On Deterministically Approximating Total Variation Distance

Total variation distance (TV distance) is an important measure for the difference between two distributions. Recently, there has been progress in approximating the TV distance between product distributions: a deterministic algorithm for a restricted class of product distributions (Bhattacharyya, Gayen, Meel, Myrisiotis, Pavan and Vinodchandran 2023) and a randomized algorithm for general product distributions (Feng, Guo, Jerrum and Wang 2023). We give a deterministic fully polynomial-time approximation algorithm (FPTAS) for the TV distance between product distributions. Given two product distributions $\mathbb{P}$ and $\mathbb{Q}$ over $[q]^n$, our algorithm approximates their TV distance with relative error $\varepsilon$ in time $O\bigl( \frac{qn^2}{\varepsilon} \log q \log \frac{n}{\varepsilon \Delta_{\text{TV}}(\mathbb{P},\mathbb{Q}) } \bigr)$. Our algorithm is built around two key concepts: 1) The likelihood ratio as a distribution, which captures sufficient information to compute the TV distance. 2) We introduce a metric between likelihood ratio distributions, called the minimum total variation distance. Our algorithm computes a sparsified likelihood ratio distribution that is close to the original one w.r.t. the new metric. The approximated TV distance can be computed from the sparsified likelihood ratio. Our technique also implies deterministic FPTAS for the TV distance between Markov chains

Two-Round MPC without Round Collapsing Revisited -- Towards Efficient Malicious Protocols

Recent works have made exciting progress on the construction of round optimal, *two-round*, Multi-Party Computation (MPC) protocols. However, most proposals so far are still complex and inefficient. In this work, we improve the simplicity and efficiency of two-round MPC in the setting with dishonest majority and malicious security. Our protocols make use of the Random Oracle (RO) and a generalization of the Oblivious Linear Evaluation (OLE) correlated randomness, called tensor OLE, over a finite field $\mathbb{F}$, and achieve the following: - MPC for Boolean Circuits: Our two-round, maliciously secure MPC protocols for computing Boolean circuits, has overall (asymptotic) computational cost $O(S\cdot n^3 \cdot \log |\mathbb{F}|)$, where $S$ is the size of the circuit computed, $n$ the number of parties, and $\mathbb{F}$ a field of characteristic two. The protocols also make black-box calls to a Pseudo-Random Function (PRF). - MPC for Arithmetic Branching Programs (ABPs): Our two-round, information theoretically and maliciously secure protocols for computing ABPs over a general field $\mathbb{F}$ has overall computational cost $O(S^{1.5}\cdot n^3\cdot \log |\mathbb{F}|)$, where $S$ is the size of ABP computed. Both protocols achieve security levels inverse proportional to the size of the field $|\mathbb{F}|$. Our construction is built upon the simple two-round MPC protocols of [Lin-Liu-Wee TCC\u2720], which are only semi-honest secure. Our main technical contribution lies in ensuring malicious security using simple and lightweight checks, which incur only a constant overhead over the complexity of the protocols by Lin, Liu, and Wee. In particular, in the case of computing Boolean circuits, our malicious MPC protocols have the same complexity (up to a constant overhead) as (insecurely) computing Yao\u27s garbled circuits in a distributed fashion. Finally, as an additional contribution, we show how to efficiently generate tensor OLE correlation in fields of characteristic two using OT

How to Garble Mixed Circuits that Combine Boolean and Arithmetic Computations

The study of garbling arithmetic circuits is initiated by Applebaum, Ishai, and Kushilevitz [FOCS\u2711], which can be naturally extended to mixed circuits. The basis of mixed circuits includes Boolean operations, arithmetic operations over a large ring and bit-decomposition that converts an arithmetic value to its bit representation. We construct efficient garbling schemes for mixed circuits. In the random oracle model, we construct two garbling schemes: $\bullet$ The first scheme targets mixed circuits modulo some $N\approx 2^b$. Addition gates are free. Each multiplication gate costs $O(\lambda \cdot b^{1.5})$ communication. Each bit-decomposition costs $O(\lambda \cdot b^{2} / \log{b})$. $\bullet$ The second scheme targets mixed circuit modulo some $N\approx 2^b$. Each addition gate and multiplication gate costs $O(\lambda \cdot b \cdot \log b / \log \log b)$. Every bit-decomposition costs $O(\lambda \cdot b^2 / \log b)$. Our schemes improve on the work of Ball, Malkin, and Rosulek [CCS\u2716] in the same model. Additionally relying on the DCR assumption, we construct in the programmable random oracle model a more efficient garbling scheme targeting mixed circuits over $\mathbb{Z}_{2^b}$, where addition gates are free, and each multiplication or bit-decomposition gate costs $O(\lambda_{\text{DCR}} \cdot b)$ communication. We improve on the recent work of Ball, Li, Lin, and Liu [Eurocrypt\u2723] which also relies on the DCR assumption

