Statistically-secure ORAM with O~(log⁡2n)\tilde{O}(\log^2 n) Overhead

We demonstrate a simple, statistically secure, ORAM with computational overhead $\tilde{O}(\log^2 n)$; previous ORAM protocols achieve only computational security (under computational assumptions) or require $\tilde{\Omega}(\log^3 n)$ overheard. An additional benefit of our ORAM is its conceptual simplicity, which makes it easy to implement in both software and (commercially available) hardware. Our construction is based on recent ORAM constructions due to Shi, Chan, Stefanov, and Li (Asiacrypt 2011) and Stefanov and Shi (ArXiv 2012), but with some crucial modifications in the algorithm that simplifies the ORAM and enable our analysis. A central component in our analysis is reducing the analysis of our algorithm to a "supermarket" problem; of independent interest (and of importance to our analysis,) we provide an upper bound on the rate of "upset" customers in the "supermarket" problem

Instantaneous Decentralized Poker

We present efficient protocols for amortized secure multiparty computation with penalties and secure cash distribution, of which poker is a prime example. Our protocols have an initial phase where the parties interact with a cryptocurrency network, that then enables them to interact only among themselves over the course of playing many poker games in which money changes hands. The high efficiency of our protocols is achieved by harnessing the power of stateful contracts. Compared to the limited expressive power of Bitcoin scripts, stateful contracts enable richer forms of interaction between standard secure computation and a cryptocurrency. We formalize the stateful contract model and the security notions that our protocols accomplish, and provide proofs using the simulation paradigm. Moreover, we provide a reference implementation in Ethereum/Solidity for the stateful contracts that our protocols are based on. We also adopt our off-chain cash distribution protocols to the special case of stateful duplex micropayment channels, which are of independent interest. In comparison to Bitcoin based payment channels, our duplex channel implementation is more efficient and has additional features

Linear Complexity Private Set Intersection for Secure Two-Party Protocols

In this paper, we propose a new private set intersection (PSI) protocol with bi-oblivious data transfer that computes the following functionality. One of the parties $P_1$ inputs a set of items $X$ and a set of data pairs $D_1 = \{ (d_0^j,d_1^j)\}$ and the other party $P_2$ inputs a set of items $Y$. While $P_1$ outputs nothing, $P_2$ outputs a set of data $D_2 = \{ d_{b_j}^j \mid b_j \in \{0,1\}\}$ dependent on the intersection of $X$ and $Y$. This functionality is generally required when the PSI protocol is used as a part of a larger secure two-party secure computation such as threshold PSI or any function of the whole intersecting set in general. Pinkas et al. presented a PSI protocol at Eurocrypt 2019 for this type of functionality, which has linear complexity only in communication. While there are PSI protocols with linear computation and communication complexities in the classical PSI setting where the intersection itself is revealed to one party, to the best of our knowledge, there is no PSI protocol, which outputs a function of the membership results and satisfies linear complexity in both communication and computation. We present the first PSI protocol that outputs only a function of the membership results with linear communication and computation complexities. While creating the protocol, as a side contribution, we provide a one-time batch oblivious programmable pseudo-random function based on garbled Bloom filters. We also implemented our protocol and provide performance results

Ring formation and hydration effects in electron attachment to misonidazole

This research was funded by CZECH SCIENCE FOUNDATION grant number 19-01159S; Czech Ministry of Education Youth and Sports via OP RDE Grant no. CZ.02.2.69/0.0/16_027/0008355; S.D. acknowledges funding from the FWF, Vienna (P30332).We study the reactivity of misonidazole with low-energy electrons in a water environment combining experiment and theoretical modelling. The environment is modelled by sequential hydration of misonidazole clusters in vacuum. The well-defined experimental conditions enable computational modeling of the observed reactions. While the NO- 2 dissociative electron attachment channel is suppressed, as also observed previously for other molecules, the OH- channel remains open. Such behavior is enabled by the high hydration energy of OH- and ring formation in the neutral radical co-fragment. These observations help to understand the mechanism of bio-reductive drug action. Electron-induced formation of covalent bonds is then important not only for biological processes but may find applications also in technology.publishersversionpublishe

