---
_id: '12171'
abstract:
- lang: eng
  text: 'We propose an algorithmic approach for synthesizing linear hybrid automata
    from time-series data. Unlike existing approaches, our approach provides a whole
    family of models with the same discrete structure but different dynamics. Each
    model in the family is guaranteed to capture the input data up to a precision
    error ε, in the following sense: For each time series, the model contains an execution
    that is ε-close to the data points. Our construction allows to effectively choose
    a model from this family with minimal precision error ε. We demonstrate the algorithm’s
    efficiency and its ability to find precise models in two case studies.'
acknowledgement: This work was supported in part by the European Union’s Horizon 2020
  research and innovation programme under the Marie Skłodowska-Curie grant agreement
  no. 847635, by the ERC-2020-AdG 101020093, by DIREC - Digital Research Centre Denmark,
  and by the Villum Investigator Grant S4OS.
alternative_title:
- LNCS
article_processing_charge: No
arxiv: 1
author:
- first_name: Miriam
  full_name: Garcia Soto, Miriam
  id: 4B3207F6-F248-11E8-B48F-1D18A9856A87
  last_name: Garcia Soto
  orcid: 0000-0003-2936-5719
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000-0002-2985-7724
- first_name: Christian
  full_name: Schilling, Christian
  id: 3A2F4DCE-F248-11E8-B48F-1D18A9856A87
  last_name: Schilling
  orcid: 0000-0003-3658-1065
citation:
  ama: 'Garcia Soto M, Henzinger TA, Schilling C. Synthesis of parametric hybrid automata
    from time series. In: <i>20th International Symposium on Automated Technology
    for Verification and Analysis</i>. Vol 13505. Springer Nature; 2022:337-353. doi:<a
    href="https://doi.org/10.1007/978-3-031-19992-9_22">10.1007/978-3-031-19992-9_22</a>'
  apa: 'Garcia Soto, M., Henzinger, T. A., &#38; Schilling, C. (2022). Synthesis of parametric
    hybrid automata from time series. In <i>20th International Symposium on Automated
    Technology for Verification and Analysis</i> (Vol. 13505, pp. 337–353). Virtual:
    Springer Nature. <a href="https://doi.org/10.1007/978-3-031-19992-9_22">https://doi.org/10.1007/978-3-031-19992-9_22</a>'
  chicago: Garcia Soto, Miriam, Thomas A Henzinger, and Christian Schilling. “Synthesis
    of Parametric Hybrid Automata from Time Series.” In <i>20th International Symposium
    on Automated Technology for Verification and Analysis</i>, 13505:337–53. Springer
    Nature, 2022. <a href="https://doi.org/10.1007/978-3-031-19992-9_22">https://doi.org/10.1007/978-3-031-19992-9_22</a>.
  ieee: M. Garcia Soto, T. A. Henzinger, and C. Schilling, “Synthesis of parametric
    hybrid automata from time series,” in <i>20th International Symposium on Automated
    Technology for Verification and Analysis</i>, Virtual, 2022, vol. 13505, pp. 337–353.
  ista: 'Garcia Soto M, Henzinger TA, Schilling C. 2022. Synthesis of parametric hybrid
    automata from time series. 20th International Symposium on Automated Technology
    for Verification and Analysis. ATVA: Automated Technology for Verification and
    Analysis, LNCS, vol. 13505, 337–353.'
  mla: Garcia Soto, Miriam, et al. “Synthesis of Parametric Hybrid Automata from Time
    Series.” <i>20th International Symposium on Automated Technology for Verification
    and Analysis</i>, vol. 13505, Springer Nature, 2022, pp. 337–53, doi:<a href="https://doi.org/10.1007/978-3-031-19992-9_22">10.1007/978-3-031-19992-9_22</a>.
  short: M. Garcia Soto, T.A. Henzinger, C. Schilling, in:, 20th International Symposium
    on Automated Technology for Verification and Analysis, Springer Nature, 2022,
    pp. 337–353.
conference:
  end_date: 2022-10-28
  location: Virtual
  name: 'ATVA: Automated Technology for Verification and Analysis'
  start_date: 2022-10-25
date_created: 2023-01-12T12:11:16Z
date_published: 2022-10-21T00:00:00Z
date_updated: 2023-02-13T09:27:55Z
day: '21'
department:
- _id: ToHe
doi: 10.1007/978-3-031-19992-9_22
ec_funded: 1
external_id:
  arxiv:
  - '2208.06383'
intvolume: '     13505'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://doi.org/10.48550/arXiv.2208.06383
month: '10'
oa: 1
oa_version: Preprint
page: 337-353
project:
- _id: 62781420-2b32-11ec-9570-8d9b63373d4d
  call_identifier: H2020
  grant_number: '101020093'
  name: Vigilant Algorithmic Monitoring of Software
publication: 20th International Symposium on Automated Technology for Verification
  and Analysis
publication_identifier:
  eisbn:
  - '9783031199929'
  eissn:
  - 1611-3349
  isbn:
  - '9783031199912'
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
scopus_import: '1'
status: public
title: Synthesis of parametric hybrid automata from time series
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 13505
year: '2022'
...
---
_id: '12175'
abstract:
- lang: eng
  text: An automaton is history-deterministic (HD) if one can safely resolve its non-deterministic
    choices on the fly. In a recent paper, Henzinger, Lehtinen and Totzke studied
    this in the context of Timed Automata [9], where it was conjectured that the class
    of timed ω-languages recognised by HD-timed automata strictly extends that of
    deterministic ones. We provide a proof for this fact.
acknowledgement: This work was supported in part by the ERC-2020-AdG 101020093, the
  EPSRC project EP/V025848/1, and the EPSRC project EP/X017796/1.
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Sougata
  full_name: Bose, Sougata
  last_name: Bose
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000-0002-2985-7724
- first_name: Karoliina
  full_name: Lehtinen, Karoliina
  last_name: Lehtinen
- first_name: Sven
  full_name: Schewe, Sven
  last_name: Schewe
- first_name: Patrick
  full_name: Totzke, Patrick
  last_name: Totzke
citation:
  ama: 'Bose S, Henzinger TA, Lehtinen K, Schewe S, Totzke P. History-deterministic
    timed automata are not determinizable. In: <i>16th International Conference on
    Reachability Problems</i>. Vol 13608. Springer Nature; 2022:67-76. doi:<a href="https://doi.org/10.1007/978-3-031-19135-0_5">10.1007/978-3-031-19135-0_5</a>'
  apa: 'Bose, S., Henzinger, T. A., Lehtinen, K., Schewe, S., &#38; Totzke, P. (2022).
    History-deterministic timed automata are not determinizable. In <i>16th International
    Conference on Reachability Problems</i> (Vol. 13608, pp. 67–76). Kaiserslautern,
    Germany: Springer Nature. <a href="https://doi.org/10.1007/978-3-031-19135-0_5">https://doi.org/10.1007/978-3-031-19135-0_5</a>'
  chicago: Bose, Sougata, Thomas A Henzinger, Karoliina Lehtinen, Sven Schewe, and
    Patrick Totzke. “History-Deterministic Timed Automata Are Not Determinizable.”
    In <i>16th International Conference on Reachability Problems</i>, 13608:67–76.
    Springer Nature, 2022. <a href="https://doi.org/10.1007/978-3-031-19135-0_5">https://doi.org/10.1007/978-3-031-19135-0_5</a>.
  ieee: S. Bose, T. A. Henzinger, K. Lehtinen, S. Schewe, and P. Totzke, “History-deterministic
    timed automata are not determinizable,” in <i>16th International Conference on
    Reachability Problems</i>, Kaiserslautern, Germany, 2022, vol. 13608, pp. 67–76.
  ista: 'Bose S, Henzinger TA, Lehtinen K, Schewe S, Totzke P. 2022. History-deterministic
    timed automata are not determinizable. 16th International Conference on Reachability
    Problems. RC: Reachability Problems, LNCS, vol. 13608, 67–76.'
  mla: Bose, Sougata, et al. “History-Deterministic Timed Automata Are Not Determinizable.”
    <i>16th International Conference on Reachability Problems</i>, vol. 13608, Springer
    Nature, 2022, pp. 67–76, doi:<a href="https://doi.org/10.1007/978-3-031-19135-0_5">10.1007/978-3-031-19135-0_5</a>.
  short: S. Bose, T.A. Henzinger, K. Lehtinen, S. Schewe, P. Totzke, in:, 16th International
    Conference on Reachability Problems, Springer Nature, 2022, pp. 67–76.
conference:
  end_date: 2022-10-21
  location: Kaiserslautern, Germany
  name: 'RC: Reachability Problems'
  start_date: 2022-10-17
date_created: 2023-01-12T12:11:57Z
date_published: 2022-10-12T00:00:00Z
date_updated: 2023-09-05T15:12:08Z
day: '12'
department:
- _id: ToHe
doi: 10.1007/978-3-031-19135-0_5
ec_funded: 1
intvolume: '     13608'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://hal.science/hal-03849398/
month: '10'
oa: 1
oa_version: Preprint
page: 67-76
project:
- _id: 62781420-2b32-11ec-9570-8d9b63373d4d
  call_identifier: H2020
  grant_number: '101020093'
  name: Vigilant Algorithmic Monitoring of Software
publication: 16th International Conference on Reachability Problems
publication_identifier:
  eisbn:
  - '9783031191350'
  eissn:
  - 1611-3349
  isbn:
  - '9783031191343'
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
scopus_import: '1'
status: public
title: History-deterministic timed automata are not determinizable
type: conference
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
volume: 13608
year: '2022'
...
---
_id: '12176'
abstract:
- lang: eng
  text: "A proof of exponentiation (PoE) in a group G of unknown order allows a prover
    to convince a verifier that a tuple (x,q,T,y)∈G×N×N×G satisfies xqT=y. This primitive
    has recently found exciting applications in the constructions of verifiable delay
    functions and succinct arguments of knowledge. The most practical PoEs only achieve
    soundness either under computational assumptions, i.e., they are arguments (Wesolowski,
    Journal of Cryptology 2020), or in groups that come with the promise of not having
    any small subgroups (Pietrzak, ITCS 2019). The only statistically-sound PoE in
    general groups of unknown order is due to Block et al. (CRYPTO 2021), and can
    be seen as an elaborate parallel repetition of Pietrzak’s PoE: to achieve λ bits
    of security, say λ=80, the number of repetitions required (and thus the blow-up
    in communication) is as large as λ.\r\n\r\nIn this work, we propose a statistically-sound
    PoE for the case where the exponent q is the product of all primes up to some
    bound B. We show that, in this case, it suffices to run only λ/log(B) parallel
    instances of Pietrzak’s PoE, which reduces the concrete proof-size compared to
    Block et al. by an order of magnitude. Furthermore, we show that in the known
    applications where PoEs are used as a building block such structured exponents
    are viable. Finally, we also discuss batching of our PoE, showing that many proofs
    (for the same G and q but different x and T) can be batched by adding only a single
    element to the proof per additional statement."
acknowledgement: "We would like to thank the authors of [BHR+21] for clarifying several
  questions we had\r\nregarding their results. Pavel Hubá£ek was supported by the
  Grant Agency of the Czech\r\nRepublic under the grant agreement no. 19-27871X and
  by the Charles University project\r\nUNCE/SCI/004. Chethan Kamath is supported by
  Azrieli International Postdoctoral Fellowship\r\nand ISF grants 484/18 and 1789/19.
  Karen Klein was supported in part by ERC CoG grant\r\n724307 and conducted part
  of this work at Institute of Science and Technology Austria."
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Charlotte
  full_name: Hoffmann, Charlotte
  id: 0f78d746-dc7d-11ea-9b2f-83f92091afe7
  last_name: Hoffmann
  orcid: 0000-0003-2027-5549
- first_name: Pavel
  full_name: Hubáček, Pavel
  last_name: Hubáček
- first_name: Chethan
  full_name: Kamath, Chethan
  last_name: Kamath
- first_name: Karen
  full_name: Klein, Karen
  last_name: Klein
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
citation:
  ama: 'Hoffmann C, Hubáček P, Kamath C, Klein K, Pietrzak KZ. Practical statistically-sound
    proofs of exponentiation in any group. In: <i>Advances in Cryptology – CRYPTO
    2022</i>. Vol 13508. Springer Nature; 2022:370-399. doi:<a href="https://doi.org/10.1007/978-3-031-15979-4_13">10.1007/978-3-031-15979-4_13</a>'
  apa: 'Hoffmann, C., Hubáček, P., Kamath, C., Klein, K., &#38; Pietrzak, K. Z. (2022).
    Practical statistically-sound proofs of exponentiation in any group. In <i>Advances
    in Cryptology – CRYPTO 2022</i> (Vol. 13508, pp. 370–399). Santa Barbara, CA,
    United States: Springer Nature. <a href="https://doi.org/10.1007/978-3-031-15979-4_13">https://doi.org/10.1007/978-3-031-15979-4_13</a>'
  chicago: Hoffmann, Charlotte, Pavel Hubáček, Chethan Kamath, Karen Klein, and Krzysztof
    Z Pietrzak. “Practical Statistically-Sound Proofs of Exponentiation in Any Group.”
