TY - CONF
AB - Witness encryption (WE) was introduced by Garg et al. [GGSW13]. A WE scheme is defined for some NP language L and lets a sender encrypt messages relative to instances x. A ciphertext for x can be decrypted using w witnessing x ∈ L, but hides the message if x ∈ L. Garg et al. construct WE from multilinear maps and give another construction [GGH+13b] using indistinguishability obfuscation (iO) for circuits. Due to the reliance on such heavy tools, WE can cur- rently hardly be implemented on powerful hardware and will unlikely be realizable on constrained devices like smart cards any time soon. We construct a WE scheme where encryption is done by simply computing a Naor-Yung ciphertext (two CPA encryptions and a NIZK proof). To achieve this, our scheme has a setup phase, which outputs public parameters containing an obfuscated circuit (only required for decryption), two encryption keys and a common reference string (used for encryption). This setup need only be run once, and the parame- ters can be used for arbitrary many encryptions. Our scheme can also be turned into a functional WE scheme, where a message is encrypted w.r.t. a statement and a function f, and decryption with a witness w yields f (m, w). Our construction is inspired by the functional encryption scheme by Garg et al. and we prove (selective) security assuming iO and statistically simulation-sound NIZK. We give a construction of the latter in bilinear groups and combining it with ElGamal encryption, our ciphertexts are of size 1.3 kB at a 128-bit security level and can be computed on a smart card.
AU - Abusalah, Hamza M
AU - Fuchsbauer, Georg
AU - Pietrzak, Krzysztof Z
ID - 1229
TI - Offline witness encryption
VL - 9696
ER -
TY - CONF
AB - Concolic testing is a promising method for generating test suites for large programs. However, it suffers from the path-explosion problem and often fails to find tests that cover difficult-to-reach parts of programs. In contrast, model checkers based on counterexample-guided abstraction refinement explore programs exhaustively, while failing to scale on large programs with precision. In this paper, we present a novel method that iteratively combines concolic testing and model checking to find a test suite for a given coverage criterion. If concolic testing fails to cover some test goals, then the model checker refines its program abstraction to prove more paths infeasible, which reduces the search space for concolic testing. We have implemented our method on top of the concolictesting tool Crest and the model checker CpaChecker. We evaluated our tool on a collection of programs and a category of SvComp benchmarks. In our experiments, we observed an improvement in branch coverage compared to Crest from 48% to 63% in the best case, and from 66% to 71% on average.
AU - Daca, Przemyslaw
AU - Gupta, Ashutosh
AU - Henzinger, Thomas A
ID - 1230
TI - Abstraction-driven concolic testing
VL - 9583
ER -
TY - CONF
AB - We study the time-and memory-complexities of the problem of computing labels of (multiple) randomly selected challenge-nodes in a directed acyclic graph. The w-bit label of a node is the hash of the labels of its parents, and the hash function is modeled as a random oracle. Specific instances of this problem underlie both proofs of space [Dziembowski et al. CRYPTO’15] as well as popular memory-hard functions like scrypt. As our main tool, we introduce the new notion of a probabilistic parallel entangled pebbling game, a new type of combinatorial pebbling game on a graph, which is closely related to the labeling game on the same graph. As a first application of our framework, we prove that for scrypt, when the underlying hash function is invoked n times, the cumulative memory complexity (CMC) (a notion recently introduced by Alwen and Serbinenko (STOC’15) to capture amortized memory-hardness for parallel adversaries) is at least Ω(w · (n/ log(n))2). This bound holds for adversaries that can store many natural functions of the labels (e.g., linear combinations), but still not arbitrary functions thereof. We then introduce and study a combinatorial quantity, and show how a sufficiently small upper bound on it (which we conjecture) extends our CMC bound for scrypt to hold against arbitrary adversaries. We also show that such an upper bound solves the main open problem for proofs-of-space protocols: namely, establishing that the time complexity of computing the label of a random node in a graph on n nodes (given an initial kw-bit state) reduces tightly to the time complexity for black pebbling on the same graph (given an initial k-node pebbling).
