Functional encryption for threshold functions (or fuzzy IBE) from lattices

Cryptosystems based on the hardness of lattice problems have recently acquired much importance due to their average-case to worst-case equivalence, their conjectured resistance to quantum cryptanalysis, their ease of implementation and increasing practicality, and, lately, their promising potential as a platform for constructing advanced functionalities. In this work, we construct “Fuzzy” Identity Based Encryption from the hardness of the Learning With Errors (LWE) problem. We note that for our parameters, the underlying lattice problems (such as gapSVP or SIVP) are assumed to be hard to approximate within supexponential factors for adversaries running in subexponential time. We give CPA and CCA secure variants of our construction, for small and large universes of attributes. All our constructions are secure against selective-identity attacks in the standard model. Our construction is made possible by observing certain special properties that secret sharing schemes need to satisfy in order to be useful for Fuzzy IBE. We also discuss some obstacles towards realizing lattice-based attribute-based encryption (ABE).

Shrinking the keys of discrete-log-type lossy trapdoor functions

To this day, realizations in the standard-model of (lossy) trapdoor functions from discrete-log-type assumptions require large public key sizes, e.g., about Θ(λ 2) group elements for a reduction from the decisional Diffie-Hellman assumption (where λ is a security parameter). We propose two realizations of lossy trapdoor functions that achieve public key size of only Θ(λ) group elements in bilinear groups, with a reduction from the decisional Bilinear Diffie-Hellman assumption. Our first construction achieves this result at the expense of a long common reference string of Θ(λ 2) elements, albeit reusable in multiple LTDF instantiations. Our second scheme also achieves public keys of size Θ(λ), entirely in the standard model and in particular without any reference string, at the cost of a slightly more involved construction. The main technical novelty, developed for the second scheme, is a compact encoding technique for generating compressed representations of certain sequences of group elements for the public parameters.

Cryptanalysis of the convex hull click human identification protocol

Recently, a convex hull-based human identification protocol was proposed by Sobrado and Birget, whose steps can be performed by humans without additional aid. The main part of the protocol involves the user mentally forming a convex hull of secret icons in a set of graphical icons and then clicking randomly within this convex hull. While some rudimentary security issues of this protocol have been discussed, a comprehensive security analysis has been lacking. In this paper, we analyze the security of this convex hull-based protocol. In particular, we show two probabilistic attacks that reveal the user’s secret after the observation of only a handful of authentication sessions. These attacks can be efficiently implemented as their time and space complexities are considerably less than brute force attack. We show that while the first attack can be mitigated through appropriately chosen values of system parameters, the second attack succeeds with a non-negligible probability even with large system parameter values that cross the threshold of usability.

Möbius transforms, coincident Boolean functions and non-coincidence property of Boolean functions

Boolean functions and their Möbius transforms are involved in logical calculation, digital communications, coding theory and modern cryptography. So far, little is known about the relations of Boolean functions and their Möbius transforms. This work is composed of three parts. In the first part, we present relations between a Boolean function and its Möbius transform so as to convert the truth table/algebraic normal form (ANF) to the ANF/truth table of a function in different conditions. In the second part, we focus on the special case when a Boolean function is identical to its Möbius transform. We call such functions coincident. In the third part, we generalize the concept of coincident functions and indicate that any Boolean function has the coincidence property even it is not coincident.

Expression and in vitro functions of the ghrelin axis in endometrial cancer

Ghrelin is a peptide hormone produced in the stomach and a range of other tissues, where it has endocrine, paracrine and autocrine roles in both normal and disease states. Ghrelin has been shown to be an important growth factor for a number of tumours, including prostate and breast cancers. In this study, we examined the expression of the ghrelin axis (ghrelin and its receptor, the growth hormone secretagogue receptor, GHSR) in endometrial cancer. Ghrelin is expressed in a range of endometrial cancer tissues, while its cognate receptor, GHSR1a, is expressed in a small subset of normal and cancer tissues. Low to moderately invasive endometrial cancer cell lines were examined by RT-PCR and immunoblotting, demonstrating that ghrelin axis mRNA and protein expression correlate with differentiation status of Ishikawa, HEC1B and KLE endometrial cancer cell lines. Moreover, treatment with ghrelin potently stimulated cell proliferation and inhibited cell death. Taken together, these data indicate that ghrelin promotes the progression of endometrial cancer cells in vitro, and may contribute to endometrial cancer pathogenesis and represent a novel treatment target.

