Search for: All records

We witness an increase in applications like cryptocurrency wallets, which involve users issuing signatures using private keys. To protect these keys from loss or compromise, users commonly outsource them to a custodial server. This creates a new point of failure, because compromise of such a server leaks the user’s key, and if user authentication is implemented with a password then this password becomes open to an offline dictionary attack (ODA). A better solution is to secret-share the key among a set of servers, possibly including user’s own device(s), and implement password authentication and signature computation using threshold cryptography. We propose a notion of augmented password-protected threshold signature (aptSIG) scheme which captures the best possible security level for this setting. Using standard threshold cryptography techniques, i.e. threshold password authentication and threshold signatures, one can guarantee that compromising up to t out of n servers reveals no information on either the key or the password. However, we extend this with a novel property, that compromising even all n servers also does not leak any information, except via an unavoidable ODA attack, which reveals the key only if the attacker guesses the password. We define aptSIG in the Universally Composable (UC) framework and show that it can be constructed very efficiently, using a black-box composition of any UC threshold signature [13] and a UC augmented Password-Protected Secret Sharing (aPPSS), which we define as an extension of prior notion of PPSS [30]. As concrete instantiations we obtain secure aptSIG schemes for ECDSA (in the case of t=n-1) and BLS signatures with very small overhead over the respective threshold signature. Finally, we note that both the notion and our generic solution for augmented password-protected threshold signatures can be generalized to password-protecting MPC for any keyed functions. 

Protocols for password authenticated key exchange (PAKE) allow two parties who share only a weak password to agree on a cryptographic key. We revisit the notion of PAKE in the universal composability (UC) framework, and propose a relaxation of the PAKE functionality of Canetti et al. that we call lazy-extraction PAKE (lePAKE). Our relaxation allows the ideal-world adversary to postpone its password guess until after a session is complete. We argue that this relaxed notion still provides meaningful security in the password-only setting. As our main result, we show that several PAKE protocols that were previously only proven secure with respect to a “game-based” definition of security can be shown to UC-realize the lePAKE functionality in the random-oracle model. These include SPEKE, SPAKE2, and TBPEKE, the most efficient PAKE schemes currently known. 

Abstract. Parameterizations that impact wet removal of black carbon (BC)remain uncertain in global climate models. In this study, we enhance thedefault wet deposition scheme for BC in the Community Earth System Model (CESM)to (a) add relevant physical processes that were not resolved in thedefault model and (b) facilitate understanding of the relative importanceof various cloud processes on BC distributions. We find that the enhancedscheme greatly improves model performance against HIPPO observationsrelative to the default scheme. We find that convection scavenging, aerosolactivation, ice nucleation, evaporation of rain or snow, and below-cloudscavenging dominate wet deposition of BC. BC conversion rates for processesrelated to in-cloud water–ice conversion (i.e., riming, the Bergeronprocess, and evaporation of cloud water sedimentation) are relativelysmaller, but have large seasonal variations. We also conduct sensitivitysimulations that turn off each cloud process one at a time to quantify theinfluence of cloud processes on BC distributions and radiative forcing.Convective scavenging is found to have the largest impact onBC concentrations at mid-altitudes over the tropics and even globally. Inaddition, BC is sensitive to all cloud processes over the NorthernHemisphere at high latitudes. As for BC vertical distributions, convectivescavenging greatly influences BC fractions at different altitudes.Suppressing BC droplet activation in clouds mainly decreases the fraction ofcolumn BC below 5 km, whereas suppressing BC ice nucleation increases thatabove 10 km. During wintertime, the Bergeron process also significantlyincreases BC concentrations at lower altitudes over the Arctic. Oursimulation yields a global BC burden of 85 Gg; corresponding directradiative forcing (DRF) of BC estimated using the Parallel Offline RadiativeTransfer (PORT) is 0.13 W m−2, much lower than previous studies. Therange of DRF derived from sensitivity simulations is large, 0.09–0.33 W m−2,corresponding to BC burdens varying from 73 to 151 Gg. Due todifferences in BC vertical distributions among each sensitivity simulation,fractional changes in DRF (relative to the baseline simulation) are alwayshigher than fractional changes in BC burdens; this occurs because relocating BCin the vertical influences the radiative forcing per BC mass. Our resultshighlight the influences of cloud microphysical processes on BC concentrationsand radiative forcing.