Lattice mixing and vanishing trapdoors : a framework for fully secure short signatures and more

We propose a framework for adaptive security from hard random lattices in the standard model. Our approach borrows from the recent Agrawal-Boneh-Boyen families of lattices, which can admit reliable and punctured trapdoors, respectively used in reality and in simulation. We extend this idea to make the simulation trapdoors cancel not for a specific forgery but on a non-negligible subset of the possible challenges. Conceptually, we build a compactly representable, large family of input-dependent “mixture” lattices, set up with trapdoors that “vanish” for a secret subset which we hope the forger will target. Technically, we tweak the lattice structure to achieve “naturally nice” distributions for arbitrary choices of subset size. The framework is very general. Here we obtain fully secure signatures, and also IBE, that are compact, simple, and elegant.

Lattice-based completely non-malleable public-key encryption in the standard model

An encryption scheme is non-malleable if giving an encryption of a message to an adversary does not increase its chances of producing an encryption of a related message (under a given public key). Fischlin introduced a stronger notion, known as complete non-malleability, which requires attackers to have negligible advantage, even if they are allowed to transform the public key under which the related message is encrypted. Ventre and Visconti later proposed a comparison-based definition of this security notion, which is more in line with the well-studied definitions proposed by Bellare et al. The authors also provide additional feasibility results by proposing two constructions of completely non-malleable schemes, one in the common reference string model using non-interactive zero-knowledge proofs, and another using interactive encryption schemes. Therefore, the only previously known completely non-malleable (and non-interactive) scheme in the standard model, is quite inefficient as it relies on generic NIZK approach. They left the existence of efficient schemes in the common reference string model as an open problem. Recently, two efficient public-key encryption schemes have been proposed by Libert and Yung, and Barbosa and Farshim, both of them are based on pairing identity-based encryption. At ACISP 2011, Sepahi et al. proposed a method to achieve completely non-malleable encryption in the public-key setting using lattices but there is no security proof for the proposed scheme. In this paper we review the mentioned scheme and provide its security proof in the standard model. Our study shows that Sepahi’s scheme will remain secure even for post-quantum world since there are currently no known quantum algorithms for solving lattice problems that perform significantly better than the best known classical (i.e., non-quantum) algorithms.

Lattice-based threshold changeability for standard shamir sectret-sharing schemes

We consider the problem of increasing the threshold parameter of a secret-sharing scheme after the setup (share distribution) phase, without further communication between the dealer and the shareholders. Previous solutions to this problem require one to start off with a nonstandard scheme designed specifically for this purpose, or to have communication between shareholders. In contrast, we show how to increase the threshold parameter of the standard Shamir secret-sharing scheme without communication between the shareholders. Our technique can thus be applied to existing Shamir schemes even if they were set up without consideration to future threshold increases. Our method is a new positive cryptographic application for lattice reduction algorithms, inspired by recent work on lattice-based list decoding of Reed-Solomon codes with noise bounded in the Lee norm. We use fundamental results from the theory of lattices (geometry of numbers) to prove quantitative statements about the information-theoretic security of our construction. These lattice-based security proof techniques may be of independent interest.

NTRUCCA : how to strengthen NTRUEncrypt to chosen-ciphertext security in the standard model

NTRUEncrypt is a fast and practical lattice-based public-key encryption scheme, which has been standardized by IEEE, but until recently, its security analysis relied only on heuristic arguments. Recently, Stehlé and Steinfeld showed that a slight variant (that we call pNE) could be proven to be secure under chosen-plaintext attack (IND-CPA), assuming the hardness of worst-case problems in ideal lattices. We present a variant of pNE called NTRUCCA, that is IND-CCA2 secure in the standard model assuming the hardness of worst-case problems in ideal lattices, and only incurs a constant factor overhead in ciphertext and key length over the pNE scheme. To our knowledge, our result gives the first IND-CCA2 secure variant of NTRUEncrypt in the standard model, based on standard cryptographic assumptions. As an intermediate step, we present a construction for an All-But-One (ABO) lossy trapdoor function from pNE, which may be of independent interest. Our scheme uses the lossy trapdoor function framework of Peikert and Waters, which we generalize to the case of (k − 1)-of-k-correlated input distributions.

Lattice-based completely non-malleable PKE in the standard model

This paper presents ongoing work toward constructing efficient completely non-malleable public-key encryption scheme based on lattices in the standard (common reference string) model. An encryption scheme is completely non-malleable if it requires attackers to have negligible advantage, even if they are allowed to transform the public key under which the related message is encrypted. Ventre and Visconti proposed two inefficient constructions of completely non-malleable schemes, one in the common reference string model using non-interactive zero-knowledge proofs, and another using interactive encryption schemes. Recently, two efficient public-key encryption schemes have been proposed, both of them are based on pairing identity-based encryption.

