AI Face Kiss Video

AI Face Kiss Video — independent reviews, comparisons, pricing and step-by-step guides on Aizhi.

Cloud-based design and manufacturing

Cloud-based design and manufacturing (CBDM) refers to a service-oriented networked product development model in which service consumers are able to configure products or services and reconfigure manufacturing systems through Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Hardware-as-a-Service (HaaS), and Software-as-a-Service (SaaS). Adapted from the original cloud computing paradigm and introduced into the realm of computer-aided product development, Cloud-Based Design and Manufacturing is gaining significant momentum and attention from both academia and industry. Cloud-based design and manufacturing includes two aspects: cloud-based design and cloud-based manufacturing. Another related concept is cloud manufacturing that is more general and popular. Cloud-Based Design (CBD) refers to a networked design model that leverages cloud computing, service-oriented architecture (SOA), Web 2.0 (e.g., social network sites), and semantic web technologies to support cloud-based engineering design services in distributed and collaborative environments. Cloud-Based Manufacturing (CBM) refers to a networked manufacturing model that exploits on-demand access to a shared collection of diversified and distributed manufacturing resources to form temporary, reconfigurable production lines which enhance efficiency, reduce product lifecycle costs, and allow for optimal resource allocation in response to variable-demand customer generated tasking. The enabling technologies for Cloud-Based Design and Manufacturing include cloud computing, Web 2.0, Internet of Things (IoT), and service-oriented architecture (SOA). == History == The term cloud-based design and manufacturing (CBDM) was initially coined by Dazhong Wu, David Rosen, and Dirk Schaefer at Georgia Tech in 2012 for the purpose of articulating a new paradigm for digital manufacturing and design innovation in distributed and collaborative settings. The main objective of CBDM is to further reduce time and cost associated with maintaining information and communication technology (ICT) infrastructures for design and manufacturing, enhancing digital manufacturing and design innovation in distributed and collaborative environments, and adapting to rapidly changing market demands. In 2014, the same research group also published the worldwide first two books on the subjects of Cloud-Based Design and Manufacturing (CBDM) and Social Product Development (SPD) with Springer, edited by Dirk Schaefer. == Characteristics == CBDM exhibits the following key characteristics: Cloud-based distributed file system High performance computing Cloud-based social collaboration Ubiquitous access to distributed big data Rapid manufacturing scalability Agility On-demand self-service Semantic Web Real-time request for quotation Pay-per-use pricing model Multi-tenancy CBDM differs from traditional collaborative and distributed design and manufacturing systems such as web-based systems and agent-based systems from a number of perspectives, including (1) computing architecture, (2) data storage, (3) sourcing process, (4) information and communication technology infrastructure, (5) business model, (6) programming model, and (7) communication. == Service models == Infrastructure as a service (IaaS) Platform as a service (PaaS) Hardware as a service (HaaS) Software as a service (SaaS) Similar to cloud computing, CBDM services can be categorized into four major deployment models: the public cloud, private cloud, hybrid cloud, and community cloud. == Research progress in Academia == The Defense Advanced Research Projects Agency (DARPA) MENTOR program Engineering and Physical Sciences Research Council cloud manufacturing program European Commission's Seventh Framework Program (EC FP7)
Read more →
Talim (textiles)

Talim (Kashmiri: تعليم, Kashmiri pronunciation: [t̪əːliːm], Urdu: تَعْلِیم, Arabic: تعليم, pronounced [taʕ.liːm] ) in textiles is a symbolic code and system of notation that facilitates the creation of intricate patterns in fabrics, such as shawls and carpets, and the written coded plans that include colour schemes and weaving instructions. The term is used in traditional hand-weaving in the Indian subcontinent. Talim was initially used to create certain types of patterns in Kashmiri shawls, and later came to be applied in the production of carpets. == Etymology and origin == The term talim, which refers to a symbolic code and system of notation used by shawl and carpet artisans in their weaving processes, came to the Urdu language from the Arabic noun taʻlim (تعليم), which means "authoritative instruction", "teaching", or "edification". It means the same in Urdu and Kashmiri. The Arabic noun originated from the second form of the Arabic root verb ʻalima (علم), which means "to know". According to a local belief in Kashmir, talim was introduced to them by Persian scholar and Sufi Muslim saint Mir Sayyid Ali Hamadani. The belief notwithstanding, talim might have originated from Kashmir; Amritsar was the only place outside of Srinagar where talim was used, by migrated Kashmiri artisans. == Technique == Whereas carpets are generally woven horizontally, providing weavers with a clear view of the progress they are making in creating designs, in Kashmir, carpets are woven vertically, so the weaver is reliant on the talim. The talim technique forms fabrics by passing the weft thread as per a given script that has design codes. Weavers use talim to weave the desired pattern with planned colours. Talim involves teamwork when applying the technique, as the process of creating intricate fabric designs in weaving begins with the Naqash (designer, who designs using pencils on graphs) meticulously crafting the design on a blank sheet of paper called a naska, and the master, Talim guru, making the colour codes and symbols for weft yarns that would interlace the warp to construct the desired design. He writes on a long strip of paper, in specific symbols, the colour codes, and the number of knots to be woven with each colour. Taraha guru collaborates with talim guru and is known as the artisan responsible for determining the colours. Talim uthana is a process or the act of "picking the codes" from the graph. A clerk called the Talim Navis would record the step-by-step instructions for these numbers and colours, and thousands of low-paid and interchangeable weavers would read or recite the record to carry out the design. Afterward, a talim copyist makes copies, which are needed when multiple looms weave the same product. The script, which has been encoded, is deciphered and translated according to the specific guidelines of weavers in order to incorporate the design that is included within it. Talim has been compared to "hieroglyphics" or as a "notational-cum-cryptographic system", as it is challenging to decipher and is unique to the shawls of Kashmir, which requires expertise to comprehend. According to researcher Gagan Deep Kaur, "The talim is widely held to be a trade secret of the community and has always been fiercely guarded by the owners." Those who use talim for shawl-making do not assign important tasks to women, because of the fear that the technique and knowledge may be divulged to other communities when the women are sent there to be married. The coded cards known as talim in the Kashmiri language were used for creating certain types of patterns in shawl weaving. The talim technique is employed in the creation of kani shawls, which originated from the Kanihama region of the Kashmir valley. Carpet weaving adapted the technique from shawl making. When Kashmiri artisans started to create carpets, they chose to continue using the talim rather than switching to a different method. The resurgence of the carpet industry in Amritsar during the last century resulted in the prevalent use of the talim technique among the local weavers, a majority of whom hailed from the region of Kashmir. === Recitation of codes === Talim was also communicated through recitation accompanied by a melodic chant or song. In traditional weaving practices, the use of chanting was common. The movement of the shuttles was synchronised with the song of the weaver, adding a musical rhythm to the instructions represented through hieroglyphics. The weaver's chant, "Two blue, one red, three yellow, two blue," served as a guide as they wove and replicated the designated pattern. == Usage == The first factories established in Amritsar around 1860 utilised Bokhara designs. However, Kashmiri weavers maintained their traditional techniques and employed the talim, instead of a cartoon, for tying knots. As a result, Amritsar became the second location in the Indian subcontinent to use the talim. The traditional weaving practices are still carried out in some parts of the Indian subcontinent. The exact date when talim was last used in the subcontinent varies depending on the region and the specific weaving community. Indian textile historian Jasleen Dhamija wrote in her 1989 book Handwoven Fabrics of India that there were still some weavers in the Kashmiri village of Kanihama who applied talim in weaving shawls. As of 2022, the carpet weavers in Kashmir were the only remaining users of talim in carpets, according to Zubair Ahmed, director of the Indian Institute of Carpet Technology. The institute aims to preserve traditional Kashmiri carpet designs by digitising talim and training weavers in the technique. == Gallery ==
Read more →
BREACH

