{"paper_1":{"schema_version":"0.1","map_id":"paper-1-map","publication_id":1,"publication_anchor":"paper-1","slug":"paper-1","canonical_path":"/knowledge/papers/paper-1/","machine_path":"/knowledge/papers/paper-1.json","root_node_id":"paper-1","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["algorithm"],"title":"Sub-Carrier Allocation Using Channel Prediction for OFDMA Systems Based on IEEE 802.16 Standard","year":2006,"venue":"International Conference on Computer Engineering and Systems (ICCES)","topic":"algorithms-foundations","labels":["Theory","Applied"],"authors":["Karim Eldefrawy","Mohamed M. Khairy","Amin Nassar"],"keywords":["OFDMA","channel prediction","resource allocation"],"research_question":"In a fixed IEEE 802.16 OFDMA downlink, can a scheduler use predicted per-user channel states over several future frames to satisfy more users' rate requirements and distribute subcarriers more fairly than repeated one-frame allocation?","central_answer":"The paper expands allocation from N subcarriers in one frame to an L-by-N time-frequency horizon, feeds Wiener-filter channel predictions into an existing constrained allocator, and reports that ten-frame scheduling improves the rate-satisfaction/fairness tradeoff in the evaluated SUI-5 simulations.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"source extraction, evidence linking, and initial assessment"}],"method":"Source-grounded audit of the full text indexed from the public author-uploaded copy and the official DOI record. The indexed body was reviewed through the conclusion, but the binary PDF could not be retrieved in this run; page fixity and visual pagination therefore remain unavailable.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-drafted, source-linked map awaiting author verification before approval."}},"sources":[{"id":"source-paper-1-full-text","type":"author_hosted_copy","title":"Sub-Carrier Allocation Using Channel Prediction for OFDMA Systems Based on IEEE 802.16 Standard","url":"https://www.researchgate.net/publication/251829226_SubCarrier_Allocation_using_Channel_Prediction_for_OFDMA_systems_based_on_IEEE_80216_Standard","provenance_category":"author","version_note":"Public full text uploaded by Karim Eldefrawy; binary-file fixity was not obtainable in this audit."},{"id":"source-paper-1-official","type":"official_publication_record","title":"IEEE DOI record","url":"https://doi.org/10.1109/ICCES.2006.320475"},{"id":"source-paper-1-citations","type":"citation_search","title":"Dated scholarly-web citation search","url":"https://scholar.google.com/scholar?q=%22Sub-Carrier+Allocation+Using+Channel+Prediction+for+OFDMA+Systems%22","version_note":"Search attempted 2026-07-11; no transparent citation count was retrievable in this environment."}],"source_anchors":[{"id":"anchor-paper-1-problem","source_id":"source-paper-1-full-text","label":"Problem, multi-frame idea, and claimed contribution","locator":"Abstract and Section I","url":"https://www.researchgate.net/publication/251829226_SubCarrier_Allocation_using_Channel_Prediction_for_OFDMA_systems_based_on_IEEE_80216_Standard"},{"id":"anchor-paper-1-system-model","source_id":"source-paper-1-full-text","label":"OFDMA system model and rate constraints","locator":"Sections II-III and Equations 1-9","url":"https://www.researchgate.net/publication/251829226_SubCarrier_Allocation_using_Channel_Prediction_for_OFDMA_systems_based_on_IEEE_80216_Standard"},{"id":"anchor-paper-1-allocation","source_id":"source-paper-1-full-text","label":"L-frame allocation and fairness modification","locator":"Section III","url":"https://www.researchgate.net/publication/251829226_SubCarrier_Allocation_using_Channel_Prediction_for_OFDMA_systems_based_on_IEEE_80216_Standard"},{"id":"anchor-paper-1-prediction","source_id":"source-paper-1-full-text","label":"Pilot-based Wiener channel prediction","locator":"Section IV and Equation 10","url":"https://www.researchgate.net/publication/251829226_SubCarrier_Allocation_using_Channel_Prediction_for_OFDMA_systems_based_on_IEEE_80216_Standard"},{"id":"anchor-paper-1-simulation","source_id":"source-paper-1-full-text","label":"Simulation model, parameters, and four comparison cases","locator":"Section V","url":"https://www.researchgate.net/publication/251829226_SubCarrier_Allocation_using_Channel_Prediction_for_OFDMA_systems_based_on_IEEE_80216_Standard"},{"id":"anchor-paper-1-results","source_id":"source-paper-1-full-text","label":"Rate-satisfaction and allocation-fairness results","locator":"Section V, Figures 2-3","url":"https://www.researchgate.net/publication/251829226_SubCarrier_Allocation_using_Channel_Prediction_for_OFDMA_systems_based_on_IEEE_80216_Standard"},{"id":"anchor-paper-1-conclusion","source_id":"source-paper-1-full-text","label":"Conclusions and stated scope","locator":"Section VI","url":"https://www.researchgate.net/publication/251829226_SubCarrier_Allocation_using_Channel_Prediction_for_OFDMA_systems_based_on_IEEE_80216_Standard"},{"id":"anchor-paper-1-publication","source_id":"source-paper-1-official","label":"Official publication metadata","locator":"DOI 10.1109/ICCES.2006.320475","url":"https://doi.org/10.1109/ICCES.2006.320475"},{"id":"anchor-paper-1-citation-search","source_id":"source-paper-1-citations","label":"Citation search attempted","locator":"Exact-title search, 2026-07-11; no verified count retrieved","url":"https://scholar.google.com/scholar?q=%22Sub-Carrier+Allocation+Using+Channel+Prediction+for+OFDMA+Systems%22"}],"nodes":[{"id":"paper-1","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Predictive multi-frame OFDMA allocation","summary":"An OFDMA scheduling algorithm that uses future channel predictions to allocate subcarriers jointly across several frames, evaluated in an IEEE 802.16 fixed-wireless simulation.","source_anchor_ids":["anchor-paper-1-problem","anchor-paper-1-publication"]},{"id":"paper-1-question","kind":"question","parent_id":"paper-1","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Does looking L frames ahead expose time-frequency opportunities that repeated one-frame allocation misses, while still meeting per-user rate constraints?","source_anchor_ids":["anchor-paper-1-problem"]},{"id":"paper-1-answer","kind":"contribution","parent_id":"paper-1","order":2,"epistemic_status":"source_asserted","title":"Central answer","summary":"Treat predicted subcarrier states over L frames as an enlarged L-by-N allocation domain, then schedule against that horizon rather than committing one frame at a time.","source_anchor_ids":["anchor-paper-1-allocation","anchor-paper-1-conclusion"]},{"id":"paper-1-scope","kind":"scope","parent_id":"paper-1","order":3,"epistemic_status":"explicitly_scoped","title":"System model and assumptions","summary":"The evaluated setting is a fixed IEEE 802.16 downlink with K users, N orthogonal subcarriers, minimum average rates, adaptive QAM, pilot observations, and channels slow enough to predict multiple frames ahead.","source_anchor_ids":["anchor-paper-1-system-model","anchor-paper-1-prediction"]},{"id":"paper-1-scope-allocation","kind":"definition","parent_id":"paper-1-scope","order":1,"epistemic_status":"defined","title":"Allocation variables and constraints","summary":"Binary assignment variables allocate each subcarrier in each scheduled frame to at most one user; the objective maximizes assigned bits while aggregate L-frame rates must meet each user's requirement.","source_anchor_ids":["anchor-paper-1-system-model"]},{"id":"paper-1-scope-independence","kind":"assumption","parent_id":"paper-1-scope","order":2,"epistemic_status":"assumed","title":"Time-frequency independence simplification","summary":"The formulation treats user/subcarrier states across frames as independent so the L-frame problem can be viewed as increasing the number of allocable subcarriers from N to L times N; the paper notes that correlation could instead be used to reduce complexity.","source_anchor_ids":["anchor-paper-1-system-model"]},{"id":"paper-1-method","kind":"method","parent_id":"paper-1","order":4,"epistemic_status":"algorithmically_specified","title":"Prediction-and-allocation pipeline","summary":"Pilot-derived channel estimates feed per-subcarrier Wiener predictors; predicted states then drive the constrained multi-frame allocator.","source_anchor_ids":["anchor-paper-1-allocation","anchor-paper-1-prediction"]},{"id":"paper-1-method-prediction","kind":"component","parent_id":"paper-1-method","order":1,"epistemic_status":"specified","title":"Channel predictor","summary":"A frequency-domain one-dimensional Wiener filter predicts future channel responses from p prior noisy pilot estimates; prediction may run at the base station or be distributed to subscriber stations.","source_anchor_ids":["anchor-paper-1-prediction"]},{"id":"paper-1-method-allocation","kind":"component","parent_id":"paper-1-method","order":2,"epistemic_status":"heuristic","title":"Constrained allocation","summary":"The instantiated allocator starts from an unconstrained throughput-maximizing assignment and adjusts allocations until user rate constraints are met; a comparison variant modifies the allocation to account for fairness.","source_anchor_ids":["anchor-paper-1-allocation"]},{"id":"paper-1-claims","kind":"claim_group","parent_id":"paper-1","order":5,"epistemic_status":"experimentally_evaluated","title":"Principal claims","summary":"The paper's main support is simulation evidence, not an optimality theorem or a deployed implementation.","source_anchor_ids":["anchor-paper-1-results"]},{"id":"paper-1-claim-rate","kind":"claim","parent_id":"paper-1-claims","order":1,"epistemic_status":"experimentally_supported","title":"More users meet target rates","summary":"In the reported 32-subcarrier experiments, ten-frame predictive allocation satisfies more users than repeated single-frame allocation, including when users outnumber subcarriers.","source_anchor_ids":["anchor-paper-1-results"]},{"id":"paper-1-claim-fairness","kind":"claim","parent_id":"paper-1-claims","order":2,"epistemic_status":"experimentally_supported","title":"Improved rate distribution","summary":"For the illustrated 8-subcarrier, 32-user case, single-frame allocation over-serves early users while under-serving others; the multi-frame scheme is reported to achieve a better balance between meeting targets and distributing rate.","source_anchor_ids":["anchor-paper-1-results"]},{"id":"paper-1-evidence","kind":"evidence_group","parent_id":"paper-1","order":6,"epistemic_status":"simulation_only","title":"Evidence","summary":"Four simulated variants compare one-frame and ten-frame horizons, each with the base allocator or fairness modification.","source_anchor_ids":["anchor-paper-1-simulation","anchor-paper-1-results"]},{"id":"paper-1-evidence-setup","kind":"evidence","parent_id":"paper-1-evidence","order":1,"epistemic_status":"documented","title":"Simulation configuration","summary":"The reported setup uses the SUI-5 fixed-wireless channel, ten predicted frames, a 50-tap predictor, QPSK/16-QAM/64-QAM, 20 dB average SNR, BER 10^-6, and equal user targets set to 80% of an idealized maximum-rate share.","source_anchor_ids":["anchor-paper-1-simulation"]},{"id":"paper-1-boundaries","kind":"limitation_group","parent_id":"paper-1","order":7,"epistemic_status":"material","title":"Boundaries and limitations","summary":"The results are conditional on predictable fixed-wireless channels and the chosen simulated allocator and traffic assumptions.","source_anchor_ids":["anchor-paper-1-prediction","anchor-paper-1-simulation"]},{"id":"paper-1-boundary-prediction","kind":"limitation","parent_id":"paper-1-boundaries","order":1,"epistemic_status":"explicitly_limited","title":"Prediction horizon","summary":"L is bounded by frame duration, Doppler behavior, and filter accuracy; prediction error or faster mobility can erase the look-ahead advantage.","source_anchor_ids":["anchor-paper-1-prediction"]},{"id":"paper-1-boundary-validation","kind":"limitation","parent_id":"paper-1-boundaries","order":2,"epistemic_status":"not_evaluated","title":"No deployment or robustness study","summary":"The paper reports simulation rather than a hardware or network implementation and does not establish robustness across other channel models, predictors, schedulers, workloads, or prediction-error regimes.","source_anchor_ids":["anchor-paper-1-simulation","anchor-paper-1-conclusion"]},{"id":"paper-1-artifacts","kind":"artifact","parent_id":"paper-1","order":8,"epistemic_status":"paper_available_no_reproduction_package","title":"Artifacts","summary":"A public author-uploaded paper and official DOI record are linked; no code, simulator configuration, raw data, or reproduction package was located in this audit.","source_anchor_ids":["anchor-paper-1-publication","anchor-paper-1-problem"]},{"id":"paper-1-scrutiny","kind":"scrutiny","parent_id":"paper-1","order":9,"epistemic_status":"peer_reviewed","title":"Scrutiny and lineage","summary":"The work appeared at ICCES 2006 and adapts an existing subcarrier allocator by adding a predicted time horizon; no independent reproduction, correction, or adversarial follow-up was located in this audit.","source_anchor_ids":["anchor-paper-1-publication","anchor-paper-1-allocation"]}],"relations":[{"id":"paper-1-relation-prediction-supports-answer","type":"supports","from_id":"paper-1-method-prediction","to_id":"paper-1-answer"},{"id":"paper-1-relation-allocation-realizes-answer","type":"realizes","from_id":"paper-1-method-allocation","to_id":"paper-1-answer"},{"id":"paper-1-relation-simulation-supports-rate","type":"supports","from_id":"paper-1-evidence-setup","to_id":"paper-1-claim-rate"},{"id":"paper-1-relation-simulation-supports-fairness","type":"supports","from_id":"paper-1-evidence-setup","to_id":"paper-1-claim-fairness"},{"id":"paper-1-relation-independence-qualifies-answer","type":"qualifies","from_id":"paper-1-scope-independence","to_id":"paper-1-answer"},{"id":"paper-1-relation-prediction-limits-claims","type":"qualifies","from_id":"paper-1-boundary-prediction","to_id":"paper-1-claims"},{"id":"paper-1-relation-validation-limits-claims","type":"qualifies","from_id":"paper-1-boundary-validation","to_id":"paper-1-claims"}],"assessment":{"id":"paper-1-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The paper specifies a model and reports comparative simulations with concrete parameters, but provides neither a proof of optimality nor deployment, robustness, or independent reproduction evidence.","basis_source_anchor_ids":["anchor-paper-1-system-model","anchor-paper-1-simulation","anchor-paper-1-results"]},{"id":"auditability","level":"high","rationale":"A public author-uploaded full-text route exposes the method and evidence, so auditability is high under this site's rubric; the binary file, local fixity, and reproduction materials were not obtained.","basis_source_anchor_ids":["anchor-paper-1-problem","anchor-paper-1-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship and official publication metadata are documented, but contributor roles, revision history, effort history, tool use, and artifact lineage are not.","basis_source_anchor_ids":["anchor-paper-1-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"The work has an official conference publication record; review reports, independent reproduction, and post-publication technical scrutiny were not located.","basis_source_anchor_ids":["anchor-paper-1-publication"]},{"id":"reception","level":"low","rationale":"A dated exact-title scholarly-web search did not yield a transparent verified citation count in this environment. Under the author's rule, zero located citations maps to low; this is not a claim that the paper has no citations.","basis_source_anchor_ids":["anchor-paper-1-citation-search"]},{"id":"contribution_significance","level":"medium","rationale":"The paper contributes a concrete predictive scheduling formulation and comparative evidence, but broader impact and generality are limited by the single simulated fixed-wireless setting.","basis_source_anchor_ids":["anchor-paper-1-problem","anchor-paper-1-results","anchor-paper-1-conclusion"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"Exact-title scholarly-web search; transparent index count unavailable","source":"Google Scholar query route plus general scholarly-web search","citation_count":0,"signals":[],"limitation":"Zero means no citations were verifiably located during this constrained search, not a total bibliometric count; author should replace it with a confirmed Google Scholar or other index snapshot."}},"paper_10":{"schema_version":"0.1","map_id":"paper-10-map","publication_id":10,"publication_anchor":"paper-10","slug":"paper-10","canonical_path":"/knowledge/papers/paper-10/","machine_path":"/knowledge/papers/paper-10.json","root_node_id":"paper-10","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["scheme"],"title":"Leveraging Social Contacts for Message Confidentiality in Delay Tolerant Networks","year":2009,"venue":"IEEE Computer Software and Applications Conference (COMPSAC)","topic":"privacy-identity","labels":["Theory"],"authors":["Karim Eldefrawy","John Solis","Gene Tsudik"],"keywords":["delay-tolerant networks","social trust","confidential messaging"],"research_question":"How can a delay-tolerant-network sender confidentially address a recipient when it shares no key with that recipient, does not know the recipient's public key, and cannot afford an online lookup or multi-round handshake?","central_answer":"Route independent pseudorandom masking keys through multiple entities socially affiliated with the recipient. Each affiliated entity translates its key material into a form the recipient can recover, and the recipient removes all masks. Gateways extend the construction across regions; when no affiliated entity is known, a weaker split-message method trades interception probability against delay. Simulations and a social-network sample assess feasibility under an honest-but-curious model.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, evidence linking, and initial assessment"}],"method":"Full-source audit of the checked-in author-hosted paper and official IEEE DOI record.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-drafted, source-linked map awaiting author verification before approval."}},"sources":[{"id":"source-paper-10-paper","type":"author_copy","title":"Leveraging Social Contacts for Message Confidentiality in Delay Tolerant Networks","url":"/pubs/2009/social-contacts-dtn-compsac2009.pdf","media_type":"application/pdf","sha256":"ed9c55eba1833234e909debc79fbddbdd180ea18c9f9f9d2df7e7bd997273973","page_count":9,"provenance_category":"author","version_note":"Author-hosted conference paper; local copy checked 2026-07-11."},{"id":"source-paper-10-author","type":"author_copy_origin","title":"Author-hosted PDF","url":"https://www.johnsolis.com/publications/dtn_compsac09.pdf"},{"id":"source-paper-10-official","type":"official_publication_record","title":"IEEE DOI record","url":"https://doi.org/10.1109/COMPSAC.2009.43"},{"id":"source-paper-10-citations","type":"citation_search","title":"Dated scholarly-web citation search","url":"https://scholar.google.com/scholar?q=%22Leveraging+Social+Contacts+for+Message+Confidentiality+in+Delay+Tolerant+Networks%22","version_note":"Search attempted 2026-07-11; no transparent citation count was retrievable in this environment."}],"source_anchors":[{"id":"anchor-paper-10-problem","source_id":"source-paper-10-paper","label":"Motivation, problem, and contribution","locator":"Abstract and Sections I-II, PDF pages 1-2","url":"/pubs/2009/social-contacts-dtn-compsac2009.pdf#page=1"},{"id":"anchor-paper-10-model","source_id":"source-paper-10-paper","label":"Network model and assumptions","locator":"Section III, PDF pages 2-3","url":"/pubs/2009/social-contacts-dtn-compsac2009.pdf#page=2"},{"id":"anchor-paper-10-intra","source_id":"source-paper-10-paper","label":"Affiliated-entity intra-region scheme","locator":"Section IV-A, PDF pages 3-4","url":"/pubs/2009/social-contacts-dtn-compsac2009.pdf#page=3"},{"id":"anchor-paper-10-poor","source_id":"source-paper-10-paper","label":"Fallback split-message approach","locator":"Section IV-B, PDF pages 4-5","url":"/pubs/2009/social-contacts-dtn-compsac2009.pdf#page=4"},{"id":"anchor-paper-10-inter","source_id":"source-paper-10-paper","label":"Inter-region gateway extension","locator":"Section V, PDF pages 5-6","url":"/pubs/2009/social-contacts-dtn-compsac2009.pdf#page=5"},{"id":"anchor-paper-10-simulation","source_id":"source-paper-10-paper","label":"ONE simulation design and interception results","locator":"Section VI-A and Tables II-III, PDF pages 6-7","url":"/pubs/2009/social-contacts-dtn-compsac2009.pdf#page=6"},{"id":"anchor-paper-10-social","source_id":"source-paper-10-paper","label":"Facebook social-reach sample","locator":"Section VI-B and Figures 2-3, PDF pages 7-8","url":"/pubs/2009/social-contacts-dtn-compsac2009.pdf#page=7"},{"id":"anchor-paper-10-security","source_id":"source-paper-10-paper","label":"Informal security analysis and limitations","locator":"Section VII, PDF pages 7-8","url":"/pubs/2009/social-contacts-dtn-compsac2009.pdf#page=7"},{"id":"anchor-paper-10-conclusion","source_id":"source-paper-10-paper","label":"Conclusion and future work","locator":"Section IX, PDF page 8","url":"/pubs/2009/social-contacts-dtn-compsac2009.pdf#page=8"},{"id":"anchor-paper-10-provenance","source_id":"source-paper-10-author","label":"Author-copy provenance","locator":"Public author-hosted PDF","url":"https://www.johnsolis.com/publications/dtn_compsac09.pdf"},{"id":"anchor-paper-10-publication","source_id":"source-paper-10-official","label":"Official publication metadata","locator":"DOI 10.1109/COMPSAC.2009.43","url":"https://doi.org/10.1109/COMPSAC.2009.43"},{"id":"anchor-paper-10-citation-search","source_id":"source-paper-10-citations","label":"Citation search attempted","locator":"Exact-title search, 2026-07-11; no verified count retrieved","url":"https://scholar.google.com/scholar?q=%22Leveraging+Social+Contacts+for+Message+Confidentiality+in+Delay+Tolerant+Networks%22"}],"nodes":[{"id":"paper-10","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Leveraging Social Contacts for Message Confidentiality in DTNs","summary":"A confidential-messaging scheme that substitutes recipient-affiliated intermediaries for unavailable end-to-end key discovery in intermittently connected networks.","source_anchor_ids":["anchor-paper-10-problem","anchor-paper-10-publication"]},{"id":"paper-10-question","kind":"question","parent_id":"paper-10","order":1,"epistemic_status":"research_question","title":"Research question","summary":"How can a sender encrypt its first message to a recipient with no shared security context and no dependable online infrastructure?","source_anchor_ids":["anchor-paper-10-problem"]},{"id":"paper-10-answer","kind":"contribution","parent_id":"paper-10","order":2,"epistemic_status":"proposed_and_simulated","title":"Central answer","summary":"Use two or more socially affiliated entities as independent key-translation points, so only the destination can combine all pseudorandom masks and recover the message.","source_anchor_ids":["anchor-paper-10-intra","anchor-paper-10-simulation"]},{"id":"paper-10-model","kind":"model","parent_id":"paper-10","order":3,"epistemic_status":"explicitly_scoped","title":"Regional DTN model","summary":"Mobile nodes communicate opportunistically within regions; fixed gateways connect regions. Nodes know keys for selected affiliated entities, and those entities are assumed to know or share a key with the destination.","source_anchor_ids":["anchor-paper-10-model","anchor-paper-10-intra"]},{"id":"paper-10-intra","kind":"scheme","parent_id":"paper-10","order":4,"epistemic_status":"specified","title":"Intra-region affiliated-entity scheme","summary":"The sender XOR-masks the message with PRF outputs under independent seeds and encrypts one seed to each AE. AEs re-encrypt their seed for the destination; AE traversal order may vary and replicated paths may collectively visit all AEs.","source_anchor_ids":["anchor-paper-10-intra"]},{"id":"paper-10-inter","kind":"scheme","parent_id":"paper-10","order":5,"epistemic_status":"specified","title":"Inter-region extension","summary":"Source- and destination-region gateways translate an additional masking seed between regional trust domains, providing a second layer when only one ordinary AE is available.","source_anchor_ids":["anchor-paper-10-inter"]},{"id":"paper-10-poor","kind":"fallback","parent_id":"paper-10","order":6,"epistemic_status":"heuristic","title":"Poor Man's Approach","summary":"If no AE is known, the sender separates ciphertext and key shares across different routes and delays. Confidentiality is probabilistic: any intermediary that gathers all components recovers the message.","source_anchor_ids":["anchor-paper-10-poor"]},{"id":"paper-10-threat","kind":"threat_model","parent_id":"paper-10","order":7,"epistemic_status":"explicitly_scoped","title":"Honest-but-curious intermediaries","summary":"Nodes follow routing behavior but may retain and correlate messages beyond TTL. Active modification, dropping, and origin authentication are outside the primary model; AE collusion is the central confidentiality threat.","source_anchor_ids":["anchor-paper-10-security"]},{"id":"paper-10-evidence","kind":"evidence_group","parent_id":"paper-10","order":8,"epistemic_status":"simulation_and_observational_sample","title":"Feasibility evidence","summary":"ONE simulations model 250 pedestrians on a Helsinki map with epidemic routing, while samples of 870 Orange County and 900 Egypt Facebook users estimate friend/friend-of-friend reach.","source_anchor_ids":["anchor-paper-10-simulation","anchor-paper-10-social"]},{"id":"paper-10-result","kind":"result","parent_id":"paper-10-evidence","order":1,"epistemic_status":"simulation_supported","title":"Delay, path length, and interception","summary":"For the fallback scheme, longer intra-region separation lowers measured interception but raises latency; in inter-region runs, more hops increase exposure and retained copies weaken the benefit of delay.","source_anchor_ids":["anchor-paper-10-simulation"]},{"id":"paper-10-social-result","kind":"result","parent_id":"paper-10-evidence","order":2,"epistemic_status":"observational_sample","title":"Social reach","summary":"The sampled public profiles suggest that tens to hundreds of direct contacts can expose thousands of friends-of-friends, but closed profiles are omitted and the two convenience samples do not establish a general population distribution.","source_anchor_ids":["anchor-paper-10-social"]},{"id":"paper-10-boundaries","kind":"limitation_group","parent_id":"paper-10","order":9,"epistemic_status":"material","title":"Security and scalability boundaries","summary":"Security is informal; multiple AEs must not collude, the sender must know their keys, and each AE must know the destination key. The paper itself flags the latter assumption as potentially unscalable and leaves formal analysis for future work.","source_anchor_ids":["anchor-paper-10-security","anchor-paper-10-conclusion"]},{"id":"paper-10-artifacts","kind":"artifact","parent_id":"paper-10","order":10,"epistemic_status":"paper_available_no_code","title":"Artifacts","summary":"A fixed author copy is available locally; ONE configurations, simulation outputs, and the historical social-network sample were not located.","source_anchor_ids":["anchor-paper-10-simulation","anchor-paper-10-social","anchor-paper-10-provenance"]},{"id":"paper-10-scrutiny","kind":"scrutiny","parent_id":"paper-10","order":11,"epistemic_status":"peer_reviewed","title":"Scrutiny","summary":"The work appeared at IEEE COMPSAC 2009 and explicitly labels its security assessment preliminary and informal; independent reproduction was not located.","source_anchor_ids":["anchor-paper-10-security","anchor-paper-10-publication"]}],"relations":[{"id":"paper-10-relation-model-frames-question","type":"contextualizes","from_id":"paper-10-model","to_id":"paper-10-question"},{"id":"paper-10-relation-intra-realizes-answer","type":"realizes","from_id":"paper-10-intra","to_id":"paper-10-answer"},{"id":"paper-10-relation-inter-extends-intra","type":"extends","from_id":"paper-10-inter","to_id":"paper-10-intra"},{"id":"paper-10-relation-poor-fallback","type":"alternative_to","from_id":"paper-10-poor","to_id":"paper-10-intra"},{"id":"paper-10-relation-threat-qualifies-answer","type":"qualifies","from_id":"paper-10-threat","to_id":"paper-10-answer"},{"id":"paper-10-relation-evidence-evaluates-answer","type":"evaluates","from_id":"paper-10-evidence","to_id":"paper-10-answer"},{"id":"paper-10-relation-boundaries-qualify-answer","type":"qualifies","from_id":"paper-10-boundaries","to_id":"paper-10-answer"}],"assessment":{"id":"paper-10-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The schemes are specified and evaluated with DTN simulations and a social-network sample, but the security analysis is explicitly informal and the key/collusion assumptions are not experimentally validated.","basis_source_anchor_ids":["anchor-paper-10-intra","anchor-paper-10-inter","anchor-paper-10-simulation","anchor-paper-10-security"]},{"id":"auditability","level":"high","rationale":"A fixed author-hosted full text is checked in with page count and hash, making the constructions, evaluation, and stated limitations directly inspectable.","basis_source_anchor_ids":["anchor-paper-10-provenance","anchor-paper-10-intra","anchor-paper-10-simulation","anchor-paper-10-security"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, author-copy provenance, official metadata, and simulation parameters are documented; roles, revision history, and artifact lineage are not.","basis_source_anchor_ids":["anchor-paper-10-simulation","anchor-paper-10-provenance","anchor-paper-10-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"The paper has an official full-conference publication record; no public reviews, formal verification, or independent reproduction was located.","basis_source_anchor_ids":["anchor-paper-10-publication"]},{"id":"reception","level":"low","rationale":"No citations were verifiably located in the constrained dated search. Under the author's 0-8 rule this is low, but it is not a claim that the paper has no citations.","basis_source_anchor_ids":["anchor-paper-10-citation-search"]},{"id":"contribution_significance","level":"medium","rationale":"The paper offers a concrete way to bootstrap confidentiality from social structure and studies its operational tradeoffs, but collusion and destination-key scalability constrain the supported claim.","basis_source_anchor_ids":["anchor-paper-10-problem","anchor-paper-10-intra","anchor-paper-10-simulation","anchor-paper-10-security"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"Exact-title scholarly-web search; transparent index count unavailable","source":"Google Scholar query route plus general scholarly-web search","citation_count":0,"signals":[],"limitation":"Zero means no citations were verifiably located during this constrained search, not a total bibliometric count; author should replace it with a confirmed index snapshot."}},"paper_11":{"schema_version":"0.1","map_id":"paper-11-map","publication_id":11,"publication_anchor":"paper-11","slug":"paper-11","canonical_path":"/knowledge/papers/paper-11/","machine_path":"/knowledge/papers/paper-11.json","root_node_id":"paper-11","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":[],"title":"Link-Layer Encryption Effect on Achievable Capacity in Wireless Network Coding","year":2010,"venue":"IEEE INFOCOM Workshops","topic":"algorithms-foundations","labels":["Theory"],"authors":["Claude Castelluccia","Karim Eldefrawy","Gene Tsudik"],"keywords":["network coding","link-layer encryption","wireless capacity"],"research_question":"Under a probabilistic wireless-network model, how does partitioning neighbors into link-layer encryption groups change the multicast capacity achievable through wireless network coding?","central_answer":"The analysis places high-probability bounds around the relevant cuts and shows that encryption-group membership thins usable overhearing links. Encryption among relays can preserve much of the coding benefit when the source cut remains rich, whereas encrypting source-neighbor links can directly reduce the bottleneck capacity.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, claim decomposition, evidence linking, and initial assessment"}],"method":"Source-grounded review of the complete checked-in paper, its publisher record, and a dated scholarly-index search. Theorems are summarized conditionally rather than independently re-proved.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source-linked map awaiting author verification; technical summaries and ratings may be revised before approval."}},"sources":[{"id":"source-paper-11-paper","type":"scholarly_article","title":"Link-Layer Encryption Effect on Achievable Capacity in Wireless Network Coding","url":"/pubs/2010/link-layer-encryption-network-coding-infocomw2010.pdf","media_type":"application/pdf","sha256":"2f27222fc38f8d39184f2174fc9b3fa9bd8f03c43fce827b9cbf5c829c9d4ac2","page_count":5,"provenance_category":"author","retrieved_at":"2026-07-11","retrieved_from_url":"https://archimedes-12-vagrant.ics.uci.edu/pubs/karim-wireless-net-code-ll-enc.pdf"},{"id":"source-paper-11-official","type":"publication_record","title":"IEEE INFOCOM Workshops publisher record","url":"https://doi.org/10.1109/INFCOMW.2010.5466615"},{"id":"source-paper-11-citations","type":"citation_index_search","title":"Dated targeted scholarly-index search","url":"https://scholar.google.com/scholar?q=%22Link-Layer+Encryption+Effect+on+Achievable+Capacity+in+Wireless+Network+Coding%22","retrieved_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-11-question","source_id":"source-paper-11-paper","label":"Problem, motivation, and contribution","locator":"Abstract and Section I, PDF page 1","url":"/pubs/2010/link-layer-encryption-network-coding-infocomw2010.pdf#page=1"},{"id":"anchor-paper-11-context","source_id":"source-paper-11-paper","label":"Wireless network coding and link-layer encryption interaction","locator":"Section II, PDF pages 1-2","url":"/pubs/2010/link-layer-encryption-network-coding-infocomw2010.pdf#page=1"},{"id":"anchor-paper-11-model","source_id":"source-paper-11-paper","label":"Graph, encryption-group, and connectivity model","locator":"Sections III-IV.B, PDF page 3","url":"/pubs/2010/link-layer-encryption-network-coding-infocomw2010.pdf#page=3"},{"id":"anchor-paper-11-theorem-one","source_id":"source-paper-11-paper","label":"Cut-capacity concentration bound","locator":"Section IV.C, Theorem 1, PDF page 4","url":"/pubs/2010/link-layer-encryption-network-coding-infocomw2010.pdf#page=4"},{"id":"anchor-paper-11-theorem-two","source_id":"source-paper-11-paper","label":"High-probability bounds on achievable multicast capacity","locator":"Section IV.C, Theorem 2, PDF pages 4-5","url":"/pubs/2010/link-layer-encryption-network-coding-infocomw2010.pdf#page=4"},{"id":"anchor-paper-11-implications","source_id":"source-paper-11-paper","label":"Placement implications and explicit open issues","locator":"Sections IV.C-V, PDF page 5","url":"/pubs/2010/link-layer-encryption-network-coding-infocomw2010.pdf#page=5"},{"id":"anchor-paper-11-publication","source_id":"source-paper-11-official","label":"Official workshop publication record","locator":"IEEE INFOCOM Workshops 2010, DOI record","url":"https://doi.org/10.1109/INFCOMW.2010.5466615"},{"id":"anchor-paper-11-citations","source_id":"source-paper-11-citations","label":"Citation search snapshot","locator":"Targeted exact-title search performed 2026-07-11; no stable attributable citation count was located. This is a search result, not evidence that the paper has never been cited.","url":"https://scholar.google.com/scholar?q=%22Link-Layer+Encryption+Effect+on+Achievable+Capacity+in+Wireless+Network+Coding%22"}],"nodes":[{"id":"paper-11","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Link-layer encryption and coded-wireless capacity","summary":"A model-based study of how encryption groups constrain the broadcast overhearing on which wireless network coding relies.","source_anchor_ids":["anchor-paper-11-question"]},{"id":"paper-11-question","kind":"question","parent_id":"paper-11","order":1,"epistemic_status":"research_question","title":"Research question","summary":"How much multicast capacity is lost when nodes can code only across transmissions visible inside their link-layer encryption groups?","source_anchor_ids":["anchor-paper-11-question","anchor-paper-11-context"]},{"id":"paper-11-answer","kind":"contribution","parent_id":"paper-11","order":2,"epistemic_status":"source_asserted","title":"Central answer","summary":"Encryption probabilistically removes usable overhearing relationships and can reduce the minimum cut; the most damaging placement is at the source-side cut, while encryption among relays may retain the coding benefit under the model's connectivity conditions.","source_anchor_ids":["anchor-paper-11-theorem-two","anchor-paper-11-implications"]},{"id":"paper-11-scope","kind":"scope","parent_id":"paper-11","order":3,"epistemic_status":"explicitly_scoped","title":"Network and security scope","summary":"The paper studies single-source multicast on a quasi-random wireless graph with bidirectional unit-capacity links and probabilistic physical and encryption-group connectivity.","source_anchor_ids":["anchor-paper-11-model"]},{"id":"paper-11-scope-security","kind":"assumption","parent_id":"paper-11-scope","order":1,"epistemic_status":"assumed","title":"Encryption-group visibility","summary":"A transmission is usable by network coding only among neighbors sharing the relevant link-layer key group; the analysis abstracts away concrete key-establishment and cipher details.","source_anchor_ids":["anchor-paper-11-context","anchor-paper-11-model"]},{"id":"paper-11-scope-network","kind":"assumption","parent_id":"paper-11-scope","order":2,"epistemic_status":"assumed","title":"Random connectivity model","summary":"Physical adjacency and encryption-group membership are represented by fixed probabilities, with independence assumptions that enable concentration bounds.","source_anchor_ids":["anchor-paper-11-model","anchor-paper-11-theorem-one"]},{"id":"paper-11-method","kind":"method","parent_id":"paper-11","order":4,"epistemic_status":"analytic","title":"Cut-based probabilistic analysis","summary":"The method converts link-layer-secure wireless coding into a random graph and bounds source-to-terminal cuts using lower-tail concentration and an explicit source-cut upper bound.","source_anchor_ids":["anchor-paper-11-model","anchor-paper-11-theorem-one","anchor-paper-11-theorem-two"]},{"id":"paper-11-claim-concentration","kind":"formal_claim","parent_id":"paper-11","order":5,"epistemic_status":"theorem_in_source","title":"Cut-capacity concentration","summary":"Theorem 1 lower-bounds the probability that a fixed cut's random capacity does not fall substantially below its expectation, conditional on the paper's model and independence assumptions.","source_anchor_ids":["anchor-paper-11-theorem-one"]},{"id":"paper-11-claim-capacity","kind":"formal_claim","parent_id":"paper-11","order":6,"epistemic_status":"theorem_in_source","title":"Achievable-capacity interval","summary":"Theorem 2 places the minimum-cut—and therefore the multicast rate available to network coding—between high-probability lower and source-cut upper bounds in the stated random topology.","source_anchor_ids":["anchor-paper-11-theorem-two"]},{"id":"paper-11-evidence","kind":"evidence_group","parent_id":"paper-11","order":7,"epistemic_status":"analytic_derivation","title":"Evidence and proof path","summary":"Support consists of the random-graph construction, cut expectations, concentration reasoning, and source-cut comparison. The paper does not report an implementation, testbed, or simulation validating the model.","source_anchor_ids":["anchor-paper-11-model","anchor-paper-11-theorem-one","anchor-paper-11-theorem-two"]},{"id":"paper-11-interpretation","kind":"implication","parent_id":"paper-11","order":8,"epistemic_status":"source_interpretation","title":"Design implication","summary":"Protecting relay-to-relay traffic can limit exposed traffic patterns without necessarily destroying coded throughput, but reducing source-neighbor visibility can make the source cut the bottleneck.","source_anchor_ids":["anchor-paper-11-implications"]},{"id":"paper-11-limitations","kind":"limitation_group","parent_id":"paper-11","order":9,"epistemic_status":"explicitly_reported","title":"Boundaries and open problems","summary":"The paper assumes uniform fixed probabilities, omits interference and fading, and restricts itself to single-source multicast; heterogeneous keying and other traffic patterns remain open.","source_anchor_ids":["anchor-paper-11-implications"]},{"id":"paper-11-artifacts","kind":"artifact_group","parent_id":"paper-11","order":10,"epistemic_status":"paper_only","title":"Artifacts","summary":"The auditable artifact located for this map is the five-page author-hosted paper; no code, dataset, or experiment artifact is claimed.","source_anchor_ids":["anchor-paper-11-question"]},{"id":"paper-11-scrutiny","kind":"scrutiny","parent_id":"paper-11","order":11,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The work appeared in IEEE INFOCOM Workshops. Review reports, corrections, and an independent reproduction of the bounds were not located in this audit.","source_anchor_ids":["anchor-paper-11-publication"]},{"id":"paper-11-lineage","kind":"lineage","parent_id":"paper-11","order":12,"epistemic_status":"documented_in_source","title":"Research lineage","summary":"The paper connects two previously separate design concerns—traffic-analysis resistance from link-layer encryption and throughput gains from wireless network coding—and frames their interaction as a capacity tradeoff.","source_anchor_ids":["anchor-paper-11-question","anchor-paper-11-context"]}],"relations":[{"id":"paper-11-relation-method-supports-concentration","type":"supports","from_id":"paper-11-method","to_id":"paper-11-claim-concentration"},{"id":"paper-11-relation-concentration-supports-capacity","type":"supports","from_id":"paper-11-claim-concentration","to_id":"paper-11-claim-capacity"},{"id":"paper-11-relation-capacity-supports-answer","type":"supports","from_id":"paper-11-claim-capacity","to_id":"paper-11-answer"},{"id":"paper-11-relation-scope-qualifies-capacity","type":"qualifies","from_id":"paper-11-scope-network","to_id":"paper-11-claim-capacity"},{"id":"paper-11-relation-limitations-qualify-answer","type":"qualifies","from_id":"paper-11-limitations","to_id":"paper-11-answer"},{"id":"paper-11-relation-claim-motivates-interpretation","type":"motivates","from_id":"paper-11-claim-capacity","to_id":"paper-11-interpretation"}],"assessment":{"id":"paper-11-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"Two theorem-level probabilistic bounds and their derivations support the result within an explicit model, but the model is simplified and no simulation, testbed, or independent re-derivation is included.","basis_source_anchor_ids":["anchor-paper-11-model","anchor-paper-11-theorem-one","anchor-paper-11-theorem-two","anchor-paper-11-implications"]},{"id":"auditability","level":"high","rationale":"A complete author-hosted paper is checked into the site with its source route, page count, and SHA-256 identity recorded; assumptions and derivations are directly inspectable. No executable artifact or independent reproduction is available.","basis_source_anchor_ids":["anchor-paper-11-question","anchor-paper-11-theorem-two"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship and a formal publication record establish baseline provenance. Contributor roles, drafting history, artifact lineage, and tool use are not documented in the audited sources.","basis_source_anchor_ids":["anchor-paper-11-question","anchor-paper-11-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"Publication at IEEE INFOCOM Workshops indicates venue scrutiny, but review reports, corrections, independent proof checking, and replication were not located.","basis_source_anchor_ids":["anchor-paper-11-publication"]},{"id":"reception","level":"low","rationale":"The dated targeted search did not expose a stable count attributable to this exact paper. Under the map's reception rubric, zero located citations falls in the low band; this does not assert that the paper has never been cited.","basis_source_anchor_ids":["anchor-paper-11-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The work formalizes a concrete and underexplored security-throughput interaction, but its scope is a simplified single-source multicast model and field-level impact is not established by this audit.","basis_source_anchor_ids":["anchor-paper-11-question","anchor-paper-11-theorem-two","anchor-paper-11-implications"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"targeted_exact_title_scholarly_index_search","citation_count":0,"source":"Google Scholar exact-title query and general scholarly web search","signals":[],"limitation":"No stable citation count attributable to the exact paper was surfaced. The value records citations located by this audit, not a claim of zero lifetime citations; index coverage and version matching may differ."}},"paper_12":{"schema_version":"0.1","map_id":"paper-12-map","publication_id":12,"publication_anchor":"paper-12","slug":"paper-12","canonical_path":"/knowledge/papers/paper-12/","machine_path":"/knowledge/papers/paper-12.json","root_node_id":"paper-12","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":[],"title":"Attacks on Physical-Layer Identification","year":2010,"venue":"ACM Conference on Wireless Network Security (WiSec)","topic":"privacy-identity","labels":["Applied"],"authors":["Boris Danev","Heinrich Luecken","Srdjan Čapkun","Karim Eldefrawy"],"keywords":["device fingerprinting","physical-layer security","impersonation"],"research_question":"Can an attacker impersonate an enrolled wireless device by reproducing either the selected radio-frequency features used by a fingerprinter or the target's complete captured waveform?","central_answer":"In the evaluated laboratory settings, feature manipulation and radio-frequency replay make modulation-based fingerprints highly forgeable, while transient fingerprints can be replayed accurately over a cable but are harder to capture and reproduce over the air because antenna and channel effects alter the signal.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, experiment decomposition, evidence linking, and initial assessment"}],"method":"Source-grounded review of the complete checked-in paper, its institutional and publisher records, and a dated ResearchGate citation snapshot. Reported measurements were inspected but not independently reproduced.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source-linked map awaiting author verification; technical summaries and ratings may be revised before approval."}},"sources":[{"id":"source-paper-12-paper","type":"scholarly_article","title":"Attacks on Physical-Layer Identification","url":"/pubs/2010/physical-layer-identification-wisec2010.pdf","media_type":"application/pdf","sha256":"c1d64593f5d41d0fe9cc8af5f857f5547ca2f3b243d2c95283fd0d07c49f1cbb","page_count":10,"provenance_category":"author","retrieved_at":"2026-07-11","retrieved_from_url":"https://web.archive.org/web/20120120122917id_/http://www.syssec.ethz.ch/research/wisec10-attks.pdf"},{"id":"source-paper-12-official","type":"publication_record","title":"ACM WiSec 2010 publisher record","url":"https://doi.org/10.1145/1741866.1741882"},{"id":"source-paper-12-institutional","type":"institutional_record","title":"ETH Research Collection record","url":"https://www.research-collection.ethz.ch/handle/20.500.11850/20502"},{"id":"source-paper-12-citations","type":"citation_index_snapshot","title":"ResearchGate citation snapshot","url":"https://www.researchgate.net/publication/221551483_Attacks_on_physical-layer_identification","retrieved_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-12-question","source_id":"source-paper-12-paper","label":"Problem, attack classes, and contribution","locator":"Abstract and Section 1, PDF page 1","url":"/pubs/2010/physical-layer-identification-wisec2010.pdf#page=1"},{"id":"anchor-paper-12-model","source_id":"source-paper-12-paper","label":"Identification system and attacker knowledge","locator":"Section 2, PDF pages 2-3","url":"/pubs/2010/physical-layer-identification-wisec2010.pdf#page=2"},{"id":"anchor-paper-12-feature-replay","source_id":"source-paper-12-paper","label":"Modulation-feature replay design and implementation","locator":"Section 3, PDF pages 3-5","url":"/pubs/2010/physical-layer-identification-wisec2010.pdf#page=3"},{"id":"anchor-paper-12-signal-replay","source_id":"source-paper-12-paper","label":"Whole-signal replay and measurement setup","locator":"Section 4, PDF page 5","url":"/pubs/2010/physical-layer-identification-wisec2010.pdf#page=5"},{"id":"anchor-paper-12-modulation-results","source_id":"source-paper-12-paper","label":"Modulation-fingerprint attack results","locator":"Section 5.1 and Tables 1-4, PDF pages 6 and 8","url":"/pubs/2010/physical-layer-identification-wisec2010.pdf#page=6"},{"id":"anchor-paper-12-transient-results","source_id":"source-paper-12-paper","label":"Transient-fingerprint replay results","locator":"Section 5.2, PDF page 7","url":"/pubs/2010/physical-layer-identification-wisec2010.pdf#page=7"},{"id":"anchor-paper-12-limitations","source_id":"source-paper-12-paper","label":"Application implications, limitations, and open defenses","locator":"Sections 6 and 8, PDF pages 8-9","url":"/pubs/2010/physical-layer-identification-wisec2010.pdf#page=8"},{"id":"anchor-paper-12-publication","source_id":"source-paper-12-official","label":"Official peer-reviewed publication record","locator":"ACM WiSec 2010, DOI record","url":"https://doi.org/10.1145/1741866.1741882"},{"id":"anchor-paper-12-institutional","source_id":"source-paper-12-institutional","label":"Institutional metadata and preserved full text","locator":"ETH Research Collection, handle 20.500.11850/20502","url":"https://www.research-collection.ethz.ch/handle/20.500.11850/20502"},{"id":"anchor-paper-12-citations","source_id":"source-paper-12-citations","label":"Citation-count snapshot","locator":"ResearchGate displayed Citations (250), observed 2026-07-11; coverage and version merging may differ from other indexes.","url":"https://www.researchgate.net/publication/221551483_Attacks_on_physical-layer_identification"}],"nodes":[{"id":"paper-12","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Attacks on physical-layer identification","summary":"An experimental security study showing that radio fingerprints treated as device identities can be imitated with feature-level or whole-waveform replay.","source_anchor_ids":["anchor-paper-12-question"]},{"id":"paper-12-question","kind":"question","parent_id":"paper-12","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Do modulation and turn-on-transient fingerprints remain reliable identifiers when the transmitter is actively trying to impersonate an enrolled device?","source_anchor_ids":["anchor-paper-12-question","anchor-paper-12-model"]},{"id":"paper-12-answer","kind":"contribution","parent_id":"paper-12","order":2,"epistemic_status":"experimentally_supported","title":"Central answer","summary":"The tested modulation features are reproducible with high success, and even transient signals are replayable under controlled acquisition; channel-dependent capture makes the over-air transient attack more demanding, not categorically impossible.","source_anchor_ids":["anchor-paper-12-modulation-results","anchor-paper-12-transient-results"]},{"id":"paper-12-scope","kind":"scope","parent_id":"paper-12","order":3,"epistemic_status":"explicitly_scoped","title":"System and adversary model","summary":"A fingerprinter stores reference fingerprints for enrolled devices and returns only accept or reject; the attacker's objective is to transmit frames classified as a target.","source_anchor_ids":["anchor-paper-12-model"]},{"id":"paper-12-adversary-feature","kind":"threat_model","parent_id":"paper-12-scope","order":1,"epistemic_status":"defined","title":"Feature-replay attacker","summary":"The feature attacker knows the features, extraction, matching, and decision procedure and can modify relevant radio parameters before transmission.","source_anchor_ids":["anchor-paper-12-model","anchor-paper-12-feature-replay"]},{"id":"paper-12-adversary-signal","kind":"threat_model","parent_id":"paper-12-scope","order":2,"epistemic_status":"defined","title":"Signal-replay attacker","summary":"The signal attacker records and retransmits a target waveform without needing the internal fingerprint definition, but success depends on acquisition and replay fidelity.","source_anchor_ids":["anchor-paper-12-model","anchor-paper-12-signal-replay"]},{"id":"paper-12-method","kind":"method","parent_id":"paper-12","order":4,"epistemic_status":"implemented","title":"Attack implementation","summary":"The study manipulates three modulation features on software-defined radios and separately captures and retransmits complete RF frames with laboratory instrumentation.","source_anchor_ids":["anchor-paper-12-feature-replay","anchor-paper-12-signal-replay"]},{"id":"paper-12-method-setup","kind":"implementation","parent_id":"paper-12-method","order":1,"epistemic_status":"documented","title":"Hardware and evaluation setup","summary":"Three USRPs act as genuine devices, another USRP as an attacker, an Agilent analyzer as fingerprinter, and a Tektronix AWG7000B as a high-fidelity replay attacker.","source_anchor_ids":["anchor-paper-12-feature-replay","anchor-paper-12-signal-replay"]},{"id":"paper-12-evidence-modulation","kind":"empirical_evidence","parent_id":"paper-12","order":5,"epistemic_status":"measured","title":"Modulation-fingerprint results","summary":"With 80 frames per device, four-fold cross-validation, and threshold plus classifier tests, replaying frequency, I/Q-origin, and phase features achieved near-target distributions; reported 5-NN and SVM classification reached 100% in the tested cases.","source_anchor_ids":["anchor-paper-12-modulation-results"]},{"id":"paper-12-evidence-signal","kind":"empirical_evidence","parent_id":"paper-12","order":6,"epistemic_status":"measured","title":"Whole-signal replay results","summary":"For modulation fingerprints, RF-replayed frames become nearly indistinguishable from genuine frames under the chosen similarity measure.","source_anchor_ids":["anchor-paper-12-modulation-results"]},{"id":"paper-12-evidence-transient","kind":"empirical_evidence","parent_id":"paper-12","order":7,"epistemic_status":"measured_with_boundary","title":"Transient-fingerprint boundary","summary":"Transient waveforms from three Tmote Sky devices were reproduced accurately over a cable; attempts from a changed over-air location failed because the channel and antennas altered the captured signal.","source_anchor_ids":["anchor-paper-12-transient-results"]},{"id":"paper-12-implication","kind":"implication","parent_id":"paper-12","order":8,"epistemic_status":"source_interpretation","title":"Security implication","summary":"Physical-layer fingerprints alone should not authorize access in adversarial settings; they require additional authentication or replay-detection measures.","source_anchor_ids":["anchor-paper-12-limitations"]},{"id":"paper-12-limitations","kind":"limitation_group","parent_id":"paper-12","order":9,"epistemic_status":"explicitly_reported","title":"Limitations and transfer boundary","summary":"The device sample is small, equipment is specialized, and outcomes depend on feature choice, classifier, threshold, antenna, channel, and attacker placement; transfer to commodity Wi-Fi hardware was left for future work.","source_anchor_ids":["anchor-paper-12-limitations"]},{"id":"paper-12-artifacts","kind":"artifact_group","parent_id":"paper-12","order":10,"epistemic_status":"paper_and_measurements_described","title":"Artifacts","summary":"The paper fully describes equipment, sample counts, features, and evaluation metrics, but this audit did not locate released waveforms, analysis code, or hardware-control scripts.","source_anchor_ids":["anchor-paper-12-feature-replay","anchor-paper-12-modulation-results"]},{"id":"paper-12-scrutiny","kind":"scrutiny","parent_id":"paper-12","order":11,"epistemic_status":"venue_reviewed","title":"External scrutiny and reception","summary":"The work appeared at ACM WiSec and has a substantial ResearchGate citation trail; this map did not inspect each citing context or locate an independent experimental replication.","source_anchor_ids":["anchor-paper-12-publication","anchor-paper-12-citations"]},{"id":"paper-12-lineage","kind":"lineage","parent_id":"paper-12","order":12,"epistemic_status":"source_asserted_and_reception_supported","title":"Research lineage","summary":"The paper reframes radio fingerprinting from a passive classification problem into an active-adversary authentication problem and supplies concrete attack semantics and measurements.","source_anchor_ids":["anchor-paper-12-question","anchor-paper-12-citations"]}],"relations":[{"id":"paper-12-relation-method-supports-modulation","type":"supports","from_id":"paper-12-method","to_id":"paper-12-evidence-modulation"},{"id":"paper-12-relation-modulation-supports-answer","type":"supports","from_id":"paper-12-evidence-modulation","to_id":"paper-12-answer"},{"id":"paper-12-relation-signal-supports-answer","type":"supports","from_id":"paper-12-evidence-signal","to_id":"paper-12-answer"},{"id":"paper-12-relation-transient-qualifies-answer","type":"qualifies","from_id":"paper-12-evidence-transient","to_id":"paper-12-answer"},{"id":"paper-12-relation-limitations-qualify-answer","type":"qualifies","from_id":"paper-12-limitations","to_id":"paper-12-answer"},{"id":"paper-12-relation-answer-motivates-implication","type":"motivates","from_id":"paper-12-answer","to_id":"paper-12-implication"}],"assessment":{"id":"paper-12-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The paper implements two attack classes and reports controlled measurements with documented equipment, samples, metrics, and classifiers. The device sample and deployment conditions are narrow, raw data and code were not located, and no independent reproduction was audited.","basis_source_anchor_ids":["anchor-paper-12-feature-replay","anchor-paper-12-signal-replay","anchor-paper-12-modulation-results","anchor-paper-12-transient-results"]},{"id":"auditability","level":"high","rationale":"A complete author/institutional copy is checked into the site with source route, page count, and SHA-256 identity. Experimental design and reported results are inspectable, although raw measurements and scripts are unavailable.","basis_source_anchor_ids":["anchor-paper-12-institutional","anchor-paper-12-modulation-results"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, institutional preservation, and the publication record provide baseline provenance. Contributor roles, data lineage, laboratory logs, and revision history are not documented in the map.","basis_source_anchor_ids":["anchor-paper-12-question","anchor-paper-12-institutional","anchor-paper-12-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"Publication at ACM WiSec provides venue scrutiny and later citations show continued attention, but this audit did not locate review reports, corrections, or an independent reproduction of the experiments.","basis_source_anchor_ids":["anchor-paper-12-publication","anchor-paper-12-citations"]},{"id":"reception","level":"high","rationale":"ResearchGate displayed 250 citations on 2026-07-11, which exceeds the rubric's 11-citation high threshold. The count is index-specific and citation polarity or use was not audited.","basis_source_anchor_ids":["anchor-paper-12-citations"]},{"id":"contribution_significance","level":"high","rationale":"The work supplies an early concrete demonstration that physical-layer fingerprints can be adversarially replayed and has a large citation trail, while still carefully bounding its claims to tested techniques and equipment.","basis_source_anchor_ids":["anchor-paper-12-question","anchor-paper-12-limitations","anchor-paper-12-citations"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"researchgate_publication_page","citation_count":250,"source":"ResearchGate publication page","signals":["ResearchGate displayed Citations (250)."],"limitation":"ResearchGate coverage and version merging can differ from Google Scholar, OpenAlex, Scopus, and Web of Science; citing contexts and citation polarity were not reviewed."}},"paper_13":{"schema_version":"0.1","map_id":"paper-13-map","publication_id":13,"publication_anchor":"paper-13","slug":"paper-13","canonical_path":"/knowledge/papers/paper-13/","machine_path":"/knowledge/papers/paper-13.json","root_node_id":"paper-13","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol","primitive"],"title":"Group Distance Bounding Protocols (Short Paper)","year":2011,"venue":"4th International Conference on Trust and Trustworthy Computing (TRUST)","topic":"secure-systems-networks","labels":["Theory"],"authors":["Srdjan Čapkun","Karim Eldefrawy","Gene Tsudik"],"keywords":["distance bounding","proximity","authentication"],"research_question":"How can several provers and verifiers establish one-way distance bounds more efficiently than running every verifier-prover pair separately, while retaining a meaningful security argument?","central_answer":"A passive verifier can infer a distance bound by observing an active distance-bounding exchange and combining time-difference-of-arrival geometry with the active verifier's bound. Rotating a subset of verifiers through the active role reduces message cost, but the guarantees depend on trusted active verifiers, known locations, radio and timing assumptions, and the security of the underlying pairwise protocol.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, protocol decomposition, evidence linking, and initial assessment"}],"method":"Source-grounded review of the complete checked-in short paper, its publisher record, and a dated ResearchGate citation snapshot. Security arguments are labeled as analytical and conditional rather than formal machine-checked proofs.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source-linked map awaiting author verification; technical summaries and ratings may be revised before approval."