Post-Partum Pituitary Insufficiency and Livedo Reticularis Presenting a Diagnostic Challenge in a Resource Limited Setting in Tanzania: A Case Report, Clinical Discussion and Brief Review of Existing Literature.

Pituitary disorders following pregnancy are an important yet under reported clinical entity in the developing world. Conversely, post partum panhypopituitarism has a more devastating impact on women in such settings due to high fertility rates, poor obstetric care and scarcity of diagnostic and therapeutic resources available. A 37 year old African female presented ten years post partum with features of multiple endocrine deficiencies including hypothyroidism, hypoadrenalism, lactation failure and secondary amenorrhea. In addition she had clinical features of an underlying autoimmune condition. These included a history of post-partum thyroiditis, alopecia areata, livedo reticularis and deranged coagulation indices. A remarkable clinical response followed appropriate hormone replacement therapy including steroids. This constellation has never been reported before; we therefore present an interesting clinical discussion including a brief review of existing literature. Post partum pituitary insufficiency is an under-reported condition of immense clinical importance especially in the developing world. A high clinical index of suspicion is vital to ensure an early and correct diagnosis which will have a direct bearing on management and patient outcome

HIV Prevention in Care and Treatment Settings: Baseline Risk Behaviors among HIV Patients in Kenya, Namibia, and Tanzania.

HIV care and treatment settings provide an opportunity to reach people living with HIV/AIDS (PLHIV) with prevention messages and services. Population-based surveys in sub-Saharan Africa have identified HIV risk behaviors among PLHIV, yet data are limited regarding HIV risk behaviors of PLHIV in clinical care. This paper describes the baseline sociodemographic, HIV transmission risk behaviors, and clinical data of a study evaluating an HIV prevention intervention package for HIV care and treatment clinics in Africa. The study was a longitudinal group-randomized trial in 9 intervention clinics and 9 comparison clinics in Kenya, Namibia, and Tanzania (N = 3538). Baseline participants were mostly female, married, had less than a primary education, and were relatively recently diagnosed with HIV. Fifty-two percent of participants had a partner of negative or unknown status, 24% were not using condoms consistently, and 11% reported STI symptoms in the last 6 months. There were differences in demographic and HIV transmission risk variables by country, indicating the need to consider local context in designing studies and using caution when generalizing findings across African countries. Baseline data from this study indicate that participants were often engaging in HIV transmission risk behaviors, which supports the need for prevention with PLHIV (PwP). TRIAL REGISTRATION: ClinicalTrials.gov NCT01256463

Batched Multi-hop Multi-key FHE from ring-LWE with Compact Ciphertext Extension

Traditional fully homomorphic encryption (FHE) schemes support computation on data encrypted under a single key. In STOC 2012, López-Alt et al. introduced the notion of multi-key FHE (MKFHE), which allows homomorphic computation on ciphertexts encrypted under different keys. In this work, we focus on MKFHE constructions from standard assumptions and propose a new construction of ring-LWE-based multi-hop MKFHE scheme. Our work is based on Brakerski-Gentry-Vaikuntanathan (BGV) FHE scheme where, in contrast, all the previous works on multi-key FHE with standard assumptions were based on Gentry-Sahai-Waters (GSW) FHE scheme. Therefore, our construction can encrypt ring elements rather than a single bit and naturally inherits the advantages in aspects of the ciphertext/plaintext ratio and the complexity of homomorphic operations. Moveover, the proposed MKFHE scheme supports the Chinese Remainder Theorem (CRT)-based ciphertexts packing technique, achieves $poly\left(k,L,\log n\right)$ computation overhead for $k$ users, circuits with depth at most $L$ and an $n$ dimensional lattice, and gives the first batched MKFHE scheme based on standard assumptions to our knowledge. Furthermore, the ciphertext extension algorithms of previous schemes need to perform complex computation on each ciphertext, while our extension algorithm just needs to generate evaluation keys for the extended scheme. So the complexity of ciphertext extension is only dependent on the number of associated parities but not on the number of ciphertexts. Besides, our scheme also admits a threshold decryption protocol from which a generalized two-round MPC protocol can be similarly obtained as prior works