BREACH (a backronym: Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) is a security vulnerability against HTTPS when using HTTP compression. BREACH is built based on the CRIME security exploit. BREACH was announced at the August 2013 Black Hat USA conference by security researchers Angelo Prado, Neal Harris and Yoel Gluck. == Details == While the CRIME attack was presented as a general attack that could work effectively against a large number of protocols, only exploits against SPDY request compression and TLS compression were demonstrated and largely mitigated in browsers and servers. The CRIME exploits against HTTP compression has not been mitigated at all, even though the authors of CRIME have warned that this vulnerability might be even more widespread than SPDY and TLS compression combined. BREACH is an instance of the CRIME attack against HTTP compression—the use of gzip or DEFLATE data compression algorithms via the content-encoding option within HTTP by many web browsers and servers. Given this compression oracle, the rest of the BREACH attack follows the same general lines as the CRIME exploit, by performing an initial blind brute-force search to guess a few bytes, followed by divide-and-conquer search to expand a correct guess to an arbitrarily large amount of content. == Mitigation == BREACH exploits the compression in the underlying HTTP protocol. Therefore, turning off TLS compression makes no difference to BREACH, which can still perform a chosen-plaintext attack against the HTTP payload. As a result, clients and servers are either forced to disable HTTP compression completely (thus reducing performance), or to adopt workarounds to try to foil BREACH in individual attack scenarios, such as using cross-site request forgery (CSRF) protection. Another suggested approach is to disable HTTP compression whenever the referrer header indicates a cross-site request, or when the header is not present. This approach allows effective mitigation of the attack without losing functionality, only incurring a performance penalty on affected requests. Another approach is to add padding at the TLS, HTTP header, or payload level. Around 2013–2014, there was an IETF draft proposal for a TLS extension for length-hiding padding that, in theory, could be used as a mitigation against this attack. It allows the actual length of the TLS payload to be disguised by the insertion of padding to round it up to a fixed set of lengths, or to randomize the external length, thereby decreasing the likelihood of detecting small changes in compression ratio that is the basis for the BREACH attack. However, this draft has since expired without further action. A very effective mitigation is HTB (Heal-the-BREACH) that adds random-sized padding to compressed data, providing some variance in the size of the output contents. This randomness delays BREACH from guessing the correct characters in the secret token by a factor of 500 (10-byte max) to 500,000 (100-byte max). HTB protects all websites and pages in the server with minimal CPU usage and minimal bandwidth increase.
Read more →
Sex differences in social media use

Men and women use social media in different ways and with different frequencies. In general, several researchers have found that women tend to use social network services (SNSs) more than men and primiarly to socialize. == Differences == === Predilection for usage === Many studies have found that women are more likely to use either specific SNSs such as Facebook or MySpace or SNSs in general. In 2015, 73% of online men and 80% of online women used social networking sites. The gap in gender differences has become less apparent in LinkedIn. In 2015 about 26 percent of online men and 25% of online women used the business-and employee-oriented networking site. Researchers who have examined the gender of users of multiple SNSs have found contradictory results. Hargittai's groundbreaking 2007 study examining race, gender, and other differences between undergraduate college student users of SNSs found that women were not only more likely to have used SNSes than men but that they were also more likely to have used many different services, including Facebook, MySpace, and Friendster; these differences persisted in several models and analyses. Although she only surveyed students at one institution – the University of Illinois at Chicago – Hargittai selected that institution intentionally as "an ideal location for studies of how different kinds of people use online sites and services." In contrast, data collected by the Pew Internet & American Life Project found that men were more likely to have multiple SNS profiles. Although the sample sizes of the two surveys are comparable – 1,650 Internet users in the Pew survey compared with 1,060 in Hargittai's survey – the data from the Pew survey are newer and arguably more representative of the entire adult United States population. Pinterest, Facebook, and Instagram attract more females. Picture sharing sites overall are very popular among women. Pinterest alone attracts three times as many female users than male. However, use of Pinterest by men has increased from 5% in 2012. Facebook attracts about 77% of women online. Instagram is also more likely to attract women. Men are more likely to participate in online forums like Reddit, Digg or Slashdot. One in five men claim to be a part of an online forum. === Uses === In general, women seem to use SNSs more to explicitly foster social connections. A study conducted by Pew research centers found that women were more avid users of social media. In November 2010, the gap between men and women was as high as 15%. Female participants in a multi-stage study conducted in 2007 to discover the motivations of Facebook users scored higher on scales for social connection and posting of photographs. Studies have also been conducted on the differences between females and males with regards to blogging. The Pew Research Center found that younger females are more likely to blog than males their own age, even males that are older than them. Similarly, in a study of blogs maintained in MySpace, women were found to be more likely to not only write blogs but also write about family, romantic relationships, friendships, and health in those blogs. A study of Swedish SNS users found that women were more likely to have expressions of friendship, specifically in the areas of (a) publishing photos of their friends, (b) specifically naming their best friends, and (c) writing poems to and about their friends. Women were also more likely to have expressions related to family relationships and romantic relationships. One of the key findings of this research is that those men who do have expressions of romantic relationships in their profile had expressions just as strong as the women. However, the researcher speculated that this may be in part due to a desire to publicly express heterosexual behaviors and mannerisms instead of merely expressing romantic feelings. A large-scale study of gender differences in MySpace found that both men and women tended to have a majority of female Friends, and both men and women tended to have a majority of female "Top" Friends in the site. A later study found women to author disproportionately many (public) comments in MySpace, but an investigation into the role of emotion in public MySpace comments found that women both give and receive stronger positive emotion. It was hypothesised that women are simply more effective at using social networking sites because they are better able to harness positive emotion. A study focused on the influence of gender and personality on individuals' use of online social networking websites such as Facebook, reported that men use social networking sites with the intention of forming new relationships, whereas, women use them more for relationship maintenance. In addition to this, women are more likely to use Facebook or MySpace to compare themselves to others and also to search for information. Men, however, are more likely to look at other people's profiles with in the intention to find friends. Women were less successful at actually finding new friends, but more successful at "maintaining existing relationships, making new relationships, using for academic purposes and following specific agenda". Similarly, men also self-reported this motivation "while women reported using them more for relationship maintenance". === Personality === OCEAN personality traits are known to systematically vary between human males and females. In one study, the same women were more extraverted and agreeable, such as less neurotic while on social media than offline. Other studies associated neuroticism with female use of social media. === Privacy === Privacy has been the primary topic of many studies of SNS users, and many of these studies have found differences between male and female SNS users, although some studies have found results contradictory to those found in other studies. Some researchers have found that women are more protective of their personal information and more likely to have private profiles. Other researchers have found that women are less likely to post some types of information. Acquisti and Gross found that women in their sample were less likely to reveal their sexual orientation, personal address, or cell phone number. This is similar to Pew Internet & American Life research of children users of SNSs that found that boys and girls presented different views of privacy and behaviors, with girls being more concerned about and restrictive of information such as city, town, last name, and cell phone number that could be used to locate them. At least one group of researchers has found that women are less likely to share information that "identifies them directly – last name, cell phone number, and address or home phone number," linking that resistance to women's greater concerns about "cyberstalking", "cyberbullying", and security problems. Despite these concerns about privacy, researchers have found that women are more likely to maintain up-to-date photos of themselves. Further, Kolek and Saunders found in their sample of college student Facebook users that women were more likely to not only post a photograph of themselves in their profile but that they were more likely to have a publicly viewable Facebook account (a contradictory finding compared to many other studies), post photos, and post photo albums. Women were more likely to have: (a) a publicly viewable Facebook account, (b) more photo albums, (c) more photos, (d) a photo of themselves as their profile picture, (e) positive references to alcohol, partying, or drugs, and (f) more positive references to or about the institution or institution-related activities. In general, women were more likely to disclose information about themselves in their Facebook profile, with the primary exception of sharing their telephone number. Similarly, female respondents to Strano's study were more likely to keep their profile photo recent and choose a photo that made them appear attractive, happy, and fun-loving. Citing several examples, Strano opined that there may also be a difference in how men and women Facebook users display and interpret profile photos depicting relationships. Privacy has also been a concern for the SnapChat app, which allows you to send messages either text or photo or video which then disappear. One study has shown that security is not a major concern for the majority of users and that most do not use Snapchat to send sensitive content (although up to 25% may do so experimentally). As part of their research almost no statistically significant gender differences were found. === Cyberbullying === Past research carried out to investigate if there are any gender differences in cyber-bullying has found that boys commit more cyber verbal bullying, cyber forgery and more violence based on hidden identity or presenting themselves as other person. === Mansplaining === A 2021 article found that mansplaining could be seen more prominent online rather than offl
Read more →
Voice activity detection

