Forward Private Searchable Symmetric Encryption with Optimized I/O Efficiency

Recently, several practical attacks raised serious concerns over the security of searchable encryption. The attacks have brought emphasis on forward privacy, which is the key concept behind solutions to the adaptive leakage-exploiting attacks, and will very likely to become mandatory in the design of new searchable encryption schemes. For a long time, forward privacy implies inefficiency and thus most existing searchable encryption schemes do not support it. Very recently, Bost (CCS 2016) showed that forward privacy can be obtained without inducing a large communication overhead. However, Bost's scheme is constructed with a relatively inefficient public key cryptographic primitive, and has a poor I/O performance. Both of the deficiencies significantly hinder the practical efficiency of the scheme, and prevent it from scaling to large data settings. To address the problems, we first present FAST, which achieves forward privacy and the same communication efficiency as Bost's scheme, but uses only symmetric cryptographic primitives. We then present FASTIO, which retains all good properties of FAST, and further improves I/O efficiency. We implemented the two schemes and compared their performance with Bost's scheme. The experiment results show that both our schemes are highly efficient, and FASTIO achieves a much better scalability due to its optimized I/O

Multiparty Computation for Modulo Reduction without Bit-Decomposition and A Generalization to Bit-Decomposition

Bit-decomposition, which is proposed by Damgård \emph{et al.}, is a powerful tool for multi-party computation (MPC). Given a sharing of secret $x$, it allows the parties to compute the sharings of the bits of $x$ in constant rounds. With the help of bit-decomposition, constant-rounds protocols for various MPC problems can be constructed. However, bit-decomposition is relatively expensive, so constructing protocols for MPC problems without relying on bit-decomposition is a meaningful work. In multi-party computation, it remains an open problem whether the \emph{modulo reduction problem} can be solved in constant rounds without bit-decomposition. In this paper, we propose a protocol for (public) modulo reduction without relying on bit-decomposition. This protocol achieves constant round complexity and linear communication complexity. Moreover, we show a generalized bit-decomposition protocol which can, in constant rounds, convert the sharing of secret $x$ into the sharings of the digits of $x$, along with the sharings of the bits of every digit. The digits can be base-\emph{m} for any $m\geq2$. Obviously, when \emph{m} is a power of 2, this generalized protocol is just the original bit-decomposition protocol

Cut-and-Choose Bilateral Oblivious Transfer and Its Application in Secure Two-party Computation

In secure two-party computation protocols, the cut-and-choose paradigm is used to prevent the malicious party who constructs the garbled circuits from cheating. In previous realization of the cut-and-choose technique on the garbled circuits, the delivery of the random keys is divided into multiple stages. Thus, the round complexity is high and the consistency of cut-and-choose challenge should be proved. In this paper, we introduce a new primitive called cut-and-choose bilateral oblivious transfer, which transfers all necessary keys of garbled circuits in one process. Specifically, in our oblivious transfer protocol, the sender inputs two pairs $(x_0,x_1)$, $(y_0,y_1)$ and a bit $\tau$; the receiver inputs two bits $\sigma$ and $j$. After the protocol execution, the receiver obtains $x_{\tau},y_{\sigma}$ for $j=1$, and $x_0,x_1,y_0,y_1$ for $j=0$. By the introduction of this new primitive, the round complexity of secure two-party computation protocol can be decreased; the cut-and-choose challenge $j$ is no need to be opened anymore, therefore the consistency proof of $j$ is omitted. In addition, the primitive is of independent interest and could be useful in many cut-and-choose scenarios

Decentralized Blacklistable Anonymous Credentials with Reputation

Blacklistable anonymous credential systems provide service providers with a way to authenticate users according to their historical behaviors, while guaranteeing that all users can access services in an anonymous and unlinkable manner, thus are potentially useful in practice. Traditionally, to protect services from illegal access, the credential issuer, which completes the registration with users, must be trusted by the service provider. However, in practice, this trust assumption is usually unsatisfied. Besides, to better evaluate users, it is desired to use blacklists, which record historical behaviors of users, of other service providers, but currently, this will threaten the security unless a strong trust assumption is made. Another potential security issue in current blacklistable anonymous credential systems is the blacklist gaming attack, where the service provider attempt to compromise the privacy of users via generating blacklist maliciously. In this paper, we solve these problems and present the decentralized blacklistable anonymous credential system with reputation, which inherits nearly all features of the BLACR system presented in Au et.al. (NDSS\u2712). However, in our new system, no trusted party is needed to register users. Moreover, blacklists from other service providers can be used safely in the new system assuming a minimal trust assumption holds. Besides, the new system is also partially resilient to the blacklist gaming attack. Technically, the main approach to solving these problems is a novel use of the blockchain technique, which serve as a public append-only ledger and are used to store credentials and blacklists. To simplify the construction, we also present a generic framework for constructing our new system. The general framework can be instantiated from three different types of cryptographic systems, including the RSA system, the classical DL system, and the pairing based system, and all these three types of instantiations can be supported simultaneously in the framework. To demonstrate the practicability of our system, we also give a proof of concept implementation for the instantiation under the RSA system. The experiment results indicate that when authenticating with blacklists of reasonable size, our implementation can fulfill practical efficiency demands, and when authenticating with empty blacklists, it is more efficient than that of Garman et al. (NDSS\u2714), which presents a decentralized anonymous credential system without considering revocation