Location of hydrogen atoms in hydronium jarosite

Various models for the crystal structure of hydronium jarosite were determined from Rietveld refinements against neutron powder diffraction patterns collected at ambient temperature and also single-crystal X-ray diffraction data. The possibility of a lower symmetry space group for hydronium jarosite that has been suggested by the literature was investigated. It was found the space group is best described as R3¯m, the same for other jarosite minerals. The hydronium oxygen atom was found to occupy the 3¯m site (3a Wyckoff site). Inadequately refined hydronium bond angles and bond distances without the use of restraints are due to thermal motion and disorder of the hydronium hydrogen atoms across numerous orientations. However, the acquired data do not permit a precise determination of these orientations; the main feature up/down disorder of hydronium is clear. Thus, the highest symmetry model with the least disorder necessary to explain all data was chosen: The hydronium hydrogen atoms were modeled to occupy an m (18 h Wyckoff site) with 50 % fractional occupancy, leading to disorder across two orientations. A rigid body description of the hydronium ion rotated by 60° with H–O–H bond angles of 112° and O–H distances of 0.96 Å was optimal. This rigid body refinement suggests that hydrogen bonds between hydronium hydrogen atoms and basal sulfate oxygen atoms are not predominant. Instead, hydrogen bonds are formed between hydronium hydrogen atoms and hydroxyl oxygen atoms. The structure of hydronium alunite is expected to be similar given that alunite supergroup minerals are isostructural.

Characterisation of the micro-architecture of direct writing melt electrospun tissue engineering scaffolds using diffusion tensor and computed tomography microimaging

This article describes the first steps toward comprehensive characterization of molecular transport within scaffolds for tissue engineering. The scaffolds were fabricated using a novel melt electrospinning technique capable of constructing 3D lattices of layered polymer fibers with well - defined internal microarchitectures. The general morphology and structure order was then determined using T 2 - weighted magnetic resonance imaging and X - ray microcomputed tomography. Diffusion tensor microimaging was used to measure the time - dependent diffusivity and diffusion anisotropy within the scaffolds. The measured diffusion tensors were anisotropic and consistent with the cross - hatched geometry of the scaffolds: diffusion was least restricted in the direction perpendicular to the fiber layers. The results demonstrate that the cross - hatched scaffold structure preferentially promotes molecular transport vertically through the layers ( z - axis), with more restricted diffusion in the directions of the fiber layers ( x – y plane). Diffusivity in the x – y plane was observed to be invariant to the fiber thickness. The characteristic pore size of the fiber scaffolds can be probed by sampling the diffusion tensor at multiple diffusion times. Prospective application of diffusion tensor imaging for the real - time monitoring of tissue maturation and nutrient transport pathways within tissue engineering scaffolds is discussed.

Lattice-based threshold-changeability for standard Shamir secret-sharing schemes

We consider the problem of increasing the threshold parameter of a secret-sharing scheme after the setup (share distribution) phase, without further communication between the dealer and the shareholders. Previous solutions to this problem require one to start off with a non-standard scheme designed specifically for this purpose, or to have communication between shareholders. In contrast, we show how to increase the threshold parameter of the standard Shamir secret-sharing scheme without communication between the shareholders. Our technique can thus be applied to existing Shamir schemes even if they were set up without consideration to future threshold increases. Our method is a new positive cryptographic application for lattice reduction algorithms, inspired by recent work on lattice-based list decoding of Reed-Solomon codes with noise bounded in the Lee norm. We use fundamental results from the theory of lattices (Geometry of Numbers) to prove quantitative statements about the information-theoretic security of our construction. These lattice-based security proof techniques may be of independent interest.

Development of a new index of balance in adults with intellectual and developmental disabilities

