Blockchain participation games

We study game-theoretic models for capturing participation in blockchain systems. Existing blockchains can be naturally viewed as games, where a set of potentially interested users is faced with the dilemma of whether to engage with the protocol or not. Engagement here implies that the user will be asked to complete certain tasks, whenever she is selected to contribute, according to some stochastic process. Apart from the basic dilemma of engaging or not, even more strategic considerations arise in systems where users may be able to declare participation and then retract (while still being able to receive rewards). We propose two models for studying such games, with the first one focusing on the basic dilemma of engaging or not, whereas the latter focuses on the retraction effects. In both models we provide characterization results or necessary conditions on the structure of Nash equilibria. Our findings reveal that appropriate reward mechanisms can be used to stimulate participation and avoid negative effects of free riding, results that are in line with real world blockchain system deployments

Foundations of Fully Dynamic Group Signatures

Group signatures are a central cryptographic primitive that has received a considerable amount of attention from the cryptographic community. They allow members of a group to anonymously sign on behalf of the group. Membership is overseen by a designated group manager. There is also a tracing authority that can revoke anonymity by revealing the identity of the signer if and when needed, to enforce accountability and deter abuse. For the primitive to be applicable in practice, it needs to support fully dynamic groups, i.e. users can join and leave at any time. In this work we take a close look at existing security definitions for fully dynamic group signatures. We identify a number of shortcomings in existing security definitions and fill the gap by providing a formal rigorous security model for the primitive. Our model is general and is not tailored towards a specific design paradigm and can therefore, as we show, be used to argue about the security of different existing constructions following different design paradigms. Our definitions are stringent and when possible incorporate protection against maliciously chosen keys. In the process, we identify a subtle issue inherent to one design paradigm, where new members might try to implicate older ones by means of back-dated signatures. This is not captured by existing models. We propose some inexpensive fixes for some existing constructions to avoid the issue

Foundations of Fully Dynamic Group Signatures

Group signatures allow members of a group to anonymously sign on behalf of the group. Membership is administered by a designated group manager. The group manager can also reveal the identity of a signer if and when needed to enforce accountability and deter abuse. For group signatures to be applicable in practice, they need to support fully dynamic groups, i.e., users may join and leave at any time. Existing security definitions for fully dynamic group signatures are informal, have shortcomings, and are mutually incompatible. We fill the gap by providing a formal rigorous security model for fully dynamic group signatures. Our model is general and is not tailored toward a specific design paradigm and can therefore, as we show, be used to argue about the security of different existing constructions following different design paradigms. Our definitions are stringent and when possible incorporate protection against maliciously chosen keys. We consider both the case where the group management and tracing signatures are administered by the same authority, i.e., a single group manager, and also the case where those roles are administered by two separate authorities, i.e., a group manager and an opening authority. We also show that a specialization of our model captures existing models for static and partially dynamic schemes. In the process, we identify a subtle gap in the security achieved by group signatures using revocation lists. We show that in such schemes new members achieve a slightly weaker notion of traceability. The flexibility of our security model allows to capture such relaxation of traceability

Hepatic Lesions in Children Related to Congenital Intrahepatic Portal Venous Shunts

We present two patients with hepatic lesions associated with congenital portosystemic shunts (CPSS), a rare vascular malformation, in order to emphasize the variable clinical presentation of this condition and different management strategies in each case. CPSS can give rise to several complications such as hepatic encephalopathy, portopulmonary hypertension and hepatic tumors. These hepatic lesions though most commonly benign in nature have an increased risk of malignant transformation. Therefore, we underline the necessity of considering CPSS in the differential diagnoses for all cases of space-occupying hepatic lesions in pediatric patients

Lelantus-CLA

This article presents Lelantus-CLA, an adaptation of Lelantus for use with the Mimblewimble protocol and confidential assets. Whereas Mimblewimble achieves a limited amount of privacy by merging transactions that occur in the same block, Lelantus uses a logarithmic-size proof of membership to effectively enable merging across different blocks. At a high level, this allows value to be added to a common pool and then spent privately, but only once. We explain how to adapt this construction to Mimblewimble, while at the same time simplifying the protocol where possible. Confidential assets is a mechanism that allows multiple currencies to co-exist in the same ledger and (optionally) enables transactions to be conducted without disclosing the currency. Finally, we also describe how we can use Bulletproof “coloring” to enable offline payments, thus addressing one of the original shortcomings of Mimblewimble

