Privately Connecting Mobility to Infectious Diseases via Applied Cryptography

Human mobility is undisputedly one of the critical factors in infectious disease dynamics. Until a few years ago, researchers had to rely on static data to model human mobility, which was then combined with a transmission model of a particular disease resulting in an epidemiological model. Recent works have consistently been showing that substituting the static mobility data with mobile phone data leads to significantly more accurate models. While prior studies have exclusively relied on a mobile network operator's subscribers' aggregated data, it may be preferable to contemplate aggregated mobility data of infected individuals only. Clearly, naively linking mobile phone data with infected individuals would massively intrude privacy. This research aims to develop a solution that reports the aggregated mobile phone location data of infected individuals while still maintaining compliance with privacy expectations. To achieve privacy, we use homomorphic encryption, zero-knowledge proof techniques, and differential privacy. Our protocol's open-source implementation can process eight million subscribers in one and a half hours. Additionally, we provide a legal analysis of our solution with regards to the EU General Data Protection Regulation.Comment: Added differentlial privacy experiments and new benchmark

From Farfalle to Megafono via Ciminion: The PRF Hydra for MPC Applications

The area of multi-party computation (MPC) has recently increased in popularity and number of use cases. At the current state of the art, Ciminion, a Farfalle-like cryptographic function, achieves the best performance in MPC applications involving symmetric primitives. However, it has a critical weakness. Its security highly relies on the independence of its subkeys, which is achieved by using an expensive key schedule. Many MPC use cases involving symmetric pseudo-random functions (PRFs) rely on secretly shared symmetric keys, and hence the expensive key schedule must also be computed in MPC. As a result, Ciminion\u27s performance is significantly reduced in these use cases. In this paper we solve this problem. Following the approach introduced by Ciminion\u27s designers, we present a novel primitive in symmetric cryptography called Megafono. Megafono is a keyed extendable PRF, expanding a fixed-length input to an arbitrary-length output. Similar to Farfalle, an initial keyed permutation is applied to the input, followed by an expansion layer, involving the parallel application of keyed ciphers. The main novelty regards the expansion of the intermediate/internal state for free , by appending the sum of the internal states of the first permutation to its output. The combination of this and other modifications, together with the impossibility for the attacker to have access to the input state of the expansion layer, make Megafono very efficient in the target application. As a concrete example, we present the PRF Hydra, an instance of Megafono based on the Hades strategy and on generalized versions of the Lai--Massey scheme. Based on an extensive security analysis, we implement Hydra in an MPC framework. The results show that it outperforms all MPC-friendly schemes currently published in the literature

Multi-Party Revocation in Sovrin: Performance through Distributed Trust

Accumulators provide compact representations of large sets and compact membership witnesses. Besides constant-size witnesses, public-key accumulators provide efficient updates of both the accumulator itself and the witness. However, bilinear group based accumulators come with drawbacks: they require a trusted setup and their performance is not practical for real-world applications with large sets. In this paper, we introduce multi-party public-key accumulators dubbed dynamic (threshold) secret-shared accumulators. We present an instantiation using bilinear groups having access to more efficient witness generation and update algorithms that utilize the shares of the secret trapdoors sampled by the parties generating the public parameters. Specifically, for the q-SDH-based accumulators, we provide a maliciously-secure variant sped up by a secure multi-party computation (MPC) protocol (IMACC\u2719) built on top of SPDZ and a maliciously secure threshold variant built with Shamir secret sharing. For these schemes, a performant proof-of-concept implementation is provided, which substantiates the practicability of public-key accumulators in this setting. We explore applications of dynamic (threshold) secret-shared accumulators to revocation schemes of group signatures and credentials system. In particular, we consider it as part of Sovrin\u27s system for anonymous credentials where credentials are issued by the foundation of trusted nodes

