ASSESSMENT OF THE SIMPLIFIED FALLING HEAD TECHNIQUE TO MEASURE THE FIELD SATURATED SOIL HYDRAULIC CONDUCTIVITY

The Simplified Falling Head (SFH) technique to measure field saturated soil hydraulic conductivity, Kfs, has received little testing or comparison with other techniques. Different experiments were carried out to i) determine the effect of ring size on the measured conductivity; ii) compare the SFH and Pressure Infiltrometer (PI) techniques in a clay loam soil; and iii) assess the indirect approach to estimate the * parameter used in the SFH methodology. Sampling a relatively large number of sites allowed to detect a statistically significant relationship between the Kfs values obtained with rings differing in diameter (0.15 and 0.30 m, respectively). This relationship suggested that a measurement carried out with a small ring contains enough information to make an approximate prediction of the Kfs value that would be obtained at the same site with a larger ring. The SFH and PI techniques yielded similar means but substantially different coefficients of variation (much higher for the SFH technique). The two methods should be considered complementary, being usable to determine Kfs at the beginning (SFH) and at a later stage (PI) of a ponding infiltration process. Using * values directly measured by the tension infiltrometer or indirectly estimated on the basis of a general description of soil characteristics did not modify significantly the Kfs predictions obtained with the SFH technique. In conclusion, this investigation gave support to the use of the SFH technique for a rapid and reasonably simple determination of, at least, the order of magnitude of Kfs

Efficient Perfectly Sound One-message Zero-Knowledge Proofs via Oracle-aided Simulation

In this paper we put forth new efficient one-message proof systems for several practical applications, like proving that an El Gamal ciphertext (over a multiplicative group) decrypts to a given value and correctness of a shuffle. Our proof systems are built from multiplicative groups of hidden order, are not based on any setup/trust assumption like the RO or the common reference string model and are perfectly sound, that is they are written proofs in the sense of mathematics. Our proof systems satisfy a generalization of zero-knowledge (ZK) that we call harmless zero-knowledge (HZK). The simulator of an $O$-HZK proof for a relation over a language $L$ is given the additional capability of invoking an oracle $O$ relative to which $L$ is hard to decide. That is, the proof does not leak any knowledge that an adversary might not compute by itself interacting with an oracle $O$ that does not help to decide the language. Unlike ZK, non-interactivity and perfect soundness do not contradict HZK and HZK can replace ZK in any application in which, basically, the computational assumptions used in the application hold even against adversaries with access to $O$. An $O$-HZK proof is witness hiding (WH) for distributions hard against adversaries with access to $O$, and strong-WI when quantifying over distributions that are indistinguishable by adversaries with access to $O$. Moreover, an $O$-HZK proof is witness indistinguishable (and the property does not depend on the oracle). We provide a specific oracle DHInvO that is enough powerful to make our main proof systems DHInvO-HZK but not trivial: indeed, we show concrete and practical cryptographic protocols that can be proven secure employing a DHInvO-HZK proof in the reduction and that are instead not achievable using traditional ZK (unless resorting to the CRS/RO models). Efficient one-message proof systems with perfect soundness were only known for relations over bilinear groups and were proven only witness indistinguishable. As byproduct, we also obtain a perfectly sound non-interactive ZAP, WH and HZK proof system for $NP$ relations from number-theoretic assumptions over multiplicative groups of hidden order. No non-interactive WH proof system for $NP$ (neither for simpler non-trivial relations) was previously known

Evaluation of soil physical quality under different soil land uses in a small Sicilian watershed

Sustainability of extensive rain fed agriculture needs assessment of land use effects on soil physical and hydraulic properties. Several soil physical quality indices were determined for four adjacent areas in a small Sicilian watershed, that were characterized by a different land use, namely cropland (C), olive grove (O), grassland (G) and eucalyptus plantation (E). Soil texture was similar for the considered areas, even if the no-tilled soils (G and E) showed a higher clay content in the top layer (0-20 cm) than in the lower layer (20-40 cm). The bulk density of the top layer ranged between 1.20-1.43 g cm-3 (C < G < O < E), with significant differences between C and E. In the lower layer, it ranged between 1.16-1.43 g cm-3 (C < O < E < G), with bulk density of C that was significantly smaller than that of the other land uses. The organic matter content was generally low and comparable for the different areas (in average 1.6%). The near-saturated soil hydraulic conductivity values were significantly higher for no-tilled (G, E) than tilled soils (C, O), whereas the opposite result was found for smaller degrees of saturation. The Dexter’s soil quality index assumed similar values in both the top (0.024-0.047) and the lower layer (0.024-0.040), with the higher values associated to tilled soils. According to existing guidelines, the soil physical quality of the selected areas was generally poor independently of the land use. However, the cropland showed a better quality than the other land uses