Voice activity detection (VAD), also known as speech activity detection or speech detection, is the detection of the presence or absence of human speech, used in speech processing. The main uses of VAD are in speaker diarization, speech coding and speech recognition. It can facilitate speech processing, and can also be used to deactivate some processes during non-speech section of an audio session: it can avoid unnecessary coding/transmission of silence packets in Voice over Internet Protocol (VoIP) applications, saving on computation and on network bandwidth. VAD is an important enabling technology for a variety of speech-based applications. Therefore, various VAD algorithms have been developed that provide varying features and compromises between latency, sensitivity, accuracy and computational cost. Some VAD algorithms also provide further analysis, for example whether the speech is voiced, unvoiced or sustained. Voice activity detection is usually independent of language. It was first investigated for use on time-assignment speech interpolation (TASI) systems. == Algorithm overview == The typical design of a VAD algorithm is as follows: There may first be a noise reduction stage, e.g. via spectral subtraction. Then some features or quantities are calculated from a section of the input signal. A classification rule is applied to classify the section as speech or non-speech – often this classification rule finds when a value exceeds a certain threshold. There may be some feedback in this sequence, in which the VAD decision is used to improve the noise estimate in the noise reduction stage, or to adaptively vary the threshold(s). These feedback operations improve the VAD performance in non-stationary noise (i.e. when the noise varies a lot). A representative set of recently published VAD methods formulates the decision rule on a frame by frame basis using instantaneous measures of the divergence distance between speech and noise. The different measures which are used in VAD methods include spectral slope, correlation coefficients, log likelihood ratio, cepstral, weighted cepstral, and modified distance measures. Independently from the choice of VAD algorithm, a compromise must be made between having voice detected as noise, or noise detected as voice (between false positive and false negative). A VAD operating in a mobile phone must be able to detect speech in the presence of a range of very diverse types of acoustic background noise. In these difficult detection conditions it is often preferable that a VAD should fail-safe, indicating speech detected when the decision is in doubt, to lower the chance of losing speech segments. The biggest difficulty in the detection of speech in this environment is the very low signal-to-noise ratios (SNRs) that are encountered. It may be impossible to distinguish between speech and noise using simple level detection techniques when parts of the speech utterance are buried below the noise. == Applications == VAD is an integral part of different speech communication systems such as audio conferencing, echo cancellation, speech recognition, speech encoding, speaker recognition and hands-free telephony. In the field of multimedia applications, VAD allows simultaneous voice and data applications. Similarly, in Universal Mobile Telecommunications Systems (UMTS), it controls and reduces the average bit rate and enhances overall coding quality of speech. In cellular radio systems (for instance GSM and CDMA systems) based on Discontinuous Transmission (DTX) mode, VAD is essential for enhancing system capacity by reducing co-channel interference and power consumption in portable digital devices. In speech processing applications, voice activity detection plays an important role since non-speech frames are often discarded. For a wide range of applications such as digital mobile radio, Digital Simultaneous Voice and Data (DSVD) or speech storage, it is desirable to provide a discontinuous transmission of speech-coding parameters. Advantages can include lower average power consumption in mobile handsets, higher average bit rate for simultaneous services like data transmission, or a higher capacity on storage chips. However, the improvement depends mainly on the percentage of pauses during speech and the reliability of the VAD used to detect these intervals. On the one hand, it is advantageous to have a low percentage of speech activity. On the other hand, clipping, that is the loss of milliseconds of active speech, should be minimized to preserve quality. This is the crucial problem for a VAD algorithm under heavy noise conditions. === Use in telemarketing === One controversial application of VAD is in conjunction with predictive dialers used by telemarketing firms. In order to maximize agent productivity, telemarketing firms set up predictive dialers to call more numbers than they have agents available, knowing most calls will end up in either "Ring – No Answer" or answering machines. When a person answers, they typically speak briefly ("Hello", "Good evening", etc.) and then there is a brief period of silence. Answering machine messages are usually 3–15 seconds of continuous speech. By setting VAD parameters correctly, dialers can determine whether a person or a machine answered the call and, if it's a person, transfer the call to an available agent. If it detects an answering machine message, the dialer hangs up. Often, even when the system correctly detects a person answering the call, no agent may be available, resulting in a "silent call". Call screening with a multi-second message like "please say who you are, and I may pick up the phone" will frustrate such automated calls. == Performance evaluation == To evaluate a VAD, its output using test recordings is compared with those of an "ideal" VAD – created by hand-annotating the presence or absence of voice in the recordings. The performance of a VAD is commonly evaluated on the basis of the following four parameters: FEC (Front End Clipping): clipping introduced in passing from noise to speech activity; MSC (Mid Speech Clipping): clipping due to speech misclassified as noise; OVER: noise interpreted as speech due to the VAD flag remaining active in passing from speech activity to noise; NDS (Noise Detected as Speech): noise interpreted as speech within a silence period. Although the method described above provides useful objective information concerning the performance of a VAD, it is only an approximate measure of the subjective effect. For example, the effects of speech signal clipping can at times be hidden by the presence of background noise, depending on the model chosen for the comfort noise synthesis, so some of the clipping measured with objective tests is in reality not audible. It is therefore important to carry out subjective tests on VADs, the main aim of which is to ensure that the clipping perceived is acceptable. In VoIP applications, front-end clipping can be reduced by rewinding to shortly before the detection and sending very slightly delayed data. This kind of test requires a certain number of listeners to judge recordings containing the processing results of the VADs being tested, giving marks to several speech sequences on the following features: Quality; Comprehension difficulty; Audibility of clipping. These marks are then used to calculate average results for each of the features listed above, thus providing a global estimate of the behavior of the VAD being tested. To conclude, whereas objective methods are very useful in an initial stage to evaluate the quality of a VAD, subjective methods are more significant. As they require the participation of several people for a few days, increasing cost, they are generally only used when a proposal is about to be standardized. == Implementations == One early standard VAD is that developed by British Telecom for use in the Pan-European digital cellular mobile telephone service in 1991. It uses inverse filtering trained on non-speech segments to filter out background noise, so that it can then more reliably use a simple power-threshold to decide if a voice is present. The G.729 standard calculates the following features for its VAD: line spectral frequencies, full-band energy, low-band energy (<1 kHz), and zero-crossing rate. It applies a simple classification using a fixed decision boundary in the space defined by these features, and then applies smoothing and adaptive correction to improve the estimate. The GSM standard includes two VAD options developed by ETSI. Option 1 computes the SNR in nine bands and applies a threshold to these values. Option 2 calculates different parameters: channel power, voice metrics, and noise power. It then thresholds the voice metrics using a threshold that varies according to the estimated SNR. The Speex audio compression library uses a procedure named Improved Minima Controlled Recursive Averaging, which uses a smoothed representation of spectral pow
Read more →
Brooklyn Bridge (software)

