Non-malleable encryption: simpler, shorter, stronger

In a seminal paper, Dolev et al. [15] introduced the notion of non-malleable encryption (NM-CPA). This notion is very intriguing since it suffices for many applications of chosen-ciphertext secure encryption (IND-CCA), and, yet, can be generically built from semantically secure (IND-CPA) encryption, as was shown in the seminal works by Pass et al. [29] and by Choi et al. [9], the latter of which provided a black-box construction. In this paper we investigate three questions related to NM-CPA security: 1. Can the rate of the construction by Choi et al. of NM-CPA from IND-CPA be improved? 2. Is it possible to achieve multi-bit NM-CPA security more efficiently from a single-bit NM-CPA scheme than from IND-CPA? 3. Is there a notion stronger than NM-CPA that has natural applications and can be achieved from IND-CPA security? We answer all three questions in the positive. First, we improve the rate in the scheme of Choi et al. by a factor O(λ), where λ is the security parameter. Still, encrypting a message of size O(λ) would require ciphertext and keys of size O(λ2) times that of the IND-CPA scheme, even in our improved scheme. Therefore, we show a more efficient domain extension technique for building a λ-bit NM-CPA scheme from a single-bit NM-CPA scheme with keys and ciphertext of size O(λ) times that of the NM-CPA one-bit scheme. To achieve our goal, we define and construct a novel type of continuous non-malleable code (NMC), called secret-state NMC, as we show that standard continuous NMCs are not enough for the natural “encode-then-encrypt-bit-by-bit” approach to work. Finally, we introduce a new security notion for public-key encryption that we dub non-malleability under (chosen-ciphertext) self-destruct attacks (NM-SDA). After showing that NM-SDA is a strict strengthening of NM-CPA and allows for more applications, we nevertheless show that both of our results—(faster) construction from IND-CPA and domain extension from one-bit scheme—also hold for our stronger NM-SDA security. In particular, the notions of IND-CPA, NM-CPA, and NM-SDA security are all equivalent, lying (plausibly, strictly?) below IND-CCA securit

Effect of educational intervention on medication timing in Parkinson's disease: a randomized controlled trial

<p>Abstract</p> <p>Background</p> <p>Medicine usage in Parkinson's disease patients is often imperfect, in particular irregular timing of medication. The effect of informing Parkinson's disease patients about the continuous dopaminergic hypothesis (to encourage regular medicine intake) on medication adherence and motor control was tested.</p> <p>Methods</p> <p>Patients were randomised either to the active group (receiving the intervention) or control group (no extra information). Antiparkinson medicine usage was monitored for 3 months before and after the intervention using electronic pill bottles which record the date and time of opening (MEMS^®, Aardex, Switzerland) and data used to calculate the percentage of doses taken at correct time intervals.</p> <p>Results</p> <p>43 patients (52%) were randomised to active counselling, and 40 (48%) were controls (standard management). The intervention effect (difference in timing adherence pre- to post-intervention between the 2 groups) was 13.4% (CI 5.1 to 21.7), p = 0.002. Parkinson motor scores did not change significantly (active group 0.1, CI -3.4 to 3.7) versus controls (4.5, CI 1.6 to 7.1), p = 0.06.</p> <p>Conclusion</p> <p>Timing adherence, but not motor scores, improves by providing patients with extra information. Therapy timing is of potential importance in Parkinson's disease management.</p> <p>Trial registration number</p> <p>NCT00361205</p

Structure-Preserving Smooth Projective Hashing

International audienceSmooth projective hashing has proven to be an extremely useful primitive, in particular when used in conjunction with commitments to provide implicit decommitment. This has lead to applications proven secure in the UC framework, even in presence of an adversary which can do adaptive corruptions, like for example Password Authenticated Key Exchange (PAKE), and 1-out-of-m Oblivious Transfer (OT). However such solutions still lack in efficiency, since they heavily scale on the underlying message length. Structure-preserving cryptography aims at providing elegant and efficient schemes based on classical assumptions and standard group operations on group elements. Recent trend focuses on constructions of structure- preserving signatures, which require message, signature and verification keys to lie in the base group, while the verification equations only consist of pairing-product equations. Classical constructions of Smooth Projective Hash Function suffer from the same limitation as classical signatures: at least one part of the computation (messages for signature, witnesses for SPHF) is a scalar. In this work, we introduce and instantiate the concept of Structure- Preserving Smooth Projective Hash Function, and give as applications more efficient instantiations for one-round PAKE and three-round OT, and information retrieval thanks to Anonymous Credentials, all UC- secure against adaptive adversaries

Genome-Wide Modeling of Transcription Preinitiation Complex Disassembly Mechanisms using ChIP-chip Data