Hash Functions Monolith for ZK Applications: May the Speed of SHA-3 be With You

The rising popularity of computational integrity protocols has led to an increased focus on efficient domain-specific hash functions, which are one of the core components in these use cases. For example, they are used for polynomial commitments or membership proofs in the context of Merkle trees. Indeed, in modern proof systems the computation of hash functions is a large part of the entire proof\u27s complexity. In the recent years, authors of these hash functions have focused on components which are verifiable with low-degree constraints. This led to constructions like Poseidon, Rescue, Griffin, Reinforced Concrete, and Tip5, all of which showed significant improvements compared to classical hash functions such as SHA-3 when used inside the proof systems. In this paper, we focus on lookup-based computations, a specific component which allows to verify that a particular witness is contained in a lookup table. We work over 31-bit and 64-bit finite fields $\mathbb F_p$, both of which are used in various modern proof systems today and allow for fast implementations. We propose a new 2-to-1 compression function and a SAFE hash function, instantiated by the Monolith permutation. The permutation is significantly more efficient than its competitors, both in terms of circuit friendliness and plain performance, which has become one of the main bottlenecks in various use cases. This includes Reinforced Concrete and Tip5, the first two hash functions using lookup computations internally. Moreover, in Monolith we instantiate the lookup tables as functions defined over $\mathbb F_2$ while ensuring that the outputs are still elements in $\mathbb F_p$. Contrary to Reinforced Concrete and Tip5, this approach allows efficient constant-time plain implementations which mitigates the risk of side-channel attacks potentially affecting competing lookup-based designs. Concretely, our constant time 2-to-1 compression function is faster than a constant time version of Poseidon2 by a factor of 7. Finally, it is also the first arithmetization-oriented function with a plain performance comparable to SHA3-256, essentially closing the performance gap between circuit-friendly hash functions and traditional ones

Horst Meets Fluid-SPN: Griffin for Zero-Knowledge Applications

Zero-knowledge (ZK) applications form a large group of use cases in modern cryptography, and recently gained in popularity due to novel proof systems. For many of these applications, cryptographic hash functions are used as the main building blocks, and they often dominate the overall performance and cost of these approaches. Therefore, in the last years several new hash functions were built in order to reduce the cost in these scenarios, including Poseidon and Rescue among others. These hash functions often look very different from more classical designs such as AES or SHA-2. For example, they work natively over prime fields rather than binary ones. At the same time, for example Poseidon and Rescue share some common features, such as being SPN schemes and instantiating the nonlinear layer with invertible power maps. While this allows the designers to provide simple and strong arguments for establishing their security, it also introduces crucial limitations in the design, which may affect the performance in the target applications. In this paper, we propose the Horst construction, in which the addition in a Feistel scheme (x, y) -> (y + F(x), x) is extended via a multiplication, i.e., (x, y) -> (y * G(x) + F(x), x). By carefully analyzing the performance metrics in SNARK and STARK protocols, we show how to combine an expanding Horst scheme with a Rescue-like SPN scheme in order to provide security and better efficiency in the target applications. We provide an extensive security analysis for our new design Griffin and a comparison with all current competitors

Dispersal of molecular clouds by ionising radiation

The role of feedback from massive stars is believed to be a key element in the evolution of molecular clouds. We use high-resolution 3D SPH simulations to explore the dynamical effects of a single O7 star located at the centre of a molecular cloud with mass 10^4M_sun and radius 6.4pc. The initial internal structure of the cloud is characterised by its fractal dimension, D=2.0 - 2.8, and its log-normal density PDF. (i) As regards star formation, in the short term ionising feedback is positive, in the sense that star formation occurs much more quickly in gas that is compressed by the high pressure of the ionised gas. However, in the long term ionising feedback is negative, in the sense that most of the cloud is dispersed with an outflow rate of up to ~0.01M_sun/yr, on a timescale comparable with the sound-crossing time for the ionised gas (~1-2Myr), and triggered star formation is therefore limited to a few percent of the cloud's mass. (ii) As regards the morphology of the ionisation fronts (IFs) bounding the HII region and the systematics of outflowing gas, we distinguish two regimes. For low D<=2.2, the initial cloud is dominated by large-scale structures, so the neutral gas tends to be swept up into a few extended coherent shells, and the ionised gas blows out through a few large holes between these shells; we term these HII regions "shell-dominated". Conversely, for high D>=2.6, the initial cloud is dominated by small-scale structures, and these are quickly overrun by the advancing IF, thereby producing neutral pillars whilst the ionised gas blows out through a large number of small holes between the pillars; we term these HII regions "pillar-dominated". (iii) As regards the injection of bulk kinetic energy, by ~1Myr, the expansion of the HII region has delivered a rms velocity of ~6km/s; this represents less than 0.1% of the total energy radiated by the O7 star.Comment: 13 pages, 8 figures, 2 tables; submitted to MNRA