The Brooklyn Bridge from White Crane Systems was a data transfer enabler. Although it came with some hardware, it was the software which was the basis of the product. It also could transform the data's format. == Overview == The New York Times described its category as being among "communications packages used to transfer files." In an era of 300 baud, Brooklyn Bridge operated at "115,200 baud" so that a transfer which "at 300 baud took 4 minutes and 36 seconds" only needed 5 seconds. Unlike some communications packages, this one retains the original version-date, so as not to alarm people when they seem to have what looks like an update, when it's not. == Description == Once the software is installed, users comfortable with typing the word "COPY" can do so as readily as they sneakernet. An earlier review described it as "less cumbersome than conventional communications software" The use of neither specialized hardware nor specialized software is ideal in an era when this can be done using online or other "outside" services.
Read more →
Cambridge Analytica

Cambridge Analytica Ltd. (CA), previously known as SCL USA, was a British political consulting firm that came to prominence through the Facebook–Cambridge Analytica data scandal. It was founded in 2013, as a subsidiary of the private intelligence company and self-described "global election management agency" SCL Group by long-time SCL executives Nigel Oakes, Alexander Nix and Alexander Oakes, with Nix as CEO. Cambridge Analytica was hired by a variety of political actors, including the Trinidadian government in 2010 and the 2016 presidential campaigns of Ted Cruz and Donald Trump. The firm maintained offices in London, New York City, and Washington, D.C. The company closed operations in 2018 due to backlash from the scandal, although firms related to both Cambridge Analytica and its parent firm SCL still exist. == History == Cambridge Analytica was founded in 2013 as a subsidiary of the private intelligence company SCL Group, which describes itself as providing "data, analytics and strategy to governments and military organisations worldwide". The company was part of "an international web of companies" headed by the London-based SCL Group. Cambridge Analytica (SCL USA) was incorporated in January 2013 with its registered office being in Westferry Circus, London and consisting of just one staff member, director and CEO Alexander Nix (also appointed in January 2015). Nix was also the director of nine similar companies sharing the same registered offices in London, including Firecrest technologies, Emerdata and six SCL Group companies including "SCL elections limited". Nigel Oakes, known as the former boyfriend of Lady Helen Windsor, had founded the predecessor SCL Group in the 1990s, and in 2005 Oakes established SCL Group together with his brother Alexander Oakes and Alexander Nix; SCL Group was the parent company of Cambridge Analytica. Former Conservative minister and MP Sir Geoffrey Pattie was the founding chairman of SCL; Lord Ivar Mountbatten also joined Oakes as a director of the company. As a result of the Facebook–Cambridge Analytica data scandal, Nix was removed as CEO and replaced by Julian Wheatland before the company closed. Several of the company's executives were Old Etonians. The company's owners included several of the Conservative Party's largest donors such as billionaire Vincent Tchenguiz, former British Conservative minister Jonathan Marland, Baron Marland and the family of American hedge fund manager Robert Mercer. The company combined misappropriation of digital assets, data mining, data brokerage, and data analysis with strategic communication during electoral processes. While its parent SCL had focused on influencing elections in developing countries since the 1990s, Cambridge Analytica focused more on the western world, including the United Kingdom and the United States; CEO Alexander Nix has said CA was involved in 44 U.S. political races in 2014. In 2015, CA performed data analysis services for Ted Cruz's presidential campaign. In 2016, CA worked for Donald Trump's presidential campaign as well as for Leave.EU (one of the organisations campaigning in the United Kingdom's referendum on European Union membership). CA's role in those campaigns has been controversial and is the subject of ongoing inquiries in both countries. Political scientists question CA's claims about the effectiveness of its methods of targeting voters. == Data scandal == In March 2018, media outlets broke news of Cambridge Analytica's business practices. The New York Times and The Observer reported that the company had acquired and used personal data about Facebook users from an external researcher who had told Facebook he was collecting it for academic purposes. Shortly afterwards, Channel 4 News aired undercover investigative videos showing Nix boasting about using prostitutes, bribery sting operations, and honey traps to discredit politicians on whom it had conducted opposition research, and saying that the company "ran all of (Donald Trump's) digital campaign". In response to the media reports, the Information Commissioner's Office (ICO) of the UK pursued a warrant to search the company's servers. Facebook banned Cambridge Analytica from advertising on its platform, saying that it had been deceived. On 23 March 2018, the British High Court granted the ICO a warrant to search Cambridge Analytica's London offices. As a result, Nix was suspended as CEO, and replaced by Julian Wheatland. The personal data of up to 87 million Facebook users were acquired via the 270,000 Facebook users who used a Facebook app created by Aleksandr Kogan called "This Is Your Digital Life". This was a personality profiling app and asked simple personality questions similar to other Facebook quizzes. Kogan was a scientist and psychologist, also being an employed lecturer for the University of Cambridge from 2012 to 2018. Alexander Nix claimed they had close to five thousand data points on each person who participated. They also gathered information through other data brokers ending with them acquiring millions of data points from American citizens. Kogan's app exploited a feature of Facebook's Graph API (version 1.0), which permitted any third-party app to access not only the app user's data, but also the full profile data of all of that user's Facebook friends, without those friends' knowledge or consent. This platform-wide design was available to all developers and was used by tens of thousands of apps; Facebook CEO Mark Zuckerberg later told the House Energy and Commerce Committee that the company was auditing "tens of thousands" of apps that had had access to large amounts of user data. Because the average Facebook user at the time had approximately 300 friends, the 270,000 users who installed Kogan's app yielded data on up to 87 million people. Facebook deprecated the friends-data API in April 2014 and shut it down entirely in April 2015, but data already collected by apps remained in developers' possession. Kogan passed this data to Cambridge Analytica, breaching Facebook's terms of service. On 1 May 2018, Cambridge Analytica and its parent company SCL filed for insolvency proceedings and closed operations. Alexander Tayler, a former director for Cambridge Analytica, was appointed director of Emerdata on 28 March 2018. Rebekah Mercer, Jennifer Mercer, Alexander Nix and Johnson Chun Shun Ko, who has links to American businessman Erik Prince, are in leadership positions at Emerdata. The Russo brothers are producing an upcoming film on Cambridge Analytica. In 2019 the Federal Trade Commission filed an administrative complaint against Cambridge Analytica for misuse of data. In 2020, the British Information Commissioner's Office closed a three-year inquiry into the company, concluded that Cambridge Analytica was "not involved" in the 2016 Brexit referendum and found no additional evidence for Russia's alleged interference during the campaign. US sensitive polling and election data, however, were passed to Russian Intelligence via a Cambridge Analytica contractor Sam Patten, Trump campaign manager Paul Manafort, and Russian agent Konstantin Kilimnik, who was indicted during the affair. Publicly, parent company SCL Group called itself a "global election management agency", Politico reported it was known for involvement "in military disinformation campaigns to social media branding and voter targeting". SCL gained work on a large number of campaigns for the US and UK governments' war on terror advancing their model of behavioral conflict during the 2000s. SCL's involvement in the political world has been primarily in the developing world where it has been used by the military and politicians to study and manipulate public opinion and political will. Slate writer Sharon Weinberger compared one of SCL's hypothetical test scenarios to fomenting a coup. Among the investors in Cambridge Analytica were some of the Conservative Party's largest donors such as billionaire Vincent Tchenguiz, former Conservative minister Jonathan Marland, Baron Marland, Roger Gabb, the family of American hedge fund manager Robert Mercer, and Steve Bannon. A minimum of 15 million dollars has been invested into the company by Mercer, according to The New York Times. Bannon's stake in the company was estimated at 1 to 5 million dollars, but he divested his holdings in April 2017 as required by his role as White House Chief Strategist. In March 2018, Jennifer Mercer and Rebekah Mercer became directors of Emerdata limited. In March 2018 it became public by Christopher Wylie, that Cambridge Analytica's first activities were founded on a data set, which its parent company SCL bought 2014 from a company named Global Science Research founded by Aleksandr Kogan and his team present across the world who worked as a psychologist at Cambridge. During Boris Johnson's tenure as foreign secretary, the Foreign Office sought advice from Cambridge Analytica and Boris Johnson had a meeting with Alexander N
Read more →
Dynamic knowledge repository

