Improved Universal Thresholdizer from Threshold Fully Homomorphic Encryption

The Universal Thresholdizer (CRYPTO\u2718) is a cryptographic scheme that facilitates the transformation of any cryptosystem into a threshold cryptosystem, making it a versatile tool for threshold cryptography. For instance, this primitive enables the black-box construction of a one-round threshold signature scheme based on the Learning with Error problem, as well as a one-round threshold chosen ciphertext attack-secure public key encryption, by being combined with non-threshold schemes. The compiler is constructed in a modular fashion and includes a compact threshold fully homomorphic encryption, a non-interactive zero-knowledge proof with preprocessing, and a non-interactive commitment. An instantiation of the Universal Thresholdizer can be achieved through the construction of a compact threshold fully homomorphic encryption. Currently, there are two threshold fully homomorphic encryptions based on linear secret sharing, with one using Shamir\u27s secret sharing and the other using the $\{0,1\}$-linear secret sharing scheme ($\{0,1\}$-LSSS). The former fails to achieve compactness as the size of its ciphertext is $O(N\log N)$, where $N$ is the number of participants in the distributed system. Meanwhile, the latter provides compactness, with a ciphertext size of $O(\log N)$, but requires $O(N^{4.3})$ share keys on each party, leading to high communication costs. In this paper, we propose a communication-efficient Universal Thresholdizer by revisiting the threshold fully homomorphic encryption. Our scheme reduces the number of share keys required on each party to $O(N^{2+o(1)})$ while preserving the ciphertext size of $O(\log N)$. To achieve this, we introduce a new linear secret sharing scheme called TreeSSS, which requires a smaller number of shared keys and satisfies compactness. As a result, the Threshold Fully Homomorphic Encryption underlying our linear secret sharing scheme has fewer shared keys during the setup algorithm and reduced communication costs during the partial decryption algorithm. Moreover, the construction of a Universal Thresholdizer can be achieved through the use of TreeSSS, as it reduces the number of shared keys compared to previous constructions. Additionally, TreeSSS may be of independent interest, as it improves the efficiency in terms of communication costs when used to replace $\{0,1\}$-LSSS

Estimating Live Fuel Moisture in Southern California Using Remote Sensing Vegetation Water Content Proxies

Wildfires are a major ecological disturbance in Southern California and often lead to great destruction along the Wildland-Urban Interface. Live fuel moisture has been used as an important indicator of wildfire risk in measurements of vegetation water content. However, the limited field measurements of live fuel moisture in both time and space have affected the accuracy of wildfire risk estimations. Traditional estimation of live fuel moisture using remote sensing data was based on vegetation indices, indirect proxies of vegetation water content and subject to influence from weather conditions. In this study, we investigated the feasibility of estimating live fuel moisture using vegetation indices, Soil Moisture Active Passive L-band soil moisture data and the modeled vegetation water content using a non-linear model based on VIs and the stem factor associated with remote sensing moisture data products. The stem factor describes the peak amount of water residing in stems of plants and varies by land cover. We also compared the outcomes from regression models and recurrent neural network using the same independent variables. We found the modeled vegetation water content outperformed vegetation indices and the L-band soil moisture observations, suggesting a non-linear relationship between live fuel moisture and the remotely sensed vegetation signatures. We discuss our results which will improve the predictability of live fuel moisture

Homomorphic Multiple Precision Multiplication for CKKS and Reduced Modulus Consumption