Cryptanalysis of the convex hull click human identification protocol

Recently a convex hull based human identification protocol was proposed by Sobrado and Birget, whose steps can be performed by humans without additional aid. The main part of the protocol involves the user mentally forming a convex hull of secret icons in a set of graphical icons and then clicking randomly within this convex hull. In this paper we show two efficient probabilistic attacks on this protocol which reveal the user’s secret after the observation of only a handful of authentication sessions. We show that while the first attack can be mitigated through appropriately chosen values of system parameters, the second attack succeeds with a non-negligible probability even with large system parameter values which cross the threshold of usability.

MöBIUS-α commutative functions and partially coincident functions

The M¨obius transform of Boolean functions is often involved in cryptographic design and analysis. As studied previously, a Boolean function f is said to be coincident if it is identical with its M¨obius transform fμ, i.e., f = fμ...

Calibration functions for estimating soil moisture from GPR dielectric constant measurements

Ground-penetrating radar (GPR) is widely used for assessment of soil moisture variability in field soils. Because GPR does not measure soil water content directly, it is common practice to use calibration functions that describe its relationship with the soil dielectric properties and textural parameters. However, the large variety of models complicates the selection of the appropriate function. In this article an overview is presented of the different functions available, including volumetric models, empirical functions, effective medium theories, and frequency-specific functions. Using detailed information presented in summary tables, the choice for which calibration function to use can be guided by the soil variables available to the user, the frequency of the GPR equipment, and the desired level of detail of the output. This article can thus serve as a guide for GPR practitioners to obtain soil moisture values and to estimate soil dielectric properties.

Matching image sets via adaptive multi convex hull

Traditional nearest points methods use all the samples in an image set to construct a single convex or affine hull model for classification. However, strong artificial features and noisy data may be generated from combinations of training samples when significant intra-class variations and/or noise occur in the image set. Existing multi-model approaches extract local models by clustering each image set individually only once, with fixed clusters used for matching with various image sets. This may not be optimal for discrimination, as undesirable environmental conditions (eg. illumination and pose variations) may result in the two closest clusters representing different characteristics of an object (eg. frontal face being compared to non-frontal face). To address the above problem, we propose a novel approach to enhance nearest points based methods by integrating affine/convex hull classification with an adapted multi-model approach. We first extract multiple local convex hulls from a query image set via maximum margin clustering to diminish the artificial variations and constrain the noise in local convex hulls. We then propose adaptive reference clustering (ARC) to constrain the clustering of each gallery image set by forcing the clusters to have resemblance to the clusters in the query image set. By applying ARC, noisy clusters in the query set can be discarded. Experiments on Honda, MoBo and ETH-80 datasets show that the proposed method outperforms single model approaches and other recent techniques, such as Sparse Approximated Nearest Points, Mutual Subspace Method and Manifold Discriminant Analysis.

The SOS screen in Arabidopsis: a search for functions involved in DNA metabolism

The SOS screen, as originally described by Perkins et al. (1999), was setup with the aim of identifying Arabidopsis functions that might potentially be involved in the DNA metabolism. Such functions, when expressed in bacteria, are prone to disturb replication and thus trigger the SOS response. Consistently, expression of AtRAD51 and AtDMC1 induced the SOS response in bacteria, even affecting E. coli viability. 100 SOS-inducing cDNAs were isolated from a cDNA library constructed from an Arabidopsis cell suspension that was found to highly express meiotic genes. A large proportion of these SOS+ candidates are clearly related to the DNA metabolism, others could be involved in the RNA metabolism, while the remaining cDNAs encode either totally unknown proteins or proteins that were considered as irrelevant. Seven SOS+ candidate genes are induced following gamma irradiation. The in planta function of several of the SOS-inducing clones was investigated using T-DNA insertional mutants or RNA interference. Only one SOS+ candidate, among those examined, exhibited a defined phenotype: silenced plants for DUT1 were sensitive to 5-fluoro-uracil (5FU), as is the case of the leaky dut-1 mutant in E. coli that are affected in dUTPase activity. dUTPase is essential to prevent uracil incorporation in the course of DNA replication.

