How to validate the secret of a Ring Learning with Errors (RLWE) key

We use the signal function from RLWE key exchange to derive an efficient zero knowledge authentication protocol to validate an RLWE key $p=as+e$ with secret $s$ and error $e$ in the Random Oracle Model (ROM). With this protocol, a verifier can validate that a key $p$ presented to him by a prover $P$ is of the form $p=as+e$ with $s,e$ small and that the prover knows $s$. We accompany the description of the protocol with proof to show that it has negligible soundness and completeness error. The soundness of our protocol relies directly on the hardness of the RLWE problem. The protocol is applicable for both LWE and RLWE but we focus on the RLWE based protocol for efficiency and practicality. We also present a variant of the main protocol with a commitment scheme to avoid using the ROM

Efficient Implementation of Password-Based Authenticated Key Exchange from RLWE and Post-Quantum TLS

Two post-quantum password-based authenticated key exchange (PAKE) protocols were proposed at CT-RSA 2017. Following this work, we give much more efficient and portable C++ implementation of these two protocols. We also choose more compact parameters providing 200-bit security. Compared with original implementation, we achieve 21.5x and 18.5x speedup for RLWE-PAK and RLWE-PPK respectively. Compare with quantum-vulnerable J-PAKE protocol, we achieve nearly 8x speedup. We also integrate RLWE-PPK into TLS to construct a post-quantum TLS ciphersuite. This allows simpler key management, mutual authentication and resistant to phishing attack. Benchmark shows that our ciphersuite is indeed practical

Comparison analysis and efficient implementation of reconciliation-based RLWE key exchange protocol

Error reconciliation is an important technique for Learning With Error (LWE) and Ring-LWE (RLWE)-based constructions. In this paper, we present a comparison analysis on two error reconciliation-based RLWE key exchange protocols: Ding et al. in 2012 (DING12) and Bos et al. in 2015 (BCNS15). We take them as examples to explain core idea of error reconciliation, building key exchange over RLWE problem, implementation, real-world performance and compare them comprehensively. We also analyse a LWE key exchange “Frodo” that uses an improved error reconciliation mechanism in BCNS15. To the best of our knowledge, our work is the first to present at least 128-bit classic (80-bit quantum) and 256-bit classic (>200-bit quantum) secure parameter choices for DING12 with efficient portable C/C++ implementations. Benchmark shows that our efficient implementation is 11x faster than BCNS15 and one key exchange execution only costs 0.07ms on a 4-year-old middle range CPU. Error reconciliation is 1.57x faster than BCNS15

Leakage of Signal function with reused keys in RLWE key exchange

In this paper, we show that the signal function used in Ring-Learning with Errors (RLWE) key exchange could leak information to find the secret $s$ of a reused public key $p=as+2e$. This work is motivated by an attack proposed in \cite{cryptoeprint:2016:085} and gives an insight into how public keys reused for long term in RLWE key exchange protocols can be exploited. This work specifically focuses on the attack on the KE protocol in \cite{Ding} by initiating multiple sessions with the honest party and analyze the output of the signal function. Experiments have confirmed the success of our attack in recovering the secret

Provably Secure Password Authenticated Key Exchange Based on RLWE for the Post-QuantumWorld

Authenticated Key Exchange (AKE) is a cryptographic scheme with the aim to establish a high-entropy and secret session key over a insecure communications network. \emph{Password}-Authenticated Key Exchange (PAKE) assumes that the parties in play share a simple password, which is cheap and human-memorable and is used to achieve the authentication. PAKEs are practically relevant as these features are extremely appealing in an age where most people access sensitive personal data remotely from more-and-more pervasive hand-held devices. Theoretically, PAKEs allow the secure computation and authentication of a high-entropy piece of data using a low-entropy string as a starting point. In this paper, we apply the recently proposed technique introduced in~\cite{DXX2012} to construct two lattice-based PAKE protocols enjoying a very simple and elegant design that is an parallel extension of the class of Random Oracle Model (ROM)-based protocols \msf{PAK} and \msf{PPK}~\cite{BMP2000,M2002}, but in the lattice-based setting. The new protocol resembling \msf{PAK} is three-pass, and provides \emph{mutual explicit authentication}, while the protocol following the structure of \msf{PPK} is two-pass, and provides \emph{implicit authentication}. Our protocols rely on the Ring-Learning-with-Errors (RLWE) assumption, and exploit the additive structure of the underlying ring. They have a comparable level of efficiency to \msf{PAK} and \msf{PPK}, which makes them highly attractive. We present a preliminary implementation of our protocols to demonstrate that they are both efficient and practical. We believe they are suitable quantum safe replacements for \msf{PAK} and \msf{PPK}

Five insights from the Global Burden of Disease Study 2019

The Global Burden of Diseases, Injuries, and Risk Factors Study (GBD) 2019 provides a rules-based synthesis of the available evidence on levels and trends in health outcomes, a diverse set of risk factors, and health system responses. GBD 2019 covered 204 countries and territories, as well as first administrative level disaggregations for 22 countries, from 1990 to 2019. Because GBD is highly standardised and comprehensive, spanning both fatal and non-fatal outcomes, and uses a mutually exclusive and collectively exhaustive list of hierarchical disease and injury causes, the study provides a powerful basis for detailed and broad insights on global health trends and emerging challenges. GBD 2019 incorporates data from 281 586 sources and provides more than 3.5 billion estimates of health outcome and health system measures of interest for global, national, and subnational policy dialogue. All GBD estimates are publicly available and adhere to the Guidelines on Accurate and Transparent Health Estimate Reporting. From this vast amount of information, five key insights that are important for health, social, and economic development strategies have been distilled. These insights are subject to the many limitations outlined in each of the component GBD capstone papers.Peer reviewe

2019 Association for Women in Mathematics (AWM) Research Symposium

This volume highlights the mathematical research presented at the 2019 Association for Women in Mathematics (AWM) Research Symposium held at Rice University, April 6-7, 2019. The symposium showcased research from women across the mathematical sciences working in academia, government, and industry, as well as featured women across the career spectrum: undergraduates, graduate students, postdocs, and professionals. The book is divided into eight parts, opening with a plenary talk and followed by a combination of research paper contributions and survey papers in the different areas of mathematics represented at the symposium: algebraic combinatorics and graph theory algebraic biology commutative algebra analysis, probability, and PDEs topology applied mathematics mathematics education