Implication of Urban Agriculture and Vertical Farming for Future Sustainability

Urban agriculture (UA) is defined as the production of agricultural goods (crop) and livestock goods within urban areas like cities and towns. In the modern days, the urbanization process has raised a question on the sustainable development and growing of urban population. UA has been claimed to contribute to urban waste recycling, efficient water use and energy conservation, reduction in air pollution and soil erosion, urban beautification, climate change adaptation and resilience, disaster prevention, and ecological and social urban sustainability. Therefore, UA contributes to the sustainability of cities in various ways—socially, economically, and environmentally. An urban farming technology that involves the large-scale agricultural production in the urban surroundings is the vertical farming (VF) or high-rise farming technology. It enables fast growth and production of the crops by maintaining the environmental conditions and nutrient solutions to crop based on hydroponics technology. Vertical farms are able to grow food year-round because they maintain consistent growing conditions regardless of the weather outside and are much less vulnerable to climate changes. This promises a steady flow of products for the consumers and a consistent income for growers. Various advantages of VF over traditional farming, such as reduced farm inputs and crop failures and restored farmland, have enabled scientists to implement VF on a large scale

Towards Static Assumption Based Cryptosystem in Pairing Setting: Further Applications of DéjàQ and Dual-Form Signature

A large number of parameterized complexity assumptions have been introduced in the bilinear pairing setting to design novel cryptosystems and an important question is whether such ``$q$-type assumptions can be replaced by some static one. Recently Ghadafi and Groth captured several such parameterized assumptions in the pairing setting in a family called bilinear target assumption (BTA). We apply the DéjàQ techniques for all $q$-type assumptions in the BTA family. In this process, first we formalize the notion of extended adaptive parameter-hiding property and use it in the Chase-Meiklejohn\u27s DéjàQ framework to reduce those $q$-type assumptions from subgroup hiding assumption in the asymmetric composite-order pairing. In addition, we extend the BTA family further into BTA1 and BTA2 and study the relation between different BTA variants. We also discuss the inapplicability of DéjàQ techniques on the $q$-type assumptions that belong to BTA1 or BTA2 family. We then provide one further application of Gerbush et al\u27s dual-form signature techniques to remove the dependence on a $q$-type assumption for which existing DéjàQ techniques are not applicable. This results in a variant of Abe et al\u27s structure-preserving signature with security based on a static assumption in composite order setting

On Cryptographic Protocols Employing Asymmetric Pairings -- The Role of Ψ\Psi Revisited

Asymmetric pairings $e : \mathbb{G}_1 \times \mathbb{G}_2 \rightarrow \mathbb{G}_T$ for which an efficiently-computable isomorphism $\psi : \mathbb{G}_2 \rightarrow \mathbb{G}_1$ is known are called Type 2 pairings; if such an isomorphism $\psi$ is not known then $e$ is called a Type 3 pairing. Many cryptographic protocols in the asymmetric setting rely on the existence of $\psi$ for their security reduction while some use it in the protocol itself. For these reasons, it is believed that some of these protocols cannot be implemented with Type 3 pairings, while for some the security reductions either cannot be transformed to the Type 3 setting or else require a stronger complexity assumption. Contrary to these widely held beliefs, we argue that Type 2 pairings are merely inefficient implementations of Type 3 pairings, and appear to offer no benefit for protocols based on asymmetric pairings from the point of view of functionality, security, and performance

A Closer Look at Multiple Forking: Leveraging (In)dependence for a Tighter Bound

Boldyreva et al. introduced the notion of multiple forking (MF) as an extension of (general) forking to accommodate nested oracle replay attacks. The primary objective of a (multiple) forking algorithm is to separate out the oracle replay attack from the actual simulation of protocol to the adversary, and this is achieved through the intermediary of a so-called wrapper algorithm. Multiple forking has turned out to be a useful tool in the security argument of several cryptographic protocols. However, a reduction employing the MF Algorithm incurs a significant degradation of O(q^2n), where q denotes the upper bound on the underlying random oracle calls and n, the number of forking. In this work we take a closer look at the reasons for the degradation with a tighter security bound in mind. We nail down the exact set of conditions for the success of the MF Algorithm. A careful analysis of the protocols (and corresponding security argument) employing multiple forking allow us to relax the overly restrictive conditions of the original MF Algorithm. To achieve this, we club two consecutive invocations of the underlying wrapper into a single logical unit of wrapper Z. We then use Z to formulate the notion of dependence and independence among different rounds of the wrapper in the MF Algorithm. The (in)dependence conditions lead to a general framework for multiple forking and significantly better bound for the MF Algorithm. Leveraging (in)dependence to the full reduces the degradation from O(q^2n) to O(q^n). By implication, the cost of a forking involving two random oracles (augmented forking) matches that involving a single random oracle (elementary forking). Finally, we study the effect of these observations on the security of the existing schemes. We conclude that by careful design of the protocol (and the wrapper in the security reduction) it is possible to harness our observations to the full extent