    In <i>Advances in Cryptology – CRYPTO 2022</i>, 13508:370–99. Springer Nature,
    2022. <a href="https://doi.org/10.1007/978-3-031-15979-4_13">https://doi.org/10.1007/978-3-031-15979-4_13</a>.
  ieee: C. Hoffmann, P. Hubáček, C. Kamath, K. Klein, and K. Z. Pietrzak, “Practical
    statistically-sound proofs of exponentiation in any group,” in <i>Advances in
    Cryptology – CRYPTO 2022</i>, Santa Barbara, CA, United States, 2022, vol. 13508,
    pp. 370–399.
  ista: 'Hoffmann C, Hubáček P, Kamath C, Klein K, Pietrzak KZ. 2022. Practical statistically-sound
    proofs of exponentiation in any group. Advances in Cryptology – CRYPTO 2022. CRYYPTO:
    International Cryptology Conference, LNCS, vol. 13508, 370–399.'
  mla: Hoffmann, Charlotte, et al. “Practical Statistically-Sound Proofs of Exponentiation
    in Any Group.” <i>Advances in Cryptology – CRYPTO 2022</i>, vol. 13508, Springer
    Nature, 2022, pp. 370–99, doi:<a href="https://doi.org/10.1007/978-3-031-15979-4_13">10.1007/978-3-031-15979-4_13</a>.
  short: C. Hoffmann, P. Hubáček, C. Kamath, K. Klein, K.Z. Pietrzak, in:, Advances
    in Cryptology – CRYPTO 2022, Springer Nature, 2022, pp. 370–399.
conference:
  end_date: 2022-08-18
  location: Santa Barbara, CA, United States
  name: 'CRYYPTO: International Cryptology Conference'
  start_date: 2022-08-15
date_created: 2023-01-12T12:12:07Z
date_published: 2022-10-13T00:00:00Z
date_updated: 2023-09-05T15:12:27Z
day: '13'
department:
- _id: KrPi
doi: 10.1007/978-3-031-15979-4_13
external_id:
  isi:
  - '000886792700013'
intvolume: '     13508'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://eprint.iacr.org/2022/1021
month: '10'
oa: 1
oa_version: Preprint
page: 370-399
publication: Advances in Cryptology – CRYPTO 2022
publication_identifier:
  eisbn:
  - '9783031159794'
  eissn:
  - 1611-3349
  isbn:
  - '9783031159787'
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
scopus_import: '1'
status: public
title: Practical statistically-sound proofs of exponentiation in any group
type: conference
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
volume: 13508
year: '2022'
...
---
_id: '12298'
abstract:
- lang: eng
  text: 'Existing committee-based Byzantine state machine replication (SMR) protocols,
    typically deployed in production blockchains, face a clear trade-off: (1) they
    either achieve linear communication cost in the steady state, but sacrifice liveness
    during periods of asynchrony, or (2) they are robust (progress with probability
    one) but pay quadratic communication cost. We believe this trade-off is unwarranted
    since existing linear protocols still have asymptotic quadratic cost in the worst
    case. We design Ditto, a Byzantine SMR protocol that enjoys the best of both worlds:
    optimal communication on and off the steady state (linear and quadratic, respectively)
    and progress guarantee under asynchrony and DDoS attacks. We achieve this by replacing
    the view-synchronization of partially synchronous protocols with an asynchronous
    fallback mechanism at no extra asymptotic cost. Specifically, we start from HotStuff,
    a state-of-the-art linear protocol, and gradually build Ditto. As a separate contribution
    and an intermediate step, we design a 2-chain version of HotStuff, Jolteon, which
    leverages a quadratic view-change mechanism to reduce the latency of the standard
    3-chain HotStuff. We implement and experimentally evaluate all our systems to
    prove that breaking the robustness-efficiency trade-off is in the realm of practicality.'
acknowledgement: We thank our shepherd Aniket Kate and the anonymous reviewers at
  FC 2022 for their helpful feedback. This work is supported by the Novi team at Facebook.
  We also thank the Novi Research and Engineering teams for valuable feedback, and
  in particular Mathieu Baudet, Andrey Chursin, George Danezis, Zekun Li, and Dahlia
  Malkhi for discussions that shaped this work.
alternative_title:
- LNCS
article_processing_charge: No
arxiv: 1
author:
- first_name: Rati
  full_name: Gelashvili, Rati
  last_name: Gelashvili
- first_name: Eleftherios
  full_name: Kokoris Kogias, Eleftherios
  id: f5983044-d7ef-11ea-ac6d-fd1430a26d30
  last_name: Kokoris Kogias
- first_name: Alberto
  full_name: Sonnino, Alberto
  last_name: Sonnino
- first_name: Alexander
  full_name: Spiegelman, Alexander
  last_name: Spiegelman
- first_name: Zhuolun
  full_name: Xiang, Zhuolun
  last_name: Xiang
citation:
  ama: 'Gelashvili R, Kokoris Kogias E, Sonnino A, Spiegelman A, Xiang Z. Jolteon
    and ditto: Network-adaptive efficient consensus with asynchronous fallback. In:
    <i>Financial Cryptography and Data Security</i>. Vol 13411. Springer Nature; 2022:296-315.
    doi:<a href="https://doi.org/10.1007/978-3-031-18283-9_14">10.1007/978-3-031-18283-9_14</a>'
  apa: 'Gelashvili, R., Kokoris Kogias, E., Sonnino, A., Spiegelman, A., &#38; Xiang,
    Z. (2022). Jolteon and ditto: Network-adaptive efficient consensus with asynchronous
    fallback. In <i>Financial Cryptography and Data Security</i> (Vol. 13411, pp.
    296–315). Radisson Grenada Beach Resort, Grenada: Springer Nature. <a href="https://doi.org/10.1007/978-3-031-18283-9_14">https://doi.org/10.1007/978-3-031-18283-9_14</a>'
  chicago: 'Gelashvili, Rati, Eleftherios Kokoris Kogias, Alberto Sonnino, Alexander
    Spiegelman, and Zhuolun Xiang. “Jolteon and Ditto: Network-Adaptive Efficient
    Consensus with Asynchronous Fallback.” In <i>Financial Cryptography and Data Security</i>,
    13411:296–315. Springer Nature, 2022. <a href="https://doi.org/10.1007/978-3-031-18283-9_14">https://doi.org/10.1007/978-3-031-18283-9_14</a>.'
  ieee: 'R. Gelashvili, E. Kokoris Kogias, A. Sonnino, A. Spiegelman, and Z. Xiang,
    “Jolteon and ditto: Network-adaptive efficient consensus with asynchronous fallback,”
    in <i>Financial Cryptography and Data Security</i>, Radisson Grenada Beach Resort,
    Grenada, 2022, vol. 13411, pp. 296–315.'
  ista: 'Gelashvili R, Kokoris Kogias E, Sonnino A, Spiegelman A, Xiang Z. 2022. Jolteon
    and ditto: Network-adaptive efficient consensus with asynchronous fallback. Financial
    Cryptography and Data Security. FC: Financial Cryptography, LNCS, vol. 13411,
    296–315.'
  mla: 'Gelashvili, Rati, et al. “Jolteon and Ditto: Network-Adaptive Efficient Consensus
    with Asynchronous Fallback.” <i>Financial Cryptography and Data Security</i>,
    vol. 13411, Springer Nature, 2022, pp. 296–315, doi:<a href="https://doi.org/10.1007/978-3-031-18283-9_14">10.1007/978-3-031-18283-9_14</a>.'
  short: R. Gelashvili, E. Kokoris Kogias, A. Sonnino, A. Spiegelman, Z. Xiang, in:,
    Financial Cryptography and Data Security, Springer Nature, 2022, pp. 296–315.
conference:
  end_date: 2022-05-06
  location: Radisson Grenada Beach Resort, Grenada
  name: 'FC: Financial Cryptography'
  start_date: 2022-05-02
date_created: 2023-01-16T10:05:51Z
date_published: 2022-10-22T00:00:00Z
date_updated: 2023-09-05T15:13:17Z
day: '22'
department:
- _id: ElKo
doi: 10.1007/978-3-031-18283-9_14
external_id:
  arxiv:
  - '2106.10362'
intvolume: '     13411'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: ' https://doi.org/10.48550/arXiv.2106.10362'
month: '10'
oa: 1
oa_version: Preprint
page: 296-315
publication: Financial Cryptography and Data Security
publication_identifier:
  eisbn:
  - '9783031182839'
  eissn:
  - 1611-3349
  isbn:
  - '9783031182822'
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
scopus_import: '1'
status: public
title: 'Jolteon and ditto: Network-adaptive efficient consensus with asynchronous
  fallback'
type: conference
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
volume: 13411
year: '2022'
...
---
_id: '12302'
abstract:
- lang: eng
  text: 'We propose a novel algorithm to decide the language inclusion between (nondeterministic)
    Büchi automata, a PSPACE-complete problem. Our approach, like others before, leverage
    a notion of quasiorder to prune the search for a counterexample by discarding
    candidates which are subsumed by others for the quasiorder. Discarded candidates
    are guaranteed to not compromise the completeness of the algorithm. The novelty
    of our work lies in the quasiorder used to discard candidates. We introduce FORQs
    (family of right quasiorders) that we obtain by adapting the notion of family
    of right congruences put forward by Maler and Staiger in 1993. We define a FORQ-based
    inclusion algorithm which we prove correct and instantiate it for a specific FORQ,
    called the structural FORQ, induced by the Büchi automaton to the right of the
    inclusion sign. The resulting implementation, called FORKLIFT, scales up better
    than the state-of-the-art on a variety of benchmarks including benchmarks from
    program verification and theorem proving for word combinatorics. Artifact: https://doi.org/10.5281/zenodo.6552870'
acknowledgement: This work was partially funded by the ESF Investing in your future,
  the Madrid regional project S2018/TCS-4339 BLOQUES, the Spanish project PGC2018-102210-B-I00
  BOSCO, the Ramón y Cajal fellowship RYC-2016-20281, and the ERC grant PR1001ERC02.
alternative_title:
- LNCS
article_processing_charge: No
arxiv: 1
author:
- first_name: Kyveli
  full_name: Doveri, Kyveli
  last_name: Doveri
- first_name: Pierre
  full_name: Ganty, Pierre
  last_name: Ganty
- first_name: Nicolas Adrien
  full_name: Mazzocchi, Nicolas Adrien
  id: b26baa86-3308-11ec-87b0-8990f34baa85
  last_name: Mazzocchi
citation:
  ama: 'Doveri K, Ganty P, Mazzocchi NA. FORQ-based language inclusion formal testing.
    In: <i>Computer Aided Verification</i>. Vol 13372. Springer Nature; 2022:109-129.
    doi:<a href="https://doi.org/10.1007/978-3-031-13188-2_6">10.1007/978-3-031-13188-2_6</a>'
  apa: 'Doveri, K., Ganty, P., &#38; Mazzocchi, N. A. (2022). FORQ-based language
    inclusion formal testing. In <i>Computer Aided Verification</i> (Vol. 13372, pp.
    109–129). Haifa, Israel: Springer Nature. <a href="https://doi.org/10.1007/978-3-031-13188-2_6">https://doi.org/10.1007/978-3-031-13188-2_6</a>'
  chicago: Doveri, Kyveli, Pierre Ganty, and Nicolas Adrien Mazzocchi. “FORQ-Based
    Language Inclusion Formal Testing.” In <i>Computer Aided Verification</i>, 13372:109–29.
    Springer Nature, 2022. <a href="https://doi.org/10.1007/978-3-031-13188-2_6">https://doi.org/10.1007/978-3-031-13188-2_6</a>.
  ieee: K. Doveri, P. Ganty, and N. A. Mazzocchi, “FORQ-based language inclusion formal
    testing,” in <i>Computer Aided Verification</i>, Haifa, Israel, 2022, vol. 13372,
    pp. 109–129.
  ista: 'Doveri K, Ganty P, Mazzocchi NA. 2022. FORQ-based language inclusion formal
    testing. Computer Aided Verification. CAV: Computer Aided Verification, LNCS,
    vol. 13372, 109–129.'
  mla: Doveri, Kyveli, et al. “FORQ-Based Language Inclusion Formal Testing.” <i>Computer
    Aided Verification</i>, vol. 13372, Springer Nature, 2022, pp. 109–29, doi:<a
    href="https://doi.org/10.1007/978-3-031-13188-2_6">10.1007/978-3-031-13188-2_6</a>.
  short: K. Doveri, P. Ganty, N.A. Mazzocchi, in:, Computer Aided Verification, Springer
    Nature, 2022, pp. 109–129.
conference:
  end_date: 2022-08-10
  location: Haifa, Israel
  name: 'CAV: Computer Aided Verification'
  start_date: 2022-08-07
date_created: 2023-01-16T10:06:31Z
date_published: 2022-08-06T00:00:00Z
date_updated: 2023-09-05T15:13:36Z
day: '06'
ddc:
- '000'
department:
- _id: ToHe
doi: 10.1007/978-3-031-13188-2_6
ec_funded: 1
external_id:
  arxiv:
  - '2207.13549'
  isi:
  - '000870310500006'
file:
- access_level: open_access
  checksum: edc363b1be5447a09063e115c247918a
  content_type: application/pdf
  creator: dernst
  date_created: 2023-01-30T12:51:02Z
  date_updated: 2023-01-30T12:51:02Z
  file_id: '12465'
  file_name: 2022_LNCS_Doveri.pdf
  file_size: 497682
  relation: main_file
  success: 1
file_date_updated: 2023-01-30T12:51:02Z
has_accepted_license: '1'
intvolume: '     13372'
isi: 1
language:
- iso: eng
month: '08'
oa: 1
oa_version: Published Version
page: 109-129
project:
- _id: 62781420-2b32-11ec-9570-8d9b63373d4d
  call_identifier: H2020
  grant_number: '101020093'
  name: Vigilant Algorithmic Monitoring of Software
publication: Computer Aided Verification
publication_identifier:
  eisbn:
  - '9783031131882'
  eissn:
  - 1611-3349
  isbn:
  - '9783031131875'
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
scopus_import: '1'
status: public
title: FORQ-based language inclusion formal testing
tmp:
  image: /images/cc_by.png
  legal_code_url: https://creativecommons.org/licenses/by/4.0/legalcode
  name: Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)
  short: CC BY (4.0)
type: conference
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
volume: 13372
year: '2022'
...
---
_id: '12516'
abstract:
- lang: eng
  text: "The homogeneous continuous LWE (hCLWE) problem is to distinguish samples
    of a specific high-dimensional Gaussian mixture from standard normal samples.
