Higher moments of charge fluctuations in QCD at high temperature

We present lattice results for baryon number, strangeness and electric charge fluctuations as well as their correlations at finite temperature and vanishing chemical potentials, i.e. under conditions relevant for RHIC and LHC. We find that the fluctuations change rapidly at the transition temperature $T_c$ and approach the ideal quark gas limit already at approximately $1.5T_c$. This indicates that quarks are the relevant degrees of freedom that carry the quantum numbers of conserved charges at $T\geq 1.5T_c$. At low temperature, qualitative features of the lattice results are well described by a hadron resonance gas model.Comment: 4 pages, 3 figures - To appear in the conference proceedings for Quark Matter 2009, March 30 - April 4, Knoxville, Tennesse

The string tension in SU(N) gauge theory from a careful analysis of smearing parameters

We report a method to select optimal smearing parameters before production runs and discuss the advantages of this selection for the determination of the string tension.Comment: Contribution to Lat97 poster session, title was 'How to measure the string tension', 3 pages, 5 colour eps figure

The equation of state in lattice QCD: with physical quark masses towards the continuum limit

The equation of state of QCD at vanishing chemical potential as a function of temperature is determined for two sets of lattice spacings. Coarser lattices with temporal extension of N_t=4 and finer lattices of N_t=6 are used. Symanzik improved gauge and stout-link improved staggered fermionic actions are applied. The results are given for physical quark masses both for the light quarks and for the strange quark. Pressure, energy density, entropy density, quark number susceptibilities and the speed of sound are presented.Comment: 14 pages, 9 figures. Version published in JHEP: discussions added in Sects. 1, 2. Fig. 1 changed and a new figure for the interaction measure added. Information on statistics added in Table 1. Raw values of the pressure added in Table 3. A few references adde

Using Fully Homomorphic Hybrid Encryption to Minimize Non-interative Zero-Knowledge Proofs

A non-interactive zero-knowledge (NIZK) proof can be used to demonstrate the truth of a statement without revealing anything else. It has been shown under standard cryptographic assumptions that NIZK proofs of membership exist for all languages in NP. While there is evidence that such proofs cannot be much shorter than the corresponding membership witnesses, all known NIZK proofs for NP languages are considerably longer than the witnesses. Soon after Gentry’s construction of fully homomorphic encryption, several groups independently contemplated the use of hybrid encryption to optimize the size of NIZK proofs and discussed this idea within the cryptographic community. This article formally explores this idea of using fully homomorphic hybrid encryption to optimize NIZK proofs and other related cryptographic primitives. We investigate the question of minimizing the communication overhead of NIZK proofs for NP and show that if fully homomorphic encryption exists then it is possible to get proofs that are roughly of the same size as the witnesses. Our technique consists in constructing a fully homomorphic hybrid encryption scheme with ciphertext size |m|+poly(k), where m is the plaintext and k is the security parameter. Encrypting the witness for an NP-statement allows us to evaluate the NP-relation in a communication-efficient manner. We apply this technique to both standard non-interactive zero-knowledge proofs and to universally composable non-interactive zero-knowledge proofs. The technique can also be applied outside the realm of non-interactive zero-knowledge proofs, for instance to get witness-size interactive zero-knowledge proofs in the plain model without any setup or to minimize the communication in secure computation protocols

Recovering short generators of principal ideals in cyclotomic rings

Abstract: A handful of recent cryptographic proposals rely on the conjectured hardness of the following problem in the ring of integers of a cyclotomic number field: given a basis of a principal ideal that is guaranteed to have a ``rather short'' generator, find such a generator. Recently, Bernstein and Campbell-Groves-Shepherd sketched potential attacks against this problem; most notably, the latter authors claimed a \emph{polynomial-time quantum} algorithm. (Alternatively, replacing the quantum component with an algorithm of Biasse and Fieker would yield a \emph{classical subexponential-time} algorithm.) A key claim of Campbell \etal\ is that one step of their algorithm---namely, decoding the \emph{log-unit} lattice of the ring to recover a short generator from an arbitrary one---is classically efficient (whereas the standard approach on general lattices takes exponential time). However, very few convincing details were provided to substantiate this claim. In this work, we clarify the situation by giving a rigorous proof that the log-unit lattice is indeed efficiently decodable, for any cyclotomic of prime-power index. Combining this with the quantum algorithm from a recent work of Biasse and Song confirms the main claim of Campbell \etal\xspace Our proof consists of two main technical contributions: the first is a geometrical analysis, using tools from analytic number theory, of the standard generators of the group of cyclotomic units. The second shows that for a wide class of typical distributions of the short generator, a standard lattice-decoding algorithm can recover it, given any generator. By extending our geometrical analysis, as a second main contribution we obtain an efficient algorithm that, given any generator of a principal ideal (in a prime-power cyclotomic), finds a 2^O~(n^1/2) -approximate shortest vector in the ideal. Combining this with the result of Biasse and Song yields a quantum polynomial-time algorithm for the 2^O~(n^1/2)-approximate Shortest Vector Problem on principal ideal lattices

UC-Secure OT from LWE, Revisited

We build a two-round, UC-secure oblivious transfer protocol (OT) in the common reference string (CRS) model under the Learning with Errors assumption (LWE) with sub-exponential modulus-to-noise ratio. We do so by instantiating the dual-mode encryption framework of Peikert, Vaikuntanathan and Waters (CRYPTO\u2708). The resulting OT can be instantiated in either one of two modes: one providing statistical sender security, and the other statistical receiver security. Furthermore, our scheme allows the sender and the receiver to reuse the CRS across arbitrarily many executions of the protocol. To the best of our knowledge, this gives the first construction of a UC-secure OT from LWE that achieves both statistical receiver security and unbounded reusability of the CRS. For comparison, there was, until recently, no such construction from LWE satisfying either one of these two properties. In particular, the construction of UC-secure OT from LWE of Peikert, Vaikuntanathan and Waters only provides computational receiver security and bounded reusability of the CRS. Our main technical contribution is a public-key encryption scheme from LWE where messy public keys (under which encryptions hide the underlying message statistically) can be recognized in time essentially independent of the LWE modulus $q$

One-Flavour Hybrid Monte Carlo with Wilson Fermions

The Wilson fermion determinant can be written as product of the determinants of two hermitian positive definite matrices. This formulation allows to simulate non-degenerate quark flavors by means of the hybrid Monte Carlo algorithm. A major numerical difficulty is the occurrence of nested inversions. We construct a Uzawa iteration scheme which treats the nested system within one iterative process.Comment: 11 pages, to appear in proceedings of the workshop "Numerical Challenges in Lattice QCD", Springer Verla

Large FHE Gates from tensored homomorphic accumulator

The main bottleneck of all known Fully Homomorphic Encryption schemes lies in the bootstrapping procedure invented by Gentry (STOC’09). The cost of this procedure can be mitigated either using Homomorphic SIMD techniques, or by performing larger computation per bootstrapping procedure.In this work, we propose new techniques allowing to perform more operations per bootstrapping in FHEW-type schemes (EUROCRYPT’13). While maintaining the quasi-quadratic Õ(n2) complexity of the whole cycle, our new scheme allows to evaluate gates with Ω(log n) input bits, which constitutes a quasi-linear speed-up. Our scheme is also very well adapted to large threshold gates, natively admitting up to Ω(n) inputs. This could be helpful for homomorphic evaluation of neural networks.Our theoretical contribution is backed by a preliminary prototype implementation, which can perform 6-to-6 bit gates in less than 10s on a single core, as well as threshold gates over 63 input bits even faster.<p