Model checking a server - side micro payment protocol

Many virtual payment systems are available on the world wide web for micropayment, and as they deal with money, correctness is important. One such payment system is Netpay. This paper examines the server-side version of the Netpay protocol and provides its formalization as a CSP model. The PAT model checker is used to prove three properties essential for correctness: impossibility of double spending, validity of an ecoin during the execution and the absence of deadlock. We prove that the protocol is executing according to its description based on the assumption that the customers and vendors are cooperative. This is a very strong assumption for system built to prevent abuse, but further analysis suggests that without it the protocol does no longer guarantee all correctness properties

Revisiting Shared Data Protection Against Key Exposure

This paper puts a new light on secure data storage inside distributed systems. Specifically, it revisits computational secret sharing in a situation where the encryption key is exposed to an attacker. It comes with several contributions: First, it defines a security model for encryption schemes, where we ask for additional resilience against exposure of the encryption key. Precisely we ask for (1) indistinguishability of plaintexts under full ciphertext knowledge, (2) indistinguishability for an adversary who learns: the encryption key, plus all but one share of the ciphertext. (2) relaxes the "all-or-nothing" property to a more realistic setting, where the ciphertext is transformed into a number of shares, such that the adversary can't access one of them. (1) asks that, unless the user's key is disclosed, noone else than the user can retrieve information about the plaintext. Second, it introduces a new computationally secure encryption-then-sharing scheme, that protects the data in the previously defined attacker model. It consists in data encryption followed by a linear transformation of the ciphertext, then its fragmentation into shares, along with secret sharing of the randomness used for encryption. The computational overhead in addition to data encryption is reduced by half with respect to state of the art. Third, it provides for the first time cryptographic proofs in this context of key exposure. It emphasizes that the security of our scheme relies only on a simple cryptanalysis resilience assumption for blockciphers in public key mode: indistinguishability from random, of the sequence of diferentials of a random value. Fourth, it provides an alternative scheme relying on the more theoretical random permutation model. It consists in encrypting with sponge functions in duplex mode then, as before, secret-sharing the randomness

Password-conditioned Anonymization and Deanonymization with Face Identity Transformers

Cameras are prevalent in our daily lives, and enable many useful systems built upon computer vision technologies such as smart cameras and home robots for service applications. However, there is also an increasing societal concern as the captured images/videos may contain privacy-sensitive information (e.g., face identity). We propose a novel face identity transformer which enables automated photo-realistic password-based anonymization as well as deanonymization of human faces appearing in visual data. Our face identity transformer is trained to (1) remove face identity information after anonymization, (2) make the recovery of the original face possible when given the correct password, and (3) return a wrong--but photo-realistic--face given a wrong password. Extensive experiments show that our approach enables multimodal password-conditioned face anonymizations and deanonymizations, without sacrificing privacy compared to existing anonymization approaches.Comment: ECCV 202

Reviews and syntheses: Spatial and temporal patterns in seagrass metabolic fluxes

Seagrass meadow metabolism has been measured for decades to gain insight into ecosystem energy, biomass production, food web dynamics, and, more recently, to inform its potential in ameliorating ocean acidification (OA). This extensive body of literature can be used to infer trends and drivers of seagrass meadow metabolism. Here, we synthesize the results from 56 studies reporting in situ rates of seagrass gross primary productivity, respiration, and/or net community productivity to highlight spatial and temporal variability in oxygen (O2) fluxes. We illustrate that daytime net community production (NCP) is positive overall and similar across seasons and geographies. Full-day NCP rates, which illustrate the potential cumulative effect of seagrass beds on seawater biogeochemistry integrated over day and night, were also positive overall but were higher in summer months in both tropical and temperate ecosystems. Although our analyses suggest seagrass meadows are generally autotrophic, the effects on seawater oxygen are relatively small in magnitude. We also find positive correlations between gross primary production and temperature, although this effect may vary between temperate and tropical geographies and may change under future climate scenarios if seagrasses approach thermal tolerance thresholds. In addition, we illustrate that periods when full-day NCP is highest could be associated with lower nighttime O2 and increased diurnal variability in seawater O2. These results can serve as first-order estimates of when and where OA amelioration by seagrasses may be likely. However, improved understanding of variations in NCPdic:NCPO2 ratios and increased work directly measuring metabolically driven alterations in seawater pH will further inform the potential for seagrass meadows to serve in this context