    It was shown to be at least as hard as Learning with Errors, but no reduction
    in the other direction is currently known.\r\nWe present four new public-key encryption
    schemes based on the hardness of hCLWE, with varying tradeoffs between decryption
    and security errors, and different discretization techniques. Our schemes yield
    a polynomial-time algorithm for solving hCLWE using a Statistical Zero-Knowledge
    oracle."
acknowledgement: "We are grateful to Devika Sharma and Luca Trevisan for their insight
  and advice and to an anonymous reviewer for helpful comments.\r\n\r\nThis work was
  supported by the European Research Council (ERC) under the European Union’s Horizon
  2020 research and innovation programme (Grant agreement No. 101019547). The first
  author was additionally supported by RGC GRF CUHK14209920 and the fourth author
  was additionally supported by ISF grant No. 1399/17, project PROMETHEUS (Grant 780701),
  and Cariplo CRYPTONOMEX grant."
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Andrej
  full_name: Bogdanov, Andrej
  last_name: Bogdanov
- first_name: Miguel
  full_name: Cueto Noval, Miguel
  id: ffc563a3-f6e0-11ea-865d-e3cce03d17cc
  last_name: Cueto Noval
- first_name: Charlotte
  full_name: Hoffmann, Charlotte
  id: 0f78d746-dc7d-11ea-9b2f-83f92091afe7
  last_name: Hoffmann
- first_name: Alon
  full_name: Rosen, Alon
  last_name: Rosen
citation:
  ama: 'Bogdanov A, Cueto Noval M, Hoffmann C, Rosen A. Public-Key Encryption from Homogeneous
    CLWE. In: <i>Theory of Cryptography</i>. Vol 13748. Springer Nature; 2022:565-592.
    doi:<a href="https://doi.org/10.1007/978-3-031-22365-5_20">10.1007/978-3-031-22365-5_20</a>'
  apa: 'Bogdanov, A., Cueto Noval, M., Hoffmann, C., &#38; Rosen, A. (2022). Public-Key
    Encryption from Homogeneous CLWE. In <i>Theory of Cryptography</i> (Vol. 13748,
    pp. 565–592). Chicago, IL, United States: Springer Nature. <a href="https://doi.org/10.1007/978-3-031-22365-5_20">https://doi.org/10.1007/978-3-031-22365-5_20</a>'
  chicago: Bogdanov, Andrej, Miguel Cueto Noval, Charlotte Hoffmann, and Alon Rosen.
    “Public-Key Encryption from Homogeneous CLWE.” In <i>Theory of Cryptography</i>,
    13748:565–92. Springer Nature, 2022. <a href="https://doi.org/10.1007/978-3-031-22365-5_20">https://doi.org/10.1007/978-3-031-22365-5_20</a>.
  ieee: A. Bogdanov, M. Cueto Noval, C. Hoffmann, and A. Rosen, “Public-Key Encryption
    from Homogeneous CLWE,” in <i>Theory of Cryptography</i>, Chicago, IL, United
    States, 2022, vol. 13748, pp. 565–592.
  ista: 'Bogdanov A, Cueto Noval M, Hoffmann C, Rosen A. 2022. Public-Key Encryption
    from Homogeneous CLWE. Theory of Cryptography. TCC: Theory of Cryptography, LNCS,
    vol. 13748, 565–592.'
  mla: Bogdanov, Andrej, et al. “Public-Key Encryption from Homogeneous CLWE.” <i>Theory
    of Cryptography</i>, vol. 13748, Springer Nature, 2022, pp. 565–92, doi:<a href="https://doi.org/10.1007/978-3-031-22365-5_20">10.1007/978-3-031-22365-5_20</a>.
  short: A. Bogdanov, M. Cueto Noval, C. Hoffmann, A. Rosen, in:, Theory of Cryptography,
    Springer Nature, 2022, pp. 565–592.
conference:
  end_date: 2022-11-10
  location: Chicago, IL, United States
  name: 'TCC: Theory of Cryptography'
  start_date: 2022-11-07
date_created: 2023-02-05T23:01:00Z
date_published: 2022-12-21T00:00:00Z
date_updated: 2023-08-04T10:39:30Z
day: '21'
department:
- _id: KrPi
doi: 10.1007/978-3-031-22365-5_20
external_id:
  isi:
  - '000921318200020'
intvolume: '     13748'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://eprint.iacr.org/2022/093
month: '12'
oa: 1
oa_version: Preprint
page: 565-592
publication: Theory of Cryptography
publication_identifier:
  eissn:
  - 1611-3349
  isbn:
  - '9783031223648'
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
scopus_import: '1'
status: public
title: Public-Key Encryption from Homogeneous CLWE
type: conference
user_id: 4359f0d1-fa6c-11eb-b949-802e58b17ae8
volume: 13748
year: '2022'
...
---
_id: '11771'
abstract:
- lang: eng
  text: "Classic dynamic data structure problems maintain a data structure subject
    to a sequence S of updates and they answer queries using the latest version of
    the data structure, i.e., the data structure after processing the whole sequence.
    To handle operations that change the sequence S of updates, Demaine et al. [7]
    introduced retroactive data structures (RDS). A retroactive operation modifies
    the update sequence S in a given position t, called time, and either creates or
    cancels an update in S at time t. A fully retroactive data structure supports
    queries at any time t: a query at time t is answered using only the updates of
    S up to time t. While efficient RDS have been proposed for classic data structures,
    e.g., stack, priority queue and binary search tree, the retroactive version of
    graph problems are rarely studied.\r\n\r\nIn this paper we study retroactive graph
    problems including connectivity, minimum spanning forest (MSF), maximum degree,
    etc. We show that under the OMv conjecture (proposed by Henzinger et al. [15]),
    there does not exist fully RDS maintaining connectivity or MSF, or incremental
    fully RDS maintaining the maximum degree with \U0001D442(\U0001D45B1−\U0001D716)
    time per operation, for any constant \U0001D716>0. Furthermore, We provide RDS
    with almost tight time per operation. We give fully RDS for maintaining the maximum
    degree, connectivity and MSF in \U0001D442̃ (\U0001D45B) time per operation. We
    also give an algorithm for the incremental (insertion-only) fully retroactive
    connectivity with \U0001D442̃ (1) time per operation, showing that the lower bound
    cannot be extended to this setting.\r\n\r\nWe also study a restricted version
    of RDS, where the only change to S is the swap of neighboring updates and show
    that for this problem we can beat the above hardness result. This also implies
    the first non-trivial dynamic Reeb graph computation algorithm."
alternative_title:
- LNCS
article_processing_charge: No
arxiv: 1
author:
- first_name: Monika H
  full_name: Henzinger, Monika H
  id: 540c9bbd-f2de-11ec-812d-d04a5be85630
  last_name: Henzinger
  orcid: 0000-0002-5008-6530
- first_name: Xiaowei
  full_name: Wu, Xiaowei
  last_name: Wu
citation:
  ama: 'Henzinger MH, Wu X. Upper and lower bounds for fully retroactive graph problems.
    In: <i>17th International Symposium on Algorithms and Data Structures</i>. Vol
    12808. Springer Nature; 2021:471–484. doi:<a href="https://doi.org/10.1007/978-3-030-83508-8_34">10.1007/978-3-030-83508-8_34</a>'
  apa: 'Henzinger, M. H., &#38; Wu, X. (2021). Upper and lower bounds for fully retroactive
    graph problems. In <i>17th International Symposium on Algorithms and Data Structures</i>
    (Vol. 12808, pp. 471–484). Virtual: Springer Nature. <a href="https://doi.org/10.1007/978-3-030-83508-8_34">https://doi.org/10.1007/978-3-030-83508-8_34</a>'
  chicago: Henzinger, Monika H, and Xiaowei Wu. “Upper and Lower Bounds for Fully
    Retroactive Graph Problems.” In <i>17th International Symposium on Algorithms
    and Data Structures</i>, 12808:471–484. Springer Nature, 2021. <a href="https://doi.org/10.1007/978-3-030-83508-8_34">https://doi.org/10.1007/978-3-030-83508-8_34</a>.
  ieee: M. H. Henzinger and X. Wu, “Upper and lower bounds for fully retroactive graph
    problems,” in <i>17th International Symposium on Algorithms and Data Structures</i>,
    Virtual, 2021, vol. 12808, pp. 471–484.
  ista: 'Henzinger MH, Wu X. 2021. Upper and lower bounds for fully retroactive graph
    problems. 17th International Symposium on Algorithms and Data Structures. WADS:
    Workshop on Algorithms and Data Structures, LNCS, vol. 12808, 471–484.'
  mla: Henzinger, Monika H., and Xiaowei Wu. “Upper and Lower Bounds for Fully Retroactive
    Graph Problems.” <i>17th International Symposium on Algorithms and Data Structures</i>,
    vol. 12808, Springer Nature, 2021, pp. 471–484, doi:<a href="https://doi.org/10.1007/978-3-030-83508-8_34">10.1007/978-3-030-83508-8_34</a>.
  short: M.H. Henzinger, X. Wu, in:, 17th International Symposium on Algorithms and
    Data Structures, Springer Nature, 2021, pp. 471–484.
conference:
  end_date: 2021-08-11
  location: Virtual
  name: 'WADS: Workshop on Algorithms and Data Structures'
  start_date: 2021-08-09
date_created: 2022-08-08T13:01:29Z
date_published: 2021-08-09T00:00:00Z
date_updated: 2023-02-10T08:31:50Z
day: '09'
doi: 10.1007/978-3-030-83508-8_34
extern: '1'
external_id:
  arxiv:
  - '1910.03332'
intvolume: '     12808'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://arxiv.org/abs/1910.03332
month: '08'
oa: 1
oa_version: Preprint
page: 471–484
publication: 17th International Symposium on Algorithms and Data Structures
publication_identifier:
  eisbn:
  - '9783030835088'
  eissn:
  - 1611-3349
  isbn:
  - '9783030835071'
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
scopus_import: '1'
status: public
title: Upper and lower bounds for fully retroactive graph problems
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 12808
year: '2021'
...
---
_id: '9210'
abstract:
- lang: eng
  text: "Modern neural networks can easily fit their training set perfectly. Surprisingly,
    despite being “overfit” in this way, they tend to generalize well to future data,
    thereby defying the classic bias–variance trade-off of machine learning theory.
    Of the many possible explanations, a prevalent one is that training by stochastic
    gradient descent (SGD) imposes an implicit bias that leads it to learn simple
    functions, and these simple functions generalize well. However, the specifics
    of this implicit bias are not well understood.\r\nIn this work, we explore the
    smoothness conjecture which states that SGD is implicitly biased towards learning
    functions that are smooth. We propose several measures to formalize the intuitive
    notion of smoothness, and we conduct experiments to determine whether SGD indeed
    implicitly optimizes for these measures. Our findings rule out the possibility
    that smoothness measures based on first-order derivatives are being implicitly
    enforced. They are supportive, though, of the smoothness conjecture for measures
    based on second-order derivatives."
article_processing_charge: No
author:
- first_name: Vaclav
  full_name: Volhejn, Vaclav
  id: d5235fb4-7a6d-11eb-b254-f25d12d631a8
  last_name: Volhejn
- first_name: Christoph
  full_name: Lampert, Christoph
  id: 40C20FD2-F248-11E8-B48F-1D18A9856A87
  last_name: Lampert
  orcid: 0000-0001-8622-7887
citation:
  ama: 'Volhejn V, Lampert C. Does SGD implicitly optimize for smoothness? In: <i>42nd
    German Conference on Pattern Recognition</i>. Vol 12544. LNCS. Springer; 2021:246-259.
    doi:<a href="https://doi.org/10.1007/978-3-030-71278-5_18">10.1007/978-3-030-71278-5_18</a>'
  apa: 'Volhejn, V., &#38; Lampert, C. (2021). Does SGD implicitly optimize for smoothness?
    In <i>42nd German Conference on Pattern Recognition</i> (Vol. 12544, pp. 246–259).
    Tübingen, Germany: Springer. <a href="https://doi.org/10.1007/978-3-030-71278-5_18">https://doi.org/10.1007/978-3-030-71278-5_18</a>'
  chicago: Volhejn, Vaclav, and Christoph Lampert. “Does SGD Implicitly Optimize for
    Smoothness?” In <i>42nd German Conference on Pattern Recognition</i>, 12544:246–59.
    LNCS. Springer, 2021. <a href="https://doi.org/10.1007/978-3-030-71278-5_18">https://doi.org/10.1007/978-3-030-71278-5_18</a>.
  ieee: V. Volhejn and C. Lampert, “Does SGD implicitly optimize for smoothness?,”
    in <i>42nd German Conference on Pattern Recognition</i>, Tübingen, Germany, 2021,
    vol. 12544, pp. 246–259.
  ista: 'Volhejn V, Lampert C. 2021. Does SGD implicitly optimize for smoothness?
    42nd German Conference on Pattern Recognition. DAGM GCPR: German Conference on
    Pattern Recognition LNCS vol. 12544, 246–259.'
  mla: Volhejn, Vaclav, and Christoph Lampert. “Does SGD Implicitly Optimize for Smoothness?”
    <i>42nd German Conference on Pattern Recognition</i>, vol. 12544, Springer, 2021,
    pp. 246–59, doi:<a href="https://doi.org/10.1007/978-3-030-71278-5_18">10.1007/978-3-030-71278-5_18</a>.
  short: V. Volhejn, C. Lampert, in:, 42nd German Conference on Pattern Recognition,
    Springer, 2021, pp. 246–259.
conference:
  end_date: 2020-10-01
  location: Tübingen, Germany
  name: 'DAGM GCPR: German Conference on Pattern Recognition '
  start_date: 2020-09-28
date_created: 2021-03-01T09:01:16Z
date_published: 2021-03-17T00:00:00Z
date_updated: 2022-08-12T07:28:47Z
day: '17'
ddc:
- '510'
department:
- _id: ChLa
doi: 10.1007/978-3-030-71278-5_18
file:
- access_level: open_access
  checksum: 3e3628ab1cf658d82524963f808004ea
  content_type: application/pdf
  creator: dernst
  date_created: 2022-08-12T07:27:58Z
  date_updated: 2022-08-12T07:27:58Z
  file_id: '11820'
  file_name: 2020_GCPR_submitted_Volhejn.pdf
  file_size: 420234
  relation: main_file
  success: 1
file_date_updated: 2022-08-12T07:27:58Z
has_accepted_license: '1'
intvolume: '     12544'
language:
- iso: eng
month: '03'
oa: 1
oa_version: Submitted Version
page: 246-259
publication: 42nd German Conference on Pattern Recognition
publication_identifier:
  eissn:
  - 1611-3349
  isbn:
  - '9783030712778'
  issn:
  - 0302-9743
publication_status: published
publisher: Springer
quality_controlled: '1'
scopus_import: '1'
series_title: LNCS
status: public
title: Does SGD implicitly optimize for smoothness?
