Practical MP-LWE-based encryption balancing security-risk vs. efficiency

Middle-Product Learning With Errors (MP-LWE) is a variant of the LWE problem introduced at CRYPTO 2017 by Rosca et al [RSSS17]. Asymptotically, the theoretical results of [RSSS17] suggest that MP-LWE gives lattice-based public-key cryptosystems offering a ‘security-risk vs. efficiency’ trade-off: higher performance than cryptosystems based on unstructured lattices (LWE problem) and lower risk than cryptosystems based on structured lattices (Polynomial/Ring LWE problem). However, although promising in theory, [RSSS17] left the practical implications of MP-LWE for lattice-based cryptography unclear. In this paper, we show how to build practical public-key cryptosystems with strong security guarantees based on MP-LWE. On the implementation side, we present optimised fast algorithms for computing the middle-product operation over polynomial rings $Z_q[x]$, the dominant computation for MP-LWE-based cryptosystems. On the security side, we show how to obtain a nearly tight security proof for MP-LWE from the hardest Polynomial LWE problem over a large family of rings, improving on the loose reduction of [RSSS17]. We also show and analyze an optimised cryptanalysis of MP-LWE that narrows the complexity gap to the above security proof. To evaluate the practicality of MP-LWE, we apply our results to construct, implement and optimise parameters for a practical MP-LWE-based public-key cryptosystem, Titanium, and compare its benchmarks to other lattice-based systems. Our results show that MP-LWE offers a new ‘security-risk vs. efficiency’ trade-off in lattice-based cryptography in practice, not only asymptotically in theory

FACCT: FAst, Compact, and Constant-Time Discrete Gaussian Sampler over Integers

The discrete Gaussian sampler is one of the fundamental tools in implementing lattice-based cryptosystems. However, a naive discrete Gaussian sampling implementation suffers from side-channel vulnerabilities, and the existing countermeasures usually introduce significant overhead in either the running speed or the memory consumption. In this paper, we propose a fast, compact, and constant-time implementation of the binary sampling algorithm, originally introduced in the BLISS signature scheme. Our implementation adapts the Rényi divergence and the transcendental function polynomial approximation techniques. The efficiency of our scheme is independent of the standard deviation, and we show evidence that our implementations are either faster or more compact than several existing constant-time samplers. In addition, we show the performance of our implementation techniques applied to and integrated with two existing signature schemes: qTesla and Falcon. On the other hand, the convolution theorems are typically adapted to sample from larger standard deviations, by combining samples with much smaller standard deviations. As an additional contribution, we show better parameters for the convolution theorems

Efficient Verifiable Partially-Decryptable Commitments from Lattices and Applications

We introduce verifiable partially-decryptable commitments (VPDC), as a building block for constructing efficient privacy-preserving protocols supporting auditability by a trusted party. A VPDC is an extension of a commitment along with an accompanying proof, convincing a verifier that (i) the given commitment is well-formed and (ii) a certain part of the committed message can be decrypted using a (secret) trapdoor known to a trusted party. We first formalize VPDCs and then introduce a general decryption feasibility result that overcomes the challenges in relaxed proofs arising in the lattice setting. Our general result can be applied to a wide class of Fiat-Shamir based protocols and may be of independent interest. Next, we show how to extend the commonly used lattice-based `Hashed-Message Commitment\u27 (HMC) scheme into a succinct and efficient VPDC. In particular, we devise a novel `gadget\u27-based Regev-style (partial) decryption method, compatible with efficient relaxed lattice-based zero-knowledge proofs. We prove the soundness of our VPDC in the setting of adversarial proofs, where a prover tries to create a valid VPDC output that fails in decryption. To demonstrate the effectiveness of our results, we extend a private blockchain payment protocol, MatRiCT, by Esgin et al. (ACM CCS \u2719) into a formally auditable construction, which we call MatRiCT-Au, with very low communication and computation overheads over MatRiCT

A Study of Trait Anhedonia in Non-Clinical Chinese Samples: Evidence from the Chapman Scales for Physical and Social Anhedonia

