Efficient UC Commitment Extension with Homomorphism for Free (and Applications)

Homomorphic universally composable (UC) commitments allow for the sender to reveal the result of additions and multiplications of values contained in commitments without revealing the values themselves while assuring the receiver of the correctness of such computation on committed values. In this work, we construct essentially optimal additively homomorphic UC commitments from any (not necessarily UC or homomorphic) extractable commitment. We obtain amortized linear computational complexity in the length of the input messages and rate 1. Next, we show how to extend our scheme to also obtain multiplicative homomorphism at the cost of asymptotic optimality but retaining low concrete complexity for practical parameters. While the previously best constructions use UC oblivious transfer as the main building block, our constructions only require extractable commitments and PRGs, achieving better concrete efficiency and offering new insights into the sufficient conditions for obtaining homomorphic UC commitments. Moreover, our techniques yield public coin protocols, which are compatible with the Fiat-Shamir heuristic. These results come at the cost of realizing a restricted version of the homomorphic commitment functionality where the sender is allowed to perform any number of commitments and operations on committed messages but is only allowed to perform a single batch opening of a number of commitments. Although this functionality seems restrictive, we show that it can be used as a building block for more efficient instantiations of recent protocols for secure multiparty computation and zero knowledge non-interactive arguments of knowledge

Field Extension in Secret-Shared Form and Its Applications to Efficient Secure Computation

Secure computation enables participating parties to jointly compute a function over their inputs while keeping them private. Secret sharing plays an important role for maintaining privacy during the computation. In most schemes, secret sharing over the same finite field is normally utilized throughout all the steps in the secure computation. A major drawback of this “uniform” approach is that one has to set the size of the field to be as large as the maximum of all the lower bounds derived from all the steps in the protocol. This easily leads to a requirement for using a large field which, in turn, makes the protocol inefficient. In this paper, we propose a “non-uniform” approach: dynamically changing the fields so that they are suitable for each step of computation. At the core of our approach is a surprisingly simple method to extend the underlying field of a secret sharing scheme, in a non-interactive manner, while maintaining the secret being shared. Using our approach, default computations can hence be done in a small field, which allows better efficiency, while one would extend to a larger field only at the necessary steps. As the main application of our technique, we show an improvement upon the recent actively secure protocol proposed by Chida et al. (Crypto’18). The improved protocol can handle a binary field, which enables XOR-free computation of a boolean circuit. Other applications include efficient (batch) equality check and consistency check protocols, which are useful for, e.g., password-based threshold authenticatio

Insetos em presépios e as "formigas vestidas" de Jules Martin (1832-1906): uma curiosa manufatura paulistana do final do século XIX

Encontrados no Brasil desde os primórdios da colonização portuguesa, os presépios logo tiveram de adaptar-se à realidade local, circunstância muito propícia ao aparecimento de concepções heterodoxas e ao emprego de elementos exóticos da fauna e flora de cada região. Como registros envolvendo insetos são muito pouco comuns, chama a atenção que fêmeas de saúva, Atta sp. (Hymenoptera, Formicidae), tenham sido aproveitadas na composição de presépios no estado de São Paulo. Tendo subsistido pelo menos até a década 1960, os "presépios de formigas" existentes em cidades como Embu das Artes poderiam estar relacionados às "formigas vestidas" criadas por Jules Martin, curiosa manufatura paulistana do último quartel do século XIX.Present in Brazil since the beginning of Portuguese colonization, crèche nativity scenes were soon adapted to local reality, a propitious circumstance for the appearance of heterodox conceptions and the use of exotic elements of the fauna and flora peculiar to each region. As records about insects are very uncommon, it is noteworthy that females of leaf-cutting ants, Atta sp. (Hymenoptera, Formicidae), were used to compose crèche nativity scenes in São Paulo State. Having subsisted at least up to the decade of 1960, the "ant crèches" of cities such as Embu das Artes could be related to the then famous "dressed ants" created by Jules Martin, a curious manufacture of the city of São Paulo in the last quarter of the 19th century

Non-Interactive Secure 2PC in the Offline/Online and Batch Settings

In cut-and-choose protocols for two-party secure computation (2PC) the main overhead is the number of garbled circuits that must be sent. Recent work (Lindell, Riva; Huang et al., Crypto 2014) has shown that in a batched setting, when the parties plan to evaluate the same function $N$ times, the number of garbled circuits per execution can be reduced by a $O(\log N)$ factor compared to the single-execution setting. This improvement is significant in practice: an order of magnitude for $N$ as low as one thousand. % Besides the number of garbled circuits, communication round trips are another significant performance bottleneck. Afshar et al. (Eurocrypt 2014) proposed an efficient cut-and-choose 2PC that is round-optimal (one message from each party), but in the single-execution setting. In this work we present new malicious-secure 2PC protocols that are round-optimal and also take advantage of batching to reduce cost. Our contributions include: \begin{itemize} \item A 2-message protocol for batch secure computation ($N$ instances of the same function). The number of garbled circuits is reduced by a $O(\log N)$ factor over the single-execution case. However, other aspects of the protocol that depend on the input/output size of the function do not benefit from the same $O(\log N)$-factor savings. \item A 2-message protocol for batch secure computation, in the random oracle model. All aspects of this protocol benefit from the $O(\log N)$-factor improvement, except for small terms that do not depend on the function being evaluated. \item A protocol in the offline/online setting. After an offline preprocessing phase that depends only on the function $f$ and $N$, the parties can securely evaluate $f$, $N$ times (not necessarily all at once). Our protocol\u27s online phase is only 2 messages, and the total online communication is only $\ell + O(\kappa)$ bits, where $\ell$ is the input length of $f$ and $\kappa$ is a computational security parameter. This is only $O(\kappa)$ bits more than the information-theoretic lower bound for malicious 2PC

