Efficient UC Commitment Extension with Homomorphism for Free (and Applications)

Homomorphic universally composable (UC) commitments allow for the sender to reveal the result of additions and multiplications of values contained in commitments without revealing the values themselves while assuring the receiver of the correctness of such computation on committed values. In this work, we construct essentially optimal additively homomorphic UC commitments from any (not necessarily UC or homomorphic) extractable commitment. We obtain amortized linear computational complexity in the length of the input messages and rate 1. Next, we show how to extend our scheme to also obtain multiplicative homomorphism at the cost of asymptotic optimality but retaining low concrete complexity for practical parameters. While the previously best constructions use UC oblivious transfer as the main building block, our constructions only require extractable commitments and PRGs, achieving better concrete efficiency and offering new insights into the sufficient conditions for obtaining homomorphic UC commitments. Moreover, our techniques yield public coin protocols, which are compatible with the Fiat-Shamir heuristic. These results come at the cost of realizing a restricted version of the homomorphic commitment functionality where the sender is allowed to perform any number of commitments and operations on committed messages but is only allowed to perform a single batch opening of a number of commitments. Although this functionality seems restrictive, we show that it can be used as a building block for more efficient instantiations of recent protocols for secure multiparty computation and zero knowledge non-interactive arguments of knowledge

An empirical analysis of smart contracts: platforms, applications, and design patterns

Smart contracts are computer programs that can be consistently executed by a network of mutually distrusting nodes, without the arbitration of a trusted authority. Because of their resilience to tampering, smart contracts are appealing in many scenarios, especially in those which require transfers of money to respect certain agreed rules (like in financial services and in games). Over the last few years many platforms for smart contracts have been proposed, and some of them have been actually implemented and used. We study how the notion of smart contract is interpreted in some of these platforms. Focussing on the two most widespread ones, Bitcoin and Ethereum, we quantify the usage of smart contracts in relation to their application domain. We also analyse the most common programming patterns in Ethereum, where the source code of smart contracts is available.Comment: WTSC 201

Insured MPC: Efficient Secure Computation with Financial Penalties

Fairness in Secure Multiparty Computation (MPC) is known to be impossible to achieve in the presence of a dishonest majority. Previous works have proposed combining MPC protocols with Cryptocurrencies in order to financially punish aborting adversaries, providing an incentive for parties to honestly follow the protocol. This approach also yields privacy-preserving Smart Contracts, where private inputs can be processed with MPC in order to determine the distribution of funds given to the contract. The focus of existing work is on proving that this approach is possible and unfortunately they present monolithic and mostly inefficient constructions. In this work, we put forth the first modular construction of ``Insured MPC\u27\u27, where either the output of the private computation (which describes how to distribute funds) is fairly delivered or a proof that a set of parties has misbehaved is produced, allowing for financial punishments. Moreover, both the output and the proof of cheating are publicly verifiable, allowing third parties to independently validate an execution. We present a highly efficient compiler that uses any MPC protocol with certain properties together with a standard (non-private) Smart Contract and a publicly verifiable homomorphic commitment scheme to implement Insured MPC. As an intermediate step, we propose the first construction of a publicly verifiable homomorphic commitment scheme achieving composability guarantees and concrete efficiency. Our results are proven in the Global Universal Composability framework using a Global Random Oracle as the setup assumption. From a theoretical perspective, our general results provide the first characterization of sufficient properties that MPC protocols must achieve in order to be efficiently combined with Cryptocurrencies, as well as insights into publicly verifiable protocols. On the other hand, our constructions have highly efficient concrete instantiations, allowing for fast implementations

Finite flavour groups of fermions

We present an overview of the theory of finite groups, with regard to their application as flavour symmetries in particle physics. In a general part, we discuss useful theorems concerning group structure, conjugacy classes, representations and character tables. In a specialized part, we attempt to give a fairly comprehensive review of finite subgroups of SO(3) and SU(3), in which we apply and illustrate the general theory. Moreover, we also provide a concise description of the symmetric and alternating groups and comment on the relationship between finite subgroups of U(3) and finite subgroups of SU(3). Though in this review we give a detailed description of a wide range of finite groups, the main focus is on the methods which allow the exploration of their different aspects.Comment: 89 pages, 6 figures, some references added, rearrangement of part of the material, section on SU(3) subgroups substantially extended, some minor revisions. Version for publication in J. Phys. A. Table 12 corrected to match eq.(256), table 14 and eq.(314) corrected to match the 2-dimensional irreps defined on p.6

