Mechanism Design for Demand Management in Energy Communities

We consider a demand management problem in an energy community, in which several users obtain energy from an external organization such as an energy company and pay for the energy according to pre-specified prices that consist of a time-dependent price per unit of energy as well as a separate price for peak demand. Since users’ utilities are their private information, which they may not be willing to share, a mediator, known as the planner, is introduced to help optimize the overall satisfaction of the community (total utility minus total payments) by mechanism design. A mechanism consists of a message space, a tax/subsidy, and an allocation function for each user. Each user reports a message chosen from her own message space, then receives some amount of energy determined by the allocation function, and pays the tax specified by the tax function. A desirable mechanism induces a game, the Nash equilibria (NE), of which results in an allocation that coincides with the optimal allocation for the community. As a starting point, we design a mechanism for the energy community with desirable properties such as full implementation, strong budget balance and individual rationality for both users and the planner. We then modify this baseline mechanism for communities where message exchanges are allowed only within neighborhoods, and consequently, the tax/subsidy and allocation functions of each user are only determined by the messages from their neighbors. All of the desirable properties of the baseline mechanism are preserved in the distributed mechanism. Finally, we present a learning algorithm for the baseline mechanism, based on projected gradient descent, that is guaranteed to converge to the NE of the induced game.

Private Stream Aggregation with Labels in the Standard Model

A private stream aggregation (PSA) scheme is a protocol of n clients and one aggregator. At every time step, the clients send an encrypted value to the (untrusted) aggregator, who is able to compute the sum of all client values, but cannot learn the values of individual clients. One possible application of PSA is privacy-preserving smart-metering, where a power supplier can learn the total power consumption, but not the consumption of individual households. We construct a simple PSA scheme that supports labels and which we prove to be secure in the standard model. Labels are useful to restrict the access of the aggregator, because it prevents the aggregator from combining ciphertexts with different labels (or from different time-steps) and thus avoids leaking information about values of individual clients. The scheme is based on key-homomorphic pseudorandom functions (PRFs) as the only primitive, supports a large message space, scales well for a large number of users and has small ciphertexts. We provide an implementation of the scheme with a lattice-based key-homomorphic PRF (secure in the ROM) and measure the performance of the implementation. Furthermore, we discuss practical issues such as how to avoid a trusted party during the setup and how to cope with clients joining or leaving the system.

Three Authentication Schemes without Secrecy over Finite Fields and Galois Rings

We provide three new authentication schemes without secrecy. The first two on finite fields and Galois rings, using Gray map for this link. The third construction is based on Galois rings. The main achievement in this work is to obtain optimal impersonation and substitution probabilities in the schemes. Additionally, in the first and second scheme, we simplify the source space and obtain a better relationship between the size of the message space and the key space than the one given in a recent paper. Finally, we provide a third scheme on Galois rings.

Three authentication schemes without secrecy over finite fields and Galois rings

We give three new authentication schemes without secrecy. The first two on finite fields and Galois rings, using Gray map for this link. The third construction is given on Galois rings. The main achievement in this work is to obtain optimal impersonation and substitution probabilities in the schemes. Additionally, in the first and second scheme, we simplify the source space and bring a better relationship between the size of the message space and the key space than the given in [8]. Finally, we provide a third scheme on Galois rings, which generalizes the scheme over finite fields constructed in [9].

Flattening NTRU for Evaluation Key Free Homomorphic Encryption

We propose a new FHE scheme F-NTRU that adopts the flattening technique proposed in GSW to derive an NTRU based scheme that (similar to GSW) does not require evaluation keys or key switching. Our scheme eliminates the decision small polynomial ratio assumption but relies only on the standard R-LWE assumption. It uses wide key distributions, and hence is immune to Subfield Lattice Attack. In practice, our scheme achieves competitive timings compared to the existing schemes. We are able to compute a homomorphic multiplication in 24.4 msec and 76.0 msec for 5 and 30 levels, respectively, without amortization. Furthermore, our scheme features small ciphertexts, e.g. 2376 KB for 30 levels. The assurance gained by using wide key distributions along with the message space flexibility of the scheme, i.e. bits, binary polynomials, and integers with a large message space, allows the use of the proposed scheme in a wide array of applications.

Bootstrapping of FHE over the Integers with Large Message Space

For the decryption of the fully homomorphic encryption (FHE) over the integers with the message space ZQ, Nuida and Kurosawa proposed a Q4λ-multiplicative-degree circuit to compute it at Eurocrypt 2015, where λ is the security parameter and the message size Q is a constant. Since the degree of the decryption circuit is polynomial in Q, the range of the message size Q is limited. In this work, we solve this open problem as long as Q is large enough (larger than λ). We represent the decryption circuit as a arithmetic polynomial of multiplicative degree 108·λ log3λ, which is independent of the message size Q except a constraint Q>λ. Moreover, the bootstrapping process requires only O(λ·log⁡λ) number of multiplications to implement the decryption circuit, which is significantly lower than O(λ4) of Nuida and Kurosawa’s work. We also show the efficiency of the FHE scheme with message space ZQ compared to the FHE scheme with binary message space. As a result, we have that the former is preferable.

An Additively Homomorphic Encryption over Large Message Space

Fully homomorphic encryption schemes available are not efficient enough to be practical, and a number of real-world applications require only that a homomorphic encryption scheme is somewhat homomorphic, even additively homomorphic and has much larger message space for efficiency. An additively homomorphic encryption scheme based heavily on Smart-Vercauteren encryption scheme (SV10 scheme, PKC 2010) is put forward, where both schemes each work with two ideals I and J. As a contribution of independent interest, a two-element representation of the ideal I is given and proven by factoring prime numbers in a number field. This two-element representation serves as the public key. The authors' scheme allows working over much larger message space than that of SV10 scheme by selecting the ideal I with larger decryption radius to generate public/private key pair, instead of choosing the ideal J as done in the SV10 scheme. The correctness and security of the scheme are shown, followed by setting parameters and computational results. The results indicate that this construction has much larger message space than SV10 scheme.