YS-TaS2 and YxLa1–xS-TaS2 (0 ≤ x ≤ 1) nanotubes: A family of misfit layeredcompounds

We present the analysis of a family of nanotubes (NTs) based on the quaternary misfit layered compound (MLC) YxLa1–xS-TaS2. The NTs were successfully synthesized within the whole range of possible compositions via the chemical vapor transport technique. In-depth analysis of the NTs using electron microscopy and spectroscopy proves the in-phase (partial) substitution of La by Y in the (La,Y)S subsystem and reveals structural changes compared to the previously reported LaS-TaS2 MLC-NTs. The observed structure can be linked to the slightly different lattice parameters of LaS and YS. Raman spectroscopy and infrared transmission measurements reveal the tunability of the plasmonic and vibrational properties. Density-functional theory calculations showed that the YxLa1–xS-TaS2 MLCs are stable in all compositions. Moreover, the calculations indicated that substitution of La by Sc atoms is electronically not favorable, which explains our failed attempt to synthesize these MLC and NTs thereof.A.E. acknowledges the support by Act 211 Government of the Russian Federation, Contract No. 02.A03.21.0006. The support of the Israel Science Foundation (Grant No. 7130970101), Irving and Cherna Moskowitz Center for Nano and Bio-Nano Imaging, and the Perlman Family Foundation and the Kimmel Center for Nanoscale Science (Grant No. 43535000350000) is greatly acknowledged. R.A. gratefully acknowledges the support from the Spanish Ministry of Economy and Competitiveness (MINECO) through Project Grant MAT2016-79776-P (AEI/FEDER, UE) and from the European Union H2020 program “ESTEEM3” (823717). S.H. acknowledges funding by the German Research Foundation (HE 7675/1-1). I.P. is the incumbent of the Sharon Zuckerman Research Fellow Chair.Peer reviewe

Catalic: Delegated PSI Cardinality with Applications to Contact Tracing

Private Set Intersection Cardinality (PSI-CA) allows two parties, each holding a set of items, to learn the size of the intersection of those sets without revealing any additional information. To the best of our knowledge, this work presents the first protocol that allows one of the parties to delegate PSI-CA computation to untrusted servers. At the heart of our delegated PSI-CA protocol is a new oblivious distributed key PRF (Odk-PRF) abstraction, which may be of independent interest. We explore in detail how to use our delegated PSI-CA protocol to perform privacy-preserving contact tracing. It has been estimated that a significant percentage of a given population would need to use a contact tracing app to stop a disease’s spread. Prior privacy-preserving contact tracing systems, however, impose heavy bandwidth or computational demands on client devices. These demands present an economic disincentive to participate for end users who may be billed per MB by their mobile data plan or for users who want to save battery life. We propose Catalic (ContAct TrAcing for LIghtweight Clients), a new contact tracing system that minimizes bandwidth cost and computation workload on client devices. By applying our new delegated PSI-CA protocol, Catalic shifts most of the client-side computation of contact tracing to untrusted servers, and potentially saves each user hundreds of megabytes of mobile data per day while preserving privacy

A Performance and Resource Consumption Assessment of Secure Multiparty Computation

In recent years, secure multiparty computation (SMC) advanced from a theoretical technique to a practically applicable technology. Several frameworks were proposed of which some are still actively developed. We perform a first comprehensive study of performance characteristics of SMC protocols using a promising implementation based on secret sharing, a common and state-of-the-art foundation. Therefor, we analyze its scalability with respect to environmental parameters as the number of peers, network properties -- namely transmission rate, packet loss, network latency -- and parallelization of computations as parameters and execution time, CPU cycles, memory consumption and amount of transmitted data as variables. Our insights on the resource consumption show that such a solution is practically applicable in intranet environments and -- with limitations -- in Internet settings