Zero Knowledge Protocols and Applications

The historical goal of cryptography is to securely transmit or store a message in an insecure medium. In that era, before public key cryptography, we had two kinds of people: those who had the correct key, and those who did not. Nowadays however, we live in a complex world with equally complex goals and requirements: securely passing a note from Alice to Bob is not enough. We want Alice to use her smartphone to vote for Carol, without Bob the tallier, or anyone else learning her vote; we also want guarantees that Alice’s ballot contains a single, valid vote and we want guarantees that Bob will tally the ballots properly. This is in fact made possible because of zero knowledge protocols. This thesis presents research performed in the area of zero knowledge protocols across the following threads: we relax the assumptions necessary for the Damgard, Fazio and ˚ Nicolosi (DFN) transformation, a technique which enables one to collapse a number of three round protocols into a single message. This approach is motivated by showing how it could be used as part of a voting scheme. Then we move onto a protocol that lets us prove that a given computation (modeled as an arithmetic circuit) was performed correctly. It improves upon the state of the art in the area by significantly reducing the communication cost. A second strand of research concerns multi-user signatures, which enable a signer to sign with respect to a set of users. We give new definitions for important primitives in the area as well as efficient instantiations using zero knowledge protocols. Finally, we present two possible answers to the question posed by voting receipts. One is to maximise privacy by building a voting system that provides receipt-freeness automatically. The other is to use them to enable conventual and privacy preserving vote copying

Mithril: Stake-based Threshold Multisignatures

Stake-based multiparty cryptographic primitives operate in a setting where participants are associated with their stake, security is argued against an adversary that is bounded by the total stake it possesses —as opposed to number of parties— and we are interested in scalability, i.e., the complexity of critical operations depends only logarithmically in the number of participants (who are assumed to be numerous). In this work we put forth a new stake-based primitive, stake-based threshold multisignatures (STM, or “Mithril” signatures), which allows the aggregation of individual signatures into a compact multisignature provided the stake that supports a given message exceeds a stake threshold. This is achieved by having for each message a pseudorandomly sampled subset of participants eligible to issue an individual signature; this ensures the scalability of signing, aggregation and verification. We formalize the primitive in the universal composition setting and propose efficient constructions for STMs. We also showcase that STMs are eminently useful in the cryptocurrency setting by providing two applications: (i) stakeholder decision-making for Proof of Work (PoW) blockchains, specifically, Bitcoin, and (ii) fast bootstrapping for Proof of Stake (PoS) blockchains

Endoscopic transgastric drainage of pancreatic pseudocyst in hereditary pancreatitis. A case report

Hereditary pancreatitis (HP) is a rare genetic disorder characterized by acute recurrent pancreatitis (ARP) and chronic pancreatitis (CP) that runs in families. It’ s symptoms are usually typical ones pancreatitis but HP is more amenable to treatment, especially when complication presents. Recent single-center studies have identified several genetic risk factors, including cystc fibrosis transmembrane conductance regulator (CFTR), cationic trypsinogen (PRSS1), pancreatic secretory trypsin inhibitor (SPINK1), chymotrypsin (CFTP) and carboxypeptidase 1 (CPA1) genes. Other risk factors include obstructive, traumatic, infectious and systemic causes. Our case report presents a 9-years old boy, with a pancreatic pseudocyst (8cm in diameter) as a consequence of recurrent episodes of pancreatitis. The diagnostic investigation (MRCP, Cystic Fibrosis test) had proved no obvious aetiology. An enterocystic roux en Y anastomosis was performed, but the boy continued o develop episodes of pancreatitis and after 2 years, he presented with a new pancreatic pseudocyst (PPC) of the same dimensions, which was attributed to genetic factors. A more conservative approach was decided: endoscopic transgastric drainage of the pseudocyst. In gastroscopy, the cyst was protruded on the posterior wall of the stomach and it was drained into it via a pig tail catheter, which was removed 6 weeks later. After 3 months abdominal ultrasonography follow up confirms the successful drainage of the pseudocyst

New Design Techniques for Efficient Arithmetization-Oriented Hash Functions: Anemoi Permutations and Jive Compression Mode

International audienc