Faster Homomorphic Linear Transformations in HElib

HElib is a software library that implements homomorphic encryption (HE), with a focus on effective use of packed ciphertexts. An important operation (which is used in bootstrapping, as well as in other applications) is applying a known linear map to a vector of encrypted data. In this paper, we describe several algorithmic improvements that significantly speed up this operation: in our experiments, our new algorithms were 30-75 times faster than those currently implemented in HElib for typical parameters. Our techniques also reduce the size of the large public evaluation key, often using 33%-50% less space than the previous HElib implementation. We also implemented a new tradeoff that enables a drastic reduction in size, maybe a 25x factor or more for some parameters, paying only a 2-4x factor in runtime (and giving up some parallelization opportunities)

Predicate Encryption for Circuits from LWE

In predicate encryption, a ciphertext is associated with descriptive attribute values x in addition to a plaintext μ, and a secret key is associated with a predicate f. Decryption returns plaintext μ if and only if f(x)=1. Moreover, security of predicate encryption guarantees that an adversary learns nothing about the attribute x or the plaintext μ from a ciphertext, given arbitrary many secret keys that are not authorized to decrypt the ciphertext individually. We construct a leveled predicate encryption scheme for all circuits, assuming the hardness of the subexponential learning with errors (LWE) problem. That is, for any polynomial function d=d(λ), we construct a predicate encryption scheme for the class of all circuits with depth bounded by d(λ), where λ is the security parameter.Microsoft Corporation (PhD Fellowship)Northrop Grumman Cybersecurity Research ConsortiumUnited States. Defense Advanced Research Projects Agency (Grant FA8750-11-2-0225)National Science Foundation (U.S.) (Awards CNS-1350619)National Science Foundation (U.S.) (Awards CNS-1413920)Alfred P. Sloan Foundation (Fellowship)Microsoft (Faculty Fellowship

Quantum FHE (Almost) As Secure As Classical

Fully homomorphic encryption schemes (FHE) allow to apply arbitrary efficient computation to encrypted data without decrypting it first. In Quantum FHE (QFHE) we may want to apply an arbitrary quantumly efficient computation to (classical or quantum) encrypted data. We present a QFHE scheme with classical key generation (and classical encryption and decryption if the encrypted message is itself classical) with comparable properties to classical FHE. Security relies on the hardness of the learning with errors (LWE) problem with polynomial modulus, which translates to the worst case hardness of approximating short vector problems in lattices to within a polynomial factor. Up to polynomial factors, this matches the best known assumption for classical FHE. Similarly to the classical setting, relying on LWE alone only implies leveled QFHE (where the public key length depends linearly on the maximal allowed evaluation depth). An additional circular security assumption is required to support completely unbounded depth. Interestingly, our circular security assumption is the same assumption that is made to achieve unbounded depth multi-key classical FHE. Technically, we rely on the outline of Mahadev (arXiv 2017) which achieves this functionality by relying on super-polynomial LWE modulus and on a new circular security assumption. We observe a connection between the functionality of evaluating quantum gates and the circuit privacy property of classical homomorphic encryption. While this connection is not sufficient to imply QFHE by itself, it leads us to a path that ultimately allows using classical FHE schemes with polynomial modulus towards constructing QFHE with the same modulus

New techniques for Multi-value input Homomorphic Evaluation and Applications

In this paper, we propose a new technique to perform several homomorphic operations in one bootstrapping call over a multi-value plaintext space. Our construction relies on the FHEW-based gate bootstrapping; we analyze its structure and propose a strategy we call multi-value bootstrapping which allows to bootstrap an arbitrary function in an efficient way. The security of our scheme relies on the LWE assumption over the torus. We give three possible applications: we first describe how to efficiently evaluate an arbitrary boolean function (LUT) and combine LUTs in circuits. We also explain how to apply our procedure to optimize the circuit bootstrapping from (Asiacrypt\u272017) which allows to compose circuits in a leveled mode. And we finally present a simple method which makes use of the multi-value bootstrapping to evaluate a encrypted neural network. We have implemented the proposed method and were able to evaluate an arbitrary 6-to-6 LUTs under 1.6 seconds. Our implementation is based on the TFHE library but can be easily integrated into other homomorphic libraries based on the same structure, such as FHEW (Eurocrypt\u272015). The number of LUT outputs does not influence the execution time by a lot, e.g. evaluation of additional 128 outputs on the same 6 input bits takes only 0.05 more seconds

