Secure Multi-Party Computation without Agreement

It has recently been shown that authenticated Byzantine agreement, in which more than a third of the parties are corrupted, cannot be securely realized under concurrent or parallel (stateless) composition. This result puts into question any usage of authenticated Byzantine agreement in a setting where many executions take place. In particular, this is true for the whole body of work of secure multi-party protocols in the case that a third or more of the parties are corrupted. This is because these protocols strongly rely on the extensive use of a broadcast channel, which is in turn realized using authenticated Byzantine agreement. We remark that it was accepted folklore that the use of a broadcast channel (or authenticated Byzantine agreement) is actually essential for achieving meaningful secure multi-party computation whenever a third or more of the parties are corrupted. In this paper we show that this folklore is false. We present a mild relaxation of the definition of secure computation allowing abort. Our new definition captures all the central security issues of secure computation, including privacy, correctness and independence of inputs. However, the novelty of the definition is in decoupling the issue of agreement from these issues. We then show that this relaxation suffices for achieving secure computation in a point-to-point network. That is, we show that secure multi-party computation for this definition can be achieved for any number of corrupted parties and without a broadcast channel (or trusted pre-processing phase as required for running authenticated Byzantine agreement). Furthermore, this is achieved by just replacing the broadcast channel in known protocols with a very simple and efficient echo-broadcast protocol. An important corollary of our result is the ability to obtain multi-party protocols that remain secure under composition, without assuming a broadcast channel.     

Fast Cut-and-Choose-Based Protocols for Malicious and Covert Adversaries

In the setting of secure two-party computation, two parties wish to securely compute a joint function of their private inputs, while revealing only the output. One of the primary techniques for achieving efficient secure two-party computation is that of Yao’s garbled circuits (FOCS 1986). In the semi-honest model, where just one garbled circuit is constructed and evaluated, Yao’s protocol has proven itself to be very efficient. However, a malicious adversary who constructs the garbled circuit may construct a garbling of a different circuit computing a different function, and this cannot be detected (due to the garbling). In order to solve this problem, many circuits are sent and some of them are opened to check that they are correct while the others are evaluated. This methodology, called cut-and-choose, introduces significant overhead, both in computation and in communication, and is mainly due to the number of circuits that must be used in order to prevent cheating. In this paper, we present a cut-and-choose protocol for secure computation based on garbled circuits, with security in the presence of malicious adversaries, that vastly improves on all previous protocols of this type. Concretely, for a cheating probability of at most \(2^{-40}\), the best previous works send between 125 and 128 circuits. In contrast, in our protocol 40 circuits alone suffice (with some additional overhead). Asymptotically, we achieve a cheating probability of \(2^{-s}\) where \(s\) is the number of garbled circuits, in contrast to the previous best of \(2^{-0.32s}\). We achieve this by introducing a new cut-and-choose methodology with the property that in order to cheat, all of the evaluated circuits must be incorrect, and not just the majority as in previous works. The security of our protocol relies on the decisional Diffie–Hellman assumption.     

Film thickness in horizontal annular flow

Film thickness in horizontal annular flow in small diameter pipes (8-12 mm) was measured as a function of circumferential position. In addition a simple analytical model for the prediction of the film thickness at the top and bottom of the pipe is proposed.     

Absorption of a multicomponenet gaseous mixtures in the presence of instantaneous surface reaction

The rate of absorption from a multicomponent gaseous mixture into a flowing stream in the presence of instantaneous surface reaction is investigated. This is effected by using the generalized Fick's Law for multicomponent diffusion and also by applying the approximate approach based on the assumption that the concentrations of the reactive species are small. Constant properties are assumed for the mixture which are taken at a reference state. As an example, the absorption of C0₂-H₂S and C0₂-H₂ from air are considered. The results show that when the binary diffusion coefficients of the species in the inert gas are greatly different, the error introduced in calculations based on the “Low Concentration” approach is quite appreciable.     

Source-model technique analysis of electromagnetic scattering by surface grooves and slits

A computational tool, based on the source-model technique (SMT), for analysis of electromagnetic wave scattering by surface grooves and slits is presented. The idea is to use a superposition of the solution of the unperturbed problem and local corrections in the groove/slit region (the grooves and slits are treated as perturbations). In this manner, the solution is obtained in a much faster way than solving the original problem. The proposed solution is applied to problems of grooves and slits in otherwise planar or periodic surfaces. Grooves and slits of various shapes, both smooth ones as well as ones with edges, empty or filled with dielectric material, are considered. The obtained results are verified against previously published data.     

Completeness for Symmetric Two-Party Functionalities: Revisited

Understanding the minimal assumptions required for carrying out cryptographic tasks is one of the fundamental goals of theoretic cryptography. A rich body of work has been dedicated to understanding the complexity of cryptographic tasks in the context of (semi-honest) secure two-party computation. Much of this work has focused on the characterization of trivial and complete functionalities (resp., functionalities that can be securely implemented unconditionally, and functionalities that can be used to securely compute all functionalities). Most previous works define reductions via an ideal implementation of the functionality; i.e., f reduces to g if one can implement f using a black-box (or oracle) that computes the function g and returns the output to both parties. Such a reduction models the computation of f as an atomic operation. However, in the real world, protocols proceed in rounds, and the output is not learned by the parties simultaneously. In this paper, we show that this distinction is significant. Specifically, we show that there exist symmetric functionalities (where both parties receive the same outcome) that are neither trivial nor complete under “black-box reductions,” and yet the existence of a constant-round protocol for securely computing such a functionality implies infinitely often oblivious transfer (meaning that it is secure for infinitely many values of the security parameter). In light of the above, we propose an alternative definitional infrastructure for studying the triviality and completeness of functionalities.     

A simple test for differentiation between E. coli and A. aerogenes

An important problem in water quality control is the ability to differentiate between E. coli (faecal) and A. aerogenes (non-faecal) coliforms. To perform this differentiation, a simple test, based on a modification of the selective mFC medium and optimal incubation temperature (37°C) is proposed. Under these specific conditions E. coli bacteria develop into dark blue colonies, whereas A. aerogenes into pink ones. The intermediate coliform bacteria appear greenish-blue or pink, depending on their relation (closeness) to E. coli or A. aerogenes.