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 12544
year: '2021'
...
---
_id: '9227'
abstract:
- lang: eng
  text: In the multiway cut problem we are given a weighted undirected graph   G=(V,E)  and
    a set   T⊆V  of k terminals. The goal is to find a minimum weight set of edges   E′⊆E  with
    the property that by removing   E′  from G all the terminals become disconnected.
    In this paper we present a simple local search approximation algorithm for the
    multiway cut problem with approximation ratio   2−2k . We present an experimental
    evaluation of the performance of our local search algorithm and show that it greatly
    outperforms the isolation heuristic of Dalhaus et al. and it has similar performance
    as the much more complex algorithms of Calinescu et al., Sharma and Vondrak, and
    Buchbinder et al. which have the currently best known approximation ratios for
    this problem.
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Andrew
  full_name: Bloch-Hansen, Andrew
  last_name: Bloch-Hansen
- first_name: Nasim
  full_name: Samei, Nasim
  id: C1531CAE-36E9-11EA-845F-33AA3DDC885E
  last_name: Samei
- first_name: Roberto
  full_name: Solis-Oba, Roberto
  last_name: Solis-Oba
citation:
  ama: 'Bloch-Hansen A, Samei N, Solis-Oba R. Experimental evaluation of a local search
    approximation algorithm for the multiway cut problem. In: <i>Conference on Algorithms
    and Discrete Applied Mathematics</i>. Vol 12601. Springer Nature; 2021:346-358.
    doi:<a href="https://doi.org/10.1007/978-3-030-67899-9_28">10.1007/978-3-030-67899-9_28</a>'
  apa: 'Bloch-Hansen, A., Samei, N., &#38; Solis-Oba, R. (2021). Experimental evaluation
    of a local search approximation algorithm for the multiway cut problem. In <i>Conference
    on Algorithms and Discrete Applied Mathematics</i> (Vol. 12601, pp. 346–358).
    Rupnagar, India: Springer Nature. <a href="https://doi.org/10.1007/978-3-030-67899-9_28">https://doi.org/10.1007/978-3-030-67899-9_28</a>'
  chicago: Bloch-Hansen, Andrew, Nasim Samei, and Roberto Solis-Oba. “Experimental
    Evaluation of a Local Search Approximation Algorithm for the Multiway Cut Problem.”
    In <i>Conference on Algorithms and Discrete Applied Mathematics</i>, 12601:346–58.
    Springer Nature, 2021. <a href="https://doi.org/10.1007/978-3-030-67899-9_28">https://doi.org/10.1007/978-3-030-67899-9_28</a>.
  ieee: A. Bloch-Hansen, N. Samei, and R. Solis-Oba, “Experimental evaluation of a
    local search approximation algorithm for the multiway cut problem,” in <i>Conference
    on Algorithms and Discrete Applied Mathematics</i>, Rupnagar, India, 2021, vol.
    12601, pp. 346–358.
  ista: 'Bloch-Hansen A, Samei N, Solis-Oba R. 2021. Experimental evaluation of a
    local search approximation algorithm for the multiway cut problem. Conference
    on Algorithms and Discrete Applied Mathematics. CALDAM: Conference on Algorithms
    and Discrete Applied Mathematics, LNCS, vol. 12601, 346–358.'
  mla: Bloch-Hansen, Andrew, et al. “Experimental Evaluation of a Local Search Approximation
    Algorithm for the Multiway Cut Problem.” <i>Conference on Algorithms and Discrete
    Applied Mathematics</i>, vol. 12601, Springer Nature, 2021, pp. 346–58, doi:<a
    href="https://doi.org/10.1007/978-3-030-67899-9_28">10.1007/978-3-030-67899-9_28</a>.
  short: A. Bloch-Hansen, N. Samei, R. Solis-Oba, in:, Conference on Algorithms and
    Discrete Applied Mathematics, Springer Nature, 2021, pp. 346–358.
conference:
  end_date: 2021-02-13
  location: Rupnagar, India
  name: 'CALDAM: Conference on Algorithms and Discrete Applied Mathematics'
  start_date: 2021-02-11
date_created: 2021-03-07T23:01:25Z
date_published: 2021-01-28T00:00:00Z
date_updated: 2023-10-10T09:29:08Z
day: '28'
department:
- _id: VlKo
doi: 10.1007/978-3-030-67899-9_28
intvolume: '     12601'
language:
- iso: eng
month: '01'
oa_version: None
page: 346-358
publication: Conference on Algorithms and Discrete Applied Mathematics
publication_identifier:
  eissn:
  - 1611-3349
  isbn:
  - '9783030678982'
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
scopus_import: '1'
status: public
title: Experimental evaluation of a local search approximation algorithm for the multiway
  cut problem
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 12601
year: '2021'
...
---
_id: '9620'
abstract:
- lang: eng
  text: "In this note, we introduce a distributed twist on the classic coupon collector
    problem: a set of m collectors wish to each obtain a set of n coupons; for this,
    they can each sample coupons uniformly at random, but can also meet in pairwise
    interactions, during which they can exchange coupons. By doing so, they hope to
    reduce the number of coupons that must be sampled by each collector in order to
    obtain a full set. This extension is natural when considering real-world manifestations
    of the coupon collector phenomenon, and has been remarked upon and studied empirically
    (Hayes and Hannigan 2006, Ahmad et al. 2014, Delmarcelle 2019).\r\n\r\nWe provide
    the first theoretical analysis for such a scenario. We find that “coupon collecting
    with friends” can indeed significantly reduce the number of coupons each collector
    must sample, and raises interesting connections to the more traditional variants
    of the problem. While our analysis is in most cases asymptotically tight, there
    are several open questions raised, regarding finer-grained analysis of both “coupon
    collecting with friends,” and of a long-studied variant of the original problem
    in which a collector requires multiple full sets of coupons."
acknowledgement: Peter Davies is supported by the European Union’s Horizon2020 research
  and innovation programme under the Marie Skłodowska-Curie grant agreement No. 754411.
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Dan-Adrian
  full_name: Alistarh, Dan-Adrian
  id: 4A899BFC-F248-11E8-B48F-1D18A9856A87
  last_name: Alistarh
  orcid: 0000-0003-3650-940X
- first_name: Peter
  full_name: Davies, Peter
  id: 11396234-BB50-11E9-B24C-90FCE5697425
  last_name: Davies
  orcid: 0000-0002-5646-9524
citation:
  ama: 'Alistarh D-A, Davies P. Collecting coupons is faster with friends. In: <i>Structural
    Information and Communication Complexity</i>. Vol 12810. Springer Nature; 2021:3-12.
    doi:<a href="https://doi.org/10.1007/978-3-030-79527-6_1">10.1007/978-3-030-79527-6_1</a>'
  apa: 'Alistarh, D.-A., &#38; Davies, P. (2021). Collecting coupons is faster with
    friends. In <i>Structural Information and Communication Complexity</i> (Vol. 12810,
    pp. 3–12). Wrocław, Poland: Springer Nature. <a href="https://doi.org/10.1007/978-3-030-79527-6_1">https://doi.org/10.1007/978-3-030-79527-6_1</a>'
  chicago: Alistarh, Dan-Adrian, and Peter Davies. “Collecting Coupons Is Faster with
    Friends.” In <i>Structural Information and Communication Complexity</i>, 12810:3–12.
    Springer Nature, 2021. <a href="https://doi.org/10.1007/978-3-030-79527-6_1">https://doi.org/10.1007/978-3-030-79527-6_1</a>.
  ieee: D.-A. Alistarh and P. Davies, “Collecting coupons is faster with friends,”
    in <i>Structural Information and Communication Complexity</i>, Wrocław, Poland,
    2021, vol. 12810, pp. 3–12.
  ista: 'Alistarh D-A, Davies P. 2021. Collecting coupons is faster with friends.
    Structural Information and Communication Complexity.  SIROCCO: International Colloquium
    on Structural Information and Communication Complexity, LNCS, vol. 12810, 3–12.'
  mla: Alistarh, Dan-Adrian, and Peter Davies. “Collecting Coupons Is Faster with
    Friends.” <i>Structural Information and Communication Complexity</i>, vol. 12810,
    Springer Nature, 2021, pp. 3–12, doi:<a href="https://doi.org/10.1007/978-3-030-79527-6_1">10.1007/978-3-030-79527-6_1</a>.
  short: D.-A. Alistarh, P. Davies, in:, Structural Information and Communication
    Complexity, Springer Nature, 2021, pp. 3–12.
conference:
  end_date: 2021-07-01
  location: Wrocław, Poland
  name: ' SIROCCO: International Colloquium on Structural Information and Communication
    Complexity'
  start_date: 2021-06-28
date_created: 2021-07-01T11:04:43Z
date_published: 2021-06-20T00:00:00Z
date_updated: 2023-02-23T14:02:46Z
day: '20'
ddc:
- '000'
department:
- _id: DaAl
doi: 10.1007/978-3-030-79527-6_1
ec_funded: 1
file:
- access_level: open_access
  checksum: fe37fb9af3f5016c1084af9d6e7109bd
  content_type: application/pdf
  creator: pdavies
  date_created: 2021-07-01T11:21:40Z
  date_updated: 2021-07-01T11:21:40Z
  file_id: '9621'
  file_name: Population_Coupon_Collector.pdf
  file_size: 319728
  relation: main_file
file_date_updated: 2021-07-01T11:21:40Z
has_accepted_license: '1'
intvolume: '     12810'
language:
- iso: eng
month: '06'
oa: 1
oa_version: Preprint
page: 3-12
project:
- _id: 260C2330-B435-11E9-9278-68D0E5697425
  call_identifier: H2020
  grant_number: '754411'
  name: ISTplus - Postdoctoral Fellowships
publication: Structural Information and Communication Complexity
publication_identifier:
  eisbn:
  - '9783030795276'
  eissn:
  - 1611-3349
  isbn:
  - '9783030795269'
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
status: public
title: Collecting coupons is faster with friends
type: conference
user_id: D865714E-FA4E-11E9-B85B-F5C5E5697425
volume: 12810
year: '2021'
...
---
_id: '10041'
abstract:
- lang: eng
  text: Yao’s garbling scheme is one of the most fundamental cryptographic constructions.
    Lindell and Pinkas (Journal of Cryptograhy 2009) gave a formal proof of security
    in the selective setting where the adversary chooses the challenge inputs before
    seeing the garbled circuit assuming secure symmetric-key encryption (and hence
    one-way functions). This was followed by results, both positive and negative,
    concerning its security in the, stronger, adaptive setting. Applebaum et al. (Crypto
    2013) showed that it cannot satisfy adaptive security as is, due to a simple incompressibility
    argument. Jafargholi and Wichs (TCC 2017) considered a natural adaptation of Yao’s
    scheme (where the output mapping is sent in the online phase, together with the
    garbled input) that circumvents this negative result, and proved that it is adaptively
    secure, at least for shallow circuits. In particular, they showed that for the
    class of circuits of depth   δ , the loss in security is at most exponential in   δ
    . The above results all concern the simulation-based notion of security. In this
    work, we show that the upper bound of Jafargholi and Wichs is basically optimal
    in a strong sense. As our main result, we show that there exists a family of Boolean
    circuits, one for each depth  δ∈N , such that any black-box reduction proving
    the adaptive indistinguishability of the natural adaptation of Yao’s scheme from
    any symmetric-key encryption has to lose a factor that is exponential in   δ√
    . Since indistinguishability is a weaker notion than simulation, our bound also
    applies to adaptive simulation. To establish our results, we build on the recent
    approach of Kamath et al. (Eprint 2021), which uses pebbling lower bounds in conjunction
    with oracle separations to prove fine-grained lower bounds on loss in cryptographic
    security.
acknowledgement: We would like to thank the anonymous reviewers of Crypto’21 whose
  detailed comments helped us considerably improve the presentation of the paper.
alternative_title:
- LCNS
article_processing_charge: No
author:
- first_name: Chethan
  full_name: Kamath Hosdurg, Chethan
  id: 4BD3F30E-F248-11E8-B48F-1D18A9856A87
  last_name: Kamath Hosdurg
- first_name: Karen
  full_name: Klein, Karen
  id: 3E83A2F8-F248-11E8-B48F-1D18A9856A87
  last_name: Klein
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
- first_name: Daniel
  full_name: Wichs, Daniel
  last_name: Wichs
citation:
  ama: 'Kamath Hosdurg C, Klein K, Pietrzak KZ, Wichs D. Limits on the Adaptive Security
    of Yao’s Garbling. In: <i>41st Annual International Cryptology Conference, Part
    II </i>. Vol 12826. Cham: Springer Nature; 2021:486-515. doi:<a href="https://doi.org/10.1007/978-3-030-84245-1_17">10.1007/978-3-030-84245-1_17</a>'
  apa: 'Kamath Hosdurg, C., Klein, K., Pietrzak, K. Z., &#38; Wichs, D. (2021). Limits
    on the Adaptive Security of Yao’s Garbling. In <i>41st Annual International Cryptology
    Conference, Part II </i> (Vol. 12826, pp. 486–515). Cham: Springer Nature. <a
    href="https://doi.org/10.1007/978-3-030-84245-1_17">https://doi.org/10.1007/978-3-030-84245-1_17</a>'
  chicago: 'Kamath Hosdurg, Chethan, Karen Klein, Krzysztof Z Pietrzak, and Daniel
    Wichs. “Limits on the Adaptive Security of Yao’s Garbling.” In <i>41st Annual
    International Cryptology Conference, Part II </i>, 12826:486–515. Cham: Springer
    Nature, 2021. <a href="https://doi.org/10.1007/978-3-030-84245-1_17">https://doi.org/10.1007/978-3-030-84245-1_17</a>.'
  ieee: C. Kamath Hosdurg, K. Klein, K. Z. Pietrzak, and D. Wichs, “Limits on the
    Adaptive Security of Yao’s Garbling,” in <i>41st Annual International Cryptology
    Conference, Part II </i>, Virtual, 2021, vol. 12826, pp. 486–515.
  ista: 'Kamath Hosdurg C, Klein K, Pietrzak KZ, Wichs D. 2021. Limits on the Adaptive
    Security of Yao’s Garbling. 41st Annual International Cryptology Conference, Part
    II . CRYPTO: Annual International Cryptology Conference, LCNS, vol. 12826, 486–515.'
  mla: Kamath Hosdurg, Chethan, et al. “Limits on the Adaptive Security of Yao’s Garbling.”
