We will review some of the major results in random graphs and some of the more challenging open problems. We will cover algorithmic and structural questions. We will touch on newer models, including those related to the WWW.

Random graphs

In this paper, we define and explore proofs of retrievability (PORs). A POR scheme enables an archive or back-up service (prover) to produce a concise proof that a user (verifier) can retrieve a target file F, that is, that the archive retains and reliably transmits file data sufficient for the user to recover F in its entirety.A POR may be viewed as a kind of cryptographic proof of knowledge (POK), but one specially designed to handle a large file (or bitstring) F. We explore POR protocols here in which the communication costs, number of memory accesses for the prover, and storage requirements of the user (verifier) are small parameters essentially independent of the length of F. In addition to proposing new, practical POR constructions, we explore implementation considerations and optimizations that bear on previously explored, related schemes.In a POR, unlike a POK, neither the prover nor the verifier need actually have knowledge of F. PORs give rise to a new and unusual security definition whose formulation is another contribution of our work.We view PORs as an important tool for semi-trusted online archives. Existing cryptographic techniques help users ensure the privacy and integrity of files they retrieve. It is also natural, however, for users to want to verify that archives do not delete or modify files prior to retrieval. The goal of a POR is to accomplish these checks without users having to download the files themselves. A POR can also provide quality-of-service guarantees, i.e., show that a file is retrievable within a certain time bound.

PORs: Proofs of Retrievability for Large Files

Computer algebra systems are now ubiquitous in all areas of science and engineering. This highly successful textbook, widely regarded as the “bible of computer algebra”, gives a thorough introduction to the algorithmic basis of the mathematical engine in computer algebra systems. Designed to accompany oneor two-semester courses for advanced undergraduate or graduate students in computer science or mathematics, its comprehensiveness and reliability has also made it an essential reference for professionals in the area. Special features include: detailed study of algorithms including time analysis; implementation reports on several topics; complete proofs of the mathematical underpinnings; and a wide variety of applications (among others, in chemistry, coding theory, cryptography, computational logic, and the design of calendars and musical scales). A great deal of historical information and illustration enlivens the text. In this third edition, errors have been corrected and much of the Fast Euclidean Algorithm chapter has been renovated.

Modern computer algebra

As computer networks increase in size, become more heterogeneous and span greater geographic distances, applications must be designed to cope with the very large scale, poor reliability, and often, with the extreme dynamism of the underlying network. Aggregation is a key functional building block for such applications: it refers to a set of functions that provide components of a distributed system access to global information including network size, average load, average uptime, location and description of hotspots, and so on. Local access to global information is often very useful, if not indispensable for building applications that are robust and adaptive. For example, in an industrial control application, some aggregate value reaching a threshold may trigger the execution of certain actions; a distributed storage system will want to know the total available free space; load-balancing protocols may benefit from knowing the target average load so as to minimize the load they transfer. We propose a gossip-based protocol for computing aggregate values over network components in a fully decentralized fashion. The class of aggregate functions we can compute is very broad and includes many useful special cases such as counting, averages, sums, products, and extremal values. The protocol is suitable for extremely large and highly dynamic systems due to its proactive structure---all nodes receive the aggregate value continuously, thus being able to track any changes in the system. The protocol is also extremely lightweight, making it suitable for many distributed applications including peer-to-peer and grid computing systems. We demonstrate the efficiency and robustness of our gossip-based protocol both theoretically and experimentally under a variety of scenarios including node and communication failures.

/pdf/gossip-based-aggregation-in-large-dynamic-networks-3mq5x5iame.pdf

Gossip-based aggregation in large dynamic networks

An important open problem in the area of Traitor Tracing is designing a scheme with constant expansion of the size of keys (users' keys and the encryption key) and of the size of ciphertexts with respect to the size of the plaintext. This problem is known from the introduction of Traitor Tracing by Chor, Fiat and Naor. We refer to such schemes as traitor tracing with constant transmission rate. Here we present a general methodology and two protocol constructions that result in the first two public-key traitor tracing schemes with constant transmission rate in settings where plaintexts can be calibrated to be sufficiently large. Our starting point is the notion of copyrighted function which was presented by Naccache, Shamir and Stern. We first solve the open problem of discrete-log-based and public-key-based copyrighted function. Then, we observe the simple yet crucial relation between (public-key) copyrighted encryption and (public-key) traitor tracing, which we exploit by introducing a generic design paradigm for designing constant transmission rate traitor tracing schemes based on copyrighted encryption functions. Our first scheme achieves the same expansion efficiency as regular ElGamal encryption. The second scheme introduces only a slightly larger (constant) overhead, however, it additionally achieves efficient black-box traitor tracing (against any pirate construction).