}},"sources":[{"id":"source-paper-13-paper","type":"scholarly_article","title":"Group Distance Bounding Protocols (Short Paper)","url":"/pubs/2011/group-distance-bounding-trust2011.pdf","media_type":"application/pdf","sha256":"8cc3cb818ed21bd4772fea76b12a01d54b336e6019f0f847c6a9e08887665503","page_count":8,"provenance_category":"author","retrieved_at":"2026-07-11","retrieved_from_url":"https://web.archive.org/web/20150703110554id_/http://www.ics.uci.edu/~keldefra/papers/trust11.pdf"},{"id":"source-paper-13-official","type":"publication_record","title":"TRUST 2011 publisher record","url":"https://doi.org/10.1007/978-3-642-21599-5_23"},{"id":"source-paper-13-citations","type":"citation_index_snapshot","title":"ResearchGate citation snapshot","url":"https://www.researchgate.net/publication/225982565_GDB_Group_Distance_Bounding_Protocols","retrieved_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-13-question","source_id":"source-paper-13-paper","label":"Motivation, contribution, and one-way GDB scope","locator":"Abstract and Section 1, PDF pages 1-2","url":"/pubs/2011/group-distance-bounding-trust2011.pdf#page=1"},{"id":"anchor-paper-13-model","source_id":"source-paper-13-paper","label":"GDB cases, environmental assumptions, and adversary","locator":"Section 2, PDF pages 2-3","url":"/pubs/2011/group-distance-bounding-trust2011.pdf#page=2"},{"id":"anchor-paper-13-passive","source_id":"source-paper-13-paper","label":"Passive distance-bounding primitive and geometric argument","locator":"Section 3, PDF pages 4-5","url":"/pubs/2011/group-distance-bounding-trust2011.pdf#page=4"},{"id":"anchor-paper-13-protocol","source_id":"source-paper-13-paper","label":"One-way group protocol construction","locator":"Section 4, PDF pages 5-6","url":"/pubs/2011/group-distance-bounding-trust2011.pdf#page=5"},{"id":"anchor-paper-13-performance","source_id":"source-paper-13-paper","label":"Message-count analysis and active-verifier tradeoff","locator":"Section 5.1, PDF page 6","url":"/pubs/2011/group-distance-bounding-trust2011.pdf#page=6"},{"id":"anchor-paper-13-security","source_id":"source-paper-13-paper","label":"Security analysis and malicious-active-verifier boundary","locator":"Section 5.2, PDF pages 6-7","url":"/pubs/2011/group-distance-bounding-trust2011.pdf#page=6"},{"id":"anchor-paper-13-future","source_id":"source-paper-13-paper","label":"Conclusions and future work","locator":"Section 7, PDF page 8","url":"/pubs/2011/group-distance-bounding-trust2011.pdf#page=8"},{"id":"anchor-paper-13-publication","source_id":"source-paper-13-official","label":"Official short-paper publication record","locator":"TRUST 2011, DOI record","url":"https://doi.org/10.1007/978-3-642-21599-5_23"},{"id":"anchor-paper-13-citations","source_id":"source-paper-13-citations","label":"Citation-count snapshot","locator":"ResearchGate displayed Citations (14), observed 2026-07-11; the page may merge or separate versions differently from other indexes.","url":"https://www.researchgate.net/publication/225982565_GDB_Group_Distance_Bounding_Protocols"}],"nodes":[{"id":"paper-13","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"One-way group distance bounding","summary":"A short paper defining group distance-bounding settings and introducing passive observation as a primitive for cheaper multi-party protocols.","source_anchor_ids":["anchor-paper-13-question"]},{"id":"paper-13-question","kind":"question","parent_id":"paper-13","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can multiple verifiers and provers establish secure upper-distance bounds with fewer rapid exchanges than a complete pairwise deployment?","source_anchor_ids":["anchor-paper-13-question"]},{"id":"paper-13-answer","kind":"contribution","parent_id":"paper-13","order":2,"epistemic_status":"analytically_supported","title":"Central answer","summary":"Let some verifiers actively challenge while others passively observe timing; passive bounds can be derived geometrically and the active fraction controls a security-efficiency tradeoff.","source_anchor_ids":["anchor-paper-13-passive","anchor-paper-13-protocol","anchor-paper-13-performance"]},{"id":"paper-13-scope","kind":"scope","parent_id":"paper-13","order":3,"epistemic_status":"explicitly_scoped","title":"One-way group settings","summary":"The construction addresses many-prover/many-verifier, one-prover/many-verifier, and many-prover/one-verifier one-way cases; mutual GDB is acknowledged but left outside this short paper.","source_anchor_ids":["anchor-paper-13-model","anchor-paper-13-future"]},{"id":"paper-13-assumptions","kind":"assumption_group","parent_id":"paper-13-scope","order":1,"epistemic_status":"assumed","title":"Timing, geometry, and trust assumptions","summary":"Nodes are in mutual radio range, rapid processing is available, verifiers know their locations and pairwise distances, and passive verifiers can receive the three relevant transmissions.","source_anchor_ids":["anchor-paper-13-model","anchor-paper-13-passive"]},{"id":"paper-13-adversary","kind":"threat_model","parent_id":"paper-13-scope","order":2,"epistemic_status":"defined","title":"Adversary and exclusions","summary":"Provers may collude and attempt distance or mafia fraud, but verifiers are trusted in the base argument; reception blocking, directional antennas, terrorist fraud, and distance hijacking beyond the assumed base protocol are excluded.","source_anchor_ids":["anchor-paper-13-model","anchor-paper-13-security"]},{"id":"paper-13-primitive","kind":"primitive","parent_id":"paper-13","order":4,"epistemic_status":"proposed","title":"Passive distance bounding","summary":"A passive verifier timestamps the active verifier's commitment/challenge and the prover's response, then combines a time-difference-of-arrival hyperbola with the active distance bound to derive its own upper bound.","source_anchor_ids":["anchor-paper-13-passive"]},{"id":"paper-13-primitive-security","kind":"security_argument","parent_id":"paper-13-primitive","order":1,"epistemic_status":"conditional_argument","title":"Why a prover cannot shorten only the passive bound","summary":"Under the timing geometry, making the passive verifier infer an impossibly short distance would also require defeating the active verifier's underlying distance-bound exchange.","source_anchor_ids":["anchor-paper-13-passive"]},{"id":"paper-13-protocol","kind":"protocol","parent_id":"paper-13","order":5,"epistemic_status":"proposed","title":"Active/passive GDB protocol","summary":"A selected fraction of verifiers runs active pairwise exchanges while remaining verifiers observe them, permitting each active exchange to contribute bounds to more than one verifier.","source_anchor_ids":["anchor-paper-13-protocol"]},{"id":"paper-13-evidence-performance","kind":"analytic_evidence","parent_id":"paper-13","order":6,"epistemic_status":"calculated","title":"Communication-cost analysis","summary":"For the paper's 30-prover/30-verifier example, an 80% active fraction saves about one third of messages and a 60% active fraction saves more than half relative to naive pairwise execution.","source_anchor_ids":["anchor-paper-13-performance"]},{"id":"paper-13-evidence-security","kind":"analytic_evidence","parent_id":"paper-13","order":7,"epistemic_status":"conditional_analysis","title":"Security analysis","summary":"The paper relates success probability to the underlying distance-bounding protocol and the chance that an adversary controls active verifiers; it provides analytical metrics rather than a reduction-style theorem or machine-checked proof.","source_anchor_ids":["anchor-paper-13-security"]},{"id":"paper-13-boundary-active","kind":"limitation","parent_id":"paper-13","order":8,"epistemic_status":"material","title":"Malicious active verifier boundary","summary":"An active verifier can lie about location or send challenges early, so passive conclusions are only as trustworthy as the active participant and underlying protocol; multiple simultaneous verifiers may be needed for secure localization.","source_anchor_ids":["anchor-paper-13-security"]},{"id":"paper-13-limitations","kind":"limitation_group","parent_id":"paper-13","order":9,"epistemic_status":"explicitly_reported","title":"Unresolved scope","summary":"The short paper has no implementation or noisy-channel evaluation and leaves mutual GDB, passive operation without known verifier locations, denial of service, and realistic group-radio conditions to future work.","source_anchor_ids":["anchor-paper-13-future"]},{"id":"paper-13-artifacts","kind":"artifact_group","parent_id":"paper-13","order":10,"epistemic_status":"paper_only","title":"Artifacts","summary":"The located artifact is the complete eight-page short paper. No protocol implementation, trace set, or formal proof artifact is linked.","source_anchor_ids":["anchor-paper-13-question","anchor-paper-13-performance"]},{"id":"paper-13-scrutiny","kind":"scrutiny","parent_id":"paper-13","order":11,"epistemic_status":"venue_reviewed","title":"External scrutiny and reception","summary":"The work appeared at TRUST 2011 and ResearchGate reports 14 citations; review reports and an independent implementation or proof audit were not located.","source_anchor_ids":["anchor-paper-13-publication","anchor-paper-13-citations"]},{"id":"paper-13-lineage","kind":"lineage","parent_id":"paper-13","order":12,"epistemic_status":"source_asserted","title":"Research lineage","summary":"The paper extends distance bounding from one verifier-prover pair to group settings and introduces passive distance bounding as the organizing primitive for that extension.","source_anchor_ids":["anchor-paper-13-question","anchor-paper-13-passive"]}],"relations":[{"id":"paper-13-relation-primitive-enables-protocol","type":"enables","from_id":"paper-13-primitive","to_id":"paper-13-protocol"},{"id":"paper-13-relation-security-supports-primitive","type":"supports","from_id":"paper-13-primitive-security","to_id":"paper-13-primitive"},{"id":"paper-13-relation-performance-supports-answer","type":"supports","from_id":"paper-13-evidence-performance","to_id":"paper-13-answer"},{"id":"paper-13-relation-security-supports-answer","type":"supports","from_id":"paper-13-evidence-security","to_id":"paper-13-answer"},{"id":"paper-13-relation-active-qualifies-security","type":"qualifies","from_id":"paper-13-boundary-active","to_id":"paper-13-evidence-security"},{"id":"paper-13-relation-limitations-qualify-answer","type":"qualifies","from_id":"paper-13-limitations","to_id":"paper-13-answer"}],"assessment":{"id":"paper-13-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The paper defines the primitive and group settings, gives a geometric security argument, and quantifies message savings. The security treatment is conditional and analytical, and no implementation, simulation, or machine-checked proof is supplied.","basis_source_anchor_ids":["anchor-paper-13-passive","anchor-paper-13-performance","anchor-paper-13-security","anchor-paper-13-future"]},{"id":"auditability","level":"high","rationale":"A complete author copy is checked into the site with source route, page count, and SHA-256 identity. Definitions, protocol steps, and analytical arguments are directly inspectable, though there is no executable artifact.","basis_source_anchor_ids":["anchor-paper-13-model","anchor-paper-13-protocol","anchor-paper-13-security"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, an archived author copy, and a DOI establish baseline provenance. Contributor roles, revision history, analysis scripts, and tool use are not documented.","basis_source_anchor_ids":["anchor-paper-13-question","anchor-paper-13-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"Publication as a TRUST short paper indicates venue review, but review reports, corrections, independent formal analysis, and empirical replication were not located.","basis_source_anchor_ids":["anchor-paper-13-publication"]},{"id":"reception","level":"high","rationale":"ResearchGate displayed 14 citations on 2026-07-11, which meets the rubric's 11-or-more high band. The count is index-specific and may merge related versions.","basis_source_anchor_ids":["anchor-paper-13-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The paper introduces a clear group generalization and a reusable passive primitive, but the short version leaves important trust, synchronization, and implementation questions open.","basis_source_anchor_ids":["anchor-paper-13-question","anchor-paper-13-passive","anchor-paper-13-future"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"researchgate_publication_page","citation_count":14,"source":"ResearchGate publication page","signals":["ResearchGate displayed Citations (14)."],"limitation":"ResearchGate may merge or separate the short paper, arXiv version, and related expanded work differently from other indexes; citing contexts and polarity were not audited."}},"paper_14":{"schema_version":"0.1","map_id":"paper-14-map","publication_id":14,"publication_anchor":"paper-14","slug":"paper-14","canonical_path":"/knowledge/papers/paper-14/","machine_path":"/knowledge/papers/paper-14.json","root_node_id":"paper-14","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"ALARM: Anonymous Location-Aided Routing in Suspicious MANETs","year":2011,"venue":"IEEE Transactions on Mobile Computing, Volume 10, Number 9","topic":"privacy-identity","labels":["Theory","Applied"],"authors":["Karim Eldefrawy","Gene Tsudik"],"keywords":["anonymous routing","location privacy","MANETs"],"research_question":"Can a mobile ad hoc network construct authenticated location-based routes without exposing durable node identities or making movement histories easy to link, even when network participants may observe topology updates?","central_answer":"ALARM replaces long-lived identifiers with time-bounded location announcements authenticated by group signatures, allowing every node to build a current geographic topology while signatures remain unlinkable across periods. Its privacy and security claims are conditional on trusted location, time synchronization, group-signature infrastructure, mobility, and the stated outsider/insider model; active malicious insiders require stronger self-distinguishing signatures or tamper-resistant location/signing support.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, protocol and threat-model decomposition, evidence linking, and initial assessment"}],"method":"Source-grounded review of the public author-uploaded journal article and matching archive copy, its DOI record, and a dated ResearchGate citation snapshot. No local immutable copy could be acquired during this audit, so remote-source identity remains a limitation.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source-linked map awaiting author verification; technical summaries and ratings may be revised before approval."}},"sources":[{"id":"source-paper-14-author","type":"author_hosted_copy","title":"ALARM journal article, author-uploaded full text","url":"https://www.researchgate.net/publication/220466171_ALARM_Anonymous_location-aided_routing_in_suspicious_MANETs","provenance_category":"author","retrieved_at":"2026-07-11"},{"id":"source-paper-14-archive","type":"archived_copy","title":"CiteSeerX archive copy","url":"https://citeseerx.ist.psu.edu/document?doi=7a36caaf053d725da668419e3e765021f7f145ea&repid=rep1&type=pdf","media_type":"application/pdf","provenance_category":"archive"},{"id":"source-paper-14-official","type":"publication_record","title":"IEEE Transactions on Mobile Computing publisher record","url":"https://doi.org/10.1109/TMC.2010.256"},{"id":"source-paper-14-citations","type":"citation_index_snapshot","title":"ResearchGate citation snapshot","url":"https://www.researchgate.net/publication/220466171_ALARM_Anonymous_location-aided_routing_in_suspicious_MANETs","retrieved_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-14-question","source_id":"source-paper-14-archive","label":"Problem, goals, and contributions","locator":"Abstract and Section I, PDF pages 1-2","url":"https://citeseerx.ist.psu.edu/document?doi=7a36caaf053d725da668419e3e765021f7f145ea&repid=rep1&type=pdf#page=1"},{"id":"anchor-paper-14-model","source_id":"source-paper-14-archive","label":"Network assumptions and adversary classes","locator":"Section IV.A-B, PDF pages 4-5","url":"https://citeseerx.ist.psu.edu/document?doi=7a36caaf053d725da668419e3e765021f7f145ea&repid=rep1&type=pdf#page=4"},{"id":"anchor-paper-14-privacy","source_id":"source-paper-14-archive","label":"Group-signature and anonymity design elements","locator":"Sections III and IV.C, PDF pages 3-5","url":"https://citeseerx.ist.psu.edu/document?doi=7a36caaf053d725da668419e3e765021f7f145ea&repid=rep1&type=pdf#page=3"},{"id":"anchor-paper-14-protocol","source_id":"source-paper-14-archive","label":"ALARM location-announcement and routing protocol","locator":"Section V, PDF pages 5-7","url":"https://citeseerx.ist.psu.edu/document?doi=7a36caaf053d725da668419e3e765021f7f145ea&repid=rep1&type=pdf#page=5"},{"id":"anchor-paper-14-security","source_id":"source-paper-14-archive","label":"Outsider, passive-insider, and active-insider analysis","locator":"Section VI, PDF pages 7-9","url":"https://citeseerx.ist.psu.edu/document?doi=7a36caaf053d725da668419e3e765021f7f145ea&repid=rep1&type=pdf#page=7"},{"id":"anchor-paper-14-anonymity","source_id":"source-paper-14-archive","label":"Anonymity metric and mobility simulations","locator":"Section VII, PDF pages 9-12","url":"https://citeseerx.ist.psu.edu/document?doi=7a36caaf053d725da668419e3e765021f7f145ea&repid=rep1&type=pdf#page=9"},{"id":"anchor-paper-14-performance","source_id":"source-paper-14-archive","label":"Routing overhead and scalability analysis","locator":"Section VIII, PDF pages 12-14","url":"https://citeseerx.ist.psu.edu/document?doi=7a36caaf053d725da668419e3e765021f7f145ea&repid=rep1&type=pdf#page=12"},{"id":"anchor-paper-14-limitations","source_id":"source-paper-14-author","label":"Trusted boundaries and conclusions","locator":"Sections IV, VI, and X; author-uploaded journal full text","url":"https://www.researchgate.net/publication/220466171_ALARM_Anonymous_location-aided_routing_in_suspicious_MANETs"},{"id":"anchor-paper-14-publication","source_id":"source-paper-14-official","label":"Official journal publication record","locator":"IEEE Transactions on Mobile Computing 10(9), DOI record","url":"https://doi.org/10.1109/TMC.2010.256"},{"id":"anchor-paper-14-citations","source_id":"source-paper-14-citations","label":"Citation-count snapshot","locator":"ResearchGate displayed Citations (146), observed 2026-07-11; coverage and version merging may differ from other indexes.","url":"https://www.researchgate.net/publication/220466171_ALARM_Anonymous_location-aided_routing_in_suspicious_MANETs"}],"nodes":[{"id":"paper-14","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"ALARM","summary":"A privacy-preserving link-state protocol that authenticates geographic topology without exposing durable node identities.","source_anchor_ids":["anchor-paper-14-question"]},{"id":"paper-14-question","kind":"question","parent_id":"paper-14","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can nodes route using exact current locations while preventing outsiders and insiders from binding topology updates into durable identity and movement histories?","source_anchor_ids":["anchor-paper-14-question"]},{"id":"paper-14-answer","kind":"contribution","parent_id":"paper-14","order":2,"epistemic_status":"analytically_and_empirically_supported","title":"Central answer","summary":"Flood signed, time-bounded location announcements under unlinkable group signatures, build a current geographic map, and communicate to locations rather than long-term identifiers.","source_anchor_ids":["anchor-paper-14-protocol","anchor-paper-14-security","anchor-paper-14-anonymity"]},{"id":"paper-14-scope","kind":"scope","parent_id":"paper-14","order":3,"epistemic_status":"explicitly_scoped","title":"System and trust model","summary":"Nodes have a reliable current location, loose synchronized time, sufficient radio reach, and credentials from a group manager; mobility supplies anonymity over time.","source_anchor_ids":["anchor-paper-14-model","anchor-paper-14-privacy"]},{"id":"paper-14-adversary","kind":"threat_model","parent_id":"paper-14-scope","order":1,"epistemic_status":"defined","title":"Adversary classes","summary":"The base design analyzes passive insiders and active outsiders; active insiders can perform location fraud or Sybil behavior unless stronger signing/location mechanisms are added. Jamming and generic denial of service are excluded.","source_anchor_ids":["anchor-paper-14-model","anchor-paper-14-security"]},{"id":"paper-14-primitive","kind":"primitive","parent_id":"paper-14","order":4,"epistemic_status":"assumed_cryptographic_primitive","title":"Group-signature pseudonyms","summary":"A node proves authorized membership without revealing which member signed; each announcement's signature functions as a period-specific pseudonym, while a group manager retains opening capability.","source_anchor_ids":["anchor-paper-14-privacy"]},{"id":"paper-14-protocol","kind":"protocol","parent_id":"paper-14","order":5,"epistemic_status":"proposed","title":"Location Announcement Message workflow","summary":"During each time slot, every node floods its location, timestamp, temporary public key, and group signature; recipients verify and assemble a topology snapshot used for location-centric routing and encrypted sessions.","source_anchor_ids":["anchor-paper-14-protocol"]},{"id":"paper-14-claim-outsider","kind":"security_claim","parent_id":"paper-14","order":6,"epistemic_status":"conditional_analysis","title":"Replay and forgery resistance","summary":"Timestamps reject stale announcements and signatures bind location records against outsider forgery or modification, assuming the underlying primitives and time/location inputs behave as specified.","source_anchor_ids":["anchor-paper-14-security"]},{"id":"paper-14-claim-privacy","kind":"privacy_claim","parent_id":"paper-14","order":7,"epistemic_status":"conditional_analysis","title":"Tracking resistance","summary":"A passive insider sees the complete current topology but cannot directly link group signatures across periods; anonymity then depends on how many plausible moving nodes fit a trajectory.","source_anchor_ids":["anchor-paper-14-security","anchor-paper-14-anonymity"]},{"id":"paper-14-evidence-anonymity","kind":"empirical_evidence","parent_id":"paper-14","order":8,"epistemic_status":"simulation","title":"Mobility and anonymity evaluation","summary":"SimPy experiments over Random Walk, Reference Point Group Mobility, and Time-Variant User Mobility models evaluate cumulative k-anonymity as speed, stationary fraction, announcement interval, and observation duration vary.","source_anchor_ids":["anchor-paper-14-anonymity"]},{"id":"paper-14-evidence-performance","kind":"analytic_evidence","parent_id":"paper-14","order":9,"epistemic_status":"modeled","title":"Communication overhead","summary":"The paper accounts for periodic flooding, announcement size, bandwidth, and update interval to characterize scalability; this is model/simulation evidence rather than a deployed MANET measurement.","source_anchor_ids":["anchor-paper-14-performance"]},{"id":"paper-14-boundary-insider","kind":"limitation","parent_id":"paper-14","order":10,"epistemic_status":"material","title":"Active-insider boundary","summary":"Generic group signatures do not stop a credentialed node from lying about its position or creating multiple simultaneous-looking locations; the proposed mitigations rely on self-distinguishing signatures or tamper-resistant GPS/signing hardware.","source_anchor_ids":["anchor-paper-14-security","anchor-paper-14-limitations"]},{"id":"paper-14-limitations","kind":"limitation_group","parent_id":"paper-14","order":11,"epistemic_status":"explicitly_reported","title":"Privacy and deployment limits","summary":"ALARM intentionally reveals the full current topology to insiders, trusts a group manager plus location and time sources, gains privacy from mobility, and does not solve jamming, denial of service, or physical tracking.","source_anchor_ids":["anchor-paper-14-model","anchor-paper-14-security","anchor-paper-14-limitations"]},{"id":"paper-14-artifacts","kind":"artifact_group","parent_id":"paper-14","order":12,"epistemic_status":"paper_and_simulation_description","title":"Artifacts","summary":"Public author and archive full texts are available and the simulation model is documented, but no source-code repository, raw traces, or immutable local paper copy is attached to this map.","source_anchor_ids":["anchor-paper-14-limitations","anchor-paper-14-anonymity"]},{"id":"paper-14-scrutiny","kind":"scrutiny","parent_id":"paper-14","order":13,"epistemic_status":"journal_reviewed","title":"External scrutiny and reception","summary":"The expanded work appeared in IEEE Transactions on Mobile Computing and ResearchGate reports 146 citations; this audit did not inspect review reports, citing contexts, or an independent protocol implementation.","source_anchor_ids":["anchor-paper-14-publication","anchor-paper-14-citations"]},{"id":"paper-14-lineage","kind":"lineage","parent_id":"paper-14","order":14,"epistemic_status":"source_asserted_and_reception_supported","title":"Research lineage","summary":"ALARM establishes location-centric anonymous link-state routing as an alternative to identity-centric MANET routing and exposes the tradeoff between topology utility and trajectory privacy.","source_anchor_ids":["anchor-paper-14-question","anchor-paper-14-anonymity","anchor-paper-14-citations"]}],"relations":[{"id":"paper-14-relation-primitive-enables-protocol","type":"enables","from_id":"paper-14-primitive","to_id":"paper-14-protocol"},{"id":"paper-14-relation-protocol-supports-outsider","type":"supports","from_id":"paper-14-protocol","to_id":"paper-14-claim-outsider"},{"id":"paper-14-relation-protocol-supports-privacy","type":"supports","from_id":"paper-14-protocol","to_id":"paper-14-claim-privacy"},{"id":"paper-14-relation-anonymity-supports-privacy","type":"supports","from_id":"paper-14-evidence-anonymity","to_id":"paper-14-claim-privacy"},{"id":"paper-14-relation-active-qualifies-answer","type":"qualifies","from_id":"paper-14-boundary-insider","to_id":"paper-14-answer"},{"id":"paper-14-relation-limits-qualify-privacy","type":"qualifies","from_id":"paper-14-limitations","to_id":"paper-14-claim-privacy"}],"assessment":{"id":"paper-14-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The journal article provides an explicit protocol, threat analysis, anonymity metric, mobility simulations, and overhead modeling. Security arguments are conditional rather than reduction-style proofs, and no deployed implementation or independent reproduction was located.","basis_source_anchor_ids":["anchor-paper-14-protocol","anchor-paper-14-security","anchor-paper-14-anonymity","anchor-paper-14-performance"]},{"id":"auditability","level":"high","rationale":"A complete author-uploaded copy and matching public archive copy make assumptions, protocol steps, and evidence directly inspectable. This audit could not store and hash a local binary, so remote version identity remains less stable than for checked-in papers.","basis_source_anchor_ids":["anchor-paper-14-question","anchor-paper-14-limitations"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, an author-uploaded full text, and the journal DOI establish baseline provenance. Contributor roles, simulation-code lineage, revision history, and tool use are not documented.","basis_source_anchor_ids":["anchor-paper-14-question","anchor-paper-14-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"Journal publication and a substantial citation trail show external attention, but review materials, independent reproduction, correction history, and adversarial protocol evaluation were not audited.","basis_source_anchor_ids":["anchor-paper-14-publication","anchor-paper-14-citations"]},{"id":"reception","level":"high","rationale":"ResearchGate displayed 146 citations on 2026-07-11, exceeding the rubric's 11-citation high threshold. The count is index-specific and citation contexts were not reviewed.","basis_source_anchor_ids":["anchor-paper-14-citations"]},{"id":"contribution_significance","level":"high","rationale":"The paper offers a comprehensive anonymous location-centric routing design, makes topology/privacy tradeoffs explicit, and has a large citation trail, while clearly depending on strong infrastructure and mobility assumptions.","basis_source_anchor_ids":["anchor-paper-14-question","anchor-paper-14-limitations","anchor-paper-14-citations"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"researchgate_publication_page","citation_count":146,"source":"ResearchGate publication page","signals":["ResearchGate displayed Citations (146)."],"limitation":"ResearchGate coverage and version merging differ from other scholarly indexes; citing contexts, polarity, independent implementations, and deployment adoption were not audited."}},"paper_15":{"schema_version":"0.1","map_id":"paper-15-map","publication_id":15,"publication_anchor":"paper-15","slug":"paper-15","canonical_path":"/knowledge/papers/paper-15/","machine_path":"/knowledge/papers/paper-15.json","root_node_id":"paper-15","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"Privacy-Preserving Location-Based On-Demand Routing in MANETs","year":2011,"venue":"IEEE Journal on Selected Areas in Communications, Volume 29, Number 10","topic":"privacy-identity","labels":["Theory","Applied"],"authors":["Karim Eldefrawy","Gene Tsudik"],"keywords":["location privacy","MANET routing"],"research_question":"Can an on-demand MANET route be discovered toward a geographic destination area without requiring durable identities and while limiting what outsiders and insiders learn about the communicating nodes and network topology?","central_answer":"PRISM adapts AODV to location-centric addressing: a source floods a group-signed request containing a destination area and temporary key, and any node in that area can return an encrypted, group-signed reply over the reverse path. The design protects against outsiders and passive insiders under its cryptographic assumptions, but reveals the queried area and existence of a respondent and requires extensions to address active-insider location fraud and Sybil behavior.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, protocol and threat-model decomposition, evidence linking, and initial assessment"}],"method":"Source-grounded review of the complete checked-in journal paper, its publisher and archive records, and a dated ResearchGate citation snapshot. Simulations and security reasoning were inspected but not independently reproduced.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source-linked map awaiting author verification; technical summaries and ratings may be revised before approval."}},"sources":[{"id":"source-paper-15-paper","type":"scholarly_article","title":"Privacy-Preserving Location-Based On-Demand Routing in MANETs","url":"/pubs/2011/privacy-preserving-routing-jsac2011.pdf","media_type":"application/pdf","sha256":"ecc2b70f32c26a99c6a38b72aecc33c7920cb96d18a31ebeda08821d34baae31","page_count":10,"provenance_category":"author","retrieved_at":"2026-07-11","retrieved_from_url":"https://web.archive.org/web/20150703110555id_/http://www.ics.uci.edu/~keldefra/papers/jsac11.pdf"},{"id":"source-paper-15-official","type":"publication_record","title":"IEEE JSAC publisher record","url":"https://doi.org/10.1109/JSAC.2011.111203"},{"id":"source-paper-15-citations","type":"citation_index_snapshot","title":"ResearchGate citation snapshot","url":"https://www.researchgate.net/publication/220641668_Privacy-Preserving_Location-Based_On-Demand_Routing_in_MANETs","retrieved_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-15-question","source_id":"source-paper-15-paper","label":"Problem, goals, and claimed contribution","locator":"Abstract and Sections I-II.A, PDF pages 1-2","url":"/pubs/2011/privacy-preserving-routing-jsac2011.pdf#page=1"},{"id":"anchor-paper-15-model","source_id":"source-paper-15-paper","label":"Location-centric model and assumptions","locator":"Sections II-III.A, PDF pages 2-3","url":"/pubs/2011/privacy-preserving-routing-jsac2011.pdf#page=2"},{"id":"anchor-paper-15-adversary","source_id":"source-paper-15-paper","label":"Outsider and insider adversary classes","locator":"Section III.B, PDF page 3","url":"/pubs/2011/privacy-preserving-routing-jsac2011.pdf#page=3"},{"id":"anchor-paper-15-protocol","source_id":"source-paper-15-paper","label":"PRISM route-request, route-reply, and forwarding protocol","locator":"Section IV.A-B and Figure 1, PDF pages 4-5","url":"/pubs/2011/privacy-preserving-routing-jsac2011.pdf#page=4"},{"id":"anchor-paper-15-security","source_id":"source-paper-15-paper","label":"Security and privacy analysis","locator":"Section IV.C-F, PDF pages 5-6","url":"/pubs/2011/privacy-preserving-routing-jsac2011.pdf#page=5"},{"id":"anchor-paper-15-simulation","source_id":"source-paper-15-paper","label":"Simulation setup and routing-overhead results","locator":"Section V.A-C, PDF pages 6-8","url":"/pubs/2011/privacy-preserving-routing-jsac2011.pdf#page=6"},{"id":"anchor-paper-15-leakage","source_id":"source-paper-15-paper","label":"Topology leakage and utility evaluation","locator":"Section V.D-E, PDF pages 8-9","url":"/pubs/2011/privacy-preserving-routing-jsac2011.pdf#page=8"},{"id":"anchor-paper-15-limitations","source_id":"source-paper-15-paper","label":"Limitations and conclusions","locator":"Sections IV and VII, PDF pages 5-6 and 9","url":"/pubs/2011/privacy-preserving-routing-jsac2011.pdf#page=9"},{"id":"anchor-paper-15-publication","source_id":"source-paper-15-official","label":"Official journal publication record","locator":"IEEE JSAC 29(10), DOI record","url":"https://doi.org/10.1109/JSAC.2011.111203"},{"id":"anchor-paper-15-citations","source_id":"source-paper-15-citations","label":"Citation-count snapshot","locator":"ResearchGate displayed Citations (107), observed 2026-07-11; coverage and version merging may differ from other indexes.","url":"https://www.researchgate.net/publication/220641668_Privacy-Preserving_Location-Based_On-Demand_Routing_in_MANETs"}],"nodes":[{"id":"paper-15","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"PRISM","summary":"An on-demand, location-addressed MANET routing protocol designed to reduce identity and topology leakage in hostile settings.","source_anchor_ids":["anchor-paper-15-question"]},{"id":"paper-15-question","kind":"question","parent_id":"paper-15","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can route discovery reach whichever authorized node occupies a target area without exposing a permanent source or destination identity?","source_anchor_ids":["anchor-paper-15-question","anchor-paper-15-model"]},{"id":"paper-15-answer","kind":"contribution","parent_id":"paper-15","order":2,"epistemic_status":"analytically_and_empirically_supported","title":"Central answer","summary":"Use group-signed, identity-free route requests to a geographic area, temporary public keys for the reply, and short-lived route/session identifiers for data forwarding.","source_anchor_ids":["anchor-paper-15-protocol","anchor-paper-15-security"]},{"id":"paper-15-goals","kind":"scope","parent_id":"paper-15","order":3,"epistemic_status":"explicitly_scoped","title":"Design goals","summary":"PRISM targets tracking resistance, protection from active and passive outsiders and insiders, and acceptable routing cost in critical mobile networks.","source_anchor_ids":["anchor-paper-15-question"]},{"id":"paper-15-assumptions","kind":"assumption_group","parent_id":"paper-15-goals","order":1,"epistemic_status":"assumed","title":"Infrastructure and device assumptions","summary":"Nodes know their location, have loose time synchronization and public-key capabilities, and receive credentials and a network-wide key from an offline trusted authority; eviction is only supported between deployments.","source_anchor_ids":["anchor-paper-15-model"]},{"id":"paper-15-adversary","kind":"threat_model","parent_id":"paper-15-goals","order":2,"epistemic_status":"defined","title":"Adversary classes","summary":"The analysis separates passive and active outsiders from passive and active insiders; physical-layer time-difference tracking is explicitly outside the model.","source_anchor_ids":["anchor-paper-15-adversary"]},{"id":"paper-15-protocol","kind":"protocol","parent_id":"paper-15","order":4,"epistemic_status":"proposed","title":"PRISM route discovery","summary":"The source broadcasts a request containing the destination area, fresh temporary public key, timestamp, and group signature; nodes flood it while caching only request hashes and reverse-hop state.","source_anchor_ids":["anchor-paper-15-protocol"]},{"id":"paper-15-protocol-reply","kind":"protocol_step","parent_id":"paper-15-protocol","order":1,"epistemic_status":"specified","title":"Anonymous route reply","summary":"A node in the destination area returns a group-signed reply that binds the request hash and encrypts a fresh session key and exact location to the source's temporary key.","source_anchor_ids":["anchor-paper-15-protocol"]},{"id":"paper-15-protocol-data","kind":"protocol_step","parent_id":"paper-15-protocol","order":2,"epistemic_status":"specified","title":"Data phase","summary":"Short-lived route identifiers derived from request material guide forwarding, while the negotiated session key protects the end-to-end payload.","source_anchor_ids":["anchor-paper-15-protocol"]},{"id":"paper-15-claim-outsider","kind":"security_claim","parent_id":"paper-15","order":5,"epistemic_status":"conditional_analysis","title":"Outsider protection","summary":"The network-wide key and cryptographic authentication are intended to exclude outsiders from useful routing traffic and prevent request or reply forgery under the stated assumptions.","source_anchor_ids":["anchor-paper-15-security"]},{"id":"paper-15-claim-insider","kind":"privacy_claim","parent_id":"paper-15","order":6,"epistemic_status":"conditional_analysis","title":"Passive-insider privacy","summary":"Group-signature unlinkability and temporary keys hide durable identities, but an observer still learns the requested destination area and that some node there replied.","source_anchor_ids":["anchor-paper-15-security"]},{"id":"paper-15-boundary-active","kind":"limitation","parent_id":"paper-15","order":7,"epistemic_status":"explicitly_reported","title":"Active-insider boundary","summary":"Base PRISM does not prevent a credentialed insider from location fraud, Sybil behavior, or some man-in-the-middle actions; one-time certificates or tamper-resistant signing/location hardware are proposed extensions.","source_anchor_ids":["anchor-paper-15-security"]},{"id":"paper-15-evidence-overhead","kind":"empirical_evidence","parent_id":"paper-15","order":8,"epistemic_status":"simulation","title":"Routing-overhead evaluation","summary":"Simulations vary 20-100 nodes, query fractions, and three mobility models over repeated 10,000-second runs; overhead rises sharply under an intentionally heavy all-node, five-second query workload and is lower at moderate query rates.","source_anchor_ids":["anchor-paper-15-simulation"]},{"id":"paper-15-evidence-privacy","kind":"empirical_evidence","parent_id":"paper-15","order":9,"epistemic_status":"simulation","title":"Topology-leakage evaluation","summary":"The experiments estimate the fraction of topology exposed by observed route discoveries; leakage depends strongly on query volume and mobility, with group and time-variant mobility revealing less than random waypoint in the tested settings.","source_anchor_ids":["anchor-paper-15-leakage"]},{"id":"paper-15-limitations","kind":"limitation_group","parent_id":"paper-15","order":10,"epistemic_status":"material","title":"Trusted boundaries and leakage","summary":"The destination area and response event remain visible, physical tracking is out of scope, an offline authority and shared network key are trusted, and simulated performance does not establish behavior in a deployed hostile MANET.","source_anchor_ids":["anchor-paper-15-adversary","anchor-paper-15-security","anchor-paper-15-limitations"]},{"id":"paper-15-artifacts","kind":"artifact_group","parent_id":"paper-15","order":11,"epistemic_status":"paper_and_simulation_description","title":"Artifacts","summary":"The complete paper documents protocol formats, security reasoning, simulation parameters, and results; no simulation source, raw trace set, or implementation repository was located.","source_anchor_ids":["anchor-paper-15-protocol","anchor-paper-15-simulation"]},{"id":"paper-15-scrutiny","kind":"scrutiny","parent_id":"paper-15","order":12,"epistemic_status":"journal_reviewed","title":"External scrutiny and reception","summary":"The work appeared in IEEE JSAC and ResearchGate reports 107 citations; this audit did not inspect review reports, citing contexts, corrections, or an independent implementation.","source_anchor_ids":["anchor-paper-15-publication","anchor-paper-15-citations"]},{"id":"paper-15-lineage","kind":"lineage","parent_id":"paper-15","order":13,"epistemic_status":"documented","title":"Relation to ALARM","summary":"PRISM develops an on-demand counterpart to ALARM's proactive location-centric design, reducing routine topology dissemination while introducing query-dependent area leakage.","source_anchor_ids":["anchor-paper-15-question","anchor-paper-15-leakage"]}],"relations":[{"id":"paper-15-relation-reply-part-of-protocol","type":"part_of","from_id":"paper-15-protocol-reply","to_id":"paper-15-protocol"},{"id":"paper-15-relation-data-part-of-protocol","type":"part_of","from_id":"paper-15-protocol-data","to_id":"paper-15-protocol"},{"id":"paper-15-relation-protocol-supports-answer","type":"supports","from_id":"paper-15-protocol","to_id":"paper-15-answer"},{"id":"paper-15-relation-privacy-supports-answer","type":"supports","from_id":"paper-15-evidence-privacy","to_id":"paper-15-answer"},{"id":"paper-15-relation-active-qualifies-answer","type":"qualifies","from_id":"paper-15-boundary-active","to_id":"paper-15-answer"},{"id":"paper-15-relation-limitations-qualify-insider","type":"qualifies","from_id":"paper-15-limitations","to_id":"paper-15-claim-insider"}],"assessment":{"id":"paper-15-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The paper gives a concrete protocol, explicit adversary analysis, and repeated simulations of overhead and leakage across mobility models. The security argument is conditional, raw simulation artifacts are unavailable, and no deployment or independent reproduction was audited.","basis_source_anchor_ids":["anchor-paper-15-protocol","anchor-paper-15-security","anchor-paper-15-simulation","anchor-paper-15-leakage"]},{"id":"auditability","level":"high","rationale":"A complete author copy is checked into the site with source route, page count, and SHA-256 identity. Protocol details and reported simulations are inspectable, although code and raw traces were not located.","basis_source_anchor_ids":["anchor-paper-15-protocol","anchor-paper-15-simulation"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, an archived author copy, and the journal DOI establish baseline provenance. Contributor roles, simulation lineage, revision history, and tool use are not documented.","basis_source_anchor_ids":["anchor-paper-15-question","anchor-paper-15-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"IEEE JSAC publication and later citations demonstrate scrutiny and attention, but review reports, correction history, adversarial reanalysis, and independent reproduction were not located.","basis_source_anchor_ids":["anchor-paper-15-publication","anchor-paper-15-citations"]},{"id":"reception","level":"high","rationale":"ResearchGate displayed 107 citations on 2026-07-11, exceeding the rubric's 11-citation high threshold. The count is index-specific and citation contexts were not audited.","basis_source_anchor_ids":["anchor-paper-15-citations"]},{"id":"contribution_significance","level":"high","rationale":"The protocol develops a distinct location-centric, on-demand privacy design with quantified topology leakage and has a substantial citation trail, while retaining clear active-insider and infrastructure boundaries.","basis_source_anchor_ids":["anchor-paper-15-question","anchor-paper-15-leakage","anchor-paper-15-limitations","anchor-paper-15-citations"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"researchgate_publication_page","citation_count":107,"source":"ResearchGate publication page","signals":["ResearchGate displayed Citations (107)."],"limitation":"ResearchGate coverage and version merging can differ from other indexes; citing contexts, polarity, implementations, and operational adoption were not audited."}},"paper_16":{"schema_version":"0.1","map_id":"paper-16-map","publication_id":16,"publication_anchor":"paper-16","slug":"paper-16","canonical_path":"/knowledge/papers/paper-16/","machine_path":"/knowledge/papers/paper-16.json","root_node_id":"paper-16","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["algorithm"],"title":"Harvesting SSL Certificate Data to Identify Web-Fraud","year":2012,"venue":"International Journal of Network Security, Volume 14, Number 6","topic":"ai-machine-learning","labels":["Applied"],"ai_ml_labels":["AI for security"],"authors":["Mishari Al Mishari","Emiliano De Cristofaro","Karim Eldefrawy","Gene Tsudik"],"keywords":["web fraud","TLS certificates","measurement"],"research_question":"Do HTTPS certificate fields contain enough stable signal to distinguish popular legitimate domains from phishing, typosquatting, and less-vetted domains without observing a user's browsing history or page content?","central_answer":"The study finds strong distributional differences across certificate datasets and trains classical machine-learning classifiers on derived X.509 features. Ten-fold cross-validation reports high positive-class recall and precision in the sampled data, but lower negative recall in some formulations; the authors therefore position the classifier as one input to a broader anti-fraud system rather than a standalone detector.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, dataset and classifier decomposition, evidence linking, and initial assessment"}],"method":"Source-grounded review of the complete checked-in journal article, including all dataset and classifier tables, plus its public source routes and a dated ResearchGate citation snapshot. Reported experiments were not rerun because data and code were not located.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source-linked map awaiting author verification; technical summaries and ratings may be revised before approval."}},"sources":[{"id":"source-paper-16-paper","type":"scholarly_article","title":"Harvesting SSL Certificate Data to Identify Web-Fraud","url":"/pubs/2012/ssl-certificate-web-fraud-ijns2012.pdf","media_type":"application/pdf","sha256":"3fd3d47fb60314a65d9cc3a311aeb3272090871d609c31734eeb0811b15eb7ba","page_count":15,"provenance_category":"author","retrieved_at":"2026-07-11","retrieved_from_url":"https://emilianodc.com/PAPERS/IJSN12.pdf"},{"id":"source-paper-16-official","type":"publication_record","title":"International Journal of Network Security PDF record","url":"http://ijns.jalaxy.com.tw/contents/ijns-v14-n6/ijns-2012-v14-n6-p324-338.pdf"},{"id":"source-paper-16-preprint","type":"preprint_record","title":"arXiv preprint record","url":"https://arxiv.org/abs/0909.3688"},{"id":"source-paper-16-citations","type":"citation_index_snapshot","title":"ResearchGate citation snapshot","url":"https://www.researchgate.net/publication/45873637_Harvesting_SSL_Certificate_Data_to_Identify_Web-Fraud","retrieved_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-16-question","source_id":"source-paper-16-paper","label":"Problem and certificate-only detection proposal","locator":"Abstract and Section 1, PDF pages 1-2","url":"/pubs/2012/ssl-certificate-web-fraud-ijns2012.pdf#page=1"},{"id":"anchor-paper-16-collection","source_id":"source-paper-16-paper","label":"Collection periods and domain sampling","locator":"Section 3.1, PDF pages 2-4","url":"/pubs/2012/ssl-certificate-web-fraud-ijns2012.pdf#page=2"},{"id":"anchor-paper-16-datasets","source_id":"source-paper-16-paper","label":"Dataset sizes and unique-certificate counts","locator":"Tables 1-2, PDF page 3","url":"/pubs/2012/ssl-certificate-web-fraud-ijns2012.pdf#page=3"},{"id":"anchor-paper-16-features","source_id":"source-paper-16-paper","label":"X.509 feature extraction and distribution analysis","locator":"Section 3.2 and Tables 3-7, PDF pages 4-8","url":"/pubs/2012/ssl-certificate-web-fraud-ijns2012.pdf#page=4"},{"id":"anchor-paper-16-classifiers","source_id":"source-paper-16-paper","label":"Classifier families, metrics, and ten-fold validation","locator":"Section 4.1, PDF page 9","url":"/pubs/2012/ssl-certificate-web-fraud-ijns2012.pdf#page=9"},{"id":"anchor-paper-16-results","source_id":"source-paper-16-paper","label":"Primary classifier results","locator":"Section 4.2 and Tables 8-9, PDF pages 9-10","url":"/pubs/2012/ssl-certificate-web-fraud-ijns2012.pdf#page=9"},{"id":"anchor-paper-16-robustness","source_id":"source-paper-16-paper","label":"Dataset-size and issuer-only feature experiments","locator":"Sections 4.3-4.4 and Tables 10-11, PDF pages 10-12","url":"/pubs/2012/ssl-certificate-web-fraud-ijns2012.pdf#page=10"},{"id":"anchor-paper-16-limitations","source_id":"source-paper-16-paper","label":"Deployment limitations, adversarial adaptation, and integration","locator":"Section 5, PDF pages 11-12","url":"/pubs/2012/ssl-certificate-web-fraud-ijns2012.pdf#page=11"},{"id":"anchor-paper-16-conclusion","source_id":"source-paper-16-paper","label":"Conclusions and claimed novelty","locator":"Section 7, PDF pages 13-14","url":"/pubs/2012/ssl-certificate-web-fraud-ijns2012.pdf#page=13"},{"id":"anchor-paper-16-publication","source_id":"source-paper-16-official","label":"Official journal record","locator":"International Journal of Network Security 14(6), pages 324-338","url":"http://ijns.jalaxy.com.tw/contents/ijns-v14-n6/ijns-2012-v14-n6-p324-338.pdf"},{"id":"anchor-paper-16-citations","source_id":"source-paper-16-citations","label":"Citation-count snapshot","locator":"ResearchGate displayed Citations (21), observed 2026-07-11; coverage and version merging may differ from other indexes.","url":"https://www.researchgate.net/publication/45873637_Harvesting_SSL_Certificate_Data_to_Identify_Web-Fraud"}],"nodes":[{"id":"paper-16","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Certificate-based web-fraud classification","summary":"An Internet measurement and machine-learning study using only server X.509 certificate data to flag potentially fraudulent domains.","source_anchor_ids":["anchor-paper-16-question"]},{"id":"paper-16-question","kind":"question","parent_id":"paper-16","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can certificate metadata distinguish HTTPS-enabled web fraud without collecting user-specific navigation history?","source_anchor_ids":["anchor-paper-16-question"]},{"id":"paper-16-answer","kind":"contribution","parent_id":"paper-16","order":2,"epistemic_status":"empirically_supported","title":"Central answer","summary":"Certificate fields provide useful statistical signal in the sampled datasets, and classical classifiers can combine those signals into an anti-fraud feature; false positives and incomplete HTTPS coverage prevent treating the output as a definitive verdict.","source_anchor_ids":["anchor-paper-16-results","anchor-paper-16-limitations"]},{"id":"paper-16-scope","kind":"scope","parent_id":"paper-16","order":3,"epistemic_status":"explicitly_scoped","title":"Measurement scope","summary":"Certificates were collected in September-October 2009 and March-October 2010 from popular, random .com/.net, phishing, and typosquatting domain lists that responded on HTTPS.","source_anchor_ids":["anchor-paper-16-collection"]},{"id":"paper-16-data","kind":"dataset","parent_id":"paper-16","order":4,"epistemic_status":"described_not_released","title":"Four certificate datasets","summary":"The article reports 2,984 Alexa certificates, 22,063 random .com/.net certificates, 5,175 phishing certificates, and 486 typosquatting certificates, with substantial duplicate rates in several sets.","source_anchor_ids":["anchor-paper-16-datasets"]},{"id":"paper-16-data-labels","kind":"assumption","parent_id":"paper-16-data","order":1,"epistemic_status":"operationalized","title":"Label construction","summary":"Alexa ranking is used as a popular/legitimate proxy, PhishTank supplies phishing domains, and typosquatting candidates are derived from random domains using typo correction plus a parked-domain classifier.","source_anchor_ids":["anchor-paper-16-collection"]},{"id":"paper-16-features","kind":"method","parent_id":"paper-16","order":5,"epistemic_status":"implemented","title":"Certificate feature extraction","summary":"The system derives boolean, categorical, and duration features from certificate issuer, subject, host-name similarity, signing, and validity information, including pairwise popularity indicators.","source_anchor_ids":["anchor-paper-16-features"]},{"id":"paper-16-algorithm","kind":"algorithm","parent_id":"paper-16","order":6,"epistemic_status":"implemented","title":"Classifier ensemble comparison","summary":"Random Forest, Decision Tree, bagged and boosted trees, and Nearest Neighbor are trained and compared using positive/negative precision and recall under ten-fold cross-validation.","source_anchor_ids":["anchor-paper-16-classifiers"]},{"id":"paper-16-evidence-phishing","kind":"empirical_evidence","parent_id":"paper-16","order":7,"epistemic_status":"cross_validated","title":"Phishing versus popular certificates","summary":"Across classifiers, positive recall is about 0.935-0.94 and positive precision about 0.877-0.881, while negative recall is about 0.773-0.780; the asymmetry matters for deployment false positives.","source_anchor_ids":["anchor-paper-16-results"]},{"id":"paper-16-evidence-suspicious","kind":"empirical_evidence","parent_id":"paper-16","order":8,"epistemic_status":"cross_validated","title":"Random-or-phishing versus popular certificates","summary":"When random .com/.net and phishing certificates form the positive class, reported positive recall reaches about 0.975 and precision about 0.960, but negative recall remains only about 0.598-0.631.","source_anchor_ids":["anchor-paper-16-results"]},{"id":"paper-16-evidence-robustness","kind":"empirical_evidence","parent_id":"paper-16","order":9,"epistemic_status":"sensitivity_analysis","title":"Training-size and feature sensitivity","summary":"Increasing the phishing training set improves positive precision and recall, and an issuer-only feature set remains informative, supporting—but not proving—some resilience to easily forged subject fields.","source_anchor_ids":["anchor-paper-16-robustness"]},{"id":"paper-16-deployment","kind":"implication","parent_id":"paper-16","order":10,"epistemic_status":"source_recommendation","title":"Intended deployment role","summary":"The classifier is proposed as a privacy-preserving signal combined with URL, content, blacklist, or browser defenses, not as a standalone blocking oracle.","source_anchor_ids":["anchor-paper-16-limitations"]},{"id":"paper-16-limitations","kind":"limitation_group","parent_id":"paper-16","order":11,"epistemic_status":"explicitly_reported","title":"Generalization and adversarial limits","summary":"The labels and Internet sample are time- and source-dependent, many fraudulent domains do not use HTTPS, false positives remain, larger geographically diverse datasets are needed, and attackers can imitate forgeable certificate fields.","source_anchor_ids":["anchor-paper-16-limitations"]},{"id":"paper-16-artifacts","kind":"artifact_group","parent_id":"paper-16","order":12,"epistemic_status":"paper_only","title":"Artifacts","summary":"The journal paper records datasets, features, metrics, and results in detail, but this audit did not locate the harvested certificates, labels, feature code, trained models, or evaluation scripts.","source_anchor_ids":["anchor-paper-16-datasets","anchor-paper-16-classifiers"]},{"id":"paper-16-scrutiny","kind":"scrutiny","parent_id":"paper-16","order":13,"epistemic_status":"journal_reviewed","title":"External scrutiny and reception","summary":"The work appeared in the International Journal of Network Security and ResearchGate reports 21 citations; this audit did not inspect review reports, citing contexts, or a modern replication.","source_anchor_ids":["anchor-paper-16-publication","anchor-paper-16-citations"]},{"id":"paper-16-lineage","kind":"lineage","parent_id":"paper-16","order":14,"epistemic_status":"source_asserted","title":"Research lineage","summary":"The paper is an early AI-for-security use of public TLS certificate structure as a privacy-preserving classification signal for phishing and typosquatting.","source_anchor_ids":["anchor-paper-16-question","anchor-paper-16-conclusion"]}],"relations":[{"id":"paper-16-relation-data-enables-features","type":"enables","from_id":"paper-16-data","to_id":"paper-16-features"},{"id":"paper-16-relation-features-enable-algorithm","type":"enables","from_id":"paper-16-features","to_id":"paper-16-algorithm"},{"id":"paper-16-relation-phishing-supports-answer","type":"supports","from_id":"paper-16-evidence-phishing","to_id":"paper-16-answer"},{"id":"paper-16-relation-suspicious-supports-answer","type":"supports","from_id":"paper-16-evidence-suspicious","to_id":"paper-16-answer"},{"id":"paper-16-relation-robustness-qualifies-algorithm","type":"qualifies","from_id":"paper-16-evidence-robustness","to_id":"paper-16-algorithm"},{"id":"paper-16-relation-limitations-qualify-answer","type":"qualifies","from_id":"paper-16-limitations","to_id":"paper-16-answer"}],"assessment":{"id":"paper-16-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The study uses large observational datasets, explicit features, multiple classifiers, ten-fold validation, and sensitivity checks. Labels are proxy-based, the sample is historically bounded, negative-class recall is weak in some formulations, and no data/code or modern independent replication was located.","basis_source_anchor_ids":["anchor-paper-16-datasets","anchor-paper-16-classifiers","anchor-paper-16-results","anchor-paper-16-robustness","anchor-paper-16-limitations"]},{"id":"auditability","level":"high","rationale":"The complete journal version is checked into the site with source route, page count, and SHA-256 identity. Dataset construction, features, metrics, and tables are inspectable, though the underlying data and code are unavailable.","basis_source_anchor_ids":["anchor-paper-16-datasets","anchor-paper-16-results","anchor-paper-16-limitations"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, journal and preprint records, and an author-hosted journal PDF establish baseline provenance. Contributor roles, dataset snapshots, code versions, and revision history are not documented.","basis_source_anchor_ids":["anchor-paper-16-question","anchor-paper-16-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"Journal publication and follow-on citations provide external attention, but review reports, corrections, data reuse, and independent classifier reproduction were not audited.","basis_source_anchor_ids":["anchor-paper-16-publication","anchor-paper-16-citations"]},{"id":"reception","level":"high","rationale":"ResearchGate displayed 21 citations on 2026-07-11, exceeding the rubric's 11-citation high threshold. The count is index-specific and citing contexts were not reviewed.","basis_source_anchor_ids":["anchor-paper-16-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The work presents an early, privacy-conscious certificate-based machine-learning detector and a substantive Internet measurement, but its data are historically bounded and the classifier is explicitly not a standalone solution.","basis_source_anchor_ids":["anchor-paper-16-question","anchor-paper-16-results","anchor-paper-16-limitations"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"researchgate_publication_page","citation_count":21,"source":"ResearchGate publication page","signals":["ResearchGate displayed Citations (21)."],"limitation":"ResearchGate coverage and merging of preprint and journal versions may differ from other indexes; citation contexts, polarity, dataset reuse, and deployed adoption were not audited."}},"paper_17":{"schema_version":"0.1","map_id":"paper-17-map","publication_id":17,"publication_anchor":"paper-17","slug":"paper-17","canonical_path":"/knowledge/papers/paper-17/","machine_path":"/knowledge/papers/paper-17.json","root_node_id":"paper-17","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["primitive"],"title":"SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust","year":2012,"venue":"Network and Distributed System Security Symposium (NDSS)","topic":"secure-systems-networks","labels":["Theory","Applied"],"authors":["Karim Eldefrawy","Aurélien Francillon","Daniele Perito","Gene Tsudik"],"keywords":["root of trust","remote attestation","microcontrollers"],"research_question":"What is the smallest practical hardware/software change that lets a remote verifier authenticate a low-end microcontroller's memory state and invoke selected code even when all ordinary device software is compromised?","central_answer":"SMART places a keyed attestation and optional execution routine in immutable ROM, gates the secret key and routine entry/exit with simple hardware checks, disables interrupts during the trusted operation, and resets on violations. Modified open-source AVR and MSP430 cores plus synthesis and timing measurements suggest modest hardware cost, but the security case is an informal argument over explicit assertions rather than a formal proof, and physical/fault/side-channel attacks are outside scope.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, architecture and security-boundary decomposition, evidence linking, and initial assessment"}],"method":"Source-grounded review of the complete checked-in NDSS paper, its official record, a later primary VRASED paper for documented lineage, and a dated ResearchGate citation snapshot. Implementation measurements were inspected but not reproduced.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source-linked map awaiting author verification; technical summaries and ratings may be revised before approval."