Improved Private Set Intersection against Malicious Adversaries

Private set intersection (PSI) refers to a special case of secure two-party computation in which the parties each have a set of items and compute the intersection of these sets without revealing any additional information. In this paper we present improvements to practical PSI providing security in the presence of {\em malicious} adversaries. Our starting point is the protocol of Dong, Chen \& Wen (CCS 2013) that is based on Bloom filters. We identify a bug in their malicious-secure variant and show how to fix it using a cut-and-choose approach that has low overhead while simultaneously avoiding one the main computational bottleneck in their original protocol. We also point out some subtleties that arise when using Bloom filters in malicious-secure cryptographic protocols. We have implemented our PSI protocols and report on its performance. Our improvements reduce the cost of Dong et al.\u27s protocol by a factor of $14-110\times$ on a single thread. When compared to the previous fastest protocol of De Cristofaro et al., we improve the running time by $8-24\times$. For instance, our protocol has an online time of 14 seconds and an overall time of 2.1 minutes to securely compute the intersection of two sets of 1 million items each

PSI from PaXoS: Fast, Malicious Private Set Intersection

We present a 2-party private set intersection (PSI) protocol which provides security against malicious participants, yet is almost as fast as the fastest known semi-honest PSI protocol of Kolesnikov et al. (CCS 2016). Our protocol is based on a new approach for two-party PSI, which can be instantiated to provide security against either malicious or semi-honest adversaries. The protocol is unique in that the only difference between the semi-honest and malicious versions is an instantiation with different parameters for a linear error-correction code. It is also the first PSI protocol which is concretely efficient while having linear communication and security against malicious adversaries, while running in the OT-hybrid model (assuming a non-programmable random oracle). State of the art semi-honest PSI protocols take advantage of cuckoo hashing, but it has proven a challenge to use cuckoo hashing for malicious security. Our protocol is the first to use cuckoo hashing for malicious-secure PSI. We do so via a new data structure, called a probe-and-XOR of strings (PaXoS), which may be of independent interest. This abstraction captures important properties of previous data structures, most notably garbled Bloom filters. While an encoding by a garbled Bloom filter is larger by a factor of $O(\lambda)$ than the original data, we describe a significantly improved PaXoS based on cuckoo hashing that achieves constant rate while being no worse in other relevant efficiency measures

A novel accessory muscle in the flexor compartment of anterior forearm inserting into the tenosynovium of the flexor pollicis longus

A common variant of accessory muscles in the anterior forearm is the Gantzer’s muscle (GM). GM arises as a muscle belly from flexor digitorum superficialis (FDS) or ulnar coronoid process to merge distally with the flexor pollicis longus (FPL) muscle. In the present case report, we describe a novel accessory muscle in the flexor compartment of the forearm. The proximal attachment was tendinous and came from three sources: FDS muscle, ulnar coronoid process, and the medial aspect of the proximal radius. The distal tendon of the novel accessory muscle ran parallel to FPL, passed through the carpal tunnel, and entered the palmar aspect of the hand. In the hand, the tendon thinned out and blended with the tenosynovium of the FPL, contributing to the sheath around the FPL tendon. This accessory muscle of the FPL is comparable to the frequently documented Gantzer muscle (GM); however, the present case exhibited fundamental nuances that distinguish it from the previously described iterations of the GM in the following ways: 1) The novel accessory muscle is tendinous from its proximal origin and throughout the upper one-third of the forearm, and one component of its origin arose from the medial aspect of the radius. Gantzer muscles with an origin on the radius have not been previously reported. 2) In the middle one-third, the tendinous proximal attachment transitioned to a muscle belly that passed through the carpal tunnel and entered the hand. 3) In the hand, the novel tendon widened, thinned, and merged with the tenosynovium of the FPL. Accessory muscles are a common finding in the anterior forearm during cadaveric dissection. In patients, they can be the cause of neuropathies due to compression of the anterior interosseous nerve. Awareness of variations is also important for clinicians who examine the forearm and hand, as well as hand and surgeons