    <i>41st Annual International Cryptology Conference, Part II </i>, vol. 12826,
    Springer Nature, 2021, pp. 486–515, doi:<a href="https://doi.org/10.1007/978-3-030-84245-1_17">10.1007/978-3-030-84245-1_17</a>.
  short: C. Kamath Hosdurg, K. Klein, K.Z. Pietrzak, D. Wichs, in:, 41st Annual International
    Cryptology Conference, Part II , Springer Nature, Cham, 2021, pp. 486–515.
conference:
  end_date: 2021-08-20
  location: Virtual
  name: 'CRYPTO: Annual International Cryptology Conference'
  start_date: 2021-08-16
date_created: 2021-09-23T14:06:15Z
date_published: 2021-08-11T00:00:00Z
date_updated: 2023-09-07T13:32:11Z
day: '11'
department:
- _id: KrPi
doi: 10.1007/978-3-030-84245-1_17
ec_funded: 1
intvolume: '     12826'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://eprint.iacr.org/2021/945
month: '08'
oa: 1
oa_version: Preprint
page: 486-515
place: Cham
project:
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
  call_identifier: H2020
  grant_number: '682815'
  name: Teaching Old Crypto New Tricks
publication: '41st Annual International Cryptology Conference, Part II '
publication_identifier:
  eisbn:
  - 978-3-030-84245-1
  eissn:
  - 1611-3349
  isbn:
  - 978-3-030-84244-4
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
related_material:
  record:
  - id: '10035'
    relation: dissertation_contains
    status: public
status: public
title: Limits on the Adaptive Security of Yao’s Garbling
type: conference
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
volume: 12826
year: '2021'
...
---
_id: '10076'
abstract:
- lang: eng
  text: We present a novel approach for blockchain asset owners to reclaim their funds
    in case of accidental private-key loss or transfer to a mistyped address. Our
    solution can be deployed upon failure or absence of proactively implemented backup
    mechanisms, such as secret sharing and cold storage. The main advantages against
    previous proposals is it does not require any prior action from users and works
    with both single-key and multi-sig accounts. We achieve this by a 3-phase   Commit()→Reveal()→Claim()−or−Challenge()  smart
    contract that enables accessing funds of addresses for which the spending key
    is not available. We provide an analysis of the threat and incentive models and
    formalize the concept of reactive KEy-Loss Protection (KELP).
acknowledgement: The authors would like to thank all anonymous reviewers of FC21 WTSC
  workshop for comments and suggestions that greatly improved the quality of this
  paper.
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Sam
  full_name: Blackshear, Sam
  last_name: Blackshear
- first_name: Konstantinos
  full_name: Chalkias, Konstantinos
  last_name: Chalkias
- first_name: Panagiotis
  full_name: Chatzigiannis, Panagiotis
  last_name: Chatzigiannis
- first_name: Riyaz
  full_name: Faizullabhoy, Riyaz
  last_name: Faizullabhoy
- first_name: Irakliy
  full_name: Khaburzaniya, Irakliy
  last_name: Khaburzaniya
- first_name: Eleftherios
  full_name: Kokoris Kogias, Eleftherios
  id: f5983044-d7ef-11ea-ac6d-fd1430a26d30
  last_name: Kokoris Kogias
- first_name: Joshua
  full_name: Lind, Joshua
  last_name: Lind
- first_name: David
  full_name: Wong, David
  last_name: Wong
- first_name: Tim
  full_name: Zakian, Tim
  last_name: Zakian
citation:
  ama: 'Blackshear S, Chalkias K, Chatzigiannis P, et al. Reactive key-loss protection
    in blockchains. In: <i>FC 2021 Workshops</i>. Vol 12676. Springer Nature; 2021:431-450.
    doi:<a href="https://doi.org/10.1007/978-3-662-63958-0_34">10.1007/978-3-662-63958-0_34</a>'
  apa: 'Blackshear, S., Chalkias, K., Chatzigiannis, P., Faizullabhoy, R., Khaburzaniya,
    I., Kokoris Kogias, E., … Zakian, T. (2021). Reactive key-loss protection in blockchains.
    In <i>FC 2021 Workshops</i> (Vol. 12676, pp. 431–450). Virtual: Springer Nature.
    <a href="https://doi.org/10.1007/978-3-662-63958-0_34">https://doi.org/10.1007/978-3-662-63958-0_34</a>'
  chicago: Blackshear, Sam, Konstantinos Chalkias, Panagiotis Chatzigiannis, Riyaz
    Faizullabhoy, Irakliy Khaburzaniya, Eleftherios Kokoris Kogias, Joshua Lind, David
    Wong, and Tim Zakian. “Reactive Key-Loss Protection in Blockchains.” In <i>FC
    2021 Workshops</i>, 12676:431–50. Springer Nature, 2021. <a href="https://doi.org/10.1007/978-3-662-63958-0_34">https://doi.org/10.1007/978-3-662-63958-0_34</a>.
  ieee: S. Blackshear <i>et al.</i>, “Reactive key-loss protection in blockchains,”
    in <i>FC 2021 Workshops</i>, Virtual, 2021, vol. 12676, pp. 431–450.
  ista: 'Blackshear S, Chalkias K, Chatzigiannis P, Faizullabhoy R, Khaburzaniya I,
    Kokoris Kogias E, Lind J, Wong D, Zakian T. 2021. Reactive key-loss protection
    in blockchains. FC 2021 Workshops. FC: International Conference on Financial Cryptography
    and Data Security, LNCS, vol. 12676, 431–450.'
  mla: Blackshear, Sam, et al. “Reactive Key-Loss Protection in Blockchains.” <i>FC
    2021 Workshops</i>, vol. 12676, Springer Nature, 2021, pp. 431–50, doi:<a href="https://doi.org/10.1007/978-3-662-63958-0_34">10.1007/978-3-662-63958-0_34</a>.
  short: S. Blackshear, K. Chalkias, P. Chatzigiannis, R. Faizullabhoy, I. Khaburzaniya,
    E. Kokoris Kogias, J. Lind, D. Wong, T. Zakian, in:, FC 2021 Workshops, Springer
    Nature, 2021, pp. 431–450.
conference:
  end_date: 2021-03-05
  location: Virtual
  name: 'FC: International Conference on Financial Cryptography and Data Security'
  start_date: 2021-03-01
date_created: 2021-10-03T22:01:24Z
date_published: 2021-09-17T00:00:00Z
date_updated: 2023-08-14T07:06:16Z
day: '17'
department:
- _id: ElKo
doi: 10.1007/978-3-662-63958-0_34
external_id:
  isi:
  - '000713005000034'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://research.fb.com/publications/reactive-key-loss-protection-in-blockchains/
month: '09'
oa: 1
oa_version: Preprint
page: 431-450
publication: FC 2021 Workshops
publication_identifier:
  eisbn:
  - 978-3-662-63958-0
  eissn:
  - 1611-3349
  isbn:
  - 978-3-6626-3957-3
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
scopus_import: '1'
status: public
title: Reactive key-loss protection in blockchains
type: conference
user_id: 4359f0d1-fa6c-11eb-b949-802e58b17ae8
volume: '12676 '
year: '2021'
...
---
_id: '10108'
abstract:
- lang: eng
  text: We argue that the time is ripe to investigate differential monitoring, in
    which the specification of a program's behavior is implicitly given by a second
    program implementing the same informal specification. Similar ideas have been
    proposed before, and are currently implemented in restricted form for testing
    and specialized run-time analyses, aspects of which we combine. We discuss the
    challenges of implementing differential monitoring as a general-purpose, black-box
    run-time monitoring framework, and present promising results of a preliminary
    implementation, showing low monitoring overheads for diverse programs.
acknowledgement: The authors would like to thank Borzoo Bonakdarpour, Derek Dreyer,
  Adrian Francalanza, Owolabi Legunsen, Mae Milano, Manuel Rigger, Cesar Sanchez,
  and the members of the IST Verification Seminar for their helpful comments and insights
  on various stages of this work, as well as the reviewers of RV’21 for their helpful
  suggestions on the actual paper.
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Fabian
  full_name: Mühlböck, Fabian
  id: 6395C5F6-89DF-11E9-9C97-6BDFE5697425
  last_name: Mühlböck
  orcid: 0000-0003-1548-0177
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000-0002-2985-7724
citation:
  ama: 'Mühlböck F, Henzinger TA. Differential monitoring. In: <i>International Conference
    on Runtime Verification</i>. Vol 12974. Cham: Springer Nature; 2021:231-243. doi:<a
    href="https://doi.org/10.1007/978-3-030-88494-9_12">10.1007/978-3-030-88494-9_12</a>'
  apa: 'Mühlböck, F., &#38; Henzinger, T. A. (2021). Differential monitoring. In <i>International
    Conference on Runtime Verification</i> (Vol. 12974, pp. 231–243). Cham: Springer
    Nature. <a href="https://doi.org/10.1007/978-3-030-88494-9_12">https://doi.org/10.1007/978-3-030-88494-9_12</a>'
  chicago: 'Mühlböck, Fabian, and Thomas A Henzinger. “Differential Monitoring.” In
    <i>International Conference on Runtime Verification</i>, 12974:231–43. Cham: Springer
    Nature, 2021. <a href="https://doi.org/10.1007/978-3-030-88494-9_12">https://doi.org/10.1007/978-3-030-88494-9_12</a>.'
  ieee: F. Mühlböck and T. A. Henzinger, “Differential monitoring,” in <i>International
    Conference on Runtime Verification</i>, Virtual, 2021, vol. 12974, pp. 231–243.
  ista: 'Mühlböck F, Henzinger TA. 2021. Differential monitoring. International Conference
    on Runtime Verification. RV: Runtime Verification, LNCS, vol. 12974, 231–243.'
  mla: Mühlböck, Fabian, and Thomas A. Henzinger. “Differential Monitoring.” <i>International
    Conference on Runtime Verification</i>, vol. 12974, Springer Nature, 2021, pp.
    231–43, doi:<a href="https://doi.org/10.1007/978-3-030-88494-9_12">10.1007/978-3-030-88494-9_12</a>.
  short: F. Mühlböck, T.A. Henzinger, in:, International Conference on Runtime Verification,
    Springer Nature, Cham, 2021, pp. 231–243.
conference:
  end_date: 2021-10-14
  location: Virtual
  name: 'RV: Runtime Verification'
  start_date: 2021-10-11
date_created: 2021-10-07T23:30:10Z
date_published: 2021-10-06T00:00:00Z
date_updated: 2023-08-14T07:20:30Z
day: '06'
ddc:
- '005'
department:
- _id: ToHe
doi: 10.1007/978-3-030-88494-9_12
external_id:
  isi:
  - '000719383800012'
file:
- access_level: open_access
  checksum: 554c7fdb259eda703a8b6328a6dad55a
  content_type: application/pdf
  creator: fmuehlbo
  date_created: 2021-10-07T23:32:18Z
  date_updated: 2021-10-07T23:32:18Z
  file_id: '10109'
  file_name: differentialmonitoring-cameraready-openaccess.pdf
  file_size: 350632
  relation: main_file
  success: 1
file_date_updated: 2021-10-07T23:32:18Z
has_accepted_license: '1'
intvolume: '     12974'
isi: 1
keyword:
- run-time verification
- software engineering
- implicit specification
language:
- iso: eng
month: '10'
oa: 1
oa_version: Preprint
page: 231-243
place: Cham
project:
- _id: 25F42A32-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: Z211
  name: The Wittgenstein Prize
publication: International Conference on Runtime Verification
publication_identifier:
  eisbn:
  - 978-3-030-88494-9
  eissn:
  - 1611-3349
  isbn:
  - 978-3-030-88493-2
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
related_material:
  record:
  - id: '9946'
    relation: extended_version
    status: public
scopus_import: '1'
status: public
title: Differential monitoring
type: conference
user_id: 4359f0d1-fa6c-11eb-b949-802e58b17ae8
volume: 12974
year: '2021'
...
---
_id: '10206'
abstract:
- lang: eng
  text: Neural-network classifiers achieve high accuracy when predicting the class
    of an input that they were trained to identify. Maintaining this accuracy in dynamic
    environments, where inputs frequently fall outside the fixed set of initially
    known classes, remains a challenge. The typical approach is to detect inputs from
    novel classes and retrain the classifier on an augmented dataset. However, not
    only the classifier but also the detection mechanism needs to adapt in order to
    distinguish between newly learned and yet unknown input classes. To address this
    challenge, we introduce an algorithmic framework for active monitoring of a neural
    network. A monitor wrapped in our framework operates in parallel with the neural
    network and interacts with a human user via a series of interpretable labeling
    queries for incremental adaptation. In addition, we propose an adaptive quantitative
    monitor to improve precision. An experimental evaluation on a diverse set of benchmarks
    with varying numbers of classes confirms the benefits of our active monitoring
    framework in dynamic scenarios.
acknowledgement: We thank Christoph Lampert and Alex Greengold for fruitful discussions.