Homomorphic Encryption (HE) schemes such as BGV, BFV, and CKKS consume some ciphertext modulus for each multiplication. Bootstrapping (BTS) restores the modulus and allows homomorphic computation to continue, but it is time-consuming and requires a significant amount of modulus. For these reasons, decreasing modulus consumption is crucial topic for BGV, BFV and CKKS, on which numerous studies have been conducted. We propose a novel method, called $\mathsf{mult}^2$, to perform ciphertext multiplication in the CKKS scheme with lower modulus consumption. $\mathsf{mult}^2$ relies an a new decomposition of a ciphertext into a pair of ciphertexts that homomorphically performs a weak form of Euclidean division. It multiplies two ciphertexts in decomposed formats with homomorphic double precision multiplication, and its result approximately decrypts to the same value as does the ordinary CKKS multiplication. $\mathsf{mult}^2$ can perform homomorphic multiplication by consuming almost half of the modulus. We extend it to $\mathsf{mult}^t$ for any $t\geq 2$, which relies on the decomposition of a ciphertext into $t$ components. All other CKKS operations can be equally performed on pair/tuple formats, leading to the double-CKKS (resp. tuple-CKKS) scheme enabling homomorphic double (resp. multiple) precision arithmetic. As a result, when the ciphertext modulus and dimension are fixed, the proposed algorithms enable the evaluation of deeper circuits without bootstrapping, or allow to reduce the number of bootstrappings required for the evaluation of the same circuits. Furthermore, they can be used to increase the precision without increasing the parameters. For example, $\mathsf{mult}^2$ enables 8 sequential multiplications with 100 bit scaling factor with a ciphertext modulus of only 680 bits, which is impossible with the ordinary CKKS multiplication algorithm

Adventures in Crypto Dark Matter: Attacks, Fixes for Weak Pseudorandom Functions

A weak pseudorandom function (weak PRF) is one of the most important cryptographic primitives for its efficiency although it has lower security than a standard PRF. Recently, Boneh et al. (TCC\u2718) introduced two types of new weak PRF candidates, which are called a basic Mod-2/Mod-3 and alternative Mod-2/Mod-3 weak PRF. Both use the mixture of linear computations defined on different small moduli to satisfy conceptual simplicity, low complexity (depth-2 ${\sf ACC^0}$) and MPC friendliness. In fact, the new candidates are conjectured to be exponentially secure against any adversary that allows exponentially many samples, and a basic Mod-2/Mod-3 weak PRF is the only candidate that satisfies all features above. However, none of the direct attacks which focus on basic and alternative Mod-2/Mod-3 weak PRFs use their own structures. In this paper, we investigate weak PRFs from two perspectives; attacks, fixes. We first propose direct attacks for an alternative Mod-2/Mod-3 weak PRF and a basic Mod-2/Mod-3 weak PRF when a circulant matrix is used as a secret key. For an alternative Mod-2/Mod-3 weak PRF, we prove that the adversary\u27s advantage is at least $2^{-0.105n}$, where $n$ is the size of the input space of the weak PRF. Similarly, we show that the advantage of our heuristic attack to the weak PRF with a circulant matrix key is larger than $2^{-0.21n}$, which is contrary to the previous expectation that `structured secret key\u27 does not affect the security of a weak PRF. Thus, for an optimistic parameter choice $n = 2\lambda$ for the security parameter $\lambda$, parameters should be increased to preserve $\lambda$-bit security when an adversary obtains exponentially many samples. Next, we suggest a simple method for repairing two weak PRFs affected by our attack while preserving the parameters

META-BTS: Bootstrapping Precision Beyond the Limit

Bootstrapping, which enables the full homomorphic encryption scheme that can perform an infinite number of operations by restoring the modulus of the ciphertext with a small modulus, is an essential step in homomorphic encryption. However, bootstrapping is the most time and memory consuming of all homomorphic operations. As we increase the precision of bootstrapping, a large amount of computational resources is required. Specifically, for any of the previous bootstrap designs, the precision of bootstrapping is limited by rescaling precision. In this paper, we propose a new bootstrapping algorithm of the Cheon-Kim-Kim-Song (CKKS) scheme to use a known bootstrapping algorithm repeatedly, so called { Meta-BTS}. By repeating the original bootstrapping operation twice, one can obtain another bootstrapping with its precision essentially doubled; it can be generalized to be $k$-fold bootstrapping operations for some $k>1$ while the ciphertext size is large enough. Our algorithm overcomes the precision limitation given by the rescale operation

