Small-Box Cryptography

One of the ultimate goals of symmetric-key cryptography is to find a rigorous theoretical framework for building block ciphers from small components, such as cryptographic S-boxes, and then argue why iterating such small components for sufficiently many rounds would yield a secure construction. Unfortunately, a fundamental obstacle towards reaching this goal comes from the fact that traditional security proofs cannot get security beyond 2^{-n}, where n is the size of the corresponding component. As a result, prior provably secure approaches - which we call "big-box cryptography" - always made n larger than the security parameter, which led to several problems: (a) the design was too coarse to really explain practical constructions, as (arguably) the most interesting design choices happening when instantiating such "big-boxes" were completely abstracted out; (b) the theoretically predicted number of rounds for the security of this approach was always dramatically smaller than in reality, where the "big-box" building block could not be made as ideal as required by the proof. For example, Even-Mansour (and, more generally, key-alternating) ciphers completely ignored the substitution-permutation network (SPN) paradigm which is at the heart of most real-world implementations of such ciphers. In this work, we introduce a novel paradigm for justifying the security of existing block ciphers, which we call small-box cryptography. Unlike the "big-box" paradigm, it allows one to go much deeper inside the existing block cipher constructions, by only idealizing a small (and, hence, realistic!) building block of very small size n, such as an 8-to-32-bit S-box. It then introduces a clean and rigorous mixture of proofs and hardness conjectures which allow one to lift traditional, and seemingly meaningless, "at most 2^{-n}" security proofs for reduced-round idealized variants of the existing block ciphers, into meaningful, full-round security justifications of the actual ciphers used in the real world. We then apply our framework to the analysis of SPN ciphers (e.g, generalizations of AES), getting quite reasonable and plausible concrete hardness estimates for the resulting ciphers. We also apply our framework to the design of stream ciphers. Here, however, we focus on the simplicity of the resulting construction, for which we managed to find a direct "big-box"-style security justification, under a well studied and widely believed eXact Linear Parity with Noise (XLPN) assumption. Overall, we hope that our work will initiate many follow-up results in the area of small-box cryptography

Forward-Secure Encryption with Fast Forwarding

Forward-secure encryption (FSE) allows communicating parties to refresh their keys across epochs, in a way that compromising the current secret key leaves all prior encrypted communication secure. We investigate a novel dimension in the design of FSE schemes: fast-forwarding (FF). This refers to the ability of a stale communication party, that is stuck in an old epoch, to efficiently catch up to the newest state, and frequently arises in practice. While this dimension was not explicitly considered in prior work, we observe that one can augment prior FSEs -- both in symmetric- and public-key settings -- to support fast-forwarding which is sublinear in the number of epochs. However, the resulting schemes have disadvantages: the symmetric-key scheme is a security parameter slower than any conventional stream cipher, while the public-key scheme inherits the inefficiencies of the HIBE-based forward-secure PKE. To address these inefficiencies, we look at the common real-life situation which we call the bulletin board model, where communicating parties rely on some infrastructure -- such as an application provider -- to help them store and deliver ciphertexts to each other. We then define and construct FF-FSE in the bulletin board model, which addresses the above-mentioned disadvantages. In particular, * Our FF-stream-cipher in the bulletin-board model has: (a) constant state size; (b) constant normal (no fast-forward) operation; and (c) logarithmic fast-forward property. This essentially matches the efficiency of non-fast-forwardable stream ciphers, at the cost of constant communication complexity with the bulletin board per update. * Our public-key FF-FSE avoids HIBE-based techniques by instead using so-called updatable public-key encryption (UPKE), introduced in several recent works (and more efficient than public-key FSEs). Our UPKE-based scheme uses a novel type of update graph that we construct in this work. Our graph has constant in-degree, logarithmic diameter, and logarithmic cut property which is essential for the efficiency of our schemes. Combined with recent UPKE schemes, we get two FF-FSEs in the bulletin board model, under the DDH and the LWE assumptions

