Lattice-based threshold changeability for standard shamir sectret-sharing schemes

We consider the problem of increasing the threshold parameter of a secret-sharing scheme after the setup (share distribution) phase, without further communication between the dealer and the shareholders. Previous solutions to this problem require one to start off with a nonstandard scheme designed specifically for this purpose, or to have communication between shareholders. In contrast, we show how to increase the threshold parameter of the standard Shamir secret-sharing scheme without communication between the shareholders. Our technique can thus be applied to existing Shamir schemes even if they were set up without consideration to future threshold increases. Our method is a new positive cryptographic application for lattice reduction algorithms, inspired by recent work on lattice-based list decoding of Reed-Solomon codes with noise bounded in the Lee norm. We use fundamental results from the theory of lattices (geometry of numbers) to prove quantitative statements about the information-theoretic security of our construction. These lattice-based security proof techniques may be of independent interest.

Expressive cryptography : lattice perspectives

The invention of asymmetric encryption back in the seventies was a conceptual leap that vastly increased the expressive power of encryption of the times. For the first time, it allowed the sender of a message to designate the intended recipient in an cryptographic way, expressed as a “public key” that was related to but distinct from the “private key” that, alone, embodied the ability to decrypt. This made large-scale encryption a practical and scalable endeavour, and more than anything else—save the internet itself—led to the advent of electronic commerce as we know and practice it today.

Expression and in vitro functions of the ghrelin axis in endometrial cancer

Ghrelin is a peptide hormone produced in the stomach and a range of other tissues, where it has endocrine, paracrine and autocrine roles in both normal and disease states. Ghrelin has been shown to be an important growth factor for a number of tumours, including prostate and breast cancers. In this study, we examined the expression of the ghrelin axis (ghrelin and its receptor, the growth hormone secretagogue receptor, GHSR) in endometrial cancer. Ghrelin is expressed in a range of endometrial cancer tissues, while its cognate receptor, GHSR1a, is expressed in a small subset of normal and cancer tissues. Low to moderately invasive endometrial cancer cell lines were examined by RT-PCR and immunoblotting, demonstrating that ghrelin axis mRNA and protein expression correlate with differentiation status of Ishikawa, HEC1B and KLE endometrial cancer cell lines. Moreover, treatment with ghrelin potently stimulated cell proliferation and inhibited cell death. Taken together, these data indicate that ghrelin promotes the progression of endometrial cancer cells in vitro, and may contribute to endometrial cancer pathogenesis and represent a novel treatment target.

Lattice-based completely non-malleable PKE in the standard model

This paper presents ongoing work toward constructing efficient completely non-malleable public-key encryption scheme based on lattices in the standard (common reference string) model. An encryption scheme is completely non-malleable if it requires attackers to have negligible advantage, even if they are allowed to transform the public key under which the related message is encrypted. Ventre and Visconti proposed two inefficient constructions of completely non-malleable schemes, one in the common reference string model using non-interactive zero-knowledge proofs, and another using interactive encryption schemes. Recently, two efficient public-key encryption schemes have been proposed, both of them are based on pairing identity-based encryption.

MöBIUS-α commutative functions and partially coincident functions

The M¨obius transform of Boolean functions is often involved in cryptographic design and analysis. As studied previously, a Boolean function f is said to be coincident if it is identical with its M¨obius transform fμ, i.e., f = fμ...

Calibration functions for estimating soil moisture from GPR dielectric constant measurements

Ground-penetrating radar (GPR) is widely used for assessment of soil moisture variability in field soils. Because GPR does not measure soil water content directly, it is common practice to use calibration functions that describe its relationship with the soil dielectric properties and textural parameters. However, the large variety of models complicates the selection of the appropriate function. In this article an overview is presented of the different functions available, including volumetric models, empirical functions, effective medium theories, and frequency-specific functions. Using detailed information presented in summary tables, the choice for which calibration function to use can be guided by the soil variables available to the user, the frequency of the GPR equipment, and the desired level of detail of the output. This article can thus serve as a guide for GPR practitioners to obtain soil moisture values and to estimate soil dielectric properties.