  This research was supported in part by the Simons Institute for the Theory of Computing,
  the Austrian Science Fund (FWF) under grant Z211-N23 (Wittgenstein Award), and the
  European Union’s Horizon 2020 research and innovation programme under the Marie
  Skłodowska-Curie grant agreement No. 754411.
alternative_title:
- LNCS
article_processing_charge: No
arxiv: 1
author:
- first_name: Anna
  full_name: Lukina, Anna
  id: CBA4D1A8-0FE8-11E9-BDE6-07BFE5697425
  last_name: Lukina
- first_name: Christian
  full_name: Schilling, Christian
  id: 3A2F4DCE-F248-11E8-B48F-1D18A9856A87
  last_name: Schilling
  orcid: 0000-0003-3658-1065
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000-0002-2985-7724
citation:
  ama: 'Lukina A, Schilling C, Henzinger TA. Into the unknown: active monitoring of neural
    networks. In: <i>21st International Conference on Runtime Verification</i>. Vol
    12974. Cham: Springer Nature; 2021:42-61. doi:<a href="https://doi.org/10.1007/978-3-030-88494-9_3">10.1007/978-3-030-88494-9_3</a>'
  apa: 'Lukina, A., Schilling, C., &#38; Henzinger, T. A. (2021). Into the unknown:
    active monitoring of neural networks. In <i>21st International Conference on Runtime
    Verification</i> (Vol. 12974, pp. 42–61). Cham: Springer Nature. <a href="https://doi.org/10.1007/978-3-030-88494-9_3">https://doi.org/10.1007/978-3-030-88494-9_3</a>'
  chicago: 'Lukina, Anna, Christian Schilling, and Thomas A Henzinger. “Into the Unknown:
    Active Monitoring of Neural Networks.” In <i>21st International Conference on
    Runtime Verification</i>, 12974:42–61. Cham: Springer Nature, 2021. <a href="https://doi.org/10.1007/978-3-030-88494-9_3">https://doi.org/10.1007/978-3-030-88494-9_3</a>.'
  ieee: 'A. Lukina, C. Schilling, and T. A. Henzinger, “Into the unknown: active monitoring
    of neural networks,” in <i>21st International Conference on Runtime Verification</i>,
    Virtual, 2021, vol. 12974, pp. 42–61.'
  ista: 'Lukina A, Schilling C, Henzinger TA. 2021. Into the unknown: active monitoring
    of neural networks. 21st International Conference on Runtime Verification. RV:
    Runtime Verification, LNCS, vol. 12974, 42–61.'
  mla: 'Lukina, Anna, et al. “Into the Unknown: Active Monitoring of Neural Networks.”
    <i>21st International Conference on Runtime Verification</i>, vol. 12974, Springer
    Nature, 2021, pp. 42–61, doi:<a href="https://doi.org/10.1007/978-3-030-88494-9_3">10.1007/978-3-030-88494-9_3</a>.'
  short: A. Lukina, C. Schilling, T.A. Henzinger, in:, 21st International Conference
    on Runtime Verification, Springer Nature, Cham, 2021, pp. 42–61.
conference:
  end_date: 2021-10-14
  location: Virtual
  name: 'RV: Runtime Verification'
  start_date: 2021-10-11
date_created: 2021-10-31T23:01:31Z
date_published: 2021-10-06T00:00:00Z
date_updated: 2024-01-30T12:06:56Z
day: '06'
department:
- _id: ToHe
doi: 10.1007/978-3-030-88494-9_3
ec_funded: 1
external_id:
  arxiv:
  - '2009.06429'
  isi:
  - '000719383800003'
isi: 1
keyword:
- monitoring
- neural networks
- novelty detection
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://arxiv.org/abs/2009.06429
month: '10'
oa: 1
oa_version: Preprint
page: 42-61
place: Cham
project:
- _id: 260C2330-B435-11E9-9278-68D0E5697425
  call_identifier: H2020
  grant_number: '754411'
  name: ISTplus - Postdoctoral Fellowships
- _id: 25F42A32-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: Z211
  name: The Wittgenstein Prize
publication: 21st International Conference on Runtime Verification
publication_identifier:
  eisbn:
  - 978-3-030-88494-9
  eissn:
  - 1611-3349
  isbn:
  - 9-783-0308-8493-2
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
related_material:
  record:
  - id: '13234'
    relation: extended_version
    status: public
scopus_import: '1'
status: public
title: 'Into the unknown: active monitoring of neural networks'
type: conference
user_id: 4359f0d1-fa6c-11eb-b949-802e58b17ae8
volume: '12974 '
year: '2021'
...
---
_id: '10324'
abstract:
- lang: eng
  text: Off-chain protocols (channels) are a promising solution to the scalability
    and privacy challenges of blockchain payments. Current proposals, however, require
    synchrony assumptions to preserve the safety of a channel, leaking to an adversary
    the exact amount of time needed to control the network for a successful attack.
    In this paper, we introduce Brick, the first payment channel that remains secure
    under network asynchrony and concurrently provides correct incentives. The core
    idea is to incorporate the conflict resolution process within the channel by introducing
    a rational committee of external parties, called wardens. Hence, if a party wants
    to close a channel unilaterally, it can only get the committee’s approval for
    the last valid state. Additionally, Brick provides sub-second latency because
    it does not employ heavy-weight consensus. Instead, Brick uses consistent broadcast
    to announce updates and close the channel, a light-weight abstraction that is
    powerful enough to preserve safety and liveness to any rational parties. We formally
    define and prove for Brick the properties a payment channel construction should
    fulfill. We also design incentives for Brick such that honest and rational behavior
    aligns. Finally, we provide a reference implementation of the smart contracts
    in Solidity.
acknowledgement: We would like to thank Kaoutar Elkhiyaoui for her valuable feedback
  as well as Jakub Sliwinski for his impactful contribution to this work.
alternative_title:
- LNCS
article_processing_charge: No
arxiv: 1
author:
- first_name: Zeta
  full_name: Avarikioti, Zeta
  last_name: Avarikioti
- first_name: Eleftherios
  full_name: Kokoris Kogias, Eleftherios
  id: f5983044-d7ef-11ea-ac6d-fd1430a26d30
  last_name: Kokoris Kogias
- first_name: Roger
  full_name: Wattenhofer, Roger
  last_name: Wattenhofer
- first_name: Dionysis
  full_name: Zindros, Dionysis
  last_name: Zindros
citation:
  ama: 'Avarikioti Z, Kokoris Kogias E, Wattenhofer R, Zindros D. Brick: Asynchronous
    incentive-compatible payment channels. In: <i>25th International Conference on
    Financial Cryptography and Data Security</i>. Vol 12675. Springer Nature; 2021:209-230.
    doi:<a href="https://doi.org/10.1007/978-3-662-64331-0_11">10.1007/978-3-662-64331-0_11</a>'
  apa: 'Avarikioti, Z., Kokoris Kogias, E., Wattenhofer, R., &#38; Zindros, D. (2021).
    Brick: Asynchronous incentive-compatible payment channels. In <i>25th International
    Conference on Financial Cryptography and Data Security</i> (Vol. 12675, pp. 209–230).
    Virtual: Springer Nature. <a href="https://doi.org/10.1007/978-3-662-64331-0_11">https://doi.org/10.1007/978-3-662-64331-0_11</a>'
  chicago: 'Avarikioti, Zeta, Eleftherios Kokoris Kogias, Roger Wattenhofer, and Dionysis
    Zindros. “Brick: Asynchronous Incentive-Compatible Payment Channels.” In <i>25th
    International Conference on Financial Cryptography and Data Security</i>, 12675:209–30.
    Springer Nature, 2021. <a href="https://doi.org/10.1007/978-3-662-64331-0_11">https://doi.org/10.1007/978-3-662-64331-0_11</a>.'
  ieee: 'Z. Avarikioti, E. Kokoris Kogias, R. Wattenhofer, and D. Zindros, “Brick:
    Asynchronous incentive-compatible payment channels,” in <i>25th International
    Conference on Financial Cryptography and Data Security</i>, Virtual, 2021, vol.
    12675, pp. 209–230.'
  ista: 'Avarikioti Z, Kokoris Kogias E, Wattenhofer R, Zindros D. 2021. Brick: Asynchronous
    incentive-compatible payment channels. 25th International Conference on Financial
    Cryptography and Data Security. FC: Financial Cryptography, LNCS, vol. 12675,
    209–230.'
  mla: 'Avarikioti, Zeta, et al. “Brick: Asynchronous Incentive-Compatible Payment
    Channels.” <i>25th International Conference on Financial Cryptography and Data
    Security</i>, vol. 12675, Springer Nature, 2021, pp. 209–30, doi:<a href="https://doi.org/10.1007/978-3-662-64331-0_11">10.1007/978-3-662-64331-0_11</a>.'
  short: Z. Avarikioti, E. Kokoris Kogias, R. Wattenhofer, D. Zindros, in:, 25th International
    Conference on Financial Cryptography and Data Security, Springer Nature, 2021,
    pp. 209–230.
conference:
  end_date: 2021-03-05
  location: Virtual
  name: 'FC: Financial Cryptography'
  start_date: 2021-03-01
date_created: 2021-11-21T23:01:29Z
date_published: 2021-10-23T00:00:00Z
date_updated: 2023-08-14T12:59:58Z
day: '23'
department:
- _id: ElKo
doi: 10.1007/978-3-662-64331-0_11
external_id:
  arxiv:
  - '1905.11360'
  isi:
  - '000712016200011'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://arxiv.org/abs/1905.11360
month: '10'
oa: 1
oa_version: Preprint
page: 209-230
publication: 25th International Conference on Financial Cryptography and Data Security
publication_identifier:
  eisbn:
  - 978-3-662-64331-0
  eissn:
  - 1611-3349
  isbn:
  - 9-783-6626-4330-3
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
scopus_import: '1'
status: public
title: 'Brick: Asynchronous incentive-compatible payment channels'
type: conference
user_id: 4359f0d1-fa6c-11eb-b949-802e58b17ae8
volume: '12675 '
year: '2021'
...
---
_id: '10325'
abstract:
- lang: eng
  text: Since the inception of Bitcoin, a plethora of distributed ledgers differing
    in design and purpose has been created. While by design, blockchains provide no
    means to securely communicate with external systems, numerous attempts towards
    trustless cross-chain communication have been proposed over the years. Today,
    cross-chain communication (CCC) plays a fundamental role in cryptocurrency exchanges,
    scalability efforts via sharding, extension of existing systems through sidechains,
    and bootstrapping of new blockchains. Unfortunately, existing proposals are designed
    ad-hoc for specific use-cases, making it hard to gain confidence in their correctness
    and composability. We provide the first systematic exposition of cross-chain communication
    protocols. We formalize the underlying research problem and show that CCC is impossible
    without a trusted third party, contrary to common beliefs in the blockchain community.
    With this result in mind, we develop a framework to design new and evaluate existing
    CCC protocols, focusing on the inherent trust assumptions thereof, and derive
    a classification covering the field of cross-chain communication to date. We conclude
    by discussing open challenges for CCC research and the implications of interoperability
    on the security and privacy of blockchains.
acknowledgement: 'We would like express our gratitude to Georgia Avarikioti, Daniel
  Perez and Dominik Harz for helpful comments and feedback on earlier versions of
  this manuscript. We also thank Nicholas Stifter, Aljosha Judmayer, Philipp Schindler,
  Edgar Weippl, and Alistair Stewart for insightful discussions during the early stages
  of this research. We also wish to thank the anonymous reviewers for their valuable
  comments that helped improve the presentation of our results. This research was
  funded by Bridge 1 858561 SESC; Bridge 1 864738 PR4DLT (all FFG); the Christian
  Doppler Laboratory for Security and Quality Improvement in the Production System
  Lifecycle (CDL-SQI); the competence center SBA-K1 funded by COMET; Chaincode Labs
  through the project SLN: Scalability for the Lightning Network; and by the Austrian
  Science Fund (FWF) through the Meitner program (project M-2608). Mustafa Al-Bassam
  is funded by a scholarship from the Alan Turing Institute. Alexei Zamyatin conducted
  the early stages of this work during his time at SBA Research, and was supported
  by a Binance Research Fellowship.'
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Alexei
  full_name: Zamyatin, Alexei
  last_name: Zamyatin
- first_name: Mustafa
  full_name: Al-Bassam, Mustafa
  last_name: Al-Bassam
- first_name: Dionysis
  full_name: Zindros, Dionysis
  last_name: Zindros
- first_name: Eleftherios
  full_name: Kokoris Kogias, Eleftherios
  id: f5983044-d7ef-11ea-ac6d-fd1430a26d30
  last_name: Kokoris Kogias
- first_name: Pedro
  full_name: Moreno-Sanchez, Pedro
  last_name: Moreno-Sanchez
- first_name: Aggelos
  full_name: Kiayias, Aggelos
  last_name: Kiayias
- first_name: William J.
  full_name: Knottenbelt, William J.
  last_name: Knottenbelt
citation:
  ama: 'Zamyatin A, Al-Bassam M, Zindros D, et al. SoK: Communication across distributed
    ledgers. In: <i>25th International Conference on Financial Cryptography and Data
    Security</i>. Vol 12675. Springer Nature; 2021:3-36. doi:<a href="https://doi.org/10.1007/978-3-662-64331-0_1">10.1007/978-3-662-64331-0_1</a>'
  apa: 'Zamyatin, A., Al-Bassam, M., Zindros, D., Kokoris Kogias, E., Moreno-Sanchez,
    P., Kiayias, A., &#38; Knottenbelt, W. J. (2021). SoK: Communication across distributed
    ledgers. In <i>25th International Conference on Financial Cryptography and Data
    Security</i> (Vol. 12675, pp. 3–36). Virtual: Springer Nature. <a href="https://doi.org/10.1007/978-3-662-64331-0_1">https://doi.org/10.1007/978-3-662-64331-0_1</a>'
  chicago: 'Zamyatin, Alexei, Mustafa Al-Bassam, Dionysis Zindros, Eleftherios Kokoris
    Kogias, Pedro Moreno-Sanchez, Aggelos Kiayias, and William J. Knottenbelt. “SoK:
    Communication across Distributed Ledgers.” In <i>25th International Conference
    on Financial Cryptography and Data Security</i>, 12675:3–36. Springer Nature,
    2021. <a href="https://doi.org/10.1007/978-3-662-64331-0_1">https://doi.org/10.1007/978-3-662-64331-0_1</a>.'
  ieee: 'A. Zamyatin <i>et al.</i>, “SoK: Communication across distributed ledgers,”
    in <i>25th International Conference on Financial Cryptography and Data Security</i>,
    Virtual, 2021, vol. 12675, pp. 3–36.'
  ista: 'Zamyatin A, Al-Bassam M, Zindros D, Kokoris Kogias E, Moreno-Sanchez P, Kiayias
    A, Knottenbelt WJ. 2021. SoK: Communication across distributed ledgers. 25th International
    Conference on Financial Cryptography and Data Security. FC: Financial Cryptography,
    LNCS, vol. 12675, 3–36.'
  mla: 'Zamyatin, Alexei, et al. “SoK: Communication across Distributed Ledgers.”
