858 research outputs found
Oblivious Transfer based on Key Exchange
Key-exchange protocols have been overlooked as a possible means for
implementing oblivious transfer (OT). In this paper we present a protocol for
mutual exchange of secrets, 1-out-of-2 OT and coin flipping similar to
Diffie-Hellman protocol using the idea of obliviously exchanging encryption
keys. Since, Diffie-Hellman scheme is widely used, our protocol may provide a
useful alternative to the conventional methods for implementation of oblivious
transfer and a useful primitive in building larger cryptographic schemes.Comment: 10 page
Multicast Network Design Game on a Ring
In this paper we study quality measures of different solution concepts for
the multicast network design game on a ring topology. We recall from the
literature a lower bound of 4/3 and prove a matching upper bound for the price
of stability, which is the ratio of the social costs of a best Nash equilibrium
and of a general optimum. Therefore, we answer an open question posed by
Fanelli et al. in [12]. We prove an upper bound of 2 for the ratio of the costs
of a potential optimizer and of an optimum, provide a construction of a lower
bound, and give a computer-assisted argument that it reaches for any
precision. We then turn our attention to players arriving one by one and
playing myopically their best response. We provide matching lower and upper
bounds of 2 for the myopic sequential price of anarchy (achieved for a
worst-case order of the arrival of the players). We then initiate the study of
myopic sequential price of stability and for the multicast game on the ring we
construct a lower bound of 4/3, and provide an upper bound of 26/19. To the
end, we conjecture and argue that the right answer is 4/3.Comment: 12 pages, 4 figure
Cache-Oblivious Persistence
Partial persistence is a general transformation that takes a data structure
and allows queries to be executed on any past state of the structure. The
cache-oblivious model is the leading model of a modern multi-level memory
hierarchy.We present the first general transformation for making
cache-oblivious model data structures partially persistent
Dynamic pricing of servers on trees
In this paper we consider the k-server problem where events are generated by selfish agents, known as the selfish k-server problem. In this setting, there is a set of k servers located in some metric space. Selfish agents arrive in an online fashion, each has a request located on some point in the metric space, and seeks to serve his request with the server of minimum distance to the request. If agents choose to serve their request with the nearest server, this mimics the greedy algorithm which has an unbounded competitive ratio. We propose an algorithm that associates a surcharge with each server independently of the agent to arrive (and therefore, yields a truthful online mechanism). An agent chooses to serve his request with the server that minimizes the distance to the request plus the associated surcharge to the server. This paper extends [9], which gave an optimal k-competitive dynamic pricing scheme for the selfish k-server problem on the line. We give a k-competitive dynamic pricing algorithm for the selfish k-server problem on tree metric spaces, which matches the optimal online (non truthful) algorithm. We show that an Îą-competitive dynamic pricing scheme exists on the tree if and only if there exists Îą-competitive online algorithm on the tree that is lazy and monotone. Given this characterization, the main technical difficulty is coming up with such an online algorithm
Efficient UC Commitment Extension with Homomorphism for Free (and Applications)
Homomorphic universally composable (UC) commitments allow for the sender to reveal the result of additions and multiplications of values contained in commitments without revealing the values themselves while assuring the receiver of the correctness of such computation on committed values.
In this work, we construct essentially optimal additively homomorphic UC commitments from any (not necessarily UC or homomorphic) extractable commitment. We obtain amortized linear computational complexity in the length of the input messages and rate 1.
Next, we show how to extend our scheme to also obtain multiplicative homomorphism at the cost of asymptotic optimality but retaining low concrete complexity for practical parameters.
While the previously best constructions use UC oblivious transfer as the main building block, our constructions only require extractable commitments and PRGs, achieving better concrete efficiency and offering new insights into the sufficient conditions for obtaining homomorphic UC commitments.
Moreover, our techniques yield public coin protocols, which are compatible with the Fiat-Shamir heuristic.
These results come at the cost of realizing a restricted version of the homomorphic commitment functionality where the sender is allowed to perform any number of commitments and operations on committed messages but is only allowed to perform a single batch opening of a number of commitments.
Although this functionality seems restrictive, we show that it can be used as a building block for more efficient instantiations of recent protocols for secure multiparty computation and zero knowledge non-interactive arguments of knowledge
Packing Returning Secretaries
We study online secretary problems with returns in combinatorial packing
domains with candidates that arrive sequentially over time in random order.
The goal is to accept a feasible packing of candidates of maximum total value.
In the first variant, each candidate arrives exactly twice. All arrivals
occur in random order. We propose a simple 0.5-competitive algorithm that can
be combined with arbitrary approximation algorithms for the packing domain,
even when the total value of candidates is a subadditive function. For
bipartite matching, we obtain an algorithm with competitive ratio at least
for growing , and an algorithm with ratio at least
for all . We extend all algorithms and ratios to arrivals
per candidate.