}},"sources":[{"id":"source-paper-17-paper","type":"scholarly_article","title":"SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust","url":"/pubs/2012/smart-ndss2012.pdf","media_type":"application/pdf","sha256":"56b8d9f0667d999560b4c8b2f8c64a525e5653a86e91a0e24e9321ae1e68a729","page_count":15,"provenance_category":"author","retrieved_at":"2026-07-11","retrieved_from_url":"https://ics.uci.edu/~gts/paps/smart.pdf"},{"id":"source-paper-17-official","type":"publication_record","title":"NDSS 2012 paper page","url":"https://www.ndss-symposium.org/ndss2012/ndss-2012-programme/smart-secure-and-minimal-architecture-establishing-dynamic-root-trust/"},{"id":"source-paper-17-vrased","type":"subsequent_scholarly_article","title":"VRASED: A Verified Hardware/Software Co-Design for Remote Attestation","url":"/pubs/2019/vrased_usenixsec2019.pdf","media_type":"application/pdf","year":2019},{"id":"source-paper-17-citations","type":"citation_index_snapshot","title":"ResearchGate citation snapshot","url":"https://www.researchgate.net/publication/266178170_SMART_Secure_and_Minimal_Architecture_for_Establishing_a_Dynamic_Root_of_Trust","retrieved_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-17-question","source_id":"source-paper-17-paper","label":"Problem, design objective, and contribution","locator":"Abstract and Section 1, PDF pages 1-2","url":"/pubs/2012/smart-ndss2012.pdf#page=1"},{"id":"anchor-paper-17-goals","source_id":"source-paper-17-paper","label":"Security goals and hardware building blocks","locator":"Section 2, PDF pages 2-3","url":"/pubs/2012/smart-ndss2012.pdf#page=2"},{"id":"anchor-paper-17-adversary","source_id":"source-paper-17-paper","label":"Software adversary and trusted boundaries","locator":"Sections 2-3, PDF page 3","url":"/pubs/2012/smart-ndss2012.pdf#page=3"},{"id":"anchor-paper-17-protocol","source_id":"source-paper-17-paper","label":"Attestation and guaranteed-execution protocol","locator":"Section 3, PDF pages 3-5","url":"/pubs/2012/smart-ndss2012.pdf#page=3"},{"id":"anchor-paper-17-hardware","source_id":"source-paper-17-paper","label":"Hardware access-control and reset logic","locator":"Section 3.3, PDF pages 6-7","url":"/pubs/2012/smart-ndss2012.pdf#page=6"},{"id":"anchor-paper-17-security","source_id":"source-paper-17-paper","label":"Informal security analysis and assertions A1-A11","locator":"Section 4, PDF pages 6-8","url":"/pubs/2012/smart-ndss2012.pdf#page=6"},{"id":"anchor-paper-17-applications","source_id":"source-paper-17-paper","label":"Protocols built from SMART","locator":"Section 5, PDF pages 8-9","url":"/pubs/2012/smart-ndss2012.pdf#page=8"},{"id":"anchor-paper-17-implementation","source_id":"source-paper-17-paper","label":"AVR and MSP430 implementation","locator":"Section 6.1-6.2, PDF pages 9-10","url":"/pubs/2012/smart-ndss2012.pdf#page=9"},{"id":"anchor-paper-17-evaluation","source_id":"source-paper-17-paper","label":"Timing, code-size, synthesis, and area evaluation","locator":"Section 6.3-6.4 and Tables 1-4, PDF pages 10-12","url":"/pubs/2012/smart-ndss2012.pdf#page=10"},{"id":"anchor-paper-17-limitations","source_id":"source-paper-17-paper","label":"Limitations and future verification work","locator":"Sections 7-8, PDF pages 12-13","url":"/pubs/2012/smart-ndss2012.pdf#page=12"},{"id":"anchor-paper-17-publication","source_id":"source-paper-17-official","label":"Official peer-reviewed publication record","locator":"NDSS 2012 paper page","url":"https://www.ndss-symposium.org/ndss2012/ndss-2012-programme/smart-secure-and-minimal-architecture-establishing-dynamic-root-trust/"},{"id":"anchor-paper-17-lineage","source_id":"source-paper-17-vrased","label":"Later paper's account of SMART as a precursor","locator":"VRASED Section 1 and related-work discussion, PDF pages 1-3","url":"/pubs/2019/vrased_usenixsec2019.pdf#page=1"},{"id":"anchor-paper-17-citations","source_id":"source-paper-17-citations","label":"Citation-count snapshot","locator":"ResearchGate displayed Citations (395), observed 2026-07-11; coverage and version merging may differ from other indexes.","url":"https://www.researchgate.net/publication/266178170_SMART_Secure_and_Minimal_Architecture_for_Establishing_a_Dynamic_Root_of_Trust"}],"nodes":[{"id":"paper-17","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"SMART","summary":"A minimal hardware/software root-of-trust primitive for low-end microcontrollers, accompanied by two modified MCU designs and synthesis results.","source_anchor_ids":["anchor-paper-17-question"]},{"id":"paper-17-question","kind":"question","parent_id":"paper-17","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can remote attestation and controlled execution be made robust to fully compromised software without adding a separate security coprocessor?","source_anchor_ids":["anchor-paper-17-question"]},{"id":"paper-17-answer","kind":"contribution","parent_id":"paper-17","order":2,"epistemic_status":"implemented_and_analytically_supported","title":"Central answer","summary":"Combine immutable attestation software and secret storage with a small hardware monitor that constrains key access, legal entry and exit, interrupts, DMA, and reset behavior.","source_anchor_ids":["anchor-paper-17-protocol","anchor-paper-17-hardware"]},{"id":"paper-17-goals","kind":"scope","parent_id":"paper-17","order":3,"epistemic_status":"explicitly_scoped","title":"Security objectives","summary":"SMART targets prover authentication, external verification of an arbitrary memory interval, and optional guaranteed execution of a verifier-selected routine.","source_anchor_ids":["anchor-paper-17-goals"]},{"id":"paper-17-adversary","kind":"threat_model","parent_id":"paper-17-goals","order":1,"epistemic_status":"defined","title":"Software adversary","summary":"The attacker controls all mutable software, memory, and communications and may coordinate multiple devices, but cannot modify ROM or hardware, extract the protected key, or use physical, fault, or side-channel attacks.","source_anchor_ids":["anchor-paper-17-adversary","anchor-paper-17-limitations"]},{"id":"paper-17-assumptions","kind":"assumption_group","parent_id":"paper-17-goals","order":2,"epistemic_status":"assumed","title":"Provisioning and platform assumptions","summary":"Prover and verifier share a secret provisioned outside the protocol; DMA is disabled during trusted execution, reset and memory erasure work as specified, and the MCU exposes enforceable program-counter and memory-access signals.","source_anchor_ids":["anchor-paper-17-goals","anchor-paper-17-hardware"]},{"id":"paper-17-primitive","kind":"primitive","parent_id":"paper-17","order":4,"epistemic_status":"implemented","title":"Dynamic root-of-trust primitive","summary":"A verifier sends a nonce, memory bounds, code address, and execution flag; ROM code authenticates the request and memory with a shared-key MAC, erases sensitive state, and optionally transfers control atomically to selected code.","source_anchor_ids":["anchor-paper-17-protocol"]},{"id":"paper-17-hardware","kind":"architecture","parent_id":"paper-17","order":5,"epistemic_status":"implemented","title":"Hardware enforcement","summary":"Program-counter-gated key access, restricted ROM entry and exit, interrupt suppression, memory-access checks, and reset-on-violation prevent untrusted code from reusing the key or splicing trusted execution.","source_anchor_ids":["anchor-paper-17-hardware"]},{"id":"paper-17-security","kind":"security_argument","parent_id":"paper-17","order":6,"epistemic_status":"informal_conditional_argument","title":"Security analysis","summary":"Assertions A1-A11 connect hardware behavior, key isolation, atomic execution, and memory erasure to the three objectives. The paper explicitly presents this as an informal analysis, not a formal proof.","source_anchor_ids":["anchor-paper-17-security"]},{"id":"paper-17-applications","kind":"application_group","parent_id":"paper-17","order":7,"epistemic_status":"protocol_sketches","title":"Derived uses","summary":"The paper sketches memory attestation, proof of reset, attested sensor readings, and authenticated key establishment as protocols composed from the SMART primitive.","source_anchor_ids":["anchor-paper-17-applications"]},{"id":"paper-17-implementation","kind":"implementation","parent_id":"paper-17","order":8,"epistemic_status":"implemented","title":"Two MCU realizations","summary":"Open-source AVR and MSP430 cores are modified with fewer than 200 lines of HDL changes, and the trusted ROM routine is roughly 500 C lines compiled into 4-6 KB.","source_anchor_ids":["anchor-paper-17-implementation","anchor-paper-17-evaluation"]},{"id":"paper-17-evidence-runtime","kind":"empirical_evidence","parent_id":"paper-17","order":9,"epistemic_status":"measured_in_simulation","title":"Attestation runtime","summary":"At 8 MHz, reported HMAC-based times are about 48 ms for 32 bytes, 160 ms for 512 bytes, and 287 ms for 1 KB, making protected-memory size a primary runtime factor.","source_anchor_ids":["anchor-paper-17-evaluation"]},{"id":"paper-17-evidence-area","kind":"empirical_evidence","parent_id":"paper-17","order":10,"epistemic_status":"synthesized","title":"Hardware overhead","summary":"A 180 nm synthesis reports roughly 10% whole-MCU area overhead for both platforms; isolating core-logic changes gives about 2.6% for AVR and 9.2% for MSP430, with memory-access control dominating.","source_anchor_ids":["anchor-paper-17-evaluation"]},{"id":"paper-17-limitations","kind":"limitation_group","parent_id":"paper-17","order":11,"epistemic_status":"explicitly_reported","title":"Proof and deployment boundaries","summary":"The chips were simulated and synthesized rather than fabricated, HMAC cost can be material, physical attacks are excluded, and full formal verification plus broader experiments are identified as future work.","source_anchor_ids":["anchor-paper-17-limitations"]},{"id":"paper-17-artifacts","kind":"artifact_group","parent_id":"paper-17","order":12,"epistemic_status":"implementation_described_not_released","title":"Artifacts","summary":"The paper describes modified HDL cores, C code, synthesis tooling, and benchmarks, but this audit did not locate a public SMART source repository or immutable implementation bundle.","source_anchor_ids":["anchor-paper-17-implementation","anchor-paper-17-evaluation"]},{"id":"paper-17-scrutiny","kind":"scrutiny","parent_id":"paper-17","order":13,"epistemic_status":"venue_reviewed_and_followed_on","title":"External scrutiny and reception","summary":"SMART appeared at NDSS, is explicitly treated as a precursor by later verified-attestation work, and ResearchGate reports 395 citations; review reports and a direct independent reproduction were not audited.","source_anchor_ids":["anchor-paper-17-publication","anchor-paper-17-lineage","anchor-paper-17-citations"]},{"id":"paper-17-lineage","kind":"lineage","parent_id":"paper-17","order":14,"epistemic_status":"documented_by_later_primary_work","title":"Path to formally verified attestation","summary":"VRASED later retains SMART's minimal hybrid architecture while formalizing properties and model-checking the hardware enforcement path, directly addressing SMART's stated verification gap.","source_anchor_ids":["anchor-paper-17-limitations","anchor-paper-17-lineage"]}],"relations":[{"id":"paper-17-relation-hardware-enables-primitive","type":"enables","from_id":"paper-17-hardware","to_id":"paper-17-primitive"},{"id":"paper-17-relation-security-supports-answer","type":"supports","from_id":"paper-17-security","to_id":"paper-17-answer"},{"id":"paper-17-relation-implementation-supports-answer","type":"supports","from_id":"paper-17-implementation","to_id":"paper-17-answer"},{"id":"paper-17-relation-runtime-supports-implementation","type":"supports","from_id":"paper-17-evidence-runtime","to_id":"paper-17-implementation"},{"id":"paper-17-relation-area-supports-implementation","type":"supports","from_id":"paper-17-evidence-area","to_id":"paper-17-implementation"},{"id":"paper-17-relation-limitations-qualify-security","type":"qualifies","from_id":"paper-17-limitations","to_id":"paper-17-security"},{"id":"paper-17-relation-smart-precedes-vrased","type":"precedes","from_id":"paper-17","to_id":"paper-17-lineage"}],"assessment":{"id":"paper-17-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"SMART combines an explicit threat model and security-assertion chain with two HDL implementations, timing measurements, and synthesis results. The security case is informal, the chips were not fabricated, artifacts were not located, and physical attacks are excluded.","basis_source_anchor_ids":["anchor-paper-17-security","anchor-paper-17-implementation","anchor-paper-17-evaluation","anchor-paper-17-limitations"]},{"id":"auditability","level":"high","rationale":"A complete author copy is checked into the site with source route, page count, and SHA-256 identity. Architecture, assertions, and evaluation tables are inspectable, although implementation source and synthesis scripts were not located.","basis_source_anchor_ids":["anchor-paper-17-protocol","anchor-paper-17-security","anchor-paper-17-evaluation"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, an author-hosted paper, and the NDSS record establish baseline provenance. Contributor roles, source revisions, synthesis artifacts, and tool versions are not fully documented.","basis_source_anchor_ids":["anchor-paper-17-question","anchor-paper-17-publication"]},{"id":"external_scrutiny","level":"high","rationale":"The work passed NDSS review, has an extensive follow-on citation trail, and its verification gap was explicitly addressed by later primary research such as VRASED. Direct review reports and an independent reproduction were not audited.","basis_source_anchor_ids":["anchor-paper-17-publication","anchor-paper-17-lineage","anchor-paper-17-citations"]},{"id":"reception","level":"high","rationale":"ResearchGate displayed 395 citations on 2026-07-11, far above the rubric's 11-citation high threshold. The count is index-specific and citing contexts were not reviewed.","basis_source_anchor_ids":["anchor-paper-17-citations"]},{"id":"contribution_significance","level":"high","rationale":"SMART established a widely cited minimal hybrid root-of-trust architecture for low-end devices and became a documented precursor to formally verified remote-attestation systems.","basis_source_anchor_ids":["anchor-paper-17-question","anchor-paper-17-lineage","anchor-paper-17-citations"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"researchgate_publication_page","citation_count":395,"source":"ResearchGate publication page","signals":["ResearchGate displayed Citations (395).","The later VRASED paper identifies SMART as a direct architectural precursor."],"limitation":"ResearchGate coverage and version merging differ from other indexes; citation contexts, deployed implementations, and independent reproductions were not systematically audited."}},"paper_18":{"schema_version":"0.1","map_id":"paper-18-map","publication_id":18,"publication_anchor":"paper-18","slug":"paper-18","canonical_path":"/knowledge/papers/paper-18/","machine_path":"/knowledge/papers/paper-18.json","root_node_id":"paper-18","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"Secure and Privacy-Preserving Querying of Content in MANETs","year":2012,"venue":"IEEE International Conference on Technologies for Homeland Security (HST)","topic":"privacy-identity","labels":["Theory"],"authors":["Karim Eldefrawy","Gavin Holland"],"keywords":["private search","MANETs","access control"],"research_question":"How can a node locate distributed MANET content through direct queries or subscriptions without revealing its search terms or access pattern to honest-but-curious peers, while ensuring it learns only fields authorized by policy?","central_answer":"The paper composes secure pattern matching with a query-policy enforcement mechanism. Encrypted metadata queries support both PULL and PUSH discovery, while attribute keys and additive shares let a requester reconstruct an answer only when authorized for every selected field. The design is a protocol architecture under an honest-but-curious model; the audited paper does not supply a reduction-style security proof, implementation, or performance evaluation.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, protocol decomposition, evidence linking, and initial assessment"}],"method":"Source-grounded review of the complete public author-uploaded conference paper and its official DOI record, plus a dated ResearchGate citation snapshot. The author route exposes readable full text but no immutable local file identity was recorded.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source-linked map awaiting author verification; technical summaries and ratings may be revised before approval."}},"sources":[{"id":"source-paper-18-author","type":"author_hosted_copy","title":"Secure and Privacy-Preserving Querying of Content in MANETs","url":"https://www.researchgate.net/publication/261493217_Secure_and_privacy-preserving_querying_of_content_in_MANETs","provenance_category":"author","retrieved_at":"2026-07-11"},{"id":"source-paper-18-official","type":"publication_record","title":"IEEE HST 2012 publisher record","url":"https://doi.org/10.1109/THS.2012.6459917"},{"id":"source-paper-18-citations","type":"citation_index_snapshot","title":"ResearchGate citation snapshot","url":"https://www.researchgate.net/publication/261493217_Secure_and_privacy-preserving_querying_of_content_in_MANETs","retrieved_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-18-question","source_id":"source-paper-18-author","label":"Problem and PUSH/PULL contribution","locator":"Abstract and Section I, conference PDF pages 1-2 in the author-uploaded full text","url":"https://www.researchgate.net/publication/261493217_Secure_and_privacy-preserving_querying_of_content_in_MANETs"},{"id":"anchor-paper-18-model","source_id":"source-paper-18-author","label":"Content-centric MANET and honest-but-curious model","locator":"Section II, especially Section II.B, conference PDF pages 2-3","url":"https://www.researchgate.net/publication/261493217_Secure_and_privacy-preserving_querying_of_content_in_MANETs"},{"id":"anchor-paper-18-spm","source_id":"source-paper-18-author","label":"Secure pattern-matching building block","locator":"Section III.A, conference PDF page 3","url":"https://www.researchgate.net/publication/261493217_Secure_and_privacy-preserving_querying_of_content_in_MANETs"},{"id":"anchor-paper-18-qpe","source_id":"source-paper-18-author","label":"Query-policy enforcement construction","locator":"Section III.B, conference PDF pages 3-4","url":"https://www.researchgate.net/publication/261493217_Secure_and_privacy-preserving_querying_of_content_in_MANETs"},{"id":"anchor-paper-18-metadata","source_id":"source-paper-18-author","label":"Encrypted content and metadata representation","locator":"Section III.C, conference PDF page 4","url":"https://www.researchgate.net/publication/261493217_Secure_and_privacy-preserving_querying_of_content_in_MANETs"},{"id":"anchor-paper-18-protocols","source_id":"source-paper-18-author","label":"PULL query and PUSH subscription protocols","locator":"Section III.D, conference PDF pages 4-5","url":"https://www.researchgate.net/publication/261493217_Secure_and_privacy-preserving_querying_of_content_in_MANETs"},{"id":"anchor-paper-18-limitations","source_id":"source-paper-18-author","label":"Security scope, dependencies, and conclusion","locator":"Sections II-III and conclusion, author-uploaded conference full text","url":"https://www.researchgate.net/publication/261493217_Secure_and_privacy-preserving_querying_of_content_in_MANETs"},{"id":"anchor-paper-18-publication","source_id":"source-paper-18-official","label":"Official peer-reviewed publication record","locator":"IEEE HST 2012, DOI record","url":"https://doi.org/10.1109/THS.2012.6459917"},{"id":"anchor-paper-18-citations","source_id":"source-paper-18-citations","label":"Citation-count snapshot","locator":"ResearchGate reported that it had not resolved citations and displayed Citations (0), observed 2026-07-11; this is index-specific.","url":"https://www.researchgate.net/publication/261493217_Secure_and_privacy-preserving_querying_of_content_in_MANETs"}],"nodes":[{"id":"paper-18","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Private MANET content discovery","summary":"A protocol architecture for privately finding and selectively revealing peer-to-peer content in mobile ad hoc networks.","source_anchor_ids":["anchor-paper-18-question"]},{"id":"paper-18-question","kind":"question","parent_id":"paper-18","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can content be queried or subscribed to without exposing search terms, matches, locations, or unauthorized fields to intermediate and responding peers?","source_anchor_ids":["anchor-paper-18-question"]},{"id":"paper-18-answer","kind":"contribution","parent_id":"paper-18","order":2,"epistemic_status":"construction_proposed","title":"Central answer","summary":"Compose privacy-preserving pattern matching for discovery with cryptographic policy enforcement for field-level release, then use the composition in both request-driven PULL and subscription-driven PUSH flows.","source_anchor_ids":["anchor-paper-18-spm","anchor-paper-18-qpe","anchor-paper-18-protocols"]},{"id":"paper-18-scope","kind":"scope","parent_id":"paper-18","order":3,"epistemic_status":"explicitly_scoped","title":"Content-centric MANET setting","summary":"Content and metadata are replicated among cooperating peers without fixed infrastructure, and a compromised or curious node may observe searches and cached material.","source_anchor_ids":["anchor-paper-18-model"]},{"id":"paper-18-adversary","kind":"threat_model","parent_id":"paper-18-scope","order":1,"epistemic_status":"defined","title":"Honest-but-curious participants","summary":"Participants follow the specified protocol but try to infer queries, matches, content location, popularity, or unauthorized attributes from messages and local state. Malicious deviation is not addressed.","source_anchor_ids":["anchor-paper-18-model"]},{"id":"paper-18-primitive-spm","kind":"primitive","parent_id":"paper-18","order":4,"epistemic_status":"assumed_from_prior_work","title":"Secure pattern matching","summary":"The construction assumes a secure pattern-matching primitive supporting exact, wildcard, substring, and range-style metadata queries while hiding the pattern from the holder.","source_anchor_ids":["anchor-paper-18-spm"]},{"id":"paper-18-primitive-qpe","kind":"scheme","parent_id":"paper-18","order":5,"epistemic_status":"proposed","title":"Query-policy enforcement","summary":"The responder encrypts the answer under a one-time key, divides that key into additive shares for requested attributes, and encrypts each share under the corresponding attribute key; reconstruction succeeds only with all required authorizations.","source_anchor_ids":["anchor-paper-18-qpe"]},{"id":"paper-18-metadata","kind":"data_model","parent_id":"paper-18","order":6,"epistemic_status":"specified","title":"Protected content record","summary":"Metadata carries description, tags, group, index, and a globally unique identifier; content is encrypted, a hash binds the ciphertext, and a signature authenticates the metadata record.","source_anchor_ids":["anchor-paper-18-metadata"]},{"id":"paper-18-pull","kind":"protocol","parent_id":"paper-18","order":7,"epistemic_status":"proposed","title":"Private PULL query","summary":"A requester disseminates an encrypted query; peers securely match it against metadata and return encrypted match indicators or references that only an authorized requester can interpret.","source_anchor_ids":["anchor-paper-18-protocols"]},{"id":"paper-18-push","kind":"protocol","parent_id":"paper-18","order":8,"epistemic_status":"proposed","title":"Private PUSH subscription","summary":"A node advertises an encrypted interest, and newly generated content is privately matched to that interest before an authorized result is returned.","source_anchor_ids":["anchor-paper-18-protocols"]},{"id":"paper-18-security","kind":"security_argument","parent_id":"paper-18","order":9,"epistemic_status":"compositional_informal_argument","title":"Security basis","summary":"Privacy and authorization are argued by composition of assumed secure pattern matching, homomorphic encryption, secret sharing, symmetric encryption, hashing, signatures, and pre-distributed attribute keys.","source_anchor_ids":["anchor-paper-18-spm","anchor-paper-18-qpe","anchor-paper-18-protocols"]},{"id":"paper-18-evidence","kind":"evidence_group","parent_id":"paper-18","order":10,"epistemic_status":"construction_only","title":"Evidence supplied","summary":"The paper specifies data structures and message flows and explains how their primitives fit together; it does not report an implementation, benchmark, simulation, reduction-style proof, or machine-checked model.","source_anchor_ids":["anchor-paper-18-qpe","anchor-paper-18-protocols","anchor-paper-18-limitations"]},{"id":"paper-18-limitations","kind":"limitation_group","parent_id":"paper-18","order":11,"epistemic_status":"material","title":"Trusted and untested boundaries","summary":"Security excludes malicious participants, depends on correct key and policy distribution and the assumed 5PM-style primitive, and leaves traffic cost, scalability, compromise recovery, metadata leakage, and concrete performance unevaluated.","source_anchor_ids":["anchor-paper-18-model","anchor-paper-18-limitations"]},{"id":"paper-18-artifacts","kind":"artifact_group","parent_id":"paper-18","order":12,"epistemic_status":"paper_only","title":"Artifacts","summary":"A complete author-uploaded full text is public. No implementation, policy dataset, benchmark, formal model, or immutable local paper copy is linked.","source_anchor_ids":["anchor-paper-18-question","anchor-paper-18-limitations"]},{"id":"paper-18-scrutiny","kind":"scrutiny","parent_id":"paper-18","order":13,"epistemic_status":"venue_reviewed","title":"External scrutiny and reception","summary":"The architecture appeared at IEEE HST 2012. ResearchGate resolved no citations for this record as of the snapshot, and this audit found no independent implementation or security analysis.","source_anchor_ids":["anchor-paper-18-publication","anchor-paper-18-citations"]},{"id":"paper-18-lineage","kind":"lineage","parent_id":"paper-18","order":14,"epistemic_status":"documented_in_source","title":"Research lineage","summary":"The paper applies general secure-pattern-matching research to mobile content discovery and adds field-level access control, connecting cryptographic private search to MANET dissemination.","source_anchor_ids":["anchor-paper-18-question","anchor-paper-18-spm","anchor-paper-18-qpe"]}],"relations":[{"id":"paper-18-relation-spm-enables-pull","type":"enables","from_id":"paper-18-primitive-spm","to_id":"paper-18-pull"},{"id":"paper-18-relation-spm-enables-push","type":"enables","from_id":"paper-18-primitive-spm","to_id":"paper-18-push"},{"id":"paper-18-relation-qpe-enforces-pull","type":"constrains","from_id":"paper-18-primitive-qpe","to_id":"paper-18-pull"},{"id":"paper-18-relation-qpe-enforces-push","type":"constrains","from_id":"paper-18-primitive-qpe","to_id":"paper-18-push"},{"id":"paper-18-relation-protocols-support-answer","type":"supports","from_id":"paper-18-pull","to_id":"paper-18-answer"},{"id":"paper-18-relation-evidence-qualifies-answer","type":"qualifies","from_id":"paper-18-evidence","to_id":"paper-18-answer"},{"id":"paper-18-relation-limitations-qualify-security","type":"qualifies","from_id":"paper-18-limitations","to_id":"paper-18-security"}],"assessment":{"id":"paper-18-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"low","rationale":"The paper gives a concrete compositional protocol architecture and explicit honest-but-curious scope, but no formal reduction, implementation, simulation, benchmark, or independent validation is supplied.","basis_source_anchor_ids":["anchor-paper-18-model","anchor-paper-18-qpe","anchor-paper-18-protocols","anchor-paper-18-limitations"]},{"id":"auditability","level":"high","rationale":"A complete author-uploaded full text makes the model, data structures, and protocol flows directly inspectable. No immutable local binary, code, test vectors, or proof artifact is recorded.","basis_source_anchor_ids":["anchor-paper-18-question","anchor-paper-18-protocols","anchor-paper-18-limitations"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, an author-uploaded paper, and the IEEE DOI establish baseline provenance. Contributor roles, revision history, key-policy artifacts, and tool use are not documented.","basis_source_anchor_ids":["anchor-paper-18-question","anchor-paper-18-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"Publication at IEEE HST indicates venue scrutiny, but review reports, corrections, formal follow-up, independent analysis, and implementation evidence were not located.","basis_source_anchor_ids":["anchor-paper-18-publication"]},{"id":"reception","level":"low","rationale":"ResearchGate displayed zero resolved citations on 2026-07-11, which falls in the rubric's 0-8 low band. This index-specific result is not proof that no citation exists elsewhere.","basis_source_anchor_ids":["anchor-paper-18-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The paper connects private search and field-level authorization to both PUSH and PULL MANET workflows, but feasibility and security remain unvalidated beyond the construction-level argument.","basis_source_anchor_ids":["anchor-paper-18-question","anchor-paper-18-qpe","anchor-paper-18-protocols","anchor-paper-18-limitations"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"researchgate_publication_page","citation_count":0,"source":"ResearchGate publication page","signals":["ResearchGate stated that it had not resolved citations for this publication and displayed Citations (0)."],"limitation":"This is an index-specific located count, not a claim of zero citations across all scholarly databases; title variants and proceedings metadata may prevent matching."}},"paper_19":{"schema_version":"0.1","map_id":"paper-19-map","publication_id":19,"publication_anchor":"paper-19","slug":"paper-19","canonical_path":"/knowledge/papers/paper-19/","machine_path":"/knowledge/papers/paper-19.json","root_node_id":"paper-19","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol","primitive"],"title":"5PM: Secure Pattern Matching","year":2012,"venue":"8th Conference on Security and Cryptography for Networks (SCN)","topic":"secure-encrypted-computation","labels":["Theory"],"authors":["Joshua Baron","Karim Eldefrawy","Kirill Minkovich","Rafail Ostrovsky","Eric Tressler"],"keywords":["secure pattern matching","homomorphic encryption"],"research_question":"Can two parties privately evaluate expressive pattern queries—exact match, single-character wildcards, non-binary substring/Hamming matching, and optionally hidden pattern length—with communication below the size of a generic matching circuit and security against malicious participants?","central_answer":"5PM turns pattern matching into linear operations over character-delay vectors and an activation vector, enabling an honest-but-curious protocol from generic additively homomorphic encryption and a malicious protocol from threshold ElGamal plus zero-knowledge proofs. The source proves conditional security and gives sublinear-in-circuit communication and low round counts; only the honest-but-curious variant is implemented and benchmarked in the audited full version.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, protocol and proof decomposition, evidence linking, and initial assessment"}],"method":"Source-grounded review of the complete public IACR ePrint full version, the SCN publisher record, an author-uploaded full-text route, and a dated ResearchGate citation snapshot. Proof statements and benchmarks were inspected but not independently re-proved or rerun.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source-linked map awaiting author verification; technical summaries and ratings may be revised before approval."}},"sources":[{"id":"source-paper-19-eprint","type":"scholarly_preprint","title":"5PM: Secure Pattern Matching, full version","url":"https://eprint.iacr.org/2012/698.pdf","media_type":"application/pdf","page_count":51,"provenance_category":"public_archive","retrieved_at":"2026-07-11"},{"id":"source-paper-19-official","type":"publication_record","title":"SCN 2012 publisher record","url":"https://doi.org/10.1007/978-3-642-32928-9_13"},{"id":"source-paper-19-author","type":"author_hosted_copy","title":"ResearchGate author-uploaded full text","url":"https://www.researchgate.net/publication/266956911_5PM_Secure_Pattern_Matching","provenance_category":"author","retrieved_at":"2026-07-11"},{"id":"source-paper-19-journal","type":"subsequent_publication_record","title":"Journal of Computer Security full-version record","url":"https://journals.sagepub.com/doi/10.3233/JCS-130481","year":2013},{"id":"source-paper-19-citations","type":"citation_index_snapshot","title":"ResearchGate citation snapshot","url":"https://www.researchgate.net/publication/266956911_5PM_Secure_Pattern_Matching","retrieved_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-19-question","source_id":"source-paper-19-eprint","label":"Problem, functionality, and claimed contributions","locator":"Abstract and Section 1, PDF pages 1-4","url":"https://eprint.iacr.org/2012/698.pdf#page=1"},{"id":"anchor-paper-19-ipm","source_id":"source-paper-19-eprint","label":"Insecure pattern-matching algorithm and character-delay vectors","locator":"Section 2.1, PDF pages 5-7","url":"https://eprint.iacr.org/2012/698.pdf#page=5"},{"id":"anchor-paper-19-linear","source_id":"source-paper-19-eprint","label":"Linear-algebra formulation and Stretch/Cut/ColSum operations","locator":"Sections 2.2-2.3, PDF pages 7-10","url":"https://eprint.iacr.org/2012/698.pdf#page=7"},{"id":"anchor-paper-19-hbc","source_id":"source-paper-19-eprint","label":"Honest-but-curious 5PM protocol","locator":"Section 3.2, PDF pages 11-12","url":"https://eprint.iacr.org/2012/698.pdf#page=11"},{"id":"anchor-paper-19-malicious","source_id":"source-paper-19-eprint","label":"Malicious-static-corruption protocol and zero-knowledge checks","locator":"Section 3.3, PDF pages 12-16","url":"https://eprint.iacr.org/2012/698.pdf#page=12"},{"id":"anchor-paper-19-theorems","source_id":"source-paper-19-eprint","label":"Security theorems and complexity claims","locator":"Theorems 1-2 and Section 4, PDF pages 12-18","url":"https://eprint.iacr.org/2012/698.pdf#page=12"},{"id":"anchor-paper-19-proofs","source_id":"source-paper-19-eprint","label":"Simulation-based proof details","locator":"Proof sections and appendices, PDF pages 32-48","url":"https://eprint.iacr.org/2012/698.pdf#page=32"},{"id":"anchor-paper-19-implementation","source_id":"source-paper-19-eprint","label":"Honest-but-curious implementation and benchmark tables","locator":"Implementation section and Table 13, PDF pages 48-50","url":"https://eprint.iacr.org/2012/698.pdf#page=48"},{"id":"anchor-paper-19-publication","source_id":"source-paper-19-official","label":"Official conference publication record","locator":"SCN 2012, pages 222-240, DOI record","url":"https://doi.org/10.1007/978-3-642-32928-9_13"},{"id":"anchor-paper-19-journal","source_id":"source-paper-19-journal","label":"Subsequent journal full-version record","locator":"Journal of Computer Security 21(5), pages 601-625","url":"https://journals.sagepub.com/doi/10.3233/JCS-130481"},{"id":"anchor-paper-19-citations","source_id":"source-paper-19-citations","label":"Citation-count snapshot","locator":"ResearchGate displayed Citations (56), observed 2026-07-11; coverage and merging of conference, ePrint, and journal versions may differ from other indexes.","url":"https://www.researchgate.net/publication/266956911_5PM_Secure_Pattern_Matching"}],"nodes":[{"id":"paper-19","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"5PM","summary":"A two-party secure pattern-matching protocol family based on an algebraic reduction and additively homomorphic encryption.","source_anchor_ids":["anchor-paper-19-question"]},{"id":"paper-19-question","kind":"question","parent_id":"paper-19","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can expressive non-binary pattern search be securely computed with communication linear in text-plus-pattern length rather than linear in a quadratic generic circuit?","source_anchor_ids":["anchor-paper-19-question"]},{"id":"paper-19-answer","kind":"contribution","parent_id":"paper-19","order":2,"epistemic_status":"formally_supported","title":"Central answer","summary":"Represent candidate matches as linear matrix/vector operations over character-delay vectors, then evaluate those operations homomorphically with protocol-specific checks for semi-honest or malicious behavior.","source_anchor_ids":["anchor-paper-19-linear","anchor-paper-19-hbc","anchor-paper-19-malicious"]},{"id":"paper-19-scope","kind":"scope","parent_id":"paper-19","order":3,"epistemic_status":"explicitly_scoped","title":"Functionality and parties","summary":"A server holds text of length n and a client holds a pattern of length m over an arbitrary alphabet; outputs can represent exact, single-wildcard, substring/Hamming matches, with optional pattern-length hiding.","source_anchor_ids":["anchor-paper-19-question"]},{"id":"paper-19-adversary","kind":"threat_model","parent_id":"paper-19-scope","order":1,"epistemic_status":"defined","title":"Semi-honest and malicious models","summary":"Separate constructions address honest-but-curious behavior and static malicious corruption in the stand-alone model; privacy is defined through simulation and allowed leakage such as public length bounds.","source_anchor_ids":["anchor-paper-19-hbc","anchor-paper-19-malicious","anchor-paper-19-proofs"]},{"id":"paper-19-primitive-ipm","kind":"primitive","parent_id":"paper-19","order":4,"epistemic_status":"algorithmically_defined","title":"Character-delay-vector matching","summary":"Each pattern character creates delayed contributions to an activation vector; a match is detected where the accumulated value equals the pattern length, with adjustments for wildcards and allowed Hamming distance.","source_anchor_ids":["anchor-paper-19-ipm"]},{"id":"paper-19-primitive-linear","kind":"primitive","parent_id":"paper-19","order":5,"epistemic_status":"proposed","title":"Linear-algebra reduction","summary":"Matrix multiplication followed by Stretch, Cut, and column summation expresses matching using additions and scalar products compatible with additive homomorphism.","source_anchor_ids":["anchor-paper-19-linear"]},{"id":"paper-19-protocol-hbc","kind":"protocol","parent_id":"paper-19","order":6,"epistemic_status":"proven_conditional_and_implemented","title":"Two-round honest-but-curious protocol","summary":"The client encrypts preprocessed pattern material, the server evaluates the linear matching computation over ciphertexts, and the client decrypts the blinded result; security relies on semantic security of the chosen additive homomorphic scheme.","source_anchor_ids":["anchor-paper-19-hbc","anchor-paper-19-theorems"]},{"id":"paper-19-protocol-malicious","kind":"protocol","parent_id":"paper-19","order":7,"epistemic_status":"proven_conditional_not_implemented","title":"Eight-round malicious protocol","summary":"Threshold ElGamal, commitments, and interleaved zero-knowledge arguments constrain both parties to well-formed encrypted inputs and protocol steps while preserving the algebraic matching path.","source_anchor_ids":["anchor-paper-19-malicious","anchor-paper-19-theorems"]},{"id":"paper-19-claim-security-hbc","kind":"formal_claim","parent_id":"paper-19","order":8,"epistemic_status":"theorem_in_source","title":"Semi-honest security","summary":"Theorem 1 establishes simulation-based security of the honest-but-curious construction assuming a semantically secure additively homomorphic encryption scheme over the specified group.","source_anchor_ids":["anchor-paper-19-theorems","anchor-paper-19-proofs"]},{"id":"paper-19-claim-security-malicious","kind":"formal_claim","parent_id":"paper-19","order":9,"epistemic_status":"theorem_in_source","title":"Malicious security","summary":"Theorem 2 establishes security of the malicious construction under the Decisional Diffie-Hellman assumption and the soundness/zero-knowledge properties of its proof subprotocols.","source_anchor_ids":["anchor-paper-19-theorems","anchor-paper-19-proofs"]},{"id":"paper-19-claim-complexity","kind":"formal_claim","parent_id":"paper-19","order":10,"epistemic_status":"asymptotic_analysis","title":"Communication and round complexity","summary":"The malicious construction uses O((m+n)k^2) bandwidth and O(m+n) encryptions and completes in eight rounds; the honest-but-curious construction completes in two rounds, with computational work still scaling with pattern-text interactions.","source_anchor_ids":["anchor-paper-19-question","anchor-paper-19-theorems"]},{"id":"paper-19-evidence-proof","kind":"formal_evidence","parent_id":"paper-19","order":11,"epistemic_status":"human_proof","title":"Simulation proof chain","summary":"The full version supplies hybrid/simulator arguments for the protocol components and their composition; this map records the chain but does not independently verify every proof step.","source_anchor_ids":["anchor-paper-19-proofs"]},{"id":"paper-19-evidence-implementation","kind":"empirical_evidence","parent_id":"paper-19","order":12,"epistemic_status":"measured_prototype","title":"Honest-but-curious prototype","summary":"A C++ Paillier-based implementation on a dual quad-core 2.93 GHz machine reports, for alphabet 36, pattern 100, and text 10,000, about 7.55 seconds at 1024-bit keys and 25.01 seconds at 2048-bit keys.","source_anchor_ids":["anchor-paper-19-implementation"]},{"id":"paper-19-limitations","kind":"limitation_group","parent_id":"paper-19","order":13,"epistemic_status":"material","title":"Implementation and evidence limits","summary":"The malicious protocol is not implemented in the reported evaluation, benchmarks use an older single-machine setup, preprocessing and key generation are separated from online totals, and no public code or independent reproduction was located.","source_anchor_ids":["anchor-paper-19-implementation"]},{"id":"paper-19-artifacts","kind":"artifact_group","parent_id":"paper-19","order":14,"epistemic_status":"paper_and_proof_only","title":"Artifacts","summary":"The IACR full version exposes detailed constructions, proofs, and benchmark tables; an author-uploaded full text is also public, but no code repository, test vectors, or locally fixed PDF was obtained.","source_anchor_ids":["anchor-paper-19-proofs","anchor-paper-19-implementation"]},{"id":"paper-19-scrutiny","kind":"scrutiny","parent_id":"paper-19","order":15,"epistemic_status":"conference_and_journal_reviewed","title":"External scrutiny and reception","summary":"A preliminary version appeared at SCN 2012, a full version later appeared in the Journal of Computer Security, and ResearchGate reports 56 citations; review reports and independent proof/implementation audits were not inspected.","source_anchor_ids":["anchor-paper-19-publication","anchor-paper-19-journal","anchor-paper-19-citations"]},{"id":"paper-19-lineage","kind":"lineage","parent_id":"paper-19","order":16,"epistemic_status":"documented","title":"Research lineage","summary":"5PM contributes a reusable linear representation for secure string search and supplies the cryptographic search primitive later used and surveyed in application-oriented private-search work.","source_anchor_ids":["anchor-paper-19-question","anchor-paper-19-linear"]}],"relations":[{"id":"paper-19-relation-ipm-enables-linear","type":"enables","from_id":"paper-19-primitive-ipm","to_id":"paper-19-primitive-linear"},{"id":"paper-19-relation-linear-enables-hbc","type":"enables","from_id":"paper-19-primitive-linear","to_id":"paper-19-protocol-hbc"},{"id":"paper-19-relation-linear-enables-malicious","type":"enables","from_id":"paper-19-primitive-linear","to_id":"paper-19-protocol-malicious"},{"id":"paper-19-relation-proof-supports-hbc","type":"supports","from_id":"paper-19-evidence-proof","to_id":"paper-19-claim-security-hbc"},{"id":"paper-19-relation-proof-supports-malicious","type":"supports","from_id":"paper-19-evidence-proof","to_id":"paper-19-claim-security-malicious"},{"id":"paper-19-relation-implementation-supports-hbc","type":"supports","from_id":"paper-19-evidence-implementation","to_id":"paper-19-protocol-hbc"},{"id":"paper-19-relation-limitations-qualify-answer","type":"qualifies","from_id":"paper-19-limitations","to_id":"paper-19-answer"}],"assessment":{"id":"paper-19-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The full version provides explicit functionality and adversary models, theorem statements, extensive simulation-based proofs, asymptotic analysis, and an honest-but-curious implementation with benchmarks. The malicious variant is not implemented and neither proof nor benchmark was independently reproduced in this audit.","basis_source_anchor_ids":["anchor-paper-19-theorems","anchor-paper-19-proofs","anchor-paper-19-implementation"]},{"id":"auditability","level":"high","rationale":"A complete IACR full version and an author-uploaded full text make the construction, proofs, and benchmarks directly inspectable. This audit did not obtain a locally hashed binary or public implementation source.","basis_source_anchor_ids":["anchor-paper-19-question","anchor-paper-19-proofs","anchor-paper-19-implementation"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, public ePrint, conference DOI, author upload, and later journal record establish a clear publication lineage. Contributor roles, code versions, benchmark scripts, and revision history are not documented.","basis_source_anchor_ids":["anchor-paper-19-question","anchor-paper-19-publication","anchor-paper-19-journal"]},{"id":"external_scrutiny","level":"high","rationale":"The work passed SCN review, received a journal full-version publication, and has a substantial citation trail. Review reports, independent proof checking, and implementation replication were not located.","basis_source_anchor_ids":["anchor-paper-19-publication","anchor-paper-19-journal","anchor-paper-19-citations"]},{"id":"reception","level":"high","rationale":"ResearchGate displayed 56 citations on 2026-07-11, exceeding the rubric's 11-citation high threshold. The count may merge conference, ePrint, and journal versions, and citing contexts were not reviewed.","basis_source_anchor_ids":["anchor-paper-19-citations"]},{"id":"contribution_significance","level":"high","rationale":"The work provides a general algebraic primitive, malicious-security construction, favorable communication/round complexity, and a prototype, and it has a sustained citation and publication trail.","basis_source_anchor_ids":["anchor-paper-19-question","anchor-paper-19-theorems","anchor-paper-19-implementation","anchor-paper-19-citations"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"researchgate_publication_page","citation_count":56,"source":"ResearchGate publication page","signals":["ResearchGate displayed Citations (56).","A full version subsequently appeared in the Journal of Computer Security."],"limitation":"ResearchGate may merge the conference, IACR ePrint, and journal versions differently from other indexes; citing contexts, polarity, proof reuse, and software adoption were not audited."}},"paper_2":{"schema_version":"0.1","map_id":"paper-2-map","publication_id":2,"publication_anchor":"paper-2","slug":"paper-2","canonical_path":"/knowledge/papers/paper-2/","machine_path":"/knowledge/papers/paper-2.json","root_node_id":"paper-2","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"Proposal for a Cross-Layer Coordination Framework for Next Generation Wireless Systems","year":2006,"venue":"International Conference on Wireless Communications and Mobile Computing (IWCMC)","topic":"secure-systems-networks","labels":["Applied"],"authors":["Karim Eldefrawy","Magda El Zarki","Mohamed M. Khairy"],"keywords":["cross-layer design","wireless systems","protocol architecture"],"research_question":"How can non-adjacent layers in a wireless protocol stack exchange events and state for adaptation without discarding modular layer boundaries or hard-wiring each cross-layer algorithm into the stack?","central_answer":"Introduce a local cross-layer coordination server, attach a client to each protocol layer, exchange prioritized TLV event messages through the server, and keep adaptation logic and abstracted layer state inside the clients.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"source extraction, evidence linking, and initial assessment"}],"method":"Source-grounded review of the full paper body exposed by the public CiteSeerX archive and author-upload index, together with the official DOI record. The archive's binary download was unavailable during this run, so local fixity and visual pagination are not claimed.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-drafted, source-linked map awaiting author verification before approval."}},"sources":[{"id":"source-paper-2-full-text","type":"public_archive_record","title":"Proposal for a Cross-Layer Coordination Framework for Next Generation Wireless Systems","url":"https://citeseerx.ist.psu.edu/document?doi=5c6faed11ce6a9d687bfdbb5f1a0b253c5628995&repid=rep1&type=pdf","version_note":"Full text indexed by CiteSeerX; binary retrieval was blocked by the archive during this audit."},{"id":"source-paper-2-official","type":"official_publication_record","title":"ACM DOI record","url":"https://doi.org/10.1145/1143549.1143580"},{"id":"source-paper-2-citations","type":"citation_search","title":"Dated scholarly-web citation search","url":"https://scholar.google.com/scholar?q=%22Proposal+for+a+Cross-Layer+Coordination+Framework+for+Next+Generation+Wireless+Systems%22","version_note":"Search attempted 2026-07-11; no transparent citation count was retrievable in this environment."}],"source_anchors":[{"id":"anchor-paper-2-problem","source_id":"source-paper-2-full-text","label":"Problem, requirements, and contribution","locator":"Abstract, Section 1, and Section 3.1; proceedings pages 141-142","url":"https://citeseerx.ist.psu.edu/document?doi=5c6faed11ce6a9d687bfdbb5f1a0b253c5628995&repid=rep1&type=pdf"},{"id":"anchor-paper-2-architecture","source_id":"source-paper-2-full-text","label":"Local server and per-layer client architecture","locator":"Sections 3.2-3.4 and Figures 2-3; proceedings pages 142-144","url":"https://citeseerx.ist.psu.edu/document?doi=5c6faed11ce6a9d687bfdbb5f1a0b253c5628995&repid=rep1&type=pdf"},{"id":"anchor-paper-2-client","source_id":"source-paper-2-full-text","label":"Client adaptation module and abstracted layer state","locator":"Sections 3.4.1-3.4.1.2; proceedings page 143","url":"https://citeseerx.ist.psu.edu/document?doi=5c6faed11ce6a9d687bfdbb5f1a0b253c5628995&repid=rep1&type=pdf"},{"id":"anchor-paper-2-server","source_id":"source-paper-2-full-text","label":"Server control and parameter-management modules","locator":"Sections 3.4.2-3.4.2.2; proceedings pages 143-144","url":"https://citeseerx.ist.psu.edu/document?doi=5c6faed11ce6a9d687bfdbb5f1a0b253c5628995&repid=rep1&type=pdf"},{"id":"anchor-paper-2-signaling","source_id":"source-paper-2-full-text","label":"Prioritized TLV event-message signaling","locator":"Section 3.4.3 and Figure 4; proceedings page 144","url":"https://citeseerx.ist.psu.edu/document?doi=5c6faed11ce6a9d687bfdbb5f1a0b253c5628995&repid=rep1&type=pdf"},{"id":"anchor-paper-2-designer","source_id":"source-paper-2-full-text","label":"Protocol-designer obligations","locator":"Section 3.5; proceedings page 144","url":"https://citeseerx.ist.psu.edu/document?doi=5c6faed11ce6a9d687bfdbb5f1a0b253c5628995&repid=rep1&type=pdf"},{"id":"anchor-paper-2-video","source_id":"source-paper-2-full-text","label":"FGS/PGOP video adaptation example","locator":"Section 4 and Figures 5-6; proceedings pages 144-145","url":"https://citeseerx.ist.psu.edu/document?doi=5c6faed11ce6a9d687bfdbb5f1a0b253c5628995&repid=rep1&type=pdf"},{"id":"anchor-paper-2-limitations","source_id":"source-paper-2-full-text","label":"Unmodeled event loss, prototype status, and future work","locator":"Sections 4-5; proceedings pages 145-146","url":"https://citeseerx.ist.psu.edu/document?doi=5c6faed11ce6a9d687bfdbb5f1a0b253c5628995&repid=rep1&type=pdf"},{"id":"anchor-paper-2-publication","source_id":"source-paper-2-official","label":"Official publication metadata","locator":"DOI 10.1145/1143549.1143580","url":"https://doi.org/10.1145/1143549.1143580"},{"id":"anchor-paper-2-citation-search","source_id":"source-paper-2-citations","label":"Citation search attempted","locator":"Exact-title search, 2026-07-11; no verified count retrieved","url":"https://scholar.google.com/scholar?q=%22Proposal+for+a+Cross-Layer+Coordination+Framework+for+Next+Generation+Wireless+Systems%22"}],"nodes":[{"id":"paper-2","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Cross-layer coordination framework","summary":"A host-local protocol architecture for organized event and state exchange between non-adjacent wireless-stack layers while retaining per-layer modules.","source_anchor_ids":["anchor-paper-2-problem","anchor-paper-2-publication"]},{"id":"paper-2-question","kind":"question","parent_id":"paper-2","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can a wireless stack support extensible cross-layer adaptation without uncontrolled direct dependencies between protocol layers?","source_anchor_ids":["anchor-paper-2-problem"]},{"id":"paper-2-answer","kind":"contribution","parent_id":"paper-2","order":2,"epistemic_status":"proposed_design","title":"Central answer","summary":"Route cross-layer interactions through a local coordination service and use uniform client, event, parameter, and priority abstractions to isolate adaptation logic from the base stack.","source_anchor_ids":["anchor-paper-2-architecture","anchor-paper-2-signaling"]},{"id":"paper-2-scope","kind":"scope","parent_id":"paper-2","order":3,"epistemic_status":"explicitly_scoped","title":"Design requirements and scope","summary":"The framework targets host-internal coordination among application, transport, network, link, and physical layers; its stated requirements are modularity, scalability, and low coordination overhead.","source_anchor_ids":["anchor-paper-2-problem"]},{"id":"paper-2-architecture","kind":"protocol","parent_id":"paper-2","order":4,"epistemic_status":"specified_not_implemented","title":"Coordination protocol architecture","summary":"Per-layer clients send events to a host-local server, which may forward events, update shared parameters, and schedule concurrent event handling.","source_anchor_ids":["anchor-paper-2-architecture"]},{"id":"paper-2-architecture-client","kind":"component","parent_id":"paper-2-architecture","order":1,"epistemic_status":"specified","title":"Cross-layer client","summary":"Each layer's client contains the adaptation algorithm, conversion logic for parameters received from other layers, required foreign parameters, and an abstracted representation of local layer state.","source_anchor_ids":["anchor-paper-2-client"]},{"id":"paper-2-architecture-server","kind":"component","parent_id":"paper-2-architecture","order":2,"epistemic_status":"specified","title":"Cross-layer server","summary":"The server separates a control module (actions plus concurrent-event management) from a parameter repository that stores layer state in forms usable by other clients.","source_anchor_ids":["anchor-paper-2-server"]},{"id":"paper-2-architecture-messages","kind":"component","parent_id":"paper-2-architecture","order":3,"epistemic_status":"specified","title":"Event messages","summary":"A message can carry one or more events encoded as type-length-value fields, with optional parameters and a priority used by server-side scheduling.","source_anchor_ids":["anchor-paper-2-signaling"]},{"id":"paper-2-method-designer","kind":"method","parent_id":"paper-2","order":5,"epistemic_status":"design_procedure","title":"How an adaptation is instantiated","summary":"A designer supplies the client-side adaptation algorithm, defines event types and parameters plus actions in each direction, and supplies a policy for ordering simultaneous events.","source_anchor_ids":["anchor-paper-2-designer"]},{"id":"paper-2-example","kind":"evidence_group","parent_id":"paper-2","order":6,"epistemic_status":"worked_example","title":"Worked video-adaptation example","summary":"The paper maps a real-time FGS/PGOP video adaptation path onto the framework but does not report an implementation or measured evaluation.","source_anchor_ids":["anchor-paper-2-video"]},{"id":"paper-2-example-flow","kind":"evidence","parent_id":"paper-2-example","order":1,"epistemic_status":"illustrated","title":"Physical-to-application event flow","summary":"The physical layer reports the number X of transportable bits for the next coherence period as a high-priority event; the video packetizer retains the base layer and truncates enhancement bits so payload plus lower-layer headers fits X.","source_anchor_ids":["anchor-paper-2-video"]},{"id":"paper-2-claims","kind":"claim_group","parent_id":"paper-2","order":7,"epistemic_status":"design_rationale","title":"Principal claims","summary":"The architecture is argued to organize non-adjacent interaction and preserve modularity; scalability and efficiency are requirements rather than empirically established properties.","source_anchor_ids":["anchor-paper-2-problem","anchor-paper-2-architecture"]},{"id":"paper-2-boundaries","kind":"limitation_group","parent_id":"paper-2","order":8,"epistemic_status":"material","title":"Boundaries and unresolved obligations","summary":"The proposal leaves fault handling, stability across multiple adaptations, performance overhead, and concrete implementation to future work.","source_anchor_ids":["anchor-paper-2-limitations"]},{"id":"paper-2-boundary-event-loss","kind":"limitation","parent_id":"paper-2-boundaries","order":1,"epistemic_status":"explicitly_unmodeled","title":"Event delivery failure","summary":"The video example does not model loss of the capacity event; the paper only sketches fallbacks such as base-layer-only transmission, reuse of the previous size, or a weighted history.","source_anchor_ids":["anchor-paper-2-video"]},{"id":"paper-2-boundary-validation","kind":"limitation","parent_id":"paper-2-boundaries","order":2,"epistemic_status":"future_work","title":"No prototype or performance evidence","summary":"The conclusion says a prototype was being implemented and lists multi-algorithm interaction and qualitative performance assessment as future work; no results validate modularity, scalability, latency, or stability.","source_anchor_ids":["anchor-paper-2-limitations"]},{"id":"paper-2-artifacts","kind":"artifact","parent_id":"paper-2","order":9,"epistemic_status":"paper_available_no_implementation","title":"Artifacts","summary":"The archived full text and official publication record are public; no source code, prototype, trace, or experimental package was located.","source_anchor_ids":["anchor-paper-2-publication","anchor-paper-2-limitations"]},{"id":"paper-2-scrutiny","kind":"scrutiny","parent_id":"paper-2","order":10,"epistemic_status":"peer_reviewed","title":"Scrutiny and lineage","summary":"The framework appeared at IWCMC 2006 and builds on earlier cross-layer signaling and architecture proposals; independent implementation or adversarial analysis was not located in this audit.","source_anchor_ids":["anchor-paper-2-publication","anchor-paper-2-problem"]}],"relations":[{"id":"paper-2-relation-client-component","type":"component_of","from_id":"paper-2-architecture-client","to_id":"paper-2-architecture"},{"id":"paper-2-relation-server-component","type":"component_of","from_id":"paper-2-architecture-server","to_id":"paper-2-architecture"},{"id":"paper-2-relation-messages-component","type":"component_of","from_id":"paper-2-architecture-messages","to_id":"paper-2-architecture"},{"id":"paper-2-relation-architecture-realizes-answer","type":"realizes","from_id":"paper-2-architecture","to_id":"paper-2-answer"},{"id":"paper-2-relation-example-supports-feasibility","type":"supports","from_id":"paper-2-example-flow","to_id":"paper-2-answer"},{"id":"paper-2-relation-event-loss-qualifies-example","type":"qualifies","from_id":"paper-2-boundary-event-loss","to_id":"paper-2-example"},{"id":"paper-2-relation-validation-qualifies-claims","type":"qualifies","from_id":"paper-2-boundary-validation","to_id":"paper-2-claims"}],"assessment":{"id":"paper-2-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"low","rationale":"The paper gives a detailed architecture and worked message-flow example, but no prototype, proof, trace, benchmark, or empirical validation of its efficiency, modularity, or scalability requirements.","basis_source_anchor_ids":["anchor-paper-2-architecture","anchor-paper-2-video","anchor-paper-2-limitations"]},{"id":"auditability","level":"high","rationale":"A public full-text archive exposes the complete proposal, so auditability is high under this site's rubric; binary fixity and implementation artifacts are unavailable.","basis_source_anchor_ids":["anchor-paper-2-problem","anchor-paper-2-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship and the official publication record are documented, but roles, revision history, effort, tool use, and artifact lineage are not.","basis_source_anchor_ids":["anchor-paper-2-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"The paper has an official conference record; review reports, reproduction, implementation evidence, corrections, and independent technical critique were not located.","basis_source_anchor_ids":["anchor-paper-2-publication"]},{"id":"reception","level":"low","rationale":"A dated exact-title scholarly-web search did not yield a transparent verified citation count in this environment. Under the author's rule, zero located citations maps to low; this is not a claim that the paper has no citations.","basis_source_anchor_ids":["anchor-paper-2-citation-search"]},{"id":"contribution_significance","level":"medium","rationale":"The work articulates a concrete modular coordination architecture and protocol message format, but the absence of implementation or evaluation limits the supported significance claim.","basis_source_anchor_ids":["anchor-paper-2-problem","anchor-paper-2-architecture","anchor-paper-2-limitations"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"Exact-title scholarly-web search; transparent index count unavailable","source":"Google Scholar query route plus general scholarly-web search","citation_count":0,"signals":[],"limitation":"Zero means no citations were verifiably located during this constrained search, not a total bibliometric count; author should replace it with a confirmed index snapshot."}},"paper_20":{"schema_version":"0.1","map_id":"paper-20-map","publication_id":20,"publication_anchor":"paper-20","slug":"paper-20","canonical_path":"/knowledge/papers/paper-20/","machine_path":"/knowledge/papers/paper-20.json","root_node_id":"paper-20","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":[],"title":"Blindfolded Data Search via Secure Pattern Matching","year":2013,"venue":"IEEE Computer, Volume 46, Number 12","topic":"secure-encrypted-computation","labels":["Applied","Perspective"],"authors":["Karim Eldefrawy","Sky Faber"],"keywords":["secure pattern matching","privacy-preserving search","survey"],"research_question":"Which secure pattern-matching techniques can support practical “blindfolded” searches in which a requester hides the query and a data holder reveals only matching information, and what tradeoffs separate the available constructions?","central_answer":"The article organizes secure search around application requirements, adversary strength, supported match types, rounds, computation, and communication. It compares integer-comparison, FFT, matrix-multiplication/5PM, and garbled-circuit approaches and argues that no single construction dominates; expressive functionality, malicious security, concrete efficiency, streaming, and deployable evidence remain open tradeoffs.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, comparative synthesis decomposition, evidence linking, and initial assessment"}],"method":"Source-grounded review of the complete checked-in IEEE Computer article, its publisher and coauthor records, and a dated targeted citation search. This is mapped as a perspective/synthesis article: descriptions of prior protocols are not recast as new theorems by this paper.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source-linked map awaiting author verification; technical summaries and ratings may be revised before approval."