Algorithms for CRT-variant of Approximate Greatest Common Divisor Problem

The approximate greatest common divisor problem (ACD) and its variants have been used to construct many cryptographic primitives. In particular, variants of the ACD problem based on Chinese remainder theorem (CRT) are exploited in the constructions of a batch fully homomorphic encryption to encrypt multiple messages in one ciphertext. Despite the utility of the CRT-variant scheme, the algorithms to solve its security foundation have not been studied well compared to the original ACD based scheme. In this paper, we propose two algorithms for solving the CCK-ACD problem, which is used to construct a batch fully homomorphic encryption over integers. To achieve the goal, we revisit the orthogonal lattice attack and simultaneous Diophantine approximation algorithm. Both two algorithms take the same time complexity $2^{\tilde{O}(\frac{\gamma}{(\eta-\rho)^2})}$ up to a polynomial factor to solve the CCK-ACD problem for the bit size of samples $\gamma$, secret primes $\eta$, and error bound $\rho$. Compared to Chen and Nguyen\u27s algorithm in Eurocrypt\u27 12, which takes $\tilde{O}(2^{\rho/2})$ complexity, our algorithm gives the first parameter condition related to $\eta$ and $\gamma$ size. We also report the experimental results for our attack upon several parameters. From the results, we can see that our algorithms work well both in theoretical and experimental terms

Efficient Ruddlesden-Popper Perovskite Light-Emitting Diodes with Randomly Oriented Nanocrystals

Ruddlesden-Popper phase (RP-phase) perovskites that consist of 2D perovskite slabs interleaved with bulky organic ammonium (OA) are favorable for light-emitting diodes (LEDs). The critical limitation of LED applications is that the insulating OA arranged in a preferred orientation limits charge transport. Therefore, the ideal solution is to achieve a randomly connected structure that can improve charge transport without hampering the confinement of the electron-hole pair. Here, a structurally modulated RP-phase metal halide perovskite (MHP), (PEA)(2)(CH3NH3)(m-1)PbmBr3m+1 is introduced to make the randomly oriented RP-phase unit and ensure good connection between them by applying modified nanocrystal pinning, which leads to an increase in the efficiency of perovskite LEDs (PeLEDs). The randomly connected RP-phase MHP forces contact between inorganic layers and thereby yields efficient charge transport and radiative recombination. Combined with an optimal dimensionality, (PEA)(2)(CH3NH3)(2)Pb3Br10, the structurally modulated RP-phase MHP exhibits increased photoluminescence quantum efficiency, from 0.35% to 30.3%, and their PeLEDs show a 2,018 times higher current efficiency (20.18 cd A(-1)) than in the 2D PeLED (0.01 cd A(-1)) and 673 times than in the 3D PeLED (0.03 cd A(-1)) using the same film formation process. This approach provides insight on how to solve the limitation of RP-phase MHP for efficient PeLEDs.

A Randomized Comparison Simulating Face to Face Endotracheal Intubation of Pentax Airway Scope, C-MAC Video Laryngoscope, Glidescope Video Laryngoscope, and Macintosh Laryngoscope

Objectives. Early airway management is very important for severely ill patients. This study aimed to investigate the efficacy of face to face intubation in four different types of laryngoscopes (Macintosh laryngoscope, Pentax airway scope (AWS), Glidescope video laryngoscope (GVL), and C-MAC video laryngoscope (C-MAC)). Method. Ninety-five nurses and emergency medical technicians were trained to use the AWS, C-MAC, GVL and Macintosh laryngoscope with standard airway trainer manikin and face to face intubation. We compared VCET (vocal cord exposure time), tube pass time, 1st ventilation time, VCET to tube pass time, tube pass time to 1st ventilation time, and POGO (percentage of glottis opening) score. In addition, we compared success rate according to the number of attempts and complications. Result. VCET was similar among all laryngoscopes and POGO score was higher in AWS. AWS and Macintosh blade were faster than GVL and C-MAC in total intubation time. Face to face intubation success rate was lower in GVL than other laryngoscopes. Conclusion. AWS and Macintosh were favorable laryngoscopes in face to face intubation. GVL had disadvantage performing face to face intubation