Background: Recent studies suggest that anhedonia, an inability to experience pleasure, can be measured as an enduring trait in non-clinical samples. In order to examine trait anhedonia in a non-clinical sample, we examined the properties of a range of widely used questionnaires capturing anhedonia. Methods: 887 young adults were recruited from colleges. All of them were administered a set of checklists, including Chapman Scale for Social Anhedonia (CRSAS) and the Chapman Scale for Physical Anhedonia Scale (CPAS), The Temporal Experience of Pleasure Scale(TEPS), and The Schizotypal Personality Questionnaire (SPQ). Results: Males showed significantly higher level of physical (F = 5.09, p<0.001) and social (F = 4.38, p<0.005) anhedonia than females. As expected, individuals with schizotypal personality features also demonstrated significantly higher scores of physical (t = 3.81, p<0.001) and social (t = 7.33, p<0.001) trait anhedonia than individuals without SPD features, but no difference on self-report anticipatory and consummatory pleasure experience. Conclusions: Concerning the comparison on each item of physical and social anhedonia, the results indicated that individuals with SPD feature exhibited higher than individuals without SPD features on more items of social anhedonia than physical anhedonia scale. These preliminary findings suggested that trait anhedonia can be identified a non-clinical sample. Exploring the demographic and clinical correlates of trait anhedonia in the general population may provide clues to the pathogenesis of psychotic disorder.China. Ministry of Science and Technology. National Key Technologies R&D Program (2012BAI36B01)National Science Fund China (Grant no. 81088001)National Science Fund China (Grant no. 91132701)Chinese Academy of Sciences. Knowledge Innovation Project (KSCX2-EW-J-8

MatRiCT: Efficient, Scalable and Post-Quantum Blockchain Confidential Transactions Protocol

We introduce MatRiCT, an efficient RingCT protocol for blockchain confidential transactions, whose security is based on ``post-quantum\u27\u27 (module) lattice assumptions. The proof length of the protocol is around two orders of magnitude shorter than the existing post-quantum proposal, and scales efficiently to large anonymity sets, unlike the existing proposal. Further, we provide the first full implementation of a post-quantum RingCT, demonstrating the practicality of our scheme. In particular, a typical transaction can be generated in a fraction of a second and verified in about 23 ms on a standard PC. Moreover, we show how our scheme can be extended to provide auditability, where a user can select a particular authority from a set of authorities to reveal her identity. The user also has the ability to select no auditing and all these auditing options may co-exist in the same environment. The key ingredients, introduced in this work, of MatRiCT are 1) the shortest to date scalable ring signature from standard lattice assumptions with no Gaussian sampling required, 2) a novel balance zero-knowledge proof and 3) a novel extractable commitment scheme from (module) lattices. We believe these ingredients to be of independent interest for other privacy-preserving applications such as secure e-voting. Despite allowing 64-bit precision for transaction amounts, our new balance proof, and thus our protocol, does not require a range proof on a wide range (such as 32- or 64-bit ranges), which has been a major obstacle against efficient lattice-based solutions. Further, we provide new formal definitions for RingCT-like protocols, where the real-world blockchain setting is captured more closely. The definitions are applicable in a generic setting, and thus are believed to contribute to the development of future confidential transaction protocols in general (not only in the lattice setting)

Neurological Soft Signs Are Not "Soft" in Brain Structure and Functional Networks: Evidence From ALE Meta-Analysis

Background: Neurological soft signs (NSS) are associated with schizophrenia and related psychotic disorders. NSS have been conventionally considered as clinical neurological signs without localized brain regions. However, recent brain imaging studies suggest that NSS are partly localizable and may be associated with deficits in specific brain areas. Method: We conducted an activation likelihood estimation meta-analysis to quantitatively review structural and functional imaging studies that evaluated the brain correlates of NSS in patients with schizophrenia and other psychotic disorders. Six structural magnetic resonance imaging (sMRI) and 15 functional magnetic -resonance imaging (fMRI) studies were included. Results: The results from meta-analysis of the sMRI studies-indicated that NSS were associated with atrophy of the precentral gyrus, the cerebellum, the inferior frontal gyrus, and the thalamus. The results from meta-analysis of the fMRI studies demonstrated that the NSS-related task was significantly associated with altered brain activation in the inferior frontal gyrus, bilateral putamen, the cerebellum, and the superior temporal gyrus. Conclusions: Ourfindings from both sMRI and fMRI meta-analyses further support the conceptualization of NSS as a manifestation of the &quot;cerebello-thalamo-prefrontal&quot; brain network model of schizophrenia and related psychotic disorders