The dynamic knowledge repository (DKR) is a concept developed by Douglas C. Engelbart as a primary strategic focus for allowing humans to address complex problems. He has proposed that a DKR will enable us to develop a collective IQ greater than any individual's IQ. References and discussion of Engelbart's DKR concept are available at the Doug Engelbart Institute. == Definition == A knowledge repository is a computerized system that systematically captures, organizes and categorizes an organization's knowledge. The repository can be searched and data can be quickly retrieved. The effective knowledge repositories include factual, conceptual, procedural and meta-cognitive techniques. The key features of knowledge repositories include communication forums. A knowledge repository can take many forms to "contain" the knowledge it holds. A customer database is a knowledge repository of customer information and insights – or electronic explicit knowledge. A Library is a knowledge repository of books – physical explicit knowledge. A community of experts is a knowledge repository of tacit knowledge or experience. The nature of the repository only changes to contain/manage the type of knowledge it holds. A repository (as opposed to an archive) is designed to get knowledge out. It should therefore have some rules of structure, classification, taxonomy, record management, etc., to facilitate user engagement.
Read more →
Poop Map

Poop Map is a social app where users can track on a map where and when they defecate. In addition to logging location and time of each bowel movement, users can also add a photo, "like" other users' logs, and rate each account. The social elements of the app allow for groups of users to create a competitive league. Certain behaviors unlock achievements in-app. == Development == The app was created by app developer Nino Uzelac. It was launched in July 2013. == Popularity == The app charted at number one on the Apple App Store charts in 2021 after going viral on TikTok. As of September 2024, the app has a 4.8 rating on the App Store and more than 58,000 ratings. It also has more than one million downloads on the Google Play Store. Poop Map is notably popular among hikers, and has been written about in the outdoors magazine Outside.
Read more →
Tableau de Concordance

The Tableau de Concordance was the main French diplomatic code used during World War I; the term also refers to any message sent using the code. It was a superenciphered four-digit code that was changed three times between 1 August 1914 and 15 January 1915. The Tableau de Concordance is considered superenciphered because there is more than one step required to use it. First, each word in a message is replaced by four digits via a codebook. These four digits are divided into three groups (one digit, two digits, one digit) so that when the whole message has been translated into code, the four-digit sets can be put together so it looks like the entire message is made up of two-digit pairs. This is called a "Straddle Gimmick." Then, in turn, each of these two digit pairs (and the single digits at the beginning and end) are replaced by two letters. The letters are then combined with no spaces for the final ciphertext. The manual for the Tableau de Concordance included the instruction that if there was not adequate time for completely enciphering the message, it should simply be sent in clear, because a partially enciphered message would have provided insight into the inner workings of the code.
Read more →
Malleability (cryptography)

Malleability is a property of some cryptographic algorithms. An encryption algorithm is said to be malleable if it is possible to transform a ciphertext into another ciphertext which decrypts to a related plaintext. That is, given an encryption of a plaintext m {\displaystyle m} , it is possible to generate another ciphertext which decrypts to f ( m ) {\displaystyle f(m)} , for a known function f {\displaystyle f} , without necessarily knowing or learning m {\displaystyle m} . Malleability is often an undesirable property in a general-purpose cryptosystem, since it allows an attacker to modify the contents of a message. For example, suppose that a bank uses a stream cipher to hide its financial information, and a user sends an encrypted message containing, say, "TRANSFER $0000100.00 TO ACCOUNT #199." If an attacker can modify the message on the wire, and can guess the format of the unencrypted message, the attacker could change the amount of the transaction, or the recipient of the funds, e.g. "TRANSFER $0100000.00 TO ACCOUNT #227". Malleability does not refer to the attacker's ability to read the encrypted message. Both before and after tampering, the attacker cannot read the encrypted message. On the other hand, some cryptosystems are malleable by design. In other words, in some circumstances it may be viewed as a feature that anyone can transform an encryption of m {\displaystyle m} into a valid encryption of f ( m ) {\displaystyle f(m)} (for some restricted class of functions f {\displaystyle f} ) without necessarily learning m {\displaystyle m} . Such schemes are known as homomorphic encryption schemes. A cryptosystem may be semantically secure against chosen-plaintext attacks or even non-adaptive chosen-ciphertext attacks (CCA1) while still being malleable. However, security against adaptive chosen-ciphertext attacks (CCA2) is equivalent to non-malleability. == Example malleable cryptosystems == In a stream cipher, the ciphertext is produced by taking the exclusive or of the plaintext and a pseudorandom stream based on a secret key k {\displaystyle k} , as E ( m ) = m ⊕ S ( k ) {\displaystyle E(m)=m\oplus S(k)} . An adversary can construct an encryption of m ⊕ t {\displaystyle m\oplus t} for any t {\displaystyle t} , as E ( m ) ⊕ t = m ⊕ t ⊕ S ( k ) = E ( m ⊕ t ) {\displaystyle E(m)\oplus t=m\oplus t\oplus S(k)=E(m\oplus t)} . In the RSA cryptosystem, a plaintext m {\displaystyle m} is encrypted as E ( m ) = m e mod n {\displaystyle E(m)=m^{e}{\bmod {n}}} , where ( e , n ) {\displaystyle (e,n)} is the public key. Given such a ciphertext, an adversary can construct an encryption of m t {\displaystyle mt} for any t {\displaystyle t} , as E ( m ) ⋅ t e mod n = ( m t ) e mod n = E ( m t ) {\textstyle E(m)\cdot t^{e}{\bmod {n}}=(mt)^{e}{\bmod {n}}=E(mt)} . For this reason, RSA is commonly used together with padding methods such as OAEP or PKCS1. In the ElGamal cryptosystem, a plaintext m {\displaystyle m} is encrypted as E ( m ) = ( g b , m A b ) {\displaystyle E(m)=(g^{b},mA^{b})} , where ( g , A ) {\displaystyle (g,A)} is the public key. Given such a ciphertext ( c 1 , c 2 ) {\displaystyle (c_{1},c_{2})} , an adversary can compute ( c 1 , t ⋅ c 2 ) {\displaystyle (c_{1},t\cdot c_{2})} , which is a valid encryption of t m {\displaystyle tm} , for any t {\displaystyle t} . In contrast, the Cramer-Shoup system (which is based on ElGamal) is not malleable. In the Paillier, ElGamal, and RSA cryptosystems, it is also possible to combine several ciphertexts together in a useful way to produce a related ciphertext. In Paillier, given only the public key and an encryption of m 1 {\displaystyle m_{1}} and m 2 {\displaystyle m_{2}} , one can compute a valid encryption of their sum m 1 + m 2 {\displaystyle m_{1}+m_{2}} . In ElGamal and in RSA, one can combine encryptions of m 1 {\displaystyle m_{1}} and m 2 {\displaystyle m_{2}} to obtain a valid encryption of their product m 1 m 2 {\displaystyle m_{1}m_{2}} . Block ciphers in the cipher block chaining mode of operation, for example, are partly malleable: flipping a bit in a ciphertext block will completely mangle the plaintext it decrypts to, but will result in the same bit being flipped in the plaintext of the next block. This allows an attacker to 'sacrifice' one block of plaintext in order to change some data in the next one, possibly managing to maliciously alter the message. This is essentially the core idea of the padding oracle attack on CBC, which allows the attacker to decrypt almost an entire ciphertext without knowing the key. For this and many other reasons, a message authentication code is required to guard against any method of tampering. == Complete non-malleability == Fischlin, in 2005, defined the notion of complete non-malleability as the ability of the system to remain non-malleable while giving the adversary additional power to choose a new public key which could be a function of the original public key. In other words, the adversary shouldn't be able to come up with a ciphertext whose underlying plaintext is related to the original message through a relation that also takes public keys into account.
Read more →
Information leakage