    <i>25th International Conference on Financial Cryptography and Data Security</i>,
    vol. 12675, Springer Nature, 2021, pp. 3–36, doi:<a href="https://doi.org/10.1007/978-3-662-64331-0_1">10.1007/978-3-662-64331-0_1</a>.'
  short: A. Zamyatin, M. Al-Bassam, D. Zindros, E. Kokoris Kogias, P. Moreno-Sanchez,
    A. Kiayias, W.J. Knottenbelt, in:, 25th International Conference on Financial
    Cryptography and Data Security, Springer Nature, 2021, pp. 3–36.
conference:
  end_date: 2021-03-05
  location: Virtual
  name: 'FC: Financial Cryptography'
  start_date: 2021-03-01
date_created: 2021-11-21T23:01:29Z
date_published: 2021-10-23T00:00:00Z
date_updated: 2023-08-14T12:59:26Z
day: '23'
department:
- _id: ElKo
doi: 10.1007/978-3-662-64331-0_1
external_id:
  isi:
  - '000712016200001'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://eprint.iacr.org/2019/1128
month: '10'
oa: 1
oa_version: Preprint
page: 3-36
publication: 25th International Conference on Financial Cryptography and Data Security
publication_identifier:
  eisbn:
  - 978-3-662-64331-0
  eissn:
  - 1611-3349
  isbn:
  - 9-783-6626-4330-3
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
scopus_import: '1'
status: public
title: 'SoK: Communication across distributed ledgers'
type: conference
user_id: 4359f0d1-fa6c-11eb-b949-802e58b17ae8
volume: '12675 '
year: '2021'
...
---
_id: '10407'
abstract:
- lang: eng
  text: Digital hardware Trojans are integrated circuits whose implementation differ
    from the specification in an arbitrary and malicious way. For example, the circuit
    can differ from its specified input/output behavior after some fixed number of
    queries (known as “time bombs”) or on some particular input (known as “cheat codes”).
    To detect such Trojans, countermeasures using multiparty computation (MPC) or
    verifiable computation (VC) have been proposed. On a high level, to realize a
    circuit with specification   F  one has more sophisticated circuits   F⋄  manufactured
    (where   F⋄  specifies a MPC or VC of   F ), and then embeds these   F⋄ ’s into
    a master circuit which must be trusted but is relatively simple compared to   F
    . Those solutions impose a significant overhead as   F⋄  is much more complex
    than   F , also the master circuits are not exactly trivial. In this work, we
    show that in restricted settings, where   F  has no evolving state and is queried
    on independent inputs, we can achieve a relaxed security notion using very simple
    constructions. In particular, we do not change the specification of the circuit
    at all (i.e.,   F=F⋄ ). Moreover the master circuit basically just queries a subset
    of its manufactured circuits and checks if they’re all the same. The security
    we achieve guarantees that, if the manufactured circuits are initially tested
    on up to T inputs, the master circuit will catch Trojans that try to deviate on
    significantly more than a 1/T fraction of the inputs. This bound is optimal for
    the type of construction considered, and we provably achieve it using a construction
    where 12 instantiations of   F  need to be embedded into the master. We also discuss
    an extremely simple construction with just 2 instantiations for which we conjecture
    that it already achieves the optimal bound.
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Suvradip
  full_name: Chakraborty, Suvradip
  id: B9CD0494-D033-11E9-B219-A439E6697425
  last_name: Chakraborty
- first_name: Stefan
  full_name: Dziembowski, Stefan
  last_name: Dziembowski
- first_name: Małgorzata
  full_name: Gałązka, Małgorzata
  last_name: Gałązka
- first_name: Tomasz
  full_name: Lizurej, Tomasz
  last_name: Lizurej
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
- first_name: Michelle X
  full_name: Yeo, Michelle X
  id: 2D82B818-F248-11E8-B48F-1D18A9856A87
  last_name: Yeo
citation:
  ama: 'Chakraborty S, Dziembowski S, Gałązka M, Lizurej T, Pietrzak KZ, Yeo MX. Trojan-resilience
    without cryptography. In: Vol 13043. Springer Nature; 2021:397-428. doi:<a href="https://doi.org/10.1007/978-3-030-90453-1_14">10.1007/978-3-030-90453-1_14</a>'
  apa: 'Chakraborty, S., Dziembowski, S., Gałązka, M., Lizurej, T., Pietrzak, K. Z.,
    &#38; Yeo, M. X. (2021). Trojan-resilience without cryptography (Vol. 13043, pp.
    397–428). Presented at the TCC: Theory of Cryptography Conference, Raleigh, NC,
    United States: Springer Nature. <a href="https://doi.org/10.1007/978-3-030-90453-1_14">https://doi.org/10.1007/978-3-030-90453-1_14</a>'
  chicago: Chakraborty, Suvradip, Stefan Dziembowski, Małgorzata Gałązka, Tomasz Lizurej,
    Krzysztof Z Pietrzak, and Michelle X Yeo. “Trojan-Resilience without Cryptography,”
    13043:397–428. Springer Nature, 2021. <a href="https://doi.org/10.1007/978-3-030-90453-1_14">https://doi.org/10.1007/978-3-030-90453-1_14</a>.
  ieee: 'S. Chakraborty, S. Dziembowski, M. Gałązka, T. Lizurej, K. Z. Pietrzak, and
    M. X. Yeo, “Trojan-resilience without cryptography,” presented at the TCC: Theory
    of Cryptography Conference, Raleigh, NC, United States, 2021, vol. 13043, pp.
    397–428.'
  ista: 'Chakraborty S, Dziembowski S, Gałązka M, Lizurej T, Pietrzak KZ, Yeo MX.
    2021. Trojan-resilience without cryptography. TCC: Theory of Cryptography Conference,
    LNCS, vol. 13043, 397–428.'
  mla: Chakraborty, Suvradip, et al. <i>Trojan-Resilience without Cryptography</i>.
    Vol. 13043, Springer Nature, 2021, pp. 397–428, doi:<a href="https://doi.org/10.1007/978-3-030-90453-1_14">10.1007/978-3-030-90453-1_14</a>.
  short: S. Chakraborty, S. Dziembowski, M. Gałązka, T. Lizurej, K.Z. Pietrzak, M.X.
    Yeo, in:, Springer Nature, 2021, pp. 397–428.
conference:
  end_date: 2021-11-11
  location: Raleigh, NC, United States
  name: 'TCC: Theory of Cryptography Conference'
  start_date: 2021-11-08
date_created: 2021-12-05T23:01:42Z
date_published: 2021-11-04T00:00:00Z
date_updated: 2023-08-14T13:07:46Z
day: '04'
department:
- _id: KrPi
doi: 10.1007/978-3-030-90453-1_14
ec_funded: 1
external_id:
  isi:
  - '000728364000014'
intvolume: '     13043'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://eprint.iacr.org/2021/1224
month: '11'
oa: 1
oa_version: Preprint
page: 397-428
project:
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
  call_identifier: H2020
  grant_number: '682815'
  name: Teaching Old Crypto New Tricks
publication_identifier:
  eissn:
  - 1611-3349
  isbn:
  - 9-783-0309-0452-4
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
scopus_import: '1'
status: public
title: Trojan-resilience without cryptography
type: conference
user_id: 4359f0d1-fa6c-11eb-b949-802e58b17ae8
volume: 13043
year: '2021'
...
---
_id: '10408'
abstract:
- lang: eng
  text: 'Key trees are often the best solution in terms of transmission cost and storage
    requirements for managing keys in a setting where a group needs to share a secret
    key, while being able to efficiently rotate the key material of users (in order
    to recover from a potential compromise, or to add or remove users). Applications
    include multicast encryption protocols like LKH (Logical Key Hierarchies) or group
    messaging like the current IETF proposal TreeKEM. A key tree is a (typically balanced)
    binary tree, where each node is identified with a key: leaf nodes hold users’
    secret keys while the root is the shared group key. For a group of size N, each
    user just holds   log(N)  keys (the keys on the path from its leaf to the root)
    and its entire key material can be rotated by broadcasting   2log(N)  ciphertexts
    (encrypting each fresh key on the path under the keys of its parents). In this
    work we consider the natural setting where we have many groups with partially
    overlapping sets of users, and ask if we can find solutions where the cost of
    rotating a key is better than in the trivial one where we have a separate key
    tree for each group. We show that in an asymptotic setting (where the number m
    of groups is fixed while the number N of users grows) there exist more general
    key graphs whose cost converges to the cost of a single group, thus saving a factor
    linear in the number of groups over the trivial solution. As our asymptotic “solution”
    converges very slowly and performs poorly on concrete examples, we propose an
    algorithm that uses a natural heuristic to compute a key graph for any given group
    structure. Our algorithm combines two greedy algorithms, and is thus very efficient:
    it first converts the group structure into a “lattice graph”, which is then turned
    into a key graph by repeatedly applying the algorithm for constructing a Huffman
    code. To better understand how far our proposal is from an optimal solution, we
    prove lower bounds on the update cost of continuous group-key agreement and multicast
    encryption in a symbolic model admitting (asymmetric) encryption, pseudorandom
    generators, and secret sharing as building blocks.'
acknowledgement: B. Auerbach, M.A. Baig and K. Pietrzak—received funding from the
  European Research Council (ERC) under the European Union’s Horizon 2020 research
  and innovation programme (682815 - TOCNeT); Karen Klein was supported in part by
  ERC CoG grant 724307 and conducted part of this work at IST Austria, funded by the
  ERC under the European Union’s Horizon 2020 research and innovation programme (682815
  - TOCNeT); Guillermo Pascual-Perez was funded by the European Union’s Horizon 2020
  research and innovation programme under the Marie Skłodowska-Curie Grant Agreement
  No. 665385; Michael Walter conducted part of this work at IST Austria, funded by
  the ERC under the European Union’s Horizon 2020 research and innovation programme
  (682815 - TOCNeT).
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Joel F
  full_name: Alwen, Joel F
  id: 2A8DFA8C-F248-11E8-B48F-1D18A9856A87
  last_name: Alwen
- first_name: Benedikt
  full_name: Auerbach, Benedikt
  id: D33D2B18-E445-11E9-ABB7-15F4E5697425
  last_name: Auerbach
  orcid: 0000-0002-7553-6606
- first_name: Mirza Ahad
  full_name: Baig, Mirza Ahad
  id: 3EDE6DE4-AA5A-11E9-986D-341CE6697425
  last_name: Baig
- first_name: Miguel
  full_name: Cueto Noval, Miguel
  id: ffc563a3-f6e0-11ea-865d-e3cce03d17cc
  last_name: Cueto Noval
- first_name: Karen
  full_name: Klein, Karen
  id: 3E83A2F8-F248-11E8-B48F-1D18A9856A87
  last_name: Klein
- first_name: Guillermo
  full_name: Pascual Perez, Guillermo
  id: 2D7ABD02-F248-11E8-B48F-1D18A9856A87
  last_name: Pascual Perez
  orcid: 0000-0001-8630-415X
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
- first_name: Michael
  full_name: Walter, Michael
  id: 488F98B0-F248-11E8-B48F-1D18A9856A87
  last_name: Walter
  orcid: 0000-0003-3186-2482
citation:
  ama: 'Alwen JF, Auerbach B, Baig MA, et al. Grafting key trees: Efficient key management
    for overlapping groups. In: <i>19th International Conference</i>. Vol 13044. Springer
    Nature; 2021:222-253. doi:<a href="https://doi.org/10.1007/978-3-030-90456-2_8">10.1007/978-3-030-90456-2_8</a>'
  apa: 'Alwen, J. F., Auerbach, B., Baig, M. A., Cueto Noval, M., Klein, K., Pascual
    Perez, G., … Walter, M. (2021). Grafting key trees: Efficient key management for
    overlapping groups. In <i>19th International Conference</i> (Vol. 13044, pp. 222–253).
    Raleigh, NC, United States: Springer Nature. <a href="https://doi.org/10.1007/978-3-030-90456-2_8">https://doi.org/10.1007/978-3-030-90456-2_8</a>'
  chicago: 'Alwen, Joel F, Benedikt Auerbach, Mirza Ahad Baig, Miguel Cueto Noval,
    Karen Klein, Guillermo Pascual Perez, Krzysztof Z Pietrzak, and Michael Walter.