AU - Alwen, Joel F
AU - Chen, Binyi
AU - Kamath Hosdurg, Chethan
AU - Kolmogorov, Vladimir
AU - Pietrzak, Krzysztof Z
AU - Tessaro, Stefano
ID - 1231
TI - On the complexity of scrypt and proofs of space in the parallel random oracle model
VL - 9666
ER -
TY - JOUR
AB - Mitochondrial electron transport chain complexes are organized into supercomplexes responsible for carrying out cellular respiration. Here we present three architectures of mammalian (ovine) supercomplexes determined by cryo-electron microscopy. We identify two distinct arrangements of supercomplex CICIII 2 CIV (the respirasome) - a major 'tight' form and a minor 'loose' form (resolved at the resolution of 5.8 Å and 6.7 Å, respectively), which may represent different stages in supercomplex assembly or disassembly. We have also determined an architecture of supercomplex CICIII 2 at 7.8 Å resolution. All observed density can be attributed to the known 80 subunits of the individual complexes, including 132 transmembrane helices. The individual complexes form tight interactions that vary between the architectures, with complex IV subunit COX7a switching contact from complex III to complex I. The arrangement of active sites within the supercomplex may help control reactive oxygen species production. To our knowledge, these are the first complete architectures of the dominant, physiologically relevant state of the electron transport chain.
AU - Letts, James A
AU - Fiedorczuk, Karol
AU - Sazanov, Leonid A
ID - 1232
IS - 7622
JF - Nature
TI - The architecture of respiratory supercomplexes
VL - 537
ER -
TY - CONF
AB - About three decades ago it was realized that implementing private channels between parties which can be adaptively corrupted requires an encryption scheme that is secure against selective opening attacks. Whether standard (IND-CPA) security implies security against selective opening attacks has been a major open question since. The only known reduction from selective opening to IND-CPA security loses an exponential factor. A polynomial reduction is only known for the very special case where the distribution considered in the selective opening security experiment is a product distribution, i.e., the messages are sampled independently from each other. In this paper we give a reduction whose loss is quantified via the dependence graph (where message dependencies correspond to edges) of the underlying message distribution. In particular, for some concrete distributions including Markov distributions, our reduction is polynomial.
AU - Fuchsbauer, Georg
AU - Heuer, Felix
AU - Kiltz, Eike
AU - Pietrzak, Krzysztof Z
ID - 1233
TI - Standard security does imply security against selective opening for markov distributions
VL - 9562
ER -
TY - CONF
AB - We present a new algorithm for the statistical model checking of Markov chains with respect to unbounded temporal properties, including full linear temporal logic. The main idea is that we monitor each simulation run on the fly, in order to detect quickly if a bottom strongly connected component is entered with high probability, in which case the simulation run can be terminated early. As a result, our simulation runs are often much shorter than required by termination bounds that are computed a priori for a desired level of confidence on a large state space. In comparison to previous algorithms for statistical model checking our method is not only faster in many cases but also requires less information about the system, namely, only the minimum transition probability that occurs in the Markov chain. In addition, our method can be generalised to unbounded quantitative properties such as mean-payoff bounds.
AU - Daca, Przemyslaw
AU - Henzinger, Thomas A
AU - Kretinsky, Jan
AU - Petrov, Tatjana
ID - 1234
TI - Faster statistical model checking for unbounded temporal properties
VL - 9636
ER -
TY - CONF
AB - A constrained pseudorandom function (CPRF) F: K×X → Y for a family T of subsets of χ is a function where for any key k ∈ K and set S ∈ T one can efficiently compute a short constrained key kS, which allows to evaluate F(k, ·) on all inputs x ∈ S, while the outputs on all inputs x /∈ S look random even given kS. Abusalah et al. recently constructed the first constrained PRF for inputs of arbitrary length whose sets S are decided by Turing machines. They use their CPRF to build broadcast encryption and the first ID-based non-interactive key exchange for an unbounded number of users. Their constrained keys are obfuscated circuits and are therefore large. In this work we drastically reduce the key size and define a constrained key for a Turing machine M as a short signature on M. For this, we introduce a new signature primitive with constrained signing keys that let one only sign certain messages, while forging a signature on others is hard even when knowing the coins for key generation.