Very-efficient simulatable flipping of many coins into a well

Secure two-party parallel coin-flipping is a cryptographic functionality that allows two mutually distrustful parties to agree on a common random bit-string of a certain target length. In coin-flipping into-a-well, one party learns the bit-string and then decides whether to abort or to allow the other party to learn it. It is well known that this functionality can be securely achieved in the ideal/real simulation paradigm, using commitment schemes that are simultaneously extractable (X) and equivocable (Q). This paper presents two new constant-round simulatable coin-flipping protocols, based explicitly on one or a few X-commitments of short seeds and a Q-commitment of a short hash, independently of the large target length. A pseudo-random generator and a collision-resistant hash function are used to combine the separate X and Q properties (associated with short bit-strings) into a unified X&Q property amplified to the target length, thus amortizing the cost of the base commitments. In this way, the new protocols are significantly more efficient than an obvious batching or extension of coin-flippings designed (in the same security setting) for short bit-strings and based on inefficient X&Q commitments. The first protocol, simulatable with rewinding, deviates from the traditional coin-flipping template in order to improve simulatability in case of unknown adversarial probabilities of abort, without having to use a X&Q commitment scheme. The second protocol, one-pass simulatable, derives from a new construction of a universally composable X&Q commitment scheme for large bit-strings, achieving communication-rate asymptotically close to 1. Besides the base X and Q commitments, the new commitment scheme only requires corresponding collision-resistant hashing, pseudo-random generation and application of a threshold erasure code. Alternative constructions found in recent work with comparable communication complexity require explicit use of oblivious transfer and use different encodings of the committed value

A História da Alimentação: balizas historiográficas

Os M. pretenderam traçar um quadro da História da Alimentação, não como um novo ramo epistemológico da disciplina, mas como um campo em desenvolvimento de práticas e atividades especializadas, incluindo pesquisa, formação, publicações, associações, encontros acadêmicos, etc. Um breve relato das condições em que tal campo se assentou faz-se preceder de um panorama dos estudos de alimentação e temas correia tos, em geral, segundo cinco abardagens Ia biológica, a econômica, a social, a cultural e a filosófica!, assim como da identificação das contribuições mais relevantes da Antropologia, Arqueologia, Sociologia e Geografia. A fim de comentar a multiforme e volumosa bibliografia histórica, foi ela organizada segundo critérios morfológicos. A seguir, alguns tópicos importantes mereceram tratamento à parte: a fome, o alimento e o domínio religioso, as descobertas européias e a difusão mundial de alimentos, gosto e gastronomia. O artigo se encerra com um rápido balanço crítico da historiografia brasileira sobre o tema

Estudo e avaliação de agregados reciclados de resíduo de construção e demolição para argamassas de assentamento e de revestimento

Resumo Este trabalho teve como objetivo realizar uma ampla caracterização de agregados reciclados (ARs) de resíduo de construção e demolição (RCD), inclusive com técnicas não convencionais, comparando-os com areia natural quartzosa. Visou também avaliar as principais características dos agregados que devem ser determinadas com vistas à dosagem de argamassas. Foram estudados três tipos de agregados: natural de rio, reciclado misto e reciclado cimentício, em granulometrias distintas. Esses agregados foram avaliados quanto à composição granulométrica (incluindo a laser), teor de material pulverulento (TMP), análise morfoscópica, absorção de água, massa unitária, massa específica e inchamento. Também foram produzidas argamassas, que foram caracterizadas quanto ao índice de consistência, densidade de massa, retração e resistências à tração na flexão e à compressão. Os resultados demonstraram que apesar da composição distinta dos RCDs, quando se utiliza o mesmo processo de britagem se obtém distribuições granulométricas muito semelhantes; no entanto, outras características são diferentes nesses agregados e essas influenciam no comportamento das argamassas e dependem da origem do resíduo. Concluiu-se que a realização de ensaios não convencionais, como granulometria a laser e morfoscopia, pode ser importante para um completo entendimento do comportamento dos ARs nas propriedades das argamassas. Ademais, a massa unitária e o TMP mostraram-se parâmetros significativos para qualificar os ARs