The SOS screen in Arabidopsis: a search for functions involved in DNA metabolism

The SOS screen, as originally described by Perkins et al. (1999), was setup with the aim of identifying Arabidopsis functions that might potentially be involved in the DNA metabolism. Such functions, when expressed in bacteria, are prone to disturb replication and thus trigger the SOS response. Consistently, expression of AtRAD51 and AtDMC1 induced the SOS response in bacteria, even affecting E. coli viability. 100 SOS-inducing cDNAs were isolated from a cDNA library constructed from an Arabidopsis cell suspension that was found to highly express meiotic genes. A large proportion of these SOS+ candidates are clearly related to the DNA metabolism, others could be involved in the RNA metabolism, while the remaining cDNAs encode either totally unknown proteins or proteins that were considered as irrelevant. Seven SOS+ candidate genes are induced following gamma irradiation. The in planta function of several of the SOS-inducing clones was investigated using T-DNA insertional mutants or RNA interference. Only one SOS+ candidate, among those examined, exhibited a defined phenotype: silenced plants for DUT1 were sensitive to 5-fluoro-uracil (5FU), as is the case of the leaky dut-1 mutant in E. coli that are affected in dUTPase activity. dUTPase is essential to prevent uracil incorporation in the course of DNA replication.

Higher order universal one-way hash functions from the subset sum assumption

Universal One-Way Hash Functions (UOWHFs) may be used in place of collision-resistant functions in many public-key cryptographic applications. At Asiacrypt 2004, Hong, Preneel and Lee introduced the stronger security notion of higher order UOWHFs to allow construction of long-input UOWHFs using the Merkle-Damgård domain extender. However, they did not provide any provably secure constructions for higher order UOWHFs. We show that the subset sum hash function is a kth order Universal One-Way Hash Function (hashing n bits to m < n bits) under the Subset Sum assumption for k = O(log m). Therefore we strengthen a previous result of Impagliazzo and Naor, who showed that the subset sum hash function is a UOWHF under the Subset Sum assumption. We believe our result is of theoretical interest; as far as we are aware, it is the first example of a natural and computationally efficient UOWHF which is also a provably secure higher order UOWHF under the same well-known cryptographic assumption, whereas this assumption does not seem sufficient to prove its collision-resistance. A consequence of our result is that one can apply the Merkle-Damgård extender to the subset sum compression function with ‘extension factor’ k+1, while losing (at most) about k bits of UOWHF security relative to the UOWHF security of the compression function. The method also leads to a saving of up to m log(k+1) bits in key length relative to the Shoup XOR-Mask domain extender applied to the subset sum compression function.

Homogeneous bent functions of degree n in 2n variables do not exist for n>3

We prove that homogeneous bent functions f:GF(2)^2n --> GF(2) of degree n do not exist for n>3. Consequently homogeneous bent functions must have degree 3.

The eight variable homogeneous degree three bent functions

We determine the affine equivalence classes of the eight variable degree three homogeneous bent functions using a new algorithm. Our algorithm applies to general bent functions and can systematically determine the automorphism groups. We provide a partial verification of the enumeration of eight variable degree three homogeneous bent functions obtained by Meng et al. We determine the affine equivalence classes of these functions.

Lattice-based threshold-changeability for standard CRT secret-sharing schemes

We consider the problem of increasing the threshold parameter of a secret-sharing scheme after the setup (share distribution) phase, without further communication between the dealer and the shareholders. Previous solutions to this problem require one to start off with a non-standard scheme designed specifically for this purpose, or to have secure channels between shareholders. In contrast, we show how to increase the threshold parameter of the standard CRT secret-sharing scheme without secure channels between the shareholders. Our method can thus be applied to existing CRT schemes even if they were set up without consideration to future threshold increases. Our method is a positive cryptographic application for lattice reduction algorithms, and we also use techniques from lattice theory (geometry of numbers) to prove statements about the correctness and information-theoretic security of our constructions.