On Basing Private Information Retrieval on NP-Hardness

The possibility of basing the security of cryptographic objects on the (minimal) assumption that \comp{NP} \nsubseteq \comp{BPP} is at the very heart of complexity-theoretic cryptography. Most known results along these lines are negative, showing that assuming widely believed complexity-theoretic conjectures, there are no reductions from an \comp{NP}-hard problem to the task of breaking certain cryptographic schemes. We make progress along this line of inquiry by showing that the security of single-server single-round private information retrieval schemes cannot be based on \comp{NP}-hardness, unless the polynomial hierarchy collapses. Our main technical contribution is in showing how to break the security of a PIR protocol given an \comp{SZK} oracle. Our result is tight in terms of both the correctness and the privacy parameter of the PIR scheme

New Ways to Garble Arithmetic Circuits

The beautiful work of Applebaum, Ishai, and Kushilevitz [FOCS\u2711] initiated the study of arithmetic variants of Yao\u27s garbled circuits. An arithmetic garbling scheme is an efficient transformation that converts an arithmetic circuit $C: \mathcal{R}^n \rightarrow \mathcal{R}^m$ over a ring $\mathcal{R}$ into a garbled circuit $\widehat C$ and $n$ affine functions $L_i$ for $i \in [n]$, such that $\widehat C$ and $L_i(x_i)$ reveals only the output $C(x)$ and no other information of $x$. AIK presented the first arithmetic garbling scheme supporting computation over integers from a bounded (possibly exponentially large) range, based on Learning With Errors (LWE). In contrast, converting $C$ into a Boolean circuit and applying Yao\u27s garbled circuit treats the inputs as bit strings instead of ring elements, and hence is not arithmetic . In this work, we present new ways to garble arithmetic circuits, which improve the state-of-the-art on efficiency, modularity, and functionality. To measure efficiency, we define the rate of a garbling scheme as the maximal ratio between the bit-length of the garbled circuit $|\widehat C|$ and that of the computation tableau $|C|\ell$ in the clear, where $\ell$ is the bit length of wire values (e.g., Yao\u27s garbled circuit has rate $O(\lambda)$). $\bullet$ We present the first constant-rate arithmetic garbled circuit for computation over large integers based on the Decisional Composite Residuosity (DCR) assumption, significantly improving the efficiency of the schemes of Applebaum, Ishai, and Kushilevitz. $\bullet$ We construct an arithmetic garbling scheme for modular computation over $\mathcal{R} = \mathbb{Z}_p$ for any integer modulus $p$, based on either DCR or LWE. The DCR-based instantiation achieves rate $O(\lambda)$ for large $p$. Furthermore, our construction is modular and makes black-box use of the underlying ring and a simple key extension gadget. $\bullet$ We describe a variant of the first scheme supporting arithmetic circuits over bounded integers that are augmented with Boolean computation (e.g., truncation of an integer value, and comparison between two values), while keeping the constant rate when garbling the arithmetic part. To the best of our knowledge, constant-rate (Boolean or arithmetic) garbling was only achieved before using the powerful primitive of indistinguishability obfuscation, or for restricted circuits with small depth

Ovarian juvenile granulosa cell tumors with Ollier’s disease in children with IDH1 gene somatic mutation