Lattice-Based Techniques for Accountable Anonymity: Composition of Abstract Stern’s Protocols and Weak PRF with Efficient Protocols from LWR

In an accountable anonymous system, a user is guaranteed anonymity and unlinkability unless some well-defined condition is met. A line of research focus on schemes that do not rely on any trusted third party capable of de-anonymising users. Notable examples include $k$-times anonymous authentication ($k$-TAA), blacklistable anonymous credentials (BLAC) and linkable ring signatures (LRS). All instances of these schemes are based on traditional number theoretic assumptions, which are vulnerable to quantum attacks. One common feature of these schemes is the need to limit the number of times a key can be (mis-)used. Traditionally, it is usually achieved through the use of a pseudorandom function (PRF) which maps a user\u27s key to a pseudonym, along with a proof of correctness. However, existing lattice-based PRFs do not interact well with zero-knowledge proofs. To bridge this gap, we propose and develop the following techniques and primitives: We formalize the notion of weak PRF with efficient protocols, which allows a prover to convince a verifier that the function $\mathsf{F}$ is evaluated correctly. Specifically, we provide an efficient construction based on the learning with rounding problem, which uses abstract Stern\u27s Protocol to prove $y = \mathsf{F}_k(x)$ and $y \neq \mathsf{F}_k(x)$ without revealing $x$, $y$ or $k$. We develop a general framework, which we call extended abstract Stern\u27s protocol, to construct zero-knowledge arguments system for statements formed by conjunction and disjunction of sub-statements, who (or whose variants) are provable using abstract Stern\u27s Protocol. Specifically, our system supports arbitrary monotonic propositions and allows a prover to argue polynomial relationships of the witnesses used in these sub-statements. As many existing lattice-based primitives also admit proofs using abstract Stern\u27s protocol, our techniques can easily glue different primitives together for privacy-enhancing applications in a simple and clean way. Indeed, we propose three new schemes, all of which are the first of its kind, in the lattice setting. They also enjoy additional advantages over instances of the number-theoretic counterpart. Our $k$-TAA and BLAC schemes support concurrent enrollment while our LRS features logarithmic signature size without relying on a trusted setup. Our techniques enrich the arsenal of privacy-enhancing techniques and could be useful in the constructions of other schemes such as e-cash, unique group signatures, public key encryption with verifiable decryption, etc

Tree ring δ18O reveals no long-term change of atmospheric water demand since 1800 in the northern Great Hinggan Mountains, China

Global warming will significantly increase transpirational water demand, which could dramatically affect plant physiology and carbon and water budgets. Tree ring δ18O is a potential index of the leaf-to-air vapor-pressure deficit (VPD) and therefore has great potential for long-term climatic reconstruction. Here we developed δ18O chronologies of two dominant native trees, Dahurian larch (Larix gmelinii Rupr.) and Mongolian pine (Pinus sylvestris var. mongolica), from a permafrost region in the Great Hinggan Mountains of northeastern China. We found that the July–August VPD and relative humidity were the dominant factors that controlled tree ring δ18O in the study region, indicating strong regulation of stomatal conductance. Based on the larch and pine tree ring δ18O chronologies, we developed a reliable summer (July–August) VPD reconstruction since 1800. Warming growing season temperatures increase transpiration and enrich cellulose 18O, but precipitation seemed to be the most important influence on VPD changes in this cold region. Periods with stronger transpirational demand occurred around the 1850s, from 1914 to 1925, and from 2005 to 2010. However, we found no overall long-term increasing or decreasing trends for VPD since 1800, suggesting that despite the increasing temperatures and thawing permafrost throughout the region, forest transpirational demand has not increased significantly during the past two centuries. Under current climatic conditions, VPD did not limit growth of larch and pine, even during extremely drought years. Our findings will support more realistic evaluations and reliable predictions of the potential influences of ongoing climatic change on carbon and water cycles and on forest dynamics in permafrost regions