FHE Over the Integers: Decomposed and Batched in the Post-Quantum Regime

Fully homomorphic encryption over the integers (FHE-OI) is currently the only alternative to lattice-based FHE. FHE-OI includes a family of schemes whose security is based on the hardness of different variants of the approximate greatest common divisor (AGCD) problem. The majority of these works is based on the noise-free variant of AGCD which is potentially weaker than the general one. In particular, the noise-free variant relies on the hardness of factoring and is thus vulnerable to quantum attacks. A lot of effort was made to port techniques from second generation lattice-based FHE (using tensoring) to FHE-OI. Gentry, Sahai and Waters (Crypto 13) showed that third generation techniques (which were later formalized using the ``gadget matrix\u27\u27) can also be ported. In this work, we propose a comprehensive study of applying third generation FHE techniques to the regime of FHE-OI. We present and analyze a third generation FHE-OI based on decisional AGCD without the noise-free assumption. We proceed to showing a batch version of our scheme where each ciphertext can encode a vector of messages and operations are performed coordinate-wise. We use a similar AGCD variant to Cheon et al.~(Eurocrypt 13) who suggested the batch approach for second generation FHE, but we do not require the noise-free component or a subset sum assumption. However, like Cheon et al., we do require circular security for our scheme, even for bounded homomorphism. Lastly, we discuss some of the obstacles towards efficient implementation of our schemes and discuss a number of possible optimizations

An Equivalence Between Attribute-Based Signatures and Homomorphic Signatures, and New Constructions for Both

In Attribute-Based Signatures (ABS; first defined by Maji, Prabhakaran and Rosulek, CT-RSA 2011) an authority can generate multiple signing keys, where each key is associated with a constraint $f$. A key respective to $f$ can sign a message $x$ only if $f(x) = 0$. The security requirements are unforgeability and key privacy (signatures should not expose the specific signing key used). In Homomorphic Signatures (HS; first defined by Boneh and Freeman, PKC 2011), given a signature for a data-set $x$, one can evaluate a signature for the pair $(f(x),f)$, for functions $f$. In context-hiding HS, evaluated signatures do not reveal information about the pre-evaluated signature. In this work we start by showing that these two notions are in fact equivalent. The first implication of this equivalence is a new lattice-based ABS scheme for polynomial-depth circuits, based on the HS construction of Gorbunov, Vaikuntanathan and Wichs (GVW; STOC 2015). We then construct a new ABS candidate from a worst case lattice assumption (SIS), with different parameters. Using our equivalence again, now in the opposite direction, our new ABS implies a new lattice-based HS scheme with different parameter trade-off, compared to the aforementioned GVW

A Framework for Achieving KDM-CCA Secure Public-Key Encryption

We propose a framework for achieving a public-key encryption (PKE) scheme that satisfies key dependent message security against chosen ciphertext attacks (KDM-CCA security) based on projective hash function. Our framework can be instantiated under the decisional diffie-hellman (DDH), quadratic residuosity (QR), and decisional composite residuosity (DCR) assumptions. The constructed schemes are KDM-CCA secure with respect to affine functions and compatible with the amplification method shown by Applebaum (EUROCRYPT 2011). Thus, they lead to PKE schemes satisfying KDM-CCA security for all functions computable by a-priori bounded size circuits. They are the first PKE schemes satisfying such a security notion in the standard model using neither non-interactive zero knowledge proof nor bilinear pairing. The above framework based on projective hash function captures only KDM-CCA security in the single user setting. However, we can prove the KDM-CCA security in the multi user setting of our concrete instantiations by using their algebraic structures explicitly. Especially, we prove that our DDH based scheme satisfies KDM-CCA security in the multi user setting with the same parameter setting as in the single user setting