In the second variant, there is a pool of undecided candidates. In each
round, a random candidate from the pool arrives. Upon arrival a candidate can
be either decided (accept/reject) or postponed (returned into the pool). We
mainly focus on minimizing the expected number of postponements when computing
an optimal solution. An expected number of is always
sufficient. For matroids, we show that the expected number can be reduced to
, where is the minimum of the ranks of matroid and
dual matroid. For bipartite matching, we show a bound of , where
is the size of the optimum matching. For general packing, we show a lower
bound of , even when the size of the optimum is .Comment: 23 pages, 5 figure
Efficient noninteractive certification of RSA moduli and beyond
In many applications, it is important to verify that an RSA public key (N; e) speci es a
permutation over the entire space ZN, in order to prevent attacks due to adversarially-generated
public keys. We design and implement a simple and e cient noninteractive zero-knowledge
protocol (in the random oracle model) for this task. Applications concerned about adversarial
key generation can just append our proof to the RSA public key without any other modi cations
to existing code or cryptographic libraries. Users need only perform a one-time veri cation of
the proof to ensure that raising to the power e is a permutation of the integers modulo N. For
typical parameter settings, the proof consists of nine integers modulo N; generating the proof
and verifying it both require about nine modular exponentiations.
We extend our results beyond RSA keys and also provide e cient noninteractive zero-
knowledge proofs for other properties of N, which can be used to certify that N is suitable
for the Paillier cryptosystem, is a product of two primes, or is a Blum integer. As compared to
the recent work of Auerbach and Poettering (PKC 2018), who provide two-message protocols for
similar languages, our protocols are more e cient and do not require interaction, which enables
a broader class of applications.https://eprint.iacr.org/2018/057First author draf
Non-interactive classical verification of quantum computation
In a recent breakthrough, Mahadev constructed an interactive protocol that
enables a purely classical party to delegate any quantum computation to an
untrusted quantum prover. In this work, we show that this same task can in fact
be performed non-interactively and in zero-knowledge.
Our protocols result from a sequence of significant improvements to the
original four-message protocol of Mahadev. We begin by making the first message
instance-independent and moving it to an offline setup phase. We then establish
a parallel repetition theorem for the resulting three-message protocol, with an
asymptotically optimal rate. This, in turn, enables an application of the
Fiat-Shamir heuristic, eliminating the second message and giving a
non-interactive protocol. Finally, we employ classical non-interactive
zero-knowledge (NIZK) arguments and classical fully homomorphic encryption
(FHE) to give a zero-knowledge variant of this construction. This yields the
first purely classical NIZK argument system for QMA, a quantum analogue of NP.
We establish the security of our protocols under standard assumptions in
quantum-secure cryptography. Specifically, our protocols are secure in the
Quantum Random Oracle Model, under the assumption that Learning with Errors is
quantumly hard. The NIZK construction also requires circuit-private FHE.Comment: 37 page
Gerir a diversidade: contributos da aprendizagem cooperativa para a construção de salas de aula inclusivas
The action-research we have held at the primary education, in a school placed near the town of Tomar, in 2009-2010, under the master's degree in Special Education, was the starting point for writing this article. The research had as main objective to promote the successful learning of a heterogeneous group of students, where a child considered with longstanding special educational needs is included â diagnosis of galactosaemia and cognitive impairment. Starting from the educational context of a particular classroom of 2nd and 3rd grades, where we were working as special education teacher, we had created an inclusive learning environment for each student in the class. Through effective collaboration between fellow teachers, we generated changes in methodologies, breaking with some traditional practices in the classroom, when regular teachers and special education are in the same learning space. By a systematic implementation of cooperative learning strategies among students, and applying qualitative data gathering techniques of research, before and after the intervention â interview, naturalistic observation, sociometry and documental research â, we have increased the quality and quantity of learning and promoted another way of âlooking toâ the difference
Quantum broadcast communication
Broadcast encryption allows the sender to securely distribute his/her secret
to a dynamically changing group of users over a broadcast channel. In this
paper, we just consider a simple broadcast communication task in quantum
scenario, which the central party broadcasts his secret to multi-receiver via
quantum channel. We present three quantum broadcast communication schemes. The
first scheme utilizes entanglement swapping and Greenberger-Horne-Zeilinger
state to realize a task that the central party broadcasts his secret to a group
of receivers who share a group key with him. In the second scheme, based on
dense coding, the central party broadcasts the secret to multi-receiver who
share each of their authentication key with him. The third scheme is a quantum
broadcast communication scheme with quantum encryption, which the central party
can broadcast the secret to any subset of the legal receivers
- âŚ