Privately Connecting Mobility to Infectious Diseases via Applied Cryptography

Human mobility is undisputedly one of the critical factors in infectious disease dynamics. Until a few years ago, researchers had to rely on static data to model human mobility, which was then combined with a transmission model of a particular disease resulting in an epidemiological model. Recent works have consistently been showing that substituting the static mobility data with mobile phone data leads to significantly more accurate models. While prior studies have exclusively relied on a mobile network operator's subscribers' aggregated data, it may be preferable to contemplate aggregated mobility data of infected individuals only. Clearly, naively linking mobile phone data with infected individuals would massively intrude privacy. This research aims to develop a solution that reports the aggregated mobile phone location data of infected individuals while still maintaining compliance with privacy expectations. To achieve privacy, we use homomorphic encryption, zero-knowledge proof techniques, and differential privacy. Our protocol's open-source implementation can process eight million subscribers in one and a half hours. Additionally, we provide a legal analysis of our solution with regards to the EU General Data Protection Regulation.Comment: Added differentlial privacy experiments and new benchmark

Efficient Lifting for Shorter Zero-Knowledge Proofs and Post-Quantum Signatures

MPC-in-the-head based zero-knowledge proofs allow one to prove knowledge of a preimage for a circuit defined over a finite field F. In recent proofs the soundness depends on the size F, and small fields require more parallel repetitions, and therefore produce larger proofs. In this paper we develop and systematically apply lifting strategies to such proof protocols in order to increase soundness and reduce proof size. The strategies are (i) lifting parts of the protocol to extension fields of F, (ii) using reverse- multiplication friendly embeddings to pack elements of F into a larger field and (iii) to use an alternative circuit representation. Using a combination of these strategies at different points in the protocol, we design two new proof systems well suited to small circuits defined over small fields. As a case study we consider efficient constructions of post-quantum signatures, where a signature is a proof of knowledge of a one-way function preimage, and two commonly used one-way functions are defined over small fields (AES and LowMC). We find that carefully applying these lifting strategies gives shorter signatures than the state-of-the-art: our AES-based signatures are 1.3x shorter than Banquet (PKC 2021) and our LowMC-based signatures are almost 2x shorter than the NIST-candidate algorithm Picnic3. We implement our schemes and provide benchmarks. Finally, we also give other optimizations: some generally applicable to this class of proofs, and some specific to the circuits we focused on

An Attack on Some Signature Schemes Constructed From Five-Pass Identification Schemes

We present a generic forgery attack on signature schemes constructed from 5-round identification schemes made non-interactive with the Fiat-Shamir transform. The attack applies to ID schemes that use parallel repetition to decrease the soundness error. The attack can be mitigated by increasing the number of parallel repetitions, and our analysis of the attack facilitates parameter selection. We apply the attack to MQDSS, a post-quantum signature scheme relying on the hardness of the MQ-problem. Concretely, forging a signature for the L1 instance of MQDSS, which should provide 128 bits of security, can be done in $\approx 2^{95}$ operations. We verify the validity of the attack by implementing it for round-reduced versions of MQDSS, and the designers have revised their parameter choices accordingly. We also survey other post-quantum signature algorithms and find the attack succeeds against PKP-DSS (a signature scheme based on the hardness of the permuted kernel problem) and list other schemes that may be affected. Finally, we use our analysis to choose parameters and investigate the performance of a 5-round variant of the Picnic scheme

Note on the Robustness of CAESAR Candidates

Authenticated ciphers rely on the uniqueness of the nonces to meet their security goals. In this work, we investigate the implications of reusing nonces for three third-round candidates of the ongoing CAESAR competition, namely Tiaoxin, AEGIS and MORUS. We show that an attacker that is able to force nonces to be reused can reduce the security of the ciphers with results ranging from full key-recovery to forgeries with practical complexity and a very low number of nonce-misuse queries

Whole-genome functional characterization of RE1 silencers using a modified massively parallel reporter assay.

Transcriptional silencers are under- studied compared with activating elements. By using MPRAduo, Mouri et al. perform a whole-genome functional characterization screen of RE1 silencers and identify REST-binding motif characteristics and cofactor localization required for a functional silencer. They also identify human genetic variants that impact RE1 activity