Information leakage happens whenever a system that is designed to be closed to an eavesdropper reveals some information to unauthorized parties nonetheless. In other words: Information leakage occurs when secret information correlates with, or can be correlated with, observable information. For example, when designing an encrypted instant messaging network, a network engineer without the capacity to crack encryption codes could see when messages are transmitted, even if he could not read them. == Risk vectors == A modern example of information leakage is the leakage of secret information via data compression, by using variations in data compression ratio to reveal correlations between known (or deliberately injected) plaintext and secret data combined in a single compressed stream. Another example is the key leakage that can occur when using some public-key systems when cryptographic nonce values used in signing operations are insufficiently random. Bad randomness cannot protect proper functioning of a cryptographic system, even in a benign circumstance, it can easily produce crackable keys that cause key leakage. Information leakage can sometimes be deliberate: for example, an algorithmic converter may be shipped that intentionally leaks small amounts of information, in order to provide its creator with the ability to intercept the users' messages, while still allowing the user to maintain an illusion that the system is secure. This sort of deliberate leakage is sometimes known as a subliminal channel. Generally, only very advanced systems employ defenses against information leakage. Following are the commonly implemented countermeasures : Use steganography to hide the fact that a message is transmitted at all. Use chaffing to make it unclear to whom messages are transmitted (but this does not hide from others the fact that messages are transmitted). For busy re-transmitting proxies, such as a Mixmaster node: randomly delay and shuffle the order of outbound packets - this will assist in disguising a given message's path, especially if there are multiple, popular forwarding nodes, such as are employed with Mixmaster mail forwarding. When a data value is no longer going to be used, erase it from the memory.
Read more →
Eyes of Things

Eyes of Things (EoT) is the name of a project funded by the European Union’s Horizon 2020 Research and Innovation Programme under grant agreement number 643924. The purpose of the project, which is funded under the Smart Cyber-physical systems topic, is to develop a generic hardware-software platform for embedded, efficient (i.e. battery-operated, wearable, mobile), computer vision, including deep learning inference. On November 29, 2018, the European Space Agency announced that it was testing the suitability of the device for space applications in advance of a flight in a Cubesat. == Motivation == EoT is based on the following tenets: Future embedded systems will have more intelligence and cognitive functionality. Vision is paramount to such intelligent capacity Unlike other sensors, vision requires intensive processing. Power consumption must be optimized if vision is to be used in mobile and wearable applications Cloud processing of edge-captured images is not sustainable. The sheer amount of visual data generated cannot be transferred to the cloud. Bandwidth is not sufficient and cloud servers cannot cope with it. == Partners == VISILAB group at University of Castilla–La Mancha (Coordinator) Movidius Awaiba Thales Security Solutions & Systems DFKI Fluxguide Evercam nVISO == Awards == 2019 Electronic Component and Systems Innovation Award by the European Commission 2018 HiPEAC Tech Transfer Award 2018 EC Innovation Radar - highlighting excellent innovations Award 2018 Internet of Things (IoT) Technology Research Award Pilot by Google 2016 Semifinalist "THE VISION SHOW STARTUP COMPETITION", Global Association for Vision Information, Boston US
Read more →
Trace zero cryptography

