Four-Round Concurrent Non-Malleable Commitments from One-Way Functions

How many rounds and which assumptions are required for concurrent non-malleable commitments? The above question has puzzled researchers for several years. Pass in [TCC 2013] showed a lower bound of 3 rounds for the case of black-box reductions to falsifiable hardness assumptions with respect to polynomial-time adversaries. On the other side, Goyal [STOC 2011], Lin and Pass [STOC 2011] and Goyal et al. [FOCS 2012] showed that one-way functions (OWFs) are sufficient with a constant number of rounds. More recently Ciampi et al. [CRYPTO 2016] showed a 3-round construction based on subexponentially strong one-way permutations. In this work we show as main result the first 4-round concurrent non-malleable commitment scheme assuming the existence of any one-way function. Our approach builds on a new security notion for argument systems against man-in-the-middle attacks: Simulation-Witness-Independence. We show how to construct a 4-round one-many simulation-witnesses-independent argument system from one-way functions. We then combine this new tool in parallel with a weak form of non-malleable commitments constructed by Goyal et al. in [FOCS 2014] obtaining the main result of our work

The novel adaptor protein Tks4 (SH3PXD2B) is required for functional podosome formation.

Metastatic cancer cells have the ability to both degrade and migrate through the extracellular matrix (ECM). Invasiveness can be correlated with the presence of dynamic actin-rich membrane structures called podosomes or invadopodia. We showed previously that the adaptor protein tyrosine kinase substrate with five Src homology 3 domains (Tks5)/Fish is required for podosome/invadopodia formation, degradation of ECM, and cancer cell invasion in vivo and in vitro. Here, we describe Tks4, a novel protein that is closely related to Tks5. This protein contains an amino-terminal Phox homology domain, four SH3 domains, and several proline-rich motifs. In Src-transformed fibroblasts, Tks4 is tyrosine phosphorylated and predominantly localized to rosettes of podosomes. We used both short hairpin RNA knockdown and mouse embryo fibroblasts lacking Tks4 to investigate its role in podosome formation. We found that lack of Tks4 resulted in incomplete podosome formation and inhibited ECM degradation. Both phenotypes were rescued by reintroduction of Tks4, whereas only podosome formation, but not ECM degradation, was rescued by overexpression of Tks5. The tyrosine phosphorylation sites of Tks4 were required for efficient rescue. Furthermore, in the absence of Tks4, membrane type-1 matrix metalloproteinase (MT1-MMP) was not recruited to the incomplete podosomes. These findings suggest that Tks4 and Tks5 have overlapping, but not identical, functions, and implicate Tks4 in MT1-MMP recruitment and ECM degradation.Peer reviewe

The novel adaptor protein Tks4 (SH3PXD2B) is required for functional podosome formation.

Metastatic cancer cells have the ability to both degrade and migrate through the extracellular matrix (ECM). Invasiveness can be correlated with the presence of dynamic actin-rich membrane structures called podosomes or invadopodia. We showed previously that the adaptor protein tyrosine kinase substrate with five Src homology 3 domains (Tks5)/Fish is required for podosome/invadopodia formation, degradation of ECM, and cancer cell invasion in vivo and in vitro. Here, we describe Tks4, a novel protein that is closely related to Tks5. This protein contains an amino-terminal Phox homology domain, four SH3 domains, and several proline-rich motifs. In Src-transformed fibroblasts, Tks4 is tyrosine phosphorylated and predominantly localized to rosettes of podosomes. We used both short hairpin RNA knockdown and mouse embryo fibroblasts lacking Tks4 to investigate its role in podosome formation. We found that lack of Tks4 resulted in incomplete podosome formation and inhibited ECM degradation. Both phenotypes were rescued by reintroduction of Tks4, whereas only podosome formation, but not ECM degradation, was rescued by overexpression of Tks5. The tyrosine phosphorylation sites of Tks4 were required for efficient rescue. Furthermore, in the absence of Tks4, membrane type-1 matrix metalloproteinase (MT1-MMP) was not recruited to the incomplete podosomes. These findings suggest that Tks4 and Tks5 have overlapping, but not identical, functions, and implicate Tks4 in MT1-MMP recruitment and ECM degradation.Peer reviewe

Secret-Sharing for NP

A computational secret-sharing scheme is a method that enables a dealer, that has a secret, to distribute this secret among a set of parties such that a "qualified" subset of parties can efficiently reconstruct the secret while any "unqualified" subset of parties cannot efficiently learn anything about the secret. The collection of "qualified" subsets is defined by a Boolean function. It has been a major open problem to understand which (monotone) functions can be realized by a computational secret-sharing schemes. Yao suggested a method for secret-sharing for any function that has a polynomial-size monotone circuit (a class which is strictly smaller than the class of monotone functions in P). Around 1990 Rudich raised the possibility of obtaining secret-sharing for all monotone functions in NP: In order to reconstruct the secret a set of parties must be "qualified" and provide a witness attesting to this fact. Recently, Garg et al. (STOC 2013) put forward the concept of witness encryption, where the goal is to encrypt a message relative to a statement "x in L" for a language L in NP such that anyone holding a witness to the statement can decrypt the message, however, if x is not in L, then it is computationally hard to decrypt. Garg et al. showed how to construct several cryptographic primitives from witness encryption and gave a candidate construction. One can show that computational secret-sharing implies witness encryption for the same language. Our main result is the converse: we give a construction of a computational secret-sharing scheme for any monotone function in NP assuming witness encryption for NP and one-way functions. As a consequence we get a completeness theorem for secret-sharing: computational secret-sharing scheme for any single monotone NP-complete function implies a computational secret-sharing scheme for every monotone function in NP