CCA-secure Predicate Encryption from Pair Encoding in Prime Order Groups: Generic and Efficient

Attrapadung (Eurocrypt 2014) proposed a generic framework called pair encoding to simplify the design and proof of security of CPA-secure predicate encryption (PE) in composite order groups. Later Attrapadung (Asiacrypt 2016) extended this idea in prime order groups. Yamada et al. (PKC 2011, PKC 2012) and Nandi et al. (ePrint Archive: 2015/457, AAECC 2017) proposed generic conversion frameworks to achieve CCA-secure PE from CPA-secure PE provided the encryption schemes have properties like delegation or verifiability. The delegation property is harder to achieve and verifiability based conversion degrades the decryption performance due to a large number of additional pairing evaluations. Blömer et al. (CT-RSA 2016) proposed a direct fully CCA-secure predicate encryption in composite order groups but it was less efficient as it needed a large number of pairing evaluations to check ciphertext consistency. As an alternative, Nandi et al. (ePrint Archive: 2015/955) proposed a direct conversion technique in composite order groups. We extend the direct conversion technique of Nandi et al. in the prime order groups on the CPA-secure PE construction by Attrapadung (Asiacrypt 2016) and prove our scheme to be CCA-secure in a quite different manner. Our first direct CCA-secure predicate encryption scheme requires exactly one additional ciphertext component and three additional units of pairing evaluation during decryption. The second construction requires exactly three additional ciphertext components but needs only one additional unit pairing evaluation during decryption. This is a significant improvement over conventional approach for CPA-to-CCA conversion in prime order groups

Property Preserving Symmetric Encryption Revisited

At EUROCRYPT~2012 Pandey and Rouselakis introduced the notion of property preserving symmetric encryption which enables checking for a property on plaintexts by running a public test on the corresponding ciphertexts. Their primary contributions are: (i) a separation between `find-then-guess\u27 and `left-or-right\u27 security notions; (ii) a concrete construction for left-or-right secure orthogonality testing in composite order bilinear groups. This work undertakes a comprehensive (crypt)analysis of property preserving symmetric encryption on both these fronts. We observe that the quadratic residue based property used in their separation result is a special case of testing equality of one-bit messages, suggest a very simple and efficient deterministic encryption scheme for testing equality and show that the two security notions, find-then-guess and left-or-right, are tightly equivalent in this setting. On the other hand, the separation result easily generalizes for the equality property. So contextualized, we posit that the question of separation between security notions is property specific and subtler than what the authors envisaged; mandating further critical investigation. Next, we show that given a find-then-guess secure orthogonality preserving encryption of vectors of length 2n, there exists left-or-right secure orthogonality preserving encryption of vectors of length n, giving further evidence that find-then-guess is indeed a meaningful notion of security for property preserving encryption. Finally, we cryptanalyze the scheme for testing orthogonality. A simple distinguishing attack establishes that it is not even the weakest selective find-then-guess secure. Our main attack extracts out the subgroup elements used to mask the message vector and indicates greater vulnerabilities in the construction beyond indistinguishability. Overall, our work underlines the importance of cryptanalysis in provable security

Fault attacks on pairing-based protocols revisited

Several papers have studied fault attacks on computing a pairing value e(P,Q), where P is a public point and Q is a secret point. In this paper, we observe that these attacks are in fact effective only on a small number of pairing-based protocols, and that too only when the protocols are implemented with specific symmetric pairings. We demonstrate the effectiveness of the fault attacks on a public-key encryption scheme, an identity-based encryption scheme, and an oblivious transfer protocol when implemented with a symmetric pairing derived from a supersingular elliptic curve with embedding degree 2