Higher order universal one-way hash functions from the subset sum assumption

Universal One-Way Hash Functions (UOWHFs) may be used in place of collision-resistant functions in many public-key cryptographic applications. At Asiacrypt 2004, Hong, Preneel and Lee introduced the stronger security notion of higher order UOWHFs to allow construction of long-input UOWHFs using the Merkle-Damgård domain extender. However, they did not provide any provably secure constructions for higher order UOWHFs. We show that the subset sum hash function is a kth order Universal One-Way Hash Function (hashing n bits to m < n bits) under the Subset Sum assumption for k = O(log m). Therefore we strengthen a previous result of Impagliazzo and Naor, who showed that the subset sum hash function is a UOWHF under the Subset Sum assumption. We believe our result is of theoretical interest; as far as we are aware, it is the first example of a natural and computationally efficient UOWHF which is also a provably secure higher order UOWHF under the same well-known cryptographic assumption, whereas this assumption does not seem sufficient to prove its collision-resistance. A consequence of our result is that one can apply the Merkle-Damgård extender to the subset sum compression function with ‘extension factor’ k+1, while losing (at most) about k bits of UOWHF security relative to the UOWHF security of the compression function. The method also leads to a saving of up to m log(k+1) bits in key length relative to the Shoup XOR-Mask domain extender applied to the subset sum compression function.

Homogeneous bent functions of degree n in 2n variables do not exist for n>3

We prove that homogeneous bent functions f:GF(2)^2n --> GF(2) of degree n do not exist for n>3. Consequently homogeneous bent functions must have degree 3.

The eight variable homogeneous degree three bent functions

We determine the affine equivalence classes of the eight variable degree three homogeneous bent functions using a new algorithm. Our algorithm applies to general bent functions and can systematically determine the automorphism groups. We provide a partial verification of the enumeration of eight variable degree three homogeneous bent functions obtained by Meng et al. We determine the affine equivalence classes of these functions.

Shared generation of pseudo-random functions

In Crypto’95, Micali and Sidney proposed a method for shared generation of a pseudo-random function f(·) among n players in such a way that for all the inputs x, any u players can compute f(x) while t or fewer players fail to do so, where 0⩽tfunctions, among the n players, each player gets a subset of S, in such a way that any u players together hold all the secret seeds in S while any t or fewer players will lack at least one element from S. The pseudo-random function is then computed as where fsi(·)'s are poly-random functions. One question raised by Micali and Sidney is how to distribute the secret seeds satisfying the above condition such that the number of seeds, d, is as small as possible. In this paper, we continue the work of Micali and Sidney. We first provide a general framework for shared generation of pseudo-random function using cumulative maps. We demonstrate that the Micali–Sidney scheme is a special case of this general construction. We then derive an upper and a lower bound for d. Finally we give a simple, yet efficient, approximation greedy algorithm for generating the secret seeds S in which d is close to the optimum by a factor of at most u ln 2.

Shared generation of pseudo-random functions with cumulative maps

In Crypto’95, Micali and Sidney proposed a method for shared generation of a pseudo-random function f(·) among n players in such a way that for all the inputs x, any u players can compute f(x) while t or fewer players fail to do so, where 0 ≤ t < u ≤ n. The idea behind the Micali-Sidney scheme is to generate and distribute secret seeds S = s1, . . . , sd of a poly-random collection of functions, among the n players, each player gets a subset of S, in such a way that any u players together hold all the secret seeds in S while any t or fewer players will lack at least one element from S. The pseudo-random function is then computed as where f s i (·)’s are poly-random functions. One question raised by Micali and Sidney is how to distribute the secret seeds satisfying the above condition such that the number of seeds, d, is as small as possible. In this paper, we continue the work of Micali and Sidney. We first provide a general framework for shared generation of pseudo-random function using cumulative maps. We demonstrate that the Micali-Sidney scheme is a special case of this general construction.We then derive an upper and a lower bound for d. Finally we give a simple, yet efficient, approximation greedy algorithm for generating the secret seeds S in which d is close to the optimum by a factor of at most u ln 2.