PPP-Completeness with Connections to Cryptography

Polynomial Pigeonhole Principle (PPP) is an important subclass of TFNP with profound connections to the complexity of the fundamental cryptographic primitives: collision-resistant hash functions and one-way permutations. In contrast to most of the other subclasses of TFNP, no complete problem is known for PPP. Our work identifies the first PPP-complete problem without any circuit or Turing Machine given explicitly in the input, and thus we answer a longstanding open question from [Papadimitriou1994]. Specifically, we show that constrained-SIS (cSIS), a generalized version of the well-known Short Integer Solution problem (SIS) from lattice-based cryptography, is PPP-complete. In order to give intuition behind our reduction for constrained-SIS, we identify another PPP-complete problem with a circuit in the input but closely related to lattice problems. We call this problem BLICHFELDT and it is the computational problem associated with Blichfeldt's fundamental theorem in the theory of lattices. Building on the inherent connection of PPP with collision-resistant hash functions, we use our completeness result to construct the first natural hash function family that captures the hardness of all collision-resistant hash functions in a worst-case sense, i.e. it is natural and universal in the worst-case. The close resemblance of our hash function family with SIS, leads us to the first candidate collision-resistant hash function that is both natural and universal in an average-case sense. Finally, our results enrich our understanding of the connections between PPP, lattice problems and other concrete cryptographic assumptions, such as the discrete logarithm problem over general groups

On the Complexity of Modulo-q Arguments and the Chevalley - Warning Theorem

We study the search problem class PPA_q defined as a modulo-q analog of the well-known polynomial parity argument class PPA introduced by Papadimitriou (JCSS 1994). Our first result shows that this class can be characterized in terms of PPA_p for prime p. Our main result is to establish that an explicit version of a search problem associated to the Chevalley - Warning theorem is complete for PPA_p for prime p. This problem is natural in that it does not explicitly involve circuits as part of the input. It is the first such complete problem for PPA_p when p ? 3. Finally we discuss connections between Chevalley-Warning theorem and the well-studied short integer solution problem and survey the structural properties of PPA_q

HOLMES: Efficient Distribution Testing for Secure Collaborative Learning

Using secure multiparty computation (MPC), organizations which own sensitive data (e.g., in healthcare, finance or law enforcement) can train machine learning models over their joint dataset without revealing their data to each other. At the same time, secure computation restricts operations on the joint dataset, which impedes computation to assess its quality. Without such an assessment, deploying a jointly trained model is potentially illegal. Regulations, such as the European Union\u27s General Data Protection Regulation (GDPR), require organizations to be legally responsible for the errors, bias, or discrimination caused by their machine learning models. Hence, testing data quality emerges as an indispensable step in secure collaborative learning. However, performing distribution testing is prohibitively expensive using current techniques, as shown in our experiments. We present HOLMES, a protocol for performing distribution testing efficiently. In our experiments, compared with three non-trivial baselines, HOLMES achieves a speedup of more than 10x for classical distribution tests and up to 10^4x for multidimensional tests. The core of HOLMES is a hybrid protocol that integrates MPC with zero-knowledge proofs and a new ZK-friendly and naturally oblivious sketching algorithm for multidimensional tests, both with significantly lower computational complexity and concrete execution costs

Use of agro-industrial by-products containing tannins for the integrated control of gastrointestinal nematodes in ruminants

Previous studies have illustrated that different bioactive legume fodders containing condensed tannins might represent one of the options for integrated sustainable control of gastrointestinal nematodes (GIN) in ruminants, which may help address the worldwide development of resistance to synthetic anthelmintics. More recently, impetus has been given to assess the potential antiparasitic activity of less conventional resources, represented by different agro-industrial by-products (AIBPs). This review presents in vitro and in vivo results obtained with a range of tannin-containing AIBPs of various geographical and botanical origins, namely AIBP of nuts, temperate and tropical barks, carob, coffee and cocoa. They tend to confirm the "proof of concept" for their antiparasitic effects and also for other aspects of ruminant production in an agro-ecological context. Socio-economic aspects of the exploitation of such non-conventional resources are also discussed as potential models of the circular economy, by using waste. The different modes of use of these resources are presented in this review, as well as strengths, weaknesses, opportunities, and threats (SWOT) analyses to illustrate the advantages and limitations of on-farm use

Feeding of carob (Ceratonia siliqua) to sheep infected with gastrointestinal nematodes reduces faecal egg counts and worm fecundity