}},"sources":[{"id":"source-paper-20-paper","type":"scholarly_article","title":"Blindfolded Data Search via Secure Pattern Matching","url":"/pubs/2013/blindfolded-data-search-ieee-computer2013.pdf","media_type":"application/pdf","sha256":"112227ea8c75bf197ee3f71a22876cabbfad30d6cc17eab768a2a7c9ec7ece6f","page_count":8,"provenance_category":"author","retrieved_at":"2026-07-11"},{"id":"source-paper-20-official","type":"publication_record","title":"IEEE Computer publisher record","url":"https://doi.org/10.1109/MC.2013.73"},{"id":"source-paper-20-coauthor","type":"author_hosted_copy","title":"UCI coauthor-hosted copy","url":"https://sprout.ics.uci.edu/pubs/secure_pattern_matching.pdf","provenance_category":"author"},{"id":"source-paper-20-citation-search","type":"citation_index_search","title":"Dated ResearchGate and exact-title scholarly-index search","url":"https://www.researchgate.net/publication/260711521_Blindfolded_Data_Search_via_Secure_Pattern_Matching","retrieved_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-20-question","source_id":"source-paper-20-paper","label":"Blindfolded-search motivation and central concept","locator":"Introductory deck and opening section, PDF pages 1-2","url":"/pubs/2013/blindfolded-data-search-ieee-computer2013.pdf#page=1"},{"id":"anchor-paper-20-applications","source_id":"source-paper-20-paper","label":"Law-enforcement and medical/genomic examples","locator":"The Need for Blindfolded Data Search, PDF pages 1-2","url":"/pubs/2013/blindfolded-data-search-ieee-computer2013.pdf#page=1"},{"id":"anchor-paper-20-models","source_id":"source-paper-20-paper","label":"Search variants and adversary models","locator":"Background, PDF pages 2-3","url":"/pubs/2013/blindfolded-data-search-ieee-computer2013.pdf#page=2"},{"id":"anchor-paper-20-comparison","source_id":"source-paper-20-paper","label":"Protocol comparison table","locator":"Table 1, PDF page 4","url":"/pubs/2013/blindfolded-data-search-ieee-computer2013.pdf#page=4"},{"id":"anchor-paper-20-integer","source_id":"source-paper-20-paper","label":"Integer-comparison protocols","locator":"Survey section, PDF pages 4-5","url":"/pubs/2013/blindfolded-data-search-ieee-computer2013.pdf#page=4"},{"id":"anchor-paper-20-fft","source_id":"source-paper-20-paper","label":"FFT-based secure matching","locator":"Survey section, PDF pages 5-6","url":"/pubs/2013/blindfolded-data-search-ieee-computer2013.pdf#page=5"},{"id":"anchor-paper-20-matrix","source_id":"source-paper-20-paper","label":"Matrix-multiplication and 5PM approach","locator":"Survey section and Figures 3-4, PDF pages 6-7","url":"/pubs/2013/blindfolded-data-search-ieee-computer2013.pdf#page=6"},{"id":"anchor-paper-20-garbled","source_id":"source-paper-20-paper","label":"Garbled-circuit text processing","locator":"Survey section, PDF page 8","url":"/pubs/2013/blindfolded-data-search-ieee-computer2013.pdf#page=8"},{"id":"anchor-paper-20-gaps","source_id":"source-paper-20-paper","label":"Practical gaps and open directions","locator":"Closing discussion, PDF page 8","url":"/pubs/2013/blindfolded-data-search-ieee-computer2013.pdf#page=8"},{"id":"anchor-paper-20-publication","source_id":"source-paper-20-official","label":"Official magazine publication record","locator":"IEEE Computer 46(12), pages 68-75, DOI record","url":"https://doi.org/10.1109/MC.2013.73"},{"id":"anchor-paper-20-citations","source_id":"source-paper-20-citation-search","label":"Citation search snapshot","locator":"ResearchGate and targeted exact-title searches were checked 2026-07-11, but no stable per-paper count was exposed. This is not evidence of zero lifetime citations.","url":"https://www.researchgate.net/publication/260711521_Blindfolded_Data_Search_via_Secure_Pattern_Matching"}],"nodes":[{"id":"paper-20","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published_perspective","title":"Blindfolded data search","summary":"An application-oriented synthesis of secure pattern-matching techniques, their adversary models, and their practical tradeoffs.","source_anchor_ids":["anchor-paper-20-question"]},{"id":"paper-20-question","kind":"question","parent_id":"paper-20","order":1,"epistemic_status":"framing_question","title":"Organizing question","summary":"How should practitioners choose a secure-search technique when query privacy, database privacy, matching expressiveness, adversary strength, and performance all matter?","source_anchor_ids":["anchor-paper-20-question","anchor-paper-20-models"]},{"id":"paper-20-answer","kind":"perspective","parent_id":"paper-20","order":2,"epistemic_status":"source_synthesis","title":"Central synthesis","summary":"There is no universally best protocol: the right construction depends on match semantics, adversary model, rounds, bandwidth, computation, and whether an implementation exists.","source_anchor_ids":["anchor-paper-20-comparison","anchor-paper-20-gaps"]},{"id":"paper-20-concept","kind":"definition","parent_id":"paper-20","order":3,"epistemic_status":"defined","title":"Blindfolded search","summary":"A requester learns authorized matches while hiding its pattern, and the provider reveals no unrelated database content; correctness and input/output privacy are both required.","source_anchor_ids":["anchor-paper-20-question","anchor-paper-20-models"]},{"id":"paper-20-use-cases","kind":"application_group","parent_id":"paper-20","order":4,"epistemic_status":"illustrative","title":"Why private matching matters","summary":"Examples include law-enforcement search of passenger manifests and clinician search of patient genomes, where both query sensitivity and data-holder obligations constrain ordinary data sharing.","source_anchor_ids":["anchor-paper-20-applications"]},{"id":"paper-20-scope","kind":"scope","parent_id":"paper-20","order":5,"epistemic_status":"comparative_framework","title":"Comparison dimensions","summary":"The article distinguishes exact, wildcard, approximate, and substring matching and compares honest-but-curious, covert, and malicious adversaries together with asymptotic costs.","source_anchor_ids":["anchor-paper-20-models","anchor-paper-20-comparison"]},{"id":"paper-20-family-integer","kind":"method_family","parent_id":"paper-20","order":6,"epistemic_status":"prior_work_synthesis","title":"Integer-comparison family","summary":"Hazay-Toft-style constructions encode patterns and candidate substrings as integers and compare them obliviously, supporting malicious security but incurring costs that vary by exact, wildcard, and approximate functionality.","source_anchor_ids":["anchor-paper-20-integer"]},{"id":"paper-20-family-fft","kind":"method_family","parent_id":"paper-20","order":7,"epistemic_status":"prior_work_synthesis","title":"FFT family","summary":"Vergnaud's approach uses encrypted polynomial/FFT operations to reduce computation for generalized matching while relying on additive ElGamal and a malicious-security construction.","source_anchor_ids":["anchor-paper-20-fft"]},{"id":"paper-20-family-matrix","kind":"method_family","parent_id":"paper-20","order":8,"epistemic_status":"prior_work_synthesis","title":"Matrix-multiplication family","summary":"5PM reduces exact, wildcard, and non-binary approximate matching to character-delay-vector and matrix operations, obtaining linear communication in n+m while retaining O(nm)-scale cryptographic computation.","source_anchor_ids":["anchor-paper-20-matrix"]},{"id":"paper-20-family-garbled","kind":"method_family","parent_id":"paper-20","order":9,"epistemic_status":"prior_work_synthesis","title":"Garbled-circuit family","summary":"General secure computation provides flexible text processing, but the surveyed construction has limitations in malicious security, wildcard/substring support, and pattern-length privacy.","source_anchor_ids":["anchor-paper-20-garbled"]},{"id":"paper-20-evidence","kind":"evidence_group","parent_id":"paper-20","order":10,"epistemic_status":"comparative_literature_synthesis","title":"Evidence basis","summary":"Support consists of definitions, worked examples, prior theorem/complexity results, and a comparison table; the article itself introduces no new formal theorem, experiment, or implementation.","source_anchor_ids":["anchor-paper-20-comparison","anchor-paper-20-integer","anchor-paper-20-fft","anchor-paper-20-matrix","anchor-paper-20-garbled"]},{"id":"paper-20-gaps","kind":"limitation_group","parent_id":"paper-20","order":11,"epistemic_status":"source_synthesis","title":"Open practical gaps","summary":"Only 5PM among the compared protocols had an accompanying implementation at publication time; concrete cross-system benchmarks, covert-security design, multidimensional queries, and constant-memory streaming search remained underdeveloped.","source_anchor_ids":["anchor-paper-20-gaps"]},{"id":"paper-20-boundary","kind":"limitation","parent_id":"paper-20","order":12,"epistemic_status":"editorial_boundary","title":"What the article does not establish","summary":"The perspective does not independently prove the surveyed protocols, reproduce their experiments, or demonstrate an end-to-end deployment in either example domain.","source_anchor_ids":["anchor-paper-20-comparison","anchor-paper-20-gaps"]},{"id":"paper-20-artifacts","kind":"artifact_group","parent_id":"paper-20","order":13,"epistemic_status":"article_only","title":"Artifacts","summary":"A complete author/coauthor-hosted magazine article is public and checked into the site; no new code, dataset, formal proof, or benchmark artifact belongs to this synthesis article.","source_anchor_ids":["anchor-paper-20-question","anchor-paper-20-gaps"]},{"id":"paper-20-scrutiny","kind":"scrutiny","parent_id":"paper-20","order":14,"epistemic_status":"magazine_reviewed","title":"External scrutiny and reception","summary":"The article appeared in IEEE Computer. A targeted citation search did not expose a stable attributable count during this audit, and citing contexts or teaching use were not reviewed.","source_anchor_ids":["anchor-paper-20-publication","anchor-paper-20-citations"]},{"id":"paper-20-lineage","kind":"lineage","parent_id":"paper-20","order":15,"epistemic_status":"documented","title":"Research lineage","summary":"The article translates secure-computation results into a practitioner-facing map of private-search choices and uses 5PM as one concrete algebraic design among several families.","source_anchor_ids":["anchor-paper-20-question","anchor-paper-20-comparison","anchor-paper-20-matrix"]}],"relations":[{"id":"paper-20-relation-integer-compared-by-scope","type":"compared_by","from_id":"paper-20-family-integer","to_id":"paper-20-scope"},{"id":"paper-20-relation-fft-compared-by-scope","type":"compared_by","from_id":"paper-20-family-fft","to_id":"paper-20-scope"},{"id":"paper-20-relation-matrix-compared-by-scope","type":"compared_by","from_id":"paper-20-family-matrix","to_id":"paper-20-scope"},{"id":"paper-20-relation-garbled-compared-by-scope","type":"compared_by","from_id":"paper-20-family-garbled","to_id":"paper-20-scope"},{"id":"paper-20-relation-evidence-supports-answer","type":"supports","from_id":"paper-20-evidence","to_id":"paper-20-answer"},{"id":"paper-20-relation-gaps-qualify-answer","type":"qualifies","from_id":"paper-20-gaps","to_id":"paper-20-answer"},{"id":"paper-20-relation-boundary-qualifies-evidence","type":"qualifies","from_id":"paper-20-boundary","to_id":"paper-20-evidence"}],"assessment":{"id":"paper-20-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The article offers a structured, source-cited comparison with explicit functionality, adversary, and complexity dimensions and worked examples. It is a perspective rather than new theorem or experiment, and the underlying results were not independently revalidated.","basis_source_anchor_ids":["anchor-paper-20-models","anchor-paper-20-comparison","anchor-paper-20-gaps"]},{"id":"auditability","level":"high","rationale":"A complete author-hosted article is checked into the site with page count and SHA-256 identity, and a coauthor copy is public. The comparative claims and references are inspectable; no new executable artifact is expected for this perspective.","basis_source_anchor_ids":["anchor-paper-20-question","anchor-paper-20-comparison","anchor-paper-20-gaps"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, author/coauthor copies, and the IEEE DOI establish baseline provenance. Contributor roles, drafting history, and selection criteria for surveyed systems are not separately documented.","basis_source_anchor_ids":["anchor-paper-20-question","anchor-paper-20-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"Publication in IEEE Computer indicates editorial and venue scrutiny, but review reports, corrections, and independent validation of the synthesis were not located.","basis_source_anchor_ids":["anchor-paper-20-publication"]},{"id":"reception","level":"low","rationale":"The dated targeted search did not expose a stable attributable citation count. Under the rubric, zero located citations falls in the low band; this does not assert that the article has never been cited.","basis_source_anchor_ids":["anchor-paper-20-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The article makes secure pattern matching accessible through applications and a useful taxonomy, but it is a synthesis and does not itself establish new security or performance results.","basis_source_anchor_ids":["anchor-paper-20-question","anchor-paper-20-comparison","anchor-paper-20-gaps"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"targeted_exact_title_researchgate_and_scholarly_index_search","citation_count":0,"source":"ResearchGate publication page and exact-title scholarly web searches","signals":[],"limitation":"No stable per-paper count was surfaced. The value records citations located by this audit, not a claim of zero lifetime citations; index coverage, title matching, and author-version merging may differ."}},"paper_21":{"schema_version":"0.1","map_id":"paper-21-map","publication_id":21,"publication_anchor":"paper-21","slug":"paper-21","canonical_path":"/knowledge/papers/paper-21/","machine_path":"/knowledge/papers/paper-21.json","root_node_id":"paper-21","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol","primitive"],"title":"5PM: Secure Pattern Matching","short_title":"5PM","year":2013,"status":"Published · journal article","venue":"Journal of Computer Security, Volume 21, Number 5","topic":"secure-encrypted-computation","labels":["Theory"],"authors":["Joshua Baron","Karim Eldefrawy","Kirill Minkovich","Rafail Ostrovsky","Eric Tressler"],"keywords":["secure pattern matching","privacy-preserving search"],"research_question":"Can two parties securely evaluate expressive pattern matching over a client's private pattern and a server's private text, including nonbinary alphabets, wildcards, substring/Hamming-distance matching, and optional pattern-length hiding, with malicious security and communication sublinear in the corresponding circuit size?","central_answer":"5PM converts pattern matching into linear operations over text and character-delay matrices, evaluates those operations with additively homomorphic encryption, and adds threshold encryption plus zero-knowledge consistency arguments for static malicious security; the paper proves two-round honest-but-curious and eight-round malicious variants and reports an implementation of the honest-but-curious variant.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, claim decomposition, evidence linking, and initial assessment"}],"method":"Source-grounded review of the complete 51-page UCLA author-hosted version, including protocol definitions, security proofs, and implementation results; PDF pages 1 and 12 were also rendered and visually inspected. The final journal pagination and text were not compared line by line with this author version.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source-linked map awaiting author verification. Formal claims were transcribed conservatively and have not been independently reproved or reproduced."}},"sources":[{"id":"source-paper-21-fulltext","type":"scholarly_article","title":"5PM: Secure Pattern Matching (author-hosted full version)","url":"/pubs/2013/5pm-secure-pattern-matching.pdf","media_type":"application/pdf","sha256":"e7628754d71352f7bae8ae8097200db10912c86e7c15d85c9627e63cc53df7e6","page_count":51,"provenance_category":"author","version_note":"Mirrors the public UCLA author copy; correspondence with the final journal typesetting was not checked line by line."},{"id":"source-paper-21-author-origin","type":"author_copy","title":"UCLA author copy","url":"https://web.cs.ucla.edu/~rafail/PUBLIC/129.pdf"},{"id":"source-paper-21-archive","type":"manuscript_archive","title":"IACR ePrint 2012/698","url":"https://eprint.iacr.org/2012/698"},{"id":"source-paper-21-official","type":"publication_record","title":"Journal of Computer Security publication record","url":"https://doi.org/10.3233/JCS-130481"},{"id":"source-paper-21-citations","type":"scholarly_index","title":"OpenAlex work record for paper #21","url":"https://openalex.org/W1806693672","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-21-problem","source_id":"source-paper-21-fulltext","label":"Problem, functionality, complexity, and round claims","locator":"Abstract and Section 1.1, PDF pages 1-3","url":"/pubs/2013/5pm-secure-pattern-matching.pdf#page=1"},{"id":"anchor-paper-21-input-output","source_id":"source-paper-21-fulltext","label":"Pattern-matching inputs, outputs, wildcards, and substring semantics","locator":"Sections 1 and 2.1, PDF pages 1-7","url":"/pubs/2013/5pm-secure-pattern-matching.pdf#page=1"},{"id":"anchor-paper-21-tools","source_id":"source-paper-21-fulltext","label":"Cryptographic tools and linear-algebra operators","locator":"Sections 2.2-2.3, PDF pages 7-10","url":"/pubs/2013/5pm-secure-pattern-matching.pdf#page=7"},{"id":"anchor-paper-21-hbc","source_id":"source-paper-21-fulltext","label":"Honest-but-curious protocol and Theorem 1","locator":"Sections 3.1-3.2, PDF pages 10-12","url":"/pubs/2013/5pm-secure-pattern-matching.pdf#page=10"},{"id":"anchor-paper-21-malicious","source_id":"source-paper-21-fulltext","label":"Eight-round malicious protocol and consistency subprotocols","locator":"Section 3.3, PDF pages 12-17; exact interleaving in Section 6","url":"/pubs/2013/5pm-secure-pattern-matching.pdf#page=12"},{"id":"anchor-paper-21-security-model","source_id":"source-paper-21-fulltext","label":"Ideal functionality, static corruption model, and simulators","locator":"Section 7, PDF pages 29-44","url":"/pubs/2013/5pm-secure-pattern-matching.pdf#page=29"},{"id":"anchor-paper-21-security-theorems","source_id":"source-paper-21-fulltext","label":"HBC and malicious realization theorems","locator":"Theorems 4 and 5, PDF pages 31 and 37","url":"/pubs/2013/5pm-secure-pattern-matching.pdf#page=31"},{"id":"anchor-paper-21-performance","source_id":"source-paper-21-fulltext","label":"Implementation platform and timing table","locator":"Section 8 and Table 13, PDF pages 48-49","url":"/pubs/2013/5pm-secure-pattern-matching.pdf#page=48"},{"id":"anchor-paper-21-publication","source_id":"source-paper-21-official","label":"Official journal record","locator":"Journal of Computer Security, volume 21, number 5","url":"https://doi.org/10.3233/JCS-130481"},{"id":"anchor-paper-21-citations","source_id":"source-paper-21-citations","label":"Dated OpenAlex citation snapshot","locator":"cited_by_count = 17, accessed 2026-07-11","url":"https://openalex.org/W1806693672"}],"nodes":[{"id":"paper-21","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"5PM: Secure Pattern Matching","summary":"A two-party secure pattern-matching protocol family for exact matching, single-character wildcards, nonbinary Hamming distance, and substring matching, with explicit honest-but-curious and static-malicious constructions.","source_anchor_ids":["anchor-paper-21-problem"]},{"id":"paper-21-question","kind":"question","parent_id":"paper-21","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can expressive private pattern matching obtain malicious security, bounded rounds, O(m+n) ciphertext-scale communication, and optional hiding of the pattern length?","source_anchor_ids":["anchor-paper-21-problem"]},{"id":"paper-21-answer","kind":"contribution","parent_id":"paper-21","order":2,"epistemic_status":"source_asserted","title":"Central answer","summary":"Encode the server text and client pattern as matrices, reduce matching to linear operators, evaluate one encrypted operand homomorphically, and enforce well-formedness and consistent computation with threshold decryption and zero-knowledge arguments in the malicious variant.","source_anchor_ids":["anchor-paper-21-tools","anchor-paper-21-malicious"]},{"id":"paper-21-scope","kind":"scope","parent_id":"paper-21","order":3,"epistemic_status":"defined","title":"Functionality, parties, and adversary","summary":"Server holds text T of length n over alphabet Sigma; Client holds pattern p of length m, optionally containing wildcards, and learns either matching locations or a decision while Server learns no output.","source_anchor_ids":["anchor-paper-21-input-output","anchor-paper-21-security-model"]},{"id":"paper-21-scope-functionality","kind":"definition","parent_id":"paper-21-scope","order":1,"epistemic_status":"defined","title":"Matching semantics","summary":"The same activation-vector construction supports exact matches, single-character wildcards, nonbinary Hamming distance, and thresholded substring matching; multiple distance thresholds can reuse one protocol execution.","source_anchor_ids":["anchor-paper-21-input-output","anchor-paper-21-hbc"]},{"id":"paper-21-scope-adversary","kind":"threat_model","parent_id":"paper-21-scope","order":2,"epistemic_status":"defined","title":"Static two-party corruption","summary":"The formal analyses treat one statically corrupted party in either the honest-but-curious or malicious stand-alone setting; the malicious proof is simulation-based for the stated ideal functionality.","source_anchor_ids":["anchor-paper-21-security-model","anchor-paper-21-security-theorems"]},{"id":"paper-21-scope-assumptions","kind":"assumption","parent_id":"paper-21-scope","order":3,"epistemic_status":"assumed","title":"Cryptographic assumptions","summary":"The HBC theorem assumes semantically secure additive homomorphic encryption over a prime-order cyclic group; the concrete malicious construction uses threshold ElGamal and assumes DDH hardness plus the specified commitment and zero-knowledge machinery.","source_anchor_ids":["anchor-paper-21-tools","anchor-paper-21-security-theorems"]},{"id":"paper-21-method","kind":"method","parent_id":"paper-21","order":4,"epistemic_status":"specified","title":"Construction path","summary":"5PM transforms the insecure character-delay-vector algorithm into matrix multiplication, Stretch, Cut, and column-sum operations that remain computable when one operand is encrypted.","source_anchor_ids":["anchor-paper-21-input-output","anchor-paper-21-tools"]},{"id":"paper-21-method-hbc","kind":"component","parent_id":"paper-21-method","order":1,"epistemic_status":"specified_and_proved","title":"Two-round HBC protocol","summary":"Client encrypts its character-delay matrix and threshold; Server forms and blinds an encrypted activation vector; Client decrypts zero entries to identify matches.","source_anchor_ids":["anchor-paper-21-hbc"]},{"id":"paper-21-method-malicious","kind":"component","parent_id":"paper-21-method","order":2,"epistemic_status":"specified_and_proved","title":"Eight-round malicious protocol","summary":"Both parties independently derive encrypted activation vectors, compare affine hashes, and prove matrix formation, partial decryption, randomization, and final-decryption consistency through interleaved zero-knowledge arguments.","source_anchor_ids":["anchor-paper-21-malicious"]},{"id":"paper-21-claims","kind":"claim_group","parent_id":"paper-21","order":5,"epistemic_status":"mixed","title":"Principal claims","summary":"The paper makes functionality, round/complexity, simulation-security, and implementation-performance claims.","source_anchor_ids":["anchor-paper-21-problem","anchor-paper-21-security-theorems","anchor-paper-21-performance"]},{"id":"paper-21-claim-complexity","kind":"claim","parent_id":"paper-21-claims","order":1,"epistemic_status":"analytically_supported","title":"Rounds and asymptotic cost","summary":"The paper reports two one-way rounds for HBC and eight for malicious security; the malicious construction uses O((m+n)k^2) bandwidth and O(m+n) encryptions, while pattern-length hiding adds no asymptotic computation or bandwidth.","source_anchor_ids":["anchor-paper-21-problem","anchor-paper-21-malicious"]},{"id":"paper-21-claim-security","kind":"claim","parent_id":"paper-21-claims","order":2,"epistemic_status":"proved_conditional","title":"Simulation security","summary":"Theorems 4 and 5 state realization of the specified pattern-matching functionality for static HBC corruption under semantic security and static malicious corruption under DDH, respectively.","source_anchor_ids":["anchor-paper-21-security-theorems"]},{"id":"paper-21-claim-implementation","kind":"claim","parent_id":"paper-21-claims","order":3,"epistemic_status":"experimentally_supported","title":"HBC implementation","summary":"A Paillier-based HBC prototype is timed on one dual-quad-core 2.93 GHz Ubuntu 10.10 machine for DNA and alphanumeric alphabets, text lengths through 100,000, and 1024/2048-bit keys.","source_anchor_ids":["anchor-paper-21-performance"]},{"id":"paper-21-evidence","kind":"evidence_group","parent_id":"paper-21","order":6,"epistemic_status":"documented","title":"Evidence chain","summary":"Support consists of explicit protocols, ideal-world simulations, asymptotic accounting, and a timing table for an HBC prototype.","source_anchor_ids":["anchor-paper-21-security-model","anchor-paper-21-performance"]},{"id":"paper-21-evidence-formal","kind":"evidence","parent_id":"paper-21-evidence","order":1,"epistemic_status":"paper_proof_not_machine_checked","title":"Formal proof path","summary":"The full version specifies ideal functionalities and simulators for corrupted Client and Server; this map records the theorem boundaries but has not mechanically checked every hybrid and extractor argument.","source_anchor_ids":["anchor-paper-21-security-model","anchor-paper-21-security-theorems"]},{"id":"paper-21-evidence-empirical","kind":"evidence","parent_id":"paper-21-evidence","order":2,"epistemic_status":"reported_not_reproduced","title":"Benchmark evidence","summary":"Table 13 decomposes search, blinding, and decryption time across parameter choices, but supplies neither source code nor repeated-run uncertainty in the audited full version.","source_anchor_ids":["anchor-paper-21-performance"]},{"id":"paper-21-boundaries","kind":"limitation_group","parent_id":"paper-21","order":7,"epistemic_status":"material","title":"Boundaries and limitations","summary":"The strongest statements are conditional on a static two-party model and cryptographic assumptions; empirical evidence covers only the HBC prototype.","source_anchor_ids":["anchor-paper-21-security-model","anchor-paper-21-performance"]},{"id":"paper-21-boundary-model","kind":"limitation","parent_id":"paper-21-boundaries","order":1,"epistemic_status":"out_of_scope","title":"Unmodeled deployment risks","summary":"The proofs do not cover adaptive corruption, multi-session/composable deployment, leakage through repeated queries, implementation side channels, key compromise, or denial of service.","source_anchor_ids":["anchor-paper-21-security-model"]},{"id":"paper-21-boundary-empirical","kind":"limitation","parent_id":"paper-21-boundaries","order":2,"epistemic_status":"explicitly_limited","title":"No malicious-protocol benchmark","summary":"The performance section evaluates the honest-but-curious implementation; it does not report an implementation or benchmark of the eight-round malicious protocol.","source_anchor_ids":["anchor-paper-21-performance"]},{"id":"paper-21-artifacts","kind":"artifact_group","parent_id":"paper-21","order":8,"epistemic_status":"full_text_available","title":"Artifacts and resources","summary":"A fixed local mirror of the 51-page author version, its public UCLA origin, an IACR ePrint record, and the journal DOI are available; no code repository was identified in the audited paper.","source_anchor_ids":["anchor-paper-21-problem","anchor-paper-21-publication"]},{"id":"paper-21-scrutiny","kind":"scrutiny","parent_id":"paper-21","order":9,"epistemic_status":"publication_recorded","title":"External scrutiny","summary":"The work has a Journal of Computer Security publication record; review reports, correction history, independent reproduction, and later cryptanalysis were not audited.","source_anchor_ids":["anchor-paper-21-publication"]},{"id":"paper-21-lineage","kind":"lineage","parent_id":"paper-21","order":10,"epistemic_status":"source_asserted","title":"Research lineage","summary":"5PM extends secure exact matching toward nonbinary wildcards and substring/Hamming-distance functionality by exploiting a linear-algebra formulation rather than generic circuit evaluation.","source_anchor_ids":["anchor-paper-21-problem","anchor-paper-21-tools"]}],"relations":[{"id":"relation-paper-21-answer-addresses-question","type":"addresses","from_id":"paper-21-answer","to_id":"paper-21-question"},{"id":"relation-paper-21-method-realizes-answer","type":"realizes","from_id":"paper-21-method","to_id":"paper-21-answer"},{"id":"relation-paper-21-formal-supports-security","type":"supports","from_id":"paper-21-evidence-formal","to_id":"paper-21-claim-security"},{"id":"relation-paper-21-empirical-supports-implementation","type":"supports","from_id":"paper-21-evidence-empirical","to_id":"paper-21-claim-implementation"},{"id":"relation-paper-21-assumptions-qualify-security","type":"qualifies","from_id":"paper-21-scope-assumptions","to_id":"paper-21-claim-security"},{"id":"relation-paper-21-model-qualifies-security","type":"qualifies","from_id":"paper-21-boundary-model","to_id":"paper-21-claim-security"},{"id":"relation-paper-21-empirical-boundary-qualifies-implementation","type":"qualifies","from_id":"paper-21-boundary-empirical","to_id":"paper-21-claim-implementation"},{"id":"relation-paper-21-artifacts-enable-audit","type":"enables_audit_of","from_id":"paper-21-artifacts","to_id":"paper-21-evidence"}],"assessment":{"id":"paper-21-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The source gives complete protocol specifications, simulation arguments, asymptotic analysis, and HBC timing measurements. The proofs were not mechanically checked and the implementation evidence was not reproduced; the malicious construction was not benchmarked.","basis_source_anchor_ids":["anchor-paper-21-security-theorems","anchor-paper-21-performance"]},{"id":"auditability","level":"high","rationale":"A complete author-hosted full version is mirrored locally with page count and SHA-256, so assumptions, protocols, proofs, and reported measurements are directly inspectable. Journal-version identity and empirical reproduction remain unchecked.","basis_source_anchor_ids":["anchor-paper-21-problem","anchor-paper-21-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, funding acknowledgements, an author-hosted version, archive record, and journal record establish a publication trail. Contributor roles, revision history, code lineage, and production effort are not documented in this map.","basis_source_anchor_ids":["anchor-paper-21-problem","anchor-paper-21-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"The paper has a journal publication record, but reviews, independent replications, later attacks, and correction history were not audited.","basis_source_anchor_ids":["anchor-paper-21-publication"]},{"id":"reception","level":"high","rationale":"OpenAlex reports 17 located citations as of 2026-07-11, meeting the site's 11+ high threshold. The count is index-specific and does not itself establish correctness or adoption.","basis_source_anchor_ids":["anchor-paper-21-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The paper presents a specific protocol family with expressive functionality and explicit malicious security/round claims; priority and field-level impact were not independently evaluated.","basis_source_anchor_ids":["anchor-paper-21-problem"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI work record cited_by_count","source_url":"https://openalex.org/W1806693672","citation_count":17,"signals":[],"limitation":"OpenAlex coverage, deduplication, and version merging are imperfect; this is a dated located-citation snapshot."}},"paper_22":{"schema_version":"0.1","map_id":"paper-22-map","publication_id":22,"publication_anchor":"paper-22","slug":"paper-22","canonical_path":"/knowledge/papers/paper-22/","machine_path":"/knowledge/papers/paper-22.json","root_node_id":"paper-22","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["algorithm"],"title":"Neighborhood Watch: On Network Coding Throughput and Key Sharing","year":2013,"status":"Published","venue":"IEEE Global Communications Conference (GLOBECOM)","topic":"algorithms-foundations","labels":["Theory","Applied"],"authors":["Martin Strohmeier","Ivan Martinovic","Utz Roedig","Karim Eldefrawy","Jens Schmitt"],"keywords":["network coding","key sharing","wireless networks"],"research_question":"How does limiting the size and availability of shared link-layer keys change the multicast throughput attainable by network coding, and how should key groups be assigned to optimize throughput under local, global, and quality-of-service constraints?","central_answer":"The paper formulates key-aware multicast as an integer linear program and evaluates exact optima on generated feed-forward networks and a MoteLab-derived sensor topology, showing that modest increases in key-group size can recover measurable coding gain without requiring one network-wide key.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, model reconstruction, evidence linking, and initial assessment"}],"method":"Source-grounded review of the complete six-page Oxford author copy, including the ILP, experimental setup, figures, and limitations; PDF pages 1 and 5 were rendered and visually inspected.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source-linked map awaiting author verification. Numerical results were transcribed from the paper and not independently rerun."}},"sources":[{"id":"source-paper-22-fulltext","type":"scholarly_article","title":"Neighborhood Watch: On Network Coding Throughput and Key Sharing (author copy)","url":"/pubs/2013/neighborhood-watch-network-coding-key-sharing.pdf","media_type":"application/pdf","sha256":"cc7cd150c46044a76903f9772727f771072a23ed102b6d8a2a42a07f551f75f6","page_count":6,"provenance_category":"author"},{"id":"source-paper-22-author-origin","type":"author_copy","title":"Oxford author copy","url":"https://www.cs.ox.ac.uk/files/7240/globecom_camera.pdf"},{"id":"source-paper-22-official","type":"publication_record","title":"IEEE GLOBECOM publication record","url":"https://doi.org/10.1109/GLOCOM.2013.6831179"},{"id":"source-paper-22-citations","type":"scholarly_index","title":"OpenAlex work record for paper #22","url":"https://openalex.org/W2074968496","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-22-problem","source_id":"source-paper-22-fulltext","label":"Security-throughput tradeoff and contributions","locator":"Abstract and Section I, PDF pages 1-2","url":"/pubs/2013/neighborhood-watch-network-coding-key-sharing.pdf#page=1"},{"id":"anchor-paper-22-scenarios","source_id":"source-paper-22-fulltext","label":"Network-coding scenarios and experimental topology generation","locator":"Section III, PDF pages 2-3","url":"/pubs/2013/neighborhood-watch-network-coding-key-sharing.pdf#page=2"},{"id":"anchor-paper-22-model","source_id":"source-paper-22-fulltext","label":"Directed-graph model, objective, and local/global key constraints","locator":"Section IV and Tables I-II, PDF pages 3-4","url":"/pubs/2013/neighborhood-watch-network-coding-key-sharing.pdf#page=3"},{"id":"anchor-paper-22-evaluation","source_id":"source-paper-22-fulltext","label":"Random-network and MoteLab results","locator":"Section V and Figures 3-5, PDF pages 4-6","url":"/pubs/2013/neighborhood-watch-network-coding-key-sharing.pdf#page=4"},{"id":"anchor-paper-22-conclusion","source_id":"source-paper-22-fulltext","label":"Interpretation, transfer boundaries, and conclusion","locator":"Section VI, PDF page 6","url":"/pubs/2013/neighborhood-watch-network-coding-key-sharing.pdf#page=6"},{"id":"anchor-paper-22-publication","source_id":"source-paper-22-official","label":"Official IEEE publication record","locator":"GLOBECOM 2013","url":"https://doi.org/10.1109/GLOCOM.2013.6831179"},{"id":"anchor-paper-22-citations","source_id":"source-paper-22-citations","label":"Dated OpenAlex citation snapshot","locator":"cited_by_count = 0, accessed 2026-07-11","url":"https://openalex.org/W2074968496"}],"nodes":[{"id":"paper-22","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Neighborhood Watch","summary":"An optimization-and-evaluation study of how link-key sharing constrains the throughput gains available from wireless network coding.","source_anchor_ids":["anchor-paper-22-problem"]},{"id":"paper-22-question","kind":"question","parent_id":"paper-22","order":1,"epistemic_status":"research_question","title":"Research question","summary":"What throughput is lost when confidentiality policy limits which neighbors can overhear coded packets, and which key assignment best preserves multicast capacity?","source_anchor_ids":["anchor-paper-22-problem"]},{"id":"paper-22-answer","kind":"contribution","parent_id":"paper-22","order":2,"epistemic_status":"source_asserted","title":"Central answer","summary":"Optimize flows and key membership jointly: the exact ILP quantifies the tradeoff, and the evaluated topologies show that coding gain can reappear well before all nodes share one key.","source_anchor_ids":["anchor-paper-22-model","anchor-paper-22-evaluation"]},{"id":"paper-22-scope","kind":"scope","parent_id":"paper-22","order":3,"epistemic_status":"explicitly_scoped","title":"Model and optimization scope","summary":"The study treats single-source multicast in directed multi-hop wireless graphs with unit-capacity links, multiple streams, relay and sink nodes, and linear network coding.","source_anchor_ids":["anchor-paper-22-model"]},{"id":"paper-22-scope-keys","kind":"definition","parent_id":"paper-22-scope","order":1,"epistemic_status":"defined","title":"Two key-sharing constraints","summary":"A local limit bounds how many adjacent receivers share a sender's key; a global limit bounds the number and membership of keys available across the network.","source_anchor_ids":["anchor-paper-22-problem","anchor-paper-22-model"]},{"id":"paper-22-scope-security","kind":"threat_model","parent_id":"paper-22-scope","order":2,"epistemic_status":"coarse_model","title":"Security proxy","summary":"Security is represented by compromise exposure of shared link keys: smaller groups isolate a leaked key but reduce overhearing. The paper does not model an active attacker or prove a cryptographic security property.","source_anchor_ids":["anchor-paper-22-problem"]},{"id":"paper-22-method","kind":"method","parent_id":"paper-22","order":4,"epistemic_status":"specified","title":"Integer linear program","summary":"Binary flow and key-membership variables maximize aggregate sink flow while enforcing flow conservation, coding capacity, key-sharing eligibility, and optional source/sink quality-of-service constraints.","source_anchor_ids":["anchor-paper-22-model"]},{"id":"paper-22-method-data","kind":"component","parent_id":"paper-22-method","order":1,"epistemic_status":"documented","title":"Evaluated topologies","summary":"The authors solve the model on 100 randomized four-layer feed-forward graphs and on a feed-forward topology derived from Harvard's MoteLab deployment with four sources, 18 relays, and eight sinks.","source_anchor_ids":["anchor-paper-22-scenarios","anchor-paper-22-evaluation"]},{"id":"paper-22-claims","kind":"claim_group","parent_id":"paper-22","order":5,"epistemic_status":"empirically_supported_within_model","title":"Principal findings","summary":"The reported gains are exact ILP optima for the modeled instances, not measurements from a deployed coded network.","source_anchor_ids":["anchor-paper-22-evaluation"]},{"id":"paper-22-claim-random","kind":"claim","parent_id":"paper-22-claims","order":1,"epistemic_status":"computational_experiment","title":"Random-network coding gain","summary":"Across 100 generated networks, unrestricted coding gain averages 7.1%; increasing local group size from 10 to 11 adds at most 1.3 percentage points in the reported setting.","source_anchor_ids":["anchor-paper-22-evaluation"]},{"id":"paper-22-claim-motelab","kind":"claim","parent_id":"paper-22-claims","order":2,"epistemic_status":"computational_experiment","title":"MoteLab-derived coding gain","summary":"The model yields 32 messages with coding versus 26 with routing at the unrestricted optimum (21.4% higher); raising group size from four to five contributes a reported 13.7% additional coding gain.","source_anchor_ids":["anchor-paper-22-evaluation"]},{"id":"paper-22-claim-qos","kind":"claim","parent_id":"paper-22-claims","order":3,"epistemic_status":"computational_experiment","title":"Constraint feasibility","summary":"Under source constraints, network coding can make some modeled instances feasible when edge-disjoint routing cannot; with a 35% per-sink requirement, both methods become infeasible for the smallest groups.","source_anchor_ids":["anchor-paper-22-evaluation"]},{"id":"paper-22-evidence","kind":"evidence_group","parent_id":"paper-22","order":6,"epistemic_status":"documented","title":"Evidence chain","summary":"Evidence consists of an explicit ILP, a named solver, generated-network parameters, a public-testbed-derived topology, reported confidence intervals, and comparative figures.","source_anchor_ids":["anchor-paper-22-model","anchor-paper-22-evaluation"]},{"id":"paper-22-evidence-reproducibility","kind":"evidence","parent_id":"paper-22-evidence","order":1,"epistemic_status":"reported_not_reproduced","title":"Computational study","summary":"The paper identifies SCIP and generation distributions, but this audit found no checked-in model, random seeds, generated instances, or result files and did not rerun the optimization.","source_anchor_ids":["anchor-paper-22-scenarios","anchor-paper-22-model"]},{"id":"paper-22-boundaries","kind":"limitation_group","parent_id":"paper-22","order":7,"epistemic_status":"material","title":"Boundaries and limitations","summary":"The conclusions are conditional on the graph, traffic, capacity, key-compromise proxy, coding model, and tested topology families.","source_anchor_ids":["anchor-paper-22-model","anchor-paper-22-conclusion"]},{"id":"paper-22-boundary-model","kind":"limitation","parent_id":"paper-22-boundaries","order":1,"epistemic_status":"model_limitation","title":"Idealized network and threat model","summary":"The model omits mobility, wireless interference and loss, rekeying cost, key-distribution protocol failures, active attacks, and cryptographic overhead; unit link capacities and feed-forward structure simplify deployment reality.","source_anchor_ids":["anchor-paper-22-model","anchor-paper-22-conclusion"]},{"id":"paper-22-boundary-evidence","kind":"limitation","parent_id":"paper-22-boundaries","order":2,"epistemic_status":"evaluation_limitation","title":"Optimization, not field measurement","summary":"The MoteLab case uses a derived connectivity map, and the paper reports solver outcomes rather than packet-level network-coding deployment measurements.","source_anchor_ids":["anchor-paper-22-scenarios","anchor-paper-22-evaluation"]},{"id":"paper-22-artifacts","kind":"artifact_group","parent_id":"paper-22","order":8,"epistemic_status":"full_text_available","title":"Artifacts and resources","summary":"The six-page author copy is mirrored locally with fixity metadata and linked to the Oxford origin and IEEE DOI; no code or dataset artifact was identified.","source_anchor_ids":["anchor-paper-22-problem","anchor-paper-22-publication"]},{"id":"paper-22-scrutiny","kind":"scrutiny","parent_id":"paper-22","order":9,"epistemic_status":"publication_recorded","title":"External scrutiny","summary":"The work was published at IEEE GLOBECOM; reviews, replications, and later comparative evaluations were not audited.","source_anchor_ids":["anchor-paper-22-publication"]},{"id":"paper-22-lineage","kind":"lineage","parent_id":"paper-22","order":10,"epistemic_status":"source_asserted","title":"Research lineage","summary":"The work connects information-theoretic network-coding capacity studies with operational link-layer confidentiality constraints by making key-group composition an optimization variable.","source_anchor_ids":["anchor-paper-22-problem","anchor-paper-22-conclusion"]}],"relations":[{"id":"relation-paper-22-answer-addresses-question","type":"addresses","from_id":"paper-22-answer","to_id":"paper-22-question"},{"id":"relation-paper-22-model-realizes-answer","type":"realizes","from_id":"paper-22-method","to_id":"paper-22-answer"},{"id":"relation-paper-22-study-supports-random","type":"supports","from_id":"paper-22-evidence-reproducibility","to_id":"paper-22-claim-random"},{"id":"relation-paper-22-study-supports-motelab","type":"supports","from_id":"paper-22-evidence-reproducibility","to_id":"paper-22-claim-motelab"},{"id":"relation-paper-22-security-proxy-qualifies-answer","type":"qualifies","from_id":"paper-22-scope-security","to_id":"paper-22-answer"},{"id":"relation-paper-22-model-boundary-qualifies-claims","type":"qualifies","from_id":"paper-22-boundary-model","to_id":"paper-22-claims"},{"id":"relation-paper-22-evidence-boundary-qualifies-claims","type":"qualifies","from_id":"paper-22-boundary-evidence","to_id":"paper-22-claims"},{"id":"relation-paper-22-artifacts-enable-audit","type":"enables_audit_of","from_id":"paper-22-artifacts","to_id":"paper-22-evidence"}],"assessment":{"id":"paper-22-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"An explicit optimization model and comparative computational study support the claims within the chosen instances. No code, instances, field experiment, or independent reproduction was audited.","basis_source_anchor_ids":["anchor-paper-22-model","anchor-paper-22-evaluation"]},{"id":"auditability","level":"high","rationale":"The complete author copy is mirrored locally with page count and SHA-256, making the model, parameters, and reported figures inspectable; executable artifacts are absent.","basis_source_anchor_ids":["anchor-paper-22-model","anchor-paper-22-evaluation"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, affiliations, an author-hosted copy, and an IEEE record establish baseline provenance. Roles, revision history, solver inputs, and artifact lineage are not recorded.","basis_source_anchor_ids":["anchor-paper-22-problem","anchor-paper-22-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"The paper has an IEEE GLOBECOM publication record, but review materials and independent replication were not inspected.","basis_source_anchor_ids":["anchor-paper-22-publication"]},{"id":"reception","level":"low","rationale":"OpenAlex reports 0 located citations for this work as of 2026-07-11. This index-specific snapshot may miss citations, versions, or merged records.","basis_source_anchor_ids":["anchor-paper-22-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The paper formalizes a concrete security-performance planning problem and supplies quantitative results, but novelty priority and broader deployment impact were not independently assessed.","basis_source_anchor_ids":["anchor-paper-22-problem","anchor-paper-22-conclusion"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI work record cited_by_count","source_url":"https://openalex.org/W2074968496","citation_count":0,"signals":[],"limitation":"OpenAlex coverage and record matching are incomplete; the count is a dated located-citation snapshot, not a universal citation total."}},"paper_23":{"schema_version":"0.1","map_id":"paper-23-map","publication_id":23,"publication_anchor":"paper-23","slug":"paper-23","canonical_path":"/knowledge/papers/paper-23/","machine_path":"/knowledge/papers/paper-23.json","root_node_id":"paper-23","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"An Architecture for a Resilient Cloud Computing Infrastructure","year":2013,"status":"Published","venue":"IEEE International Conference on Technologies for Homeland Security (HST)","topic":"secure-systems-networks","labels":["Applied"],"authors":["Joshua Baron","Karim Eldefrawy","Aleksey Nogin","Rafail Ostrovsky"],"keywords":["cloud resilience","self-healing systems","secure computation"],"abstract":"This paper proposes an architecture for a resilient cloud computing infrastructure that provably maintains cloud functionality against persistent successful corruptions of cloud nodes. The architecture is composed of a self-healing software mechanism for the entire cloud, as well as hardware-assisted regeneration of compromised (or faulty) nodes from a pristine state. Such an architecture aims to secure critical distributed cloud computations well beyond the current state of the art by tolerating, in a seamless fashion, a continuous rate of successful corruptions up to certain corruption rate limit, e.g., 30% of all cloud nodes may be corrupted within a tunable window of time. The proposed architecture achieves these properties based on a principled separation of distributed task supervision from the computation of user-defined jobs. The task supervision and enduser communication are performed by a new software mechanism called the Control Operations Plane (COP), which builds a trustworthy and resilient, self-healing cloud computing infrastructure out of the underlying untrustworthy and faulty hosts. The COP leverages provably-secure cryptographic protocols that are efficient and robust in the presence of many corrupted participants — such a cloud regularly and unobtrusively refreshes itself by restoring COP nodes from a pristine state at regular intervals.","research_question":"Can a cloud continue supervising and executing distributed jobs despite an ongoing stream of node compromises, provided compromise occurs below a bounded rate and nodes can periodically return to a pristine state?","central_answer":"The source abstract proposes a Control Operations Plane that separates trusted task supervision and end-user communication from user jobs, uses robust cryptographic protocols, and combines software refresh with hardware-assisted regeneration; the paper body was not obtained for this audit, so the precise model, proof, protocol, and evaluation remain unverified here.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"abstract-grounded claim decomposition, provenance search, and initial assessment"}],"method":"Conservative mapping of the complete source abstract transcribed from the public author-uploaded full-text route, plus official publication metadata. The ResearchGate landing page was public, but the manuscript body could not be retrieved without crossing access controls; no body-level technical claim is asserted.","source_scope":"metadata_and_source_abstract","approval":{"status":"pending","note":"AI-authored abstract-grounded map awaiting author verification and a full manuscript audit."}},"sources":[{"id":"source-paper-23-author","type":"author_full_text_route","title":"ResearchGate author-uploaded full-text record","url":"https://www.researchgate.net/publication/261054497_An_architecture_for_a_resilient_cloud_computing_infrastructure","provenance_category":"author","scope_note":"The public page exposes the paper abstract and identifies author-uploaded content; the full body was not retrieved in this audit."},{"id":"source-paper-23-official","type":"publication_record","title":"IEEE HST publication record","url":"https://doi.org/10.1109/THS.2013.6699036"},{"id":"source-paper-23-citations","type":"scholarly_index","title":"OpenAlex work record for paper #23","url":"https://openalex.org/W2040098860","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-23-abstract","source_id":"source-paper-23-author","label":"Complete author-uploaded source abstract","locator":"ResearchGate abstract; author content uploaded 2016; body not audited","url":"https://www.researchgate.net/publication/261054497_An_architecture_for_a_resilient_cloud_computing_infrastructure"},{"id":"anchor-paper-23-publication","source_id":"source-paper-23-official","label":"Official IEEE publication record","locator":"HST 2013, pages 390-395","url":"https://doi.org/10.1109/THS.2013.6699036"},{"id":"anchor-paper-23-citations","source_id":"source-paper-23-citations","label":"Dated OpenAlex citation snapshot","locator":"cited_by_count = 2, accessed 2026-07-11","url":"https://openalex.org/W2040098860"}],"nodes":[{"id":"paper-23","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published_abstract_audited","title":"An Architecture for a Resilient Cloud Computing Infrastructure","summary":"An abstract-grounded architecture for a self-healing cloud control layer that combines cryptographic protocols with periodic regeneration of compromised nodes.","source_anchor_ids":["anchor-paper-23-abstract"]},{"id":"paper-23-question","kind":"question","parent_id":"paper-23","order":1,"epistemic_status":"research_question_from_abstract","title":"Research question","summary":"How can critical cloud functionality survive persistent successful node corruptions rather than only a fixed set of failures?","source_anchor_ids":["anchor-paper-23-abstract"]},{"id":"paper-23-answer","kind":"contribution","parent_id":"paper-23","order":2,"epistemic_status":"source_abstract_asserted","title":"Central answer","summary":"Separate supervision from user computation in a Control Operations Plane and periodically restore its nodes from pristine state while robust cryptographic protocols maintain distributed control.","source_anchor_ids":["anchor-paper-23-abstract"]},{"id":"paper-23-scope","kind":"scope","parent_id":"paper-23","order":3,"epistemic_status":"abstract_level","title":"Abstract-level model","summary":"The abstract describes untrustworthy cloud hosts, continuous successful corruptions below a rate limit, tunable recovery windows, and hardware-assisted restoration.","source_anchor_ids":["anchor-paper-23-abstract"]},{"id":"paper-23-scope-adversary","kind":"threat_model","parent_id":"paper-23-scope","order":1,"epistemic_status":"incompletely_specified","title":"Persistent mobile compromise","summary":"The motivating adversary can repeatedly compromise nodes; the abstract gives 30% within a tunable window as an example, not enough detail here to reconstruct exact quantifiers, scheduling power, or synchrony assumptions.","source_anchor_ids":["anchor-paper-23-abstract"]},{"id":"paper-23-method","kind":"method","parent_id":"paper-23","order":4,"epistemic_status":"source_abstract_asserted","title":"Control Operations Plane","summary":"COP handles distributed task supervision and end-user communication separately from user-defined jobs, creating a narrow control substrate over faulty hosts.","source_anchor_ids":["anchor-paper-23-abstract"]},{"id":"paper-23-method-refresh","kind":"component","parent_id":"paper-23-method","order":1,"epistemic_status":"source_abstract_asserted","title":"Software refresh plus hardware regeneration","summary":"The architecture combines cloud-wide self-healing software with regular hardware-assisted restoration of compromised or faulty COP nodes from a pristine state.","source_anchor_ids":["anchor-paper-23-abstract"]},{"id":"paper-23-claims","kind":"claim_group","parent_id":"paper-23","order":5,"epistemic_status":"abstract_only","title":"Abstract-level claims","summary":"The abstract claims maintained cloud functionality below a corruption-rate bound and attributes it to COP, robust cryptographic protocols, and periodic regeneration.","source_anchor_ids":["anchor-paper-23-abstract"]},{"id":"paper-23-evidence","kind":"evidence_group","parent_id":"paper-23","order":6,"epistemic_status":"not_body_audited","title":"Evidence presently visible","summary":"Only the source abstract and publication record were audited; figures, protocol specifications, proof arguments, simulations, and implementation evidence in the paper body were not inspected.","source_anchor_ids":["anchor-paper-23-abstract","anchor-paper-23-publication"]},{"id":"paper-23-boundaries","kind":"limitation_group","parent_id":"paper-23","order":7,"epistemic_status":"material_source_gap","title":"Unverified boundaries","summary":"The map cannot certify the exact corruption/recovery schedule, threshold, liveness model, trusted hardware state, protocol instantiation, proof theorem, performance, or deployment evidence without the manuscript body.","source_anchor_ids":["anchor-paper-23-abstract"]},{"id":"paper-23-artifacts","kind":"artifact_group","parent_id":"paper-23","order":8,"epistemic_status":"public_route_not_locally_fixed","title":"Artifacts and resources","summary":"An official DOI and an author-uploaded full-text route exist, but no local fixed manuscript or software artifact was added because the public host blocked direct body retrieval in this audit.","source_anchor_ids":["anchor-paper-23-abstract","anchor-paper-23-publication"]},{"id":"paper-23-scrutiny","kind":"scrutiny","parent_id":"paper-23","order":9,"epistemic_status":"publication_recorded","title":"External scrutiny","summary":"The work was published at IEEE HST 2013; review reports, proof checking, reproductions, and later operational evaluations were not audited.","source_anchor_ids":["anchor-paper-23-publication"]},{"id":"paper-23-lineage","kind":"lineage","parent_id":"paper-23","order":10,"epistemic_status":"source_abstract_asserted","title":"Research direction","summary":"The architecture treats proactive secure computation and trusted restoration as a cloud control substrate, anticipating a broader self-healing CloudCOP line.","source_anchor_ids":["anchor-paper-23-abstract"]}],"relations":[{"id":"relation-paper-23-answer-addresses-question","type":"addresses","from_id":"paper-23-answer","to_id":"paper-23-question"},{"id":"relation-paper-23-method-realizes-answer","type":"realizes","from_id":"paper-23-method","to_id":"paper-23-answer"},{"id":"relation-paper-23-refresh-realizes-method","type":"realizes","from_id":"paper-23-method-refresh","to_id":"paper-23-method"},{"id":"relation-paper-23-evidence-supports-claims","type":"supports","from_id":"paper-23-evidence","to_id":"paper-23-claims"},{"id":"relation-paper-23-boundaries-qualify-claims","type":"qualifies","from_id":"paper-23-boundaries","to_id":"paper-23-claims"}],"assessment":{"id":"paper-23-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"low","rationale":"A complete source abstract identifies the architecture and intended guarantee, but the model, protocol, proof, and evaluation body were not obtained or audited.","basis_source_anchor_ids":["anchor-paper-23-abstract"]},{"id":"auditability","level":"high","rationale":"A public author-uploaded full-text route exists, satisfying the site's author-copy rule, but this audit could not retrieve and locally fix the body; the map therefore remains abstract-grounded.","basis_source_anchor_ids":["anchor-paper-23-abstract"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, an author-uploaded record, and an IEEE publication record establish baseline provenance; roles, revisions, and artifact lineage are unknown.","basis_source_anchor_ids":["anchor-paper-23-abstract","anchor-paper-23-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"The work has an IEEE conference publication record, but review materials and independent validation were not inspected.","basis_source_anchor_ids":["anchor-paper-23-publication"]},{"id":"reception","level":"low","rationale":"OpenAlex reports 2 located citations as of 2026-07-11. The count is index-specific and may omit versions or citations.","basis_source_anchor_ids":["anchor-paper-23-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The abstract presents a distinctive proactive cloud-control architecture, but novelty priority, theorem strength, and downstream impact were not body-audited.","basis_source_anchor_ids":["anchor-paper-23-abstract"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI work record cited_by_count","source_url":"https://openalex.org/W2040098860","citation_count":2,"signals":[],"limitation":"OpenAlex coverage and record matching are incomplete; this is a dated located-citation snapshot."}},"paper_24":{"schema_version":"0.1","map_id":"paper-24-map","publication_id":24,"publication_anchor":"paper-24","slug":"paper-24","canonical_path":"/knowledge/papers/paper-24/","machine_path":"/knowledge/papers/paper-24.json","root_node_id":"paper-24","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol","scheme"],"title":"Disincentivizing/Incentivizing Malicious/Honest Behavior on the Internet via Privacy-Preserving AppCoins","year":2014,"status":"Published","venue":"Ninth Workshop on Secure Network Protocols (NPSec), co-located with IEEE ICNP","topic":"privacy-identity","labels":["Theory","Applied"],"authors":["Karim Eldefrawy","Joshua Lampkins"],"keywords":["micropayments","incentives","privacy"],"research_question":"Can privacy-preserving, low-overhead application-specific micropayments raise the economic cost of abusive Internet behavior while rewarding cooperative behavior?","central_answer":"The available summary-level description says AppCoins combine privacy, non-malleability, and double-spending resistance and can be integrated into email and onion routing, with a performance analysis reported as practical on commodity hardware; no public manuscript was located, so the construction and evidence cannot yet be mapped below that level.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"bounded provenance search, abstract-level synthesis, and initial assessment"}],"method":"Systematic search of the official DOI, author/coauthor and institutional publication pages, scholarly indexes, and exact-title web results. OpenAlex reports the DOI as closed with no repository full text; no legitimate public manuscript was found. Technical structure below is therefore limited to the editorial summary already represented by the curated record.","source_scope":"metadata_and_editorial_summary","approval":{"status":"pending","note":"AI-authored bounded map awaiting author verification and a manuscript. No protocol or performance detail beyond the available editorial summary should be treated as audited."}},"sources":[{"id":"source-paper-24-site","type":"curated_record","title":"Curated publication record for paper #24","url":"/publications/#paper-24","scope_note":"Editorial summary, not a substitute for full text."},{"id":"source-paper-24-official","type":"publication_record","title":"IEEE NPSec/ICNP publication record","url":"https://doi.org/10.1109/ICNP.2014.100"},{"id":"source-paper-24-citations","type":"scholarly_index","title":"OpenAlex work record for paper #24","url":"https://openalex.org/W2066484879","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-24-editorial","source_id":"source-paper-24-site","label":"Curated editorial description","locator":"Site editorial summary; manuscript not audited","url":"/publications/#paper-24"},{"id":"anchor-paper-24-publication","source_id":"source-paper-24-official","label":"Official IEEE publication record","locator":"NPSec 2014 / ICNP proceedings, pages 630-635","url":"https://doi.org/10.1109/ICNP.2014.100"},{"id":"anchor-paper-24-citations","source_id":"source-paper-24-citations","label":"Dated OpenAlex citation snapshot","locator":"cited_by_count = 4, accessed 2026-07-11","url":"https://openalex.org/W2066484879"}],"nodes":[{"id":"paper-24","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published_metadata_only","title":"Privacy-Preserving AppCoins","summary":"A proposed application-specific micropayment mechanism intended to attach economic incentives and disincentives to online behavior while preserving user privacy.","source_anchor_ids":["anchor-paper-24-editorial"]},{"id":"paper-24-question","kind":"question","parent_id":"paper-24","order":1,"epistemic_status":"editorial_synthesis_pending_source_audit","title":"Research question","summary":"Can low-cost private digital coins deter abuse and reward cooperation without turning the payment mechanism into a user-tracking system?","source_anchor_ids":["anchor-paper-24-editorial"]},{"id":"paper-24-answer","kind":"contribution","parent_id":"paper-24","order":2,"epistemic_status":"editorial_summary_report","title":"Reported central answer","summary":"Define AppCoins and cryptographic protocols intended to resist malleation and double spending, then adapt email and onion-routing examples to consume or award them.","source_anchor_ids":["anchor-paper-24-editorial"]},{"id":"paper-24-scope","kind":"scope","parent_id":"paper-24","order":3,"epistemic_status":"incompletely_specified","title":"Intended scope","summary":"The available description covers micropayment-based incentives for online applications, with email and onion routing as examples; issuer, spender, verifier, trust, and privacy models were not recoverable without the paper.","source_anchor_ids":["anchor-paper-24-editorial"]},{"id":"paper-24-method","kind":"method","parent_id":"paper-24","order":4,"epistemic_status":"reported_not_source_audited","title":"Reported AppCoin protocols","summary":"The site record reports privacy-preserving, non-malleable, double-spending-resistant coin protocols and application integration, but no algorithms, security games, assumptions, or message flows were available for audit.","source_anchor_ids":["anchor-paper-24-editorial"]},{"id":"paper-24-claims","kind":"claim_group","parent_id":"paper-24","order":5,"epistemic_status":"reported_not_source_audited","title":"Reported claims","summary":"The record says AppCoins can increase attackers' financial cost, reward honest behavior, and run with practical commodity-hardware overhead; exact hypotheses and measurements are unavailable.","source_anchor_ids":["anchor-paper-24-editorial"]},{"id":"paper-24-evidence","kind":"evidence_group","parent_id":"paper-24","order":6,"epistemic_status":"unavailable_for_audit","title":"Evidence gap","summary":"The publication metadata confirms the paper exists, but neither proofs nor the reported performance analysis were inspectable; the current map supplies no independent support for the technical claims.","source_anchor_ids":["anchor-paper-24-editorial","anchor-paper-24-publication"]},{"id":"paper-24-boundaries","kind":"limitation_group","parent_id":"paper-24","order":7,"epistemic_status":"material_source_gap","title":"Unverified boundaries","summary":"Privacy definition, non-malleability game, double-spending detection, issuer trust, unlinkability, value transfer, incentive equilibrium, application abuse model, and benchmark setup all require the missing manuscript.","source_anchor_ids":["anchor-paper-24-editorial"]},{"id":"paper-24-artifacts","kind":"artifact_group","parent_id":"paper-24","order":8,"epistemic_status":"metadata_only","title":"Artifacts and resources","summary":"Only the official DOI and bibliographic records were located. OpenAlex identifies no open or repository full text; no author copy, archive manuscript, code, or data was found.","source_anchor_ids":["anchor-paper-24-publication"]},{"id":"paper-24-scrutiny","kind":"scrutiny","parent_id":"paper-24","order":9,"epistemic_status":"publication_recorded","title":"External scrutiny","summary":"The paper appears in the NPSec workshop proceedings co-located with IEEE ICNP; review materials and subsequent technical scrutiny were not audited.","source_anchor_ids":["anchor-paper-24-publication"]},{"id":"paper-24-lineage","kind":"lineage","parent_id":"paper-24","order":10,"epistemic_status":"editorial_synthesis_pending_source_audit","title":"Research direction","summary":"The work frames privacy-preserving cryptographic tokens as application-layer incentive instruments rather than general-purpose currency.","source_anchor_ids":["anchor-paper-24-editorial"]}],"relations":[{"id":"relation-paper-24-answer-addresses-question","type":"addresses","from_id":"paper-24-answer","to_id":"paper-24-question"},{"id":"relation-paper-24-method-describes-answer","type":"describes_approach_to","from_id":"paper-24-method","to_id":"paper-24-answer"},{"id":"relation-paper-24-evidence-supports-claims","type":"supports","from_id":"paper-24-evidence","to_id":"paper-24-claims"},{"id":"relation-paper-24-boundaries-qualify-claims","type":"qualifies","from_id":"paper-24-boundaries","to_id":"paper-24-claims"}],"assessment":{"id":"paper-24-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"low","rationale":"Only publication metadata and a curated editorial summary are inspectable; protocols, proofs, incentive analysis, and performance evidence were not audited.","basis_source_anchor_ids":["anchor-paper-24-editorial","anchor-paper-24-publication"]},{"id":"auditability","level":"medium","rationale":"An official publication record exists, but no public archive or author-hosted copy was located; full assumptions, evidence, and version identity are not readily auditable from this map.","basis_source_anchor_ids":["anchor-paper-24-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship and an IEEE proceedings record establish baseline provenance. Roles, revisions, artifacts, and production history are not documented.","basis_source_anchor_ids":["anchor-paper-24-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"The work has a workshop proceedings record, but review criteria, reports, and independent evaluation were not inspected.","basis_source_anchor_ids":["anchor-paper-24-publication"]},{"id":"reception","level":"low","rationale":"OpenAlex reports 4 located citations as of 2026-07-11. The count is index-specific and may omit versions or citations.","basis_source_anchor_ids":["anchor-paper-24-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The application-specific private-token framing is concrete, but technical novelty and practical impact cannot be certified without the manuscript.","basis_source_anchor_ids":["anchor-paper-24-editorial"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI work record cited_by_count","source_url":"https://openalex.org/W2066484879","citation_count":4,"signals":[],"limitation":"OpenAlex coverage and record matching are incomplete; this is a dated located-citation snapshot."