Nonlocality is transitive

We show a transitivity property of nonlocal correlations: There exist tripartite nonsignaling correlations of which the bipartite marginals between A and B as well as B and C are nonlocal and any tripartite nonsignaling system between A, B, and C consistent with them must be such that the bipartite marginal between A and C is also nonlocal. This property represents a step towards ruling out certain alternative models for the explanation of quantum correlations such as hidden communication at finite speed. Whereas it is not possible to rule out this model experimentally, it is the goal of our approach to demonstrate this explanation to be logically inconsistent: either the communication cannot remain hidden, or its speed has to be infinite. The existence of a three-party system that is pairwise nonlocal is of independent interest in the light of the monogamy property of nonlocality.Comment: 4 pages, 2 figures, v2: published versio

Erratum: Fluctuation relations for systems in a constant magnetic field (Physical Review E (2020) 102 (030101R) DOI: 10.1103/PhysRevE.102.030101)

Erratum. After the publication of this paper, we found an inconsequential mistake in the derivation of the dissipation function for the Nosé-Hoover thermostatted system, Eq. (17) of the original paper. A complete and correct derivation for O(0)(X) is now reported in Appendix B of Ref. [1], where, in particular, it is shown that (Formula Presented) (Figure Presented)

Fluctuation relations for systems in a constant magnetic field

The validity of the fluctuation relations (FRs) for systems in a constant magnetic field is investigated. Recently introduced time-reversal symmetries that hold in the presence of static electric and magnetic fields and of deterministic thermostats are used to prove the transient FRs without invoking, as commonly done, inversion of the magnetic field. Steady-state FRs are also derived, under the t-mixing condition. These results extend the predictive power of important statistical mechanics relations. We illustrate this via the nonlinear response for the cumulants of the dissipation, showing how the alternative FRs enable one to determine analytically null cumulants also for systems in a single magnetic field

Fluctuation relations for dissipative systems in constant external magnetic field: Theory and molecular dynamics simulations

We illustrate how, contrary to common belief, transient Fluctuation Relations (FRs) for systems in constant external magnetic field hold without the inversion of the field. Building on previous work providing generalized time-reversal symmetries for systems in parallel external magnetic and electric fields, we observe that the standard proof of these important nonequilibrium properties can be fully reinstated in the presence of net dissipation. This generalizes recent results for the FRs in orthogonal fields-an interesting but less commonly investigated geometry-and enables direct comparison with existing literature. We also present for the first time a numerical demonstration of the validity of the transient FRs with nonzero magnetic field via nonequilibrium molecular dynamics simulations of a realistic model of liquid NaCl

Non-malleable codes for space-bounded tampering

Non-malleable codes—introduced by Dziembowski, Pietrzak and Wichs at ICS 2010—are key-less coding schemes in which mauling attempts to an encoding of a given message, w.r.t. some class of tampering adversaries, result in a decoded value that is either identical or unrelated to the original message. Such codes are very useful for protecting arbitrary cryptographic primitives against tampering attacks against the memory. Clearly, non-malleability is hopeless if the class of tampering adversaries includes the decoding and encoding algorithm. To circumvent this obstacle, the majority of past research focused on designing non-malleable codes for various tampering classes, albeit assuming that the adversary is unable to decode. Nonetheless, in many concrete settings, this assumption is not realistic

Updatable Blockchains

Software updates for blockchain systems become a real challenge when they impact the underlying consensus mechanism. The activation of such changes might jeopardize the integrity of the blockchain by resulting in chain splits. Moreover, the software update process should be handed over to the community and this means that the blockchain should support updates without relying on a trusted party. In this paper, we introduce the notion of updatable blockchains and show how to construct blockchains that satisfy this definition. Informally, an updatable blockchain is a secure blockchain and in addition it allows to update its protocol preserving the history of the chain. In this work, we focus only on the processes that allow securely switching from one blockchain protocol to another assuming that the blockchain protocols are correct. That is, we do not aim at providing a mechanism that allows reaching consensus on what is the code of the new blockchain protocol. We just assume that such a mechanism exists (like the one proposed in NDSS 2019 by Zhang et. al), and show how to securely go from the old protocol to the new one. The contribution of this paper can be summarized as follows. We provide the first formal definition of updatable ledgers and propose the description of two compilers. These compilers take a blockchain and turn it into an updatable blockchain. The first compiler requires the structure of the current and the updated blockchain to be very similar (only the structure of the blocks can be different) but it allows for an update process more simple, efficient. The second compiler that we propose is very generic (i.e., makes few assumptions on the similarities between the structure of the current blockchain and the update blockchain). The drawback of this compiler is that it requires the new blockchain to be resilient against a specific adversarial behaviour and requires all the honest parties to be online during the update process. However, we show how to get rid of the latest requirement (the honest parties being online during the update) in the case of proof-of-work and proof-of-stake ledgers