On the evolution of irradiated turbulent clouds: A comparative study between modes of triggered star-formation

Here we examine the evolution of irradiated clouds using the Smoothed Particle Hydrodynamics ({\small SPH}) algorithm coupled with a ray-tracing scheme that calculates the position of the ionisation-front at each timestep. We present results from simulations performed for three choices of {\small IR}-flux spanning the range of fluxes emitted by a typical {\small B}-type star to a cluster of {\small OB}-type stars. The extent of photo-ablation, of course, depends on the strength of the incident flux and a strong flux of {\small IR} severely ablates a {\small MC}. Consequently, the first star-formation sites appear in the dense shocked layer along the edges of the irradiated cloud. Radiation-induced turbulence readily generates dense filamentary structure within the photo-ablated cloud although several new star-forming sites also appear in some of the densest regions at the junctions of these filaments. Prevalent physical conditions within a {\small MC} play a crucial role in determining the mode, i.e., filamentary as compared to isolated pockets, of star-formation, the timescale on which stars form and the distribution of stellar masses. The probability density functions ({\small PDF}s) derived for irradiated clouds in this study are intriguing due to their resemblance with those presented in a recent census of irradiated {\small MC}s. Furthermore, irrespective of the nature of turbulence, the protostellar mass-functions({\small MF}s) derived in this study follow a power-law distribution. When turbulence within the cloud is driven by a relatively strong flux of {\small IR} such as that emitted by a massive {\small O}-type star or a cluster of such stars, the {\small MF} approaches the canonical form due to Salpeter, and even turns-over for protostellar masses smaller than $\sim$0.2 M$_{\odot}$.Comment: 13 pages, 19 figures, 3 tables. Rendered images of significantly lowered resolution have been deliberately submitted to stay within the maximum permissible limits of size. Also, the original abstract has been shortened. To be published by the Monthly Notices of the RA

The Parkinson disease pain classification system: Results from an international mechanism-based classification approach