Prolonged Drying Trend Coincident with the Demise of Norse Settlement in Southern Greenland

Declining temperature has been thought to explain the abandonment of Norse settlements, southern Greenland, in the early 15th century, although limited paleoclimate evidence is available from the inner settlement region itself. Here, we reconstruct the temperature and hydroclimate history from lake sediments at a site adjacent to a former Norse farm. We find no substantial temperature changes during the settlement period but rather that the region experienced a persistent drying trend, which peaked in the 16th century. Drier climate would have notably reduced grass production, which was essential for livestock overwintering, and this drying trend is concurrent with a Norse diet shift. We conclude that increasingly dry conditions played a more important role in undermining the viability of the Eastern Settlement than minor temperature changes

High Throughput Lattice-based Signatures on GPUs: Comparing Falcon and Mitaka

The US National Institute of Standards and Technology initiated a standardization process for post-quantum cryptography in 2017, with the aim of selecting key encapsulation mechanisms and signature schemes that can withstand the threat from emerging quantum computers. In 2022, Falcon was selected as one of the standard signature schemes, eventually attracting effort to optimize the implementation of Falcon on various hardware architectures for practical applications. Recently, Mitaka was proposed as an alternative to Falcon, allowing parallel execution of most of its operations. These recent advancements motivate us to develop high throughput implementations of Falcon and Mitaka signature schemes on Graphics Processing Units (GPUs), a massively parallel architecture widely available on cloud service platforms. In this paper, we propose the first parallel implementation of Falcon on various GPUs. An iterative version of the sampling process in Falcon, which is also the most time-consuming Falcon operation, was developed. This allows us to implement Falcon signature generation without relying on expensive recursive function calls on GPUs. In addition, we propose a parallel random samples generation approach to accelerate the performance of Mitaka on GPUs. We evaluate our implementation techniques on state-of-the-art GPU architectures (RTX 3080, A100, T4 and V100). Experimental results show that our Falcon-512 implementation achieves 58, 595 signatures/second and 2, 721, 562 verifications/second on an A100 GPU, which is 20.03× and 29.51× faster than the highly optimized AVX2 implementation on CPU. Our Mitaka implementation achieves 161, 985 signatures/second and 1, 421, 046 verifications/second on the same GPU. Due to the adoption of a parallelizable sampling process, Mitaka signature generation enjoys ≈ 2 – 20× higher throughput than Falcon on various GPUs. The high throughput signature generation and verification achieved by this work can be very useful in various emerging applications, including the Internet of Things

LiPISC: A Lightweight and Flexible Method for Privacy-Aware Intersection Set Computation

Privacy-aware intersection set computation (PISC) can be modeled as secure multi-party computation. The basic idea is to compute the intersection of input sets without leaking privacy. Furthermore, PISC should be sufficiently flexible to recommend approximate intersection items. In this paper, we reveal two previously unpublished attacks against PISC, which can be used to reveal and link one input set to another input set, resulting in privacy leakage. We coin these as Set Linkage Attack and Set Reveal Attack. We then present a lightweight and flexible PISC scheme (LiPISC) and prove its security (including against Set Linkage Attack and Set Reveal Attack)

Effects of substituting rare-earth ion R by non-magnetic impurities in R2BaNiO5R_2BaNiO_5 - theory and numerical DMRG results

In this paper we study the effect of substituting R (rare-earth ion) by non-magnetic ions in the spin-1 chain material $R_2BaNiO_5$. Using a strong-coupling expansion and numerical density matrix renormalization group calculations, we show that spin-wave bound states are formed at the impurity site. Experimental consequences of the bound states are pointed out.Comment: 5 pages, 4 postscript figure