Abstract The present study explored the anthelmintic effects of condensed tannins (CT) in carob (Ceratonia siliqua) pods fed to sheep against gastrointestinal nematodes. Three independent in vivo trials tested whether i) carob pod (CaBP)-containing feed had an anthelmintic effect and if yes, which was the optimal concentration in the diet; ii) whether this effect could be attributed to tannins through the polyethylene glycol (PEG) test and iii) whether there were any synergistic effects when combined with another tannin-containing feed (e.g. sainfoin). In all trials 6-month old nematode-naive lambs, experimentally infected with both Haemonchus contortus and Trichostrongylus colubriformis, were used. Faecal egg counts (FEC) were performed regularly and at the end of each trial adult worm counts (AWC) and female worm fecundity were recorded. In trial 1, 35 lambs (five groups of seven lambs) were fed different CaBP concentrations ranging from 0% to 12% w/w. FEC declined up to 39.2% only in the group fed with 12% CaBP, while a declining trend (P<0.06) was demonstrated for the AWC of T. colubriformis, which was associated with the increasing concentration of CaBP in feed. Female worm fecundity was reduced in groups fed CaBP for both parasites, however this was only significant for H. contortus (P<0.001), in a dose dependent manner. In trial 2, four groups of six infected lambs each were used, which received the carob diets CaBP or CaBP+PEG, and the tannin-free diets with or without PEG (C or C+PEG). Results showed that FEC of Groups C, C+PEG, and CaBP+PEG were comparable throughout the trial, while the group receiving only CaBP showed lower FEC from DAY 25 onwards. AWC showed a reduction (67.7%) only for Η. contortus (P<0.03). Reversal of the anthelmintic effect of CaBP after PEG administration suggested that CT contributed to the anthelmintic action. However, no effect of CaBP was observed on T. colubriformis AWC and on female worm fecundity for both species. Finally, for trial 3 four groups of six lambs each received a diet based on CaBP, sainfoin (S) or a combination (CaBP+S) and were compared to a control (C) diet of lucerne. On DAY 37 FEC values in groups CaBP+S and S tended to be lower compared to the two other groups (C, CaBP), while for AWCs no significant differences were observed for both parasites. The fecundity of H. contortus and T. colubriformis demonstrated significant differences between the treated and control groups, with lower values in the animals receiving CaBP+S. Overall, the results supported the hypothesis that carob had an anthelmintic effect due to its CT, but there was no clear indication of a synergistic effect with sainfoin

Privately computing set-maximal matches in genomic data

Background: Finding long matches in deoxyribonucleic acid (DNA) sequences in large aligned genetic sequences is a problem of great interest. A paradigmatic application is the identification of distant relatives via large common subsequences in DNA data. However, because of the sensitive nature of genomic data such computations without security consideration might compromise the privacy of the individuals involved. Methods: The secret sharing technique enables the computation of matches while respecting the privacy of the inputs of the parties involved. This method requires interaction that depends on the circuit depth needed for the computation. Results: We design a new depth-optimized algorithm for computing set-maximal matches between a database of aligned genetic sequences and the DNA of an individual while respecting the privacy of both the database owner and the individual. We then implement and evaluate our protocol. Conclusions: Using modern cryptographic techniques, difficult genomic computations are performed in a privacy-preserving way. We enrich this research area by proposing a privacy-preserving protocol for set-maximal matches

Limits on the efficiency of (ring) LWE-based non-interactive key exchange

LWE-based key-exchange protocols lie at the heart of post-quantum public-key cryptography. However, all existing protocols either lack the non-interactive nature of Diffie–Hellman key exchange or polynomialLWE-modulus, resulting in unwanted efficiency overhead. We study the possibility of designing non-interactive LWE-based protocols with polynomialLWE-modulus. To this end, we identify and formalize simple non-interactive and polynomial LWE-modulus variants of the existing protocols, where Alice and Bob simultaneously exchange one or more (ring) LWE samples with polynomial LWE-modulus and then run individual key reconciliation functions to obtain the shared key. We point out central barriers and show that such non-interactive key-exchange protocols are impossible in either of the following cases: (1) the reconciliation functions first compute the inner product of the received LWE sample with their private LWE secret. This impossibility is information theoretic. (2) One of the reconciliation functions does not depend on the error of the transmitted LWE sample. This impossibility assumes hardness of LWE. We show that progress toward either a polynomial LWE-modulus NIKE construction or a general impossibility result has implications to the current understanding of lattice-based cryptographic constructions. Overall, our results show possibilities and challenges in designing simple (ring) LWE-based non-interactive key-exchange protocols