Pain is a common nonmotor symptom in patients with Parkinson disease (PD) but the correct diagnosis of the respective cause remains difficult because suitable tools are lacking, so far. We developed a framework to differentiate PD- from non-PD-related pain and classify PD-related pain into 3 groups based on validated mechanistic pain descriptors (nociceptive, neuropathic, or nociplastic), which encompass all the previously described PD pain types. Severity of PD-related pain syndromes was scored by ratings of intensity, frequency, and interference with daily living activities. The PD-Pain Classification System (PD-PCS) was compared with classic pain measures (ie, brief pain inventory and McGill pain questionnaire [MPQ], PDQ-8 quality of life score, MDS-UPDRS scores, and nonmotor symptoms). 159 nondemented PD patients (disease duration 10.2 6 7.6 years) and 37 healthy controls were recruited in 4 centers. PDrelated pain was present in 122 patients (77%), with 24 (15%) suffering one or more syndromes at the same time. PD-related nociceptive, neuropathic, or nociplastic pain was diagnosed in 87 (55%), 25 (16%), or 35 (22%), respectively. Pain unrelated to PD was present in 35 (22%) patients. Overall, PD-PCS severity score significantly correlated with pain’s Brief Pain Inventory and MPQ ratings, presence of dyskinesia and motor fluctuations, PDQ-8 scores, depression, and anxiety measures. Moderate intrarater and interrater reliability was observed. The PD-PCS is a valid and reliable tool for differentiating PD-related pain from PD-unrelated pain. It detects and scores mechanistic pain subtypes in a pragmatic and treatment-oriented approach, unifying previous classifications of PD-pain.Fil: Mylius, Veit. Universitat Phillips; Alemania. Center for Neurorehabilitation; Suiza. Kantonsspital St; SuizaFil: Perez Lloret, Santiago. Universidad Abierta Interamericana. Secretaría de Investigación. Centro de Altos Estudios En Ciencias Humanas y de la Salud - Sede Buenos Aires.; Argentina. Consejo Nacional de Investigaciones Científicas y Técnicas; Argentina. Pontificia Universidad Católica Argentina "Santa María de los Buenos Aires"; ArgentinaFil: Cury, Rubens G.. Universidade de Sao Paulo; BrasilFil: Teixeira, Manoel J.. Universidade de Sao Paulo; BrasilFil: Barbosa, Victor R.. Universidade de Sao Paulo; BrasilFil: Barbosa, Egberto R.. Universidade de Sao Paulo; BrasilFil: Moreira, Larissa I.. Universidade de Sao Paulo; BrasilFil: Listik, Clarice. Universidade de Sao Paulo; BrasilFil: Fernandes, Ana M.. Universidade de Sao Paulo; BrasilFil: de Lacerda Veiga, Diogo. Universidade de Sao Paulo; BrasilFil: Barbour, Julio. Universidade de Sao Paulo; BrasilFil: Hollenstein, Nathalie. Universidade de Sao Paulo; BrasilFil: Oechsner, Matthias. Center for Neurological Rehabilitation; SuizaFil: Walch, Julia. Kantonsspital St; SuizaFil: Brugger, Florian. Kantonsspital St; SuizaFil: Hägele Link, Stefan. Kantonsspital St; SuizaFil: Beer, Serafin. Center for Neurorehabilitation; SuizaFil: Rizos, Alexandra. King's College Hospital; Reino UnidoFil: Chaudhuri, Kallol Ray. The Maurice Wohl Clinical Neuroscience Institute; Reino Unido. King's College Hospital; Reino UnidoFil: Bouhassira, Didier. Université Versailles-Saint-Quentin; Francia. Hôpital Ambroise Paré; FranciaFil: Lefaucheur, Jean Pascal. Université Paris-Est-Créteil; FranciaFil: Timmermann, Lars. Universitat Phillips; AlemaniaFil: Gonzenbach, Roman. Center for Neurorehabilitation; SuizaFil: Kägi, Georg. Kantonsspital St; SuizaFil: Möller, Jens Carsten. Universitat Phillips; Alemania. Center for Neurological Rehabilitation; SuizaFil: Ciampi de Andrade, Daniel. Universidade de Sao Paulo; Brasi

Turbulence in giant molecular clouds: the effect of photoionization feedback

This article has been accepted for publication in Monthly Notices of the Royal Astronomical Society. © 2014 The Authors. Published by Oxford University Press on behalf of the Royal Astronomical Society.Giant molecular clouds (GMCs) are observed to be turbulent, but theory shows that without a driving mechanism turbulence should quickly decay. The question arises by which mechanisms turbulence is driven or sustained. It has been shown that photoionizing feedback from massive stars has an impact on the surrounding GMC and can for example create vast H II bubbles. We therefore address the question of whether turbulence is a consequence of this effect of feedback on the cloud. To investigate this, we analyse the velocity field of simulations of high-mass star-forming regions by studying velocity structure functions and power spectra. We find that clouds whose morphology is strongly affected by photoionizing feedback also show evidence of driving of turbulence by preserving or recovering a Kolmogorov-type velocity field. On the contrary, control run simulations without photoionizing feedback have a velocity distribution that bears the signature of gravitational collapse and of the dissipation of energy, where the initial Kolmogorov-type structure function is erased.Peer reviewe

The dangers of being trigger-happy

This article has been accepted for publication in Monthly Notices of the Royal Astronomical Society. © 2015 The Authors. Published by Oxford University Press on behalf of the Royal Astronomical Society.We examine the evidence offered for triggered star formation against the backdrop provided by recent numerical simulations of feedback from massive stars at or below giant molecular cloud sizescales. We compile a catalogue of 67 observational papers, mostly published over the last decade, and examine the signposts most commonly used to infer the presence of triggered star formation. We then determine how well these signposts perform in a recent suite of hydrodynamic simulations of star formation including feedback from O-type stars performed by Dale et al. We find that none of the observational markers improve the chances of correctly identifying a given star as triggered by more than factors of 2 at most. This limits the fidelity of these techniques in interpreting star formation histories. We therefore urge caution in interpreting observations of star formation near feedback-driven structures in terms of triggering.Peer reviewe