Revisiting Deniability in Quantum Key Exchange via Covert Communication and Entanglement Distillation

We revisit the notion of deniability in quantum key exchange (QKE), a topic that remains largely unexplored. In the only work on this subject by Donald Beaver, it is argued that QKE is not necessarily deniable due to an eavesdropping attack that limits key equivocation. We provide more insight into the nature of this attack and how it extends to other constructions such as QKE obtained from uncloneable encryption. We then adopt the framework for quantum authenticated key exchange, developed by Mosca et al., and extend it to introduce the notion of coercer-deniable QKE, formalized in terms of the indistinguishability of real and fake coercer views. Next, we apply results from a recent work by Arrazola and Scarani on covert quantum communication to establish a connection between covert QKE and deniability. We propose DC-QKE, a simple deniable covert QKE protocol, and prove its deniability via a reduction to the security of covert QKE. Finally, we consider how entanglement distillation can be used to enable information-theoretically deniable protocols for QKE and tasks beyond key exchange.Comment: 16 pages, published in the proceedings of NordSec 201

Candida dubliniensis fungemia: the first four cases in North America.

We report the first four North American cases of Candida dubliniensis fungemia, including the first isolation of this organism from the bloodstream of an HIV-infected person. All isolates were susceptible in vitro to commonly used antifungal drugs. This report demonstrates that C. dubliniensis can cause bloodstream infection; however, the incidence of disease is not known

Thunderella: Blockchains with Optimistic Instant Confirmation

State machine replication, or “consensus”, is a central abstraction for distributed systems where a set of nodes seek to agree on an ever-growing, linearly-ordered log. In this paper, we propose a practical new paradigm called Thunderella for achieving state machine replication by combining a fast, asynchronous path with a (slow) synchronous “fall-back” path (which only gets executed if something goes wrong); as a consequence, we get simple state machine replications that essentially are as robust as the best synchronous protocols, yet “optimistically” (if a super majority of the players are honest), the protocol “instantly” confirms transactions. We provide instantiations of this paradigm in both permissionless (using proof-of-work) and permissioned settings. Most notably, this yields a new blockchain protocol (for the permissionless setting) that remains resilient assuming only that a majority of the computing power is controlled by honest players, yet optimistically—if 3/4 of the computing power is controlled by honest players, and a special player called the “accelerator”, is honest—transactions are confirmed as fast as the actual message delay in the network. We additionally show the 3/4 optimistic bound is tight for protocols that are resilient assuming only an honest majority

Ledger Combiners for Fast Settlement

Blockchain protocols based on variations of the longest-chain rule—whether following the proof-of-work paradigm or one of its alternatives—suffer from a fundamental latency barrier. This arises from the need to collect a sufficient number of blocks on top of a transaction-bearing block to guarantee the transaction’s stability while limiting the rate at which blocks can be created in order to prevent security-threatening forks. Our main result is a black-box security-amplifying combiner based on parallel composition of $m$ blockchains that achieves $\Theta(m)$-fold security amplification for conflict-free transactions or, equivalently, $\Theta(m)$-fold reduction in latency. Our construction breaks the latency barrier to achieve, for the first time, a ledger based purely on Nakamoto longest-chain consensus guaranteeing worst-case constant-time settlement for conflict-free transactions: settlement can be accelerated to a constant multiple of block propagation time with negligible error. Operationally, our construction shows how to view any family of blockchains as a unified, virtual ledger without requiring any coordination among the chains or any new protocol metadata. Users of the system have the option to inject a transaction into a single constituent blockchain or—if they desire accelerated settlement—all of the constituent blockchains. Our presentation and proofs introduce a new formalism for reasoning about blockchains, the dynamic ledger, and articulate our constructions as transformations of dynamic ledgers that amplify security. We also illustrate the versatility of this formalism by presenting robust-combiner constructions for blockchains that can protect against complete adversarial control of a minority of a family of blockchains

Adaptively Indistinguishable Garbled Circuits

A garbling scheme is used to garble a circuit $C$ and an input $x$ in a way that reveals the output $C(x)$ but hides everything else. An adaptively secure scheme allows the adversary to specify the input $x$ after seeing the garbled circuit. Applebaum et al. (CRYPTO \u2713) showed that in any garbling scheme with adaptive simulation-based security, the size of the garbled input must exceed the output size of the circuit. Here we show how to circumvent this lower bound and achieve significantly better efficiency under the minimal assumption that one-way functions exist by relaxing the security notion from simulation-based to indistinguishability-based. We rely on the recent work of Hemenway et al. (CRYPTO \u2716) which constructed an adaptive simulation-based garbling scheme under one-way functions. The size of the garbled input in their scheme is as large as the output size of the circuit plus a certain pebble complexity of the circuit, where the latter is (e.g.,) bounded by the space complexity of the computation. By building on top of their construction and adapting their proof technique, we show how to remove the output size dependence in their result when considering indistinguishability-based security. As an application of the above result, we get a symmetric-key functional encryption based on one-way functions, with indistinguishability-based security where the adversary can obtain an unbounded number of function secret keys and then adaptively a single challenge ciphertext. The size of the ciphertext only depends on the maximal pebble complexity of each of the functions but not on the number of functions or their circuit size