Apparent occupancy levels of proteins bound to DNA in vivo can now be routinely measured on a genomic scale. A challenge in relating these occupancy levels to assembly mechanisms that are defined with biochemically isolated components lies in the veracity of assumptions made regarding the in vivo system. Assumptions regarding behavior of molecules in vivo can neither be proven true nor false, and thus is necessarily subjective. Nevertheless, within those confines, connecting in vivo protein-DNA interaction observations with defined biochemical mechanisms is an important step towards fully defining and understanding assembly/disassembly mechanisms in vivo. To this end, we have developed a computational program PathCom that models in vivo protein-DNA occupancy data as biochemical mechanisms under the assumption that occupancy levels can be related to binding duration and explicitly defined assembly/disassembly reactions. We exemplify the process with the assembly of the general transcription factors (TBP, TFIIB, TFIIE, TFIIF, TFIIH, and RNA polymerase II) at the genes of the budding yeast Saccharomyces. Within the assumption inherent in the system our modeling suggests that TBP occupancy at promoters is rather transient compared to other general factors, despite the importance of TBP in nucleating assembly of the preinitiation complex. PathCom is suitable for modeling any assembly/disassembly pathway, given that all the proteins (or species) come together to form a complex

Energy Restriction during Childhood and Early Adulthood and Ovarian Cancer Risk

Dietary energy restriction may protect against cancer. In parts of the Netherlands, mostly in larger cities, periods of chronically impaired nutrition and even severe famine (Hunger Winter 1944–1945) existed during the 1930s and World War II (1940–1945). We studied the association between energy restriction during childhood and early adulthood on the risk of ovarian cancer later in life. In 1986, the Netherlands Cohort Study was initiated. A self-administered questionnaire on dietary habits and other cancer risk factors was completed by 62,573 women aged 55–69 years at baseline. Follow-up for cancer was established by record linkage to the Netherlands Cancer Registry. After 16.3 years of follow-up, 364 invasive epithelial ovarian cancer cases and 2220 subcohort members (sampled from the total cohort directly after baseline) with complete information confounders were available for case-cohort analyses. In multivariable analysis, ovarian cancer risk was lower for participants with an unemployed father during the 1930s (Hazard Ratio (HR), 0.70; 95% Confidence Interval (CI), 0.47–1.06) compared to participants with an employed father as well as for participants living in a city during World War II (HR, 0.69; 95% CI, 0.54–0.90) compared to participants living in the country-side. Residence in a Western City during the famine (Hunger Winter) was not associated with a decreased risk. Our results show a relation between proxy variables for modest energy restriction over a longer period of time during childhood or early adulthood and a reduced ovarian cancer risk

On Multiparty Garbling of Arithmetic Circuits

We initiate a study of garbled circuits that contain both Boolean and arithmetic gates in secure multiparty computation. In particular, we incorporate the garbling gadgets for arithmetic circuits recently presented by Ball, Malkin, and Rosulek (ACM CCS 2016) into the multiparty garbling paradigm initially introduced by Beaver, Micali, and Rogaway (STOC \u2790). This is the first work that studies arithmetic garbled circuits in the multiparty setting. Using mixed Boolean-arithmetic circuits allows more efficient secure computation of functions that naturally combine Boolean and arithmetic computations. Our garbled circuits are secure in the semi-honest model, under the same hardness assumptions as Ball et al., and can be efficiently and securely computed in constant rounds assuming an honest majority. We first extend free addition and multiplication by a constant to the multiparty setting. We then extend to the multiparty setting efficient garbled multiplication gates. The garbled multiplication gate construction we show was previously achieved only in the two-party setting and assuming a random oracle. We further present a new garbling technique, and show how this technique can improve efficiency in garbling selector gates. Selector gates compute a simple ``if statement in the arithmetic setting: the gate selects the output value from two input integer values, according to a Boolean selector bit; if the bit is $0$ the output equals the first value, and if the bit is $1$ the output equals the second value. Using our new technique, we show a new and designated garbled selector gate that reduces by approximately $33\%$ the evaluation time, for any number of parties, from the best previously known constructions that use existing techniques and are secure based on the same hardness assumptions. On the downside, we find that testing equality and computing exponentiation by a constant are significantly more complex to garble in the multiparty setting than in the two-party setting

The deuteron: structure and form factors

A brief review of the history of the discovery of the deuteron in provided. The current status of both experiment and theory for the elastic electron scattering is then presented.Comment: 80 pages, 33 figures, submited to Advances in Nuclear Physic