Updatable Public Key Encryption in the Standard Model

Forward security (FS) ensures that corrupting the current secret key in the system preserves the privacy or integrity of the prior usages of the system. Achieving forward security is especially hard in the setting of public-key encryption (PKE), where time is divided into periods, and in each period the receiver derives the next-period secret key from their current secret key, while the public key stays constant. Indeed, all current constructions of FS-PKE are built from hierarchical identity-based encryption (HIBE) and are rather complicated. Motivated by applications to secure messaging, recent works of Jost et al. (Eurocrypt’19) and Alwen et al. (CRYPTO’20) consider a natural relaxation of FS-PKE, which they term updatable PKE (UPKE). In this setting, the transition to the next period can be initiated by any sender, who can compute a special update ciphertext. This ciphertext directly produces the next-period public key and can be processed by the receiver to compute the next-period secret key. If done honestly, future (regular) ciphertexts produced with the new public key can be decrypted with the new secret key, but past such ciphertexts cannot be decrypted with the new secret key. Moreover, this is true even if all other previous-period updates were initiated by untrusted senders. Both papers also constructed a very simple UPKE scheme based on the CDH assumption in the random oracle model. However, they left open the question of building such schemes in the standard model, or based on other (e.g., post-quantum) assumptions, without using the heavy HIBE techniques. In this work, we construct two efficient UPKE schemes in the standard model, based on the DDH and LWE assumptions, respectively. Somewhat interestingly, our constructions gain their efficiency (compared to prior FS-PKE schemes) by using tools from the area of circular-secure and leakage resilient public-key encryption schemes (rather than HIBE)

Effect of okra plant resistance on transmission rate of okra enation leaf curl virus by its vector whitefly, Bemisia tabaci

The present study aimed to investigate the effect of age of the okra plants that showed varying whitefly resistance responses on the transmission rate of okra enation leaf curl virus (OELCV) by its vector whitefly Bemisia tabaci. The OELCV infected whitefly adults were collected from whitefly colonies and were challenged on the test okra accessions (Upl mona 2, Co 1, Arka anamika and AE 64) of differential ages which were individually caged (7, 10 and 15 d after germination) with glass chimney and the number of such whiteflies used were at the rate of 2, 4, 6, 8, 10, 12, 14 and 20 adults per plant. Observations were made on the virus symptom expression 30 d after challenge. The efficiency of transmission was determined. The efficiency of transmission of OELCV was the highest (maximum T and P*, 0.80, 1.00 and 0.08, 0.10) when 7 d old seedlings were inoculated (Arka anamika and AE 64 respectively) and transmission had decreased as the age of seedlings increased. The estimated transmission rate for single whitefly (P*) increased with an increase in the number of whiteflies used per plant. Okra plant resistance to B. tabaci significantly changed the transmission rates of OELCV on okra. Understanding the resistance mechanisms of the okra accessions and interactions between plant viruses and their insect host can pave the way for novel approaches to protect plants from virus infection

Seedless Fruit is the Sweetest: Random Number Generation, Revisited

The need for high-quality randomness in cryptography makes random-number generation one of its most fundamental tasks. A recent important line of work (initiated by Dodis et al., CCS ’13) focuses on the notion of *robustness* for *pseudorandom number generators (PRNGs) with inputs*—these are primitives that use various sources to accumulate sufficient entropy into a state, from which pseudorandom bits are extracted. Robustness ensures that PRNGs remain secure even under state compromise and adversarial control of entropy sources. However, the achievability of robustness inherently depends on a seed, or, alternatively, on an ideal primitive (e.g., a random oracle), independent of the source of entropy. Both assumptions are problematic: seed generation requires randomness to start with, and it is arguable whether the seed or the ideal primitive can be kept independent of the source. This paper resolves this dilemma by putting forward new notions of robustness which enable both (1) *seedless* PRNGs and (2) *primitive-dependent* adversarial sources of entropy. To bypass obvious impossibility results, we make a realistic compromise by requiring that the source produce sufficient entropy even given its evaluations of the underlying primitive. We also provide natural, practical, and provably secure constructions based on hash-function designs from compression functions, block ciphers, and permutations. Our constructions can be instantiated with minimal changes to industry-standard hash functions SHA-2 and SHA-3, or HMAC (as used for the key derivation function HKDF), and can be downgraded to *(online) seedless randomness extractors*, which are of independent interest. On the way we consider both a *computational* variant of robustness, where attackers only make a bounded number of queries to the ideal primitive, as well as a new *information-theoretic* variant, which dispenses with this assumption to a certain extent, at the price of requiring a high rate of injected weak randomness (as it is, e.g., plausible on Intel’s on-chip RNG). The latter notion enables applications such as everlasting security. Finally, we show that the CBC extractor, used by Intel’s on-chip RNG, is provably insecure in our model

An Efficient Multiple PKG Compatible Identity Based Authenticated Key Agreement protocol