Non-malleable encryption: simpler, shorter, stronger

In a seminal paper, Dolev et al. [15] introduced the notion of non-malleable encryption (NM-CPA). This notion is very intriguing since it suffices for many applications of chosen-ciphertext secure encryption (IND-CCA), and, yet, can be generically built from semantically secure (IND-CPA) encryption, as was shown in the seminal works by Pass et al. [29] and by Choi et al. [9], the latter of which provided a black-box construction. In this paper we investigate three questions related to NM-CPA security: 1. Can the rate of the construction by Choi et al. of NM-CPA from IND-CPA be improved? 2. Is it possible to achieve multi-bit NM-CPA security more efficiently from a single-bit NM-CPA scheme than from IND-CPA? 3. Is there a notion stronger than NM-CPA that has natural applications and can be achieved from IND-CPA security? We answer all three questions in the positive. First, we improve the rate in the scheme of Choi et al. by a factor O(λ), where λ is the security parameter. Still, encrypting a message of size O(λ) would require ciphertext and keys of size O(λ2) times that of the IND-CPA scheme, even in our improved scheme. Therefore, we show a more efficient domain extension technique for building a λ-bit NM-CPA scheme from a single-bit NM-CPA scheme with keys and ciphertext of size O(λ) times that of the NM-CPA one-bit scheme. To achieve our goal, we define and construct a novel type of continuous non-malleable code (NMC), called secret-state NMC, as we show that standard continuous NMCs are not enough for the natural “encode-then-encrypt-bit-by-bit” approach to work. Finally, we introduce a new security notion for public-key encryption that we dub non-malleability under (chosen-ciphertext) self-destruct attacks (NM-SDA). After showing that NM-SDA is a strict strengthening of NM-CPA and allows for more applications, we nevertheless show that both of our results—(faster) construction from IND-CPA and domain extension from one-bit scheme—also hold for our stronger NM-SDA security. In particular, the notions of IND-CPA, NM-CPA, and NM-SDA security are all equivalent, lying (plausibly, strictly?) below IND-CCA securit

Time-Space Tradeoffs and Short Collisions in Merkle-Damgård Hash Functions

We study collision-finding against Merkle-Damgård hashing in the random-oracle model by adversaries with an arbitrary $S$-bit auxiliary advice input about the random oracle and $T$ queries. Recent work showed that such adversaries can find collisions (with respect to a random IV) with advantage $\Omega(ST^2/2^n)$, where $n$ is the output length, beating the birthday bound by a factor of $S$. These attacks were shown to be optimal. We observe that the collisions produced are very long, on the order $T$ blocks, which would limit their practical relevance. We prove several results related to improving these attacks to find short collisions. We first exhibit a simple attack for finding $B$-block-long collisions achieving advantage $\tilde{\Omega}(STB/2^n)$. We then study if this attack is optimal. We show that the prior technique based on the bit-fixing model (used for the $ST^2/2^n$ bound) provably cannot reach this bound, and towards a general result we prove there are qualitative jumps in the optimal attacks for finding length $1$, length $2$, and unbounded-length collisions. Namely, the optimal attacks achieve (up to logarithmic factors) order of $(S+T)/2^n$, $ST/2^n$ and $ST^2/2^n$ advantage. We also give an upper bound on the advantage of a restricted class of short-collision finding attacks via a new analysis on the growth of trees in random functional graphs that may be of independent interest