Traitor Tracing with constant transmission rate

We present energy efficient algorithms for leader election in single channel single-hop radio networks with no collision detection. We present a deterministic solution with sublogarithmic energy cost (the best previous result was O(log n)) and show a double logarithmic lower bound. We prove that this lower bound holds in a randomized case, in a certain sense.For the case, when the number n of active stations can be approximated in advance, we show a randomized algorithm with energy consumption O(log* n) that yields a result with high probability (the best previous result was O(log log n)).

Efficient algorithms for leader election in radio networks

Algorithms for radio networks are studied in two scenarios: (a) the number of active stations is known (or approximately known) (b) the number of active stations is unknown. In the second (more realistic) case it is much harder to design efficient algorithms. For this reason, we design an efficient randomized algorithm for a single-hop radio network that approximately counts the number of its active stations. With probability higher than 1 - 1/n, this approximation is within a constant factor, the algorithm runs in poly-logarithmic time and its energy cost is o(log log n). This improves the previous O(log n) bound for energy. In particular, our algorithm can be applied to improve energy cost of known leader election and initialization protocols (without loss of time efficiency).

Energy-Efficient Size Approximation of Radio Networks with No Collision Detection

A party using encrypted communication or storing data in an encrypted form might be forced to show the corresponding plaintext. It may happen for law enforcement reasons as well as for evil purposes. Deniable encryption scheme introduced by Canetti et al. shows that cryptography can be used against revealing information: the owner of the data may decrypt it in an alternative way to a harmless plaintext. Moreover, it is impossible to check if there is another hidden plaintext.

The scheme of Canetti is inefficient in the sense that it is a special purpose scheme and using it indicates that there is some hidden message inside. We show that deniable encryption can be implemented in a different way so that it does not point to exploiting deniable encryption. Moreover, it is quite straightforward, so it can be used for both good and evil purposes.

Apart from that we show that even the special purpose original scheme can be extended to allow, in some circumstances, any "depth" of deniability.

/pdf/practical-deniable-encryption-4mlofsx1cd.pdf

Practical deniable encryption

Let /? be a real number > 1. Addition and multiplication by a fixed positive integer of real numbers represented in bsise /3 cire shown to be computable by an on-line algorithm, and thus are continuous functions. When /? is a Pisot number, these functions cire computable by an on-line finite automaton.

Mathematical Foundations of Computer Science 1999

We analyze various stochastic processes for generating permutations almost uniformlv at random in distributed and parallel systems. All our protocols are simple, elegant and epling, and for the third one we prove the existence of a non-Markovian coupling. To the best of our knowledge, these are the first non-trivial applications of non-Markovian coupling for proving rapid m&g of Markov chains. We annlv our analvsis in diverse areas. We develon a simple permutation network of a polylogarithmic depth generating permutations with almost uniform distribution. A simple EREW PRAM algorithm generating random permutations in time O(log log n) with O(nlog’(r) n) processors follows. We improve technique of cryptographic defense against traffic analysis by showing that the underlying stochastic urocess converees in time Oflonnl finstead of ~olvlogarith-mic time) and <hereby dram&i&lly reduce the she bf a security parameter. Other applications include load sharing in distributed systems, design of fault resistant systems, and parallel algorithms generating random permutations for models with restricted concurrent writes/reads.

/pdf/delayed-path-coupling-and-generating-random-permutations-via-4mer4rr10k.pdf

Mirosław Kutyłowski

Papers

Efficient algorithms for leader election in radio networks

Energy-Efficient Size Approximation of Radio Networks with No Collision Detection

Practical deniable encryption

Mathematical Foundations of Computer Science 1999

Delayed path coupling and generating random permutations via distributed stochastic processes