}},"paper_25":{"schema_version":"0.1","map_id":"paper-25-map","publication_id":25,"publication_anchor":"paper-25","slug":"paper-25","canonical_path":"/knowledge/papers/paper-25/","machine_path":"/knowledge/papers/paper-25.json","root_node_id":"paper-25","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol","scheme"],"title":"How to Withstand Mobile Virus Attacks, Revisited","year":2014,"status":"Published","venue":"ACM Symposium on Principles of Distributed Computing (PODC)","topic":"secure-encrypted-computation","labels":["Theory"],"authors":["Joshua Baron","Karim Eldefrawy","Joshua Lampkins","Rafail Ostrovsky"],"keywords":["proactive MPC","mobile adversaries","packed secret sharing"],"research_question":"Can proactive secure multiparty computation against an adaptive mobile adversary achieve universal composability, near-linear communication, and near-optimal corruption thresholds despite the need to refresh all long-lived state?","central_answer":"The paper introduces packed proactive secret sharing with constant amortized communication per secret, a Block-Redistribute protocol that refreshes and restores packed shares, and a layer-by-layer proactive MPC protocol; party virtualization raises the reported perfect-security threshold toward one third and the statistical threshold toward one half.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, theorem/assumption mapping, evidence linking, and initial assessment"}],"method":"Source-grounded review of the complete 34-page UCLA author-hosted full version, including definitions, protocol specifications, complexity analysis, UC ideal functionalities, and appendix proofs; PDF pages 1 and 12 were rendered and visually inspected.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source-linked map awaiting author verification. The paper proofs were mapped but not independently reproved or machine checked."}},"sources":[{"id":"source-paper-25-fulltext","type":"scholarly_article","title":"How to Withstand Mobile Virus Attacks, Revisited (author-hosted full version)","url":"/pubs/2014/how-to-withstand-mobile-virus-attacks-revisited.pdf","media_type":"application/pdf","sha256":"6035df99829f970f28ad4522659ab5887de378dd28d1e220095e548711ccb4cd","page_count":34,"provenance_category":"author","version_note":"Complete author version with appendices; not compared line by line with the ten-page PODC proceedings version."},{"id":"source-paper-25-author-origin","type":"author_copy","title":"UCLA author copy","url":"https://web.cs.ucla.edu/~rafail/PUBLIC/167.pdf"},{"id":"source-paper-25-official","type":"publication_record","title":"ACM PODC publication record","url":"https://doi.org/10.1145/2611462.2611474"},{"id":"source-paper-25-citations","type":"scholarly_index","title":"OpenAlex work record for paper #25","url":"https://openalex.org/W2029416521","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-25-problem","source_id":"source-paper-25-fulltext","label":"Problem, roadblocks, contributions, and headline bounds","locator":"Abstract and Sections 1.2-1.4, PDF pages 1-5","url":"/pubs/2014/how-to-withstand-mobile-virus-attacks-revisited.pdf#page=1"},{"id":"anchor-paper-25-model","source_id":"source-paper-25-fulltext","label":"Proactive UC model, phases, erasures, and baseline parameters","locator":"Section 2, PDF pages 5-7","url":"/pubs/2014/how-to-withstand-mobile-virus-attacks-revisited.pdf#page=5"},{"id":"anchor-paper-25-redistribution","source_id":"source-paper-25-fulltext","label":"Packed sharing and Block-Redistribute","locator":"Sections 3.2-3.3 and Theorem 1, PDF pages 8-11","url":"/pubs/2014/how-to-withstand-mobile-virus-attacks-revisited.pdf#page=8"},{"id":"anchor-paper-25-pmpc","source_id":"source-paper-25-fulltext","label":"Layer-by-layer PMPC protocol and complexity","locator":"Sections 3.4-3.5 and Figure 1, PDF pages 11-13","url":"/pubs/2014/how-to-withstand-mobile-virus-attacks-revisited.pdf#page=11"},{"id":"anchor-paper-25-theorems","source_id":"source-paper-25-fulltext","label":"Perfect and statistical proactive-security theorems","locator":"Theorems 2-3, PDF page 13; Theorem 12, PDF page 34","url":"/pubs/2014/how-to-withstand-mobile-virus-attacks-revisited.pdf#page=13"},{"id":"anchor-paper-25-uc-definition","source_id":"source-paper-25-fulltext","label":"Exact proactive UC execution and security definitions","locator":"Appendix A, PDF pages 15-18","url":"/pubs/2014/how-to-withstand-mobile-virus-attacks-revisited.pdf#page=15"},{"id":"anchor-paper-25-proofs","source_id":"source-paper-25-fulltext","label":"Redistribution and PMPC proof chain","locator":"Appendices B and D, PDF pages 18-21 and 26-29","url":"/pubs/2014/how-to-withstand-mobile-virus-attacks-revisited.pdf#page=18"},{"id":"anchor-paper-25-virtualization","source_id":"source-paper-25-fulltext","label":"Party virtualization and near-optimal thresholds","locator":"Appendix E, PDF pages 29-34","url":"/pubs/2014/how-to-withstand-mobile-virus-attacks-revisited.pdf#page=29"},{"id":"anchor-paper-25-publication","source_id":"source-paper-25-official","label":"Official ACM publication record","locator":"PODC 2014, pages 293-302","url":"https://doi.org/10.1145/2611462.2611474"},{"id":"anchor-paper-25-citations","source_id":"source-paper-25-citations","label":"Dated OpenAlex citation snapshot","locator":"cited_by_count = 37, accessed 2026-07-11","url":"https://openalex.org/W2029416521"}],"nodes":[{"id":"paper-25","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"How to Withstand Mobile Virus Attacks, Revisited","summary":"A proactive MPC construction that refreshes computation state against mobile corruption using packed proactive secret sharing and communication-efficient redistribution.","source_anchor_ids":["anchor-paper-25-problem"]},{"id":"paper-25-question","kind":"question","parent_id":"paper-25","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can the communication improvements of stationary-fault MPC survive a model in which an adversary eventually corrupts every party, subject only to a per-stage rate bound?","source_anchor_ids":["anchor-paper-25-problem"]},{"id":"paper-25-answer","kind":"contribution","parent_id":"paper-25","order":2,"epistemic_status":"source_asserted","title":"Central answer","summary":"Pack Θ(n) secrets into polynomial sharings, refresh and restore them with hyper-invertible-matrix checks, and evaluate a transformed circuit layer by layer with redistribution after every layer.","source_anchor_ids":["anchor-paper-25-redistribution","anchor-paper-25-pmpc"]},{"id":"paper-25-scope","kind":"scope","parent_id":"paper-25","order":3,"epistemic_status":"defined","title":"Proactive execution model","summary":"Parties communicate synchronously over perfectly secure point-to-point channels and broadcast, erase old state, and alternate operation with refreshment stages.","source_anchor_ids":["anchor-paper-25-model","anchor-paper-25-uc-definition"]},{"id":"paper-25-scope-adversary","kind":"threat_model","parent_id":"paper-25-scope","order":1,"epistemic_status":"defined","title":"Active adaptive mobile adversary","summary":"The adversary may adaptively corrupt different parties over time, but at most the stated threshold per stage; a party corrupted during a refresh counts in both adjacent stages.","source_anchor_ids":["anchor-paper-25-model","anchor-paper-25-uc-definition"]},{"id":"paper-25-scope-recovery","kind":"assumption","parent_id":"paper-25-scope","order":2,"epistemic_status":"assumed","title":"Reboot and erasure assumptions","summary":"Corrupted parties can be rebooted to a pristine state with global computation information and secure-channel access, and honest-period randomness and erased state remain unrecoverable; selecting whom to reboot is outside the protocol.","source_anchor_ids":["anchor-paper-25-problem","anchor-paper-25-model"]},{"id":"paper-25-method","kind":"method","parent_id":"paper-25","order":4,"epistemic_status":"specified","title":"Construction stack","summary":"The protocol composes packed sharing, proactive redistribution, circuit normalization and permutation, per-layer arithmetic, and party virtualization.","source_anchor_ids":["anchor-paper-25-redistribution","anchor-paper-25-pmpc","anchor-paper-25-virtualization"]},{"id":"paper-25-method-ppss","kind":"component","parent_id":"paper-25-method","order":1,"epistemic_status":"specified_and_proved","title":"Packed proactive secret sharing","summary":"Multiple secrets occupy evaluation points of one polynomial; random masking polynomials and hyper-invertible matrices amortize refresh and checking to O(1) communication per secret.","source_anchor_ids":["anchor-paper-25-problem","anchor-paper-25-redistribution"]},{"id":"paper-25-method-redistribute","kind":"component","parent_id":"paper-25-method","order":2,"epistemic_status":"specified_and_proved","title":"Block-Redistribute","summary":"Three phases rerandomize packed sharings, verifiably double-share state, and reconstruct current shares for rebooted parties using Berlekamp-Welch recovery.","source_anchor_ids":["anchor-paper-25-redistribution","anchor-paper-25-proofs"]},{"id":"paper-25-method-pmpc","kind":"component","parent_id":"paper-25-method","order":3,"epistemic_status":"specified_and_proved","title":"Layer-by-layer PMPC","summary":"Inputs are robustly shared; secrets are permuted for each homogeneous addition or multiplication layer; obsolete state is erased; all live sharings are redistributed after every layer before final reconstruction.","source_anchor_ids":["anchor-paper-25-pmpc"]},{"id":"paper-25-claims","kind":"claim_group","parent_id":"paper-25","order":5,"epistemic_status":"proved_conditional","title":"Principal theorems","summary":"The paper states UC-security and communication bounds under explicit network, erasure, circuit-width, and corruption-rate conditions.","source_anchor_ids":["anchor-paper-25-redistribution","anchor-paper-25-theorems"]},{"id":"paper-25-claim-redistribution","kind":"claim","parent_id":"paper-25-claims","order":1,"epistemic_status":"proved_conditional","title":"Redistribution theorem","summary":"Theorem 1 states perfect UC realization of the redistribution functionality against adaptive corruption threshold n/8, assuming secure point-to-point and broadcast channels, with O(W + poly(n)) communication for W secrets.","source_anchor_ids":["anchor-paper-25-redistribution","anchor-paper-25-proofs"]},{"id":"paper-25-claim-pmpc","kind":"claim","parent_id":"paper-25-claims","order":2,"epistemic_status":"proved_conditional","title":"Base PMPC theorem","summary":"For an n-party arithmetic circuit at least Ω(n) gates wide, Theorem 2 gives perfect proactive UC security against an active adaptive adversary corrupting fewer than n/8 parties per stage.","source_anchor_ids":["anchor-paper-25-theorems","anchor-paper-25-proofs"]},{"id":"paper-25-claim-thresholds","kind":"claim","parent_id":"paper-25-claims","order":3,"epistemic_status":"proved_conditional","title":"Virtualized thresholds","summary":"Theorem 3 raises perfect security to any constant corruption fraction δ < 1/3, while the statistical variant in Theorem 12 supports δ < 1/2.","source_anchor_ids":["anchor-paper-25-theorems","anchor-paper-25-virtualization"]},{"id":"paper-25-claim-complexity","kind":"claim","parent_id":"paper-25-claims","order":4,"epistemic_status":"analytically_supported","title":"Near-linear communication","summary":"The final virtualized construction is reported with communication O(C log² C polylog n + D poly(n) log² C), where C and D are circuit size and depth; packed share maintenance is constant amortized per secret.","source_anchor_ids":["anchor-paper-25-problem","anchor-paper-25-pmpc"]},{"id":"paper-25-evidence","kind":"evidence_group","parent_id":"paper-25","order":6,"epistemic_status":"formal_paper_evidence","title":"Evidence chain","summary":"The source supplies ideal functionalities, explicit protocols, complexity derivations, simulators for redistribution, an inductive PMPC simulation, and committee-based threshold amplification.","source_anchor_ids":["anchor-paper-25-uc-definition","anchor-paper-25-proofs","anchor-paper-25-virtualization"]},{"id":"paper-25-evidence-proof","kind":"evidence","parent_id":"paper-25-evidence","order":1,"epistemic_status":"paper_proof_not_machine_checked","title":"UC proof structure","summary":"The appendices compare real and ideal executions, construct simulators, and use layer induction plus prior subprotocol security; this audit checked statement/assumption alignment but did not rederive every simulation step.","source_anchor_ids":["anchor-paper-25-proofs"]},{"id":"paper-25-boundaries","kind":"limitation_group","parent_id":"paper-25","order":7,"epistemic_status":"material","title":"Trusted boundaries and limitations","summary":"The guarantees rely on synchrony, secure channels, broadcast, erasures, reliable pristine reboot, stage-rate enforcement, and sufficiently wide arithmetic circuits.","source_anchor_ids":["anchor-paper-25-model","anchor-paper-25-theorems"]},{"id":"paper-25-boundary-systems","kind":"limitation","parent_id":"paper-25-boundaries","order":1,"epistemic_status":"assumed","title":"Recovery mechanism is external","summary":"The paper does not specify how compromise is detected, how parties are selected and securely rebooted, or how proactive PKI/secure channels and broadcast are implemented.","source_anchor_ids":["anchor-paper-25-problem","anchor-paper-25-model"]},{"id":"paper-25-boundary-evidence","kind":"limitation","parent_id":"paper-25-boundaries","order":2,"epistemic_status":"no_empirical_evaluation","title":"No implementation evaluation","summary":"Evidence is theoretical; the audited version does not provide code, benchmarks, network measurements, or concrete parameter sizing.","source_anchor_ids":["anchor-paper-25-pmpc"]},{"id":"paper-25-artifacts","kind":"artifact_group","parent_id":"paper-25","order":8,"epistemic_status":"full_text_available","title":"Artifacts and resources","summary":"A fixed local mirror of the 34-page author full version and the ACM publication record are available; no implementation repository was identified.","source_anchor_ids":["anchor-paper-25-problem","anchor-paper-25-publication"]},{"id":"paper-25-scrutiny","kind":"scrutiny","parent_id":"paper-25","order":9,"epistemic_status":"publication_recorded","title":"External scrutiny","summary":"The work was published at ACM PODC 2014; review reports, independent proof audits, and implementations were not examined.","source_anchor_ids":["anchor-paper-25-publication"]},{"id":"paper-25-lineage","kind":"lineage","parent_id":"paper-25","order":10,"epistemic_status":"documented","title":"Research lineage","summary":"The construction revisits the Ostrovsky-Yung proactive model using packed-sharing and hyper-invertible-matrix techniques from later efficient MPC, and it directly precedes the dynamic-group protocol in paper #28.","source_anchor_ids":["anchor-paper-25-problem"]}],"relations":[{"id":"relation-paper-25-answer-addresses-question","type":"addresses","from_id":"paper-25-answer","to_id":"paper-25-question"},{"id":"relation-paper-25-method-realizes-answer","type":"realizes","from_id":"paper-25-method","to_id":"paper-25-answer"},{"id":"relation-paper-25-proof-supports-redistribution","type":"supports","from_id":"paper-25-evidence-proof","to_id":"paper-25-claim-redistribution"},{"id":"relation-paper-25-proof-supports-pmpc","type":"supports","from_id":"paper-25-evidence-proof","to_id":"paper-25-claim-pmpc"},{"id":"relation-paper-25-adversary-qualifies-pmpc","type":"qualifies","from_id":"paper-25-scope-adversary","to_id":"paper-25-claim-pmpc"},{"id":"relation-paper-25-recovery-qualifies-pmpc","type":"qualifies","from_id":"paper-25-scope-recovery","to_id":"paper-25-claim-pmpc"},{"id":"relation-paper-25-boundaries-qualify-claims","type":"qualifies","from_id":"paper-25-boundaries","to_id":"paper-25-claims"},{"id":"relation-paper-25-artifacts-enable-audit","type":"enables_audit_of","from_id":"paper-25-artifacts","to_id":"paper-25-evidence"}],"assessment":{"id":"paper-25-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The complete source gives formal definitions, protocols, complexity analyses, and UC proof arguments. No machine-checked proof, implementation, or independent reproduction was audited.","basis_source_anchor_ids":["anchor-paper-25-theorems","anchor-paper-25-proofs"]},{"id":"auditability","level":"high","rationale":"A complete author-hosted full version with all appendices is mirrored locally with page count and SHA-256, making assumptions and proofs inspectable. Proceedings-version identity and independent proof checking remain open.","basis_source_anchor_ids":["anchor-paper-25-problem","anchor-paper-25-proofs"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, an author-hosted full version, acknowledgements, and an ACM record establish baseline provenance. Roles, revision history, and artifact lineage are not captured.","basis_source_anchor_ids":["anchor-paper-25-problem","anchor-paper-25-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"The work has an ACM PODC publication record, but reviews, independent proof audits, and implementations were not inspected.","basis_source_anchor_ids":["anchor-paper-25-publication"]},{"id":"reception","level":"high","rationale":"OpenAlex reports 37 located citations as of 2026-07-11, meeting the site's 11+ high threshold. The index may merge or omit versions and does not establish correctness or adoption.","basis_source_anchor_ids":["anchor-paper-25-citations"]},{"id":"contribution_significance","level":"high","rationale":"The paper reports the first perfectly UC-secure proactive MPC with near-linear communication and introduces packed proactive secret sharing with constant amortized per-secret cost; this is a source-level priority claim, not an independent historical adjudication.","basis_source_anchor_ids":["anchor-paper-25-problem"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI work record cited_by_count","source_url":"https://openalex.org/W2029416521","citation_count":37,"signals":[],"limitation":"OpenAlex coverage, deduplication, and version merging are imperfect; the count is a dated located-citation snapshot."}},"paper_26":{"schema_version":"0.1","map_id":"paper-26-map","publication_id":26,"publication_anchor":"paper-26","slug":"paper-26","canonical_path":"/knowledge/papers/paper-26/","machine_path":"/knowledge/papers/paper-26.json","root_node_id":"paper-26","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"Founding Digital Currency on Secure Computation","year":2014,"status":"Published","venue":"ACM Conference on Computer and Communications Security (CCS)","topic":"secure-encrypted-computation","labels":["Theory"],"authors":["Karim Eldefrawy","Joshua Lampkins"],"keywords":["digital currency","secure computation","distributed ledger"],"abstract":"Most current digital currency schemes and associated ledgers are either centralized or completely distributed similar to the design adopted by Bitcoin. Centralized schemes enable accountability, but leave the privacy of users' identities and transactions in the hands of one organization. Distributed schemes can ensure better privacy but provide little accountability. In this paper we design a privacy-preserving proactively-secure distributed ledger and associated transaction protocols that can be used to implement an accountable digital currency that inherits the ledger's privacy and security features. One of the main technical challenges that we address is dealing with the increase in ledger size over time, an unavoidable aspect as the currency spreads and the ledger is required to be maintained for a long time in the future. We accomplish this by reducing the distributed (secret-shared) storage footprint and the required bandwidth and computation for proactively refreshing the ledger to ensure long-term confidentiality and security.","research_question":"Can a digital currency combine centralized-style accountability with transaction and identity privacy while preserving a growing ledger against mobile long-term compromise?","central_answer":"The source abstract reports a privacy-preserving, proactively secure secret-shared ledger and transaction protocols, with techniques intended to reduce storage and proactive-refresh costs as the ledger grows; the manuscript body was not retrievable in this audit, so its exact parties, games, thresholds, constructions, and proofs remain pending.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"abstract-grounded claim decomposition, provenance search, and initial assessment"}],"method":"Conservative mapping of the complete abstract previously transcribed from the public ResearchGate author-uploaded PDF, plus the ACM publication record. Direct retrieval was blocked by the public host, and no alternative legitimate author/archive copy was located; the paper body was not audited.","source_scope":"metadata_and_source_abstract","approval":{"status":"pending","note":"AI-authored abstract-grounded map awaiting author verification and full manuscript audit."}},"sources":[{"id":"source-paper-26-author","type":"author_full_text_route","title":"ResearchGate author-uploaded PDF","url":"https://www.researchgate.net/profile/Karim-Eldefrawy-2/publication/285835450_Founding_Digital_Currency_on_Secure_Computation/links/573dee9a08ae9f741b2ffd5a/Founding-Digital-Currency-on-Secure-Computation.pdf","provenance_category":"author","scope_note":"Complete abstract is transcribed in this map; body retrieval was blocked during this audit."},{"id":"source-paper-26-official","type":"publication_record","title":"ACM CCS publication record","url":"https://doi.org/10.1145/2660267.2660293"},{"id":"source-paper-26-citations","type":"scholarly_index","title":"OpenAlex work record for paper #26","url":"https://openalex.org/W2163898713","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-26-abstract","source_id":"source-paper-26-author","label":"Complete author-uploaded source abstract","locator":"Abstract transcribed from author-uploaded PDF; body not audited","url":"https://www.researchgate.net/profile/Karim-Eldefrawy-2/publication/285835450_Founding_Digital_Currency_on_Secure_Computation/links/573dee9a08ae9f741b2ffd5a/Founding-Digital-Currency-on-Secure-Computation.pdf"},{"id":"anchor-paper-26-publication","source_id":"source-paper-26-official","label":"Official ACM publication record","locator":"CCS 2014, pages 1-14","url":"https://doi.org/10.1145/2660267.2660293"},{"id":"anchor-paper-26-citations","source_id":"source-paper-26-citations","label":"Dated OpenAlex citation snapshot","locator":"cited_by_count = 24, accessed 2026-07-11","url":"https://openalex.org/W2163898713"}],"nodes":[{"id":"paper-26","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published_abstract_audited","title":"Founding Digital Currency on Secure Computation","summary":"An abstract-grounded design for an accountable digital currency whose ledger remains secret-shared and proactively refreshed.","source_anchor_ids":["anchor-paper-26-abstract"]},{"id":"paper-26-question","kind":"question","parent_id":"paper-26","order":1,"epistemic_status":"research_question_from_abstract","title":"Research question","summary":"Can ledger confidentiality and user privacy coexist with enforceable accountability and long-lived proactive security?","source_anchor_ids":["anchor-paper-26-abstract"]},{"id":"paper-26-answer","kind":"contribution","parent_id":"paper-26","order":2,"epistemic_status":"source_abstract_asserted","title":"Central answer","summary":"Maintain the ledger through distributed secret sharing and secure computation, attach privacy-preserving transaction protocols, and optimize storage and refresh as the ledger expands.","source_anchor_ids":["anchor-paper-26-abstract"]},{"id":"paper-26-scope","kind":"scope","parent_id":"paper-26","order":3,"epistemic_status":"abstract_level","title":"Privacy-accountability design space","summary":"The abstract positions the design between one accountable but privacy-concentrating organization and a fully distributed system with less accountability.","source_anchor_ids":["anchor-paper-26-abstract"]},{"id":"paper-26-scope-adversary","kind":"threat_model","parent_id":"paper-26-scope","order":1,"epistemic_status":"incompletely_specified","title":"Long-term mobile compromise","summary":"Proactive refresh implies security against changing corruptions over time, but the abstract does not state server count, corruption threshold, synchrony, erasures, authorization, or accountability trigger.","source_anchor_ids":["anchor-paper-26-abstract"]},{"id":"paper-26-method","kind":"method","parent_id":"paper-26","order":4,"epistemic_status":"source_abstract_asserted","title":"Secret-shared ledger and transaction protocols","summary":"Ledger state is distributed in secret-shared form and processed through secure protocols, while storage footprint and periodic refresh cost are reduced for long-term growth.","source_anchor_ids":["anchor-paper-26-abstract"]},{"id":"paper-26-claims","kind":"claim_group","parent_id":"paper-26","order":5,"epistemic_status":"abstract_only","title":"Abstract-level claims","summary":"The source claims privacy-preserving proactive security, accountability, and lower distributed storage, bandwidth, and computation for refresh; no exact bounds are visible in the abstract.","source_anchor_ids":["anchor-paper-26-abstract"]},{"id":"paper-26-evidence","kind":"evidence_group","parent_id":"paper-26","order":6,"epistemic_status":"not_body_audited","title":"Evidence presently visible","summary":"The complete abstract and venue record were audited, but protocols, formal definitions, proofs, complexity derivations, and any experiments were not inspected.","source_anchor_ids":["anchor-paper-26-abstract","anchor-paper-26-publication"]},{"id":"paper-26-boundaries","kind":"limitation_group","parent_id":"paper-26","order":7,"epistemic_status":"material_source_gap","title":"Unverified boundaries","summary":"The map cannot yet specify who can de-anonymize or regulate transactions, how double spending and consistency are handled, what mobile-adversary threshold holds, or which complexity improvements are proved.","source_anchor_ids":["anchor-paper-26-abstract"]},{"id":"paper-26-artifacts","kind":"artifact_group","parent_id":"paper-26","order":8,"epistemic_status":"public_route_not_locally_fixed","title":"Artifacts and resources","summary":"An ACM record and author-uploaded PDF route exist, but no locally fixed manuscript, code, or dataset was added because the host denied direct retrieval.","source_anchor_ids":["anchor-paper-26-abstract","anchor-paper-26-publication"]},{"id":"paper-26-scrutiny","kind":"scrutiny","parent_id":"paper-26","order":9,"epistemic_status":"publication_recorded","title":"External scrutiny","summary":"The paper was published at ACM CCS 2014; reviews, proof audits, and later evaluations were not inspected.","source_anchor_ids":["anchor-paper-26-publication"]},{"id":"paper-26-lineage","kind":"lineage","parent_id":"paper-26","order":10,"epistemic_status":"source_abstract_asserted","title":"Research direction","summary":"The design applies proactive MPC and secret-sharing techniques to a semi-centralized accountable-currency ledger.","source_anchor_ids":["anchor-paper-26-abstract"]}],"relations":[{"id":"relation-paper-26-answer-addresses-question","type":"addresses","from_id":"paper-26-answer","to_id":"paper-26-question"},{"id":"relation-paper-26-method-realizes-answer","type":"realizes","from_id":"paper-26-method","to_id":"paper-26-answer"},{"id":"relation-paper-26-evidence-supports-claims","type":"supports","from_id":"paper-26-evidence","to_id":"paper-26-claims"},{"id":"relation-paper-26-boundaries-qualify-claims","type":"qualifies","from_id":"paper-26-boundaries","to_id":"paper-26-claims"}],"assessment":{"id":"paper-26-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"low","rationale":"The complete source abstract identifies the construction and intended efficiency gains, but exact models, protocols, proofs, and evidence were not body-audited.","basis_source_anchor_ids":["anchor-paper-26-abstract"]},{"id":"auditability","level":"high","rationale":"A public author-uploaded full-text route exists, satisfying the site's author-copy rule; direct body retrieval and local fixity were not achieved in this audit.","basis_source_anchor_ids":["anchor-paper-26-abstract"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, an author-uploaded route, and an ACM record establish baseline provenance; roles, revisions, and artifact lineage are unknown.","basis_source_anchor_ids":["anchor-paper-26-abstract","anchor-paper-26-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"The paper has an ACM CCS publication record, but reviews and independent validation were not inspected.","basis_source_anchor_ids":["anchor-paper-26-publication"]},{"id":"reception","level":"high","rationale":"OpenAlex reports 24 located citations as of 2026-07-11, meeting the site's 11+ high threshold. The index-specific count does not itself establish correctness or adoption.","basis_source_anchor_ids":["anchor-paper-26-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The abstract presents a substantive privacy/accountability ledger construction, but theorem strength, priority, and impact were not independently source-audited.","basis_source_anchor_ids":["anchor-paper-26-abstract"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI work record cited_by_count","source_url":"https://openalex.org/W2163898713","citation_count":24,"signals":[],"limitation":"OpenAlex coverage, deduplication, and version merging are imperfect; this is a dated located-citation snapshot."}},"paper_27":{"schema_version":"0.1","map_id":"paper-27-map","publication_id":27,"publication_anchor":"paper-27","slug":"paper-27","canonical_path":"/knowledge/papers/paper-27/","machine_path":"/knowledge/papers/paper-27.json","root_node_id":"paper-27","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":[],"title":"Remote Attestation of Heterogeneous Cyber-Physical Systems: The Automotive Use Case","year":2015,"status":"Published · extended abstract","venue":"Embedded Security in Cars USA (escar USA) Workshop","topic":"secure-systems-networks","labels":["Applied","Perspective"],"authors":["Karim Eldefrawy","Gavin Holland","Gene Tsudik"],"keywords":["remote attestation","automotive security","cyber-physical systems"],"research_question":"What models, architectures, schedules, and trusted components are needed to extend remote attestation from one embedded prover to a heterogeneous cyber-physical system such as a modern vehicle?","central_answer":"The extended abstract proposes an in-vehicle root of trust that coordinates attestation across high-, medium-, and low-end modules, distinguishes startup from runtime attestation, and presents composability, ordering, scheduling, response, and synthesis as open research problems rather than completed protocols or evaluated guarantees.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"complete-source extraction, proposal/claim separation, evidence linking, and initial assessment"}],"method":"Source-grounded review of the complete three-page author-hosted extended abstract. PDF pages 1 and 2 were rendered and visually inspected. Because the source is explicitly a proposed-talk outline, the map distinguishes proposed architecture and research questions from established results.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source-linked map awaiting author verification. The source proposes a research agenda; it does not present a completed multi-device protocol, proof, implementation, or evaluation."}},"sources":[{"id":"source-paper-27-fulltext","type":"scholarly_article","title":"Remote Attestation of Heterogeneous Cyber-Physical Systems: The Automotive Use Case (Extended Abstract)","url":"/pubs/2015/remote-attestation-heterogeneous-cps-automotive.pdf","media_type":"application/pdf","sha256":"663d5605f52e2979b93fe47071482553e475ef9ac52820699bb579c3086d6801","page_count":3,"provenance_category":"author"},{"id":"source-paper-27-author-origin","type":"author_copy","title":"UC Irvine author copy","url":"https://ics.uci.edu/~gtsudik/paps/attestation-ESCAR15.pdf"},{"id":"source-paper-27-citation-query","type":"scholarly_index_query","title":"OpenAlex exact-title search for paper #27","url":"https://api.openalex.org/works?search=Remote%20Attestation%20of%20Heterogeneous%20Cyber-Physical%20Systems%20The%20Automotive%20Use%20Case&per-page=5","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-27-problem","source_id":"source-paper-27-fulltext","label":"Motivation, source scope, and proposed talk outline","locator":"Abstract and Sections I-II, PDF page 1","url":"/pubs/2015/remote-attestation-heterogeneous-cps-automotive.pdf#page=1"},{"id":"anchor-paper-27-ra-landscape","source_id":"source-paper-27-fulltext","label":"Software, hardware, and hybrid remote-attestation boundaries","locator":"Section II.1, PDF pages 1-2","url":"/pubs/2015/remote-attestation-heterogeneous-cps-automotive.pdf#page=1"},{"id":"anchor-paper-27-heterogeneous","source_id":"source-paper-27-fulltext","label":"Composability, ordering, scheduling, and automotive IRT proposal","locator":"Section II.2, PDF pages 2-3","url":"/pubs/2015/remote-attestation-heterogeneous-cps-automotive.pdf#page=2"},{"id":"anchor-paper-27-future","source_id":"source-paper-27-fulltext","label":"Explicit open problems and intended research directions","locator":"Section II.3, PDF page 3","url":"/pubs/2015/remote-attestation-heterogeneous-cps-automotive.pdf#page=3"},{"id":"anchor-paper-27-citations","source_id":"source-paper-27-citation-query","label":"Dated OpenAlex exact-title citation search","locator":"No matching work among returned results; 0 located citations, accessed 2026-07-11","url":"https://api.openalex.org/works?search=Remote%20Attestation%20of%20Heterogeneous%20Cyber-Physical%20Systems%20The%20Automotive%20Use%20Case&per-page=5"}],"nodes":[{"id":"paper-27","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published_extended_abstract","title":"Remote Attestation of Heterogeneous Cyber-Physical Systems","summary":"A position-oriented extended abstract that frames multi-device remote attestation for vehicles and identifies the architecture and formalization work still needed.","source_anchor_ids":["anchor-paper-27-problem"]},{"id":"paper-27-question","kind":"question","parent_id":"paper-27","order":1,"epistemic_status":"research_question","title":"Research question","summary":"How should attestations from heterogeneous CPS components be combined without allowing malware migration, unsafe interruption, or weakest-component failure?","source_anchor_ids":["anchor-paper-27-problem","anchor-paper-27-heterogeneous"]},{"id":"paper-27-answer","kind":"contribution","parent_id":"paper-27","order":2,"epistemic_status":"proposed_research_direction","title":"Proposed direction","summary":"Use a high-end in-vehicle root of trust to manage keys and coordinate attestations of medium- and low-end ECUs, while developing composable definitions and schedules for static and dynamic roots of trust.","source_anchor_ids":["anchor-paper-27-heterogeneous"]},{"id":"paper-27-scope","kind":"scope","parent_id":"paper-27","order":3,"epistemic_status":"explicitly_scoped","title":"Automotive CPS scope","summary":"The motivating system contains more than 70 heterogeneous ECUs and wireless interfaces, with focus on remotely induced software compromise rather than scalable physical capture.","source_anchor_ids":["anchor-paper-27-problem","anchor-paper-27-heterogeneous"]},{"id":"paper-27-scope-adversary","kind":"threat_model","parent_id":"paper-27-scope","order":1,"epistemic_status":"qualitative","title":"Remote malware focus","summary":"The source treats remote software attacks as the principal concern and states that physical access generally requires special tamper-resistant hardware; no complete adversary game is defined.","source_anchor_ids":["anchor-paper-27-problem"]},{"id":"paper-27-method","kind":"method","parent_id":"paper-27","order":4,"epistemic_status":"proposed_not_implemented","title":"Heterogeneous attestation architecture","summary":"High-end modules may host the in-vehicle root of trust, medium-end modules may use TrustZone, HSMs, or SMART-like support, and low-end modules may be attested through accessible memory or firmware mechanisms.","source_anchor_ids":["anchor-paper-27-ra-landscape","anchor-paper-27-heterogeneous"]},{"id":"paper-27-method-static","kind":"component","parent_id":"paper-27-method","order":1,"epistemic_status":"proposed","title":"Startup attestation","summary":"The IRT could attest all modules while the vehicle starts, accepting a potentially multi-second delay to establish a static root of trust.","source_anchor_ids":["anchor-paper-27-heterogeneous"]},{"id":"paper-27-method-dynamic","kind":"component","parent_id":"paper-27-method","order":2,"epistemic_status":"open_problem","title":"Runtime attestation","summary":"A dynamic root would require randomized component checks that do not interfere with safety or operation, together with a response policy after failure; the source leaves both as challenges.","source_anchor_ids":["anchor-paper-27-heterogeneous"]},{"id":"paper-27-claims","kind":"claim_group","parent_id":"paper-27","order":5,"epistemic_status":"agenda_not_result","title":"Claims versus proposals","summary":"The source claims that heterogeneous CPS attestation is important and outlines plausible architecture choices, but it does not claim a completed secure composition theorem or measured system.","source_anchor_ids":["anchor-paper-27-problem","anchor-paper-27-future"]},{"id":"paper-27-evidence","kind":"evidence_group","parent_id":"paper-27","order":6,"epistemic_status":"literature_grounded_argument","title":"Evidence and rationale","summary":"Support consists of a compact synthesis of prior software-only, hardware, hybrid, formal-model, and automotive-security work plus concrete timing and ECU-capability examples.","source_anchor_ids":["anchor-paper-27-ra-landscape","anchor-paper-27-heterogeneous"]},{"id":"paper-27-boundaries","kind":"limitation_group","parent_id":"paper-27","order":7,"epistemic_status":"explicit_open_problems","title":"Open problems","summary":"Composable security definitions, order and timing, malware movement, minimal interruption, device heterogeneity, failure response, automated verification, and protocol synthesis are all explicitly left unresolved.","source_anchor_ids":["anchor-paper-27-heterogeneous","anchor-paper-27-future"]},{"id":"paper-27-artifacts","kind":"artifact_group","parent_id":"paper-27","order":8,"epistemic_status":"full_text_available","title":"Artifacts and resources","summary":"The complete three-page author-hosted extended abstract is mirrored locally with page count and SHA-256; no implementation or formal artifact is claimed by the source.","source_anchor_ids":["anchor-paper-27-problem"]},{"id":"paper-27-scrutiny","kind":"scrutiny","parent_id":"paper-27","order":9,"epistemic_status":"workshop_extended_abstract","title":"External scrutiny","summary":"The work was presented as an extended abstract/talk at escar USA 2015; review process, audience feedback, and follow-on validation were not audited.","source_anchor_ids":["anchor-paper-27-problem"]},{"id":"paper-27-lineage","kind":"lineage","parent_id":"paper-27","order":10,"epistemic_status":"documented","title":"Research lineage","summary":"The agenda extends single-prover remote attestation, including SMART and minimalist RA, toward collective and heterogeneous device settings.","source_anchor_ids":["anchor-paper-27-ra-landscape","anchor-paper-27-future"]}],"relations":[{"id":"relation-paper-27-answer-addresses-question","type":"addresses","from_id":"paper-27-answer","to_id":"paper-27-question"},{"id":"relation-paper-27-method-describes-answer","type":"describes_approach_to","from_id":"paper-27-method","to_id":"paper-27-answer"},{"id":"relation-paper-27-evidence-motivates-method","type":"motivates","from_id":"paper-27-evidence","to_id":"paper-27-method"},{"id":"relation-paper-27-boundaries-qualify-answer","type":"qualifies","from_id":"paper-27-boundaries","to_id":"paper-27-answer"}],"assessment":{"id":"paper-27-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"low","rationale":"The complete extended abstract provides a well-scoped literature-grounded agenda, but no new protocol proof, implementation, or experiment is presented.","basis_source_anchor_ids":["anchor-paper-27-problem","anchor-paper-27-future"]},{"id":"auditability","level":"high","rationale":"The complete source is author-hosted and mirrored locally with page count and SHA-256; all three pages are directly inspectable.","basis_source_anchor_ids":["anchor-paper-27-problem"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, affiliations, date, and author-hosted source establish baseline provenance. Draft history and contributor roles are not recorded.","basis_source_anchor_ids":["anchor-paper-27-problem"]},{"id":"external_scrutiny","level":"medium","rationale":"The source records an escar USA workshop presentation, but the review process and independent technical scrutiny were not audited.","basis_source_anchor_ids":["anchor-paper-27-problem"]},{"id":"reception","level":"low","rationale":"An exact-title OpenAlex search returned no matching work, so 0 citations were located as of 2026-07-11. Absence of an indexed record is not evidence of zero citations elsewhere.","basis_source_anchor_ids":["anchor-paper-27-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The source clearly articulates a multi-device RA research agenda, but it is a perspective extended abstract rather than a completed technical result.","basis_source_anchor_ids":["anchor-paper-27-future"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex exact-title search; no matching work located","source_url":"https://api.openalex.org/works?search=Remote%20Attestation%20of%20Heterogeneous%20Cyber-Physical%20Systems%20The%20Automotive%20Use%20Case&per-page=5","citation_count":0,"signals":[],"limitation":"No matching OpenAlex work was found, so the located-citation count is zero; indexing gaps and title variants may conceal citations."}},"paper_28":{"schema_version":"0.1","map_id":"paper-28-map","publication_id":28,"publication_anchor":"paper-28","slug":"paper-28","canonical_path":"/knowledge/papers/paper-28/","machine_path":"/knowledge/papers/paper-28.json","root_node_id":"paper-28","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol","scheme"],"title":"Communication-Optimal Proactive Secret Sharing for Dynamic Groups","year":2015,"status":"Published","venue":"International Conference on Applied Cryptography and Network Security (ACNS)","topic":"secure-encrypted-computation","labels":["Theory"],"authors":["Joshua Baron","Karim Eldefrawy","Joshua Lampkins","Rafail Ostrovsky"],"keywords":["proactive secret sharing","dynamic groups","communication complexity"],"research_question":"Can proactively protected long-lived secrets move between changing participant sets and thresholds with constant amortized communication per secret, while retaining near-optimal perfect or statistical corruption tolerance?","central_answer":"The paper constructs a dynamic proactive secret-sharing scheme whose Redistribute protocol changes thresholds, refreshes packed polynomial sharings, and transfers them to a new group using batched sharing, hyper-invertible matrices, and error correction; it also sketches dynamic proactive MPC by redistributing between circuit layers.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, definition/assumption mapping, evidence linking, and initial assessment"}],"method":"Source-grounded review of the complete 24-page UCLA author-hosted version, including definitions, threshold constraints, four threshold-change cases, refresh/recovery, UC proof appendix, and the DPMPC application. PDF pages 1 and 14 were rendered and visually inspected.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source-linked map awaiting author verification. Security and optimality claims were mapped from the paper but not independently reproved."}},"sources":[{"id":"source-paper-28-fulltext","type":"scholarly_article","title":"Communication-Optimal Proactive Secret Sharing for Dynamic Groups (author-hosted full version)","url":"/pubs/2015/communication-optimal-proactive-secret-sharing-dynamic-groups.pdf","media_type":"application/pdf","sha256":"ba44ecd33639b11a480cd69d8455eefe3584bce3c14b9ad81e727a10babbfc72","page_count":24,"provenance_category":"author","version_note":"Complete author version; not compared line by line with the ACNS proceedings text or IACR ePrint revision history."},{"id":"source-paper-28-author-origin","type":"author_copy","title":"UCLA author copy","url":"https://web.cs.ucla.edu/~rafail/PUBLIC/188.pdf"},{"id":"source-paper-28-archive","type":"manuscript_archive","title":"IACR ePrint 2015/304","url":"https://eprint.iacr.org/2015/304"},{"id":"source-paper-28-official","type":"publication_record","title":"ACNS publication record","url":"https://doi.org/10.1007/978-3-319-28166-7_2"},{"id":"source-paper-28-citations","type":"scholarly_index","title":"OpenAlex work record for paper #28","url":"https://openalex.org/W2296195235","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-28-problem","source_id":"source-paper-28-fulltext","label":"Problem, techniques, contributions, and comparison","locator":"Abstract and Sections 1-2, PDF pages 1-5","url":"/pubs/2015/communication-optimal-proactive-secret-sharing-dynamic-groups.pdf#page=1"},{"id":"anchor-paper-28-roadblocks","source_id":"source-paper-28-fulltext","label":"Why prior PSS/DPSS refresh does not directly give optimal dynamic redistribution","locator":"Section 3, PDF pages 5-6","url":"/pubs/2015/communication-optimal-proactive-secret-sharing-dynamic-groups.pdf#page=5"},{"id":"anchor-paper-28-definitions","source_id":"source-paper-28-fulltext","label":"SS, PSS, and DPSS definitions","locator":"Section 4.1, Definitions 1-4, PDF pages 6-8","url":"/pubs/2015/communication-optimal-proactive-secret-sharing-dynamic-groups.pdf#page=6"},{"id":"anchor-paper-28-parameters","source_id":"source-paper-28-fulltext","label":"Perfect/statistical parameter and group-change constraints","locator":"Section 4.2, PDF pages 8-9","url":"/pubs/2015/communication-optimal-proactive-secret-sharing-dynamic-groups.pdf#page=8"},{"id":"anchor-paper-28-redistribution","source_id":"source-paper-28-fulltext","label":"Threshold Change and Refresh Recovery protocols","locator":"Section 5 and Figures 1-3, PDF pages 9-15","url":"/pubs/2015/communication-optimal-proactive-secret-sharing-dynamic-groups.pdf#page=9"},{"id":"anchor-paper-28-virtualization","source_id":"source-paper-28-fulltext","label":"Statistical party virtualization","locator":"Section 6, PDF page 15","url":"/pubs/2015/communication-optimal-proactive-secret-sharing-dynamic-groups.pdf#page=15"},{"id":"anchor-paper-28-dpmpc","source_id":"source-paper-28-fulltext","label":"Dynamic proactive MPC application","locator":"Section 7, PDF page 16","url":"/pubs/2015/communication-optimal-proactive-secret-sharing-dynamic-groups.pdf#page=16"},{"id":"anchor-paper-28-proof","source_id":"source-paper-28-fulltext","label":"UC ideal functionality and representative threshold-change simulator","locator":"Appendix B, PDF pages 21-24","url":"/pubs/2015/communication-optimal-proactive-secret-sharing-dynamic-groups.pdf#page=21"},{"id":"anchor-paper-28-publication","source_id":"source-paper-28-official","label":"Official ACNS publication record","locator":"ACNS 2015, pages 23-41","url":"https://doi.org/10.1007/978-3-319-28166-7_2"},{"id":"anchor-paper-28-citations","source_id":"source-paper-28-citations","label":"Dated OpenAlex citation snapshot","locator":"cited_by_count = 41, accessed 2026-07-11","url":"https://openalex.org/W2296195235"}],"nodes":[{"id":"paper-28","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Communication-Optimal Proactive Secret Sharing for Dynamic Groups","summary":"A dynamic proactive secret-sharing construction that refreshes long-lived secrets while parties and thresholds change.","source_anchor_ids":["anchor-paper-28-problem"]},{"id":"paper-28-question","kind":"question","parent_id":"paper-28","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can a mobile-adversary-resistant sharing scheme add, remove, or replace parties without the O(n⁴) or exponential communication of prior dynamic schemes?","source_anchor_ids":["anchor-paper-28-problem","anchor-paper-28-roadblocks"]},{"id":"paper-28-answer","kind":"contribution","parent_id":"paper-28","order":2,"epistemic_status":"source_asserted","title":"Central answer","summary":"Batch Θ(n) secrets per polynomial and use hyper-invertible transformations plus masked share transfer so a new group receives refreshed shares while neither old nor new corruptions reveal enough correlated state.","source_anchor_ids":["anchor-paper-28-roadblocks","anchor-paper-28-redistribution"]},{"id":"paper-28-scope","kind":"scope","parent_id":"paper-28","order":3,"epistemic_status":"defined","title":"DPSS functionality","summary":"Definition 4 specifies Share, Redistribute, and Open with termination, correctness, and secrecy under a phase-by-phase mobile corruption threshold τ(n(i)) while party set and threshold change.","source_anchor_ids":["anchor-paper-28-definitions"]},{"id":"paper-28-scope-adversary","kind":"threat_model","parent_id":"paper-28-scope","order":1,"epistemic_status":"defined","title":"Mobile adversary","summary":"The adversary may corrupt changing parties across phases but not more than the active threshold in any phase; perfect and statistical variants use different parameter regimes.","source_anchor_ids":["anchor-paper-28-definitions","anchor-paper-28-parameters"]},{"id":"paper-28-scope-constraints","kind":"assumption","parent_id":"paper-28-scope","order":2,"epistemic_status":"explicit","title":"Dynamic-change constraints","summary":"Perfect security limits each population change to a factor of two and requires old honest shares to interpolate new polynomials while old corrupt shares cannot; the statistical base protocol constrains threshold changes to a factor of two.","source_anchor_ids":["anchor-paper-28-parameters"]},{"id":"paper-28-method","kind":"method","parent_id":"paper-28","order":4,"epistemic_status":"specified","title":"Redistribution construction","summary":"Four Threshold Change protocols handle increasing/decreasing thresholds with or without batch-size changes; Refresh Recovery then masks, checks, and transfers the refreshed packed shares.","source_anchor_ids":["anchor-paper-28-redistribution"]},{"id":"paper-28-method-threshold","kind":"component","parent_id":"paper-28-method","order":1,"epistemic_status":"specified","title":"Threshold and batch transformation","summary":"Hyper-invertible matrices distribute transformed sharings among old parties, who emulate trusted threshold conversion; Berlekamp-Welch reconstruction tolerates corrupted contributions.","source_anchor_ids":["anchor-paper-28-redistribution"]},{"id":"paper-28-method-refresh","kind":"component","parent_id":"paper-28-method","order":2,"epistemic_status":"specified","title":"Masked refresh and share transfer","summary":"Old parties create U sharings of existing shares and random/zero V sharings; each new party receives a linear combination equal to its share of H+Q without the old group learning Q or the new group learning H.","source_anchor_ids":["anchor-paper-28-redistribution"]},{"id":"paper-28-method-virtualization","kind":"component","parent_id":"paper-28-method","order":3,"epistemic_status":"described","title":"Statistical threshold amplification","summary":"Committee-based party virtualization raises the low-threshold statistical base construction toward one-half corruption while preserving constant-round redistribution.","source_anchor_ids":["anchor-paper-28-virtualization"]},{"id":"paper-28-claims","kind":"claim_group","parent_id":"paper-28","order":5,"epistemic_status":"source_asserted_with_proof_material","title":"Principal claims","summary":"The paper reports first dynamic proactive schemes with O(1) amortized communication per secret, information-theoretic security, near-optimal thresholds, and a DPMPC application.","source_anchor_ids":["anchor-paper-28-problem","anchor-paper-28-proof"]},{"id":"paper-28-claim-complexity","kind":"claim","parent_id":"paper-28-claims","order":1,"epistemic_status":"analytically_supported","title":"Amortized communication optimality","summary":"Batching O(n) secrets and moving O(n)-scale data yields O(1) amortized field elements per secret; the paper explicitly does not claim optimal non-amortized complexity.","source_anchor_ids":["anchor-paper-28-problem","anchor-paper-28-parameters"]},{"id":"paper-28-claim-thresholds","kind":"claim","parent_id":"paper-28-claims","order":2,"epistemic_status":"proved_conditional","title":"Near-optimal corruption thresholds","summary":"The reported perfect variant supports any threshold fraction below one third under chosen constants; party virtualization raises the statistical variant toward one half.","source_anchor_ids":["anchor-paper-28-problem","anchor-paper-28-parameters","anchor-paper-28-virtualization"]},{"id":"paper-28-claim-dpmpc","kind":"claim","parent_id":"paper-28-claims","order":3,"epistemic_status":"construction_sketch","title":"Dynamic proactive MPC","summary":"The application section proposes executing Redistribute between circuit layers of an existing proactive MPC to let the computing party set and threshold evolve.","source_anchor_ids":["anchor-paper-28-dpmpc"]},{"id":"paper-28-evidence","kind":"evidence_group","parent_id":"paper-28","order":6,"epistemic_status":"formal_paper_evidence","title":"Evidence chain","summary":"The source provides precise functionality definitions, protocol pseudocode, parameter inequalities, complexity reasoning, and UC ideal/simulator material.","source_anchor_ids":["anchor-paper-28-definitions","anchor-paper-28-redistribution","anchor-paper-28-proof"]},{"id":"paper-28-evidence-proof","kind":"evidence","parent_id":"paper-28-evidence","order":1,"epistemic_status":"paper_proof_not_machine_checked","title":"Security argument","summary":"Appendix B writes an ideal functionality and simulator for Threshold Change2 and states analogous functionality for the other threshold-change and refresh components; this audit did not mechanically verify the extrapolation or all imported subprotocol theorems.","source_anchor_ids":["anchor-paper-28-proof"]},{"id":"paper-28-boundaries","kind":"limitation_group","parent_id":"paper-28","order":7,"epistemic_status":"material","title":"Trusted boundaries and limitations","summary":"The result assumes synchrony, threshold-bounded phases, admissible population changes, large batches for amortization, and an external mechanism that agrees on new membership.","source_anchor_ids":["anchor-paper-28-parameters","anchor-paper-28-redistribution"]},{"id":"paper-28-boundary-governance","kind":"limitation","parent_id":"paper-28-boundaries","order":1,"epistemic_status":"out_of_scope","title":"Membership governance is external","summary":"Voting, a trusted administrator, or a predetermined schedule must decide additions and removals; the paper explicitly leaves that mechanism outside the protocol.","source_anchor_ids":["anchor-paper-28-redistribution"]},{"id":"paper-28-boundary-evidence","kind":"limitation","parent_id":"paper-28-boundaries","order":2,"epistemic_status":"no_empirical_evaluation","title":"No implementation evidence","summary":"The source supplies no code, benchmarks, failure experiments, concrete field sizes, or distributed-system deployment.","source_anchor_ids":["anchor-paper-28-dpmpc"]},{"id":"paper-28-artifacts","kind":"artifact_group","parent_id":"paper-28","order":8,"epistemic_status":"full_text_available","title":"Artifacts and resources","summary":"A fixed 24-page author version, its UCLA origin, IACR ePrint record, and ACNS DOI are available; no implementation repository was identified.","source_anchor_ids":["anchor-paper-28-problem","anchor-paper-28-publication"]},{"id":"paper-28-scrutiny","kind":"scrutiny","parent_id":"paper-28","order":9,"epistemic_status":"publication_recorded","title":"External scrutiny","summary":"The work was published at ACNS 2015; review reports, independent proof audits, and implementations were not inspected.","source_anchor_ids":["anchor-paper-28-publication"]},{"id":"paper-28-lineage","kind":"lineage","parent_id":"paper-28","order":10,"epistemic_status":"documented","title":"Research lineage","summary":"The construction extends paper #25's packed proactive redistribution from a fixed group to changing groups and thresholds, then reuses it as the state-refresh layer for dynamic proactive MPC.","source_anchor_ids":["anchor-paper-28-problem","anchor-paper-28-dpmpc"]}],"relations":[{"id":"relation-paper-28-answer-addresses-question","type":"addresses","from_id":"paper-28-answer","to_id":"paper-28-question"},{"id":"relation-paper-28-method-realizes-answer","type":"realizes","from_id":"paper-28-method","to_id":"paper-28-answer"},{"id":"relation-paper-28-proof-supports-thresholds","type":"supports","from_id":"paper-28-evidence-proof","to_id":"paper-28-claim-thresholds"},{"id":"relation-paper-28-constraints-qualify-thresholds","type":"qualifies","from_id":"paper-28-scope-constraints","to_id":"paper-28-claim-thresholds"},{"id":"relation-paper-28-governance-qualifies-answer","type":"qualifies","from_id":"paper-28-boundary-governance","to_id":"paper-28-answer"},{"id":"relation-paper-28-dpmpc-contextualizes-lineage","type":"contextualizes","from_id":"paper-28-claim-dpmpc","to_id":"paper-28-lineage"},{"id":"relation-paper-28-artifacts-enable-audit","type":"enables_audit_of","from_id":"paper-28-artifacts","to_id":"paper-28-evidence"}],"assessment":{"id":"paper-28-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The complete source gives formal definitions, protocols, parameter constraints, complexity analysis, and UC proof material. The proof is not machine checked and there is no implementation or independent reproduction.","basis_source_anchor_ids":["anchor-paper-28-definitions","anchor-paper-28-proof"]},{"id":"auditability","level":"high","rationale":"A complete author-hosted full version is mirrored locally with page count and SHA-256, and an ePrint record exists, making the construction and proof material directly inspectable.","basis_source_anchor_ids":["anchor-paper-28-redistribution","anchor-paper-28-proof"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, author and archive copies, and an ACNS record establish baseline provenance. Roles, revision history, and artifact lineage are not captured.","basis_source_anchor_ids":["anchor-paper-28-problem","anchor-paper-28-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"The work has an ACNS publication record and public ePrint, but reviews, independent proof audits, and implementations were not inspected.","basis_source_anchor_ids":["anchor-paper-28-publication"]},{"id":"reception","level":"high","rationale":"OpenAlex reports 41 located citations as of 2026-07-11, meeting the site's 11+ high threshold. This count does not establish correctness or practical adoption.","basis_source_anchor_ids":["anchor-paper-28-citations"]},{"id":"contribution_significance","level":"high","rationale":"The paper reports the first information-theoretic DPSS with constant amortized per-secret communication and near-optimal thresholds; this is a source-level priority claim, not an independent historical adjudication.","basis_source_anchor_ids":["anchor-paper-28-problem"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI work record cited_by_count","source_url":"https://openalex.org/W2296195235","citation_count":41,"signals":[],"limitation":"OpenAlex coverage, deduplication, and version merging are imperfect; this is a dated located-citation snapshot."}},"paper_29":{"schema_version":"0.1","map_id":"paper-29-map","publication_id":29,"publication_anchor":"paper-29","slug":"paper-29","canonical_path":"/knowledge/papers/paper-29/","machine_path":"/knowledge/papers/paper-29.json","root_node_id":"paper-29","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"Byzantine Fault Tolerant Software-Defined Networking (SDN) Controllers","year":2016,"status":"Published","venue":"IEEE COMPSAC, MidCCI workshop","topic":"secure-systems-networks","labels":["Theory","Applied"],"authors":["Karim Eldefrawy","Tyler Kaczmarek"],"keywords":["software-defined networking","Byzantine fault tolerance"],"research_question":"Can an SDN controller avoid being a single point of malicious failure by replicating control decisions with Byzantine state-machine replication while retaining usable flow-setup performance?","central_answer":"The paper integrates OpenFlowJ and Beacon with BFT-SMaRt through a per-switch proxy, producing SimpleBFT and BeaconBFT controllers that tolerate f faulty controller replicas among 3f+1 under the stated model; a four-replica Mininet prototype demonstrates feasibility but substantial and architecture-dependent throughput cost.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, architecture/threat-model mapping, evidence linking, and initial assessment"}],"method":"Source-grounded review of the complete seven-page author-hosted paper, including architecture, adversary model, security analysis, Mininet experiment, numerical results, and explicit limitations. PDF pages 1 and 5 were rendered and visually inspected.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source-linked map awaiting author verification. Performance numbers were transcribed and not reproduced; the paper's security reasoning is not a machine-checked proof."