Partial Fairness in Secure Two-Party Computation

A seminal result of Cleve (STOC \u2786) is that, in general, complete fairness is impossible to achieve in two-party computation. In light of this, various techniques for obtaining partial fairness have been suggested in the literature. We propose a definition of partial fairness within the standard real-/ideal-world paradigm that addresses deficiencies of prior definitions. We also show broad feasibility results with respect to our definition: partial fairness is possible for any (randomized) functionality $f:X \times Y \rightarrow Z^1 \times Z^2$ at least one of whose domains or ranges is polynomial in size. Our protocols are always private, and when one of the domains has polynomial size our protocols also simultaneously achieve the usual notion of security with abort. In contrast to some prior work, we rely on standard assumptions only. We also show that, as far as general feasibility is concerned, our results are optimal. Specifically, there exist functions with super-polynomial domains and ranges for which it is impossible to achieve our definition

Spreading the Privacy Blanket: Differentially Oblivious Shuffling for Differential Privacy

In the shuffle model for differential privacy, $n$ users locally randomize their data and submit the results to a trusted “shuffler” who mixes the results before sending them to a server for analysis. This is a promising model for real-world applications of differential privacy, as several recent results have shown that the shuffle model sometimes offers a strictly better privacy/utility tradeoff than what is possible in a purely local model. A downside of the shuffle model is its reliance on a trusted shuffler, and it is natural to try to replace this with a distributed shuffling protocol run by the users themselves. While it would of course be possible to use a fully secure shuffling protocol, one might hope to instead use a more-efficient protocol having weaker security guarantees. In this work, we consider a relaxation of secure shuffling called differential obliviousness that we prove suffices for differential privacy in the shuffle model. We also propose a differentially oblivious shuffling protocol based on onion routing that requires only $O(n \log n)$ communication while tolerating any constant fraction of corrupted users. We show that for practical settings of the parameters, our protocol outperforms existing solutions to the problem in some settings

Secure Computation with Sublinear Amortized Work

Traditional approaches to secure computation begin by representing the function $f$ being computed as a circuit. For any function~$f$ that depends on each of its inputs, this implies a protocol with complexity at least linear in the input size. In fact, linear running time is inherent for secure computation of non-trivial functions, since each party must ``touch\u27\u27 every bit of their input lest information about other party\u27s input be leaked. This seems to rule out many interesting applications of secure computation in scenarios where at least one of the inputs is huge and sublinear-time algorithms can be utilized in the insecure setting; private database search is a prime example. We present an approach to secure two-party computation that yields sublinear-time protocols, in an amortized sense, for functions that can be computed in sublinear time on a random access machine~(RAM). Furthermore, a party whose input is ``small\u27\u27 is required to maintain only small state. We provide a generic protocol that achieves the claimed complexity, based on any oblivious RAM and any protocol for secure two-party computation. We then present an optimized version of this protocol, where generic secure two-party computation is used only for evaluating a small number of simple operations

Multi-Input Functional Encryption

\emph{Functional encryption} (FE) is a powerful primitive enabling fine-grained access to encrypted data. In an FE scheme, secret keys (``tokens\u27\u27) correspond to functions; a user in possession of a ciphertext \ct = \enc(x) and a token \tkf for the function~$f$ can compute $f(x)$ but learn nothing else about~$x$. An active area of research over the past few years has focused on the development of ever more expressive FE schemes. In this work we introduce the notion of \emph{multi-input} functional encryption. Here, informally, a user in possession of a token \tkf for an $n$-ary function $f$ and \emph{multiple} ciphertexts \ct_1=\enc(x_1), \ldots, \ct_n=\enc(x_n) can compute $f(x_1, \ldots, x_n)$ but nothing else about the~$\{x_i\}$. Besides introducing the notion, we explore the feasibility of multi-input FE in the public-key and symmetric-key settings, with respect to both indistinguishability-based and simulation-based definitions of security

The natural history of secondary muscle-invasive bladder cancer

BACKGROUND: The management of patients with high-grade non muscle invasive bladder cancer (NMIBC) brings diagnostic and therapeutic challenges. In the current study, we sought to study the natural history of progression to "secondary" muscle-invasive bladder cancer (MIBC)-cancer that developed during follow up of patients presenting with non-muscle invasive bladder cancer (NMIBC). METHODS: Between 1998 and 2008, 760 patients were treated for bladder cancer. Primary MIBC (>=T2) tumors (present upon presentation) were diagnosed in 114 patients. All patients with high-grade NMIBC were treated with intravesical BCG. Mean follow-up was 44 months. RESULTS: Forty patients (6.1%) developed secondary MIBC after a mean period of 21 months from initial diagnosis of bladder cancer. The 2- and 5-year disease-specific survival rates were better for patients with secondary MIBC (90% and 56% compared to 69% and 42% for patients with primary disease, p=0.03). The Kaplan-Meier curves of the two groups were parallel but displaced by approximately 2 years. CONCLUSION: In the current series, MIBC progression occurred among initially presenting patients with NMIBC in 6.1%. In most patients, the initial diagnosis of NMIBC is correct and muscle invasion occurs after a mean period of about 2 years. This supports a non-radical approach in patients with high-grade T1, Ta or Tis. Meticulous follow-up with liberal biopsy of any suspicious lesion may provide early diagnosis of invasive disease

