Non-malleable codes for space-bounded tampering

Non-malleable codes—introduced by Dziembowski, Pietrzak and Wichs at ICS 2010—are key-less coding schemes in which mauling attempts to an encoding of a given message, w.r.t. some class of tampering adversaries, result in a decoded value that is either identical or unrelated to the original message. Such codes are very useful for protecting arbitrary cryptographic primitives against tampering attacks against the memory. Clearly, non-malleability is hopeless if the class of tampering adversaries includes the decoding and encoding algorithm. To circumvent this obstacle, the majority of past research focused on designing non-malleable codes for various tampering classes, albeit assuming that the adversary is unable to decode. Nonetheless, in many concrete settings, this assumption is not realistic

Impacts on terrestrial biodiversity of moving from a 2ᵒC to a 1.5ᵒC target

We applied a recently developed tool to examine the reduction in climate risk to biodiversity in moving from a 2°C to a 1.5°C target. We then reviewed the recent literature examining the impact of (a) land-based mitigation options and (b) land-based greenhouse gas removal options on biodiversity. We show that holding warming to 1.5°C versus 2°C can significantly reduce the number of species facing a potential loss of 50% of their climatic range. Further, there would be an increase of 5.5–14% of the globe that could potentially act as climatic refugia for plants and animals, an area equivalent to the current global protected area network. Efforts to meet the 1.5°C target through mitigation could largely be consistent with biodiversity protection/enhancement. For impacts of land-based greenhouse gas removal technologies on biodiversity, some (e.g. soil carbon sequestration) could be neutral or positive, others (e.g. bioenergy with carbon capture and storage) are likely to lead to conflicts, while still others (e.g. afforestation/reforestation) are context-specific, when applied at scales necessary for meaningful greenhouse gas removal. Additional effort to meet the 1.5°C target presents some risks, particularly if inappropriately managed, but it also presents opportunities. This article is part of the theme issue ‘The Paris Agreement: understanding the physical and social challenges for a warming world of 1.5°C above pre-industrial levels'

Response to multi-generational selection under elevated [CO₂] in two temperature regimes suggests enhanced carbon assimilation and increased reproductive output in <em>Brassica napus</em> L.

Functional plant traits are likely to adapt under the sustained pressure imposed by environmental changes through natural selection. Employing Brassica napus as a model, a multi-generational study was performed to investigate the potential trajectories of selection at elevated [CO(2)] in two different temperature regimes. To reveal phenotypic divergence at the manipulated [CO(2)] and temperature conditions, a full-factorial natural selection regime was established in a phytotron environment over the range of four generations. It is demonstrated that a directional response to selection at elevated [CO(2)] led to higher quantities of reproductive output over the range of investigated generations independent of the applied temperature regime. The increase in seed yield caused an increase in aboveground biomass. This suggests quantitative changes in the functions of carbon sequestration of plants subjected to increased levels of CO(2) over the generational range investigated. The results of this study suggest that phenotypic divergence of plants selected under elevated atmospheric CO(2) concentration may drive the future functions of plant productivity to be different from projections that do not incorporate selection responses of plants. This study accentuates the importance of phenotypic responses across multiple generations in relation to our understanding of biogeochemical dynamics of future ecosystems. Furthermore, the positive selection response of reproductive output under increased [CO(2)] may ameliorate depressions in plant reproductive fitness caused by higher temperatures in situations where both factors co-occur

Formalizing group blind signatures and practical constructions without random oracles

Group blind signatures combine anonymity properties of both group signatures and blind signatures and offer privacy for both the message to be signed and the signer. The primitive has been introduced with only informal definitions for its required security properties. In this paper, we offer two main contributions: first, we provide foundations for the primitive and present formal security definitions. In the process, we identify and address some subtle issues which were not considered by previous constructions and (informal) security definitions. Our second main contribution is a generic construction that yields practical schemes with a round-optimal signing protocol and constant-size signatures. Our constructions permit dynamic and concurrent enrollment of new members and satisfy strong security requirements. To the best of our knowledge, our schemes are the first provably secure constructions in the standard model. In addition, we introduce some new building blocks which may be of independent interest. © 2013 Springer-Verlag

