arithmetic circuit satisfiability in an ideal linear commitment model where the prover may commit to secret vectors of field elements, and the verifier can receive certified linear combinations of those vectors. Second, we show that the ideal linear commitment proof can be instantiated using error-correcting codes and non-interactive commitments. Finally, by choosing efficient instantiations of the primitives we obtain linear-time zero-knowledge proofs

A Practical Approach to the Secure Computation of the Moore-Penrose Pseudoinverse over the Rationals

Solving linear systems of equations is a universal problem. In the context of secure multiparty computation (MPC), a method to solve such systems, especially for the case in which the rank of the system is unknown and should remain private, is an important building block. We devise an efficient and data-oblivious algorithm (meaning that the algorithm\u27s execution time and branching behavior are independent of all secrets) for solving a bounded integral linear system of unknown rank over the rational numbers via the Moore-Penrose pseudoinverse, using finite-field arithmetic. I.e., we compute the Moore-Penrose inverse over a finite field of sufficiently large order, so that we can recover the rational solution from the solution over the finite field. While we have designed the algorithm with an MPC context in mind, it could be valuable also in other contexts where data-obliviousness is required, like secure enclaves in CPUs. Previous work by Cramer, Kiltz and Padró (CRYPTO 2007) proposes a constant-rounds protocol for computing the Moore-Penrose pseudoinverse over a finite field. The asymptotic complexity (counted as the number of secure multiplications) of their solution is $O(m^4 + n^2 m)$, where $m$ and $n$, $m\leq n$, are the dimensions of the linear system. To reduce the number of secure multiplications, we sacrifice the constant-rounds property and propose a protocol for computing the Moore-Penrose pseudoinverse over the rational numbers in a linear number of rounds, requiring only $O(m^2n)$ secure multiplications. To obtain the common denominator of the pseudoinverse, required for constructing an integer-representation of the pseudoinverse, we generalize a result by Ben-Israel for computing the squared volume of a matrix. Also, we show how to precondition a symmetric matrix to achieve generic rank profile while preserving symmetry and being able to remove the preconditioner after it has served its purpose. These results may be of independent interest

Structure-Preserving Smooth Projective Hashing

International audienceSmooth projective hashing has proven to be an extremely useful primitive, in particular when used in conjunction with commitments to provide implicit decommitment. This has lead to applications proven secure in the UC framework, even in presence of an adversary which can do adaptive corruptions, like for example Password Authenticated Key Exchange (PAKE), and 1-out-of-m Oblivious Transfer (OT). However such solutions still lack in efficiency, since they heavily scale on the underlying message length. Structure-preserving cryptography aims at providing elegant and efficient schemes based on classical assumptions and standard group operations on group elements. Recent trend focuses on constructions of structure- preserving signatures, which require message, signature and verification keys to lie in the base group, while the verification equations only consist of pairing-product equations. Classical constructions of Smooth Projective Hash Function suffer from the same limitation as classical signatures: at least one part of the computation (messages for signature, witnesses for SPHF) is a scalar. In this work, we introduce and instantiate the concept of Structure- Preserving Smooth Projective Hash Function, and give as applications more efficient instantiations for one-round PAKE and three-round OT, and information retrieval thanks to Anonymous Credentials, all UC- secure against adaptive adversaries

Field Extension in Secret-Shared Form and Its Applications to Efficient Secure Computation

Secure computation enables participating parties to jointly compute a function over their inputs while keeping them private. Secret sharing plays an important role for maintaining privacy during the computation. In most schemes, secret sharing over the same finite field is normally utilized throughout all the steps in the secure computation. A major drawback of this “uniform” approach is that one has to set the size of the field to be as large as the maximum of all the lower bounds derived from all the steps in the protocol. This easily leads to a requirement for using a large field which, in turn, makes the protocol inefficient. In this paper, we propose a “non-uniform” approach: dynamically changing the fields so that they are suitable for each step of computation. At the core of our approach is a surprisingly simple method to extend the underlying field of a secret sharing scheme, in a non-interactive manner, while maintaining the secret being shared. Using our approach, default computations can hence be done in a small field, which allows better efficiency, while one would extend to a larger field only at the necessary steps. As the main application of our technique, we show an improvement upon the recent actively secure protocol proposed by Chida et al. (Crypto’18). The improved protocol can handle a binary field, which enables XOR-free computation of a boolean circuit. Other applications include efficient (batch) equality check and consistency check protocols, which are useful for, e.g., password-based threshold authenticatio

Can One Trust Quantum Simulators?