}},"sources":[{"id":"source-paper-29-fulltext","type":"scholarly_article","title":"Byzantine Fault Tolerant Software-Defined Networking (SDN) Controllers (author copy)","url":"/pubs/2016/byzantine-fault-tolerant-sdn-controllers.pdf","media_type":"application/pdf","sha256":"8def111897c43434bf26e16fba7b43af130cfda485bea0fcad9744e62095a730","page_count":7,"provenance_category":"author"},{"id":"source-paper-29-author-origin","type":"author_copy","title":"UC Irvine SPRout author copy","url":"https://sprout.ics.uci.edu/pubs/resilient_sdn_controller.pdf"},{"id":"source-paper-29-official","type":"publication_record","title":"IEEE COMPSAC publication record","url":"https://doi.org/10.1109/COMPSAC.2016.76"},{"id":"source-paper-29-citations","type":"scholarly_index","title":"OpenAlex work record for paper #29","url":"https://openalex.org/W2514641934","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-29-problem","source_id":"source-paper-29-fulltext","label":"Problem, contribution, and headline prototype result","locator":"Abstract and Section I, PDF pages 1-2","url":"/pubs/2016/byzantine-fault-tolerant-sdn-controllers.pdf#page=1"},{"id":"anchor-paper-29-bftsmart","source_id":"source-paper-29-fulltext","label":"BFT-SMaRt protocol and assumptions","locator":"Section II.B, PDF pages 2-3","url":"/pubs/2016/byzantine-fault-tolerant-sdn-controllers.pdf#page=2"},{"id":"anchor-paper-29-adversary","source_id":"source-paper-29-fulltext","label":"Controller and switch adversary model","locator":"Section II.C, PDF page 3","url":"/pubs/2016/byzantine-fault-tolerant-sdn-controllers.pdf#page=3"},{"id":"anchor-paper-29-design","source_id":"source-paper-29-fulltext","label":"Proxy architecture and two controller prototypes","locator":"Section III and Figures 2-3, PDF pages 3-4","url":"/pubs/2016/byzantine-fault-tolerant-sdn-controllers.pdf#page=3"},{"id":"anchor-paper-29-security","source_id":"source-paper-29-fulltext","label":"Security analysis and quorum reasoning","locator":"Section IV, PDF pages 4-5","url":"/pubs/2016/byzantine-fault-tolerant-sdn-controllers.pdf#page=4"},{"id":"anchor-paper-29-evaluation","source_id":"source-paper-29-fulltext","label":"Mininet experiment and flow-setup results","locator":"Section V and Table I, PDF page 5","url":"/pubs/2016/byzantine-fault-tolerant-sdn-controllers.pdf#page=5"},{"id":"anchor-paper-29-limitations","source_id":"source-paper-29-fulltext","label":"Future work, scale boundary, and conclusion","locator":"Sections VII-VIII, PDF pages 6-7","url":"/pubs/2016/byzantine-fault-tolerant-sdn-controllers.pdf#page=6"},{"id":"anchor-paper-29-publication","source_id":"source-paper-29-official","label":"Official IEEE publication record","locator":"COMPSAC Workshops 2016","url":"https://doi.org/10.1109/COMPSAC.2016.76"},{"id":"anchor-paper-29-citations","source_id":"source-paper-29-citations","label":"Dated OpenAlex citation snapshot","locator":"cited_by_count = 43, accessed 2026-07-11","url":"https://openalex.org/W2514641934"}],"nodes":[{"id":"paper-29","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Byzantine Fault Tolerant SDN Controllers","summary":"A replicated SDN control architecture and Java prototype that applies BFT-SMaRt to OpenFlowJ and Beacon controllers.","source_anchor_ids":["anchor-paper-29-problem"]},{"id":"paper-29-question","kind":"question","parent_id":"paper-29","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can the logically centralized SDN control plane tolerate malicious controllers and switches without a new centralized fault point and without prohibitive flow-setup cost?","source_anchor_ids":["anchor-paper-29-problem"]},{"id":"paper-29-answer","kind":"contribution","parent_id":"paper-29","order":2,"epistemic_status":"implemented","title":"Central answer","summary":"Replicate deterministic controller logic with BFT-SMaRt, place a service proxy beside each switch, and require f+1 identical replica replies before installing a flow rule.","source_anchor_ids":["anchor-paper-29-design","anchor-paper-29-security"]},{"id":"paper-29-scope","kind":"scope","parent_id":"paper-29","order":3,"epistemic_status":"defined","title":"Threat and system model","summary":"The system contains 3f+1 controller replicas plus switch-side clients/proxies, with authenticated replica messages and BFT-SMaRt's total-order execution.","source_anchor_ids":["anchor-paper-29-bftsmart","anchor-paper-29-adversary"]},{"id":"paper-29-scope-adversary","kind":"threat_model","parent_id":"paper-29-scope","order":1,"epistemic_status":"defined","title":"Byzantine control and data planes","summary":"The adversary actively corrupts up to f controller components and arbitrarily many switches, allowing message injection, replay, modification, arbitrary requests/replies, or silence.","source_anchor_ids":["anchor-paper-29-adversary"]},{"id":"paper-29-scope-assumptions","kind":"assumption","parent_id":"paper-29-scope","order":2,"epistemic_status":"assumed","title":"Replication assumptions","summary":"Correctness relies on BFT-SMaRt's communication and quorum assumptions, deterministic replicas, authenticated messages (MACs in the prototype), direct client-to-replica communication, and at most f faulty replicas.","source_anchor_ids":["anchor-paper-29-bftsmart","anchor-paper-29-security"]},{"id":"paper-29-method","kind":"method","parent_id":"paper-29","order":4,"epistemic_status":"implemented","title":"Proxy-mediated replicated controller","summary":"A per-switch proxy translates OpenFlow Packet_In requests into BFT client requests and translates the agreed response back into Packet_Out or Flow_Mod messages.","source_anchor_ids":["anchor-paper-29-design"]},{"id":"paper-29-method-prototypes","kind":"component","parent_id":"paper-29-method","order":1,"epistemic_status":"implemented","title":"SimpleBFT and BeaconBFT","summary":"The authors integrate OpenFlowJ and Beacon with BFT-SMaRt, respectively, and evaluate both as learning-switch controllers with four replicas for f=1.","source_anchor_ids":["anchor-paper-29-design","anchor-paper-29-evaluation"]},{"id":"paper-29-claims","kind":"claim_group","parent_id":"paper-29","order":5,"epistemic_status":"mixed","title":"Principal claims","summary":"The paper combines quorum-based fault-tolerance reasoning with performance evidence from a proof-of-concept prototype.","source_anchor_ids":["anchor-paper-29-security","anchor-paper-29-evaluation"]},{"id":"paper-29-claim-security","kind":"claim","parent_id":"paper-29-claims","order":1,"epistemic_status":"analytically_supported_conditional","title":"Single-fault tolerance in tested configuration","summary":"With four controller replicas, no one compromised replica can make a client accept an unsolicited or incorrect action because the client requires two identical replies and consensus quorums remain available.","source_anchor_ids":["anchor-paper-29-security"]},{"id":"paper-29-claim-performance","kind":"claim","parent_id":"paper-29-claims","order":2,"epistemic_status":"experimentally_supported","title":"Measured flow-setup cost","summary":"SimpleBFT reports 59.3 flow modifications/s versus OpenFlowJ's 106.9 (about 1.8× slower); BeaconBFT reports 87.0 versus Beacon's 550.6 (about 6.3× slower).","source_anchor_ids":["anchor-paper-29-evaluation"]},{"id":"paper-29-evidence","kind":"evidence_group","parent_id":"paper-29","order":6,"epistemic_status":"documented","title":"Evidence chain","summary":"Evidence consists of architecture diagrams, quorum analysis inherited from BFT-SMaRt, two implementations, and comparative Mininet flow-setup measurements.","source_anchor_ids":["anchor-paper-29-design","anchor-paper-29-security","anchor-paper-29-evaluation"]},{"id":"paper-29-evidence-experiment","kind":"evidence","parent_id":"paper-29-evidence","order":1,"epistemic_status":"reported_not_reproduced","title":"Mininet proof-of-concept","summary":"The test uses 64 hosts and 63 switches in a binary tree, a reactive empty-table workload, four controller replicas, and flow setup duration, delay, and rate metrics; no fault-injection result is reported.","source_anchor_ids":["anchor-paper-29-evaluation"]},{"id":"paper-29-boundaries","kind":"limitation_group","parent_id":"paper-29","order":7,"epistemic_status":"material","title":"Boundaries and limitations","summary":"The source explicitly treats the implementation as a proof of concept and says it is not ready for large-scale networks with tens of thousands of flow changes per second.","source_anchor_ids":["anchor-paper-29-problem","anchor-paper-29-limitations"]},{"id":"paper-29-boundary-evaluation","kind":"limitation","parent_id":"paper-29-boundaries","order":1,"epistemic_status":"evaluation_limitation","title":"No adversarial or large-scale validation","summary":"The reported experiment measures benign throughput in Mininet; it does not inject Byzantine faults, test recovery/view change, measure geographic distribution, or demonstrate production traffic scale.","source_anchor_ids":["anchor-paper-29-evaluation","anchor-paper-29-limitations"]},{"id":"paper-29-boundary-architecture","kind":"limitation","parent_id":"paper-29-boundaries","order":2,"epistemic_status":"implementation_limitation","title":"Proxy and serialization costs","summary":"Each switch depends on a paired proxy, and BFT-SMaRt's total ordering removes much of Beacon's parallel advantage; the paper proposes integrated switches, batching, and speculative/coarser consensus as future work.","source_anchor_ids":["anchor-paper-29-design","anchor-paper-29-evaluation","anchor-paper-29-limitations"]},{"id":"paper-29-artifacts","kind":"artifact_group","parent_id":"paper-29","order":8,"epistemic_status":"full_text_available","title":"Artifacts and resources","summary":"The complete author copy is mirrored locally with fixity metadata and linked to the IEEE record; no source-code repository or experiment package was identified.","source_anchor_ids":["anchor-paper-29-problem","anchor-paper-29-publication"]},{"id":"paper-29-scrutiny","kind":"scrutiny","parent_id":"paper-29","order":9,"epistemic_status":"publication_recorded","title":"External scrutiny","summary":"The paper was published at the IEEE COMPSAC MidCCI workshop; reviews, independent replications, and later security evaluations were not audited.","source_anchor_ids":["anchor-paper-29-publication"]},{"id":"paper-29-lineage","kind":"lineage","parent_id":"paper-29","order":10,"epistemic_status":"documented","title":"Research lineage","summary":"The design adapts general BFT state-machine replication to the SDN control plane while contrasting data-plane fault-tolerance systems and separate fault-tolerant data stores.","source_anchor_ids":["anchor-paper-29-bftsmart","anchor-paper-29-limitations"]}],"relations":[{"id":"relation-paper-29-answer-addresses-question","type":"addresses","from_id":"paper-29-answer","to_id":"paper-29-question"},{"id":"relation-paper-29-method-realizes-answer","type":"realizes","from_id":"paper-29-method","to_id":"paper-29-answer"},{"id":"relation-paper-29-assumptions-qualify-security","type":"qualifies","from_id":"paper-29-scope-assumptions","to_id":"paper-29-claim-security"},{"id":"relation-paper-29-experiment-supports-performance","type":"supports","from_id":"paper-29-evidence-experiment","to_id":"paper-29-claim-performance"},{"id":"relation-paper-29-evaluation-boundary-qualifies-performance","type":"qualifies","from_id":"paper-29-boundary-evaluation","to_id":"paper-29-claim-performance"},{"id":"relation-paper-29-architecture-boundary-qualifies-answer","type":"qualifies","from_id":"paper-29-boundary-architecture","to_id":"paper-29-answer"},{"id":"relation-paper-29-artifacts-enable-audit","type":"enables_audit_of","from_id":"paper-29-artifacts","to_id":"paper-29-evidence"}],"assessment":{"id":"paper-29-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The paper gives a concrete architecture, threat model, security analysis, two prototypes, and comparative performance measurements. No fault injection, code artifact, independent reproduction, or formal proof audit was available.","basis_source_anchor_ids":["anchor-paper-29-security","anchor-paper-29-evaluation"]},{"id":"auditability","level":"high","rationale":"The complete author-hosted paper is mirrored locally with page count and SHA-256, making design, assumptions, and reported data inspectable; implementation source and experiment package are not public in this map.","basis_source_anchor_ids":["anchor-paper-29-design","anchor-paper-29-evaluation"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, affiliations, an author copy, and an IEEE record establish baseline provenance. Code version, contributor roles, and experimental artifact lineage are not documented.","basis_source_anchor_ids":["anchor-paper-29-problem","anchor-paper-29-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"The work has an IEEE workshop publication record, but reviews, independent replication, and subsequent adversarial evaluation were not inspected.","basis_source_anchor_ids":["anchor-paper-29-publication"]},{"id":"reception","level":"high","rationale":"OpenAlex reports 43 located citations as of 2026-07-11, meeting the site's 11+ high threshold. Citation count alone does not establish correctness or deployment.","basis_source_anchor_ids":["anchor-paper-29-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The paper demonstrates an early BFT SDN-controller integration with concrete measurements, but scale, fault-injection validation, priority, and long-term operational influence were not independently assessed.","basis_source_anchor_ids":["anchor-paper-29-problem","anchor-paper-29-limitations"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI work record cited_by_count","source_url":"https://openalex.org/W2514641934","citation_count":43,"signals":[],"limitation":"OpenAlex coverage, deduplication, and version merging are imperfect; this is a dated located-citation snapshot."}},"paper_3":{"schema_version":"0.1","map_id":"paper-3-map","publication_id":3,"publication_anchor":"paper-3","slug":"paper-3","canonical_path":"/knowledge/papers/paper-3/","machine_path":"/knowledge/papers/paper-3.json","root_node_id":"paper-3","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"PEUC-WiN: Privacy Enhancement by User Cooperation in Wireless Networks","year":2006,"venue":"Second IEEE Workshop on Secure Network Protocols (NPSec)","topic":"privacy-identity","labels":["Applied"],"authors":["Karim Eldefrawy","Claudio Soriente"],"keywords":["location privacy","wireless networks","user cooperation"],"research_question":"Can WLAN users rotate link- and network-layer identifiers to resist access-point tracking without repeatedly reassociating, terminating TCP connections, or accepting the throughput loss of prior silent-period approaches?","central_answer":"PEUC-WiN synchronizes a group of users behind an untrusted access point so they permute a shared pool of IP/MAC pairs, while a trusted Privacy Enhancer proxies stable external connections and remaps them across each address rotation.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, evidence linking, and initial assessment"}],"method":"Full-source audit of the checked-in Internet Archive snapshot of the formerly public UCI author copy and the official IEEE DOI record.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-drafted, source-linked map awaiting author verification before approval."}},"sources":[{"id":"source-paper-3-paper","type":"archived_author_copy","title":"PEUC-WiN: Privacy Enhancement by User Cooperation in Wireless Networks","url":"/pubs/2006/peuc-win-npsec2006.pdf","media_type":"application/pdf","sha256":"2543aaa0f4fe0538e6e1c88c04ae5622822d8c08cdd93558c514af6448dad86a","page_count":6,"provenance_category":"author","version_note":"Internet Archive snapshot dated 2015-07-03 of the formerly public UCI author PDF."},{"id":"source-paper-3-archive","type":"manuscript_archive","title":"Internet Archive capture of UCI author copy","url":"https://web.archive.org/web/20150703110605/http://www.ics.uci.edu/%7Ekeldefra/papers/peucwin.pdf"},{"id":"source-paper-3-official","type":"official_publication_record","title":"IEEE DOI record","url":"https://doi.org/10.1109/NPSEC.2006.320345"},{"id":"source-paper-3-citations","type":"citation_search","title":"Dated scholarly-web citation search","url":"https://scholar.google.com/scholar?q=%22PEUC-WiN%3A+Privacy+Enhancement+by+User+Cooperation+in+Wireless+Networks%22","version_note":"Search attempted 2026-07-11; no transparent citation count was retrievable in this environment."}],"source_anchors":[{"id":"anchor-paper-3-problem","source_id":"source-paper-3-paper","label":"Problem and claimed contribution","locator":"Abstract and Section 1, PDF page 1 (printed page 38)","url":"/pubs/2006/peuc-win-npsec2006.pdf#page=1"},{"id":"anchor-paper-3-model","source_id":"source-paper-3-paper","label":"Group, adversary, keys, and trusted Privacy Enhancer","locator":"Section 3, PDF pages 2-3 (printed pages 39-40)","url":"/pubs/2006/peuc-win-npsec2006.pdf#page=2"},{"id":"anchor-paper-3-protocol","source_id":"source-paper-3-paper","label":"Join, leave, update, address permutation, and proxy operation","locator":"Section 3, PDF pages 3-4 (printed pages 40-41)","url":"/pubs/2006/peuc-win-npsec2006.pdf#page=3"},{"id":"anchor-paper-3-security","source_id":"source-paper-3-paper","label":"Security analysis and anonymity conditions","locator":"Section 4, PDF page 4 (printed page 41)","url":"/pubs/2006/peuc-win-npsec2006.pdf#page=4"},{"id":"anchor-paper-3-performance","source_id":"source-paper-3-paper","label":"Performance model, implementation barrier, and simulation setup","locator":"Section 5, PDF pages 4-5 (printed pages 41-42)","url":"/pubs/2006/peuc-win-npsec2006.pdf#page=4"},{"id":"anchor-paper-3-results","source_id":"source-paper-3-paper","label":"NC-TUns throughput comparison","locator":"Section 5 and Figures 1-2, PDF pages 5-6 (printed pages 42-43)","url":"/pubs/2006/peuc-win-npsec2006.pdf#page=5"},{"id":"anchor-paper-3-conclusion","source_id":"source-paper-3-paper","label":"Conclusion and future work","locator":"Section 6, PDF page 6 (printed page 43)","url":"/pubs/2006/peuc-win-npsec2006.pdf#page=6"},{"id":"anchor-paper-3-archive","source_id":"source-paper-3-archive","label":"Author-copy provenance","locator":"Internet Archive capture 2015-07-03","url":"https://web.archive.org/web/20150703110605/http://www.ics.uci.edu/%7Ekeldefra/papers/peucwin.pdf"},{"id":"anchor-paper-3-publication","source_id":"source-paper-3-official","label":"Official publication metadata","locator":"DOI 10.1109/NPSEC.2006.320345","url":"https://doi.org/10.1109/NPSEC.2006.320345"},{"id":"anchor-paper-3-citation-search","source_id":"source-paper-3-citations","label":"Citation search attempted","locator":"Exact-title search, 2026-07-11; no verified count retrieved","url":"https://scholar.google.com/scholar?q=%22PEUC-WiN%3A+Privacy+Enhancement+by+User+Cooperation+in+Wireless+Networks%22"}],"nodes":[{"id":"paper-3","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"PEUC-WiN","summary":"A cooperative WLAN location-privacy protocol that rotates users through a shared address pool while a trusted proxy preserves their external transport connections.","source_anchor_ids":["anchor-paper-3-problem","anchor-paper-3-publication"]},{"id":"paper-3-question","kind":"question","parent_id":"paper-3","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can identifier rotation reduce tracking by an untrusted access point without forcing repeated reassociation and TCP restart?","source_anchor_ids":["anchor-paper-3-problem"]},{"id":"paper-3-answer","kind":"contribution","parent_id":"paper-3","order":2,"epistemic_status":"proposed_and_simulated","title":"Central answer","summary":"Coordinate simultaneous IP/MAC permutations within an anonymity group and terminate stable external connections at a Privacy Enhancer that remaps traffic after every rotation.","source_anchor_ids":["anchor-paper-3-protocol","anchor-paper-3-results"]},{"id":"paper-3-scope","kind":"scope","parent_id":"paper-3","order":3,"epistemic_status":"explicitly_scoped","title":"Threat model and trust assumptions","summary":"Users registered at one malicious access point cooperate with a trusted Privacy Enhancer; the access point can observe all group traffic, while upper-layer payloads and control messages rely on public-key, signature, group-key, and IPsec protection.","source_anchor_ids":["anchor-paper-3-model","anchor-paper-3-security"]},{"id":"paper-3-scope-anonymity","kind":"assumption","parent_id":"paper-3-scope","order":1,"epistemic_status":"necessary_condition","title":"Anonymity-set condition","summary":"Privacy requires more than one participating user; the anonymity level grows with group cardinality, while shorter rotation slots reduce tracking time at the cost of more switching overhead.","source_anchor_ids":["anchor-paper-3-model","anchor-paper-3-security"]},{"id":"paper-3-protocol","kind":"protocol","parent_id":"paper-3","order":4,"epistemic_status":"specified","title":"Cooperative address-rotation protocol","summary":"The protocol maintains group membership, distributes an address table and hash-chain seed, synchronizes rotations, and maps each user to a collision-free address pair for each variable-length time slot.","source_anchor_ids":["anchor-paper-3-protocol"]},{"id":"paper-3-protocol-control","kind":"component","parent_id":"paper-3-protocol","order":1,"epistemic_status":"specified","title":"Membership and synchronization","summary":"Signed and encrypted join/leave messages let the Privacy Enhancer update group size, address table, seed, and time base; timers handle departures that are not explicitly announced.","source_anchor_ids":["anchor-paper-3-protocol"]},{"id":"paper-3-protocol-rotation","kind":"component","parent_id":"paper-3-protocol","order":2,"epistemic_status":"specified","title":"Address permutation","summary":"All members derive the same time-slot hash value and use offset indices to permute the table of active IP/MAC pairs without collisions; a hash-derived variable slot length counters fixed-period timing correlation.","source_anchor_ids":["anchor-paper-3-protocol"]},{"id":"paper-3-protocol-proxy","kind":"component","parent_id":"paper-3-protocol","order":3,"epistemic_status":"specified","title":"Privacy Enhancer proxy","summary":"The proxy exposes a stable permanent address to correspondent nodes, tracks both legs of each connection, and adjusts IP addresses, sequence numbers, acknowledgments, and windows as users exchange address pairs.","source_anchor_ids":["anchor-paper-3-protocol"]},{"id":"paper-3-claims","kind":"claim_group","parent_id":"paper-3","order":5,"epistemic_status":"mixed","title":"Principal claims","summary":"The paper gives an informal privacy analysis and simulation evidence about throughput disruption; it does not provide a formal security proof.","source_anchor_ids":["anchor-paper-3-security","anchor-paper-3-results"]},{"id":"paper-3-claim-privacy","kind":"claim","parent_id":"paper-3-claims","order":1,"epistemic_status":"informally_argued","title":"Upper-layer tracking resistance","summary":"Against an observer limited to layer 2 and above, synchronized address permutation prevents straightforward identifier linkage, conditional on encrypted communications, uncompromised group secrets, and the stated registration assumptions.","source_anchor_ids":["anchor-paper-3-security"]},{"id":"paper-3-claim-disruption","kind":"claim","parent_id":"paper-3-claims","order":2,"epistemic_status":"simulation_supported","title":"Lower disruption than reassociation","summary":"The NC-TUns comparison reports that PEUC-WiN retains TCP connections across address changes and therefore avoids the repeated handshakes, slow starts, and longer outages of reassociation-based rotation.","source_anchor_ids":["anchor-paper-3-performance","anchor-paper-3-results"]},{"id":"paper-3-evidence","kind":"evidence_group","parent_id":"paper-3","order":6,"epistemic_status":"simulation_and_measurement","title":"Evidence","summary":"The authors measured interface-switch time on Linux laptops and simulated five cooperative users, two correspondent-path delay regimes, and comparative TCP throughput in NC-TUns 3.0.","source_anchor_ids":["anchor-paper-3-performance","anchor-paper-3-results"]},{"id":"paper-3-boundaries","kind":"limitation_group","parent_id":"paper-3","order":7,"epistemic_status":"material","title":"Trusted boundary and limitations","summary":"The design depends on a trusted, available proxy and group secrets, excludes physical-layer tracking, and was simulated because commodity Wi-Fi drivers did not expose sequence-number control needed for implementation.","source_anchor_ids":["anchor-paper-3-security","anchor-paper-3-performance"]},{"id":"paper-3-boundary-compromise","kind":"limitation","parent_id":"paper-3-boundaries","order":1,"epistemic_status":"explicitly_vulnerable","title":"Member compromise and former-member leakage","summary":"A malicious member that joins or is compromised learns the address schedule and can track members; forward-secure group-key refresh is suggested but left out of scope.","source_anchor_ids":["anchor-paper-3-security"]},{"id":"paper-3-boundary-traffic","kind":"limitation","parent_id":"paper-3-boundaries","order":2,"epistemic_status":"unresolved","title":"Traffic analysis and proxy bottleneck","summary":"The proxy address can reveal group affiliation, triangular routing can degrade throughput, and the proxy is a bottleneck and single point of failure unless replicated.","source_anchor_ids":["anchor-paper-3-security","anchor-paper-3-performance"]},{"id":"paper-3-artifacts","kind":"artifact","parent_id":"paper-3","order":8,"epistemic_status":"paper_available_no_code","title":"Artifacts","summary":"A fixed local copy of the archived author manuscript is available; no simulator configuration, code, packet traces, or implementation artifact was located.","source_anchor_ids":["anchor-paper-3-archive","anchor-paper-3-performance"]},{"id":"paper-3-scrutiny","kind":"scrutiny","parent_id":"paper-3","order":9,"epistemic_status":"peer_reviewed","title":"Scrutiny and lineage","summary":"The protocol appeared at NPSec 2006 and contrasts its transport continuity with earlier disposable-identifier and silent-period proposals; no independent reproduction or later adversarial analysis was located.","source_anchor_ids":["anchor-paper-3-problem","anchor-paper-3-publication"]}],"relations":[{"id":"paper-3-relation-control-component","type":"component_of","from_id":"paper-3-protocol-control","to_id":"paper-3-protocol"},{"id":"paper-3-relation-rotation-component","type":"component_of","from_id":"paper-3-protocol-rotation","to_id":"paper-3-protocol"},{"id":"paper-3-relation-proxy-component","type":"component_of","from_id":"paper-3-protocol-proxy","to_id":"paper-3-protocol"},{"id":"paper-3-relation-protocol-realizes-answer","type":"realizes","from_id":"paper-3-protocol","to_id":"paper-3-answer"},{"id":"paper-3-relation-evidence-supports-disruption","type":"supports","from_id":"paper-3-evidence","to_id":"paper-3-claim-disruption"},{"id":"paper-3-relation-anonymity-qualifies-privacy","type":"qualifies","from_id":"paper-3-scope-anonymity","to_id":"paper-3-claim-privacy"},{"id":"paper-3-relation-compromise-qualifies-privacy","type":"qualifies","from_id":"paper-3-boundary-compromise","to_id":"paper-3-claim-privacy"},{"id":"paper-3-relation-traffic-qualifies-answer","type":"qualifies","from_id":"paper-3-boundary-traffic","to_id":"paper-3-answer"}],"assessment":{"id":"paper-3-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The paper specifies the protocol and threat boundaries and supplies comparative simulation plus limited timing measurements, but lacks a formal proof, working implementation, public traces, and independent reproduction.","basis_source_anchor_ids":["anchor-paper-3-protocol","anchor-paper-3-security","anchor-paper-3-performance","anchor-paper-3-results"]},{"id":"auditability","level":"high","rationale":"A fixed, author-origin full text is checked in with page count and hash, making the claims and stated evidence directly inspectable; no executable artifact is available.","basis_source_anchor_ids":["anchor-paper-3-archive","anchor-paper-3-results"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, manuscript provenance, and official publication metadata are documented; roles, revision/effort history, tool use, and simulation-artifact lineage are not.","basis_source_anchor_ids":["anchor-paper-3-archive","anchor-paper-3-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"The work has an official workshop publication record; review reports, reproduction, corrections, and independent security analysis were not located.","basis_source_anchor_ids":["anchor-paper-3-publication"]},{"id":"reception","level":"low","rationale":"A dated exact-title scholarly-web search did not yield a transparent verified citation count in this environment. Under the author's rule, zero located citations maps to low; this is not a claim that the paper has no citations.","basis_source_anchor_ids":["anchor-paper-3-citation-search"]},{"id":"contribution_significance","level":"medium","rationale":"The protocol makes a concrete privacy/performance tradeoff and anticipates practical transport-state continuity, but its trusted proxy and unimplemented driver requirements constrain the supported reach.","basis_source_anchor_ids":["anchor-paper-3-problem","anchor-paper-3-protocol","anchor-paper-3-performance"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"Exact-title scholarly-web search; transparent index count unavailable","source":"Google Scholar query route plus general scholarly-web search","citation_count":0,"signals":[],"limitation":"Zero means no citations were verifiably located during this constrained search, not a total bibliometric count; author should replace it with a confirmed index snapshot."}},"paper_30":{"schema_version":"0.1","map_id":"paper-30-map","publication_id":30,"publication_anchor":"paper-30","slug":"paper-30","canonical_path":"/knowledge/papers/paper-30/","machine_path":"/knowledge/papers/paper-30.json","root_node_id":"paper-30","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["algorithm"],"title":"Automated Inference of Dependencies of Network Services and Applications via Transfer Entropy","year":2016,"status":"Published","venue":"IEEE COMPSAC, ADMNET workshop","topic":"ai-machine-learning","labels":["Applied"],"ai_ml_labels":["AI for security"],"authors":["Karim Eldefrawy","Tiffany Kim","Pape M. Sylla"],"keywords":["network service dependencies","transfer entropy","causal inference","network management"],"abstract":"As the scale and complexity of modern computer networks increases, administrators and operators of such networks need tools to accurately infer dependencies between different network services and applications. Such tools can aid in (1) detecting misconfigurations, (2) effectively scheduling major software and hardware maintenance operations with minimal disruptions, and (3) exposing potential anomalies in a timely manner. Existing tools either only consider temporal correlations which require installing additional software to monitor interfaces, ignore network service profiles of more than two services, or do not necessarily capture actual causations. Such shortcomings result in high false detection rates of inferred dependencies. This paper presents the design and evaluation of an algorithm that utilizes the notion of Transfer Entropy (TE) to passively analyze and identify dependencies between various network services and applications. With TE, our algorithm formalizes and measures the amount of information exchanged between two entities (services or applications) in a computer network. By constructing time series of the interactions of such services and applications and computing the pairwise TE from such time series, our algorithm accurately infers dependencies based on causation with low false (positive and negative) alarms. Using collected network traffic from a test and production network, we demonstrate that the algorithm provides lower false alarms with efficient run time and computational requirements.","research_question":"Can dependencies among network services and applications be inferred passively from traffic with fewer false positives and negatives than correlation-oriented approaches?","central_answer":"The source abstract reports an algorithm that builds interaction time series, computes directional pairwise transfer entropy, and validates inferred dependencies on test and production traffic; because the manuscript body was not retrievable, the estimator, decision rule, ground truth, baselines, sample sizes, and numerical results remain pending.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"abstract-grounded method decomposition, provenance search, and initial assessment"}],"method":"Conservative mapping of the complete abstract previously transcribed from the public ResearchGate author-uploaded PDF, plus the IEEE record. Direct retrieval was blocked by the host and no alternative legitimate author/archive copy was found; body-level claims were not reconstructed from secondary sources.","source_scope":"metadata_and_source_abstract","approval":{"status":"pending","note":"AI-authored abstract-grounded map awaiting author verification and full manuscript audit."}},"sources":[{"id":"source-paper-30-author","type":"author_full_text_route","title":"ResearchGate author-uploaded PDF","url":"https://www.researchgate.net/profile/Karim-Eldefrawy-2/publication/303252585_Automated_Identification_of_Network_Service_Dependencies_via_Transfer_Entropy/links/573dee7808ae9ace84112561/Automated-Identification-of-Network-Service-Dependencies-via-Transfer-Entropy.pdf","provenance_category":"author","scope_note":"Complete abstract is transcribed in this map; body retrieval was blocked during this audit."},{"id":"source-paper-30-official","type":"publication_record","title":"IEEE COMPSAC publication record","url":"https://doi.org/10.1109/COMPSAC.2016.68"},{"id":"source-paper-30-citations","type":"scholarly_index","title":"OpenAlex work record for paper #30","url":"https://openalex.org/W2518247105","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-30-abstract","source_id":"source-paper-30-author","label":"Complete author-uploaded source abstract","locator":"Abstract transcribed from author-uploaded PDF; body not audited","url":"https://www.researchgate.net/profile/Karim-Eldefrawy-2/publication/303252585_Automated_Identification_of_Network_Service_Dependencies_via_Transfer_Entropy/links/573dee7808ae9ace84112561/Automated-Identification-of-Network-Service-Dependencies-via-Transfer-Entropy.pdf"},{"id":"anchor-paper-30-publication","source_id":"source-paper-30-official","label":"Official IEEE publication record","locator":"COMPSAC Workshops 2016, pages 32-37","url":"https://doi.org/10.1109/COMPSAC.2016.68"},{"id":"anchor-paper-30-citations","source_id":"source-paper-30-citations","label":"Dated OpenAlex citation snapshot","locator":"cited_by_count = 3, accessed 2026-07-11","url":"https://openalex.org/W2518247105"}],"nodes":[{"id":"paper-30","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published_abstract_audited","title":"Automated Inference via Transfer Entropy","summary":"An abstract-grounded passive algorithm for identifying directional dependencies between network services and applications from interaction time series.","source_anchor_ids":["anchor-paper-30-abstract"]},{"id":"paper-30-question","kind":"question","parent_id":"paper-30","order":1,"epistemic_status":"research_question_from_abstract","title":"Research question","summary":"Can service dependencies be inferred without host instrumentation while improving on pairwise temporal correlation and reducing false alarms?","source_anchor_ids":["anchor-paper-30-abstract"]},{"id":"paper-30-answer","kind":"contribution","parent_id":"paper-30","order":2,"epistemic_status":"source_abstract_asserted","title":"Central answer","summary":"Convert observed service interactions into time series, calculate pairwise directional transfer entropy, and classify dependencies from information transfer.","source_anchor_ids":["anchor-paper-30-abstract"]},{"id":"paper-30-scope","kind":"scope","parent_id":"paper-30","order":3,"epistemic_status":"abstract_level","title":"Operational scope","summary":"The intended uses are dependency mapping for misconfiguration detection, maintenance planning, anomaly exposure, and general network management.","source_anchor_ids":["anchor-paper-30-abstract"]},{"id":"paper-30-method","kind":"method","parent_id":"paper-30","order":4,"epistemic_status":"source_abstract_asserted","title":"Transfer-entropy pipeline","summary":"The abstract describes passive traffic collection, interaction time-series construction, pairwise TE computation, and dependency inference; it does not expose preprocessing, estimator, lag selection, significance test, or decision threshold.","source_anchor_ids":["anchor-paper-30-abstract"]},{"id":"paper-30-method-directionality","kind":"component","parent_id":"paper-30-method","order":1,"epistemic_status":"source_abstract_asserted","title":"Directional dependence signal","summary":"Transfer entropy is used to measure predictive information flow from one service/application time series to another rather than only symmetric temporal correlation.","source_anchor_ids":["anchor-paper-30-abstract"]},{"id":"paper-30-claims","kind":"claim_group","parent_id":"paper-30","order":5,"epistemic_status":"abstract_only","title":"Abstract-level findings","summary":"The abstract reports low false-positive and false-negative alarms, lower false alarms than existing tools, and efficient runtime on test and production-network traffic.","source_anchor_ids":["anchor-paper-30-abstract"]},{"id":"paper-30-evidence","kind":"evidence_group","parent_id":"paper-30","order":6,"epistemic_status":"not_body_audited","title":"Reported evaluation","summary":"Only the abstract's statement that test and production traffic were used is visible; datasets, labels, baselines, metrics, numerical results, and uncertainty were not inspected.","source_anchor_ids":["anchor-paper-30-abstract"]},{"id":"paper-30-boundaries","kind":"limitation_group","parent_id":"paper-30","order":7,"epistemic_status":"material_source_gap","title":"Unverified boundaries","summary":"The map cannot determine how dependencies were ground-truthed, how TE bias and common causes were handled, whether results generalize across networks, or what computational scaling was measured.","source_anchor_ids":["anchor-paper-30-abstract"]},{"id":"paper-30-boundary-causality","kind":"limitation","parent_id":"paper-30-boundaries","order":1,"epistemic_status":"interpretation_boundary","title":"Transfer entropy is not intervention proof","summary":"The abstract uses causal language, but directional predictive information alone does not rule out confounding, indirect paths, or shared drivers; the body is needed to see what causal assumptions and controls were used.","source_anchor_ids":["anchor-paper-30-abstract"]},{"id":"paper-30-artifacts","kind":"artifact_group","parent_id":"paper-30","order":8,"epistemic_status":"public_route_not_locally_fixed","title":"Artifacts and resources","summary":"An IEEE record and author-uploaded PDF route exist, but no local fixed manuscript, code, traffic trace, or experiment package was added because direct retrieval was blocked.","source_anchor_ids":["anchor-paper-30-abstract","anchor-paper-30-publication"]},{"id":"paper-30-scrutiny","kind":"scrutiny","parent_id":"paper-30","order":9,"epistemic_status":"publication_recorded","title":"External scrutiny","summary":"The work was published at the IEEE COMPSAC ADMNET workshop; reviews, independent replication, and operational deployment were not audited.","source_anchor_ids":["anchor-paper-30-publication"]},{"id":"paper-30-lineage","kind":"lineage","parent_id":"paper-30","order":10,"epistemic_status":"source_abstract_asserted","title":"Research lineage","summary":"The method applies information-theoretic directional dependence estimation to service-dependency discovery as an alternative to correlation and host-instrumented tools.","source_anchor_ids":["anchor-paper-30-abstract"]}],"relations":[{"id":"relation-paper-30-answer-addresses-question","type":"addresses","from_id":"paper-30-answer","to_id":"paper-30-question"},{"id":"relation-paper-30-method-realizes-answer","type":"realizes","from_id":"paper-30-method","to_id":"paper-30-answer"},{"id":"relation-paper-30-evidence-supports-claims","type":"supports","from_id":"paper-30-evidence","to_id":"paper-30-claims"},{"id":"relation-paper-30-causality-qualifies-answer","type":"qualifies","from_id":"paper-30-boundary-causality","to_id":"paper-30-answer"},{"id":"relation-paper-30-boundaries-qualify-claims","type":"qualifies","from_id":"paper-30-boundaries","to_id":"paper-30-claims"}],"assessment":{"id":"paper-30-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"low","rationale":"The complete source abstract identifies an algorithm and reports production/test-traffic evaluation, but methods, datasets, baselines, and numerical evidence were not body-audited.","basis_source_anchor_ids":["anchor-paper-30-abstract"]},{"id":"auditability","level":"high","rationale":"A public author-uploaded full-text route exists, satisfying the site's author-copy rule; direct body retrieval and local fixity were not achieved in this audit.","basis_source_anchor_ids":["anchor-paper-30-abstract"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, an author-uploaded route, and an IEEE record establish baseline provenance; roles, code/data versions, and revision history are unknown.","basis_source_anchor_ids":["anchor-paper-30-abstract","anchor-paper-30-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"The paper has an IEEE workshop publication record, but reviews, replication, and deployment were not inspected.","basis_source_anchor_ids":["anchor-paper-30-publication"]},{"id":"reception","level":"low","rationale":"OpenAlex reports 3 located citations as of 2026-07-11. The count is index-specific and may omit versions or citations.","basis_source_anchor_ids":["anchor-paper-30-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The abstract presents a concrete passive dependency-inference algorithm with operational uses, but novelty, empirical strength, and downstream impact were not body-audited.","basis_source_anchor_ids":["anchor-paper-30-abstract"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI work record cited_by_count","source_url":"https://openalex.org/W2518247105","citation_count":3,"signals":[],"limitation":"OpenAlex coverage and record matching are incomplete; this is a dated located-citation snapshot."}},"paper_31":{"schema_version":"0.1","map_id":"paper-31-map","publication_id":31,"publication_anchor":"paper-31","slug":"paper-31","canonical_path":"/knowledge/papers/paper-31/","machine_path":"/knowledge/papers/paper-31.json","root_node_id":"paper-31","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol","scheme"],"title":"Brief Announcement: Proactive Secret Sharing with a Dishonest Majority","year":2016,"status":"Published · brief announcement","venue":"ACM Symposium on Principles of Distributed Computing (PODC)","topic":"secure-encrypted-computation","labels":["Theory"],"authors":["Shlomi Dolev","Karim Eldefrawy","Joshua Lampkins","Rafail Ostrovsky","Moti Yung"],"keywords":["proactive secret sharing","dishonest majority"],"research_question":"Can proactive secret sharing preserve a long-lived secret when passively corrupted parties may form a dishonest majority in one refresh period, while still supporting refresh and recovery in the presence of bounded active faults?","central_answer":"The announcement encodes the secret as many random additive summands and verifiably shares those summands with polynomials of increasing degree. It then gives DM-Share, DM-Reconstruct, DM-Refresh, and DM-Recover protocols whose stated thresholds extend passive security beyond an honest majority, at the cost of synchrony, authenticated private channels, secure deletion, non-robust active security, and polynomial communication.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, claim mapping, and initial assessment"}],"method":"Source-grounded review of the complete three-page PODC brief announcement downloaded from the recorded author-hosted route, including visual inspection of its first and technical pages. The map distinguishes stated protocol guarantees from proof details deferred to the full paper.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting author verification. Thresholds, interpretations, and ratings should be checked by an author before approval."}},"sources":[{"id":"source-paper-31-author-pdf","type":"author_hosted_copy","title":"Brief Announcement: Proactive Secret Sharing with a Dishonest Majority","url":"/pubs/2016/proactive-secret-sharing-dishonest-majority-podc2016-brief.pdf","provenance_category":"author","retrieved_from":"https://web.cs.ucla.edu/~rafail/PUBLIC/193.pdf","media_type":"application/pdf","sha256":"66c0484c3ad92a7849bc3bb4613b730f4d73a5ac0f6bce0fcd05d144d7435cba","page_count":3},{"id":"source-paper-31-official","type":"official_publication_record","title":"ACM PODC 2016 publication record","url":"https://doi.org/10.1145/2933057.2933059","provenance_category":"official"},{"id":"source-paper-31-citation-index","type":"citation_index_snapshot","title":"SciSpace citation listing for the PODC brief announcement","url":"https://scispace.com/papers/brief-announcement-proactive-secret-sharing-with-a-dishonest-1jlgc03e8w","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-31-problem-results","source_id":"source-paper-31-author-pdf","label":"Problem, claimed novelty, thresholds, and communication","locator":"Abstract and Section 1, PDF page 1","url":"/pubs/2016/proactive-secret-sharing-dishonest-majority-podc2016-brief.pdf#page=1"},{"id":"anchor-paper-31-system-model","source_id":"source-paper-31-author-pdf","label":"Synchronous network, channels, epochs, refresh, and deletion assumptions","locator":"Sections 2.1 and Time Periods and Refresh Phases, PDF pages 1-2","url":"/pubs/2016/proactive-secret-sharing-dishonest-majority-podc2016-brief.pdf#page=1"},{"id":"anchor-paper-31-secret-sharing-model","source_id":"source-paper-31-author-pdf","label":"Secret sharing, verifiable sharing, proactive refresh, recovery, and discrete-log commitment assumption","locator":"Section 2.2, PDF page 2","url":"/pubs/2016/proactive-secret-sharing-dishonest-majority-podc2016-brief.pdf#page=2"},{"id":"anchor-paper-31-blueprint","source_id":"source-paper-31-author-pdf","label":"Additive-summand and increasing-degree polynomial blueprint","locator":"Section 3.1, PDF page 2","url":"/pubs/2016/proactive-secret-sharing-dishonest-majority-podc2016-brief.pdf#page=2"},{"id":"anchor-paper-31-share-reconstruct","source_id":"source-paper-31-author-pdf","label":"DM-Share and DM-Reconstruct","locator":"Section 3.2, PDF pages 2-3","url":"/pubs/2016/proactive-secret-sharing-dishonest-majority-podc2016-brief.pdf#page=2"},{"id":"anchor-paper-31-refresh","source_id":"source-paper-31-author-pdf","label":"DM-Refresh and preservation of the shared secret","locator":"Section 3.3, PDF page 3","url":"/pubs/2016/proactive-secret-sharing-dishonest-majority-podc2016-brief.pdf#page=3"},{"id":"anchor-paper-31-recovery","source_id":"source-paper-31-author-pdf","label":"DM-Recover, privacy intuition, and recovery-dependent thresholds","locator":"Section 3.4, PDF page 3","url":"/pubs/2016/proactive-secret-sharing-dishonest-majority-podc2016-brief.pdf#page=3"},{"id":"anchor-paper-31-limitations","source_id":"source-paper-31-author-pdf","label":"Conclusion, non-robust active security, communication, and open questions","locator":"Section 4, PDF page 3","url":"/pubs/2016/proactive-secret-sharing-dishonest-majority-podc2016-brief.pdf#page=3"},{"id":"anchor-paper-31-publication","source_id":"source-paper-31-official","label":"Official PODC publication record","locator":"ACM PODC 2016, DOI 10.1145/2933057.2933059","url":"https://doi.org/10.1145/2933057.2933059"},{"id":"anchor-paper-31-citations","source_id":"source-paper-31-citation-index","label":"Dated citation-count snapshot","locator":"SciSpace listing reported 1 citation when accessed 2026-07-11","url":"https://scispace.com/papers/brief-announcement-proactive-secret-sharing-with-a-dishonest-1jlgc03e8w"}],"nodes":[{"id":"paper-31","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Brief Announcement: Proactive Secret Sharing with a Dishonest Majority","summary":"A three-page announcement of a proactive secret-sharing construction that uses additive encoding and verifiable polynomial sharing to exceed the passive honest-majority barrier while retaining bounded recovery and active-fault guarantees.","source_anchor_ids":["anchor-paper-31-problem-results"]},{"id":"paper-31-question","kind":"question","parent_id":"paper-31","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can a mobile-adversary PSS scheme remain confidential when passive corruptions within one refresh period may include a dishonest majority, rather than fewer than half of the parties?","source_anchor_ids":["anchor-paper-31-problem-results"]},{"id":"paper-31-answer","kind":"contribution","parent_id":"paper-31","order":2,"epistemic_status":"source_asserted","title":"Central construction","summary":"Split the secret into random additive summands, verifiably share each summand with a polynomial from an increasing-degree family, and refresh or recover those polynomial shares without reconstructing the secret.","source_anchor_ids":["anchor-paper-31-blueprint","anchor-paper-31-share-reconstruct"]},{"id":"paper-31-scope","kind":"scope","parent_id":"paper-31","order":3,"epistemic_status":"explicitly_scoped","title":"Model and required environment","summary":"The protocol runs among n parties in synchronized epochs over a synchronous network with authenticated broadcast and pairwise private authenticated channels; honest parties erase old shares after refresh.","source_anchor_ids":["anchor-paper-31-system-model"]},{"id":"paper-31-scope-mobile-adversary","kind":"threat_model","parent_id":"paper-31-scope","order":1,"epistemic_status":"defined","title":"Mobile mixed adversary","summary":"The adversary may eventually compromise all parties across the system lifetime, but the stated passive, active, and recovery-dependent thresholds must hold within each refresh period.","source_anchor_ids":["anchor-paper-31-problem-results","anchor-paper-31-system-model"]},{"id":"paper-31-scope-setup","kind":"assumption","parent_id":"paper-31-scope","order":2,"epistemic_status":"assumed","title":"Communication and reset assumptions","summary":"Synchrony, a global clock, authenticated broadcast, private authenticated channels, restoration to a pristine state, and deletion of obsolete shares are environmental assumptions rather than guarantees constructed by this scheme.","source_anchor_ids":["anchor-paper-31-system-model"]},{"id":"paper-31-scope-commitments","kind":"assumption","parent_id":"paper-31-scope","order":3,"epistemic_status":"computational_assumption","title":"Verifiability assumption","summary":"Active-fault checking uses homomorphic commitments instantiated in the announcement by Feldman VSS, whose hiding/security properties rely on discrete-log hardness over the selected field group.","source_anchor_ids":["anchor-paper-31-secret-sharing-model"]},{"id":"paper-31-construction","kind":"method","parent_id":"paper-31","order":4,"epistemic_status":"specified","title":"Four-protocol PSS construction","summary":"DM-Share, DM-Reconstruct, DM-Refresh, and DM-Recover jointly implement sharing, reconstruction, proactive rerandomization, and replacement of shares lost by rebooted or faulty parties.","source_anchor_ids":["anchor-paper-31-share-reconstruct","anchor-paper-31-refresh","anchor-paper-31-recovery"]},{"id":"paper-31-construction-encoding","kind":"method","parent_id":"paper-31-construction","order":1,"epistemic_status":"specified","title":"Additive encoding with increasing degrees","summary":"DM-Share writes s as the sum of n random summands and verifiably shares the summands with polynomials whose degrees increase across the family; reducing the maximum degree reserves interpolation capacity for share recovery.","source_anchor_ids":["anchor-paper-31-blueprint","anchor-paper-31-share-reconstruct"]},{"id":"paper-31-construction-refresh","kind":"protocol","parent_id":"paper-31-construction","order":2,"epistemic_status":"specified","title":"DM-Refresh","summary":"Each party verifiably distributes a family of random refreshing polynomials whose constant terms sum to zero; adding their evaluations rerandomizes every local share while preserving the encoded secret, after which old shares are deleted.","source_anchor_ids":["anchor-paper-31-refresh"]},{"id":"paper-31-construction-recover","kind":"protocol","parent_id":"paper-31-construction","order":3,"epistemic_status":"specified","title":"DM-Recover","summary":"Non-recovering parties mask their current polynomial shares with random polynomials that vanish at the recovering party's point, allowing that party to interpolate only its replacement shares rather than the secret or current sharing polynomials.","source_anchor_ids":["anchor-paper-31-recovery"]},{"id":"paper-31-claims","kind":"claim_group","parent_id":"paper-31","order":5,"epistemic_status":"source_asserted","title":"Stated guarantees","summary":"The announcement states separate thresholds for passive corruption, active corruption, mixed corruption, lost-share recovery, and batched communication; these guarantees are not interchangeable.","source_anchor_ids":["anchor-paper-31-problem-results","anchor-paper-31-limitations"]},{"id":"paper-31-claim-passive","kind":"claim","parent_id":"paper-31-claims","order":1,"epistemic_status":"claimed_with_protocol_intuition","title":"Passive dishonest-majority confidentiality","summary":"Without lost-share recovery, the paper states confidentiality for t < n passive corruptions in a refresh period; with e simultaneous lost shares or faults, the stated passive threshold becomes t < n - e.","source_anchor_ids":["anchor-paper-31-problem-results","anchor-paper-31-recovery","anchor-paper-31-limitations"]},{"id":"paper-31-claim-active-mixed","kind":"claim","parent_id":"paper-31-claims","order":2,"epistemic_status":"claimed_non_robust","title":"Active and mixed corruption bounds","summary":"The non-robust construction states security for t < n/2 - e active corruptions and for mixed adversaries whose total may be a majority provided fewer than n/2 - e corruptions are active; detected cheating may cause abort.","source_anchor_ids":["anchor-paper-31-problem-results","anchor-paper-31-limitations"]},{"id":"paper-31-claim-communication","kind":"claim","parent_id":"paper-31-claims","order":3,"epistemic_status":"asymptotic_claim","title":"Communication cost","summary":"The announcement reports O(n^4) communication for one secret and O(n^3) communication when multiple secrets are batched; it leaves lower communication for dishonest-majority PSS open.","source_anchor_ids":["anchor-paper-31-problem-results","anchor-paper-31-limitations"]},{"id":"paper-31-evidence","kind":"evidence_group","parent_id":"paper-31","order":6,"epistemic_status":"bounded_by_brief_announcement","title":"Evidence and proof boundary","summary":"The three-page source specifies the model, encoding blueprint, and protocol mechanisms and gives security intuition, but it does not contain the full definitions, games, lemmas, or complete proofs of the corresponding SCN paper.","source_anchor_ids":["anchor-paper-31-secret-sharing-model","anchor-paper-31-blueprint","anchor-paper-31-recovery"]},{"id":"paper-31-evidence-mechanism","kind":"evidence","parent_id":"paper-31-evidence","order":1,"epistemic_status":"construction_inspected","title":"Mechanism-level support","summary":"The source explains why additive summands resist passive reconstruction, why zero-sum refresh polynomials preserve the secret, and why vanishing recovery masks reveal only the recovering party's replacement evaluations.","source_anchor_ids":["anchor-paper-31-blueprint","anchor-paper-31-refresh","anchor-paper-31-recovery"]},{"id":"paper-31-boundaries","kind":"limitation_group","parent_id":"paper-31","order":7,"epistemic_status":"material","title":"Limitations and open obligations","summary":"The active guarantee is non-robust, thresholds decrease with parallel recovery, the scheme assumes synchrony and secure erasure, and the brief leaves complete proofs and optimal communication outside its three pages.","source_anchor_ids":["anchor-paper-31-system-model","anchor-paper-31-recovery","anchor-paper-31-limitations"]},{"id":"paper-31-boundary-open","kind":"limitation","parent_id":"paper-31-boundaries","order":1,"epistemic_status":"open_problem","title":"Open communication and asynchrony questions","summary":"The authors ask whether batched communication can fall below O(n^3) and note that no construction in the represented work attains dishonest-majority security up to n - 1 over asynchronous networks.","source_anchor_ids":["anchor-paper-31-limitations"]},{"id":"paper-31-resources","kind":"artifact_group","parent_id":"paper-31","order":8,"epistemic_status":"publicly_available","title":"Publication resources","summary":"The complete brief announcement is checked into this site with recorded fixity, and the ACM DOI provides the official publication identity; no code or executable artifact is claimed by the paper.","source_anchor_ids":["anchor-paper-31-problem-results","anchor-paper-31-publication"]},{"id":"paper-31-scrutiny","kind":"scrutiny","parent_id":"paper-31","order":9,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The construction appeared as a PODC brief announcement. That establishes venue exposure but is not equivalent to a full-paper proof audit, independent reproduction, or public review report.","source_anchor_ids":["anchor-paper-31-publication"]},{"id":"paper-31-lineage","kind":"lineage","parent_id":"paper-31","order":10,"epistemic_status":"documented","title":"Relation to the full construction","summary":"This announcement is the compressed PODC presentation of the dishonest-majority PSS direction; the separate SCN paper contains the extended construction and proof treatment and must be mapped independently as paper #32.","source_anchor_ids":["anchor-paper-31-problem-results","anchor-paper-31-limitations"]}],"relations":[{"id":"paper-31-relation-answer-question","type":"addresses","from_id":"paper-31-answer","to_id":"paper-31-question"},{"id":"paper-31-relation-encoding-answer","type":"realizes","from_id":"paper-31-construction-encoding","to_id":"paper-31-answer"},{"id":"paper-31-relation-refresh-construction","type":"component_of","from_id":"paper-31-construction-refresh","to_id":"paper-31-construction"},{"id":"paper-31-relation-recover-construction","type":"component_of","from_id":"paper-31-construction-recover","to_id":"paper-31-construction"},{"id":"paper-31-relation-mechanism-passive","type":"supports","from_id":"paper-31-evidence-mechanism","to_id":"paper-31-claim-passive"},{"id":"paper-31-relation-mechanism-active","type":"supports","from_id":"paper-31-evidence-mechanism","to_id":"paper-31-claim-active-mixed"},{"id":"paper-31-relation-scope-passive","type":"qualifies","from_id":"paper-31-scope","to_id":"paper-31-claim-passive"},{"id":"paper-31-relation-scope-active","type":"qualifies","from_id":"paper-31-scope","to_id":"paper-31-claim-active-mixed"},{"id":"paper-31-relation-boundaries-claims","type":"qualifies","from_id":"paper-31-boundaries","to_id":"paper-31-claims"},{"id":"paper-31-relation-lineage-paper","type":"contextualizes","from_id":"paper-31-lineage","to_id":"paper-31"}],"assessment":{"id":"paper-31-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The complete brief specifies the model, construction blueprint, protocols, thresholds, and security intuition, but its three pages omit the full formal definitions and proofs. The evidence supports a medium source-grounded rating rather than a claim of complete proof verification.","basis_source_anchor_ids":["anchor-paper-31-problem-results","anchor-paper-31-blueprint","anchor-paper-31-recovery"]},{"id":"auditability","level":"high","rationale":"A checked-in author-hosted copy with recorded page count and SHA-256, together with the official DOI, makes the represented brief directly auditable. The separate full-paper proof and any immutable artifact history are outside this record.","basis_source_anchor_ids":["anchor-paper-31-problem-results","anchor-paper-31-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, date, venue, official DOI, and author-hosted manuscript are documented. Contributor roles, revision history, tool use, and the exact lineage between brief and full versions have not been audited.","basis_source_anchor_ids":["anchor-paper-31-publication","anchor-paper-31-problem-results"]},{"id":"external_scrutiny","level":"medium","rationale":"PODC publication establishes external venue scrutiny, but the review reports, acceptance criteria, rebuttal, independent proof checking, and reproduction history are not public in the represented sources.","basis_source_anchor_ids":["anchor-paper-31-publication"]},{"id":"reception","level":"low","rationale":"The dated index snapshot located 1 citation. Under the author-defined corpus rule, 0 through 8 located citations is Low. Counts vary by index and date and do not measure correctness.","basis_source_anchor_ids":["anchor-paper-31-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The source claims the first dishonest-majority PSS feasibility result and clearly identifies the prior honest-majority barrier. Priority and downstream influence require a separate literature and reception audit, so significance remains medium pending author verification.","basis_source_anchor_ids":["anchor-paper-31-problem-results","anchor-paper-31-limitations"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"SciSpace title and DOI listing","citation_count":1,"source_url":"https://scispace.com/papers/brief-announcement-proactive-secret-sharing-with-a-dishonest-1jlgc03e8w","signals":["The index displayed one citation for the PODC brief announcement."],"limitation":"Citation counts are index- and date-dependent; the corresponding SCN full paper is a separate record and may receive citations that do not accrue to this brief announcement."}},"paper_32":{"schema_version":"0.1","map_id":"paper-32-map","publication_id":32,"publication_anchor":"paper-32","slug":"paper-32","canonical_path":"/knowledge/papers/paper-32/","machine_path":"/knowledge/papers/paper-32.json","root_node_id":"paper-32","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol","scheme"],"title":"Proactive Secret Sharing with a Dishonest Majority","year":2016,"status":"Published","venue":"10th Conference on Security and Cryptography for Networks (SCN)","topic":"secure-encrypted-computation","labels":["Theory"],"authors":["Shlomi Dolev","Karim Eldefrawy","Joshua Lampkins","Rafail Ostrovsky","Moti Yung"],"keywords":["proactive secret sharing","dishonest majority"],"research_question":"How can a proactive secret-sharing scheme retain correctness and confidentiality when a mobile adversary may passively corrupt a dishonest majority within an epoch and may actively corrupt a smaller subset, while parties periodically refresh and recover shares?","central_answer":"The paper replaces direct low-degree sharing of the secret with an additive decomposition whose summands are verifiably shared by polynomials of increasing degree. Four protocols share, reconstruct, refresh, and recover those encodings, yielding separate passive, active, mixed-adversary, robustness, and communication guarantees under a synchronous authenticated model.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, theorem mapping, and initial assessment"}],"method":"Source-grounded review of the complete author-uploaded SCN paper exposed through the public full-text route, including its definitions, four protocols, proof lemmas, batching discussion, and conclusion. The official DOI was used for publication identity. No independent proof reproduction was performed.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting author verification. Formal thresholds, proof interpretations, and ratings should be checked by an author before approval."}},"sources":[{"id":"source-paper-32-author-full-text","type":"author_hosted_copy","title":"Proactive Secret Sharing with a Dishonest Majority","url":"https://www.researchgate.net/publication/304830862_Proactive_Secret_Sharing_with_a_Dishonest_Majority","provenance_category":"author","media_type":"application/pdf","page_count":20,"version_note":"Public author-uploaded SCN full text; local file fixity has not been recorded."