How powerful are the DDH hard groups?

The question whether Identity-Based Encryption (IBE) can be based on the Decisional Diffie-Hellman (DDH) assumption is one of the most prominent questions in Cryptography related to DDH. We study limitations on the use of the DDH assumption in cryptographic constructions, and show that it is impossible to construct a secure Identity-Based Encryption system using, in a black box way, only the DDH (or similar) assumption about a group. Our impossibility result is set in the generic groups model, where we describe an attack on any IBE construction that relies on oracle access to the group operation of randomly labelled group elements -- a model that formalizes naturally DDH hardness. The vast majority of existing separation results typically give separation from general primitives, whereas we separate a primitive from a class of number theoretic hardness assumptions. Accordingly, we face challenges in creating an attack algorithm that will work against constructions which leverage the underlying algebraic structure of the group. In fact, we know that this algebraic structure is powerful enough to provide generic constructions for several powerful primitives including oblivious transfer and chosen ciphertext secure public-key cryptosystems (note that an IBE generalizes such systems). Technically, we explore statistical properties of the group algebra associated with a DDH oracle, which can be of independent interest

Chosen-ciphertext security from subset sum

We construct a public-key encryption (PKE) scheme whose security is polynomial-time equivalent to the hardness of the Subset Sum problem. Our scheme achieves the standard notion of indistinguishability against chosen-ciphertext attacks (IND-CCA) and can be used to encrypt messages of arbitrary polynomial length, improving upon a previous construction by Lyubashevsky, Palacio, and Segev (TCC 2010) which achieved only the weaker notion of semantic security (IND-CPA) and whose concrete security decreases with the length of the message being encrypted. At the core of our construction is a trapdoor technique which originates in the work of Micciancio and Peikert (Eurocrypt 2012

Predicting Infectious ComplicatioNs in Children with Cancer : an external validation study

Background:The aim of this study was to validate the 'Predicting Infectious ComplicatioNs in Children with Cancer' (PICNICC) clinical decision rule (CDR) that predicts microbiologically documented infection (MDI) in children with cancer and fever and neutropenia (FN). We also investigated costs associated with current FN management strategies in Australia.Methods:Demographic, episode, outcome and cost data were retrospectively collected on 650 episodes of FN. We assessed the discrimination, calibration, sensitivity and specificity of the PICNICC CDR in our cohort compared with the derivation data set.Results:Using the original variable coefficients, the CDR performed poorly. After recalibration the PICNICC CDR had an area under the receiver operating characteristic (AUC-ROC) curve of 0.638 (95% CI 0.590-0.685) and calibration slope of 0.24. The sensitivity, specificity, positive predictive value and negative predictive value of the PICNICC CDR at presentation was 78.4%, 39.8%, 28.6% and 85.7%, respectively. For bacteraemia, the sensitivity improved to 85.2% and AUC-ROC to 0.71. Application at day 2, taking into consideration the proportion of MDI known (43%), further improved the sensitivity to 87.7%. Length of stay is the main contributor to cost of FN treatment, with an average cost per day of AUD 2183 in the low-risk group.Conclusions:For prediction of any MDI, the PICNICC rule did not perform as well at presentation in our cohort as compared with the derivation study. However, for bacteraemia, the predictive ability was similar to that of the derivation study, highlighting the importance of recalibration using local data. Performance also improved after an overnight period of observation. Implementation of a low-risk pathway, using the PICNICC CDR after a short period of inpatient observation, is likely to be safe and has the potential to reduce health-care expenditure

Limitations on Separating Nondeterministic Time Complexity Classes

If the time bounds defining two nondeterministic complexity classes are too close for separation by the two known techniques, then they are almost too close for separation by any relativizable technique