In this paper we propose an efficient single-round, two-party identity based authenticated key agreement protocol in the setting of multiple Private Key Generators (PKGs). One of the major advantages of our construction is that it does not involve any pairing operations. To date, existing protocols in the Identity Based Key Agreement domain revolves around a single PKG environment. Efforts to exploit the multiple PKGs paradigm have placed excessive reliance on Elliptic Curve Cryptography and bilinear pairings. These are computationally intensive and cannot be used when computation is premium, specially in applications such as in a Vehicular Ad-Hoc Network (VANET) where the vehicles in a VANET may need to perform a large number of key agreement sessions. Previous attempts to model identity based key agreement in multiple PKG scenario by Chen and Kundla, McCullagh have very limited scope and provide weak security guarantees. We propose a new security model for identity based key agreement protocols involving multiple PKGs based on the eCK security model which is much more stronger than the existing models and captures additional properties like Key Compromise Impersonation and forward secrecy that were not captured by the previous models. Our protocol is proven secure in this new security model under the Gap Diffie Hellman (GDH) assumption in the Random Oracle (RO) model

Combining Forward-Security and Leakage-Resilience, Revisited

We revisit the combining of forward and leakage resilience, the study of which was initiated by Bellare \emph{et al.} (CANS 2017). Bellare \emph{et al.} combine forward security with continual leakage resilience, dubbed FS+CL. In particular, they construct a FS+CL public-key encryption (PKE) and signatures, but with various shortcomings in terms of leakage rate and assumptions. Our first result significantly improve on Bellare \emph{et al.}\u27s FS+CL PKE scheme, building a FS+CL PKE from any continuous leakage-resilient binary-tree encryption scheme (in contrast Bellare \emph{et al.} required extractable witness encryption which is a suspect assumption). Our construction preserves the leakage rate and hence yield FS+CL PKE with optimal leakage rate from standard assumption. \ind We next explore alternative combinations of forward security and leakage resilience. As argued by Dziembowski \emph{et al.} (CRYPTO 2011), it is desirable to have a model allowing a deterministic key-update procedure, which FS+CL does not. We put forth a combination of forward security with \emph{entropy bounded} leakage (FS+EBL) that allows such key updates. Then we construct FS+EBL non-interactive key exchange (NIKE) based on indistinguishability obfuscation (\iO), and DDH or LWE. Additionally, to make the public keys constant size, we rely on the Superfluous Padding Assumption (SuPA) of Brzuska and Mittelbach (Eprint 2015). Crucially, we \emph{do not} use auxiliary information in SuPA. SuPA notwithstanding, our scheme improves on the recent bounded leakage-resilient NIKE of Li \emph{et al.} (CRYPTO 2020) and also the FS NIKE construction of Pointcheval and Sanders (SCN 2014) from generic multilinear maps. Finally, we argue that using \emph{computational entropy} (FS+CEBL) is more compelling in the context of deterministic updates. We pose achieving a FS+CEBL NIKE as an important open problem

Encapsulated Search Index: Public-Key, Sub-linear, Distributed, and Delegatable

We build the first sub-linear (in fact, potentially constant-time) public-key searchable encryption system: − server can publish a public key $PK$. − anybody can build an encrypted index for document $D$ under $PK$. − client holding the index can obtain a token $z_w$ from the server to check if a keyword $w$ belongs to $D$. − search using $z_w$ is almost as fast (e.g., sub-linear) as the non-private search. − server granting the token does not learn anything about the document $D$, beyond the keyword $w$. − yet, the token $z_w$ is specific to the pair $(D, w)$: the client does not learn if other keywords $w\u27\neq w$ belong to $D$, or if w belongs to other, freshly indexed documents $D\u27$. − server cannot fool the client by giving a wrong token $z_w$. We call such a primitive Encapsulated Search Index (ESI). Our ESI scheme can be made $(t, n)$- distributed among $n$ servers in the best possible way: non-interactive, verifiable, and resilient to any coalition of up to $(t − 1)$ malicious servers. We also introduce the notion of delegatable ESI and show how to extend our construction to this setting. Our solution — including public indexing, sub-linear search, delegation, and distributed token generation — is deployed as a commercial application by Atakama

Global, regional, and national under-5 mortality, adult mortality, age-specific mortality, and life expectancy, 1970–2016: a systematic analysis for the Global Burden of Disease Study 2016