Adaptive Oblivious Transfer and Generalization

International audienceOblivious Transfer (OT) protocols were introduced in the seminal paper of Rabin, and allow a user to retrieve a given number of lines (usually one) in a database, without revealing which ones to the server. The server is ensured that only this given number of lines can be accessed per interaction, and so the others are protected; while the user is ensured that the server does not learn the numbers of the lines required. This primitive has a huge interest in practice, for example in secure multi-party computation, and directly echoes to Symmetrically Private Information Retrieval (SPIR). Recent Oblivious Transfer instantiations secure in the UC framework suf- fer from a drastic fallback. After the first query, there is no improvement on the global scheme complexity and so subsequent queries each have a global complexity of O(|DB|) meaning that there is no gain compared to running completely independent queries. In this paper, we propose a new protocol solving this issue, and allowing to have subsequent queries with a complexity of O(log(|DB|)), and prove the protocol security in the UC framework with adaptive corruptions and reliable erasures. As a second contribution, we show that the techniques we use for Obliv- ious Transfer can be generalized to a new framework we call Oblivi- ous Language-Based Envelope (OLBE). It is of practical interest since it seems more and more unrealistic to consider a database with uncontrolled access in access control scenarii. Our approach generalizes Oblivious Signature-Based Envelope, to handle more expressive credentials and requests from the user. Naturally, OLBE encompasses both OT and OSBE, but it also allows to achieve Oblivious Transfer with fine grain access over each line. For example, a user can access a line if and only if he possesses a certificate granting him access to such line. We show how to generically and efficiently instantiate such primitive, and prove them secure in the Universal Composability framework, with adaptive corruptions assuming reliable erasures. We provide the new UC ideal functionalities when needed, or we show that the existing ones fit in our new framework. The security of such designs allows to preserve both the secrecy of the database values and the user credentials. This symmetry allows to view our new approach as a generalization of the notion of Symmetrically PIR

Round-Optimal Black-Box Two-Party Computation

In [Eurocrypt 2004] Katz and Ostrovsky establish the exact round complexity of secure two-party computation with respect to black-box proofs of security. They prove that 5 rounds are necessary for secure two-party protocols (4-round are sufficient if only one party receives the output) and provide a protocol that matches such lower bound. The main challenge when designing such protocol is to parallelize the proofs of consistency provided by both parties – necessary when security against malicious adversaries is considered– in 4 rounds. Toward this goal they employ specific proofs in which the statement can be unspecified till the last round but that require non-black-box access to the underlying primitives. A rich line of work [IKLP06, Hai08, CDSMW09, IKOS07, PW09] has shown that the non- black-box use of the cryptographic primitive in secure two-party computation is not necessary by providing black-box constructions matching basically all the feasibility results that were previously demonstrated only via non-black-box protocols. All such constructions however are far from being round optimal. The reason is that they are based on cut-and-choose mechanisms where one party can safely take an action only after the other party has successfully completed the cut-and-choose phase, therefore requiring additional rounds. A natural question is whether round-optimal constructions do inherently require non-black- box access to the primitives, and whether the lower bound shown by Katz and Ostrovsky can only be matched by a non-black-box protocol. In this work we show that round-optimality is achievable even with only black-box access to the primitives. We provide the first 4-round black-box oblivious transfer based on any enhanced trapdoor permutation. Plugging a parallel version of our oblivious transfer into the black- box non-interactive secure computation protocol of [IKO+11] we obtain the first round-optimal black-box two-party protocol in the plain model for any functionality

Pain relief is associated with decreasing postural sway in patients with non-specific low back pain

Background Increased postural sway is well documented in patients suffering from non-specific low back pain, whereby a linear relationship between higher pain intensities and increasing postural sway has been described. No investigation has been conducted to evaluate whether this relationship is maintained if pain levels change in adults with non-specific low back pain. Methods Thirty-eight patients with non-specific low back pain and a matching number of healthy controls were enrolled. Postural sway was measured by three identical static bipedal standing tasks of 90 sec duration with eyes closed in narrow stance on a firm surface. The perceived pain intensity was assessed by a numeric rating scale (NRS-11). The patients received three manual interventions (e.g. manipulation, mobilization or soft tissue techniques) at 3-4 day intervals, postural sway measures were obtained at each occasion. Results A clinically relevant decrease of four NRS scores in associated with manual interventions correlated with a significant decrease in postural sway. In contrast, if no clinically relevant change in intensity occurred ([less than or equal to]1 level), postural sway remained similar compared to baseline. The postural sway measures obtained at follow-up sessions 2 and 3 associated with specific NRS level showed no significant differences compared to reference values for the same pain score. Conclusions Alterations in self-reported pain intensities are closely related to changes in postural sway. The previously reported linear relationship between the two variables is maintained as pain levels change. Pain interference appears responsible for the altered sway in pain sufferers. This underlines the clinical use of sway measures as an objective monitoring tool during treatment or rehabilitation