ObjectiveThe aim of this study was to explore the symptoms, treatment, and pathogenesis of ovarian juvenile granulosa cell tumors with Ollier’s disease in children.MethodsFrom October 2019 to October 2020, clinical data were retrospectively analyzed for one case of ovarian juvenile granulosa cell tumors with Ollier’s disease. Whole-exome sequencing and Sanger sequencing were used to detect gene mutation in ovarian tumor and chondroma tissue. NADP-dependent isocitrate dehydrogenase-1 (IDH1) and S6 ribosomal protein expression levels in cells transfected with wild-type or mutant plasmid were analyzed by Western blot.ResultsThe 4-year-old female showed multiple skeletal deformities, bilateral breast development with chromatosis, and vulvar discharge. Sex hormone assay suggested that estradiol and prolactin were elevated, and the x-ray of limbs suggested enchondroma. Pelvic ultrasound and abdominal CT revealed a right ovarian solid mass. Pathologic examination of the right ovarian solid mass showed a juvenile granulosa cell type. A c.394C>T (p. Arg132Cys) mutation of the IDH1 gene was detected in both the ovarian juvenile granulosa cell tumors and enchondroma. Transfection of HeLa cells with either WT or Mut plasmid caused 4.46- or 3.77-fold overexpression of IDH1 gene compared to non-transfected control cells, respectively. R132C mutation inhibited the phosphorylation of S6 ribosomal protein, which is central to the mTOR pathway. Postoperatively, estradiol and prolactin levels fell to values normal for her age and bilateral breast gradual retraction.ConclusionThe incidence of ovarian juvenile granulosa cell tumors with Ollier’s disease in children may be caused by generalized mesodermal dysplasia; IDH1 gene mutation may play a facilitated role in this process. Surgical operation is the main treatment. We suggest that patients with ovarian juvenile granulosa cell tumors and Ollier’s disease should undergo regular investigation

On Basing Private Information Retrieval on NP-Hardness

© International Association for Cryptologic Research 2016. The possibility of basing the security of cryptographic objects on the (minimal) assumption that NP BPP is at the very heart of complexity-theoretic cryptography. Most known results along these lines are negative, showing that assuming widely believed complexity-theoretic conjectures, there are no reductions from an NPhard problem to the task of breaking certain cryptographic schemes. We make progress along this line of inquiry by showing that the security of single-server single-round private information retrieval schemes cannot be based on NP-hardness, unless the polynomial hierarchy collapses. Our main technical contribution is in showing how to break the security of a PIR protocol given an SZK oracle. Our result is tight in terms of both the correctness and the privacy parameter of the PIR scheme

Breaking the circuit-size barrier in secret sharing

We study secret sharing schemes for general (non-threshold) access structures. A general secret sharing scheme for n parties is associated to a monotone function F: {0, 1}n → {0, 1}. In such a scheme, a dealer distributes shares of a secret s among n parties. Any subset of parties T ⊆ [n] should be able to put together their shares and reconstruct the secret s if F(T) = 1, and should have no information about s if F(T) = 0. One of the major long-standing questions in information-theoretic cryptography is to minimize the (total) size of the shares in a secret-sharing scheme for arbitrary monotone functions F. Keywords: Information-theoretic techniques; Security and privacy; Cryptography; Theory of computation; Computational complexity and cryptography; Circuit complexity; Communication complexity; Cryptographic protocol

Multi-party PSM, Revisited: Improved Communication and Unbalanced Communication

International audienceWe improve the communication complexity in the Private Simultaneous Messages (PSM) model, which is a minimal model of non-interactive information-theoretic multi-party computation. The state-of-the-art PSM protocols were recently constructed by Beimel, Kushilevitz and Nissim (EUROCRYPT 2018). We present new constructions of k-party PSM protocols. The new protocols match the previous upper bounds when k = 2 or 3 and improve the upper bounds for larger k. We also construct 2-party PSM protocols with unbalanced communication complexity. More concretely, • For infinitely many k (including all k ≤ 20), we construct k-party PSM protocols for arbitrary functionality f : [N ] k → {0, 1}, whose communication complexity is O k (N k−1 2). This improves the former best known upper bounds of O k (N k 2) for k ≥ 6, O(N 7/3) for k = 5, and O(N 5/3) for k = 4. • For all rational 0 < η < 1 whose denominator is ≤ 20, we construct 2-party PSM protocols for arbitrary functionality f : [N ] × [N ] → {0, 1}, whose communication complexity is O(N η) for one party, O(N 1−η) for the other. Previously the only known unbalanced 2-party PSM has communication complexity O(log(N)), O(N)