Non-malleable codes for space-bounded tampering

Non-malleable codes—introduced by Dziembowski, Pietrzak and Wichs at ICS 2010—are key-less coding schemes in which mauling attempts to an encoding of a given message, w.r.t. some class of tampering adversaries, result in a decoded value that is either identical or unrelated to the original message. Such codes are very useful for protecting arbitrary cryptographic primitives against tampering attacks against the memory. Clearly, non-malleability is hopeless if the class of tampering adversaries includes the decoding and encoding algorithm. To circumvent this obstacle, the majority of past research focused on designing non-malleable codes for various tampering classes, albeit assuming that the adversary is unable to decode. Nonetheless, in many concrete settings, this assumption is not realistic

Quantum correlations in Newtonian space and time: arbitrarily fast communication or nonlocality

We investigate possible explanations of quantum correlations that satisfy the principle of continuity, which states that everything propagates gradually and continuously through space and time. In particular, following [J.D. Bancal et al, Nature Physics 2012], we show that any combination of local common causes and direct causes satisfying this principle, i.e. propagating at any finite speed, leads to signalling. This is true even if the common and direct causes are allowed to propagate at a supraluminal-but-finite speed defined in a Newtonian-like privileged universal reference frame. Consequently, either there is supraluminal communication or the conclusion that Nature is nonlocal (i.e. discontinuous) is unavoidable.Comment: It is an honor to dedicate this article to Yakir Aharonov, the master of quantum paradoxes. Version 2 contains some more references and a clarified conclusio

ESPRESSO: The next European exoplanet hunter

The acronym ESPRESSO stems for Echelle SPectrograph for Rocky Exoplanets and Stable Spectroscopic Observations; this instrument will be the next VLT high resolution spectrograph. The spectrograph will be installed at the Combined-Coud\'e Laboratory of the VLT and linked to the four 8.2 m Unit Telescopes (UT) through four optical Coud\'e trains. ESPRESSO will combine efficiency and extreme spectroscopic precision. ESPRESSO is foreseen to achieve a gain of two magnitudes with respect to its predecessor HARPS, and to improve the instrumental radial-velocity precision to reach the 10 cm/s level. It can be operated either with a single UT or with up to four UTs, enabling an additional gain in the latter mode. The incoherent combination of four telescopes and the extreme precision requirements called for many innovative design solutions while ensuring the technical heritage of the successful HARPS experience. ESPRESSO will allow to explore new frontiers in most domains of astrophysics that require precision and sensitivity. The main scientific drivers are the search and characterization of rocky exoplanets in the habitable zone of quiet, nearby G to M-dwarfs and the analysis of the variability of fundamental physical constants. The project passed the final design review in May 2013 and entered the manufacturing phase. ESPRESSO will be installed at the Paranal Observatory in 2016 and its operation is planned to start by the end of the same year.Comment: 12 pages, figures included, accepted for publication in Astron. Nach

EQ-5D in Central and Eastern Europe : 2000-2015

Objective: Cost per quality-adjusted life year data are required for reimbursement decisions in many Central and Eastern European (CEE) countries. EQ-5D is by far the most commonly used instrument to generate utility values in CEE. This study aims to systematically review the literature on EQ-5D from eight CEE countries. Methods: An electronic database search was performed up to July 1, 2015 to identify original EQ-5D studies from the countries of interest. We analysed the use of EQ-5D with respect to clinical areas, methodological rigor, population norms and value sets. Results: We identified 143 studies providing 152 country-specific results with a total sample size of 81,619: Austria (n=11), Bulgaria (n=6), Czech Republic (n=18), Hungary (n=47), Poland (n=51), Romania (n=2), Slovakia (n=3) and Slovenia (n=14). Cardiovascular (20%), neurologic (16%), musculoskeletal (15%) and endocrine/nutritional/metabolic diseases (14%) were the most frequently studied clinical areas. Overall 112 (78%) of the studies reported EQ VAS results and 86 (60%) EQ-5D index scores, of which 27 (31%) did not specify the applied tariff. Hungary, Poland and Slovenia have population norms. Poland and Slovenia also have a national value set. Conclusions: Increasing use of EQ-5D is observed throughout CEE. The spread of health technology assessment activities in countries seems to be reflected in the number of EQ-5D studies. However, improvement in informed use and methodological quality of reporting is needed. In jurisdictions where no national value set is available, in order to ensure comparability we recommend to apply the most frequently used UK tariff. Regional collaboration between CEE countries should be strengthened

Non-Malleable Secret Sharing for General Access Structures

Goyal and Kumar (STOC\u2718) recently introduced the notion of non-malleable secret sharing. Very roughly, the guarantee they seek is the following: the adversary may potentially tamper with all of the shares, and still, either the reconstruction procedure outputs the original secret, or, the original secret is ``destroyed and the reconstruction outputs a string which is completely ``unrelated to the original secret. Prior works on non-malleable codes in the 2 split-state model imply constructions which can be seen as 2-out-of-2 non-malleable secret sharing (NMSS) schemes. Goyal and Kumar proposed constructions of t-out-of-n NMSS schemes. These constructions have already been shown to have a number of applications in cryptography. We continue this line of research and construct NMSS for more general access structures. We give a generic compiler that converts any statistical (resp. computational) secret sharing scheme realizing any access structure into another statistical (resp. computational) secret sharing scheme that not only realizes the same access structure but also ensures statistical non-malleability against a computationally unbounded adversary who tampers each of the shares arbitrarily and independently. Instantiating with known schemes we get unconditional NMMS schemes that realize any access structures generated by polynomial size monotone span programs. Similarly, we also obtain conditional NMMS schemes realizing access structure in monotoneP (resp. monotoneNP) assuming one-way functions (resp. witness encryption). Towards considering more general tampering models, we also propose a construction of n-out-of-n NMSS. Our construction is secure even if the adversary could divide the shares into any two (possibly overlapping) subsets and then arbitrarily tamper the shares in each subset. Our construction is based on a property of inner product and an observation that the inner-product based construction of Aggarwal, Dodis and Lovett (STOC\u2714) is in fact secure against a tampering class that is stronger than 2 split-states. We also show applications of our construction to the problem of non-malleable message transmission

Super-Linear Time-Memory Trade-Offs for Symmetric Encryption

We build symmetric encryption schemes from a pseudorandom function/permutation with domain size $N$ which have very high security -- in terms of the amount of messages $q$ they can securely encrypt -- assuming the adversary has $S < N$ bits of memory. We aim to minimize the number of calls $k$ we make to the underlying primitive to achieve a certain $q$, or equivalently, to maximize the achievable $q$ for a given $k$. We target in particular $q \gg N$, in contrast to recent works (Jaeger and Tessaro, EUROCRYPT \u2719; Dinur, EUROCRYPT \u2720) which aim to beat the birthday barrier with one call when $S < \sqrt{N}$. Our first result gives new and explicit bounds for the Sample-then-Extract paradigm by Tessaro and Thiruvengadam (TCC \u2718). We show instantiations for which $q =\Omega((N/S)^{k})$. If $S < N^{1- \alpha}$, Thiruvengadam and Tessaro\u27s weaker bounds only guarantee $q > N$ when $k = \Omega(\log N)$. In contrast, here, we show this is true already for $k = O(1/\alpha)$. We also consider a scheme by Bellare, Goldreich and Krawczyk (CRYPTO \u2799) which evaluates the primitive on $k$ independent random strings, and masks the message with the XOR of the outputs. Here, we show $q= \Omega((N/S)^{k/2})$, using new combinatorial bounds on the list-decodability of XOR codes which are of independent interest. We also study best-possible attacks against this construction