First proposed by Gerhard Frey in 1998, trace zero cryptography refers to the use of trace zero varieties (TZV) for cryptographic purpose. Trace zero varieties are subgroups of the divisor class group on a low genus hyperelliptic curve defined over a finite field. These groups can be used to establish asymmetric cryptography using the discrete logarithm problem as cryptographic primitive. Trace zero varieties feature a better scalar multiplication performance than elliptic curves. This allows fast arithmetic in these groups, which can speed up the calculations with a factor 3 compared with elliptic curves and hence speed up the cryptosystem. Another advantage is that for groups of cryptographically relevant size, the order of the group can simply be calculated using the characteristic polynomial of the Frobenius endomorphism. This is not the case, for example, in elliptic curve cryptography when the group of points of an elliptic curve over a prime field is used for cryptographic purpose. However, to represent an element of the trace zero variety more bits are needed compared with elements of elliptic or hyperelliptic curves. Another disadvantage is the fact that it is possible to reduce the security of the TZV of 1/6th of the bit length using cover attack. == Mathematical background == A hyperelliptic curve C of genus g over a prime field F q {\displaystyle \mathbb {F} _{q}} where q = pn (p prime) of odd characteristic is defined as C : y 2 + h ( x ) y = f ( x ) , {\displaystyle C:~y^{2}+h(x)y=f(x),} where f monic, deg(f) = 2g + 1 and deg(h) ≤ g. The curve has at least one F q {\displaystyle \mathbb {F} _{q}} -rational Weierstraßpoint. The Jacobian variety J C ( F q n ) {\displaystyle J_{C}(\mathbb {F} _{q^{n}})} of C is for all finite extension F q n {\displaystyle \mathbb {F} _{q^{n}}} isomorphic to the ideal class group Cl ⁡ ( C / F q n ) {\displaystyle \operatorname {Cl} (C/\mathbb {F} _{q^{n}})} . With the Mumford's representation it is possible to represent the elements of J C ( F q n ) {\displaystyle J_{C}(\mathbb {F} _{q^{n}})} with a pair of polynomials [u, v], where u, v ∈ F q n [ x ] {\displaystyle \mathbb {F} _{q^{n}}[x]} . The Frobenius endomorphism σ is used on an element [u, v] of J C ( F q n ) {\displaystyle J_{C}(\mathbb {F} _{q^{n}})} to raise the power of each coefficient of that element to q: σ([u, v]) = [uq(x), vq(x)]. The characteristic polynomial of this endomorphism has the following form: χ ( T ) = T 2 g + a 1 T 2 g − 1 + ⋯ + a g T g + ⋯ + a 1 q g − 1 T + q g , {\displaystyle \chi (T)=T^{2g}+a_{1}T^{2g-1}+\cdots +a_{g}T^{g}+\cdots +a_{1}q^{g-1}T+q^{g},} where ai in Z {\displaystyle \mathbb {Z} } With the Hasse–Weil theorem it is possible to receive the group order of any extension field F q n {\displaystyle \mathbb {F} _{q^{n}}} by using the complex roots τi of χ(T): | J C ( F q n ) | = ∏ i = 1 2 g ( 1 − τ i n ) {\displaystyle |J_{C}(\mathbb {F} _{q^{n}})|=\prod _{i=1}^{2g}(1-\tau _{i}^{n})} Let D be an element of the J C ( F q n ) {\displaystyle J_{C}(\mathbb {F} _{q^{n}})} of C, then it is possible to define an endomorphism of J C ( F q n ) {\displaystyle J_{C}(\mathbb {F} _{q^{n}})} , the so-called trace of D: Tr ⁡ ( D ) = ∑ i = 0 n − 1 σ i ( D ) = D + σ ( D ) + ⋯ + σ n − 1 ( D ) {\displaystyle \operatorname {Tr} (D)=\sum _{i=0}^{n-1}\sigma ^{i}(D)=D+\sigma (D)+\cdots +\sigma ^{n-1}(D)} Based on this endomorphism one can reduce the Jacobian variety to a subgroup G with the property, that every element is of trace zero: G = { D ∈ J C ( F q n ) | Tr ( D ) = 0 } , ( 0 neutral element in J C ( F q n ) {\displaystyle G=\{D\in J_{C}(\mathbb {F} _{q^{n}})~|~{\text{Tr}}(D)={\textbf {0}}\},~~~({\textbf {0}}{\text{ neutral element in }}J_{C}(\mathbb {F} _{q^{n}})} G is the kernel of the trace endomorphism and thus G is a group, the so-called trace zero (sub)variety (TZV) of J C ( F q n ) {\displaystyle J_{C}(\mathbb {F} _{q^{n}})} . The intersection of G and J C ( F q ) {\displaystyle J_{C}(\mathbb {F} _{q})} is produced by the n-torsion elements of J C ( F q ) {\displaystyle J_{C}(\mathbb {F} _{q})} . If the greatest common divisor gcd ( n , | J C ( F q ) | ) = 1 {\displaystyle \gcd(n,|J_{C}(\mathbb {F} _{q})|)=1} the intersection is empty and one can compute the group order of G: | G | = | J C ( F q n ) | | J C ( F q ) | = ∏ i = 1 2 g ( 1 − τ i n ) ∏ i = 1 2 g ( 1 − τ i ) {\displaystyle |G|={\dfrac {|J_{C}(\mathbb {F} _{q^{n}})|}{|J_{C}(\mathbb {F} _{q})|}}={\dfrac {\prod _{i=1}^{2g}(1-\tau _{i}^{n})}{\prod _{i=1}^{2g}(1-\tau _{i})}}} The actual group used in cryptographic applications is a subgroup G0 of G of a large prime order l. This group may be G itself. There exist three different cases of cryptographical relevance for TZV: g = 1, n = 3 g = 1, n = 5 g = 2, n = 3 == Arithmetic == The arithmetic used in the TZV group G0 based on the arithmetic for the whole group J C ( F q n ) {\displaystyle J_{C}(\mathbb {F} _{q^{n}})} , But it is possible to use the Frobenius endomorphism σ to speed up the scalar multiplication. This can be archived if G0 is generated by D of order l then σ(D) = sD, for some integers s. For the given cases of TZV s can be computed as follows, where ai come from the characteristic polynomial of the Frobenius endomorphism : For g = 1, n = 3: s = q − 1 1 − a 1 mod ℓ {\displaystyle s={\dfrac {q-1}{1-a_{1}}}{\bmod {\ell }}} For g = 1, n = 5: s = q 2 − q − a 1 2 q + a 1 q + 1 q − 2 a 1 q + a 1 3 − a 1 2 + a 1 − 1 mod ℓ {\displaystyle s={\dfrac {q^{2}-q-a_{1}^{2}q+a_{1}q+1}{q-2a_{1}q+a_{1}^{3}-a_{1}^{2}+a_{1}-1}}{\bmod {\ell }}} For g = 2, n = 3: s = − q 2 − a 2 + a 1 a 1 q − a 2 + 1 mod ℓ {\displaystyle s=-{\dfrac {q^{2}-a_{2}+a_{1}}{a_{1}q-a_{2}+1}}{\bmod {\ell }}} Knowing this, it is possible to replace any scalar multiplication mD (|m| ≤ l/2) with: m 0 D + m 1 σ ( D ) + ⋯ + m n − 1 σ n − 1 ( D ) , where m i = O ( ℓ 1 / ( n − 1 ) ) = O ( q g ) {\displaystyle m_{0}D+m_{1}\sigma (D)+\cdots +m_{n-1}\sigma ^{n-1}(D),~~~~{\text{where }}m_{i}=O(\ell ^{1/(n-1)})=O(q^{g})} With this trick the multiple scalar product can be reduced to about 1/(n − 1)th of doublings necessary for calculating mD, if the implied constants are small enough. == Security == The security of cryptographic systems based on trace zero subvarieties according to the results of the papers comparable to the security of hyper-elliptic curves of low genus g' over F p ′ {\displaystyle \mathbb {F} _{p'}} , where p' ~ (n − 1)(g/g' ) for |G| ~128 bits. For the cases where n = 3, g = 2 and n = 5, g = 1 it is possible to reduce the security for at most 6 bits, where |G| ~ 2256, because one can not be sure that G is contained in a Jacobian of a curve of genus 6. The security of curves of genus 4 for similar fields are far less secure. == Cover attack on a trace zero crypto-system == The attack published in shows, that the DLP in trace zero groups of genus 2 over finite fields of characteristic diverse than 2 or 3 and a field extension of degree 3 can be transformed into a DLP in a class group of degree 0 with genus of at most 6 over the base field. In this new class group the DLP can be attacked with the index calculus methods. This leads to a reduction of the bit length 1/6th.
Read more →
Verifiable secret sharing