Weak-Key Leakage Resilient Cryptography

In traditional cryptography, the standard way of examining the security of a scheme is to analyze it in a black-box manner, capturing no side channel attacks which exploit various forms of unintended information leakages and do threaten the practical security of the scheme. One way to protect against such attacks aforementioned is to extend the traditional models so as to capture them. Early models rely on the assumption that only computation leaks information, and are incapable of capturing memory attacks such as cold boot attacks. Thus, Akavia et al.(TCC \u2709) formalize the general model of key-leakage attacks to cover them. However, most key-leakage attacks in reality tend to be weak key leakage attacks which can be viewed as a nonadaptive version of the key-leakage attacks. Powerful as those may be, the existing constructions of cryptographic schemes in adaptive key-leakage attacks model still have some drawbacks such as they are quite inefficient or they can only tolerate a small amount of leakage. Therefore, we mainly consider models that cover weak key-leakage attacks and the corresponding constructions in them. We extend the transformation paradigm presented by Naor and Segev that can transform from any chosen-plaintext secure public-key encryption (PKE) scheme to a chosen-plaintext weak key-leakage secure PKE scheme. Our extensions are two-fold. Firstly, we extend the paradigm into chosen-ciphertext attack scenarios and prove that the properties of it still hold in these scenarios. We also give an instantiation based on DDH assumption in this setting. Additionally, we extend the paradigm to cover more side channel attacks under the consideration of different types of leakage functions. We further consider attacks which require the secret key still has enough min-entropy after leaking and prove the original paradigm is still applicable in this case with chosen-ciphertext attacks. Attacks that require the secret key is computationally infeasible to recover given the leakage information are taken into consideration as well. And we formalize the informal discusses by Naor and Segev in (Crypto\u27 09) on how to adapt the original paradigm in this new models

Phosphorus adsorption characteristics and release risk in saline soils: a case study of Songnen Plain, China

IntroductionThe Songnen Plain is one of the three major saline-alkali areas in China, covering a vast area, where drought and overgrazing have exacerbated the salinization trend, and will have great potential for development if utilized rationally. Phosphorus, as one of important soil nutrients, plays a crucial role in plant growth. How to minimize its loss and migration has become a current research hotspot. The objective of the present study was to elucidate the adsorption properties of phosphorus in soils affected by salinization and to establish the correlation between the potential for phosphorus release and soil properties.MethodsA batch treatment test was conducted in this study using three soils with the various salinization degrees to examine the impact of environmental factors on the adsorption properties and potential release of phosphorus.Results and discussionIt was found that the maximum phosphorus adsorption by the three salinization soils in 0-360 minutes accounted for 86.8%-90.5% of the total adsorption capacity; the equilibrium adsorption capacity was: HS> MS> LS. In cases where the phosphorus level in the surrounding liquid is low, the three levels of salinized soils exhibited varying levels of phosphorus discharge, with the adsorbent acting as the origin of contaminants. The Pseudo-second-order model kinetics and Langmuir equation can well describe the adsorption process, and the adsorption process is spontaneous heat absorption with entropy increase. Increasing the pH led to an increase in the adsorption of phosphorus from the three salinized soils. Additionally, the adsorption was enhanced by introducing varying concentrations of Na+, Ca2+, and Al3+ to the background solution. The phosphorus eutrophication release risk (ERI) demonstrated a gradual decline as temperature increased. Correlation analysis revealed a noteworthy positive correlation between TN, TP, and ERI, as well as a significant negative correlation between CEC, K+, and ERI. Furthermore, there was a highly significant negative correlation between coarse silt and fine silt. Considering local climatic and environmental factors is crucial for controlling the adsorption capacity of phosphorus in various salinized soils, as it can unveil the mechanism of phosphorus adsorption and impact its migration and release risk

Arbuscular mycorrhizal fungi improve selenium uptake by modulating root transcriptome of rice (Oryza sativa L.)

Although selenium (Se) is an essential trace element in humans, the intake of Se from food is still generally inadequate throughout the world. Inoculation with arbuscular mycorrhizal fungi (AMF) improves the uptake of Se in rice (Oryza sativa L.). However, the mechanism by which AMF improves the uptake of Se in rice at the transcriptome level is unknown. Only a few studies have evaluated the effects of uptake of other elements in rice under the combined effects of Se and AMF. In this study, Se combined with the AMF Funneliformis mosseae (Fm) increased the biomass and Se concentration of rice plants, altered the pattern of ionomics of the rice roots and shoots, and reduced the antagonistic uptake of Se with nickel, molybdenum, phosphorus, and copper compared with the treatment of Se alone, indicating that Fm can enhance the effect of fertilizers rich in Se. Furthermore, a weighted gene co-expression network analysis (WGCNA) showed that the hub genes in modules significantly associated with the genes that contained Se and were related to protein phosphorylation, protein serine/threonine kinase activity, membrane translocation, and metal ion binding, suggesting that the uptake of Se by the rice roots may be associated with these genes when Fm and Se act in concert. This study provides a reference for the further exploration of genes related to Se uptake in rice under Fm treatment