AU - Abusalah, Hamza M
AU - Fuchsbauer, Georg
ID - 1235
TI - Constrained PRFs for unbounded inputs with short keys
VL - 9696
ER -
TY - CONF
AB - A constrained pseudorandom function F: K × X → Y for a family T ⊆ 2X of subsets of X is a function where for any key k ∈ K and set S ∈ T one can efficiently compute a constrained key kS which allows to evaluate F (k, ·) on all inputs x ∈ S, while even given this key, the outputs on all inputs x ∉ S look random. At Asiacrypt’13 Boneh and Waters gave a construction which supports the most general set family so far. Its keys kc are defined for sets decided by boolean circuits C and enable evaluation of the PRF on any x ∈ X where C(x) = 1. In their construction the PRF input length and the size of the circuits C for which constrained keys can be computed must be fixed beforehand during key generation. We construct a constrained PRF that has an unbounded input length and whose constrained keys can be defined for any set recognized by a Turing machine. The only a priori bound we make is on the description size of the machines. We prove our construction secure assuming publiccoin differing-input obfuscation. As applications of our constrained PRF we build a broadcast encryption scheme where the number of potential receivers need not be fixed at setup (in particular, the length of the keys is independent of the number of parties) and the first identity-based non-interactive key exchange protocol with no bound on the number of parties that can agree on a shared key.
AU - Abusalah, Hamza M
AU - Fuchsbauer, Georg
AU - Pietrzak, Krzysztof Z
ID - 1236
TI - Constrained PRFs for unbounded inputs
VL - 9610
ER -
TY - CONF
AB - Bitmap images of arbitrary dimension may be formally perceived as unions of m-dimensional boxes aligned with respect to a rectangular grid in ℝm. Cohomology and homology groups are well known topological invariants of such sets. Cohomological operations, such as the cup product, provide higher-order algebraic topological invariants, especially important for digital images of dimension higher than 3. If such an operation is determined at the level of simplicial chains [see e.g. González-Díaz, Real, Homology, Homotopy Appl, 2003, 83-93], then it is effectively computable. However, decomposing a cubical complex into a simplicial one deleteriously affects the efficiency of such an approach. In order to avoid this overhead, a direct cubical approach was applied in [Pilarczyk, Real, Adv. Comput. Math., 2015, 253-275] for the cup product in cohomology, and implemented in the ChainCon software package [http://www.pawelpilarczyk.com/chaincon/]. We establish a formula for the Steenrod square operations [see Steenrod, Annals of Mathematics. Second Series, 1947, 290-320] directly at the level of cubical chains, and we prove the correctness of this formula. An implementation of this formula is programmed in C++ within the ChainCon software framework. We provide a few examples and discuss the effectiveness of this approach. One specific application follows from the fact that Steenrod squares yield tests for the topological extension problem: Can a given map A → Sd to a sphere Sd be extended to a given super-complex X of A? In particular, the ROB-SAT problem, which is to decide for a given function f: X → ℝm and a value r > 0 whether every g: X → ℝm with ∥g - f ∥∞ ≤ r has a root, reduces to the extension problem.
AU - Krcál, Marek
AU - Pilarczyk, Pawel
ID - 1237
TI - Computation of cubical Steenrod squares
VL - 9667
ER -
TY - JOUR
AB - The dynamic localization of endosomal compartments labeled with targeted fluorescent protein tags is routinely followed by time lapse fluorescence microscopy approaches and single particle tracking algorithms. In this way trajectories of individual endosomes can be mapped and linked to physiological processes as cell growth. However, other aspects of dynamic behavior including endosomal interactions are difficult to follow in this manner. Therefore, we characterized the localization and dynamic properties of early and late endosomes throughout the entire course of root hair formation by means of spinning disc time lapse imaging and post-acquisition automated multitracking and quantitative analysis. Our results show differential motile behavior of early and late endosomes and interactions of late endosomes that may be specified to particular root hair domains. Detailed data analysis revealed a particular transient interaction between late endosomes—termed herein as dancing-endosomes—which is not concluding to vesicular fusion. Endosomes preferentially located in the root hair tip interacted as dancing-endosomes and traveled short distances during this interaction. Finally, sizes of early and late endosomes were addressed by means of super-resolution structured illumination microscopy (SIM) to corroborate measurements on the spinning disc. This is a first study providing quantitative microscopic data on dynamic spatio-temporal interactions of endosomes during root hair tip growth.
AU - Von Wangenheim, Daniel
AU - Rosero, Amparo
AU - Komis, George
AU - Šamajová, Olga
AU - Ovečka, Miroslav
AU - Voigt, Boris
AU - Šamaj, Jozef
ID - 1238
IS - JAN2016
JF - Frontiers in Plant Science
TI - Endosomal interactions during root hair growth
VL - 6
ER -