Palo Alto Research Center

We study verifiable outsourcing of computation in a model where the verifier has black-box access to the function being computed. We introduce the problem of oracle-aided batch verification of computation (OBVC) for a function class \(\mathcal {F}\). This allows a verifier to efficiently verify the correctness of any \(f \in \mathcal {F}\) evaluated on a batch of n instances \(x_1, \ldots , x_n\), while only making \(\lambda \) calls to an oracle for f (along with \(O(n \lambda )\) calls to low-complexity helper oracles), for security parameter \(\lambda \). We obtain the following positive and negative results: We build OBVC protocols for the class of all functions that admit random-self-reductions. Some of our protocols rely on homomorphic encryption schemes. We show that there cannot exist OBVC schemes for the class of all functions mapping \(\lambda \)-bit inputs to \(\lambda \)-bit outputs, for any \(n = \textsf{poly} (\lambda )\).\(^{1}\)(\(^{1}\) The authors grant IACR a non-exclusive and irrevocable license to distribute the article under the https://creativecommons.org/licenses/by-nc/3.0/.)

As both notions employ the same key-evolution paradigm, Bellare et al. (CANS 2017) study combining forward security with leakage resilience. The idea is for forward security to serve as a hedge in case at some point the full key gets exposed from the leakage. In particular, Bellare et al. combine forward security with continual leakage resilience, dubbed FS+CL. Our first result improves on Bellare et al.’s FS+CL secure PKE scheme by building one from any continuous leakage-resilient binary-tree encryption (BTE) scheme; in contrast, Bellare et al. require extractable witness encryption. Our construction also preserves leakage rate of the underlying BTE scheme and hence, in combination with existing CL-secure BTE, yields the first FS+CL secure encryption scheme with optimal leakage rate from standard assumptions. We next explore combining forward security with other notions of leakage resilience. Indeed, as argued by Dziembowski et al. (CRYPTO 2011), it is desirable to have a deterministic key-update procedure, which FS+CL does not allow for arguably pathological reasons. To address this, we combine forward security with entropy-bounded leakage (FS+EBL). We construct FS+EBL non-interactive key exchange (NIKE) with deterministic key update based on indistinguishability obfuscation (\(i\mathcal {O}\)), and DDH or LWE. To make the public keys constant size, we rely on the Superfluous Padding Assumption (SuPA) of Brzuska and Mittelbach (ePrint 2015) without auxiliary information, making it more plausible. SuPA notwithstanding, the scheme is also the first FS-secure NIKE from \(i\mathcal {O}\) rather than multilinear maps. We advocate a future research agenda that uses FS+EBL as a hedge for FS+CL, whereby a scheme achieves the latter if key-update randomness is good and the former if not.

Background: The selection of liver transplant (LT) candidates with alcohol-related liver disease (ALD) is influenced by the risk of alcohol relapse (AR), yet the ability to predict AR is limited. We evaluate psychosocial factors associated with post-LT AR and compare the performance of high-risk alcoholism risk (HRAR), sustained alcohol use post-LT (SALT), and the Stanford Integrated Psychosocial Assessment for Transplantation (SIPAT) scores in predicting relapse. Methods: A retrospective analysis of ALD patients undergoing LT from 2015 to 2021 at a single US transplant center was performed. Risk factors associated with post-LT AR were evaluated and test characteristics of 3 prediction models were compared. Results: Of 219 ALD LT recipients, 23 (11%) had AR during a median study follow-up of 37.5 mo. On multivariate analysis, comorbid psychiatric illness (odds ratio 5.22) and continued alcohol use after advice from a health care provider (odds ratio 3.8) were found to be significantly associated with post-LT AR. On sensitivity analysis, SIPAT of 30 was optimal on discriminating between ALD LT recipients with and without post-LT AR. SIPAT outperformed both the HRAR and SALT scores (c-statistic 0.67 versus 0.59 and 0.62, respectively) in identifying post-LT AR. However, all scores had poor positive predictive value (<25%). Conclusions: AR after LT is associated with comorbid psychiatric illness and lack of heeding health care provider advice to abstain from alcohol. Although SIPAT outperformed the HRAR and SALT scores in predicting AR, all are poor predictors. The current tools to predict post-LT AR should not be used to exclude LT candidacy.

Deep neural networks (DNNs) are currently the dominant technology in artificial intelligence (AI) and have shown impressive performance in diverse applications including autonomous driving [9], medical diagnosis [2], and text generation [10].