Multi-Client Verifiable Computation with Stronger Security Guarantees

Choi et al. (TCC 2013) introduced the notion of multi-client verifiable computation (MVC) in which a set of clients outsource to an untrusted server the computation of a function f over their collective inputs in a sequence of time periods. In that work, the authors defined and realized multi-client verifiable computation satisfying soundness against a malicious server and privacy against the semi-honest corruption of a single client. Very recently, Goldwasser et al. (Eurocrypt 2014) provided an alternative solution relying on multi-input functional encryption. Here we conduct a systematic study of MVC, with the goal of satisfying stronger security requirements. We begin by introducing a simulation-based notion of security that provides a unified way of defining soundness and privacy, and automatically captures several attacks not addressed in previous work. We then explore the feasibility of achieving this notion of security. Assuming no collusion between the server and the clients, we demonstrate a protocol for multi-client verifiable computation that achieves strong security in several respects. When server-client collusion is possible, we show (somewhat surprisingly) that simulation-based security cannot be achieved in general, even assuming semi-honest behavior

Is radical cystectomy mandatory in every patient with variant histology of bladder cancer

Urothelial carcinomas have an established propensity for divergent differentiation. Most of these variant tumors are muscle invasive but not all. The response of non muscle invasive variant tumors to intravesical immunotherapy with BCG is not established in the literature, and is reported here. Between June 1995 and December 2007, 760 patients (mean age of 67.5 years) underwent transurethral resection of first time bladder tumors in our institution. Histologically variant tumors were found in 79 patients (10.4%). Of these 57 patients (72%) of them had muscle-invasive disease or extensive non-muscle invasive tumors and remaining 22 patients (28%) were treated with BCG immunotherapy. These included 7 patients with squamous differentiation, 4 with glandular, 6 with nested, 4 with micropapillary and 1 patient with sarcomatoid variant. The response of these patients to immunotherapy was compared with that of 144 patients having high-grade conventional urothelial carcinomas. Median follow-up was 46 months. The 2 and 5-year progression (muscle-invasion) free survival rates were 92% and 84.24% for patients with conventional carcinoma compared to 81.06% and 63.16% for patients with variant disease (P=0.02). The 2 and 5-year disease specific survival rates were 97% and 91.43% for patients with conventional carcinoma compared to 94.74 % and 82% for patients with variant disease (P=0.33). 5 patients (22.7%) of variant group and 13 patients (9.03%) of conventional group underwent cystectomy during follow-up (P=0.068)

Mass and Angular Momentum in General Relativity

We present an introduction to mass and angular momentum in General Relativity. After briefly reviewing energy-momentum for matter fields, first in the flat Minkowski case (Special Relativity) and then in curved spacetimes with or without symmetries, we focus on the discussion of energy-momentum for the gravitational field. We illustrate the difficulties rooted in the Equivalence Principle for defining a local energy-momentum density for the gravitational field. This leads to the understanding of gravitational energy-momentum and angular momentum as non-local observables that make sense, at best, for extended domains of spacetime. After introducing Komar quantities associated with spacetime symmetries, it is shown how total energy-momentum can be unambiguously defined for isolated systems, providing fundamental tests for the internal consistency of General Relativity as well as setting the conceptual basis for the understanding of energy loss by gravitational radiation. Finally, several attempts to formulate quasi-local notions of mass and angular momentum associated with extended but finite spacetime domains are presented, together with some illustrations of the relations between total and quasi-local quantities in the particular context of black hole spacetimes. This article is not intended to be a rigorous and exhaustive review of the subject, but rather an invitation to the topic for non-experts. In this sense we follow essentially the expositions in Szabados 2004, Gourgoulhon 2007, Poisson 2004 and Wald 84, and refer the reader interested in further developments to the existing literature, in particular to the excellent and comprehensive review by Szabados (2004).Comment: 41 pages. Notes based on the lecture given at the C.N.R.S. "School on Mass" (June 2008) in Orleans, France. To appear as proceedings in the book "Mass and Motion in General Relativity", eds. L. Blanchet, A. Spallicci and B. Whiting. Some comments and references added

The Hemopoietic Stem Cell Niche Versus the Microenvironment of the Multiple Myeloma-Tumor Initiating Cell

Multiple myeloma cells are reminiscent of hemopoietic stem cells in their strict dependence upon the bone marrow microenvironment. However, from all other points of view, multiple myeloma cells differ markedly from stem cells. The cells possess a mature phenotype and secrete antibodies, and have thus made the whole journey to maturity, while maintaining a tumor phenotype. Not much credence was given to the possibility that the bulk of plasma-like multiple myeloma tumor cells is generated from tumor-initiating cells. Although interleukin-6 is a major contributor to the formation of the tumor’s microenvironment in multiple myeloma, it is not a major factor within hemopoietic stem cell niches. The bone marrow niche for myeloma cells includes the activity of inflammatory cytokines released through osteoclastogenesis. These permit maintenance of myeloma cells within the bone marrow. In contrast, osteoclastogenesis constitutes a signal that drives hemopoietic stem cells away from their bone marrow niches. The properties of the bone marrow microenvironment, which supports myeloma cell maintenance and proliferation, is therefore markedly different from the characteristics of the hemopoietic stem cell niche. Thus, multiple myeloma presents an example of a hemopoietic tumor microenvironment that does not resemble the corresponding stem cell renewal niche