},{"id":"source-paper-32-official","type":"official_publication_record","title":"SCN 2016 Springer publication record","url":"https://doi.org/10.1007/978-3-319-44618-9_28","provenance_category":"official"},{"id":"source-paper-32-citation-snapshot","type":"citation_index_snapshot","title":"ResearchGate citation snapshot for the SCN paper","url":"https://www.researchgate.net/publication/304830862_Proactive_Secret_Sharing_with_a_Dishonest_Majority","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-32-results","source_id":"source-paper-32-author-full-text","label":"Problem, priority claim, thresholds, and communication","locator":"Abstract and Section 1, PDF pages 1-3","url":"https://www.researchgate.net/publication/304830862_Proactive_Secret_Sharing_with_a_Dishonest_Majority"},{"id":"anchor-paper-32-roadblock","source_id":"source-paper-32-author-full-text","label":"Why conventional polynomial PSS fails under a passive majority","locator":"Section 2, PDF pages 3-4","url":"https://www.researchgate.net/publication/304830862_Proactive_Secret_Sharing_with_a_Dishonest_Majority"},{"id":"anchor-paper-32-system","source_id":"source-paper-32-author-full-text","label":"Synchronous network, channels, epochs, deletion, and recovery","locator":"Section 3.1, PDF pages 4-5","url":"https://www.researchgate.net/publication/304830862_Proactive_Secret_Sharing_with_a_Dishonest_Majority"},{"id":"anchor-paper-32-adversary","source_id":"source-paper-32-author-full-text","label":"Polynomial-time mixed mobile adversary and multi-threshold security","locator":"Section 3.2, PDF pages 5-6","url":"https://www.researchgate.net/publication/304830862_Proactive_Secret_Sharing_with_a_Dishonest_Majority"},{"id":"anchor-paper-32-definition","source_id":"source-paper-32-author-full-text","label":"PSS syntax, correctness, secrecy, robustness, refresh, and recovery","locator":"Section 3.3, PDF pages 6-7","url":"https://www.researchgate.net/publication/304830862_Proactive_Secret_Sharing_with_a_Dishonest_Majority"},{"id":"anchor-paper-32-commitments","source_id":"source-paper-32-author-full-text","label":"Batched sharing, homomorphic commitments, and Feldman-VSS assumption","locator":"Section 3.4, PDF pages 7-8","url":"https://www.researchgate.net/publication/304830862_Proactive_Secret_Sharing_with_a_Dishonest_Majority"},{"id":"anchor-paper-32-blueprint","source_id":"source-paper-32-author-full-text","label":"Additive-summand blueprint and recovery-dependent degree choices","locator":"Sections 4.1-4.2, PDF pages 8-10","url":"https://www.researchgate.net/publication/304830862_Proactive_Secret_Sharing_with_a_Dishonest_Majority"},{"id":"anchor-paper-32-share","source_id":"source-paper-32-author-full-text","label":"DM-Share and DM-Reconstruct","locator":"Section 4.3, PDF pages 10-12","url":"https://www.researchgate.net/publication/304830862_Proactive_Secret_Sharing_with_a_Dishonest_Majority"},{"id":"anchor-paper-32-refresh","source_id":"source-paper-32-author-full-text","label":"DM-Refresh and its termination, correctness, secrecy, and robustness lemmas","locator":"Sections 4.4 and 4.6, PDF pages 12-16","url":"https://www.researchgate.net/publication/304830862_Proactive_Secret_Sharing_with_a_Dishonest_Majority"},{"id":"anchor-paper-32-recover","source_id":"source-paper-32-author-full-text","label":"DM-Recover and its termination, correctness, secrecy, and robustness lemmas","locator":"Sections 4.5 and 4.6, PDF pages 14-18","url":"https://www.researchgate.net/publication/304830862_Proactive_Secret_Sharing_with_a_Dishonest_Majority"},{"id":"anchor-paper-32-batching","source_id":"source-paper-32-author-full-text","label":"Batched communication reduction","locator":"Section 4.7, PDF page 18","url":"https://www.researchgate.net/publication/304830862_Proactive_Secret_Sharing_with_a_Dishonest_Majority"},{"id":"anchor-paper-32-limitations","source_id":"source-paper-32-author-full-text","label":"Conclusion, non-robust guarantees, communication, and asynchronous open problem","locator":"Section 5, PDF page 19","url":"https://www.researchgate.net/publication/304830862_Proactive_Secret_Sharing_with_a_Dishonest_Majority"},{"id":"anchor-paper-32-publication","source_id":"source-paper-32-official","label":"Official peer-reviewed publication record","locator":"SCN 2016, pages 529-548, DOI 10.1007/978-3-319-44618-9_28","url":"https://doi.org/10.1007/978-3-319-44618-9_28"},{"id":"anchor-paper-32-citations","source_id":"source-paper-32-citation-snapshot","label":"Dated citation-count snapshot","locator":"ResearchGate displayed 18 citations when accessed 2026-07-11","url":"https://www.researchgate.net/publication/304830862_Proactive_Secret_Sharing_with_a_Dishonest_Majority"}],"nodes":[{"id":"paper-32","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Proactive Secret Sharing with a Dishonest Majority","summary":"A formal proactive secret-sharing construction for mixed mobile adversaries that exceeds the passive honest-majority barrier by combining additive secret decomposition, increasing-degree polynomial shares, homomorphic commitments, refresh, and recovery.","source_anchor_ids":["anchor-paper-32-results"]},{"id":"paper-32-question","kind":"question","parent_id":"paper-32","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can PSS tolerate a passive dishonest majority in every epoch without losing the ability to detect active faults, refresh obsolete shares, and restore shares to rebooted parties?","source_anchor_ids":["anchor-paper-32-results","anchor-paper-32-roadblock"]},{"id":"paper-32-answer","kind":"contribution","parent_id":"paper-32","order":2,"epistemic_status":"source_asserted","title":"Central answer","summary":"Encode s as random additive summands, place those summands in verifiably shared polynomials with different degrees, and operate on the family through DM-Share, DM-Reconstruct, DM-Refresh, and DM-Recover.","source_anchor_ids":["anchor-paper-32-blueprint","anchor-paper-32-share"]},{"id":"paper-32-scope","kind":"scope","parent_id":"paper-32","order":3,"epistemic_status":"explicitly_scoped","title":"System and security model","summary":"Security is defined per epoch for n synchronized parties connected by authenticated broadcast and pairwise secure authenticated channels, with periodic refresh, secure deletion of old shares, and optional recovery after reboot or share loss.","source_anchor_ids":["anchor-paper-32-system","anchor-paper-32-definition"]},{"id":"paper-32-scope-adversary","kind":"threat_model","parent_id":"paper-32-scope","order":1,"epistemic_status":"defined","title":"Mixed mobile adversary","summary":"A polynomial-time adversary passively reads the state of P* and may actively control A* subseteq P*. Correctness, secrecy, and robustness are parameterized by separate multi-threshold sets rather than by one undifferentiated corruption bound.","source_anchor_ids":["anchor-paper-32-adversary"]},{"id":"paper-32-scope-thresholds","kind":"definition","parent_id":"paper-32-scope","order":2,"epistemic_status":"defined","title":"Threshold accounting","summary":"For the single-recovery setting the paper states passive bound tp < n - 2, active bound ta < n/2 - 1, and mixed constraint ta + tp < n - 2, where each active corruption is also counted among passive corruptions.","source_anchor_ids":["anchor-paper-32-adversary","anchor-paper-32-blueprint"]},{"id":"paper-32-scope-assumptions","kind":"assumption","parent_id":"paper-32-scope","order":3,"epistemic_status":"assumed","title":"Environmental and cryptographic assumptions","summary":"The construction assumes synchrony, a global clock, authenticated broadcast, private authenticated channels, erasure of obsolete shares, reboot into a pristine state, and a binding/hiding homomorphic commitment; the concrete Feldman instantiation relies on discrete-log hardness.","source_anchor_ids":["anchor-paper-32-system","anchor-paper-32-commitments"]},{"id":"paper-32-construction","kind":"method","parent_id":"paper-32","order":4,"epistemic_status":"formally_specified","title":"Dishonest-majority PSS construction","summary":"The four protocols manipulate a vector of additive summands shared by polynomials whose degree profile is chosen to balance secrecy against the number of active faults and simultaneously recovering parties.","source_anchor_ids":["anchor-paper-32-blueprint","anchor-paper-32-share","anchor-paper-32-refresh","anchor-paper-32-recover"]},{"id":"paper-32-construction-encoding","kind":"method","parent_id":"paper-32-construction","order":1,"epistemic_status":"specified","title":"Additive and polynomial encoding","summary":"Directly placing s in one polynomial would reveal it after enough passive observations. The construction first splits s into d random summands and then shares each summand with a polynomial of a different degree, so no allowed passive view determines every summand.","source_anchor_ids":["anchor-paper-32-roadblock","anchor-paper-32-blueprint"]},{"id":"paper-32-construction-share","kind":"protocol","parent_id":"paper-32-construction","order":2,"epistemic_status":"specified","title":"DM-Share and DM-Reconstruct","summary":"DM-Share commits to and distributes the increasing-degree sharings; DM-Reconstruct opens enough evaluations to recover each additive summand and sums the reconstructed summands to recover s.","source_anchor_ids":["anchor-paper-32-share"]},{"id":"paper-32-construction-refresh","kind":"protocol","parent_id":"paper-32-construction","order":3,"epistemic_status":"specified_and_analyzed","title":"DM-Refresh","summary":"Parties verifiably share random polynomials of matching degrees whose free terms sum to zero, add the evaluations to current shares, resolve inconsistent openings by abort and identification, and delete obsolete shares.","source_anchor_ids":["anchor-paper-32-refresh"]},{"id":"paper-32-construction-recover","kind":"protocol","parent_id":"paper-32-construction","order":4,"epistemic_status":"specified_and_analyzed","title":"DM-Recover","summary":"Parties mask current polynomials with random recovery polynomials that vanish at each recovering party's evaluation point. Interpolation gives replacement evaluations at those points without revealing s or other parties' shares.","source_anchor_ids":["anchor-paper-32-recover"]},{"id":"paper-32-claims","kind":"claim_group","parent_id":"paper-32","order":5,"epistemic_status":"proved_in_paper","title":"Principal guarantees","summary":"The paper separates correctness, secrecy, robustness, termination, and communication statements and conditions each one on explicit passive, active, degree, and recovery parameters.","source_anchor_ids":["anchor-paper-32-adversary","anchor-paper-32-refresh","anchor-paper-32-recover"]},{"id":"paper-32-claim-passive","kind":"claim","parent_id":"paper-32-claims","order":1,"epistemic_status":"proved_conditional","title":"Passive confidentiality","summary":"In the represented single-recovery configuration, the paper states robust secrecy for fewer than n - 2 passive corruptions and no active corruptions; without recovery the overview gives the larger fewer-than-n passive bound.","source_anchor_ids":["anchor-paper-32-results","anchor-paper-32-blueprint","anchor-paper-32-refresh"]},{"id":"paper-32-claim-mixed","kind":"claim","parent_id":"paper-32-claims","order":2,"epistemic_status":"proved_non_robust","title":"Active and mixed-adversary security","summary":"With one recovering party, the paper states non-robust security with identifiable abort for fewer than n/2 - 1 active corruptions and for mixed corruption sets satisfying the defined multi-threshold constraints.","source_anchor_ids":["anchor-paper-32-adversary","anchor-paper-32-results","anchor-paper-32-recover"]},{"id":"paper-32-claim-refresh","kind":"claim","parent_id":"paper-32-claims","order":3,"epistemic_status":"proved_conditional","title":"Refresh correctness, secrecy, and robustness","summary":"Lemmas 1-4 argue termination, preservation of the encoded secret, independence of new shares from old shares, and sufficient correct interpolation points under the stated degree and corruption inequalities.","source_anchor_ids":["anchor-paper-32-refresh"]},{"id":"paper-32-claim-recover","kind":"claim","parent_id":"paper-32-claims","order":4,"epistemic_status":"proved_conditional","title":"Recovery correctness, secrecy, and robustness","summary":"Lemmas 5-8 argue termination, reconstruction of the recovering party's correct evaluations, secrecy of the secret and other shares, and preservation under d < n - k - c for k active corruptions and c recovering parties.","source_anchor_ids":["anchor-paper-32-recover"]},{"id":"paper-32-claim-communication","kind":"claim","parent_id":"paper-32-claims","order":5,"epistemic_status":"asymptotic_analysis","title":"Communication complexity","summary":"The paper reports O(n^4) communication for the single-secret scheme and an O(n) batching factor that reduces the effective per-secret cost, with O(n^3) communication for recovery of an O(n)-secret batch.","source_anchor_ids":["anchor-paper-32-results","anchor-paper-32-batching"]},{"id":"paper-32-evidence","kind":"evidence_group","parent_id":"paper-32","order":6,"epistemic_status":"formal_paper_analysis","title":"Evidence chain","summary":"Evidence consists of explicit syntax and adversary definitions, four concrete protocols, homomorphic-commitment checks, interpolation arguments, and eight proof lemmas. The proofs were read but not mechanically checked or independently reproduced for this map.","source_anchor_ids":["anchor-paper-32-definition","anchor-paper-32-refresh","anchor-paper-32-recover"]},{"id":"paper-32-evidence-refresh","kind":"evidence","parent_id":"paper-32-evidence","order":1,"epistemic_status":"proof_inspected_not_reproduced","title":"Refresh proof structure","summary":"Binding commitments detect inconsistent distributions; zero-sum constant terms preserve s; one honest random contribution rerandomizes the family; and degree bounds ensure enough correct points remain for interpolation.","source_anchor_ids":["anchor-paper-32-refresh"]},{"id":"paper-32-evidence-recover","kind":"evidence","parent_id":"paper-32-evidence","order":2,"epistemic_status":"proof_inspected_not_reproduced","title":"Recovery proof structure","summary":"Vanishing masks preserve the recovering evaluations, computational hiding protects the random recovery polynomials, and the threshold inequalities guarantee enough correct shares to interpolate them.","source_anchor_ids":["anchor-paper-32-recover"]},{"id":"paper-32-boundaries","kind":"limitation_group","parent_id":"paper-32","order":7,"epistemic_status":"material","title":"Boundaries and open problems","summary":"Active security is non-robust, recovery consumes resilience, security depends on computational commitments and secure erasure, the network is synchronous, and the fully specified batched protocols are deferred beyond the represented version.","source_anchor_ids":["anchor-paper-32-system","anchor-paper-32-commitments","anchor-paper-32-batching","anchor-paper-32-limitations"]},{"id":"paper-32-boundary-asynchrony","kind":"limitation","parent_id":"paper-32-boundaries","order":1,"epistemic_status":"open_problem","title":"Asynchrony and communication remain open","summary":"The conclusion leaves lower communication and dishonest-majority PSS over asynchronous networks unresolved; the construction itself assumes synchrony.","source_anchor_ids":["anchor-paper-32-limitations"]},{"id":"paper-32-resources","kind":"artifact_group","parent_id":"paper-32","order":8,"epistemic_status":"publicly_available","title":"Sources and artifacts","summary":"A complete author-uploaded paper and official Springer record are public. The represented work is a protocol-and-proof paper and does not claim a software implementation or reproducibility package.","source_anchor_ids":["anchor-paper-32-results","anchor-paper-32-publication"]},{"id":"paper-32-scrutiny","kind":"scrutiny","parent_id":"paper-32","order":9,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The work appeared at SCN 2016 and acknowledges anonymous-reviewer feedback. Public review reports, machine proof checking, independent reproduction, and a correction history were not located in this audit.","source_anchor_ids":["anchor-paper-32-publication","anchor-paper-32-limitations"]},{"id":"paper-32-lineage","kind":"lineage","parent_id":"paper-32","order":10,"epistemic_status":"documented","title":"Research lineage","summary":"The paper extends classical proactive secret sharing and mixed-adversary gradual sharing, and its static dishonest-majority construction becomes a baseline later work seeks to batch, generalize, or make dynamic.","source_anchor_ids":["anchor-paper-32-roadblock","anchor-paper-32-limitations"]}],"relations":[{"id":"paper-32-relation-answer-question","type":"addresses","from_id":"paper-32-answer","to_id":"paper-32-question"},{"id":"paper-32-relation-encoding-answer","type":"realizes","from_id":"paper-32-construction-encoding","to_id":"paper-32-answer"},{"id":"paper-32-relation-share-construction","type":"component_of","from_id":"paper-32-construction-share","to_id":"paper-32-construction"},{"id":"paper-32-relation-refresh-construction","type":"component_of","from_id":"paper-32-construction-refresh","to_id":"paper-32-construction"},{"id":"paper-32-relation-recover-construction","type":"component_of","from_id":"paper-32-construction-recover","to_id":"paper-32-construction"},{"id":"paper-32-relation-refresh-evidence-claim","type":"supports","from_id":"paper-32-evidence-refresh","to_id":"paper-32-claim-refresh"},{"id":"paper-32-relation-recover-evidence-claim","type":"supports","from_id":"paper-32-evidence-recover","to_id":"paper-32-claim-recover"},{"id":"paper-32-relation-scope-passive","type":"qualifies","from_id":"paper-32-scope","to_id":"paper-32-claim-passive"},{"id":"paper-32-relation-thresholds-mixed","type":"qualifies","from_id":"paper-32-scope-thresholds","to_id":"paper-32-claim-mixed"},{"id":"paper-32-relation-boundaries-claims","type":"qualifies","from_id":"paper-32-boundaries","to_id":"paper-32-claims"},{"id":"paper-32-relation-lineage-paper","type":"contextualizes","from_id":"paper-32-lineage","to_id":"paper-32"}],"assessment":{"id":"paper-32-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The full paper supplies an explicit mixed-adversary model, PSS definitions, four protocols, threshold accounting, and separate termination, correctness, secrecy, and robustness lemmas. This is strong multi-part formal support, although the proofs have not been mechanically checked or independently reproduced in this audit.","basis_source_anchor_ids":["anchor-paper-32-adversary","anchor-paper-32-definition","anchor-paper-32-refresh","anchor-paper-32-recover"]},{"id":"auditability","level":"high","rationale":"The complete author-uploaded full text and official DOI make assumptions, protocols, proof sketches, and limitations directly inspectable. Local file fixity and an executable artifact lineage are not recorded.","basis_source_anchor_ids":["anchor-paper-32-results","anchor-paper-32-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, author upload, venue, date, acknowledgments, and DOI establish human and lifecycle provenance. Contributor roles, revision history, tools, and explicit author approval of this map remain incomplete.","basis_source_anchor_ids":["anchor-paper-32-publication","anchor-paper-32-limitations"]},{"id":"external_scrutiny","level":"medium","rationale":"SCN publication and the paper's acknowledgment of anonymous-reviewer feedback establish external scrutiny. Review reports, independent proof reproduction, criticism, and correction records were not located.","basis_source_anchor_ids":["anchor-paper-32-publication","anchor-paper-32-limitations"]},{"id":"reception","level":"high","rationale":"The public publication page displayed 18 citations on 2026-07-11. Under the author-defined rule, 11 or more located citations is High; the count is index- and date-dependent and does not establish correctness.","basis_source_anchor_ids":["anchor-paper-32-citations"]},{"id":"contribution_significance","level":"high","rationale":"The paper explicitly addresses the honest-majority limitation of prior PSS and claims the first dishonest-majority construction with mixed-adversary guarantees. The source provides a new protocol family and proof treatment rather than only a position or feasibility sketch.","basis_source_anchor_ids":["anchor-paper-32-results","anchor-paper-32-roadblock","anchor-paper-32-refresh","anchor-paper-32-recover"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"ResearchGate publication-page citation count","citation_count":18,"source_url":"https://www.researchgate.net/publication/304830862_Proactive_Secret_Sharing_with_a_Dishonest_Majority","signals":["The public page displayed 18 citations for the SCN paper.","Later proactive-secret-sharing work explicitly treats this construction as the static dishonest-majority baseline."],"limitation":"Citation counts vary by index and date and may merge or split the SCN paper and PODC brief differently."}},"paper_33":{"schema_version":"0.1","map_id":"paper-33-map","publication_id":33,"publication_anchor":"paper-33","slug":"paper-33","canonical_path":"/knowledge/papers/paper-33/","machine_path":"/knowledge/papers/paper-33.json","root_node_id":"paper-33","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"Lightweight Swarm Attestation: A Tale of Two LISA-s","year":2017,"status":"Published","venue":"ACM Asia Conference on Computer and Communications Security (AsiaCCS)","topic":"secure-systems-networks","labels":["Applied","System","Implementation"],"authors":["Xavier Carpent","Karim Eldefrawy","Norrathep Rattanavipanon","Gene Tsudik"],"keywords":["swarm attestation","remote attestation","Internet of Things","embedded systems","mobile swarms","Quality of Swarm Attestation"],"research_question":"How can a verifier attest a connected, possibly mobile swarm of low-end devices and choose how much per-device or topology information to receive, without imposing the cost of independent single-device attestation on every prover?","central_answer":"The paper defines Quality of Swarm Attestation (QoSA) and constructs two SMART+-based protocols: asynchronous LISA-alpha forwards individual authenticated reports for list-level detail, while synchronous LISA-s aggregates authenticated descendant reports along a temporary spanning tree and can expose binary through full topology-aware QoSA. Their assurance and efficiency claims are bounded by quasi-static connectivity, an honest verifier, protected attestation code and state, and the exclusion of physical compromise and lower-layer denial of service.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, technical claim mapping, and initial assessment"}],"method":"Source-grounded review of the complete 15-page author-hosted AsiaCCS paper, including visual inspection of the title/abstract page and technical pages. Protocol specifications, assumptions, informal arguments, and emulation results are separated so that construction claims are not confused with formal proof or independent reproduction.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author audit. Protocol interpretations, experimental readings, and ratings remain provisional until author approval."}},"sources":[{"id":"source-paper-33-author-pdf","type":"author_hosted_copy","title":"Lightweight Swarm Attestation: A Tale of Two LISA-s","url":"/pubs/2017/lisa-asiaccs2017.pdf","provenance_category":"author","retrieved_from":"https://sprout.ics.uci.edu/projects/attestation/papers/lisa.pdf","media_type":"application/pdf","sha256":"ace6f97b7992868e74175ae572ea03aa9652e0213f5d63b55997922c73e38ad3","page_count":15},{"id":"source-paper-33-official","type":"official_publication_record","title":"ACM AsiaCCS 2017 publication record","url":"https://doi.org/10.1145/3052973.3053010","provenance_category":"official"},{"id":"source-paper-33-openalex","type":"citation_index_snapshot","title":"OpenAlex record W2602856088","url":"https://openalex.org/W2602856088","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-33-problem-contributions","source_id":"source-paper-33-author-pdf","label":"Motivation, QoSA contribution, and two-protocol overview","locator":"Abstract and Sections 1.2-1.3, PDF pages 1-3","url":"/pubs/2017/lisa-asiaccs2017.pdf#page=1"},{"id":"anchor-paper-33-model","source_id":"source-paper-33-author-pdf","label":"Swarm, connectivity, adversary, and verifier model","locator":"Sections 2.1, 2.2, and 2.7, PDF pages 3-5","url":"/pubs/2017/lisa-asiaccs2017.pdf#page=3"},{"id":"anchor-paper-33-smart-plus","source_id":"source-paper-33-author-pdf","label":"SMART+ hybrid attestation basis and memory-access rules","locator":"Section 2.3 and Figure 1, PDF pages 3-4","url":"/pubs/2017/lisa-asiaccs2017.pdf#page=3"},{"id":"anchor-paper-33-qosa","source_id":"source-paper-33-author-pdf","label":"Binary, list, intermediate, and full Quality of Swarm Attestation","locator":"Section 2.4, PDF pages 4-5","url":"/pubs/2017/lisa-asiaccs2017.pdf#page=4"},{"id":"anchor-paper-33-lisa-alpha","source_id":"source-paper-33-author-pdf","label":"LISA-alpha protocol, state machines, QoSA, and complexity","locator":"Section 3.1 and Algorithms 1-2, PDF pages 5-8","url":"/pubs/2017/lisa-asiaccs2017.pdf#page=5"},{"id":"anchor-paper-33-lisa-s","source_id":"source-paper-33-author-pdf","label":"LISA-s aggregation protocol, state machines, QoSA, and complexity","locator":"Section 3.2 and Algorithms 3-4, PDF pages 8-10","url":"/pubs/2017/lisa-asiaccs2017.pdf#page=8"},{"id":"anchor-paper-33-security","source_id":"source-paper-33-author-pdf","label":"Attack vectors and informal security analysis","locator":"Section 4, PDF pages 10-11","url":"/pubs/2017/lisa-asiaccs2017.pdf#page=10"},{"id":"anchor-paper-33-experiments","source_id":"source-paper-33-author-pdf","label":"CORE implementation, experimental setup, metrics, and results","locator":"Section 5 and Figure 4, PDF pages 11-12","url":"/pubs/2017/lisa-asiaccs2017.pdf#page=11"},{"id":"anchor-paper-33-keying","source_id":"source-paper-33-author-pdf","label":"Cryptographic choices and physical-compromise tradeoffs","locator":"Section 6, PDF pages 12-13","url":"/pubs/2017/lisa-asiaccs2017.pdf#page=12"},{"id":"anchor-paper-33-conclusion","source_id":"source-paper-33-author-pdf","label":"Conclusions and future work","locator":"Section 8, PDF page 13","url":"/pubs/2017/lisa-asiaccs2017.pdf#page=13"},{"id":"anchor-paper-33-publication","source_id":"source-paper-33-official","label":"Official AsiaCCS publication identity","locator":"AsiaCCS 2017, pages 86-100, DOI 10.1145/3052973.3053010","url":"https://doi.org/10.1145/3052973.3053010"},{"id":"anchor-paper-33-citations","source_id":"source-paper-33-openalex","label":"Dated citation-count snapshot","locator":"OpenAlex reported 75 citing works when accessed 2026-07-11","url":"https://openalex.org/W2602856088"}],"nodes":[{"id":"paper-33","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Lightweight Swarm Attestation: A Tale of Two LISA-s","summary":"A protocol-and-systems paper that defines an information-quality vocabulary for swarm attestation, specifies two lightweight collective-attestation protocols, informally analyzes attacks, and evaluates Python implementations in an emulated mobile network.","source_anchor_ids":["anchor-paper-33-problem-contributions"]},{"id":"paper-33-question","kind":"question","parent_id":"paper-33","order":1,"epistemic_status":"research_question","title":"Research question","summary":"How can a verifier collectively assess a low-end device swarm while controlling the granularity of the returned integrity information and the communication, computation, and trusted-state cost?","source_anchor_ids":["anchor-paper-33-problem-contributions"]},{"id":"paper-33-answer","kind":"contribution","parent_id":"paper-33","order":2,"epistemic_status":"source_asserted","title":"QoSA plus two protocol points","summary":"QoSA separates what a verifier learns from how attestation is performed; LISA-alpha prioritizes minimal changes and individual reports, whereas LISA-s adds protected state and authenticated aggregation to reduce communication and support richer aggregate outcomes.","source_anchor_ids":["anchor-paper-33-qosa","anchor-paper-33-lisa-alpha","anchor-paper-33-lisa-s"]},{"id":"paper-33-model-scope","kind":"scope","parent_id":"paper-33","order":3,"epistemic_status":"explicitly_scoped","title":"Operating model","summary":"The swarm contains a known number n of low-end devices and an honest verifier. Its communication graph must remain connected and quasi-static during an attestation session; mobility is allowed only when it does not disrupt the protocol's message propagation.","source_anchor_ids":["anchor-paper-33-model"]},{"id":"paper-33-model-adversary","kind":"threat_model","parent_id":"paper-33-model-scope","order":1,"epistemic_status":"defined","title":"Remote and local adversary","summary":"The adversary may alter unprotected software and state and fully control communication by eavesdropping, injection, deletion, delay, or modification. Physical non-intrusive and intrusive attacks are expressly outside the security model.","source_anchor_ids":["anchor-paper-33-model","anchor-paper-33-security"]},{"id":"paper-33-model-root","kind":"assumption","parent_id":"paper-33-model-scope","order":2,"epistemic_status":"assumed","title":"SMART+ root-of-trust assumptions","summary":"Each prover supplies immutable attestation code, protected keys and variables, controlled entry/exit, interrupt handling, and memory-protection rules sufficient to keep malware from invoking the key outside AttCode or modifying protected protocol state.","source_anchor_ids":["anchor-paper-33-smart-plus"]},{"id":"paper-33-model-timing","kind":"assumption","parent_id":"paper-33-model-scope","order":3,"epistemic_status":"assumed","title":"Timing and state assumptions","summary":"The verifier selects a swarm-size-dependent overall timeout, knows every device identity and expected measurement, and assumes only static or predictably changing attested memory; dynamic runtime integrity is not established.","source_anchor_ids":["anchor-paper-33-model","anchor-paper-33-lisa-alpha"]},{"id":"paper-33-qosa","kind":"definition","parent_id":"paper-33","order":4,"epistemic_status":"defined","title":"Quality of Swarm Attestation","summary":"QoSA describes the information returned to the verifier: B-QoSA is a swarm-wide bit, L-QoSA identifies successfully attested devices, I-QoSA supplies an intermediate statistic such as a count, and F-QoSA also exposes connectivity or topology.","source_anchor_ids":["anchor-paper-33-qosa"]},{"id":"paper-33-methods","kind":"method","parent_id":"paper-33","order":5,"epistemic_status":"specified","title":"Collective-attestation construction","summary":"Both protocols flood an authenticated fresh request, derive a parent relation, invoke protected single-device attestation, and route authenticated results back toward the verifier; they differ in whether devices merely forward reports or verify and aggregate them.","source_anchor_ids":["anchor-paper-33-lisa-alpha","anchor-paper-33-lisa-s"]},{"id":"paper-33-lisa-alpha","kind":"protocol","parent_id":"paper-33-methods","order":1,"epistemic_status":"specified","title":"LISA-alpha asynchronous forwarding","summary":"A device authenticates a fresh request, records the sender as its parent, rebroadcasts the request, measures its memory, and sends an authenticated individual report upward. Intermediate devices forward current-session reports without authenticating them.","source_anchor_ids":["anchor-paper-33-lisa-alpha"]},{"id":"paper-33-lisa-alpha-output","kind":"output","parent_id":"paper-33-lisa-alpha","order":1,"epistemic_status":"specified","title":"List-level outcome and optional topology","summary":"The verifier partitions known identifiers into attested, failed, and no-report sets, giving L-QoSA. Parent fields can expose topology only after extra authentication; the basic parent value is not trustworthy enough for reliable F-QoSA.","source_anchor_ids":["anchor-paper-33-lisa-alpha"]},{"id":"paper-33-lisa-s","kind":"protocol","parent_id":"paper-33-methods","order":2,"epistemic_status":"specified","title":"LISA-s synchronous aggregation","summary":"Devices establish children during a bounded request phase, attest locally, authenticate child reports, aggregate descendant identifiers or results, and send one authenticated report to the parent. Verification before aggregation suppresses forged-report propagation.","source_anchor_ids":["anchor-paper-33-lisa-s"]},{"id":"paper-33-lisa-s-output","kind":"output","parent_id":"paper-33-lisa-s","order":1,"epistemic_status":"specified","title":"Configurable aggregate QoSA","summary":"Changing what each aggregate carries supports outcomes from B-QoSA through lists, counts, and a recursively encoded descendant tree for F-QoSA, trading information granularity against payload size and protected state.","source_anchor_ids":["anchor-paper-33-qosa","anchor-paper-33-lisa-s"]},{"id":"paper-33-claims","kind":"claim_group","parent_id":"paper-33","order":6,"epistemic_status":"source_asserted","title":"Main claims","summary":"The source argues protocol-level authenticity and freshness under its root-of-trust and MAC assumptions and reports distinct resource tradeoffs; these are not claims of physical security, lower-layer availability, or fully formal verification.","source_anchor_ids":["anchor-paper-33-security","anchor-paper-33-experiments"]},{"id":"paper-33-claim-security","kind":"claim","parent_id":"paper-33-claims","order":1,"epistemic_status":"informally_analyzed","title":"Resistance to report and request forgery","summary":"Accepted forged reports or requests would require MAC forgery, disclosure of protected key K, or modification of protected state; the analysis relies on SMART+ isolation, freshness counters, and a secure MAC rather than a game-based proof.","source_anchor_ids":["anchor-paper-33-security"]},{"id":"paper-33-claim-connectivity","kind":"claim","parent_id":"paper-33-claims","order":2,"epistemic_status":"conditional_claim","title":"Best effort under connectivity change","summary":"If quasi-static connectivity fails, healthy devices may be omitted and produce a false-negative or no-report outcome, but the paper states that affected devices are not positively attested merely because links change.","source_anchor_ids":["anchor-paper-33-model"]},{"id":"paper-33-claim-cost","kind":"claim","parent_id":"paper-33-claims","order":3,"epistemic_status":"analyzed_and_measured","title":"Communication-computation tradeoff","summary":"LISA-alpha imposes little extra attestation logic but can forward n reports per device in the worst case; LISA-s adds report verification, timing, child state, and aggregation while reducing transmitted reports and payload growth.","source_anchor_ids":["anchor-paper-33-lisa-alpha","anchor-paper-33-lisa-s","anchor-paper-33-experiments"]},{"id":"paper-33-evidence","kind":"evidence_group","parent_id":"paper-33","order":7,"epistemic_status":"mixed_analytical_and_empirical","title":"Evidence","summary":"Evidence consists of executable pseudocode and state machines, an informal attack-by-attack security analysis, asymptotic complexity discussion, and experiments with Python implementations in the CORE network emulator.","source_anchor_ids":["anchor-paper-33-lisa-alpha","anchor-paper-33-lisa-s","anchor-paper-33-security","anchor-paper-33-experiments"]},{"id":"paper-33-evidence-security","kind":"evidence","parent_id":"paper-33-evidence","order":1,"epistemic_status":"informal_argument","title":"Security-analysis coverage","summary":"The analysis considers report forgery, request forgery, attestation-layer denial of service, and lower-layer denial of service separately for both protocols, tracing accepted forgeries to cryptographic or protected-state failures.","source_anchor_ids":["anchor-paper-33-security"]},{"id":"paper-33-evidence-experiment","kind":"evidence","parent_id":"paper-33-evidence","order":2,"epistemic_status":"reported_experiment","title":"CORE emulation study","summary":"Random connected topologies in a 1,500 by 800 area use a 200-unit link threshold, 802.11, OLSR, and cryptographic delays derived from a laptop and Raspberry Pi 2. Each plotted point averages 30 generated scenarios while varying swarm and attested-memory size.","source_anchor_ids":["anchor-paper-33-experiments"]},{"id":"paper-33-evidence-results","kind":"evidence","parent_id":"paper-33-evidence","order":3,"epistemic_status":"reported_measurement","title":"Reported performance pattern","summary":"Average device CPU time is similar because memory hashing dominates, whereas LISA-alpha bandwidth is higher; at 40 nodes the reported payload difference reaches about threefold, and bandwidth grows roughly linearly with swarm size.","source_anchor_ids":["anchor-paper-33-experiments"]},{"id":"paper-33-boundaries","kind":"limitation_group","parent_id":"paper-33","order":8,"epistemic_status":"material","title":"Limitations and exclusions","summary":"The results are conditional on protected SMART+ execution, an honest verifier, known membership, suitable timeouts, quasi-static connected topology, static-memory measurement, and absence of physical compromise; the experiments are emulations rather than a deployed hardware swarm.","source_anchor_ids":["anchor-paper-33-model","anchor-paper-33-smart-plus","anchor-paper-33-experiments","anchor-paper-33-keying"]},{"id":"paper-33-boundary-physical","kind":"limitation","parent_id":"paper-33-boundaries","order":1,"epistemic_status":"explicitly_out_of_scope","title":"Shared-key physical-compromise boundary","summary":"With one swarm-wide master key, physical compromise of one device exposes the key and permits impersonation of devices and verifier. Per-device symmetric keys or public-key designs reduce that blast radius but change computation, bandwidth, and neighbor-authentication costs.","source_anchor_ids":["anchor-paper-33-keying"]},{"id":"paper-33-boundary-dos","kind":"limitation","parent_id":"paper-33-boundaries","order":2,"epistemic_status":"explicitly_out_of_scope","title":"Availability boundary","summary":"Radio jamming, packet dropping, and other network-, link-, or physical-layer denial of service are not prevented; protocol timeouts bound waiting but cannot distinguish every adversarial omission from natural loss or mobility.","source_anchor_ids":["anchor-paper-33-security"]},{"id":"paper-33-artifacts","kind":"artifact_group","parent_id":"paper-33","order":9,"epistemic_status":"paper_described","title":"Artifacts and reproducibility","summary":"The paper reports Python implementations and the open-source CORE emulator, but this map located no archived code, scenario bundle, measurement data, or executable reproduction package tied to the publication.","source_anchor_ids":["anchor-paper-33-experiments"]},{"id":"paper-33-scrutiny","kind":"scrutiny","parent_id":"paper-33","order":10,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The work appeared at ACM AsiaCCS. The public record establishes venue scrutiny, while review reports, rebuttal, independent protocol verification, replication, and correction history are not represented here.","source_anchor_ids":["anchor-paper-33-publication"]},{"id":"paper-33-future","kind":"lineage","parent_id":"paper-33","order":11,"epistemic_status":"author_identified_future_work","title":"Open development path","summary":"The conclusion identifies formal security proofs and implementation and evaluation on a real device swarm as future work, marking the boundary between the paper's informal/emulated evidence and stronger validation.","source_anchor_ids":["anchor-paper-33-conclusion"]}],"relations":[{"id":"paper-33-relation-answer-question","type":"addresses","from_id":"paper-33-answer","to_id":"paper-33-question"},{"id":"paper-33-relation-qosa-answer","type":"defines","from_id":"paper-33-qosa","to_id":"paper-33-answer"},{"id":"paper-33-relation-alpha-method","type":"component_of","from_id":"paper-33-lisa-alpha","to_id":"paper-33-methods"},{"id":"paper-33-relation-alpha-output","type":"produces","from_id":"paper-33-lisa-alpha","to_id":"paper-33-lisa-alpha-output"},{"id":"paper-33-relation-s-method","type":"component_of","from_id":"paper-33-lisa-s","to_id":"paper-33-methods"},{"id":"paper-33-relation-s-output","type":"produces","from_id":"paper-33-lisa-s","to_id":"paper-33-lisa-s-output"},{"id":"paper-33-relation-security-claim","type":"supports","from_id":"paper-33-evidence-security","to_id":"paper-33-claim-security"},{"id":"paper-33-relation-experiment-cost","type":"supports","from_id":"paper-33-evidence-experiment","to_id":"paper-33-claim-cost"},{"id":"paper-33-relation-results-cost","type":"supports","from_id":"paper-33-evidence-results","to_id":"paper-33-claim-cost"},{"id":"paper-33-relation-model-security","type":"qualifies","from_id":"paper-33-model-scope","to_id":"paper-33-claim-security"},{"id":"paper-33-relation-physical-security","type":"limits","from_id":"paper-33-boundary-physical","to_id":"paper-33-claim-security"},{"id":"paper-33-relation-dos-security","type":"limits","from_id":"paper-33-boundary-dos","to_id":"paper-33-claim-security"},{"id":"paper-33-relation-future-evidence","type":"contextualizes","from_id":"paper-33-future","to_id":"paper-33-evidence"}],"assessment":{"id":"paper-33-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The complete paper specifies two protocols, their state machines and assumptions, provides an attack-structured security analysis, and reports a 30-scenario-per-point emulation study. This is substantial mixed analytical and empirical support, although the security reasoning is informal and no independent reproduction was located.","basis_source_anchor_ids":["anchor-paper-33-lisa-alpha","anchor-paper-33-lisa-s","anchor-paper-33-security","anchor-paper-33-experiments"]},{"id":"auditability","level":"high","rationale":"A checked-in author-hosted full paper with recorded SHA-256 and page count, plus the official DOI and precise section/page anchors, makes the represented claims and assumptions directly inspectable. Code and raw experimental data were not located.","basis_source_anchor_ids":["anchor-paper-33-problem-contributions","anchor-paper-33-publication","anchor-paper-33-experiments"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, affiliations, venue, date, DOI, funding acknowledgments, and an author-hosted manuscript are documented. Contributor roles, revision history, tool use, and artifact-version lineage have not been audited.","basis_source_anchor_ids":["anchor-paper-33-problem-contributions","anchor-paper-33-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"AsiaCCS publication establishes external venue review, but review reports, rebuttal, independent formal verification, reproduction, and correction history are not represented in the audited sources.","basis_source_anchor_ids":["anchor-paper-33-publication"]},{"id":"reception","level":"high","rationale":"OpenAlex reported 75 citations on 2026-07-11. Under the author-defined corpus rule, more than 10 located citations is High. The count is index- and date-dependent and is not evidence of correctness by itself.","basis_source_anchor_ids":["anchor-paper-33-citations"]},{"id":"contribution_significance","level":"high","rationale":"The paper introduces an explicit vocabulary for swarm-attestation information quality and two contrasting protocol designs, and the dated citation record shows substantial follow-on attention. Priority and real-world adoption have not been independently established.","basis_source_anchor_ids":["anchor-paper-33-problem-contributions","anchor-paper-33-qosa","anchor-paper-33-citations"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI lookup","citation_count":75,"source_url":"https://openalex.org/W2602856088","signals":["OpenAlex reported 75 works citing this AsiaCCS paper.","Later literature continues to use LISA and QoSA as comparison points for swarm-attestation protocols."],"limitation":"Citation counts vary by index and date, may include self-citations, and do not establish technical correctness, deployment, or independent reproduction."}},"paper_34":{"schema_version":"0.1","map_id":"paper-34-map","publication_id":34,"publication_anchor":"paper-34","slug":"paper-34","canonical_path":"/knowledge/papers/paper-34/","machine_path":"/knowledge/papers/paper-34.json","root_node_id":"paper-34","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"Proactively Secure Cloud-Enabled Storage","year":2017,"status":"Published","venue":"37th IEEE International Conference on Distributed Computing Systems (ICDCS)","topic":"secure-systems-networks","labels":["Theory","Applied","System","Implementation"],"authors":["Karim Eldefrawy","Sky Faber","Tyler Kaczmarek"],"keywords":["proactive secret sharing","cloud storage","mobile adversary","share refresh","secure reboot","Amazon EC2"],"research_question":"Can proactive secret sharing, previously used mainly for small cryptographic secrets, be engineered into a practical cloud-storage system for megabyte-scale files and tens of servers while preserving long-term confidentiality against a mobile compromise adversary?","central_answer":"PiSCES packs file data into secret shares, distributes them across virtual servers, and periodically reboots servers, recovers and rerandomizes shares, replaces keys, and disassociates old storage. A prototype on Amazon EC2 explores security, file, concurrency, field-size, and refresh parameters and reports that carefully chosen configurations make proactive storage of larger data operationally and economically feasible under a passive mobile-adversary model and substantial cloud/hypervisor assumptions.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, systems-and-security claim mapping, and initial assessment"}],"method":"Source-grounded review of the complete author-uploaded full text exposed through the recorded ResearchGate route, cross-checked against the IEEE DOI record. The accessible source was read section by section, but a directly downloadable local PDF and immutable file hash were not obtained; section anchors therefore identify content rather than local page images.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author audit. Security-model readings, system assumptions, measurements, and ratings should be checked by an author before approval."}},"sources":[{"id":"source-paper-34-author-full-text","type":"author_hosted_copy","title":"Proactively Secure Cloud-Enabled Storage","url":"https://www.researchgate.net/publication/315452578_Proactively_Secure_Cloud-Enabled_Storage","provenance_category":"author","media_type":"application/pdf","availability_note":"Author-uploaded full text is publicly exposed through the landing page; no stable direct-PDF URL or local fixity was obtained in this audit."},{"id":"source-paper-34-official","type":"official_publication_record","title":"IEEE ICDCS 2017 publication record","url":"https://doi.org/10.1109/ICDCS.2017.293","provenance_category":"official"},{"id":"source-paper-34-openalex","type":"citation_index_snapshot","title":"OpenAlex record W2734832021","url":"https://openalex.org/W2734832021","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-34-problem","source_id":"source-paper-34-author-full-text","label":"Problem, contribution, and deployment scenarios","locator":"Abstract and Section I, including Contributions and Envisioned Use Cases","url":"https://www.researchgate.net/publication/315452578_Proactively_Secure_Cloud-Enabled_Storage"},{"id":"anchor-paper-34-adversary","source_id":"source-paper-34-author-full-text","label":"Passive mobile-adversary model","locator":"Section III-A, Adversary Model","url":"https://www.researchgate.net/publication/315452578_Proactively_Secure_Cloud-Enabled_Storage"},{"id":"anchor-paper-34-pss","source_id":"source-paper-34-author-full-text","label":"Packed proactive secret sharing and parameter constraints","locator":"Sections II and III-B-C, Cryptographic Building Blocks and Roadblocks","url":"https://www.researchgate.net/publication/315452578_Proactively_Secure_Cloud-Enabled_Storage"},{"id":"anchor-paper-34-design","source_id":"source-paper-34-author-full-text","label":"PiSCES components and five-stage server lifecycle","locator":"Section IV and Figure 4, System Design","url":"https://www.researchgate.net/publication/315452578_Proactively_Secure_Cloud-Enabled_Storage"},{"id":"anchor-paper-34-reboot","source_id":"source-paper-34-author-full-text","label":"Secure reboot, key replacement, restart schedule, and disassociation","locator":"Section IV-A, Cloud Provider and Hypervisor","url":"https://www.researchgate.net/publication/315452578_Proactively_Secure_Cloud-Enabled_Storage"},{"id":"anchor-paper-34-network-storage","source_id":"source-paper-34-author-full-text","label":"Broadcast, timing, network, and share-storage assumptions","locator":"Sections IV-B-C, Secure Broadcast and Share Storage Hosts","url":"https://www.researchgate.net/publication/315452578_Proactively_Secure_Cloud-Enabled_Storage"},{"id":"anchor-paper-34-security","source_id":"source-paper-34-author-full-text","label":"System security analysis and hypervisor boundary","locator":"Section V, Security Analysis","url":"https://www.researchgate.net/publication/315452578_Proactively_Secure_Cloud-Enabled_Storage"},{"id":"anchor-paper-34-implementation","source_id":"source-paper-34-author-full-text","label":"Prototype architecture and host control flow","locator":"Section VI, Implementation","url":"https://www.researchgate.net/publication/315452578_Proactively_Secure_Cloud-Enabled_Storage"},{"id":"anchor-paper-34-evaluation","source_id":"source-paper-34-author-full-text","label":"EC2 testbed, varied parameters, performance, and cost","locator":"Sections VI-VII, Testing Parameters, Testbed Setup, and Results","url":"https://www.researchgate.net/publication/315452578_Proactively_Secure_Cloud-Enabled_Storage"},{"id":"anchor-paper-34-lessons","source_id":"source-paper-34-author-full-text","label":"Lessons learned, selected configuration, and conclusions","locator":"Sections VIII-IX","url":"https://www.researchgate.net/publication/315452578_Proactively_Secure_Cloud-Enabled_Storage"},{"id":"anchor-paper-34-publication","source_id":"source-paper-34-official","label":"Official ICDCS publication identity","locator":"ICDCS 2017, pages 1499-1509, DOI 10.1109/ICDCS.2017.293","url":"https://doi.org/10.1109/ICDCS.2017.293"},{"id":"anchor-paper-34-citations","source_id":"source-paper-34-openalex","label":"Dated citation-count snapshot","locator":"OpenAlex reported 0 citing works when accessed 2026-07-11","url":"https://openalex.org/W2734832021"}],"nodes":[{"id":"paper-34","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Proactively Secure Cloud-Enabled Storage","summary":"A theory-to-system feasibility study that turns packed proactive secret sharing into PiSCES, a cloud file-storage prototype whose shares, servers, and keys are periodically refreshed to limit what a mobile attacker can accumulate over time.","source_anchor_ids":["anchor-paper-34-problem"]},{"id":"paper-34-question","kind":"question","parent_id":"paper-34","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can proactive security be scaled from small keys and fewer than ten parties to larger files and tens of commodity cloud servers at tolerable refresh time and monetary cost?","source_anchor_ids":["anchor-paper-34-problem","anchor-paper-34-pss"]},{"id":"paper-34-answer","kind":"contribution","parent_id":"paper-34","order":2,"epistemic_status":"source_asserted","title":"PiSCES feasibility result","summary":"The paper designs and prototypes a proactively secure storage service parameterized by an underlying PSS scheme and reports that packed shares, constant-amortized refresh, reboot orchestration, and deployment-specific tuning make larger-file operation feasible.","source_anchor_ids":["anchor-paper-34-problem","anchor-paper-34-design","anchor-paper-34-lessons"]},{"id":"paper-34-scope","kind":"scope","parent_id":"paper-34","order":3,"epistemic_status":"explicitly_scoped","title":"Confidentiality-focused proactive model","summary":"Time is divided into rounds. Between rounds, old shares are rerandomized and removed so compromises collected in different periods cannot be combined; the represented goal is long-term data confidentiality rather than a general cloud integrity or availability service.","source_anchor_ids":["anchor-paper-34-problem","anchor-paper-34-adversary"]},{"id":"paper-34-threat","kind":"threat_model","parent_id":"paper-34-scope","order":1,"epistemic_status":"defined","title":"Passive mobile compromise adversary","summary":"The honest-but-curious outside adversary may compromise different servers over time and eventually visit all of them, but fewer than one third in any round. It cannot globally monitor traffic, delay traffic it did not send, create servers, corrupt multiple hypervisors, break the Internet, or orchestrate system-wide denial of service.","source_anchor_ids":["anchor-paper-34-adversary"]},{"id":"paper-34-assumption-pss","kind":"assumption","parent_id":"paper-34-scope","order":2,"epistemic_status":"inherited_security_assumption","title":"Underlying packed PSS guarantee","summary":"The implementation instantiates a perfectly secure packed PSS scheme with constant amortized communication per share. Its privacy and robustness parameter constraints include l + t at most d and 3t + l less than n.","source_anchor_ids":["anchor-paper-34-pss"]},{"id":"paper-34-assumption-platform","kind":"assumption","parent_id":"paper-34-scope","order":3,"epistemic_status":"assumed","title":"Trusted lifecycle mechanisms","summary":"Security relies on read-only pristine images, authenticated fresh keys, controlled VM creation, scheduled reboot, bounded network delay, and secure disassociation that prevents a restarted VM from accessing storage and RAM associated with earlier rounds.","source_anchor_ids":["anchor-paper-34-reboot","anchor-paper-34-network-storage"]},{"id":"paper-34-design","kind":"system","parent_id":"paper-34","order":4,"epistemic_status":"specified_and_implemented","title":"PiSCES architecture","summary":"A client shares files among n storage hosts; hosts keep inactive shares in secondary storage, periodically load batches into memory, execute recovery and refresh, and write new shares back. The client may disconnect between upload and reconstruction.","source_anchor_ids":["anchor-paper-34-design","anchor-paper-34-network-storage"]},{"id":"paper-34-design-deployments","kind":"method","parent_id":"paper-34-design","order":1,"epistemic_status":"proposed","title":"Three deployment patterns","summary":"The design covers a single cloud provider, multiple providers, and a hybrid of local enterprise infrastructure with remote providers. Only the single-provider arrangement is the reported prototype deployment.","source_anchor_ids":["anchor-paper-34-problem","anchor-paper-34-evaluation"]},{"id":"paper-34-protocol-lifecycle","kind":"protocol","parent_id":"paper-34-design","order":2,"epistemic_status":"specified","title":"Proactive server lifecycle","summary":"The hypervisor creates hosts from a read-only image, allocates shares, shuts down and reclaims resources, initializes a replacement with fresh authenticated keys, and lets peers recover and rerandomize its shares according to a predetermined rotation schedule.","source_anchor_ids":["anchor-paper-34-design","anchor-paper-34-reboot"]},{"id":"paper-34-protocol-keying","kind":"protocol","parent_id":"paper-34-design","order":3,"epistemic_status":"specified_with_alternatives","title":"Epoch key secrecy","summary":"The prototype assumes TPM-backed or hypervisor-installed fresh keying material so a key learned in period i cannot forge or decrypt period-j traffic. The paper also discusses pre-uploaded signed key pairs as a way to reduce hypervisor computation.","source_anchor_ids":["anchor-paper-34-pss","anchor-paper-34-reboot"]},{"id":"paper-34-claims","kind":"claim_group","parent_id":"paper-34","order":5,"epistemic_status":"source_asserted","title":"Main claims","summary":"The paper combines inherited PSS confidentiality with systems assumptions and empirical feasibility evidence. The cryptographic, architectural, and measured claims have different support and should not be collapsed into one guarantee.","source_anchor_ids":["anchor-paper-34-security","anchor-paper-34-evaluation"]},{"id":"paper-34-claim-confidentiality","kind":"claim","parent_id":"paper-34-claims","order":1,"epistemic_status":"conditional_on_model","title":"Long-term confidentiality against mobile compromise","summary":"If fewer than the tolerated servers are exposed within any refresh period and old state, keys, and adversarial presence are removed at the boundary, observations from different periods do not combine to reveal the protected file.","source_anchor_ids":["anchor-paper-34-adversary","anchor-paper-34-pss","anchor-paper-34-security"]},{"id":"paper-34-claim-scale","kind":"claim","parent_id":"paper-34-claims","order":2,"epistemic_status":"implemented_and_measured","title":"Larger-file and tens-of-host feasibility","summary":"The prototype exercises files beyond cryptographic-key sizes and configurations up to 30 servers, including a t = 9 threshold point, showing that the selected PSS can operate at a scale not previously exercised by the cited PSS implementations.","source_anchor_ids":["anchor-paper-34-pss","anchor-paper-34-evaluation"]},{"id":"paper-34-claim-cost","kind":"claim","parent_id":"paper-34-claims","order":3,"epistemic_status":"reported_measurement","title":"Deployment-specific cost feasibility","summary":"The lessons-learned section reports, for one tuned configuration, storage of a 10-kilobyte object at approximately 0.08 cents per kilobyte per refresh; it does not claim that this price generalizes across clouds, dates, objects, or assurance settings.","source_anchor_ids":["anchor-paper-34-lessons"]},{"id":"paper-34-evidence","kind":"evidence_group","parent_id":"paper-34","order":6,"epistemic_status":"mixed_analytical_and_empirical","title":"Evidence","summary":"Evidence includes the inherited packed-PSS conditions, an architectural security analysis, an implemented multi-host prototype, an automated EC2 benchmarking driver, and parameter sweeps over security, file, restart, packing, threading, and field-size choices.","source_anchor_ids":["anchor-paper-34-pss","anchor-paper-34-security","anchor-paper-34-implementation","anchor-paper-34-evaluation"]},{"id":"paper-34-evidence-testbed","kind":"evidence","parent_id":"paper-34-evidence","order":1,"epistemic_status":"reported_experiment","title":"Amazon EC2 testbed","summary":"The experiments use dedicated EC2 Small, Medium, and Large instances and an outside driver that creates deployments and initiates measurements. Dedicated hosts reduce interference but differ from the lower-priced instances anticipated for practical operation.","source_anchor_ids":["anchor-paper-34-evaluation"]},{"id":"paper-34-evidence-parameters","kind":"evidence","parent_id":"paper-34-evidence","order":2,"epistemic_status":"systematic_parameter_study","title":"Parameter exploration","summary":"The study varies n, tolerated corruptions t, file size s, simultaneous restarts r, packing l, concurrent refreshed shares b, and field size g. It identifies t and refresh interval as especially consequential and reports n = 21, t = 4, l = 6, r = 3, g = 1024 as its best tested selection.","source_anchor_ids":["anchor-paper-34-evaluation","anchor-paper-34-lessons"]},{"id":"paper-34-evidence-security","kind":"evidence","parent_id":"paper-34-evidence","order":3,"epistemic_status":"architectural_argument","title":"Security analysis boundary","summary":"The paper reasons about hypervisor compromise, secure broadcast, reboot authentication, and stale-state isolation, but the represented source does not supply a composable end-to-end proof that the concrete cloud implementation realizes the ideal PSS model.","source_anchor_ids":["anchor-paper-34-security"]},{"id":"paper-34-boundaries","kind":"limitation_group","parent_id":"paper-34","order":7,"epistemic_status":"material","title":"Limitations and operational assumptions","summary":"PiSCES trades long-term confidentiality for periodic computation, many hosts, synchronized recovery windows, key and image trust, and provider-dependent state isolation. Parameter selection is non-obvious, and more hosts can improve threshold efficiency while increasing fleet complexity and idle cost.","source_anchor_ids":["anchor-paper-34-reboot","anchor-paper-34-network-storage","anchor-paper-34-lessons"]},{"id":"paper-34-boundary-passive","kind":"limitation","parent_id":"paper-34-boundaries","order":1,"epistemic_status":"explicitly_out_of_scope","title":"Passive-adversary and availability boundary","summary":"The core evaluation does not establish Byzantine robustness against arbitrary active deviations, multi-hypervisor compromise, global traffic observation, Internet failure, or denial of service. Manual recovery may be required after some assumed-away platform failures.","source_anchor_ids":["anchor-paper-34-adversary","anchor-paper-34-security"]},{"id":"paper-34-boundary-deletion","kind":"limitation","parent_id":"paper-34-boundaries","order":2,"epistemic_status":"weakened_requirement","title":"Disassociation is not assured deletion","summary":"Because commercial clouds did not provide guaranteed erasure, the design substitutes probabilistic or architectural disassociation: a new VM must not regain physical access to the prior round's RAM or disk. This is a key assumption, not a measured deletion guarantee.","source_anchor_ids":["anchor-paper-34-network-storage"]},{"id":"paper-34-artifacts","kind":"artifact_group","parent_id":"paper-34","order":8,"epistemic_status":"paper_described","title":"Artifacts and reproducibility","summary":"The paper describes an implementation and automated AWS benchmark, but this audit located no public code repository, deployment scripts, raw measurements, machine images, or preserved cloud-price snapshot associated with the publication.","source_anchor_ids":["anchor-paper-34-implementation","anchor-paper-34-evaluation"]},{"id":"paper-34-scrutiny","kind":"scrutiny","parent_id":"paper-34","order":9,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The paper appeared at IEEE ICDCS. The official record establishes venue review, but public reports, rebuttal, independent deployment, reproduction, and correction history were not located in this audit.","source_anchor_ids":["anchor-paper-34-publication"]}],"relations":[{"id":"paper-34-relation-answer-question","type":"addresses","from_id":"paper-34-answer","to_id":"paper-34-question"},{"id":"paper-34-relation-lifecycle-design","type":"component_of","from_id":"paper-34-protocol-lifecycle","to_id":"paper-34-design"},{"id":"paper-34-relation-keying-design","type":"component_of","from_id":"paper-34-protocol-keying","to_id":"paper-34-design"},{"id":"paper-34-relation-pss-confidentiality","type":"supports","from_id":"paper-34-assumption-pss","to_id":"paper-34-claim-confidentiality"},{"id":"paper-34-relation-platform-confidentiality","type":"qualifies","from_id":"paper-34-assumption-platform","to_id":"paper-34-claim-confidentiality"},{"id":"paper-34-relation-testbed-scale","type":"supports","from_id":"paper-34-evidence-testbed","to_id":"paper-34-claim-scale"},{"id":"paper-34-relation-parameters-scale","type":"supports","from_id":"paper-34-evidence-parameters","to_id":"paper-34-claim-scale"},{"id":"paper-34-relation-parameters-cost","type":"supports","from_id":"paper-34-evidence-parameters","to_id":"paper-34-claim-cost"},{"id":"paper-34-relation-passive-confidentiality","type":"limits","from_id":"paper-34-boundary-passive","to_id":"paper-34-claim-confidentiality"},{"id":"paper-34-relation-deletion-confidentiality","type":"limits","from_id":"paper-34-boundary-deletion","to_id":"paper-34-claim-confidentiality"},{"id":"paper-34-relation-security-evidence-claim","type":"qualifies","from_id":"paper-34-evidence-security","to_id":"paper-34-claim-confidentiality"}],"assessment":{"id":"paper-34-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The complete paper combines explicit PSS conditions, a concrete architecture and threat model, an implemented system, cloud experiments, and a multi-parameter performance and cost study. The concrete end-to-end security argument is architectural rather than machine-checked or independently reproduced.","basis_source_anchor_ids":["anchor-paper-34-pss","anchor-paper-34-security","anchor-paper-34-implementation","anchor-paper-34-evaluation"]},{"id":"auditability","level":"high","rationale":"A public author-uploaded full-text route and the official DOI make the paper's assumptions, design, and reported measurements inspectable, satisfying the author-defined High rule. A stable direct PDF, local hash, code, and raw data were not obtained.","basis_source_anchor_ids":["anchor-paper-34-problem","anchor-paper-34-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authors, affiliations, venue, date, DOI, and an author-uploaded manuscript are documented. Contributor roles, revision history, software versions, tool use, and experiment-artifact lineage were not audited.","basis_source_anchor_ids":["anchor-paper-34-problem","anchor-paper-34-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"ICDCS publication establishes external venue scrutiny, while review reports, rebuttal, independent cryptographic audit, reproduction, deployment, and correction history remain unrepresented.","basis_source_anchor_ids":["anchor-paper-34-publication"]},{"id":"reception","level":"low","rationale":"OpenAlex reported no citing works for this DOI on 2026-07-11. Under the author-defined corpus rule, 0 through 8 located citations is Low. Index coverage may be incomplete and the count is not a correctness judgment.","basis_source_anchor_ids":["anchor-paper-34-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The source presents the work as the first feasibility study of proactive security for larger cloud-stored files and supplies an implemented bridge from cryptographic protocol to cloud operation. Priority and downstream uptake were not independently established, and the audited citation index located no citing works.","basis_source_anchor_ids":["anchor-paper-34-problem","anchor-paper-34-lessons","anchor-paper-34-citations"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI lookup","citation_count":0,"source_url":"https://openalex.org/W2734832021","signals":[],"limitation":"OpenAlex reported zero citing works, but citation indexes can miss conference citations and author-name variants; the result is a dated lower-bound signal, not evidence that no citation exists anywhere."