Privacy-Preserving Verifiability: A Case for an Electronic Exam Protocol

We introduce the notion of privacy-preserving verifiability for security protocols. It holds when a protocol admits a verifiability test that does not reveal, to the verifier that runs it, more pieces of information about the protocol’s execution than those required to run the test. Our definition of privacy-preserving verifiability is general and applies to cryptographic protocols as well as to human security protocols. In this paper we exemplify it in the domain of e-exams. We prove that the notion is meaningful by studying an existing exam protocol that is verifiable but whose verifiability tests are not privacy-preserving. We prove that the notion is applicable: we review the protocol using functional encryption so that it admits a verifiability test that preserves privacy to our definition. We analyse, in ProVerif, that the verifiability holds despite malicious parties and that the new protocol maintains all the security properties of the original protocol, so proving that our privacy-preserving verifiability can be achieved starting from existing security

Predicate encryption systems. No query left unanswered

2009 - 2010Predicate encryption is an important cryptographic primitive (see [7, 14, 28]) that enables fine-grained control on the decryption keys. Let T be a class of binary predicates. Roughly speaking, in a predicate encryption scheme for the owner of the master secret key Msk can derive secret key Sk_P , for any predicate P in T. In encrypting a message M, the sender can specify an attribute x and the resulting ciphertext X can be decrypted only by using keys Sk_P such that P(x) = 1. Our main contribution is the first construction of a predicate encryption scheme that can be proved fully secure against unrestricted queries by probabilistic polynomial-time adversaries under non-interactive constant sized (that is, independent of the length of the attribute vectors) hardness assumptions on bilinear groups. Specifically, we consider Hidden Vector Encryption (HVE for short), a notable case of predicate encryption introduced by Boneh and Waters [14]. In a HVE scheme, the ciphertext attributes are vectors x of some fixed length l over some alphabet A, keys are associated with vectors y of the same length l over the alphabet B that equals A enlarged with the special symbol '*', and we consider the Match(x,y) predicate which is true if and only if, for all i, when y_i is different from *, then x_i = y_i. Previous constructions limited the proof of security to restricted adversaries that could ask only non-matching queries; that is, for challenge attribute vectors x_0 and x_1, the adversary could ask only keys for vectors y such that Match(x_0, y) = Match(x_1, y) = 0. Generally speaking, restricted adversaries can ask only queries that do not satisfy neither of the challenge attributes. At time of writing, the construction of schemes secure against unrestricted adversaries was an open problem, not just for HVE, but for any non-trivial predicate encryption system and a candidate solution for HVE is presented in this thesis. Beyond that, we will also discuss other kinds of predicate encryption systems, their security notions and applications. [edited by author]IX n.s

Water transmission properties of a sandy-loam soil estimated with Beerkan runs differing by the infiltration time criterion

The Beerkan method consists of a ponded infiltration experiment from a single ring inserted a small depth into the soil. Fixed, small volumes of water are repeatedly poured into the ring to maintain a quasi-zero head on the soil surface. According to the standard Beerkan infiltration run, a new water volume is poured on the infiltration surface when the previously applied volume has completely infiltrated and the soil surface is entirely exposed to air (ta criterion). However, water could also be applied when the soil exposition to air begins (to criterion) or half the soil surface is exposed to air (tm criterion). The effect of the infiltration time criterion on determination of the water transmission properties of a sandy-loam soil was tested. As compared with the standard ta criterion, the two alternative criteria (to, tm) yielded higher and/or more variable estimates of soil water transmission properties. The saturated soil hydraulic conductivity, Ks, was the most sensitive property to the infiltration time criterion. However, statistically significant differences for Ks were not practically substantial since they did not exceed a factor of 1.7. Infiltration time effects likely occurred due to differences between ponding depth of water, soil water pressure head gradient, air entrapment and soil mechanical disturbance. The standard ta criterion was suggested for performing a Beerkan experiment in the field since it appears to yield the most reliable estimates of a mean value. However, the to criterion could be considered in dual permeability soils to maintain macropores active. Factors that could appear minor in the context of an experiment can have statistically relevant effects on water transmission properties

Influence of the pressure head sequence on the soil hydraulic conductivity determined with tension infiltrometer

An increasing and a decreasing sequence of pressure head, h0, values were applied with the tension infiltrometer (TI) to determine the corresponding hydraulic conductivity, K0. The pressure head sequence is expected to influence the K0 results given the hysteretic nature of the hydraulic conductivity relationship. The objective of this study was to evaluate the influence of the selected pressure head sequence on the hydraulic conductivity of a sandy loam soil measured by a multipotential TI experiment. Twenty experiments were carried out by applying h0 values varying between -150 and +5 mm (site A). The h0 values ranged from -150 to -10 mm in another 20 spots (site B). Both wetting and drying values of K0 corresponding to h0 = -150, -75, and -30 mm were calculated for each experiment using the measured steady-state flow rates. At both sites, higher K0 results were obtained with the descending h0 sequence than with the ascending one. The deviations between the two sequences were more noticeable in site A (deviations by a factor ranging from 2.1 to 3.3, depending on h0) than in site B (deviations by a factor ranging from 1.0 to 2.2), and the values decreased as h0 increased. For most of the considered type of site/pressure head combinations, the differences between the K0 results were statistically significant (P = 0.05). In all cases, the coefficients of variation of the K0 data obtained with the two sequences differed at most by a factor of 1.2, suggesting that the applied h0 sequence did not affect appreciably the relative variability of the K0 results. It was concluded that the dependence of the K0 estimates on both the pressure head sequence (ascending or descending) and the highest value of h0 used within a descending sequence experiment may be neglected for a rough hydraulic characterization of the selected area. However, both factors should be maintained constant in order to obtain truly comparable K0 data from different experiments

