Ronald L. Rivest’s research while affiliated with Distributed Artificial Intelligence Laboratory and other places

Persistent greenhouse gas (GHG) emissions threaten global climate goals and have prompted consideration of climate controls supplementary to emissions mitigation. We present MARGO, an idealized model of optimally-controlled climate change, which is complementary to both simpler conceptual models and more complicated Integrated Assessment Models. The four methods of controlling climate damage—mitigation, carbon dioxide removal (CDR), adaptation, and solar radiation modification (SRM)—are not interchangeable, as they enter at different stages of the causal chain that connects GHG emissions to climate damages. Early and aggressive mitigation is necessary to stabilize GHG concentrations below a tolerable level. While the most cost-beneficial and cost-effective pathways to reducing climate suffering include deployments of all four controls, the quantitative trade-offs between the different controls are sensitive to value-driven parameters and poorly-known future costs and damages. Static policy optimization assumes perfect foresight and obscures the active role decision-makers have in shaping a climate trajectory. We propose an explicit policy response process wherein climate control policies are re-adjusted over time in response to unanticipated outcomes. We illustrate this process in two ‘storyline’ scenarios: (a) near-term increases in mitigation and CDR are deficient, such that climate goals are expected to slip out of reach; (b) SRM is abruptly terminated after 40 years of successful deployment, causing an extremely rapid warming which is amplified by an excess of GHGs due to deterred mitigation. In both cases, an optimized policy response yields substantial benefits relative to continuing the original policy. The MARGO model is intentionally designed to be as simple, transparent, customizable, and accessible as possible, addressing concerns about previous climate-economic modelling approaches and enabling a more diverse set of stakeholders to engage with these essential and timely topics.

Voters are understandably concerned about election security. News reports of possible election interference by foreign powers, of unauthorized voting, of voter disenfranchisement, and of technological failures call into question the integrity of elections worldwide. This article examines the suggestions that “voting over the Internet” or “voting on the blockchain” would increase election security, and finds such claims to be wanting and misleading. While current election systems are far from perfect, Internet- and blockchain-based voting would greatly increase the risk of undetectable, nation-scale election failures. Online voting may seem appealing: voting from a computer or smartphone may seem convenient and accessible. However, studies have been inconclusive, showing that online voting may have little to no effect on turnout in practice, and it may even increase disenfranchisement. More importantly, given the current state of computer security, any turnout increase derived from Internet- or blockchain-based voting would come at the cost of losing meaningful assurance that votes have been counted as they were cast, and not undetectably altered or discarded. This state of affairs will continue as long as standard tactics such as malware, zero day, and denial-of-service attacks continue to be effective. This article analyzes and systematizes prior research on the security risks of online and electronic voting, and shows that not only do these risks persist in blockchain-based voting systems, but blockchains may introduce ‘additional’ problems for voting systems. Finally, we suggest questions for critically assessing security risks of new voting system proposals.

Throughout the course of the COVID-19 pandemic, several countries have developed and released contact tracing and exposure notification smartphone applications (apps) to help slow the spread of the disease. To support such apps, Apple and Google have released Exposure Notification Application Programming Interfaces (APIs) to infer device (user) proximity using Bluetooth Low Energy (BLE) beacons. The Private Automated Contact Tracing (PACT) team has shown that accurately estimating the distance between devices using only BLE radio signals is challenging. This paper describes the design and implementation of the SonicPACT protocol to use near-ultrasonic signals on commodity iOS and Android smartphones to estimate distances using time-of-flight measurements. The protocol allows Android and iOS devices to interoperate, augmenting and improving the current exposure notification APIs. Our initial experimental results are promising, suggesting that SonicPACT should be considered for implementation by Apple and Google.

Persistent greenhouse gas (GHG) emissions threaten global climate goals and have prompted consideration of climate controls supplementary to emissions mitigation. We present an idealized model of optimally-controlled climate change, which is complementary to simpler analytical models and more comprehensive Integrated Assessment Models. We show that the four methods of controlling climate damage– mitigation, carbon dioxide removal, adaptation, and solar radiation modification– are not interchangeable, as they enter at different stages of the causal chain that connects GHG emissions to climate damages. Early and aggressive mitigation is always necessary to stabilize GHG concentrations at a tolerable level. The most cost-effective way of keeping warming below 2 degrees Celsius is a combination of all four controls; omitting solar radiation modification– a particularly contentious climate control– increases net control costs by 31%. At low discount rates, near-term mitigation and carbon dioxide removal are used to permanently reduce the warming effect of GHGs. At high discount rates, however, GHGs concentrations increase rapidly and future generations are required to use solar radiation modification to offset a large greenhouse effect. We propose a policy response process wherein climate policy decision-makers re-adjust their policy prescriptions over time based on evolving climate outcomes and revised model assumptions. We demonstrate the utility of the process by applying it to three hypothetical scenarios in which model biases in 1) baseline emissions, 2) geoengineering (CDR and SRM) costs, and 3) climate feedbacks are revealed over time and control policies are re-adjusted accordingly.

We describe a very simple method for `consistent sampling' that allows for sampling with replacement. The method extends previous approaches to consistent sampling, which assign a pseudorandom real number to each element, and sample those with the smallest associated numbers. When sampling with replacement, our extension gives the item sampled a new, larger, associated pseudorandom number, and returns it to the pool of items being sampled.

We provide an overview of some of the security issues involved in securely implementing Lalley and Weyl’s “Quadratic Voting” (Lalley and Weyl, Quadratic voting, 2016), and suggest some possible implementation architectures. Our proposals blend end-to-end verifiable voting methods with anonymous payments. We also consider new refund rules for quadratic voting, such as a “lottery” method.

In this paper, we explore this trade-off and provide new upper and lower bounds for majority and leader election. First, we prove a unified lower bound, which relates the space available per node with the time complexity achievable by a protocol: for instance, our result implies that any protocol solving either of these tasks for n agents using O(log log n) states must take Ω(n/polylogn) expected time. This is the first result to characterize time complexity for protocols which employ super-constant number of states per node, and proves that fast, poly-logarithmic running times require protocols to have relatively large space costs.

In the "correlated sampling" problem, two players, say Alice and Bob, are given two distributions, say P and Q respectively, over the same universe and access to shared randomness. The two players are required to output two elements, without any interaction, sampled according to their respective distributions, while trying to minimize the probability that their outputs disagree. A well-known protocol due to Holenstein, with close variants (for similar problems) due to Broder, and to Kleinberg and Tardos, solves this task with disagreement probability at most $2 \delta/(1+\delta)$, where $\delta$ is the total variation distance between P and Q. This protocol has been used in several different contexts including sketching algorithms, approximation algorithms based on rounding linear programming relaxations, the study of parallel repetition and cryptography. In this note, we give a surprisingly simple proof that this protocol is in fact tight. Specifically, for every $\delta \in (0,1)$, we show that any correlated sampling scheme should have disagreement probability at least $2\delta/(1+\delta)$. This partially answers a recent question of Rivest. Our proof is based on studying a new problem we call "constrained agreement". Here, Alice is given a subset $A \subseteq [n]$ and is required to output an element $i \in A$, Bob is given a subset $B \subseteq [n]$ and is required to output an element $j \in B$, and the goal is to minimize the probability that $i \neq j$. We prove tight bounds on this question, which turn out to imply tight bounds for correlated sampling. Though we settle basic questions about the two problems, our formulation also leads to several questions that remain open.

This paper presents a new crypto scheme whose title promises it to be so boring that no-one will bother reading past the abstract. Because of this, the remainder of the paper is left blank.