Lattice-based threshold-changeability for standard Shamir secret-sharing schemes

We consider the problem of increasing the threshold parameter of a secret-sharing scheme after the setup (share distribution) phase, without further communication between the dealer and the shareholders. Previous solutions to this problem require one to start off with a non-standard scheme designed specifically for this purpose, or to have communication between shareholders. In contrast, we show how to increase the threshold parameter of the standard Shamir secret-sharing scheme without communication between the shareholders. Our technique can thus be applied to existing Shamir schemes even if they were set up without consideration to future threshold increases. Our method is a new positive cryptographic application for lattice reduction algorithms, inspired by recent work on lattice-based list decoding of Reed-Solomon codes with noise bounded in the Lee norm. We use fundamental results from the theory of lattices (Geometry of Numbers) to prove quantitative statements about the information-theoretic security of our construction. These lattice-based security proof techniques may be of independent interest.

Shared generation of pseudo-random functions

In Crypto’95, Micali and Sidney proposed a method for shared generation of a pseudo-random function f(·) among n players in such a way that for all the inputs x, any u players can compute f(x) while t or fewer players fail to do so, where 0⩽tfunctions, among the n players, each player gets a subset of S, in such a way that any u players together hold all the secret seeds in S while any t or fewer players will lack at least one element from S. The pseudo-random function is then computed as where fsi(·)'s are poly-random functions. One question raised by Micali and Sidney is how to distribute the secret seeds satisfying the above condition such that the number of seeds, d, is as small as possible. In this paper, we continue the work of Micali and Sidney. We first provide a general framework for shared generation of pseudo-random function using cumulative maps. We demonstrate that the Micali–Sidney scheme is a special case of this general construction. We then derive an upper and a lower bound for d. Finally we give a simple, yet efficient, approximation greedy algorithm for generating the secret seeds S in which d is close to the optimum by a factor of at most u ln 2.

Shared generation of pseudo-random functions with cumulative maps

In Crypto’95, Micali and Sidney proposed a method for shared generation of a pseudo-random function f(·) among n players in such a way that for all the inputs x, any u players can compute f(x) while t or fewer players fail to do so, where 0 ≤ t < u ≤ n. The idea behind the Micali-Sidney scheme is to generate and distribute secret seeds S = s1, . . . , sd of a poly-random collection of functions, among the n players, each player gets a subset of S, in such a way that any u players together hold all the secret seeds in S while any t or fewer players will lack at least one element from S. The pseudo-random function is then computed as where f s i (·)’s are poly-random functions. One question raised by Micali and Sidney is how to distribute the secret seeds satisfying the above condition such that the number of seeds, d, is as small as possible. In this paper, we continue the work of Micali and Sidney. We first provide a general framework for shared generation of pseudo-random function using cumulative maps. We demonstrate that the Micali-Sidney scheme is a special case of this general construction.We then derive an upper and a lower bound for d. Finally we give a simple, yet efficient, approximation greedy algorithm for generating the secret seeds S in which d is close to the optimum by a factor of at most u ln 2.

The Saccharomyces cerevisiae RNA-binding protein Rbp29 functions in cytoplasmic mRNA metabolism

Here we report that the Saccharomyces cerevisiae RBP29 (SGN1, YIR001C) gene encodes a 29-kDa cytoplasmic protein that binds to mRNA in vivo. Rbp29p can be co-immunoprecipitated with the poly(A) tail-binding protein Pab1p from crude yeast extracts in a dosageand RNA-dependent manner. In addition, recombinant Rbp29p binds preferentially to poly(A) with nanomolar binding affinity in vitro. Although RBP29 is not essential for cell viability, its deletion exacerbates the slow growth phenotype of yeast strains harboring mutations in the eIF4G genes TIF4631 and TIF4632. Furthermore, overexpression of RBP29 suppresses the temperaturesensitive growth phenotype of specific tif4631, tif4632, and pab1 alleles. These data suggest that Rbp29p is an mRNA-binding protein that plays a role in modulating the expression of cytoplasmic mRNA.