Kaleidoscope: An Efficient Poker Protocol with Payment Distribution and Penalty Enforcement

The research on secure poker protocols without trusted intermediaries has a long history that dates back to modern cryptography\u27s infancy. Two main challenges towards bringing it into real-life are enforcing the distribution of the rewards, and penalizing misbehaving/aborting parties. Using recent advances on cryptocurrencies and blockchain technologies, Andrychowicz et al. (IEEE S\&P 2014 and FC 2014 BITCOIN Workshop) were able to address those problems. Improving on these results, Kumaresan et al. (CCS 2015) and Bentov et al. (ASIACRYPT 2017) proposed specific purpose poker protocols that made significant progress towards meeting the real-world deployment requirements. However, their protocols still lack either efficiency or a formal security proof in a strong model. Specifically, the work of Kumaresan et al. relies on Bitcoin and simple contracts, but is not very efficient as it needs numerous interactions with the cryptocurrency network as well as a lot of collateral. Bentov et al. achieve further improvements by using stateful contracts and off-chain execution: they show a solution based on general multiparty computation that has a security proof in a strong model, but is also not very efficient. Alternatively, it proposes to use tailor-made poker protocols as a building block to improve the efficiency. However, a security proof is unfortunately still missing for the latter case: the security properties the tailor-made protocol would need to meet were not even specified, let alone proven to be met by a given protocol. Our solution closes this undesirable gap as it concurrently: (1) enforces the rewards\u27 distribution; (2) enforces penalties on misbehaving parties; (3) has efficiency comparable to the tailor-made protocols; (4) has a security proof in a simulation-based model of security. Combining techniques from the above works, from tailor-made poker protocols and from efficient zero-knowledge proofs for shuffles, and performing optimizations, we obtain a solution that satisfies all four desired criteria and does not incur a big burden on the blockchain

Global Study of the Simplest Scalar Phantom Dark Matter Model

We present a global study of the simplest scalar phantom dark matter model. The best fit parameters of the model are determined by simultaneously imposing (i) relic density constraint from WMAP, (ii) 225 live days data from direct experiment XENON100, (iii) upper limit of gamma-ray flux from Fermi-LAT indirect detection based on dwarf spheroidal satellite galaxies, and (iv) the Higgs boson candidate with a mass about 125 GeV and its invisible branching ratio no larger than 40% if the decay of the Higgs boson into a pair of dark matter is kinematically allowed. The allowed parameter space is then used to predict annihilation cross sections for gamma-ray lines, event rates for three processes mono-b jet, single charged lepton and two charged leptons plus missing energies at the Large Hadron Collider, as well as to evaluate the muon anomalous magnetic dipole moment for the model.Comment: Matches JCAP accepted version. 25 pages, 7 figure

Reassessing Mg/Ca temperature calibrations of <em>Neogloboquadrina pachyderma</em> (sinistral) using paired δ^44/40 and Mg/Ca measurements

The Mg/Ca temperature calibration of the polar to subpolar planktonic foraminifera Neogloboquadrina pachyderma (sinistral) (sinistral indicates left coiling) was refined by a multiproxy approach combining hydrographic temperature and salinity data with Mg/Ca, delta Ca-44/40, and delta O-18 values from Holocene Nordic seas core top samples. Reliable Mg/Ca-based temperature estimates are limited to foraminiferal tests that calcified in water masses with temperatures above similar to 3 degrees C at habitat depth. In these samples, Mg/Ca and delta Ca-44/40 values are positively correlated (Mg/Ca (mmol/mol) = 0.77 (+/- 0.22) x delta Ca-44/40 (parts per thousand SRM 915a) + 0.52 (+/- 0.12); n = 20, R-2 = 0.76). Both Mg/Ca- and delta Ca-44/40-derived temperatures projected onto their corresponding depth intervals reveal that the &quot;apparent'' calcification depth of N. pachyderma (sinistral) averaging the specimens' whole life cycle is bound to an isopycnal layer defined by water densities (sigma(t)) between 27.7 and 27.8. This implies that N. pachyderma (sinistral) prefers gradually deeper habitats with increasing sea surface temperatures, thus counterbalancing absolute temperature variations. Consequently, the total temperature range recorded in this foraminiferal species is restricted and only partly reflects environmental changes. On the basis of the new Mg/Ca, delta Ca-44/40, and delta O-18 multiproxy data set, we propose a linear Mg/Ca temperature relation for high-latitude N. pachyderma (sinistral): Mg/Ca (mmol/mol) = 0.13 (+/- 0.037) T (degrees C) + 0.35 (+/- 0.17); T &gt; 3 degrees C. In core top samples from polar waters with peak summer temperatures below similar to 3 degrees C, the temperature response in the Mg/Ca and delta Ca-44/40 proxy signal is inversed and poorly correlated. Both Mg/Ca- and delta Ca-44/40-derived temperature estimates pretend significantly higher calcification temperatures than maximum summer sea surface temperatures of these water masses

