1,720,963 research outputs found
New perspectives in multi-party computation: low round complexity from new assumptions, financial fairness and public verifiability
Full text linkResearch in Multi-Party Computation is constantly evolving over the years. Starting from the very first result by Yao in 1982, to serve new and more practical scenarios, a lot of different protocols with stronger security properties have been introduced and proven for several assumptions.
For some functionalities, properties like public verifiability, fairness and round-optimality can be considered nowadays a minimal set of assumption to consider an MPC protocol practical. Asynchrony, in the sense that different parties should be able to join a protocol at different times, is fundamental for applications like decentralized lotteries, where the protocol execution can last even days. In such case, due to the involvement of monetary payments, parties must also be aware of what happens to their pockets when such protocols are run. In particular, they must be sure that the execution of a certain class of protocols is financially sustainable. We list below our three contributions to the thesis.
We firstly introduce a new theoretical result, showing how to achieve low round MPC from new assumptions.
In particular, we show how to construct maliciously secure oblivious transfer (M-OT) from a mild strengthening of key agreement (KA) which we call strongly uniform KA (SU-KA), where the latter roughly means that the messages sent by one party are computationally close to uniform, even if the other party is malicious.
Our transformation is black-box, almost round preserving (adding only a constant overhead of two rounds), and achieves standard simulation-based security in the plain model.
As we show, 2-round SU-KA can be realized from cryptographic assumptions such as low-noise LPN, high-noise LWE, Subset Sum, DDH, CDH and RSA---all with polynomial hardness---thus yielding a black-box construction of fully-simulatable, round-optimal, M-OT from the same set of assumptions (some of which were not known before).
By invoking a recent result of Benhamouda and Lin (EUROCRYPT 2017), we also obtain (non-black-box) 5-round maliciously secure MPC in the plain model, from the same assumptions.
Our second and third contributions are focused on the concrete application of MPC protocols achieving the aforementioned properties in real-world scenarios. In applications like decentralized lotteries, decentralized payment mechanisms like blockchains relying on smart contracts can be considered a powerful tool to enforce the correct behavior of cheating players with the aid of monetary incentives or punishments. In fact, a weaker version of fairness called fairness with penalties, firstly introduced in the lottery protocol of Andrychowicz et al. (S&P '14) and then formally defined by Bentov et al. (CRYPTO'14), can be used to ensure that corrupted players are incentivized to reveal the output to honest players. This can be done successfully through Bitcoin scripts or Ethereum smart contracts.
In our second contribution, we consider executions of smart contracts on forking blockchains (e.g., Ethereum) and study security and delay issues due to forks. As security notion for modeling executions of smart contracts, we focus on MPC. In particular, we consider on-chain MPC executions with the aid of smart contracts. The classical double-spending problem tells us that messages of the MPC protocol should be confirmed on-chain before playing the next ones, thus slowing down the entire execution.
This contribution consists of two results:
- For the concrete case of fairly tossing multiple coins with penalties, we notice that the lottery protocol of Andrychowicz et al. becomes insecure if players do not wait for the confirmations of several transactions. In addition, we present a smart contract that instead retains security even when all honest players immediately answer to transactions appearing on-chain. We analyze the performance using Ethereum as testbed.
- We design a compiler that takes any "digital and universally composable'' MPC protocol (with or without honest majority), and transforms it into another one (for the same task and same setup) which maintains security even if all messages are played on-chain without delays. The special requirements on the starting protocol mean that messages consists only of bits (e.g., no hardware token is sent) and security holds also in the presence of other protocols. We further show that our compiler satisfies fairness with penalties as long as honest players only wait for confirmations once.
By reducing the number of confirmations, our protocols can be significantly faster than natural constructions, maintaining at the same time public verifiability, asynchrony (obtained by making the parties posting messages to the blockchain via smart contracts), and fairness with penalties.
As a third contribution, we survey the state-of-the-art blockchain based penalty protocols (i.e achieving fairness with penalties) and pioneer another type of fairness, financial fairness, that is closer to the real-world valuation of financial transactions. Intuitively, a penalty protocol is financially fair if the net present cost of participation of honest parties--- i.e., the difference between the total value of cash inflows and the total value of cash outflows at the end of the protocol, weighted by the relative discount rate---is the same, even when some parties cheat.
Then, we show that the ladder protocol (CRYPTO'14), and its variants (CCS'15 and CCS'16), fail to achieve financial fairness both in theory and in practice, while the penalty protocols of Kumaresan and Bentov (CCS'14) and Baum, David and Dowsley (FC'20) are financially fair.