Purposes: The first objective was to propose a new model representing the balance level of adults with intellectual and developmental disabilities (IDD) using Principal Components Analysis (PCA); and the second objective was to use the results from the PCA recorded by regression method to construct and validate summative scales of the standardized values of the index, which may be useful to facilitate a balance assessment in adults with IDD. Methods: A total of 801 individuals with IDD (509 males) mean 33.1±8.5 years old, were recruited from Special Olympic Games in Spain 2009 to 2012. The participants performed the following tests: the timed-stand test, the single leg stance test with open and closed eyes, the Functional Reach Test, the Expanded Timed-Get-up-and-Go Test. Data was analyzed using principal components analysis (PCA) with Oblimin rotation and Kaiser normalization. We examined the construct validity of our proposed two-factor model underlying balance for adults with IDD. The scores from PCA were recorded by regression method and were standardized. Results: The Component Plot and Rotated Space indicated that a two-factor solution (Dynamic and Static Balance components) was optimal. The PCA with direct Oblimin rotation revealed a satisfactory percentage of total variance explained by the two factors: 51.6 and 21.4%, respectively. The median score standardized for component dynamic and static of the balance index for adults with IDD is shown how references values. Conclusions: Our study may lead to improvements in the understanding and assessment of balance in adults with IDD. First, it confirms that a two-factor model may underlie the balance construct, and second, it provides an index that may be useful for identifying the balance level for adults with IDD.

Sealing the leak on classical NTRU signatures

Initial attempts to obtain lattice based signatures were closely related to reducing a vector modulo the fundamental parallelepiped of a secret basis (like GGH [9], or NTRUSign [12]). This approach leaked some information on the secret, namely the shape of the parallelepiped, which has been exploited on practical attacks [24]. NTRUSign was an extremely efficient scheme, and thus there has been a noticeable interest on developing countermeasures to the attacks, but with little success [6]. In [8] Gentry, Peikert and Vaikuntanathan proposed a randomized version of Babai’s nearest plane algorithm such that the distribution of a reduced vector modulo a secret parallelepiped only depended on the size of the base used. Using this algorithm and generating large, close to uniform, public keys they managed to get provably secure GGH-like lattice-based signatures. Recently, Stehlé and Steinfeld obtained a provably secure scheme very close to NTRUSign [26] (from a theoretical point of view). In this paper we present an alternative approach to seal the leak of NTRUSign. Instead of modifying the lattices and algorithms used, we do a classic leaky NTRUSign signature and hide it with gaussian noise using techniques present in Lyubashevky’s signatures. Our main contributions are thus a set of strong NTRUSign parameters, obtained by taking into account latest known attacks against the scheme, a statistical way to hide the leaky NTRU signature so that this particular instantiation of CVP-based signature scheme becomes zero-knowledge and secure against forgeries, based on the worst-case hardness of the O~(N1.5)-Shortest Independent Vector Problem over NTRU lattices. Finally, we give a set of concrete parameters to gauge the efficiency of the obtained signature scheme.

Can larger-bodied cemented femoral components reduce periprosthetic fractures? A biomechanical study

Introduction: The risk for late periprosthetic femoral fractures is higher in patients treated for a neck of femur fracture compared to osteoarthritis. It has been hypothesised that osteopenia and consequent decreased stiffness of the proximal femur are responsible for this. We investigated whether a femoral component with a bigger body would increase the torque to failure in a biaxially loaded composite Sawbone model. Material and methods: A biomechanical bone analogue was used. Two different body sizes (Exeter 44-1 vs 44-4) of a polished tapered cemented femoral stem were implanted by an experienced surgeon in 7 bone analogues each and internally rotated at 40°/s until failure. Torque to fracture and fracture energy were measured using a biaxial materials testing device (Instron 8874, MI, USA). The data were non-parametric and therefore tested with the Mann-Whitney U-test. Results: The median torque to fracture was 156.7 Nm (IQR 19.7) for the 44-1 stem and 237.1 Nm (IQR 52.9) for the 44-4 stem (p=0.001). The median fracture energy was 8.5J (IQR 7.3) for the 44-1 stem and 19.5J (IQR 8.8) for the 44-4 stem (p=0.014). Conclusions: The use of a large body polished tapered cemented stems for neck of femur fractures increases the torque to failure in a biomechanical model and therefore is likely to reduce late periprosthetic fracture risk in this vulnerable cohort.

Analytical study of implementation issues of NTRU

Nth-Dimensional Truncated Polynomial Ring (NTRU) is a lattice-based public-key cryptosystem that offers encryption and digital signature solutions. It was designed by Silverman, Hoffstein and Pipher. The NTRU cryptosystem was patented by NTRU Cryptosystems Inc. (which was later acquired by Security Innovations) and available as IEEE 1363.1 and X9.98 standards. NTRU is resistant to attacks based on Quantum computing, to which the standard RSA and ECC public-key cryptosystems are vulnerable to. In addition, NTRU has higher performance advantages over these cryptosystems. Considering this importance of NTRU, it is highly recommended to adopt NTRU as part of a cipher suite along with widely used cryptosystems for internet security protocols and applications. In this paper, we present our analytical study on the implementation of NTRU encryption scheme which serves as a guideline for security practitioners who are novice to lattice-based cryptography or even cryptography. In particular, we show some non-trivial issues that should be considered towards a secure and efficient NTRU implementation.