Improving Practical UC-Secure Commitments based on the DDH Assumption

At Eurocrypt 2011, Lindell presented practical static and adaptively UC-secure commitment schemes based on the DDH assumption. Later, Blazy {\etal} (at ACNS 2013) improved the efficiency of the Lindell\u27s commitment schemes. In this paper, we present static and adaptively UC-secure commitment schemes based on the same assumption and further improve the communication and computational complexity, as well as the size of the common reference string

Structure-Preserving Smooth Projective Hashing

International audienceSmooth projective hashing has proven to be an extremely useful primitive, in particular when used in conjunction with commitments to provide implicit decommitment. This has lead to applications proven secure in the UC framework, even in presence of an adversary which can do adaptive corruptions, like for example Password Authenticated Key Exchange (PAKE), and 1-out-of-m Oblivious Transfer (OT). However such solutions still lack in efficiency, since they heavily scale on the underlying message length. Structure-preserving cryptography aims at providing elegant and efficient schemes based on classical assumptions and standard group operations on group elements. Recent trend focuses on constructions of structure- preserving signatures, which require message, signature and verification keys to lie in the base group, while the verification equations only consist of pairing-product equations. Classical constructions of Smooth Projective Hash Function suffer from the same limitation as classical signatures: at least one part of the computation (messages for signature, witnesses for SPHF) is a scalar. In this work, we introduce and instantiate the concept of Structure- Preserving Smooth Projective Hash Function, and give as applications more efficient instantiations for one-round PAKE and three-round OT, and information retrieval thanks to Anonymous Credentials, all UC- secure against adaptive adversaries

The potential for sand dams to increase the adaptive capacity of East African drylands to climate change

Drylands are home to more than two billion people and are characterised by frequent, severe droughts. Such extreme events are expected to be exacerbated in the near future by climate change. A potentially simple and cost-effective mitigation measure against drought periods is sand dams. This little-known technology aims to promote subsoil rainwater storage to support dryland agro-ecosystems. To date, there is little long-term empirical analysis that tests the effectiveness of this approach during droughts. This study addresses this shortcoming by utilising multi-year satellite imagery to monitor the effect of droughts at sand dam locations. A time series of satellite images was analysed to compare vegetation at sand dam sites and control sites over selected periods of drought, using the normalised difference vegetation index. The results show that vegetation biomass was consistently and significantly higher at sand dam sites during periods of extended droughts. It is also shown that vegetation at sand dam sites recovers more quickly from drought. The observed findings corroborate modelling-based research which identified related impacts on ground water, land cover, and socio-economic indicators. Using past periods of drought as an analogue to future climate change conditions, this study indicates that sand dams have potential to increase adaptive capacity and resilience to climate change in drylands. It therefore can be concluded that sand dams enhance the resilience of marginal environments and increase the adaptive capacity of drylands. Sand dams can therefore be a promising adaptation response to the impacts of future climate change on drylands

Combiners for Backdoored Random Oracles

International audienceWe formulate and study the security of cryptographic hash functions in the backdoored random-oracle (BRO) model, whereby a big brother designs a "good" hash function, but can also see arbitrary functions of its table via backdoor capabilities. This model captures intentional (and unintentional) weaknesses due to the existence of collision-finding or inversion algorithms, but goes well beyond them by allowing, for example, to search for structured preimages. The latter can easily break constructions that are secure under random inversions. BROs make the task of bootstrapping cryptographic hardness somewhat challenging. Indeed, with only a single arbitrarily backdoored function no hardness can be bootstrapped as any construction can be inverted. However, when two (or more) independent hash functions are available, hardness emerges even with unrestricted and adaptive access to all backdoor oracles. At the core of our results lie new reductions from cryptographic problems to the communication complexities of various two-party tasks. Along the way we establish a communication complexity lower bound for set-intersection for cryptographically relevant ranges of parameters and distributions and where set-disjointness can be easy