Variants of Waters\u27 Dual-System Primitives Using Asymmetric Pairings

Waters, in 2009, introduced an important technique, called dual-system encryption, to construct identity-based encryption (IBE) and related schemes. The resulting IBE scheme was described in the setting of symmetric pairing. A key feature of the construction is the presence of random tags in the ciphertext and decryption key. Later work by Lewko and Waters has removed the tags and proceeding through composite-order pairings has led to a more efficient dual-system IBE scheme using asymmetric pairings whose security is based on non-standard but static assumptions. In this work, we have systematically simplified Waters 2009 IBE scheme in the setting of asymmetric pairing. The simplifications retain tags used in the original description. This leads to several variants, the first one of which is based on standard assumptions and in comparison to Waters original scheme reduces ciphertexts and keys by two elements each. Going through several stages of simplifications, we finally obtain a simple scheme whose security can be based on two standard assumptions and a natural and minimal extension of the decision Diffie-Hellman problem for asymmetric pairing groups. The scheme itself is also minimal in the sense that apart from the tags, both encryption and key generation use exactly one randomiser each. This final scheme is more efficient than both the previous dual-system IBE scheme in the asymmetric setting due to Lewko and Waters and the more recent dual-system IBE scheme due to Lewko. We extend the IBE scheme to hierarchical IBE (HIBE) and broadcast encryption (BE) schemes. Both primitives are secure in their respective full models and have better efficiencies compared to previously known schemes offering the same level and type of security

Encrypting Messages for Incomplete Chains of Certificates

A public key infrastructure (PKI) binds public keys to the identities of their respective owners. It employs certificate authorities or a web of trust over social links to transitively build cryptographic trust across parties in the form of chains of certificates. In existing PKIs, Alice cannot send a message to Bob confidentially until a complete chain of trust from Alice to Bob exists. We observe that this temporal restriction---which may be severely limiting in some contexts like whistleblowing---can be eliminated by combining webs of trust with concepts from hierarchical identity-based encryption. Specifically, we present a novel protocol that allows Alice to securely send a message to Bob, binding to any chain of social links, with the property that Bob can decrypt the message only after trust has been established on all links in the chain. This trust may be established either before or after Alice has sent the message, and it may be established in any order on the links. We prove the protocol\u27s security relative to an ideal functionality, develop a prototypical implementation and evaluate the implementation\u27s performance for a realistic environment obtained by harvesting data from an existing web of trust. We observe that our protocol is fast enough to be used in practice

Sesame lignans as promising anti-inflammatory agent: Exploring novel therapeutic avenues with in silico and computational approach

Innumerable health-beneficial properties of sesame lignans like sesamol, sesamolin, sesamin and sesaminol make them lucrative agents in the pharmaceutical industry. To specify the mode of action of these phytochemicals, detailed computational physicochemical properties evaluation, and toxicity assessment (using free web servers and databases), as well as binding interactions with physiological inflammatory effectors (such as COX-2, TNF-α, IL-1β, IL-6) by means of rigid ligand-receptor docking (using software), have been thoroughly investigated. Interestingly, sesame lignans are conformed to have drug-likeness, indicating their efficacy and suitability like established therapeutics. These bioactive lignans possess drug-like attributes and effectively act as ligands in the present in-silico study. The basic pharmacokinetic profile of these compounds has suggested non-polar solvents or delivery systems for them to enhance their bioavailability in physiological systems. However, all the sesame lignans are toxic to the liver cells with a50 % lethal dose in the range of 500-1500 mg/kg. Toxicity study indicated minimum toxicity of lignans to normal cellular milieu, but noticeable cytotoxic effects against several cancerous cell lines suggesting their anti-carcinogenic properties. Finally, the findings of the molecular docking study have depicted a high affinity of these ligands for target proteins, even better than traditional anti-inflammatory drugs- Indomethacin and Ibuprofen. The molecular interactions have represented sesaminol as the most effective and Sesamol as the least potent ligand for target receptor whereas COX-2 seems to be the most vulnerable target. The docking scores varied widely (-4.7 to -11.0 kcal/mol). The present in-silico approach is expected to provide valuable resources for optimizing bioactive molecules as future-generation therapeutics before pre-clinical and clinical studies