Moreover, it can be inferred that the fair with penalties extension of the generic compiler presented in our second contribution, based on CCS'14, is financially fair. Hence, our compiler is also financially sustainable
Multi-key and Multi-input Predicate Encryption (for Conjunctions) from Learning with Errors
No full textWe put forward two natural generalizations of predicate encryption (PE), dubbed multi-key and multi-input PE. More in details, our contributions are threefold. Definitions. We formalize security of multi-key PE and multi-input PE following the standard indistinguishability paradigm, and modeling security both against malicious senders (i.e., corruption of encryption keys) and malicious receivers (i.e., collusions). Constructions. We construct adaptively secure multi-key and multi-input PE supporting the conjunction of poly-many arbitrary single-input predicates, assuming the sub-exponential hardness of the learning with errors (LWE) problem. Applications. We show that multi-key and multi-input PE for expressive enough predicates suffices for interesting cryptographic applications, including non-interactive multi-party computation (NI-MPC) and matchmaking encryption (ME). In particular, plugging in our constructions of multi-key and multi-input PE, under the sub-exponential LWE assumption, we obtain the first ME supporting arbitrary policies with unbounded collusions, as well as robust (resp. non-robust) NI-MPC for so-called all-or-nothing functions satisfying a non-trivial notion of reusability and supporting a constant (resp. polynomial) number of parties. Prior to our work, both of these applications required much heavier tools such as indistinguishability obfuscation or compact functional encryption
MARTSIA: Enabling Data Confidentiality for Blockchain-based Process Execution
Full text linkMulti-party business processes rely on the collaboration of various players
in a decentralized setting. Blockchain technology can facilitate the automation
of these processes, even in cases where trust among participants is limited.
Transactions are stored in a ledger, a replica of which is retained by every
node of the blockchain network. The operations saved thereby are thus publicly
accessible. While this enhances transparency, reliability, and persistence, it
hinders the utilization of public blockchains for process automation as it
violates typical confidentiality requirements in corporate settings. In this
paper, we propose MARTSIA: A Multi-Authority Approach to Transaction Systems
for Interoperating Applications. MARTSIA enables precise control over process
data at the level of message parts. Based on Multi-Authority Attribute-Based
Encryption (MA-ABE), MARTSIA realizes a number of desirable properties,
including confidentiality, transparency, and auditability. We implemented our
approach in proof-of-concept prototypes, with which we conduct a case study in
the area of supply chain management. Also, we show the integration of MARTSIA
with a state-of-the-art blockchain-based process execution engine to secure the
data flow
Going Beyond Counting First Authors in Author Co-citation Analysis
Full text linkThe present study examines one of the fundamental aspects of author co-citation analysis (ACA) - the way co-citation
counts are defined. Co-citation counting provides the data on which all subsequent statistical analyses and mappings
are based, and we compare ACA results based on two different types of co-citation counting - the traditional type that
only counts the first one among a cited work's authors on the one hand and a non-traditional type that takes into
account the first 5 authors of a cited work on the other hand. Results indicate that the picture produced through this non-traditional author co-citation counting contains more coherent author groups and is therefore considerably clearer. However, this picture represents fewer specialties in the research field being studied than that produced through the traditional first-author co-citation counting when the same number of top-ranked authors is selected and analyzed. Reasons for these effects are discussed
Variations on the Author
Full text link“Variations on the Author” discusses two of Eduardo Coutinho’s recent films (Um Dia na Vida, from 2010, and Últimas Conversas, posthumously released in 2015) and their contribution to the general question of documentary authorship. The director’s filmography is characterized by a consistent yet self-effacing form of authorial self-inscription: Coutinho often features as an interviewer that rather than express opinions propels discourses; an interviewer that is good at listening. This mode of self-inscription characterizes him as an author who is not expressive but who is nonetheless markedly present on the screen. In Um Dia na Vida, however, Coutinho is completely absent form the image, while Últimas Conversas, on the contrary, includes a confessional prologue that moves the director from the margins to the center of his films. This article examines the ways in which these works stand out in the filmography of a director who offers new insights into the notion of cinematic authorship
Appropriate Similarity Measures for Author Cocitation Analysis
Full text linkWe provide a number of new insights into the methodological discussion about author cocitation analysis. We first argue that the use of the Pearson correlation for measuring the similarity between authors’ cocitation profiles is not very satisfactory. We then discuss what kind of similarity measures may be used as an alternative to the Pearson correlation. We consider three similarity measures in particular. One is the well-known cosine. The other two similarity measures have not been used before in the bibliometric literature. Finally, we show by means of an example that our findings have a high practical relevance.information science;Pearson correlation;cosine;similarity measure;author cocitation analysis
Dispelling the Myths Behind First-author Citation Counts
Full text linkWe conducted a full-scale evaluative citation analysis study of scholars in the XML research field to explore just how different from each other author rankings resulting from different citation counting methods actually are, and to demonstrate the capability of emerging data and tools on the Web in supporting more realistic citation counting methods. Our results contest some common arguments for the continued
use of first-author citation counts in the evaluation of scholars, such as high correlations between author rankings by first-author citation counts and other citation
counting methods, and high costs of using more realistic citation counting methods that are not well-supported by the ISI databases. It is argued that increasingly available digital full text research papers make it possible for citation analysis studies to go beyond what the ISI databases have directly supported and to employ more
sophisticated methods
- …