BACKGROUND: Detailed assessments of mortality patterns, particularly age-specific mortality, represent a crucial input that enables health systems to target interventions to specific populations. Understanding how all-cause mortality has changed with respect to development status can identify exemplars for best practice. To accomplish this, the Global Burden of Diseases, Injuries, and Risk Factors Study 2016 (GBD 2016) estimated age-specific and sex-specific all-cause mortality between 1970 and 2016 for 195 countries and territories and at the subnational level for the five countries with a population greater than 200 million in 2016. METHODS: We have evaluated how well civil registration systems captured deaths using a set of demographic methods called death distribution methods for adults and from consideration of survey and census data for children younger than 5 years. We generated an overall assessment of completeness of registration of deaths by dividing registered deaths in each location-year by our estimate of all-age deaths generated from our overall estimation process. For 163 locations, including subnational units in countries with a population greater than 200 million with complete vital registration (VR) systems, our estimates were largely driven by the observed data, with corrections for small fluctuations in numbers and estimation for recent years where there were lags in data reporting (lags were variable by location, generally between 1 year and 6 years). For other locations, we took advantage of different data sources available to measure under-5 mortality rates (U5MR) using complete birth histories, summary birth histories, and incomplete VR with adjustments; we measured adult mortality rate (the probability of death in individuals aged 15-60 years) using adjusted incomplete VR, sibling histories, and household death recall. We used the U5MR and adult mortality rate, together with crude death rate due to HIV in the GBD model life table system, to estimate age-specific and sex-specific death rates for each location-year. Using various international databases, we identified fatal discontinuities, which we defined as increases in the death rate of more than one death per million, resulting from conflict and terrorism, natural disasters, major transport or technological accidents, and a subset of epidemic infectious diseases; these were added to estimates in the relevant years. In 47 countries with an identified peak adult prevalence for HIV/AIDS of more than 0·5% and where VR systems were less than 65% complete, we informed our estimates of age-sex-specific mortality using the Estimation and Projection Package (EPP)-Spectrum model fitted to national HIV/AIDS prevalence surveys and antenatal clinic serosurveillance systems. We estimated stillbirths, early neonatal, late neonatal, and childhood mortality using both survey and VR data in spatiotemporal Gaussian process regression models. We estimated abridged life tables for all location-years using age-specific death rates. We grouped locations into development quintiles based on the Socio-demographic Index (SDI) and analysed mortality trends by quintile. Using spline regression, we estimated the expected mortality rate for each age-sex group as a function of SDI. We identified countries with higher life expectancy than expected by comparing observed life expectancy to anticipated life expectancy on the basis of development status alone. FINDINGS: Completeness in the registration of deaths increased from 28% in 1970 to a peak of 45% in 2013; completeness was lower after 2013 because of lags in reporting. Total deaths in children younger than 5 years decreased from 1970 to 2016, and slower decreases occurred at ages 5-24 years. By contrast, numbers of adult deaths increased in each 5-year age bracket above the age of 25 years. The distribution of annualised rates of change in age-specific mortality rate differed over the period 2000 to 2016 compared with earlier decades: increasing annualised rates of change were less frequent, although rising annualised rates of change still occurred in some locations, particularly for adolescent and younger adult age groups. Rates of stillbirths and under-5 mortality both decreased globally from 1970. Evidence for global convergence of death rates was mixed; although the absolute difference between age-standardised death rates narrowed between countries at the lowest and highest levels of SDI, the ratio of these death rates-a measure of relative inequality-increased slightly. There was a strong shift between 1970 and 2016 toward higher life expectancy, most noticeably at higher levels of SDI. Among countries with populations greater than 1 million in 2016, life expectancy at birth was highest for women in Japan, at 86·9 years (95% UI 86·7-87·2), and for men in Singapore, at 81·3 years (78·8-83·7) in 2016. Male life expectancy was generally lower than female life expectancy between 1970 and 2016, an

Global, regional, and national life expectancy, all-cause mortality, and cause-specific mortality for 249 causes of death, 1980-2015 : a systematic analysis for the Global Burden of Disease Study 2015