Various fundamental phenomena of strongly-correlated quantum systems such as high-$T_c$ superconductivity, the fractional quantum-Hall effect, and quark confinement are still awaiting a universally accepted explanation. The main obstacle is the computational complexity of solving even the most simplified theoretical models that are designed to capture the relevant quantum correlations of the many-body system of interest. In his seminal 1982 paper [Int. J. Theor. Phys. 21, 467], Richard Feynman suggested that such models might be solved by "simulation" with a new type of computer whose constituent parts are effectively governed by a desired quantum many-body dynamics. Measurements on this engineered machine, now known as a "quantum simulator," would reveal some unknown or difficult to compute properties of a model of interest. We argue that a useful quantum simulator must satisfy four conditions: relevance, controllability, reliability, and efficiency. We review the current state of the art of digital and analog quantum simulators. Whereas so far the majority of the focus, both theoretically and experimentally, has been on controllability of relevant models, we emphasize here the need for a careful analysis of reliability and efficiency in the presence of imperfections. We discuss how disorder and noise can impact these conditions, and illustrate our concerns with novel numerical simulations of a paradigmatic example: a disordered quantum spin chain governed by the Ising model in a transverse magnetic field. We find that disorder can decrease the reliability of an analog quantum simulator of this model, although large errors in local observables are introduced only for strong levels of disorder. We conclude that the answer to the question "Can we trust quantum simulators?" is... to some extent.Comment: 20 pages. Minor changes with respect to version 2 (some additional explanations, added references...

The Two-Component Sensor Kinase TcsC and Its Role in Stress Resistance of the Human-Pathogenic Mold Aspergillus fumigatus

Two-component signaling systems are widespread in bacteria, but also found in fungi. In this study, we have characterized TcsC, the only Group III two-component sensor kinase of Aspergillus fumigatus. TcsC is required for growth under hyperosmotic stress, but dispensable for normal growth, sporulation and conidial viability. A characteristic feature of the ΔtcsC mutant is its resistance to certain fungicides, like fludioxonil. Both hyperosmotic stress and treatment with fludioxonil result in a TcsC-dependent phosphorylation of SakA, the final MAP kinase in the high osmolarity glycerol (HOG) pathway, confirming a role for TcsC in this signaling pathway. In wild type cells fludioxonil induces a TcsC-dependent swelling and a complete, but reversible block of growth and cytokinesis. Several types of stress, such as hypoxia, exposure to farnesol or elevated concentrations of certain divalent cations, trigger a differentiation in A. fumigatus toward a “fluffy” growth phenotype resulting in white, dome-shaped colonies. The ΔtcsC mutant is clearly more susceptible to these morphogenetic changes suggesting that TcsC normally antagonizes this process. Although TcsC plays a role in the adaptation of A. fumigatus to hypoxia, it seems to be dispensable for virulence

Model order selection for bio-molecular data clustering

Background: Cluster analysis has been widely applied for investigating structure in bio-molecular data. A drawback of most clustering algorithms is that they cannot automatically detect the ”natural ” number of clusters underlying the data, and in many cases we have no enough ”a priori ” biological knowledge to evaluate both the number of clusters as well as their validity. Recently several methods based on the concept of stability have been proposed to estimate the ”optimal ” number of clusters, but despite their successful application to the analysis of complex bio-molecular data, the assessment of the statistical significance of the discovered clustering solutions and the detection of multiple structures simultaneously present in high-dimensional bio-molecular data are still major problems. Results: We propose a stability method based on randomized maps that exploits the high-dimensionality and relatively low cardinality that characterize bio-molecular data, by selecting subsets of randomized linear combinations of the input variables, and by using stability indices based on the overall distribution of similarity measures between multiple pairs of clusterings performed on the randomly projected data. A χ 2-based statistical test is proposed to assess the significance of the clustering solutions and to detect significant and if possible multi-level structures simultaneously present in the data (e.g. hierarchical structures)

Guaranteed Output Delivery Comes Free in Honest Majority MPC

We study the communication complexity of unconditionally secure MPC with guaranteed output delivery over point-to-point channels for corruption threshold t < n/2, assuming the existence of a public broadcast channel. We ask the question: “is it possible to construct MPC in this setting s.t. the communication complexity per multiplication gate is linear in the number of parties?” While a number of works have focused on reducing the communication complexity in this setting, the answer to the above question has remained elusive until now. We also focus on the concrete communication complexity of evaluating each multiplication gate. We resolve the above question in the affirmative by providing an MPC with communication complexity O(Cn\phi) bits (ignoring fixed terms which are independent of the circuit) where \phi is the length of an element in the field, C is the size of the (arithmetic) circuit, n is the number of parties. This is the first construction where the asymptotic communication complexity matches the best-known semi-honest protocol. This represents a strict improvement over the previously best-known communication complexity of O(C(n\phi+\kappa)+D_Mn^2\kappa) bits, where \kappa is the security parameter and D_M is the multiplicative depth of the circuit. Furthermore, the concrete communication complexity per multiplication gate is 5.5 field elements per party in the best case and 7.5 field elements in the worst case when one or more corrupted parties have been identified. This also roughly matches the best-known semi-honest protocol, which requires 5.5 field elements per gate