One-Time Signatures Revisited: Have They Become Practical?

One-time signatures have been known for more than two decades, and have been studied mainly due to their theoretical value. Recent works motivated us to examine the practical use of one-time signatures in high-performance applications. In this paper we describe FMTseq - a signature scheme that merges recent improvements in hash tree traversal into Merkle\u27s one-time signature scheme. Implementation results show that the scheme provides a signature speed of up to 35 times faster than a 2048-bit RSA signature scheme, for about one million signatures, and a signature size of only a few kilobytes. We provide an analysis of practical parameter selection for the scheme, and improvements that can be applied in more specific scenarios

Towards Knowledge in the Cloud

Knowledge in the form of semantic data is becoming more and more ubiquitous, and the need for scalable, dynamic systems to support collaborative work with such distributed, heterogeneous knowledge arises. We extend the “data in the cloud” approach that is emerging today to “knowledge in the cloud”, with support for handling semantic information, organizing and finding it efficiently and providing reasoning and quality support. Both the life sciences and emergency response fields are identified as strong potential beneficiaries of having ”knowledge in the cloud”

Broadcast-enhanced key predistribution schemes

We present a formalisation of a category of schemes that we refer to as broadcast-enhanced key predistribution schemes (BEKPSs). These schemes are suitable for networks with access to a trusted base station and an authenticated broadcast channel. We demonstrate that the access to these extra resources allows for the creation of BEKPSs with advantages over key predistribution schemes such as flexibility and more efficient revocation. There are many possible ways to implement BEKPSs, and we propose a framework for describing and analysing them. In their paper “From Key Predistribution to Key Redistribution,” Cichoń et al. [2010] propose a scheme for “redistributing” keys to a wireless sensor network using a broadcast channel after an initial key predistribution. We classify this as a BEKPS and analyse it in that context. We provide simpler proofs of some results from their paper, give a precise analysis of the resilience of their scheme, and discuss possible modifications. We then study two scenarios where BEKPSs may be particularly desirable and propose a suitable family of BEKPSs for each case. We demonstrate that they are practical and efficient to implement, and our analysis shows their effectiveness in achieving suitable trade-offs between the conflicting priorities in resource-constrained networks

IOStack: Software-Defined Object Storage

The complexity and scale of today’s cloud storage systems is growing fast. In response to these challenges, Software- Defined Storage (SDS) has recently become a prime candidate to simplify storage management in the cloud. This article presents IOStack: The first SDS architecture for object stores (OpenStack Swift). At the control plane, the provisioning of SDS services to tenants is made according to a set of policies managed via a high-level DSL. Policies may target storage automation and/or specific SLA objectives. At the data plane, policies define the enforcement of SDS services, namely filters, on a tenant’s requests. Moreover, IOStack is a framework to build a variety of filters, ranging from general-purpose computations close to the data to specialized data management mechanisms. Our experiments illustrate that IOStack enables easy and effective policy-based provisioning, which can significantly improve the operation of a multi-tenant object store.This work has been funded by the European Union through project H2020 “IOStack: Software-Defined Storage for Big Data” (644182) and by the Spanish Ministry of Science and Innovation through project “Servicios Cloud y Redes Comunitarias” (TIN-2013-47245-C2-2-R).Peer ReviewedPostprint (author's final draft

Revocation and Tracing Schemes for Stateless Receivers

We deal with the problem of a center sending a message to a group of users such that some subset of the users is considered revoked and should not be able to obtain the content of the message. We concentrate on the stateless receiver case, where the users do not (necessarily) update their state from session to session. We present a framework called the Subset-Cover framework, which abstracts a variety of revocation schemes including some previously known ones. We provide sufficient conditions that guarantee the security of a revocation algorithm in this class. We describ

A Lower Bound on the Number of Solutions to the Probed Partial Digest Problem

The Probed Partial Digestion mapping method partially digests a DNA strand with a restriction enzyme. A probe, which attaches to the DNA between two restriction enzyme cutting sites, is hybridized to the partially digested DNA, and the sizes of fragments to which the probe hybridizes are measured. The objective is to reconstruct the linear order of the restriction enzyme cutting sites from the multiset of measured lengths. In many cases, more than one underlying linear ordering is consistent with a multiset of measured lengths. This article shows that a multiset of N measured lengths can have as many as \Omega\Gamma N t ) solutions for any t ! i \Gamma1 (2) where i(t) is the Riemann Zeta Function and i \Gamma1 (2) ß 1:73. 1 Introduction The Probed Partial Digestion (or PPD) mapping scheme is used to generate physical maps of large DNA strands using restriction enzymes and probes. A DNA strand can be viewed as a finite sequence over the alphabet of four letters fA, C, G, Tg. A re..

Representing and Enumerating Edge Connectivity Cuts in RNC

An undirected edge-weighted graph can have at most \Gamma n 2 \Delta edge connectivity cuts. A succinct and algorithmically useful representation for this set of cuts was given by [4], and an efficient sequential algorithm for obtaining it was given by [12]. In this paper, we present a fast parallel algorithm for obtaining this representation; our algorithm is an RNC algorithm in case the weights are given in unary. We also observe that for a unary weighted graph, the problems of counting and enumerating the connectivity cuts are in RNC