Practical implementation and analysis of hyper-encryption

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2009.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Includes bibliographical references (p. 89-90).The security of modern cryptographic schemes relies on limits on computational power and assumptions about the difficulty of certain mathematical problems, such as integer factorization. This thesis describes hyper-encryption in the limited access model, a system that provides perfect secrecy and authentication against an adversary who possesses unbounded computational power, but who is limited in the ability to eavesdrop on more than a fraction of computers in a large network, such as the Internet. This thesis also presents an implementation of hyper-encryption in the limited access model, discusses areas where the theoretical system differs from the practical implementation, and analyzes their impact on the security of the system.by Jason K. Juang.M.Eng

Picture-Hanging Puzzles

We show how to hang a picture by wrapping rope around n nails, making a polynomial number of twists, such that the picture falls whenever any k out of the n nails get removed, and the picture remains hanging when fewer than k nails get removed. This construction makes for some fun mathematical magic performances. More generally, we characterize the possible Boolean functions characterizing when the picture falls in terms of which nails get removed as all monotone Boolean functions. This construction requires an exponential number of twists in the worst case, but exponential complexity is almost always necessary for general functions.Comment: 18 pages, 8 figures, 11 puzzles. Journal version of FUN 2012 pape

Generation of eigenstates using the phase-estimation algorithm

The phase estimation algorithm is so named because it allows the estimation of the eigenvalues associated with an operator. However it has been proposed that the algorithm can also be used to generate eigenstates. Here we extend this proposal for small quantum systems, identifying the conditions under which the phase estimation algorithm can successfully generate eigenstates. We then propose an implementation scheme based on an ion trap quantum computer. This scheme allows us to illustrate two simple examples, one in which the algorithm effectively generates eigenstates, and one in which it does not.Comment: 5 pages, 3 Figures, RevTeX4 Introduction expanded, typos correcte

A kilobit hidden SNFS discrete logarithm computation

We perform a special number field sieve discrete logarithm computation in a 1024-bit prime field. To our knowledge, this is the first kilobit-sized discrete logarithm computation ever reported for prime fields. This computation took a little over two months of calendar time on an academic cluster using the open-source CADO-NFS software. Our chosen prime $p$ looks random, and $p--1$ has a 160-bit prime factor, in line with recommended parameters for the Digital Signature Algorithm. However, our p has been trapdoored in such a way that the special number field sieve can be used to compute discrete logarithms in $\mathbb{F}\_p^*$ , yet detecting that p has this trapdoor seems out of reach. Twenty-five years ago, there was considerable controversy around the possibility of back-doored parameters for DSA. Our computations show that trapdoored primes are entirely feasible with current computing technology. We also describe special number field sieve discrete log computations carried out for multiple weak primes found in use in the wild. As can be expected from a trapdoor mechanism which we say is hard to detect, our research did not reveal any trapdoored prime in wide use. The only way for a user to defend against a hypothetical trapdoor of this kind is to require verifiably random primes

Public Evidence from Secret Ballots

Elections seem simple---aren't they just counting? But they have a unique, challenging combination of security and privacy requirements. The stakes are high; the context is adversarial; the electorate needs to be convinced that the results are correct; and the secrecy of the ballot must be ensured. And they have practical constraints: time is of the essence, and voting systems need to be affordable and maintainable, and usable by voters, election officials, and pollworkers. It is thus not surprising that voting is a rich research area spanning theory, applied cryptography, practical systems analysis, usable security, and statistics. Election integrity involves two key concepts: convincing evidence that outcomes are correct and privacy, which amounts to convincing assurance that there is no evidence about how any given person voted. These are obviously in tension. We examine how current systems walk this tightrope.Comment: To appear in E-Vote-Id '1

Quantum entanglement using trapped atomic spins

We propose an implementation for quantum logic and computing using trapped atomic spins of two different species, interacting via direct magnetic spin-spin interaction. In this scheme, the spins (electronic or nuclear) of distantly spaced trapped neutral atoms serve as the qubit arrays for quantum information processing and storage, and the controlled interaction between two spins, as required for universal quantum computing, is implemented in a three step process that involves state swapping with a movable auxiliary spin.Comment: minor revisions with an updated discussion on adibatic tranportation of trapped qubit, 5 pages, 3 figs, resubmitted to PR