Non-Interactive Zero Knowledge Proofs in the Random Oracle Model

The Fiat-Shamir (FS) transform is a well known and widely used technique to convert any constant-round public-coin honest-verifier zero-knowledge (HVZK) proof or argument system $CIPC=(Prov,Ver)$ in a non-interactive zero-knowledge (NIZK) argument system $NIZK=(NIZK.Prove, NIZK.Verify)$. The FS transform is secure in the random oracle (RO) model and is extremely efficient: it adds an evaluation of the RO for every message played by $Ver$. While a major effort has been done to attack the soundness of the transform when the RO is instantiated with a ``secure\u27\u27 hash function, here we focus on a different limitation of the FS transform that exists even when there is a secure instantiation of the random oracle: the soundness of $NIZK$ holds against polynomial-time adversarial provers only. Therefore even when $CIPC$ is a proof system, $NIZK$ is only an argument system. In this paper we propose a new transform from 3-round public-coin HVZK proof systems for several practical relations to NIZK proof systems in the RO model. Our transform outperforms the FS transform protecting the honest verifier from unbounded adversarial provers with no restriction on the number of RO queries. The protocols our transform can be applied to are the ones for proving membership to the range of a one-way group homomorphism as defined by [Maurer - Design, Codes and Cryptography 2015] except that we additionally require the function to be endowed with a trapdoor and other natural properties. For instance, we obtain new efficient instantiations of NIZK proofs for relations related to quadratic residuosity and the RSA function. As a byproduct, with our transform we obtain essentially for free the first efficient non-interactive zap (i.e., 1-round non-interactive witness indistinguishable proof system) for several practical languages in the non-programmable RO model and in an ideal-PUF model. Our approach to NIZK proofs can be seen as an abstraction of the celebrated work of [Feige, Lapidot and Shamir - FOCS 1990]

Infiltration Measurements for Soil Hydraulic Characterization

This book summarises the main results of many contributions from researchers worldwide who have used the water infiltration process to characterize soil in the field. Determining soil hydrodynamic properties is essential to interpret and simulate the hydrological processes of economic and environmental interest. This book can be used as a guide to soil hydraulic characterization and in addition it gives a complete description of the treated techniques, including an outline of the most significant research results, with the main points that still needing development and improvement

Mergeable Functional Encryption

In recent years, there has been great interest in Functional Encryption (FE), a generalization of traditional encryption where a token enables a user to learn a specific function of the encrypted data and nothing else. In this paper we put forward a new generalization of FE that we call Mergeable FE (mFE). In a mFE system, given a ciphertext $c_1$ encrypting $m_1$ and a ciphertext $c_2$ encrypting $m_2$, it is possible to produce in an oblivious way (i.e., given only the public-key and without knowledge of the messages, master secret-key or any other auxiliary information) a ciphertext encrypting the string $m_1||m_2$ under the security constraint that this new ciphertext does not leak more information about the original messages than what may be leaked from the new ciphertext using the tokens. For instance, suppose that the adversary is given the token for the function $f(\cdot)$ defined so that for strings x\in\zu^n, $f(x)=g(x)$ for some function g:\zu^n\rightarrow\zu and for strings y=(x_1||x_2)\in\zu^{2n}, $f(x_1||x_2)=g(x_1) \vee g(x_2)$. Furthermore, suppose that the adversary gets a ciphertext $c$ encrypting $(x_1||x_2)$ that is the result of ``merging`` some ciphertexts $c_1$ and $c_2$ encrypting respectively $x_1$ and $x_2$, and suppose that the token for $f$ evaluates to $1$ on $c$. Then, the security of mFE guarantees that the adversary only learns the output $f(x_1,x_2) = g(x_1) OR g(x_2)=1$ and nothing else (e.g., the adversary should not learn whether $g(x_1)=1 or g(x_2)=1$). This primitive is in some sense FE with the ``best possible`` homomorphic properties and, besides being interesting in itself, it offers wide applications. For instance, it has as special case multi-inputs FE and thus indistinguishability obfuscation (iO) and extends the latter to support more efficiently homomorphic and re-randomizable properties. We construct mFE schemes supporting a single merging operation, one from indistinguishability obfuscation for Turing machines and one for messages of unbounded length from public-coin differing-inputs obfuscation. Finally, we discuss a construction supporting unbounded merging operations from new assumptions