Multi-Party Revocation in Sovrin: Performance through Distributed Trust

Accumulators provide compact representations of large sets and compact membership witnesses. Besides constant-size witnesses, public-key accumulators provide efficient updates of both the accumulator itself and the witness. However, bilinear group based accumulators come with drawbacks: they require a trusted setup and their performance is not practical for real-world applications with large sets. In this paper, we introduce multi-party public-key accumulators dubbed dynamic (threshold) secret-shared accumulators. We present an instantiation using bilinear groups having access to more efficient witness generation and update algorithms that utilize the shares of the secret trapdoors sampled by the parties generating the public parameters. Specifically, for the q-SDH-based accumulators, we provide a maliciously-secure variant sped up by a secure multi-party computation (MPC) protocol (IMACC\u2719) built on top of SPDZ and a maliciously secure threshold variant built with Shamir secret sharing. For these schemes, a performant proof-of-concept implementation is provided, which substantiates the practicability of public-key accumulators in this setting. We explore applications of dynamic (threshold) secret-shared accumulators to revocation schemes of group signatures and credentials system. In particular, we consider it as part of Sovrin\u27s system for anonymous credentials where credentials are issued by the foundation of trusted nodes

Depression in veterans with Parkinson's disease: frequency, co-morbidity, and healthcare utilization

Objective To determine the frequency of depression in Parkinson's disease (PD) in routine clinical care, and to examine its association with co-morbid psychiatric and medical conditions and healthcare utilization. Methods Depression diagnoses and healthcare utilization data for all male veterans with PD age 55 or older seen in fiscal year 2002 ( n  = 41,162) were analyzed using Department of Veterans Affairs (VA) national databases. Frequencies of co-morbid disorders and healthcare utilization were determined for depressed and non-depressed patients; associations with depression were examined using multivariate logistic regression models. Results A depression diagnosis was recorded for 18.5% of PD patients, including major depression in 3.9%. Depression decreased in frequency and severity with increasing age. In multivariate logistic regression models, depressed patients had significantly greater psychiatric and medical co-morbidity, including dementia, psychosis, stroke, congestive heart failure, diabetes, and chronic obstructive pulmonary disease than non-depressed patients (all p  < 0.01). Depressed PD patients were also significantly more likely to have medical (OR = 1.34, 95% CI = 1.25–1.44) and psychiatric hospitalizations (OR = 2.14, 95% CI = 1.83–2.51), and had more outpatient visits ( p  < 0.01), than non-depressed PD patients in adjusted models. Conclusion Depression in PD in non-tertiary care settings may not be as common or as severe as that seen in specialty care, though these findings also may reflect under-recognition or diagnostic imprecision. The occurrence of depression in PD is associated with greater psychiatric and medical co-morbidity, and greater healthcare utilization. These findings suggest that screening for depression in PD is important and should be embedded in a comprehensive psychiatric, neuropsychological, and medical evaluation. Copyright © 2006 John Wiley & Sons, Ltd.Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/56073/1/1712_ftp.pd

Improvements to the Linear Operations of LowMC: A Faster Picnic

Picnic is a practical approach to digital signatures where the security is primarily based on the existence of a one-way function, and the signature size strongly depends on the number of multiplications in the circuit describing that one-way function. The highly parameterizable block cipher family LowMC has the most competitive properties with respect to this metric and is hence a standard choice. In this paper, we study various options for efficient implementations of LowMC in-depth. First, we investigate optimizations of the round key computation of LowMC independently of any implementation optimizations. By decomposing the round key computations based on the keys\u27 effect on the S-box layer and general optimizations, we reduce runtime costs by up to a factor of 2 and furthermore reduce the size of the LowMC matrices by around 45% compared to the original Picnic implementation (CCS\u2717). Second, we propose two modifications to the remaining matrix multiplication in LowMC\u27s linear layer. The first modification decomposes the multiplication into parts depending on the their effect on the S-box layer. While this requires the linear layer matrices to have an invertible submatrix, it reduces the runtime and memory costs significantly, both by up to a factor of 4 for instances used by Picnic and up to a factor of 25 for LowMC instances with only one S-box. The second modification proposes a Feistel structure using smaller matrices completely replacing the remaining large matrix multiplication in LowMC\u27s linear layer. With this approach, we achieve an operation count logarithmic in the block size but more importantly, improve over Picnic\u27s matrix multiplication by 60% while retaining a constant-time algorithm. Furthermore, this technique also enables us to reduce the memory requirements for storing LowMC matrices by 60%

Clinical Follow‐up of Parkinson’s Disease With Newly Prescribed Quetiapine

Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/162820/2/mds28193_am.pdfhttp://deepblue.lib.umich.edu/bitstream/2027.42/162820/1/mds28193.pd

Differential impact of two risk communications on antipsychotic prescribing to people with dementia in Scotland: segmented regression time series analysis 2001-2011

The two risk communications were associated with reductions in antipsychotic use, in ways which were compatible with marked differences in their content and dissemination. Further research is needed to ensure that the content and dissemination of regulatory risk communications is optimal, and to track their impact on intended and unintended outcomes. Although rates are falling, antipsychotic prescribing in dementia in Scotland remains unacceptably hig