Fair and Robust Multi-party Computation Using a Global Transaction Ledger

Classical results on secure multi-party computation (MPC) imply that fully secure computation, including fairness (either all parties get output or none) and robustness (output delivery is guaranteed), is impossible unless a majority of the parties is honest. Recently, cryptocurrencies like Bitcoin where utilized to leverage the fairness loss in MPC against a dishonest majority. The idea is that when the protocol aborts in an unfair manner (i.e., after the adversary receives output) then honest parties get compensated by the adversarially controlled parties. Our contribution is three-fold. First, we put forth a new formal model of secure MPC with compensation and we show how the introduction of suitable ledger and synchronization functionalities makes it possible to express completely such protocols using standard interactive Turing machines (ITM) circumventing the need for the use of extra features that are outside the standard model as in previous works. Second, our model, is expressed in the universal composition setting with global setup and is equipped with a composition theorem that enables the design of protocols that compose safely with each other and within larger environments where other protocols with compensation take place; a composition theorem for MPC protocols with compensation was not known before. Third, we introduce the first robust MPC protocol with compensation, i.e., an MPC protocol where not only fairness is guaranteed (via compensation) but additionally the protocol is guaranteed to deliver output to the parties that get engaged and therefore the adversary, after an initial round of deposits, is not even able to mount a denial of service attack without having to suffer a monetary penalty. Importantly, our robust MPC protocol requires only a {\em constant } number of (coin-transfer and communication) rounds

The potential monetary benefits of reclaiming hazardous waste sites in the Campania region: an economic evaluation

BACKGROUND: Evaluating the economic benefit of reducing negative health outcomes resulting from waste management is of pivotal importance for designing an effective waste policy that takes into account the health consequences for the populations exposed to environmental hazards. Despite the high level of Italian and international media interest in the problem of hazardous waste in Campania little has been done to reclaim the land and the waterways contaminated by hazardous waste. OBJECTIVE: This study aims to reduce the uncertainty about health damage due to waste exposure by providing for the first time a monetary valuation of health benefits arising from the reclamation of hazardous waste dumps in Campania. METHODS: First the criteria by which the landfills in the Campania region, in particular in the two provinces of Naples and Caserta, have been classified are described. Then, the annual cases of premature death and fatal cases of cancers attributable to waste exposure are quantified. Finally, the present value of the health benefits from the reclamation of polluted land is estimated for each of the health outcomes (premature mortality, fatal cancer and premature mortality adjusted for the cancer premium). Due to the uncertainty about the time frame of the benefits arising from reclamation, the latency of the effects of toxic waste on human health and the lack of context specific estimates of the Value of Preventing a Fatality (VPF), extensive sensitivity analyses are performed. RESULTS: There are estimated to be 848 cases of premature mortality and 403 cases of fatal cancer per year as a consequence of exposure to toxic waste. The present value of the benefit of reducing the number of waste associated deaths after adjusting for a cancer premium is euro11.6 billion. This value ranges from euro5.4 to euro20.0 billion assuming a time frame for benefits of 10 and 50 years respectively. CONCLUSION: This study suggests that there is a strong economic argument for both reclaiming the land contaminated with hazardous waste in the two provinces of Naples and Caserta and increasing the control of the territory in order to avoid the creation of new illegal dump sites