In cryptography, a secret sharing scheme is verifiable if auxiliary information is included that allows players to verify their shares as consistent. More formally, verifiable secret sharing ensures that even if the dealer is malicious there is a well-defined secret that the players can later reconstruct. (In standard secret sharing, the dealer is assumed to be honest.) The concept of verifiable secret sharing (VSS) was first introduced in 1985 by Benny Chor, Shafi Goldwasser, Silvio Micali and Baruch Awerbuch. In a VSS protocol a distinguished player who wants to share the secret is referred to as the dealer. The protocol consists of two phases: a sharing phase and a reconstruction phase. Sharing: Initially the dealer holds secret as input and each player holds an independent random input. The sharing phase may consist of several rounds. At each round each player can privately send messages to other players and can also broadcast a message. Each message sent or broadcast by a player is determined by its input, its random input and messages received from other players in previous rounds. Reconstruction: In this phase each player provides its entire view from the sharing phase and a reconstruction function is applied and is taken as the protocol's output. An alternative definition given by Oded Goldreich defines VSS as a secure multi-party protocol for computing the randomized functionality corresponding to some (non-verifiable) secret sharing scheme. This definition is stronger than that of the other definitions and is very convenient to use in the context of general secure multi-party computation. Verifiable secret sharing is important for secure multiparty computation. Multiparty computation is typically accomplished by making secret shares of the inputs, and manipulating the shares to compute some function. To handle "active" adversaries (that is, adversaries that corrupt nodes and then make them deviate from the protocol), the secret sharing scheme needs to be verifiable to prevent the deviating nodes from throwing off the protocol. == Feldman's scheme == A commonly used example of a simple VSS scheme is the protocol by Paul Feldman, which is based on Shamir's secret sharing scheme combined with any encryption scheme which satisfies a specific homomorphic property (that is not necessarily satisfied by all homomorphic encryption schemes). The following description gives the general idea, but is not secure as written. (Note, in particular, that the published value gs leaks information about the dealer's secret s.) First, a cyclic group G of prime order q, along with a generator g of G, is chosen publicly as a system parameter. The group G must be chosen such that computing discrete logarithms is hard in this group. (Typically, one takes an order-q subgroup of (Z/pZ)×, where q is a prime dividing p − 1.) The dealer then computes (and keeps secret) a random polynomial P of degree t with coefficients in Zq, such that P(0) = s, where s is the secret. Each of the n share holders will receive a value P(1), ..., P(n) modulo q. Any t + 1 share holders can recover the secret s by using polynomial interpolation modulo q, but any set of at most t share holders cannot. (In fact, at this point any set of at most t share holders has no information about s.) So far, this is exactly Shamir's scheme. To make these shares verifiable, the dealer distributes commitments to the coefficients of P modulo q. If P(x) = s + a1x + ... + atxt, then the commitments that must be given are: c0 = gs, c1 = ga1, ... ct = gat. Once these are given, any party can verify their share. For instance, to verify that v = P(i) modulo q, party i can check that g v = c 0 c 1 i c 2 i 2 ⋯ c t i t = ∏ j = 0 t c j i j = ∏ j = 0 t g a j i j = g ∑ j = 0 t a j i j = g P ( i ) {\displaystyle g^{v}=c_{0}c_{1}^{i}c_{2}^{i^{2}}\cdots c_{t}^{i^{t}}=\prod _{j=0}^{t}c_{j}^{i^{j}}=\prod _{j=0}^{t}g^{a_{j}i^{j}}=g^{\sum _{j=0}^{t}a_{j}i^{j}}=g^{P(i)}} . This scheme is, at best, secure against computationally bounded adversaries, namely the intractability of computing discrete logarithms. Pedersen proposed later a scheme where no information about the secret is revealed even with a dealer with unlimited computing power. == Baghery's hash-based scheme == A recent line of research has proposed a unified framework, for building practical VSS schemes that do not necessarily require homomorphic commitments —a key requirement in traditional constructions such as Feldman's and Pedersen's schemes. The framework allows instantiations with different commitment schemes, including post-quantum secure options such as hash-based commitments. This offers a flexible and efficient approach to build VSS schemes, in which the verifiability of shares is decoupled from the need for homomorphic commitments, which are often tied to assumptions like the Discrete Logarithm (DL) problem, known to be insecure against quantum adversaries. One instantiation of the new framework uses hash-based commitments and a random oracle to construct a hash-based VSS scheme based on Shamir's secret sharing. === Protocol Overview === Sharing Phase: Given a secure hash-based commitment scheme C {\displaystyle {\mathcal {C}}} and a hash function H {\displaystyle {\mathcal {H}}} (modeled as a random oracle), to share a secret value s {\displaystyle s} among n {\displaystyle n} parties with threshold t {\displaystyle t} , the dealer acts as follows: Following Shamir sharing, the dealer samples a random degree- t {\displaystyle t} polynomial P ( X ) {\displaystyle P(X)} over a filed or ring, with P ( 0 ) = s {\displaystyle P(0)=s} . Each of the n {\displaystyle n} parties will receive a value v i = P ( i ) {\displaystyle v_{i}=P(i)} modulo q {\displaystyle q} as a share. To prove the validity of the shares, the dealer acts as follows: Samples another random degree- t {\displaystyle t} polynomial R ( X ) {\displaystyle R(X)} and n {\displaystyle n} random values γ 1 , … , γ n {\displaystyle \gamma _{1},\dots ,\gamma _{n}} from the same filed or ring. Computes a set of commitments c i = C ( P ( i ) , R ( i ) , γ i ) {\displaystyle c_{i}={\mathcal {C}}(P(i),R(i),\gamma _{i})} for i = 1 , 2 , … , n {\displaystyle i=1,2,\dots ,n} . Note that, the additional randomness γ i {\displaystyle \gamma _{i}} is used when the secret s {\displaystyle s} does not have sufficient entropy, but it can be omitted when sharing a uniformly random secret. Each of the n {\displaystyle n} parties will also receive a value γ i {\displaystyle \gamma _{i}} modulo q {\displaystyle q} as a share. Calculates a challenge value d {\displaystyle d} via a hash function d = H ( c 1 , … , c n ) {\displaystyle d={\mathcal {H}}(c_{1},\dots ,c_{n})} and then computes a polynomial Z ( X ) = R ( X ) + d ⋅ P ( X ) {\displaystyle Z(X)=R(X)+d\cdot P(X)} . Broadcasts the commitments c 1 , … , c n {\displaystyle c_{1},\dots ,c_{n}} along with Z ( X ) {\displaystyle Z(X)} as the proof and privately sends ( v i , γ i ) {\displaystyle (v_{i},\gamma _{i})} as the individual share to party i {\displaystyle i} . Verification Phase: Given an individual share ( v i , γ i ) {\displaystyle (v_{i},\gamma _{i})} and a proof ( c 1 , … , c n , Z ( X ) ) {\displaystyle (c_{1},\dots ,c_{n},Z(X))} , party i {\displaystyle i} verifies the correctness of it as below: Checks that Z ( X ) {\displaystyle Z(X)} is a valid (up to) degree- t {\displaystyle t} polynomial. Recomputes the challenge value d = H ( c 1 , … , c n ) {\displaystyle d={\mathcal {H}}(c_{1},\dots ,c_{n})} , and verifies the commitment equation c i = C ( v i , Z ( i ) − d v i , γ i ) {\displaystyle c_{i}={\mathcal {C}}(v_{i},Z(i)-dv_{i},\gamma _{i})} . If the verification fails, similar to Feldman’s and Pedersen’s schemes, the party raises a complaint. If too many complaints (more than t {\displaystyle t} ) are raised, the dealer is disqualified. In case of a complaint, the dealer can publicly reveal the disputed share to allow global verification. Honest parties can then collectively agree to either continue or disqualify the dealer. This scheme supports the sharing of both low-entropy and high-entropy secrets. Moreover, since it relies solely on secure hash functions for commitments and on a (quantum) random oracle, it plausibly achieves security even against quantum adversaries. Additionally, by using only lightweight cryptographic primitives, the scheme is considerably more efficient in practice compared to traditional VSS constructions based on number-theoretic assumptions. == Benaloh's scheme == Once n shares are distributed to their holders, each holder should be able to verify that all shares are collectively t-consistent (i.e., any subset t of n shares will yield the same, correct, polynomial without exposing the secret). In Shamir's secret sharing scheme the shares s 1 , s 2 , . . . , s n {\displaystyle s_{1},s_{2},...,s_{n}} are t-consistent if and only if the interpolation of the points ( 1 , s 1 ) , ( 2 , s 2 ) , . . . , (
Read more →