Out-of-Band Authentication in Group Messaging: Computational, Statistical, Optimal

Extensive efforts are currently put into securing messaging platforms, where a key challenge is that of protecting against man-in-the-middle attacks when setting up secure end-to-end channels. The vast majority of these efforts, however, have so far focused on securing user-to-user messaging, and recent attacks indicate that the security of group messaging is still quite fragile. We initiate the study of out-of-band authentication in the group setting, extending the user-to-user setting where messaging platforms (e.g., Telegram and WhatsApp) protect against man-in-the-middle attacks by assuming that users have access to an external channel for authenticating one short value (e.g., two users who recognize each other\u27s voice can compare a short value). Inspired by the frameworks of Vaudenay (CRYPTO \u2705) and Naor et al. (CRYPTO \u2706) in the user-to-user setting, we assume that users communicate over a completely-insecure channel, and that a group administrator can out-of-band authenticate one short message to all users. An adversary may read, remove, or delay this message (for all or for some of the users), but cannot undetectably modify it. Within our framework we establish tight bounds on the tradeoff between the adversary\u27s success probability and the length of the out-of-band authenticated message (which is a crucial bottleneck given that the out-of-band channel is of low bandwidth). We consider both computationally-secure and statistically-secure protocols, and for each flavor of security we construct an authentication protocol and prove a lower bound showing that our protocol achieves essentially the best possible tradeoff. In particular, considering groups that consist of an administrator and $k$ additional users, for statistically-secure protocols we show that at least $(k+1)\cdot (\log(1/\epsilon) - \Theta(1))$ bits must be out-of-band authenticated, whereas for computationally-secure ones $\log(1/\epsilon) + \log k$ bits suffice, where $\epsilon$ is the adversary\u27s success probability. Moreover, instantiating our computationally-secure protocol in the random-oracle model yields an efficient and practically-relevant protocol (which, alternatively, can also be based on any one-way function in the standard model)

Adaptive Oblivious Transfer and Generalization

International audienceOblivious Transfer (OT) protocols were introduced in the seminal paper of Rabin, and allow a user to retrieve a given number of lines (usually one) in a database, without revealing which ones to the server. The server is ensured that only this given number of lines can be accessed per interaction, and so the others are protected; while the user is ensured that the server does not learn the numbers of the lines required. This primitive has a huge interest in practice, for example in secure multi-party computation, and directly echoes to Symmetrically Private Information Retrieval (SPIR). Recent Oblivious Transfer instantiations secure in the UC framework suf- fer from a drastic fallback. After the first query, there is no improvement on the global scheme complexity and so subsequent queries each have a global complexity of O(|DB|) meaning that there is no gain compared to running completely independent queries. In this paper, we propose a new protocol solving this issue, and allowing to have subsequent queries with a complexity of O(log(|DB|)), and prove the protocol security in the UC framework with adaptive corruptions and reliable erasures. As a second contribution, we show that the techniques we use for Obliv- ious Transfer can be generalized to a new framework we call Oblivi- ous Language-Based Envelope (OLBE). It is of practical interest since it seems more and more unrealistic to consider a database with uncontrolled access in access control scenarii. Our approach generalizes Oblivious Signature-Based Envelope, to handle more expressive credentials and requests from the user. Naturally, OLBE encompasses both OT and OSBE, but it also allows to achieve Oblivious Transfer with fine grain access over each line. For example, a user can access a line if and only if he possesses a certificate granting him access to such line. We show how to generically and efficiently instantiate such primitive, and prove them secure in the Universal Composability framework, with adaptive corruptions assuming reliable erasures. We provide the new UC ideal functionalities when needed, or we show that the existing ones fit in our new framework. The security of such designs allows to preserve both the secrecy of the database values and the user credentials. This symmetry allows to view our new approach as a generalization of the notion of Symmetrically PIR