A Flexible Privacy-preserving Framework for Singular Value Decomposition under Internet of Things Environment

The singular value decomposition (SVD) is a widely used matrix factorization tool which underlies plenty of useful applications, e.g. recommendation system, abnormal detection and data compression. Under the environment of emerging Internet of Things (IoT), there would be an increasing demand for data analysis to better human's lives and create new economic growth points. Moreover, due to the large scope of IoT, most of the data analysis work should be done in the network edge, i.e. handled by fog computing. However, the devices which provide fog computing may not be trustable while the data privacy is often the significant concern of the IoT application users. Thus, when performing SVD for data analysis purpose, the privacy of user data should be preserved. Based on the above reasons, in this paper, we propose a privacy-preserving fog computing framework for SVD computation. The security and performance analysis shows the practicability of the proposed framework. Furthermore, since different applications may utilize the result of SVD operation in different ways, three applications with different objectives are introduced to show how the framework could flexibly achieve the purposes of different applications, which indicates the flexibility of the design.Comment: 24 pages, 4 figure

Quantum Lightning Never Strikes the Same State Twice

Public key quantum money can be seen as a version of the quantum no-cloning theorem that holds even when the quantum states can be verified by the adversary. In this work, investigate quantum lightning, a formalization of "collision-free quantum money" defined by Lutomirski et al. [ICS'10], where no-cloning holds even when the adversary herself generates the quantum state to be cloned. We then study quantum money and quantum lightning, showing the following results: - We demonstrate the usefulness of quantum lightning by showing several potential applications, such as generating random strings with a proof of entropy, to completely decentralized cryptocurrency without a block-chain, where transactions is instant and local. - We give win-win results for quantum money/lightning, showing that either signatures/hash functions/commitment schemes meet very strong recently proposed notions of security, or they yield quantum money or lightning. - We construct quantum lightning under the assumed multi-collision resistance of random degree-2 systems of polynomials. - We show that instantiating the quantum money scheme of Aaronson and Christiano [STOC'12] with indistinguishability obfuscation that is secure against quantum computers yields a secure quantum money schem

The Hidden Subgroup Problem and Eigenvalue Estimation on a Quantum Computer

A quantum computer can efficiently find the order of an element in a group, factors of composite integers, discrete logarithms, stabilisers in Abelian groups, and `hidden' or `unknown' subgroups of Abelian groups. It is already known how to phrase the first four problems as the estimation of eigenvalues of certain unitary operators. Here we show how the solution to the more general Abelian `hidden subgroup problem' can also be described and analysed as such. We then point out how certain instances of these problems can be solved with only one control qubit, or `flying qubits', instead of entire registers of control qubits.Comment: 16 pages, 3 figures, LaTeX2e, to appear in Proceedings of the 1st NASA International Conference on Quantum Computing and Quantum Communication (Springer-Verlag

Oriented grain growth and modification of ‘frozen anisotropy’ in the lithospheric mantle

Seismic anisotropy throughout the oceanic lithosphere is often assumed to be generated by fossilized texture formed during deformation at asthenospheric temperatures close to the ridge. Here we investigate the effect of high-temperature and high-pressure static annealing on the texture of previously deformed olivine aggregates to simulate residence of deformed peridotite in the lithosphere. Our experiments indicate that the orientation and magnitude of crystallographic preferred orientation (CPO) will evolve due to the preferential growth of grains with low dislocation densities. These observations suggest that texture and stored elastic strain energy promote a style of grain growth that modifies the CPO of a deformed aggregate. We demonstrate that these microstructural changes alter the orientation distributions and magnitudes of seismic wave velocities and anisotropy. Therefore, static annealing may complicate the inference of past deformation kinematics from seismic anisotropy in the lithosphere.This research is supported by NSF EAR-1131985 (to PS), with additional support from the Institute of Materials Science and Engineering at Washington University in St. Louis. DW and LNH acknowledge support from the Natural Environment Research Council Grant NE/M000966/1

Unforgeable Quantum Encryption

We study the problem of encrypting and authenticating quantum data in the presence of adversaries making adaptive chosen plaintext and chosen ciphertext queries. Classically, security games use string copying and comparison to detect adversarial cheating in such scenarios. Quantumly, this approach would violate no-cloning. We develop new techniques to overcome this problem: we use entanglement to detect cheating, and rely on recent results for characterizing quantum encryption schemes. We give definitions for (i.) ciphertext unforgeability , (ii.) indistinguishability under adaptive chosen-ciphertext attack, and (iii.) authenticated encryption. The restriction of each definition to the classical setting is at least as strong as the corresponding classical notion: (i) implies INT-CTXT, (ii) implies IND-CCA2, and (iii) implies AE. All of our new notions also imply QIND-CPA privacy. Combining one-time authentication and classical pseudorandomness, we construct schemes for each of these new quantum security notions, and provide several separation examples. Along the way, we also give a new definition of one-time quantum authentication which, unlike all previous approaches, authenticates ciphertexts rather than plaintexts.Comment: 22+2 pages, 1 figure. v3: error in the definition of QIND-CCA2 fixed, some proofs related to QIND-CCA2 clarifie