    “Grafting Key Trees: Efficient Key Management for Overlapping Groups.” In <i>19th
    International Conference</i>, 13044:222–53. Springer Nature, 2021. <a href="https://doi.org/10.1007/978-3-030-90456-2_8">https://doi.org/10.1007/978-3-030-90456-2_8</a>.'
  ieee: 'J. F. Alwen <i>et al.</i>, “Grafting key trees: Efficient key management
    for overlapping groups,” in <i>19th International Conference</i>, Raleigh, NC,
    United States, 2021, vol. 13044, pp. 222–253.'
  ista: 'Alwen JF, Auerbach B, Baig MA, Cueto Noval M, Klein K, Pascual Perez G, Pietrzak
    KZ, Walter M. 2021. Grafting key trees: Efficient key management for overlapping
    groups. 19th International Conference. TCC: Theory of Cryptography, LNCS, vol.
    13044, 222–253.'
  mla: 'Alwen, Joel F., et al. “Grafting Key Trees: Efficient Key Management for Overlapping
    Groups.” <i>19th International Conference</i>, vol. 13044, Springer Nature, 2021,
    pp. 222–53, doi:<a href="https://doi.org/10.1007/978-3-030-90456-2_8">10.1007/978-3-030-90456-2_8</a>.'
  short: J.F. Alwen, B. Auerbach, M.A. Baig, M. Cueto Noval, K. Klein, G. Pascual
    Perez, K.Z. Pietrzak, M. Walter, in:, 19th International Conference, Springer
    Nature, 2021, pp. 222–253.
conference:
  end_date: 2021-11-11
  location: Raleigh, NC, United States
  name: 'TCC: Theory of Cryptography'
  start_date: 2021-11-08
date_created: 2021-12-05T23:01:42Z
date_published: 2021-11-04T00:00:00Z
date_updated: 2023-08-14T13:19:39Z
day: '04'
department:
- _id: KrPi
doi: 10.1007/978-3-030-90456-2_8
ec_funded: 1
external_id:
  isi:
  - '000728363700008'
intvolume: '     13044'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://eprint.iacr.org/2021/1158
month: '11'
oa: 1
oa_version: Preprint
page: 222-253
project:
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
  call_identifier: H2020
  grant_number: '682815'
  name: Teaching Old Crypto New Tricks
- _id: 2564DBCA-B435-11E9-9278-68D0E5697425
  call_identifier: H2020
  grant_number: '665385'
  name: International IST Doctoral Program
publication: 19th International Conference
publication_identifier:
  eisbn:
  - 978-3-030-90456-2
  eissn:
  - 1611-3349
  isbn:
  - 9-783-0309-0455-5
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
scopus_import: '1'
status: public
title: 'Grafting key trees: Efficient key management for overlapping groups'
type: conference
user_id: 4359f0d1-fa6c-11eb-b949-802e58b17ae8
volume: 13044
year: '2021'
...
---
_id: '10409'
abstract:
- lang: eng
  text: We show that Yao’s garbling scheme is adaptively indistinguishable for the
    class of Boolean circuits of size   S  and treewidth   w  with only a   SO(w)  loss
    in security. For instance, circuits with constant treewidth are as a result adaptively
    indistinguishable with only a polynomial loss. This (partially) complements a
    negative result of Applebaum et al. (Crypto 2013), which showed (assuming one-way
    functions) that Yao’s garbling scheme cannot be adaptively simulatable. As main
    technical contributions, we introduce a new pebble game that abstracts out our
    security reduction and then present a pebbling strategy for this game where the
    number of pebbles used is roughly   O(δwlog(S)) ,   δ  being the fan-out of the
    circuit. The design of the strategy relies on separators, a graph-theoretic notion
    with connections to circuit complexity.  with only a   SO(w)  loss in security.
    For instance, circuits with constant treewidth are as a result adaptively indistinguishable
    with only a polynomial loss. This (partially) complements a negative result of
    Applebaum et al. (Crypto 2013), which showed (assuming one-way functions) that
    Yao’s garbling scheme cannot be adaptively simulatable. As main technical contributions,
    we introduce a new pebble game that abstracts out our security reduction and then
    present a pebbling strategy for this game where the number of pebbles used is
    roughly   O(δwlog(S)) ,   δ  being the fan-out of the circuit. The design of the
    strategy relies on separators, a graph-theoretic notion with connections to circuit
    complexity.
acknowledgement: We are grateful to Daniel Wichs for helpful discussions on the landscape
  of adaptive security of Yao’s garbling. We would also like to thank Crypto 2021
  and TCC 2021 reviewers for their detailed review and suggestions, which helped improve
  presentation considerably.
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Chethan
  full_name: Kamath Hosdurg, Chethan
  id: 4BD3F30E-F248-11E8-B48F-1D18A9856A87
  last_name: Kamath Hosdurg
- first_name: Karen
  full_name: Klein, Karen
  id: 3E83A2F8-F248-11E8-B48F-1D18A9856A87
  last_name: Klein
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
citation:
  ama: 'Kamath Hosdurg C, Klein K, Pietrzak KZ. On treewidth, separators and Yao’s
    garbling. In: <i>19th International Conference</i>. Vol 13043. Springer Nature;
    2021:486-517. doi:<a href="https://doi.org/10.1007/978-3-030-90453-1_17">10.1007/978-3-030-90453-1_17</a>'
  apa: 'Kamath Hosdurg, C., Klein, K., &#38; Pietrzak, K. Z. (2021). On treewidth,
    separators and Yao’s garbling. In <i>19th International Conference</i> (Vol. 13043,
    pp. 486–517). Raleigh, NC, United States: Springer Nature. <a href="https://doi.org/10.1007/978-3-030-90453-1_17">https://doi.org/10.1007/978-3-030-90453-1_17</a>'
  chicago: Kamath Hosdurg, Chethan, Karen Klein, and Krzysztof Z Pietrzak. “On Treewidth,
    Separators and Yao’s Garbling.” In <i>19th International Conference</i>, 13043:486–517.
    Springer Nature, 2021. <a href="https://doi.org/10.1007/978-3-030-90453-1_17">https://doi.org/10.1007/978-3-030-90453-1_17</a>.
  ieee: C. Kamath Hosdurg, K. Klein, and K. Z. Pietrzak, “On treewidth, separators
    and Yao’s garbling,” in <i>19th International Conference</i>, Raleigh, NC, United
    States, 2021, vol. 13043, pp. 486–517.
  ista: 'Kamath Hosdurg C, Klein K, Pietrzak KZ. 2021. On treewidth, separators and
    Yao’s garbling. 19th International Conference. TCC: Theory of Cryptography, LNCS,
    vol. 13043, 486–517.'
  mla: Kamath Hosdurg, Chethan, et al. “On Treewidth, Separators and Yao’s Garbling.”
    <i>19th International Conference</i>, vol. 13043, Springer Nature, 2021, pp. 486–517,
    doi:<a href="https://doi.org/10.1007/978-3-030-90453-1_17">10.1007/978-3-030-90453-1_17</a>.
  short: C. Kamath Hosdurg, K. Klein, K.Z. Pietrzak, in:, 19th International Conference,
    Springer Nature, 2021, pp. 486–517.
conference:
  end_date: 2021-11-11
  location: Raleigh, NC, United States
  name: 'TCC: Theory of Cryptography'
  start_date: 2021-11-08
date_created: 2021-12-05T23:01:43Z
date_published: 2021-11-04T00:00:00Z
date_updated: 2023-08-17T06:21:38Z
day: '04'
department:
- _id: KrPi
doi: 10.1007/978-3-030-90453-1_17
ec_funded: 1
external_id:
  isi:
  - '000728364000017'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://eprint.iacr.org/2021/926
month: '11'
oa: 1
oa_version: Preprint
page: 486-517
project:
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
  call_identifier: H2020
  grant_number: '682815'
  name: Teaching Old Crypto New Tricks
publication: 19th International Conference
publication_identifier:
  eissn:
  - 1611-3349
  isbn:
  - 9-783-0309-0452-4
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
related_material:
  record:
  - id: '10044'
    relation: earlier_version
    status: public
scopus_import: '1'
status: public
title: On treewidth, separators and Yao’s garbling
type: conference
user_id: 4359f0d1-fa6c-11eb-b949-802e58b17ae8
volume: '13043 '
year: '2021'
...
---
_id: '10410'
abstract:
- lang: eng
  text: The security of cryptographic primitives and protocols against adversaries
    that are allowed to make adaptive choices (e.g., which parties to corrupt or which
    queries to make) is notoriously difficult to establish. A broad theoretical framework
    was introduced by Jafargholi et al. [Crypto’17] for this purpose. In this paper
    we initiate the study of lower bounds on loss in adaptive security for certain
    cryptographic protocols considered in the framework. We prove lower bounds that
    almost match the upper bounds (proven using the framework) for proxy re-encryption,
    prefix-constrained PRFs and generalized selective decryption, a security game
    that captures the security of certain group messaging and broadcast encryption
    schemes. Those primitives have in common that their security game involves an
    underlying graph that can be adaptively built by the adversary. Some of our lower
    bounds only apply to a restricted class of black-box reductions which we term
    “oblivious” (the existing upper bounds are of this restricted type), some apply
    to the broader but still restricted class of non-rewinding reductions, while our
    lower bound for proxy re-encryption applies to all black-box reductions. The fact
    that some of our lower bounds seem to crucially rely on obliviousness or at least
    a non-rewinding reduction hints to the exciting possibility that the existing
    upper bounds can be improved by using more sophisticated reductions. Our main
    conceptual contribution is a two-player multi-stage game called the Builder-Pebbler
    Game. We can translate bounds on the winning probabilities for various instantiations
    of this game into cryptographic lower bounds for the above-mentioned primitives
    using oracle separation techniques.
acknowledgement: C. Kamath—Supported by Azrieli International Postdoctoral Fellowship.
  Most of the work was done while the author was at Northeastern University and Charles
  University, funded by the IARPA grant IARPA/2019-19-020700009 and project PRIMUS/17/SCI/9,
  respectively. K. Klein—Supported in part by ERC CoG grant 724307. Most of the work
  was done while the author was at IST Austria funded by the European Research Council
  (ERC) under the European Union’s Horizon 2020 research and innovation programme
  (682815 - TOCNeT). K. Pietrzak—Funded by the European Research Council (ERC) under
  the European Union’s Horizon 2020 research and innovation programme (682815 - TOCNeT).
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Chethan
  full_name: Kamath Hosdurg, Chethan
  id: 4BD3F30E-F248-11E8-B48F-1D18A9856A87
  last_name: Kamath Hosdurg
- first_name: Karen
  full_name: Klein, Karen
  id: 3E83A2F8-F248-11E8-B48F-1D18A9856A87
  last_name: Klein
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
- first_name: Michael
  full_name: Walter, Michael
  id: 488F98B0-F248-11E8-B48F-1D18A9856A87
  last_name: Walter
  orcid: 0000-0003-3186-2482
citation:
  ama: 'Kamath Hosdurg C, Klein K, Pietrzak KZ, Walter M. The cost of adaptivity in
    security games on graphs. In: <i>19th International Conference</i>. Vol 13043.
    Springer Nature; 2021:550-581. doi:<a href="https://doi.org/10.1007/978-3-030-90453-1_19">10.1007/978-3-030-90453-1_19</a>'
  apa: 'Kamath Hosdurg, C., Klein, K., Pietrzak, K. Z., &#38; Walter, M. (2021). The
    cost of adaptivity in security games on graphs. In <i>19th International Conference</i>
    (Vol. 13043, pp. 550–581). Raleigh, NC, United States: Springer Nature. <a href="https://doi.org/10.1007/978-3-030-90453-1_19">https://doi.org/10.1007/978-3-030-90453-1_19</a>'
  chicago: Kamath Hosdurg, Chethan, Karen Klein, Krzysztof Z Pietrzak, and Michael
    Walter. “The Cost of Adaptivity in Security Games on Graphs.” In <i>19th International
    Conference</i>, 13043:550–81. Springer Nature, 2021. <a href="https://doi.org/10.1007/978-3-030-90453-1_19">https://doi.org/10.1007/978-3-030-90453-1_19</a>.
  ieee: C. Kamath Hosdurg, K. Klein, K. Z. Pietrzak, and M. Walter, “The cost of adaptivity
    in security games on graphs,” in <i>19th International Conference</i>, Raleigh,
    NC, United States, 2021, vol. 13043, pp. 550–581.
  ista: 'Kamath Hosdurg C, Klein K, Pietrzak KZ, Walter M. 2021. The cost of adaptivity
    in security games on graphs. 19th International Conference. TCC: Theory of Cryptography,
    LNCS, vol. 13043, 550–581.'
  mla: Kamath Hosdurg, Chethan, et al. “The Cost of Adaptivity in Security Games on
    Graphs.” <i>19th International Conference</i>, vol. 13043, Springer Nature, 2021,
    pp. 550–81, doi:<a href="https://doi.org/10.1007/978-3-030-90453-1_19">10.1007/978-3-030-90453-1_19</a>.
  short: C. Kamath Hosdurg, K. Klein, K.Z. Pietrzak, M. Walter, in:, 19th International
    Conference, Springer Nature, 2021, pp. 550–581.
conference:
  end_date: 2021-11-11
  location: Raleigh, NC, United States
  name: 'TCC: Theory of Cryptography'
  start_date: 2021-11-08
date_created: 2021-12-05T23:01:43Z
date_published: 2021-11-04T00:00:00Z
date_updated: 2023-10-17T09:24:07Z
day: '04'
department:
- _id: KrPi
doi: 10.1007/978-3-030-90453-1_19
ec_funded: 1
external_id:
  isi:
  - '000728364000019'
intvolume: '     13043'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://ia.cr/2021/059
month: '11'
oa: 1
oa_version: Preprint
page: 550-581
project:
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
  call_identifier: H2020
  grant_number: '682815'
  name: Teaching Old Crypto New Tricks
publication: 19th International Conference
publication_identifier:
  eissn:
  - 1611-3349
  isbn:
  - 9-783-0309-0452-4
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
related_material:
  record:
  - id: '10048'
    relation: earlier_version
    status: public
scopus_import: '1'
status: public
title: The cost of adaptivity in security games on graphs
type: conference
user_id: 4359f0d1-fa6c-11eb-b949-802e58b17ae8
volume: 13043
year: '2021'
...