Background Improving survival and extending the longevity of life for all populations requires timely, robust evidence on local mortality levels and trends. The Global Burden of Disease 2015 Study (GBD 2015) provides a comprehensive assessment of all-cause and cause-specific mortality for 249 causes in 195 countries and territories from 1980 to 2015. These results informed an in-depth investigation of observed and expected mortality patterns based on sociodemographic measures. Methods We estimated all-cause mortality by age, sex, geography, and year using an improved analytical approach originally developed for GBD 2013 and GBD 2010. Improvements included refinements to the estimation of child and adult mortality and corresponding uncertainty, parameter selection for under-5 mortality synthesis by spatiotemporal Gaussian process regression, and sibling history data processing. We also expanded the database of vital registration, survey, and census data to 14 294 geography-year datapoints. For GBD 2015, eight causes, including Ebola virus disease, were added to the previous GBD cause list for mortality. We used six modelling approaches to assess cause-specific mortality, with the Cause of Death Ensemble Model (CODEm) generating estimates for most causes. We used a series of novel analyses to systematically quantify the drivers of trends in mortality across geographies. First, we assessed observed and expected levels and trends of cause-specific mortality as they relate to the Socio-demographic Index (SDI), a summary indicator derived from measures of income per capita, educational attainment, and fertility. Second, we examined factors affecting total mortality patterns through a series of counterfactual scenarios, testing the magnitude by which population growth, population age structures, and epidemiological changes contributed to shifts in mortality. Finally, we attributed changes in life expectancy to changes in cause of death. We documented each step of the GBD 2015 estimation processes, as well as data sources, in accordance with Guidelines for Accurate and Transparent Health Estimates Reporting (GATHER). Findings Globally, life expectancy from birth increased from 61.7 years (95% uncertainty interval 61.4-61.9) in 1980 to 71.8 years (71.5-72.2) in 2015. Several countries in sub-Saharan Africa had very large gains in life expectancy from 2005 to 2015, rebounding from an era of exceedingly high loss of life due to HIV/AIDS. At the same time, many geographies saw life expectancy stagnate or decline, particularly for men and in countries with rising mortality from war or interpersonal violence. From 2005 to 2015, male life expectancy in Syria dropped by 11.3 years (3.7-17.4), to 62.6 years (56.5-70.2). Total deaths increased by 4.1% (2.6-5.6) from 2005 to 2015, rising to 55.8 million (54.9 million to 56.6 million) in 2015, but age-standardised death rates fell by 17.0% (15.8-18.1) during this time, underscoring changes in population growth and shifts in global age structures. The result was similar for non-communicable diseases (NCDs), with total deaths from these causes increasing by 14.1% (12.6-16.0) to 39.8 million (39.2 million to 40.5 million) in 2015, whereas age-standardised rates decreased by 13.1% (11.9-14.3). Globally, this mortality pattern emerged for several NCDs, including several types of cancer, ischaemic heart disease, cirrhosis, and Alzheimer's disease and other dementias. By contrast, both total deaths and age-standardised death rates due to communicable, maternal, neonatal, and nutritional conditions significantly declined from 2005 to 2015, gains largely attributable to decreases in mortality rates due to HIV/AIDS (42.1%, 39.1-44.6), malaria (43.1%, 34.7-51.8), neonatal preterm birth complications (29.8%, 24.8-34.9), and maternal disorders (29.1%, 19.3-37.1). Progress was slower for several causes, such as lower respiratory infections and nutritional deficiencies, whereas deaths increased for others, including dengue and drug use disorders. Age-standardised death rates due to injuries significantly declined from 2005 to 2015, yet interpersonal violence and war claimed increasingly more lives in some regions, particularly in the Middle East. In 2015, rotaviral enteritis (rotavirus) was the leading cause of under-5 deaths due to diarrhoea (146 000 deaths, 118 000-183 000) and pneumococcal pneumonia was the leading cause of under-5 deaths due to lower respiratory infections (393 000 deaths, 228 000-532 000), although pathogen-specific mortality varied by region. Globally, the effects of population growth, ageing, and changes in age-standardised death rates substantially differed by cause. Our analyses on the expected associations between cause-specific mortality and SDI show the regular shifts in cause of death composition and population age structure with rising SDI. Country patterns of premature mortality (measured as years of life lost [YLLs]) and how they differ from the level expected on the basis of SDI alone revealed distinct but highly heterogeneous patterns by region and country or territory. Ischaemic heart disease, stroke, and diabetes were among the leading causes of YLLs in most regions, but in many cases, intraregional results sharply diverged for ratios of observed and expected YLLs based on SDI. Communicable, maternal, neonatal, and nutritional diseases caused the most YLLs throughout sub-Saharan Africa, with observed YLLs far exceeding expected YLLs for countries in which malaria or HIV/AIDS remained the leading causes of early death. Interpretation At the global scale, age-specific mortality has steadily improved over the past 35 years; this pattern of general progress continued in the past decade. Progress has been faster in most countries than expected on the basis of development measured by the SDI. Against this background of progress, some countries have seen falls in life expectancy, and age-standardised death rates for some causes are increasing. Despite progress in reducing age-standardised death rates, population growth and ageing mean that the number of deaths from most non-communicable causes are increasing in most countries, putting increased demands on health systems. Copyright (C) The Author(s). Published by Elsevier Ltd.Peer reviewe