Delegating Quantum Computation in the Quantum Random Oracle Model

A delegation scheme allows a computationally weak client to use a server's resources to help it evaluate a complex circuit without leaking any information about the input (other than its length) to the server. In this paper, we consider delegation schemes for quantum circuits, where we try to minimize the quantum operations needed by the client. We construct a new scheme for delegating a large circuit family, which we call "C+P circuits". "C+P" circuits are the circuits composed of Toffoli gates and diagonal gates. Our scheme is non-interactive, requires very little quantum computation from the client (proportional to input length but independent of the circuit size), and can be proved secure in the quantum random oracle model, without relying on additional assumptions, such as the existence of fully homomorphic encryption. In practice the random oracle can be replaced by an appropriate hash function or block cipher, for example, SHA-3, AES. This protocol allows a client to delegate the most expensive part of some quantum algorithms, for example, Shor's algorithm. The previous protocols that are powerful enough to delegate Shor's algorithm require either many rounds of interactions or the existence of FHE. The protocol requires asymptotically fewer quantum gates on the client side compared to running Shor's algorithm locally. To hide the inputs, our scheme uses an encoding that maps one input qubit to multiple qubits. We then provide a novel generalization of classical garbled circuits ("reversible garbled circuits") to allow the computation of Toffoli circuits on this encoding. We also give a technique that can support the computation of phase gates on this encoding. To prove the security of this protocol, we study key dependent message(KDM) security in the quantum random oracle model. KDM security was not previously studied in quantum settings.Comment: 41 pages, 1 figures. Update to be consistent with the proceeding versio

Secure Data Aggregation in Wireless Sensor Networks. Homomorphism versus Watermarking Approach

International audienceWireless sensor networks are now in widespread use to monitor regions, detect events and acquire information. Since the deployed nodes are separated, they need to cooperatively communicate sensed data to the base station. Hence, transmissions are a very energy consuming operation. To reduce the amount of sending data, an aggregation approach can be applied along the path from sensors to the sink. However, usually the carried information contains confidential data. Therefore, an end-to-end secure aggregation approach is required to ensure a healthy data reception. End-to-end encryption schemes that support operations over cypher-text have been proved important for private party sensor network implementations. These schemes offer two main advantages: end-to-end concealment of data and ability to operate on cipher text, then no more decryption is required for aggregation. Unfortunately, nowadays these methods are very complex and not suitable for sensor nodes having limited resources. In this paper, we propose a secure end-to-end encrypted-data aggregation scheme. It is based on elliptic curve cryptography that exploits a smaller key size. Additionally, it allows the use of higher number of operations on cypher-texts and prevents the distinction between two identical texts from their cryptograms. These properties permit to our approach to achieve higher security levels than existing cryptosystems in sensor networks. Our experiments show that our proposed secure aggregation method significantly reduces computation and communication overhead and can be practically implemented in on-the-shelf sensor platforms. By using homomorphic encryption on elliptic curves, we thus have realized an efficient and secure data aggregation in sensor networks. Lastly, to enlarge the aggregation functions that can be used in a secure wireless sensor network, a watermarking-based authentication scheme is finally proposed

Predicate Encryption for Circuits from LWE

In predicate encryption, a ciphertext is associated with descriptive attribute values x in addition to a plaintext μ, and a secret key is associated with a predicate f. Decryption returns plaintext μ if and only if f(x)=1. Moreover, security of predicate encryption guarantees that an adversary learns nothing about the attribute x or the plaintext μ from a ciphertext, given arbitrary many secret keys that are not authorized to decrypt the ciphertext individually. We construct a leveled predicate encryption scheme for all circuits, assuming the hardness of the subexponential learning with errors (LWE) problem. That is, for any polynomial function d=d(λ), we construct a predicate encryption scheme for the class of all circuits with depth bounded by d(λ), where λ is the security parameter.Microsoft Corporation (PhD Fellowship)Northrop Grumman Cybersecurity Research ConsortiumUnited States. Defense Advanced Research Projects Agency (Grant FA8750-11-2-0225)National Science Foundation (U.S.) (Awards CNS-1350619)National Science Foundation (U.S.) (Awards CNS-1413920)Alfred P. Sloan Foundation (Fellowship)Microsoft (Faculty Fellowship

On the joint security of signature and encryption schemes under randomness reuse: efficiency and security amplification

Lecture Notes in Computer Science, 7341We extend the work of Bellare, Boldyreva and Staddon on the systematic analysis of randomness reuse to construct multi-recipient encryption schemes to the case where randomness is reused across different cryptographic primitives. We find that through the additional binding introduced through randomness reuse, one can actually obtain a security amplification with respect to the standard black-box compositions, and achieve a stronger level of security. We introduce stronger notions of security for encryption and signatures, where challenge messages can depend in a restricted way on the random coins used in encryption, and show that two variants of the KEM/DEM paradigm give rise to encryption schemes that meet this enhanced notion of security. We obtain the most efficient signcryption scheme to date that is secure against insider attackers without random oracles.(undefined