機会の不平等: ネパールを事例とした実証分析

早大学位記番号:新8376早稲田大

Extending Oblivious Transfer with Low Communication via Key-Homomorphic PRFs

We present a new approach to extending oblivious transfer with communication complexity that is logarithmic in the security parameter. Our method only makes black-box use of the underlying cryptographic primitives, and can achieve security against an active adversary with almost no overhead on top of passive security. This results in the first oblivious transfer protocol with sublinear communication and active security, which does not require any non-black-box use of cryptographic primitives. Our main technique is a novel twist on the classic OT extension of Ishai et al. (Crypto 2003), using an additively key-homomorphic PRF to reduce interaction. We first use this to construct a protocol for a large batch of 1-out-of-$n$ OTs on random inputs, with amortized $o(1)$ communication. Converting these to 1-out-of-2 OTs on chosen strings requires logarithmic communication. The key-homomorphic PRF used in the protocol can be instantiated under the learning with errors assumption with exponential modulus-to-noise ratio

A Sourcing Strategy for Active Pharmaceutical Ingredients (APIs)

We describe the development over the past decade of a sourcing strategy within the Roche group for active pharmaceutical ingredients and the intermediates used in their manufacture. The roles of certain production sites have been modified in the light of this strategy. Before sourcing decisions are taken, criteria including life-cycle phase of the product, whether the step under review comes early or late in the synthesis, protection of proprietary know-how, quantities needed, speed, available capacity and full production costs are systematically evaluated on a case-by-case basis. For each sourcing decision, different scenarios are compared, in particular that of in-house vs. external production. In future, we envisage intensified competition both among Contract Manufacturing Organisations (CMOs) for business from large pharma concerns and among the large pharma concerns themselves for the capacity available from the CMOs. In consequence, the large pharma concerns will have to continually adapt their sourcing strategies to the changing environment and will have to have available flexible production plants and organisations if they wish to maintain a viable in-house alternative to contract manufacture

Maternal Vitamin D Status and Delivery by Cesarean

We examined the association of vitamin D deficiency to risk of cesarean delivery using prospective data in a cohort of 1153 low income and minority gravidae. Circulating maternal 25-hydroxyvitamin D and intact parathyroid hormone were measured at entry to care 13.73 ± 5.6 weeks (mean ± SD). Intake of vitamin D and calcium was assessed at three time points during pregnancy. Using recent Institute of Medicine guidelines, 10.8% of the gravidae were at risk of vitamin D deficiency, and 23.8% at risk of insufficiency. Maternal 25-hydroxyvitamin D was related positively to vitamin D and calcium intakes and negatively to circulating concentrations of parathyroid hormone. Risk for cesarean delivery was increased significantly for vitamin D deficient women; there was no increased risk for gravidae at risk of insufficiency. When specific indications were examined, vitamin D deficiency was linked to a 2-fold increased risk of cesarean for prolonged labor. Results were the similar when prior guidelines for vitamin D deficiency (25(OH)D < 37.5nmol/L) and insufficiency (37.5–80 nmol/L) were utilized

Le Mans: Dynamic and Fluid MPC for Dishonest Majority

Most MPC protocols require the set of parties to be active for the entire duration of the computation. Deploying MPC for use cases such as complex and resource-intensive scientific computations increases the barrier of entry for potential participants. The model of Fluid MPC (Crypto 2021) tackles this issue by giving parties the flexibility to participate in the protocol only when their resources are free. As such, the set of parties is dynamically changing over time. In this work, we extend Fluid MPC, which only considered an honest majority, to the setting where the majority of participants at any point in the computation may be corrupt. We do this by presenting variants of the SPDZ protocol, which support dynamic participants. Firstly, we describe a universal preprocessing for SPDZ, which allows a set of $n$ parties to compute some correlated randomness, such that later on, any subset of the parties can use this to take part in an online secure computation. We complement this with a Dynamic SPDZ online phase, designed to work with our universal preprocessing, as well as a protocol for securely realising the preprocessing. Our preprocessing protocol is designed to efficiently use pseudorandom correlation generators, thus, the parties\u27 storage and communication costs can be almost independent of the function being evaluated. We then extend this to support a fluid online phase, where the set of parties can dynamically evolve during the online phase. Our protocol achieves maximal fluidity and security with abort, similarly to the previous, honest majority construction. Achieving this requires a careful design and techniques to guarantee a small state complexity, allowing us to switch between committees efficiently

Low weight congestion control for multi sender applications

This paper presents a prototype for single-rate reliable multicast congestion control, which has been built into an existing commercial whiteboard. The prototype was developed using a novel scheme that was engineered around conflicting industry provided requirements for collaborative workspaces. This required the scheme to be both low-weight when used with many senders and compatible with NAT, firewalls and reflectors. The key to overcome this conflict was to combine congestion control and recovery feedback. This differs from many current solutions in that they are often designed for use with a wide variety of protocols and thus operate independent of the recovery mechanism. This paper does not go into the detail required to specify a protocol but instead discusses a few important design requirements for multi-sender applications, which are generally not considered by current research, and describes an approach towards meeting these requirements. Document type: Part of book or chapter of boo

Simple Threshold (Fully Homomorphic) Encryption From LWE With Polynomial Modulus

The learning with errors (LWE) assumption is a powerful tool for building encryption schemes with useful properties, such as plausible resistance to quantum computers, or support for homomorphic computations. Despite this, essentially the only method of achieving threshold decryption in schemes based on LWE requires a modulus that is superpolynomial in the security parameter, leading to a large overhead in ciphertext sizes and computation time. In this work, we propose a (fully homomorphic) encryption scheme that supports a simple $t$-out-of-$n$ threshold decryption protocol while allowing for a polynomial modulus. The main idea is to use the Rényi divergence (as opposed to the statistical distance as in previous works) as a measure of distribution closeness. This comes with some technical obstacles, due to the difficulty of using the Rényi divergence in decisional security notions such as standard semantic security. We overcome this by constructing a threshold scheme with a weaker notion of one-way security and then showing how to transform any one-way threshold scheme into one guaranteeing indistinguishability-based security

Low-Communication Multiparty Triple Generation for SPDZ from Ring-LPN

The SPDZ protocol for multi-party computation relies on a correlated randomness setup consisting of authenticated, multiplication triples. A recent line of work by Boyle et al. (Crypto 2019, Crypto 2020) has investigated the possibility of producing this correlated randomness in a silent preprocessing phase, which involves a “small” setup protocol with less communication than the total size of the triples being produced. These works do this using a tool called a pseudorandom correlation generator (PCG), which allows a large batch of correlated randomness to be compressed into a set of smaller, correlated seeds. However, existing methods for compressing SPDZ triples only apply to the 2-party setting. In this work, we construct a PCG for producing SPDZ triples over large prime fields in the multi-party setting. The security of our PCG is based on the ring-LPN assumption over fields, similar to the work of Boyle et al. (Crypto 2020) in the 2-party setting. We also present a corresponding, actively secure setup protocol, which can be used to generate the PCG seeds and instantiate SPDZ with a silent preprocessing phase. As a building block, which may be of independent interest, we construct a new type of 3-party distributed point function supporting outputs over arbitrary groups (including large prime order), as well as an efficient protocol for setting up our DPF keys with active security