Group 14 element-based non-centrosymmetric quantum spin hall insulators with large bulk gap

To date, a number of two-dimensional (2D) topological insulators (TIs) have been realized in Group 14 elemental honeycomb lattices, but all are inversionsymmetric. Here, based on first-principles calculations, we predict a new family of 2D inversion-asymmetric TIs with sizeable bulk gaps from 105 meV to 284 meV, in X2–GeSn (X = H, F, Cl, Br, I) monolayers, making them in principle suitable for room-temperature applications. The nontrivial topological characteristics of inverted band orders are identified in pristine X2–GeSn with X = (F, Cl, Br, I), whereas H2–GeSn undergoes a nontrivial band inversion at 8% lattice expansion. Topologically protected edge states are identified in X2–GeSn with X = (F, Cl, Br, I), as well as in strained H2–GeSn. More importantly, the edges of these systems, which exhibit single-Dirac-cone characteristics located exactly in the middle of their bulk band gaps, are ideal for dissipationless transport. Thus, Group 14 elemental honeycomb lattices provide a fascinating playground for the manipulation of quantum states.

Angular dependence of the response of the nanoDot OSLD system for measurements at depth in clinical megavoltage beams

Purpose The purpose of this investigation was to assess the angular dependence of a commercial optically stimulated luminescence dosimeter (OSLD) dosimetry system in MV x-ray beams at depths beyondd max and to find ways to mitigate this dependence for measurements in phantoms. Methods Two special holders were designed which allow a dosimeter to be rotated around the center of its sensitive volume. The dosimeter's sensitive volume is a disk, 5 mm in diameter and 0.2 mm thick. The first holder rotates the disk in the traditional way. It positions the disk perpendicular to the beam (gantry pointing to the floor) in the initial position (0°). When the holder is rotated the angle of the disk towards the beam increases until the disk is parallel with the beam (“edge on,” 90°). This is referred to as Setup 1. The second holder offers a new, alternative measurement position. It positions the disk parallel to the beam for all angles while rotating around its center (Setup 2). Measurements with five to ten dosimeters per point were carried out for 6 MV at 3 and 10 cm depth. Monte Carlo simulations using GEANT4 were performed to simulate the response of the active detector material for several angles. Detector and housing were simulated in detail based on microCT data and communications with the manufacturer. Various material compositions and an all-water geometry were considered. Results For the traditional Setup 1 the response of the OSLD dropped on average by 1.4% ± 0.7% (measurement) and 2.1% ± 0.3% (Monte Carlo simulation) for the 90° orientation compared to 0°. Monte Carlo simulations also showed a strong dependence of the effect on the composition of the sensitive layer. Assuming the layer to completely consist of the active material (Al2O3) results in a 7% drop in response for 90° compared to 0°. Assuming the layer to be completely water, results in a flat response within the simulation uncertainty of about 1%. For the new Setup 2, measurements and Monte Carlo simulations found the angular dependence of the dosimeter to be below 1% and within the measurement uncertainty. Conclusions The dosimeter system exhibits a small angular dependence of approximately 2% which needs to be considered for measurements involving other than normal incident beams angles. This applies in particular to clinicalin vivo measurements where the orientation of the dosimeter is dictated by clinical circumstances and cannot be optimized as otherwise suggested here. When measuring in a phantom, the proposed new setup should be considered. It changes the orientation of the dosimeter so that a coplanar beam arrangement always hits the disk shaped detector material from the thin side and thereby reduces the angular dependence of the response to within the measurement uncertainty of about 1%. This improvement makes the dosimeter more attractive for clinical measurements with multiple coplanar beams in phantoms, as the overall measurement uncertainty is reduced. Similarly, phantom based postal audits can transition from the traditional TLD to the more accurate and convenient OSLD.

Crystal structure of morpholin-4-ium cinnamate

In the anhydrous salt formed from the reaction of morpholine with cinnamic acid, C4H10NO+ C9H7O2-, the acid side chain in the trans-cinnamate anion is significantly rotated out of the benzene plane [C-C-C-C torsion angle = 158.54(17)deg. In the crystal, one of the the aminium H atoms is involved in a asymmetric three-centre cation-anion N-H...(O,O') R2/1(4) hydrogen-bonding interaction with the two carboxyl O-atom acceptors of the anion. The second aminium H atom forms an inter-species N-H...O(carboxyl) hydrogen bond, generating a one-dimensional chain structure extending along [100]. Chains are linked by C-H...O interactions forming a supramolecular layer parallel to (01-1).