}},"paper_35":{"schema_version":"0.1","map_id":"paper-35-map","publication_id":35,"publication_anchor":"paper-35","slug":"paper-35","canonical_path":"/knowledge/papers/paper-35/","machine_path":"/knowledge/papers/paper-35.json","root_node_id":"paper-35","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["primitive","scheme"],"title":"Efficient, Reusable Fuzzy Extractors from LWE","year":2017,"status":"Published","venue":"International Symposium on Cyber Security Cryptography and Machine Learning (CSCML)","topic":"algorithms-foundations","labels":["Theory"],"authors":["Daniel Apon","Chongwon Cho","Karim Eldefrawy","Jonathan Katz"],"keywords":["fuzzy extractors","reusability","biometrics","learning with errors","random oracle","helper data"],"research_question":"How can a fuzzy extractor safely derive independent-looking keys from repeated, nearby biometric readings when an adversary sees multiple helper strings and may also learn keys from other enrollments?","central_answer":"The paper defines weak and strong reusability, breaks the independently parameterized LWE-based FMR fuzzy extractor after only two related enrollments, repairs it to weak reusability using a common public matrix, gives a random-oracle transform from weak to strong reusability, and constructs a direct strongly reusable LWE-based fuzzy extractor without random oracles.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text theorem extraction, proof-obligation mapping, and initial assessment"}],"method":"Source-grounded review of the complete 13-page author-hosted manuscript, including visual inspection of its title/abstract and construction pages. Definitions, attacks, schemes, theorem statements, proof sketches, assumptions, and model boundaries are represented separately; no claim of independent proof verification is made.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author audit. Formal interpretations, theorem dependencies, and ratings should be checked by an author before approval."}},"sources":[{"id":"source-paper-35-author-pdf","type":"author_hosted_copy","title":"Efficient, Reusable Fuzzy Extractors from LWE","url":"/pubs/2017/reusable-fuzzy-extractors-lwe-cscml2017.pdf","provenance_category":"author","retrieved_from":"https://www.cs.umd.edu/~jkatz/papers/reusable-FE.pdf","media_type":"application/pdf","sha256":"059717e10e85633b949c83e4a3e5021e901b4d86aca21521c92c364b980a7167","page_count":13},{"id":"source-paper-35-eprint","type":"public_archive_record","title":"IACR ePrint 2017/755","url":"https://eprint.iacr.org/2017/755","provenance_category":"archive"},{"id":"source-paper-35-official","type":"official_publication_record","title":"Springer CSCML publication record","url":"https://doi.org/10.1007/978-3-319-60080-2_1","provenance_category":"official"},{"id":"source-paper-35-openalex","type":"citation_index_snapshot","title":"OpenAlex record W2620841627","url":"https://openalex.org/W2620841627","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-35-problem-contributions","source_id":"source-paper-35-author-pdf","label":"Repeated-biometric problem and contribution sequence","locator":"Abstract and Sections 1-1.1, PDF pages 1-3","url":"/pubs/2017/reusable-fuzzy-extractors-lwe-cscml2017.pdf#page=1"},{"id":"anchor-paper-35-fe-definition","source_id":"source-paper-35-author-pdf","label":"Fuzzy-extractor correctness and indistinguishability security","locator":"Definition 1 and surrounding discussion, PDF pages 4-5","url":"/pubs/2017/reusable-fuzzy-extractors-lwe-cscml2017.pdf#page=4"},{"id":"anchor-paper-35-reuse-definitions","source_id":"source-paper-35-author-pdf","label":"Weak and strong reusability experiments","locator":"Definitions 2-3, PDF pages 5-6","url":"/pubs/2017/reusable-fuzzy-extractors-lwe-cscml2017.pdf#page=5"},{"id":"anchor-paper-35-lwe","source_id":"source-paper-35-author-pdf","label":"Decisional LWE assumption and simultaneous hardcore bits","locator":"Definition 4 and Lemma 1, PDF pages 6-7","url":"/pubs/2017/reusable-fuzzy-extractors-lwe-cscml2017.pdf#page=6"},{"id":"anchor-paper-35-fmr","source_id":"source-paper-35-author-pdf","label":"Fuller-Meng-Reyzin extractor and decoder","locator":"Section 3.1, PDF pages 7-8","url":"/pubs/2017/reusable-fuzzy-extractors-lwe-cscml2017.pdf#page=7"},{"id":"anchor-paper-35-attack","source_id":"source-paper-35-author-pdf","label":"Two-enrollment recovery attack on independently sampled matrices","locator":"Section 3.2, PDF pages 8-9","url":"/pubs/2017/reusable-fuzzy-extractors-lwe-cscml2017.pdf#page=8"},{"id":"anchor-paper-35-weak-repair","source_id":"source-paper-35-author-pdf","label":"Common-matrix repair, Theorem 1, and strong-reuse separation","locator":"Section 3.3, PDF pages 9-10","url":"/pubs/2017/reusable-fuzzy-extractors-lwe-cscml2017.pdf#page=9"},{"id":"anchor-paper-35-ro-transform","source_id":"source-paper-35-author-pdf","label":"Generic nonce-and-hash transformation and Theorem 2","locator":"Section 4, PDF pages 10-11","url":"/pubs/2017/reusable-fuzzy-extractors-lwe-cscml2017.pdf#page=10"},{"id":"anchor-paper-35-direct","source_id":"source-paper-35-author-pdf","label":"Direct LWE construction without random oracles","locator":"Section 5, PDF pages 11-12","url":"/pubs/2017/reusable-fuzzy-extractors-lwe-cscml2017.pdf#page=11"},{"id":"anchor-paper-35-publication","source_id":"source-paper-35-official","label":"Official CSCML publication identity","locator":"CSCML 2017, LNCS chapter 1, DOI 10.1007/978-3-319-60080-2_1","url":"https://doi.org/10.1007/978-3-319-60080-2_1"},{"id":"anchor-paper-35-citations","source_id":"source-paper-35-openalex","label":"Dated citation-count snapshot","locator":"OpenAlex reported 42 citing works when accessed 2026-07-11","url":"https://openalex.org/W2620841627"}],"nodes":[{"id":"paper-35","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Efficient, Reusable Fuzzy Extractors from LWE","summary":"A foundations paper that identifies a concrete helper-data leakage failure, formalizes two levels of repeated-use security, and gives both repaired and new lattice-based fuzzy-extractor schemes.","source_anchor_ids":["anchor-paper-35-problem-contributions"]},{"id":"paper-35-question","kind":"question","parent_id":"paper-35","order":1,"epistemic_status":"research_question","title":"Research question","summary":"When multiple servers enroll noisy readings of the same biometric, can every target key remain indistinguishable from uniform despite the collection of correlated helper data and disclosure of other enrollment keys?","source_anchor_ids":["anchor-paper-35-problem-contributions","anchor-paper-35-reuse-definitions"]},{"id":"paper-35-answer","kind":"contribution","parent_id":"paper-35","order":2,"epistemic_status":"source_asserted","title":"Attack, repair, transform, and direct scheme","summary":"Independent FMR public matrices enable complete recovery after two nearby enrollments; sharing one random matrix restores weak reusability, hashing nonce-bound extracted values gives strong reusability in the random-oracle model, and LWE encryption yields a direct standard-model construction.","source_anchor_ids":["anchor-paper-35-attack","anchor-paper-35-weak-repair","anchor-paper-35-ro-transform","anchor-paper-35-direct"]},{"id":"paper-35-model","kind":"scope","parent_id":"paper-35","order":3,"epistemic_status":"formally_defined","title":"Fuzzy-extractor model","summary":"Gen maps a noisy source w to public helper data and an l-bit key; Rec reproduces that key from the helper data and any w-prime within distance t. Security asks whether the key is indistinguishable from uniform given helper data and sufficient source min-entropy.","source_anchor_ids":["anchor-paper-35-fe-definition"]},{"id":"paper-35-model-weak","kind":"definition","parent_id":"paper-35-model","order":1,"epistemic_status":"defined","title":"Weak reusability","summary":"An adaptive adversary selects bounded-Hamming-weight shifts of one hidden source and receives every resulting helper string; the original enrollment key must remain indistinguishable from uniform.","source_anchor_ids":["anchor-paper-35-reuse-definitions"]},{"id":"paper-35-model-strong","kind":"definition","parent_id":"paper-35-model","order":2,"epistemic_status":"defined","title":"Strong reusability","summary":"The same experiment additionally reveals the extracted key for every shifted enrollment. Strong security therefore protects one target key even after compromise or legitimate disclosure of the others.","source_anchor_ids":["anchor-paper-35-reuse-definitions"]},{"id":"paper-35-model-boundary","kind":"assumption","parent_id":"paper-35-model","order":3,"epistemic_status":"modeling_choice","title":"Shift-correlated Hamming sources","summary":"The new definitions specialize to a Hamming metric and adversarially chosen shifts of weight at most t. They do not cover every possible joint distribution of repeated biometric readings allowed by stronger prior formulations.","source_anchor_ids":["anchor-paper-35-reuse-definitions"]},{"id":"paper-35-analysis","kind":"method","parent_id":"paper-35","order":4,"epistemic_status":"specified","title":"Analysis of the FMR extractor","summary":"FMR publishes a random linear-code matrix A and As + w, extracts coordinates of s, and reconstructs s by decoding the difference between helper data and a nearby reading.","source_anchor_ids":["anchor-paper-35-fmr"]},{"id":"paper-35-attack","kind":"attack","parent_id":"paper-35-analysis","order":1,"epistemic_status":"demonstrated","title":"Two-helper-string recovery attack","summary":"For nearby w1 and w2 under independent A1 and A2, subtracting helper strings yields a noisy linear system in s1 and s2. Decoding recovers both secrets and then both original biometrics; the paper calls this a complete break of weak reusability.","source_anchor_ids":["anchor-paper-35-attack"]},{"id":"paper-35-attack-range","kind":"limitation","parent_id":"paper-35-attack","order":1,"epistemic_status":"analyzed","title":"Parameter range of the attack","summary":"The direct exposition uses m at least 6n, while the source argues the decoder also works with greater expected time for 3n through 6n and expects additional helper strings to strengthen attacks; this extension is argued rather than experimentally measured.","source_anchor_ids":["anchor-paper-35-attack"]},{"id":"paper-35-schemes","kind":"method","parent_id":"paper-35","order":5,"epistemic_status":"constructed","title":"Reusable extractor constructions","summary":"The paper supplies three distinct positive results with different setup and idealization requirements; weak repair, random-oracle bootstrapping, and the direct LWE scheme should be evaluated separately.","source_anchor_ids":["anchor-paper-35-weak-repair","anchor-paper-35-ro-transform","anchor-paper-35-direct"]},{"id":"paper-35-scheme-weak","kind":"scheme","parent_id":"paper-35-schemes","order":1,"epistemic_status":"theorem_supported","title":"Common-matrix weakly reusable FMR","summary":"Reusing one uniformly generated public A across enrollments makes helper differences expose only s1 minus s2. Theorem 1 reduces simulated shifted helpers to ordinary FMR security and concludes weak reusability with the same error bound.","source_anchor_ids":["anchor-paper-35-weak-repair"]},{"id":"paper-35-scheme-separation","kind":"claim","parent_id":"paper-35-schemes","order":2,"epistemic_status":"explicit_counterexample","title":"Weak does not imply strong reusability","summary":"In the common-A FMR repair, helper differences reveal s1 minus s2; learning coordinates of one s through a disclosed extracted key reveals the corresponding coordinates, and hence the other key. This gives a natural separation between the definitions.","source_anchor_ids":["anchor-paper-35-weak-repair"]},{"id":"paper-35-scheme-ro","kind":"scheme","parent_id":"paper-35-schemes","order":3,"epistemic_status":"theorem_supported","title":"Generic weak-to-strong transform","summary":"Append a fresh nonce to the helper data and replace extracted r with H(nonce, r). Theorem 2 bounds strong-reuse advantage by weak-reuse error, guessing, and nonce-collision terms when H is a random oracle.","source_anchor_ids":["anchor-paper-35-ro-transform"]},{"id":"paper-35-scheme-direct","kind":"scheme","parent_id":"paper-35-schemes","order":4,"epistemic_status":"construction_with_reduction_sketch","title":"Direct standard-model LWE scheme","summary":"Encode a random s as As + w, use s to LWE-encrypt an independent random key r, publish the encoding and ciphertext, and recover s from a nearby reading before decrypting r. No random oracle is used.","source_anchor_ids":["anchor-paper-35-direct"]},{"id":"paper-35-claims","kind":"claim_group","parent_id":"paper-35","order":6,"epistemic_status":"source_asserted","title":"Formal claims","summary":"The claims range from an unconditional algebraic attack to reductions conditional on the base extractor, random-oracle idealization, or decisional LWE. Their premises are not interchangeable.","source_anchor_ids":["anchor-paper-35-attack","anchor-paper-35-weak-repair","anchor-paper-35-ro-transform","anchor-paper-35-direct"]},{"id":"paper-35-claim-weak","kind":"claim","parent_id":"paper-35-claims","order":1,"epistemic_status":"theorem_1","title":"Conditional weak reusability","summary":"If FMR is already an epsilon-secure fuzzy extractor for the stated source class and all executions share one uniformly random A, then it is epsilon-weakly reusable in the paper's shift model.","source_anchor_ids":["anchor-paper-35-weak-repair"]},{"id":"paper-35-claim-ro","kind":"claim","parent_id":"paper-35-claims","order":2,"epistemic_status":"theorem_2","title":"Random-oracle strong reusability","summary":"For a bounded-time attacker, the nonce-and-hash transform is strongly reusable with a stated asymptotic advantage bound combining the weak extractor's epsilon, extracted-key length, and nonce length.","source_anchor_ids":["anchor-paper-35-ro-transform"]},{"id":"paper-35-claim-direct","kind":"claim","parent_id":"paper-35-claims","order":3,"epistemic_status":"reduction_claim","title":"Standard-model strong reusability from LWE","summary":"For coordinate-independent source noise and matched encryption-error distribution, the direct construction's strong reusability reduces to decisional LWE with enough samples to cover the target, ciphertext, and adaptive reuse queries.","source_anchor_ids":["anchor-paper-35-lwe","anchor-paper-35-direct"]},{"id":"paper-35-evidence","kind":"evidence_group","parent_id":"paper-35","order":7,"epistemic_status":"formal_analysis","title":"Proof evidence","summary":"The source gives explicit experiments, algebraic attack derivations, theorem statements, construction algorithms, and reduction sketches. It contains no implementation, benchmark, biometric dataset, or concrete-parameter evaluation.","source_anchor_ids":["anchor-paper-35-reuse-definitions","anchor-paper-35-attack","anchor-paper-35-ro-transform","anchor-paper-35-direct"]},{"id":"paper-35-evidence-attack","kind":"evidence","parent_id":"paper-35-evidence","order":1,"epistemic_status":"derivation_inspected","title":"Attack derivation","summary":"Subtracting the two public values eliminates the nearby readings up to a sparse error, producing a decodable random-linear-code instance; recovering s1 and s2 makes each wi equal to its public vector minus Ai si.","source_anchor_ids":["anchor-paper-35-attack"]},{"id":"paper-35-evidence-reductions","kind":"evidence","parent_id":"paper-35-evidence","order":2,"epistemic_status":"proof_sketches","title":"Simulation and LWE reductions","summary":"The weak repair simulates shifted helpers from one challenge, the generic transform programs independent-looking hash outputs except on collision or guessed-key events, and the direct scheme replaces LWE samples with uniform vectors that perfectly hide the target key.","source_anchor_ids":["anchor-paper-35-weak-repair","anchor-paper-35-ro-transform","anchor-paper-35-direct"]},{"id":"paper-35-boundaries","kind":"limitation_group","parent_id":"paper-35","order":8,"epistemic_status":"material","title":"Scope and limitations","summary":"Positive results depend respectively on a shared public matrix, a random oracle, or a specific LWE-based encryption construction and coordinate-independent source distribution. Error tolerance inherits the FMR decoder's small-Hamming-error regime, and the paper does not validate real biometric noise.","source_anchor_ids":["anchor-paper-35-fmr","anchor-paper-35-weak-repair","anchor-paper-35-ro-transform","anchor-paper-35-direct"]},{"id":"paper-35-artifacts","kind":"artifact_group","parent_id":"paper-35","order":9,"epistemic_status":"source_available","title":"Artifacts and resources","summary":"A checked-in author manuscript, an IACR ePrint record, and the official Springer record are available. The contribution is mathematical; no code, proof-assistant development, test vectors, or biometric corpus is claimed.","source_anchor_ids":["anchor-paper-35-problem-contributions","anchor-paper-35-publication"]},{"id":"paper-35-scrutiny","kind":"scrutiny","parent_id":"paper-35","order":10,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The work appeared at CSCML and is publicly archived. Venue review and later citations do not substitute for independent line-by-line verification of the attacks and reductions; no public review reports or formalization were located.","source_anchor_ids":["anchor-paper-35-publication","anchor-paper-35-citations"]}],"relations":[{"id":"paper-35-relation-answer-question","type":"addresses","from_id":"paper-35-answer","to_id":"paper-35-question"},{"id":"paper-35-relation-weak-model","type":"refines","from_id":"paper-35-model-weak","to_id":"paper-35-model"},{"id":"paper-35-relation-strong-model","type":"refines","from_id":"paper-35-model-strong","to_id":"paper-35-model"},{"id":"paper-35-relation-attack-analysis","type":"attacks","from_id":"paper-35-attack","to_id":"paper-35-analysis"},{"id":"paper-35-relation-weak-claim","type":"realizes","from_id":"paper-35-scheme-weak","to_id":"paper-35-claim-weak"},{"id":"paper-35-relation-separation-weak","type":"limits","from_id":"paper-35-scheme-separation","to_id":"paper-35-scheme-weak"},{"id":"paper-35-relation-ro-claim","type":"realizes","from_id":"paper-35-scheme-ro","to_id":"paper-35-claim-ro"},{"id":"paper-35-relation-direct-claim","type":"realizes","from_id":"paper-35-scheme-direct","to_id":"paper-35-claim-direct"},{"id":"paper-35-relation-attack-evidence","type":"supports","from_id":"paper-35-evidence-attack","to_id":"paper-35-attack"},{"id":"paper-35-relation-reductions-claims","type":"supports","from_id":"paper-35-evidence-reductions","to_id":"paper-35-claims"},{"id":"paper-35-relation-boundaries-claims","type":"qualifies","from_id":"paper-35-boundaries","to_id":"paper-35-claims"}],"assessment":{"id":"paper-35-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The complete paper supplies explicit security experiments, a concrete algebraic break, three positive constructions, theorem statements, and reduction sketches under identified assumptions. It does not provide machine-checked proofs, a concrete-security implementation, or empirical biometric validation.","basis_source_anchor_ids":["anchor-paper-35-reuse-definitions","anchor-paper-35-attack","anchor-paper-35-weak-repair","anchor-paper-35-ro-transform","anchor-paper-35-direct"]},{"id":"auditability","level":"high","rationale":"A checked-in author copy with recorded SHA-256 and page count, an IACR ePrint route, the official DOI, and precise page anchors make definitions and derivations directly inspectable.","basis_source_anchor_ids":["anchor-paper-35-problem-contributions","anchor-paper-35-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, affiliations, acknowledgments, venue, DOI, author copy, and ePrint identity are documented. Contributor roles, revision history, tool use, and exact version correspondence have not been audited.","basis_source_anchor_ids":["anchor-paper-35-problem-contributions","anchor-paper-35-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"CSCML publication and an IACR record establish external and public exposure, but review reports, rebuttal, independent proof checking, formal verification, and correction history were not located.","basis_source_anchor_ids":["anchor-paper-35-publication"]},{"id":"reception","level":"high","rationale":"OpenAlex reported 42 citations on 2026-07-11. Under the author-defined corpus rule, more than 10 located citations is High. The count is index- and date-dependent and does not certify correctness.","basis_source_anchor_ids":["anchor-paper-35-citations"]},{"id":"contribution_significance","level":"high","rationale":"The paper contributes new reusable-security definitions, a complete break of a natural prior construction, a weak/strong separation, and two routes to strong reusability; the dated citation record indicates sustained follow-on attention. Priority and adoption were not independently audited.","basis_source_anchor_ids":["anchor-paper-35-problem-contributions","anchor-paper-35-attack","anchor-paper-35-citations"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI lookup","citation_count":42,"source_url":"https://openalex.org/W2620841627","signals":["OpenAlex reported 42 works citing the CSCML chapter."],"limitation":"Citation counts vary by index and date, may include self-citations, and do not establish that later work verified every attack or reduction."}},"paper_36":{"schema_version":"0.1","map_id":"paper-36-map","publication_id":36,"publication_anchor":"paper-36","slug":"paper-36","canonical_path":"/knowledge/papers/paper-36/","machine_path":"/knowledge/papers/paper-36.json","root_node_id":"paper-36","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol","algorithm"],"title":"Brief Announcement: Secure Self-Stabilizing Computation","year":2017,"status":"Published · brief announcement","venue":"ACM Symposium on Principles of Distributed Computing (PODC)","topic":"secure-encrypted-computation","labels":["Theory"],"authors":["Shlomi Dolev","Karim Eldefrawy","Juan Garay","Muni Venkateswarlu Kumaramangalam","Rafail Ostrovsky","Moti Yung"],"keywords":["self-stabilization","secure multiparty computation","Byzantine faults","finite-state machine","proactive recovery","secret sharing"],"research_question":"Can a continuously running distributed computation automatically recover not only functional consistency but also input, output, and state confidentiality and computational correctness after a temporary period in which every party may have been compromised?","central_answer":"The announcement defines secure self-stabilizing computation and sketches an FSM protocol that repeatedly establishes fresh keys, validates secret-shared state through MPC and error correction, resets invalid state to a default, and securely computes the next transition and output. Once independent recovery restores the required Byzantine threshold, the construction is intended to converge to consistent private computation and progressively erase the adversary's knowledge of current state.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text model and algorithm extraction, claim mapping, and initial assessment"}],"method":"Source-grounded review of the complete three-page PODC brief announcement, including visual inspection of its abstract and algorithm pages. The map distinguishes the proposed definition and protocol composition from complete formal proofs or an implementation, neither of which appears in the brief.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author audit. Thresholds, recovery interpretation, and evidence ratings should be checked by an author before approval."}},"sources":[{"id":"source-paper-36-author-pdf","type":"author_hosted_copy","title":"Brief Announcement: Secure Self-Stabilizing Computation","url":"/pubs/2017/secure-self-stabilizing-computation-podc2017-brief.pdf","provenance_category":"author","retrieved_from":"https://web.cs.ucla.edu/~rafail/PUBLIC/204.pdf","media_type":"application/pdf","sha256":"bb6ef27496017f16e38ccc04feb10523d4b59ee3f97050d4942aeb4701ba0c73","page_count":3},{"id":"source-paper-36-official","type":"official_publication_record","title":"ACM PODC 2017 publication record","url":"https://doi.org/10.1145/3087801.3087864","provenance_category":"official"},{"id":"source-paper-36-openalex","type":"citation_index_snapshot","title":"OpenAlex record W2737996187","url":"https://openalex.org/W2737996187","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-36-problem","source_id":"source-paper-36-author-pdf","label":"Secure self-stabilization problem and claimed direction","locator":"Abstract, PDF page 1","url":"/pubs/2017/secure-self-stabilizing-computation-podc2017-brief.pdf#page=1"},{"id":"anchor-paper-36-system","source_id":"source-paper-36-author-pdf","label":"Parties, network, key setup, hardware, inputs, and clocks","locator":"Section 1, System and Network Model, PDF pages 1-2","url":"/pubs/2017/secure-self-stabilizing-computation-podc2017-brief.pdf#page=1"},{"id":"anchor-paper-36-adversary","source_id":"source-paper-36-author-pdf","label":"Mixed mobile adversary and recovery assumptions","locator":"Section 1, Mixed Adversarial Model, PDF page 2","url":"/pubs/2017/secure-self-stabilizing-computation-podc2017-brief.pdf#page=2"},{"id":"anchor-paper-36-definition","source_id":"source-paper-36-author-pdf","label":"Convergence, closure, MPC security, and secure self-stabilization","locator":"Section 2, PDF page 2","url":"/pubs/2017/secure-self-stabilizing-computation-podc2017-brief.pdf#page=2"},{"id":"anchor-paper-36-construction","source_id":"source-paper-36-author-pdf","label":"Clock, key, VSS, state-validation, transition, and output pipeline","locator":"Section 3, PDF page 3","url":"/pubs/2017/secure-self-stabilizing-computation-podc2017-brief.pdf#page=3"},{"id":"anchor-paper-36-algorithm","source_id":"source-paper-36-author-pdf","label":"Secure self-stabilizing FSM Algorithm 1","locator":"Algorithm 1, PDF page 3","url":"/pubs/2017/secure-self-stabilizing-computation-podc2017-brief.pdf#page=3"},{"id":"anchor-paper-36-forgetting","source_id":"source-paper-36-author-pdf","label":"Post-convergence secrecy recovery under transition-graph conditions","locator":"Discussion following Algorithm 1, PDF page 3","url":"/pubs/2017/secure-self-stabilizing-computation-podc2017-brief.pdf#page=3"},{"id":"anchor-paper-36-publication","source_id":"source-paper-36-official","label":"Official PODC publication identity","locator":"PODC 2017, pages 415-417, DOI 10.1145/3087801.3087864","url":"https://doi.org/10.1145/3087801.3087864"},{"id":"anchor-paper-36-citations","source_id":"source-paper-36-openalex","label":"Dated citation-count snapshot","locator":"OpenAlex reported 5 citing works when accessed 2026-07-11","url":"https://openalex.org/W2737996187"}],"nodes":[{"id":"paper-36","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Brief Announcement: Secure Self-Stabilizing Computation","summary":"A three-page announcement that joins self-stabilizing distributed systems with secure MPC so a computation can recover confidentiality and correctness after total but temporary compromise.","source_anchor_ids":["anchor-paper-36-problem"]},{"id":"paper-36-question","kind":"question","parent_id":"paper-36","order":1,"epistemic_status":"research_question","title":"Research question","summary":"After parties recover asynchronously from an arbitrary globally compromised state, can the system autonomously reestablish a coherent computation whose state, inputs, and outputs are again private and whose transitions are correct?","source_anchor_ids":["anchor-paper-36-problem","anchor-paper-36-definition"]},{"id":"paper-36-answer","kind":"contribution","parent_id":"paper-36","order":2,"epistemic_status":"source_asserted","title":"Secure self-stabilizing computation","summary":"The paper proposes convergence and closure for a secret-shared FSM together with recurring key renewal, state validation, default-state recovery, and secure transition evaluation once fewer than the tolerated Byzantine parties remain.","source_anchor_ids":["anchor-paper-36-definition","anchor-paper-36-construction"]},{"id":"paper-36-model","kind":"scope","parent_id":"paper-36","order":3,"epistemic_status":"defined","title":"Continuous distributed FSM model","summary":"n parties over a complete synchronous or semi-synchronous network continuously compute a public Mealy FSM on periodically supplied secret-shared inputs. Parties do not know their compromise history and maintain secret shares of FSM state and output.","source_anchor_ids":["anchor-paper-36-system","anchor-paper-36-construction"]},{"id":"paper-36-model-setup","kind":"assumption","parent_id":"paper-36-model","order":1,"epistemic_status":"assumed","title":"Cryptographic and hardware setup","summary":"Every party has a true random number generator and tamper-resistant access to its private key and the configuration authority's public key; parties can authenticate fresh public keys, derive pairwise secure channels, and establish secure broadcast.","source_anchor_ids":["anchor-paper-36-system"]},{"id":"paper-36-model-clock","kind":"assumption","parent_id":"paper-36-model","order":2,"epistemic_status":"inherited_component","title":"Stabilizing time base","summary":"A self-stabilizing Byzantine clock-synchronization protocol supplies logical global pulses and common round numbers in the semi-synchronous setting; this clock is an assumed underlying service, not constructed in the announcement.","source_anchor_ids":["anchor-paper-36-system","anchor-paper-36-construction"]},{"id":"paper-36-model-adversary","kind":"threat_model","parent_id":"paper-36-model","order":3,"epistemic_status":"defined","title":"Temporary total mixed compromise","summary":"A computationally bounded adversary may passively or actively corrupt any number of parties, including all n for a finite interval, but watchdog-driven recovery prevents indefinite control of every party and the adversary cannot immediately recapture a just-recovered party.","source_anchor_ids":["anchor-paper-36-adversary"]},{"id":"paper-36-definition-standard","kind":"definition","parent_id":"paper-36","order":4,"epistemic_status":"reviewed","title":"Standard self-stabilization","summary":"Convergence requires reaching some consistent legal configuration from any arbitrary configuration in finite rounds; closure requires remaining legal absent another unexpected fault.","source_anchor_ids":["anchor-paper-36-definition"]},{"id":"paper-36-definition-secure","kind":"definition","parent_id":"paper-36","order":5,"epistemic_status":"introduced","title":"Security recovery requirement","summary":"Secure self-stabilization extends functional convergence so that after enough parties recover and the MPC corruption threshold again holds, secrecy of computation state, inputs, and outputs and correctness of computation are automatically regained.","source_anchor_ids":["anchor-paper-36-definition"]},{"id":"paper-36-construction","kind":"protocol","parent_id":"paper-36","order":6,"epistemic_status":"specified_at_brief_level","title":"Secure FSM stabilization protocol","summary":"Each transition round refreshes communication keys, verifiably reshapes the state shares, securely checks that they encode a legitimate state, and evaluates public transition and output circuits using an existing MPC protocol.","source_anchor_ids":["anchor-paper-36-construction"]},{"id":"paper-36-construction-keys","kind":"protocol","parent_id":"paper-36-construction","order":1,"epistemic_status":"composed_from_primitives","title":"Fresh channel establishment","summary":"Parties generate fresh key pairs from local true randomness, use Byzantine agreement to agree on each public key, and derive fresh pairwise symmetric keys before processing the next FSM transition.","source_anchor_ids":["anchor-paper-36-construction"]},{"id":"paper-36-construction-state","kind":"algorithm","parent_id":"paper-36-construction","order":2,"epistemic_status":"specified","title":"State validation and reset","summary":"VSS supplies redundant state shares and an MPC evaluates an error-detection circuit such as Berlekamp-Welch to test polynomial degree and membership in the legal-state set. Invalid state is replaced by shares of public default state S0.","source_anchor_ids":["anchor-paper-36-construction","anchor-paper-36-algorithm"]},{"id":"paper-36-construction-transition","kind":"algorithm","parent_id":"paper-36-construction","order":3,"epistemic_status":"specified","title":"Private transition and output evaluation","summary":"On a valid state, MPC applies transition circuit T to the current state and new input and output circuit O to produce secret-shared next state and output; after reset, the same circuits run from S0.","source_anchor_ids":["anchor-paper-36-algorithm"]},{"id":"paper-36-claims","kind":"claim_group","parent_id":"paper-36","order":7,"epistemic_status":"source_asserted","title":"Stated recovery claims","summary":"The brief states conditional recovery rather than uninterrupted security: during total compromise all secrets may be exposed, and protection resumes only after the required party threshold and supporting services recover.","source_anchor_ids":["anchor-paper-36-definition","anchor-paper-36-forgetting"]},{"id":"paper-36-claim-convergence","kind":"claim","parent_id":"paper-36-claims","order":1,"epistemic_status":"construction_claim","title":"Consistency and security convergence","summary":"Once fewer than roughly one third of participants are Byzantine in the illustrated setting, state checking and secure transition evaluation are claimed to restore consistent state, correct computation, and confidentiality.","source_anchor_ids":["anchor-paper-36-problem","anchor-paper-36-algorithm"]},{"id":"paper-36-claim-forgetting","kind":"claim","parent_id":"paper-36-claims","order":2,"epistemic_status":"graph_conditional","title":"Loss of stale adversarial state knowledge","summary":"With unknown fresh inputs, a complete FSM transition graph makes every state possible to the adversary after the first post-convergence transition; an expander transition graph is stated to erase state knowledge after logarithmically many transitions.","source_anchor_ids":["anchor-paper-36-forgetting"]},{"id":"paper-36-evidence","kind":"evidence_group","parent_id":"paper-36","order":8,"epistemic_status":"bounded_by_brief_announcement","title":"Evidence and proof boundary","summary":"The announcement defines the setting, composes known cryptographic and stabilization components, and supplies Algorithm 1 and recovery intuition. It does not present a formal ideal functionality, simulator, theorem statement, full proof, implementation, or experiment.","source_anchor_ids":["anchor-paper-36-system","anchor-paper-36-definition","anchor-paper-36-algorithm"]},{"id":"paper-36-evidence-mechanism","kind":"evidence","parent_id":"paper-36-evidence","order":1,"epistemic_status":"mechanism_inspected","title":"Mechanism-level support","summary":"Fresh randomness severs old channel-key exposure, error-correcting state checks remove malformed Byzantine shares, the default state restores legality, and post-recovery secret inputs drive the FSM away from previously known state.","source_anchor_ids":["anchor-paper-36-construction","anchor-paper-36-forgetting"]},{"id":"paper-36-boundaries","kind":"limitation_group","parent_id":"paper-36","order":9,"epistemic_status":"material","title":"Assumptions and limitations","summary":"Recovery depends on trustworthy local reset, TRNGs, secure hardware keys, clock stabilization, Byzantine agreement, VSS, and an MPC whose threshold has recovered. The protocol does not protect secrets already learned during total compromise or guarantee correct outputs before convergence.","source_anchor_ids":["anchor-paper-36-system","anchor-paper-36-adversary","anchor-paper-36-definition"]},{"id":"paper-36-boundary-model","kind":"limitation","parent_id":"paper-36-boundaries","order":1,"epistemic_status":"unresolved_in_brief","title":"Formal and systems obligations","summary":"The three-page source does not analyze composability among all assumed services, recovery timing, adaptive re-corruption rates, output handling during unsafe rounds, implementation overhead, or failures of the hardware watchdog and configuration authority.","source_anchor_ids":["anchor-paper-36-system","anchor-paper-36-algorithm"]},{"id":"paper-36-artifacts","kind":"artifact_group","parent_id":"paper-36","order":10,"epistemic_status":"publication_only","title":"Artifacts and resources","summary":"The complete brief announcement and official DOI are available. No extended proof, code, proof-assistant artifact, implementation, trace, or evaluation dataset is linked by the paper.","source_anchor_ids":["anchor-paper-36-problem","anchor-paper-36-publication"]},{"id":"paper-36-scrutiny","kind":"scrutiny","parent_id":"paper-36","order":11,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The work appeared as a PODC brief announcement. This gives venue exposure but not the evidentiary weight of a full-paper security proof, independently verified implementation, or public review record.","source_anchor_ids":["anchor-paper-36-publication"]}],"relations":[{"id":"paper-36-relation-answer-question","type":"addresses","from_id":"paper-36-answer","to_id":"paper-36-question"},{"id":"paper-36-relation-secure-standard","type":"extends","from_id":"paper-36-definition-secure","to_id":"paper-36-definition-standard"},{"id":"paper-36-relation-keys-construction","type":"component_of","from_id":"paper-36-construction-keys","to_id":"paper-36-construction"},{"id":"paper-36-relation-state-construction","type":"component_of","from_id":"paper-36-construction-state","to_id":"paper-36-construction"},{"id":"paper-36-relation-transition-construction","type":"component_of","from_id":"paper-36-construction-transition","to_id":"paper-36-construction"},{"id":"paper-36-relation-construction-convergence","type":"supports","from_id":"paper-36-construction","to_id":"paper-36-claim-convergence"},{"id":"paper-36-relation-mechanism-convergence","type":"supports","from_id":"paper-36-evidence-mechanism","to_id":"paper-36-claim-convergence"},{"id":"paper-36-relation-adversary-convergence","type":"qualifies","from_id":"paper-36-model-adversary","to_id":"paper-36-claim-convergence"},{"id":"paper-36-relation-forgetting-claim","type":"supports","from_id":"paper-36-construction-transition","to_id":"paper-36-claim-forgetting"},{"id":"paper-36-relation-boundaries-claims","type":"qualifies","from_id":"paper-36-boundaries","to_id":"paper-36-claims"}],"assessment":{"id":"paper-36-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The complete brief specifies the model, recovery concept, component pipeline, FSM algorithm, threshold example, and forgetting intuition. Its three pages do not include formal security definitions and proofs, an implementation, or experiments, so the evidence remains Medium.","basis_source_anchor_ids":["anchor-paper-36-definition","anchor-paper-36-construction","anchor-paper-36-algorithm"]},{"id":"auditability","level":"high","rationale":"A checked-in author copy with SHA-256, page count, and precise page anchors, plus the official DOI, makes every claim in the brief directly inspectable. No extended artifact was located.","basis_source_anchor_ids":["anchor-paper-36-problem","anchor-paper-36-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, affiliations, funding acknowledgments, date, venue, DOI, and author copy are documented. Contributor roles, revision history, tool use, and any extended-version lineage have not been audited.","basis_source_anchor_ids":["anchor-paper-36-problem","anchor-paper-36-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"PODC publication establishes external venue scrutiny, but the item is a brief announcement and no review reports, rebuttal, independent proof audit, implementation, or reproduction were located.","basis_source_anchor_ids":["anchor-paper-36-publication"]},{"id":"reception","level":"low","rationale":"OpenAlex reported 5 citations on 2026-07-11. Under the author-defined corpus rule, 0 through 8 located citations is Low. The count is index- and date-dependent and is not evidence of correctness.","basis_source_anchor_ids":["anchor-paper-36-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The brief articulates a distinctive recovery target that combines confidentiality, correctness, and self-stabilization and supplies a concrete FSM composition. Priority, generality, and downstream adoption require a broader literature audit.","basis_source_anchor_ids":["anchor-paper-36-problem","anchor-paper-36-definition"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI lookup","citation_count":5,"source_url":"https://openalex.org/W2737996187","signals":["OpenAlex reported 5 works citing the PODC brief announcement."],"limitation":"Citation counts vary by index and date; the generic OpenAlex display title for this DOI may reduce discoverability, and counts do not establish verification or adoption."}},"paper_37":{"schema_version":"0.1","map_id":"paper-37-map","publication_id":37,"publication_anchor":"paper-37","slug":"paper-37","canonical_path":"/knowledge/papers/paper-37/","machine_path":"/knowledge/papers/paper-37.json","root_node_id":"paper-37","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"HYDRA: Hybrid Design for Remote Attestation Using a Formally Verified Microkernel","year":2017,"status":"Published","venue":"10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec)","topic":"secure-systems-networks","labels":["Applied","System","Implementation","Formal Verification"],"authors":["Karim Eldefrawy","Norrathep Rattanavipanon","Gene Tsudik"],"keywords":["remote attestation","seL4","formally verified microkernel","embedded systems","secure boot","capability access control"],"research_question":"Can a commodity embedded platform realize the isolation, key protection, atomic execution, and freshness properties required for hybrid remote attestation by relying mainly on a formally verified microkernel rather than custom processor modifications?","central_answer":"HYDRA securely boots seL4, launches a highest-priority attestation process with exclusive capabilities to its code, state, key, and clock, and has that process authenticate fresh requests and MAC a selected process-memory range. The seL4 refinement and access-control proofs support kernel-enforced isolation, while two commodity-board prototypes and microbenchmarks show practical performance; the whole attestation system is not itself formally verified and remains conditional on secure boot, correct configuration and attestation code, hardware and DMA assumptions, and exclusion of physical attacks and side channels.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text systems, security-boundary, and evaluation mapping"}],"method":"Source-grounded review of the complete 12-page author-hosted WiSec paper, including visual inspection of its abstract and security/evaluation pages. The map distinguishes machine-checked seL4 guarantees, paper-level configuration arguments, unverified HYDRA code, and empirical feasibility evidence.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author audit. Formal-guarantee boundaries, implementation details, measurements, and ratings should be checked by an author before approval."}},"sources":[{"id":"source-paper-37-author-pdf","type":"author_hosted_copy","title":"HYDRA: Hybrid Design for Remote Attestation (Using a Formally Verified Microkernel)","url":"/pubs/2017/hydra-wisec2017.pdf","provenance_category":"author","retrieved_from":"https://sprout.ics.uci.edu/projects/attestation/papers/hydra.pdf","media_type":"application/pdf","sha256":"997b79fc030d4589d52225dff1c8126c67a143e45f2b6c906e7d84125f55199d","page_count":12},{"id":"source-paper-37-arxiv","type":"public_archive_record","title":"arXiv 1703.02688","url":"https://arxiv.org/abs/1703.02688","provenance_category":"archive"},{"id":"source-paper-37-official","type":"official_publication_record","title":"ACM WiSec 2017 publication record","url":"https://doi.org/10.1145/3098243.3098261","provenance_category":"official"},{"id":"source-paper-37-openalex","type":"citation_index_snapshot","title":"OpenAlex record W2604623598","url":"https://openalex.org/W2604623598","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-37-problem","source_id":"source-paper-37-author-pdf","label":"Hybrid-attestation goal, contributions, platforms, and headline result","locator":"Abstract and Section 1, PDF pages 1-2","url":"/pubs/2017/hydra-wisec2017.pdf#page=1"},{"id":"anchor-paper-37-properties","source_id":"source-paper-37-author-pdf","label":"Remote-attestation objective and minimal security properties","locator":"Section 3.2, PDF pages 3-4","url":"/pubs/2017/hydra-wisec2017.pdf#page=3"},{"id":"anchor-paper-37-threat","source_id":"source-paper-37-author-pdf","label":"Remote, local, and excluded physical adversaries","locator":"Section 3.3, PDF page 4","url":"/pubs/2017/hydra-wisec2017.pdf#page=4"},{"id":"anchor-paper-37-sel4","source_id":"source-paper-37-author-pdf","label":"seL4 refinement, access-control, integrity, and confidentiality guarantees","locator":"Section 4.1, PDF pages 4-5","url":"/pubs/2017/hydra-wisec2017.pdf#page=4"},{"id":"anchor-paper-37-controls","source_id":"source-paper-37-author-pdf","label":"Derivation of HYDRA access-control configuration C1-C4","locator":"Section 4.2 and Table 2, PDF pages 5-6","url":"/pubs/2017/hydra-wisec2017.pdf#page=5"},{"id":"anchor-paper-37-components","source_id":"source-paper-37-author-pdf","label":"ROM, seL4, attestation algorithm, clock, and secure-boot requirements","locator":"Sections 4.3-4.4, PDF pages 5-6","url":"/pubs/2017/hydra-wisec2017.pdf#page=5"},{"id":"anchor-paper-37-algorithm","source_id":"source-paper-37-author-pdf","label":"Fresh authenticated request and memory-MAC procedure","locator":"Section 4.4.3 and Algorithm 1, PDF pages 6-7","url":"/pubs/2017/hydra-wisec2017.pdf#page=6"},{"id":"anchor-paper-37-implementation","source_id":"source-paper-37-author-pdf","label":"seL4 v1.3 implementation, process configuration, and code size","locator":"Sections 5-5.3 and Table 3, PDF pages 6-8","url":"/pubs/2017/hydra-wisec2017.pdf#page=6"},{"id":"anchor-paper-37-key-clock","source_id":"source-paper-37-author-pdf","label":"Key storage and prototype timestamp mechanism","locator":"Sections 5.4-5.5, PDF pages 8-9","url":"/pubs/2017/hydra-wisec2017.pdf#page=8"},{"id":"anchor-paper-37-security","source_id":"source-paper-37-author-pdf","label":"Informal mapping from nine implementation features to RA requirements","locator":"Section 6, PDF page 9","url":"/pubs/2017/hydra-wisec2017.pdf#page=9"},{"id":"anchor-paper-37-evaluation","source_id":"source-paper-37-author-pdf","label":"Sabre Lite runtime breakdown, scaling, and MAC comparisons","locator":"Section 7, Table 4, and Figure 5, PDF pages 9-10","url":"/pubs/2017/hydra-wisec2017.pdf#page=9"},{"id":"anchor-paper-37-odroid","source_id":"source-paper-37-author-pdf","label":"ODROID-XU4 platform results","locator":"Appendix A and Figure 6, PDF pages 11-12","url":"/pubs/2017/hydra-wisec2017.pdf#page=11"},{"id":"anchor-paper-37-proof-assumptions","source_id":"source-paper-37-author-pdf","label":"Assumptions outside the seL4 functional-correctness proof","locator":"Appendix B, PDF page 12","url":"/pubs/2017/hydra-wisec2017.pdf#page=12"},{"id":"anchor-paper-37-publication","source_id":"source-paper-37-official","label":"Official WiSec publication identity","locator":"WiSec 2017, pages 99-110, DOI 10.1145/3098243.3098261","url":"https://doi.org/10.1145/3098243.3098261"},{"id":"anchor-paper-37-citations","source_id":"source-paper-37-openalex","label":"Dated citation-count snapshot","locator":"OpenAlex reported 72 citing works when accessed 2026-07-11","url":"https://openalex.org/W2604623598"}],"nodes":[{"id":"paper-37","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"HYDRA: Hybrid Design for Remote Attestation Using a Formally Verified Microkernel","summary":"A remote-attestation protocol and implemented system that replaces most custom microcontroller access controls with seL4-enforced capabilities and process isolation, retaining hardware secure boot and a time source.","source_anchor_ids":["anchor-paper-37-problem"]},{"id":"paper-37-question","kind":"question","parent_id":"paper-37","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can verified operating-system mechanisms provide the isolation and atomicity needed for secure attestation on commodity embedded boards with less bespoke hardware than SMART or TrustLite?","source_anchor_ids":["anchor-paper-37-problem","anchor-paper-37-properties"]},{"id":"paper-37-answer","kind":"contribution","parent_id":"paper-37","order":2,"epistemic_status":"source_asserted","title":"HYDRA co-design","summary":"Secure boot authenticates seL4 and the attestation binary; seL4 gives one highest-priority initial process exclusive authority over the key and relevant memory; that process authenticates fresh requests and MACs requested process memory.","source_anchor_ids":["anchor-paper-37-controls","anchor-paper-37-components","anchor-paper-37-algorithm"]},{"id":"paper-37-objective","kind":"definition","parent_id":"paper-37","order":3,"epistemic_status":"adopted_from_prior_analysis","title":"Attestation security objective","summary":"A prover should produce an unforgeable token that convinces a verifier of its measured state; malware must not make a compromised state appear expected, and request handling should resist malicious triggering and replay.","source_anchor_ids":["anchor-paper-37-properties"]},{"id":"paper-37-properties","kind":"requirement_group","parent_id":"paper-37-objective","order":1,"epistemic_status":"enumerated","title":"Minimal RA properties","summary":"The adopted requirements are exclusive access to attestation key K, no leakage of key-derived intermediates, immutable attestation code, uninterruptible execution, controlled entry and exit, and authenticated fresh verifier requests.","source_anchor_ids":["anchor-paper-37-properties"]},{"id":"paper-37-threat","kind":"threat_model","parent_id":"paper-37","order":4,"epistemic_status":"defined","title":"Application-compromise adversary","summary":"Remote or local attackers may control all ordinary application software and communication before and after attestation. They cannot physically tamper, induce hardware faults, extract K through side channels, or interrupt seL4 or the protected attestation process.","source_anchor_ids":["anchor-paper-37-threat"]},{"id":"paper-37-assumption-setup","kind":"assumption","parent_id":"paper-37-threat","order":1,"epistemic_status":"assumed","title":"Provisioning and boot trust","summary":"The prover and verifier share a pre-provisioned secret K. ROM authenticates the boot image, seL4 verifies the initial attestation process, and the initial capability distribution exactly implements the paper's configuration.","source_anchor_ids":["anchor-paper-37-components","anchor-paper-37-key-clock"]},{"id":"paper-37-assumption-proof","kind":"assumption","parent_id":"paper-37-threat","order":2,"epistemic_status":"outside_verified_kernel","title":"seL4 proof assumptions","summary":"The inherited functional-correctness claim assumes correct ARM assembly, conforming untampered hardware, correct cache and TLB management, correct boot code, disabled or trusted DMA, and absence of timing side channels.","source_anchor_ids":["anchor-paper-37-proof-assumptions"]},{"id":"paper-37-sel4","kind":"verified_component","parent_id":"paper-37","order":5,"epistemic_status":"externally_machine_checked","title":"seL4 verified enforcement base","summary":"seL4's refinement chain links abstract specification through C and binary behavior, and separate access-control proofs establish authority confinement, integrity, and confidentiality for correctly configured capabilities under the stated assumptions.","source_anchor_ids":["anchor-paper-37-sel4"]},{"id":"paper-37-configuration","kind":"method","parent_id":"paper-37","order":6,"epistemic_status":"paper_argued","title":"HYDRA capability configuration","summary":"PR-Att receives exclusive access to the attestation binary and K, its thread-control block, and its virtual address space, plus exclusive write authority over the clock; all later processes receive lower priority and only minimal capabilities.","source_anchor_ids":["anchor-paper-37-controls","anchor-paper-37-implementation"]},{"id":"paper-37-configuration-priority","kind":"method","parent_id":"paper-37-configuration","order":1,"epistemic_status":"enforced_if_code_conforms","title":"Atomic high-priority execution","summary":"Making PR-Att the initial, highest-priority user process and preventing later processes from raising priority is used to establish uninterruptibility; protecting its TCB and address space supplies controlled invocation and no-leak isolation.","source_anchor_ids":["anchor-paper-37-controls","anchor-paper-37-security"]},{"id":"paper-37-protocol","kind":"protocol","parent_id":"paper-37","order":7,"epistemic_status":"specified_and_implemented","title":"HYDRA attestation protocol","summary":"A request names a timestamp, target process, memory interval, and MAC. PR-Att rejects stale or unauthenticated requests, maps the target range into its own address space, MACs request context and bytes under K, and returns the report.","source_anchor_ids":["anchor-paper-37-algorithm"]},{"id":"paper-37-protocol-boot","kind":"protocol","parent_id":"paper-37-protocol","order":1,"epistemic_status":"implemented","title":"Boot and setup sequence","summary":"A ROM loader verifies the signed seL4 image, seL4 authenticates PR-Att, and PR-Att creates the remaining user processes with non-overlapping virtual spaces and no capability-grant endpoint that could leak its authority.","source_anchor_ids":["anchor-paper-37-components","anchor-paper-37-implementation"]},{"id":"paper-37-protocol-freshness","kind":"protocol","parent_id":"paper-37-protocol","order":2,"epistemic_status":"prototype_approximation","title":"Request freshness and DoS mitigation","summary":"The design calls for a protected real-time clock. Because seL4 lacked a driver, the prototype combines a persisted prior timestamp, the first validated request, and a protected timer counter; a secure counter is an alternative with weaker delayed-message detection.","source_anchor_ids":["anchor-paper-37-key-clock"]},{"id":"paper-37-claims","kind":"claim_group","parent_id":"paper-37","order":8,"epistemic_status":"source_asserted","title":"Main claims","summary":"The paper claims conditional RA security and practical performance. Kernel isolation is machine-checked upstream; the mapping from HYDRA code and configuration to the required RA properties is an informal paper argument.","source_anchor_ids":["anchor-paper-37-security","anchor-paper-37-evaluation"]},{"id":"paper-37-claim-security","kind":"claim","parent_id":"paper-37-claims","order":1,"epistemic_status":"informally_derived_from_verified_component","title":"Satisfaction of minimal RA properties","summary":"Nine boot, priority, memory, TCB, capability, and clock features are mapped to exclusive K access, no leaks, immutability, uninterruptibility, controlled invocation, and verifier authentication.","source_anchor_ids":["anchor-paper-37-security"]},{"id":"paper-37-claim-hardware","kind":"claim","parent_id":"paper-37-claims","order":2,"epistemic_status":"design_comparison","title":"Reduced bespoke hardware requirement","summary":"Unlike earlier hybrid designs that modify microcontroller access controls, HYDRA pushes isolation and scheduling into seL4; it still needs hardware-enforced secure boot, immutable trust material, and a reliable clock or counter.","source_anchor_ids":["anchor-paper-37-controls","anchor-paper-37-components"]},{"id":"paper-37-claim-performance","kind":"claim","parent_id":"paper-37-claims","order":3,"epistemic_status":"measured","title":"Commodity-platform feasibility","summary":"The Sabre Lite prototype reports under 250 milliseconds to attest 10 MB with a Speck-based MAC, while ODROID-XU4 reports under 100 milliseconds with keyed BLAKE2S; memory and process-count costs scale approximately linearly in the tested ranges.","source_anchor_ids":["anchor-paper-37-evaluation","anchor-paper-37-odroid"]},{"id":"paper-37-evidence","kind":"evidence_group","parent_id":"paper-37","order":9,"epistemic_status":"mixed_formal_argument_and_experiment","title":"Evidence stack","summary":"Support combines upstream Isabelle/HOL proofs for seL4, manual configuration and code obligations for HYDRA, two C implementations on commodity boards, and runtime measurements decomposed into request verification, memory mapping, and MAC computation.","source_anchor_ids":["anchor-paper-37-sel4","anchor-paper-37-security","anchor-paper-37-implementation","anchor-paper-37-evaluation"]},{"id":"paper-37-evidence-code","kind":"evidence","parent_id":"paper-37-evidence","order":1,"epistemic_status":"implemented","title":"Prototype scale","summary":"On seL4 1.3, the complete build with helper libraries and network stack is reported as 105,360 C lines and 574 KB, while HYDRA-specific code excluding helpers is about 2,800 lines and the base seL4 kernel is 215 KB.","source_anchor_ids":["anchor-paper-37-implementation"]},{"id":"paper-37-evidence-runtime","kind":"evidence","parent_id":"paper-37-evidence","order":2,"epistemic_status":"reported_experiment","title":"Runtime breakdown and scaling","summary":"On Sabre Lite, MAC computation accounts for roughly 89 percent of the 1 MB time and 92 percent of the 20 KB time; memory mapping remains below one fifth of MAC time in the tested sizes, and process-count scaling is approximately linear.","source_anchor_ids":["anchor-paper-37-evaluation"]},{"id":"paper-37-boundaries","kind":"limitation_group","parent_id":"paper-37","order":10,"epistemic_status":"material","title":"Formal and empirical boundaries","summary":"HYDRA inherits verified isolation only where the actual boot chain, hardware, capability configuration, and code satisfy seL4 assumptions. PR-Att, cryptography, timestamp persistence, network stack, device drivers, and the end-to-end RA theorem are not machine-checked by this work.","source_anchor_ids":["anchor-paper-37-implementation","anchor-paper-37-security","anchor-paper-37-proof-assumptions"]},{"id":"paper-37-boundary-adversary","kind":"limitation","parent_id":"paper-37-boundaries","order":1,"epistemic_status":"explicitly_out_of_scope","title":"Physical, DMA, and side-channel boundary","summary":"Physical attackers, hardware faults, key extraction, timing leakage, and untrusted DMA are excluded. The paper notes that helper networking code is acceptable to the objective only if an I/O MMU prevents DMA attacks.","source_anchor_ids":["anchor-paper-37-threat","anchor-paper-37-proof-assumptions"]},{"id":"paper-37-boundary-comparison","kind":"limitation","parent_id":"paper-37-boundaries","order":2,"epistemic_status":"experimental_limitation","title":"No same-platform baseline","summary":"SMART and TrustLite could not run on the same off-the-shelf boards because of their hardware and microcontroller requirements, so the evaluation establishes HYDRA feasibility but not a controlled performance comparison against those systems.","source_anchor_ids":["anchor-paper-37-evaluation"]},{"id":"paper-37-artifacts","kind":"artifact_group","parent_id":"paper-37","order":11,"epistemic_status":"partial","title":"Artifacts and reproducibility","summary":"The full paper, arXiv record, seL4 and library repositories, algorithm pseudocode, and platform descriptions are public. This audit did not locate a publication-specific HYDRA repository, exact build image, benchmark scripts, or raw measurements.","source_anchor_ids":["anchor-paper-37-implementation","anchor-paper-37-publication"]},{"id":"paper-37-scrutiny","kind":"scrutiny","parent_id":"paper-37","order":12,"epistemic_status":"venue_reviewed_and_upstream_verified","title":"External scrutiny","summary":"HYDRA appeared at ACM WiSec and builds on independently published seL4 proof artifacts. That is stronger than an unreviewed design, but neither venue acceptance nor upstream kernel verification constitutes independent verification of the full HYDRA composition.","source_anchor_ids":["anchor-paper-37-publication","anchor-paper-37-sel4"]}],"relations":[{"id":"paper-37-relation-answer-question","type":"addresses","from_id":"paper-37-answer","to_id":"paper-37-question"},{"id":"paper-37-relation-properties-objective","type":"operationalizes","from_id":"paper-37-properties","to_id":"paper-37-objective"},{"id":"paper-37-relation-sel4-configuration","type":"supports","from_id":"paper-37-sel4","to_id":"paper-37-configuration"},{"id":"paper-37-relation-configuration-protocol","type":"enables","from_id":"paper-37-configuration","to_id":"paper-37-protocol"},{"id":"paper-37-relation-boot-protocol","type":"component_of","from_id":"paper-37-protocol-boot","to_id":"paper-37-protocol"},{"id":"paper-37-relation-freshness-protocol","type":"component_of","from_id":"paper-37-protocol-freshness","to_id":"paper-37-protocol"},{"id":"paper-37-relation-security-claim","type":"supports","from_id":"paper-37-configuration","to_id":"paper-37-claim-security"},{"id":"paper-37-relation-runtime-performance","type":"supports","from_id":"paper-37-evidence-runtime","to_id":"paper-37-claim-performance"},{"id":"paper-37-relation-proof-security","type":"qualifies","from_id":"paper-37-assumption-proof","to_id":"paper-37-claim-security"},{"id":"paper-37-relation-boundaries-security","type":"qualifies","from_id":"paper-37-boundaries","to_id":"paper-37-claim-security"},{"id":"paper-37-relation-adversary-security","type":"limits","from_id":"paper-37-boundary-adversary","to_id":"paper-37-claim-security"},{"id":"paper-37-relation-comparison-performance","type":"qualifies","from_id":"paper-37-boundary-comparison","to_id":"paper-37-claim-performance"}],"assessment":{"id":"paper-37-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The complete paper combines a requirement decomposition, inherited machine-checked kernel guarantees, explicit configuration and protocol logic, two commodity implementations, and detailed performance experiments. The end-to-end HYDRA security argument and HYDRA-specific code are not formally verified or independently reproduced.","basis_source_anchor_ids":["anchor-paper-37-sel4","anchor-paper-37-security","anchor-paper-37-implementation","anchor-paper-37-evaluation"]},{"id":"auditability","level":"high","rationale":"A checked-in author copy with SHA-256 and page count, arXiv route, official DOI, precise page anchors, and public upstream seL4 artifacts make the paper and its inherited proof base directly inspectable.","basis_source_anchor_ids":["anchor-paper-37-problem","anchor-paper-37-publication","anchor-paper-37-sel4"]},{"id":"production_provenance","level":"medium","rationale":"Named authors, affiliations, venue, DOI, funding, author and archive copies, platforms, seL4 version, and code-size breakdown are documented. Contributor roles, revision history, exact source commit, build environment, and benchmark artifact lineage were not audited.","basis_source_anchor_ids":["anchor-paper-37-problem","anchor-paper-37-implementation","anchor-paper-37-publication"]},{"id":"external_scrutiny","level":"high","rationale":"The system received WiSec review and relies on a substantial independently reviewed, machine-checked seL4 refinement and access-control proof stack. Public HYDRA review reports and an independent end-to-end reproduction were not located.","basis_source_anchor_ids":["anchor-paper-37-publication","anchor-paper-37-sel4"]},{"id":"reception","level":"high","rationale":"OpenAlex reported 72 citations on 2026-07-11. Under the author-defined corpus rule, more than 10 located citations is High. The count is index- and date-dependent and does not certify the system.","basis_source_anchor_ids":["anchor-paper-37-citations"]},{"id":"contribution_significance","level":"high","rationale":"The paper presents the first claimed hybrid RA design centered on a formally verified microkernel, implements it on two boards, and has substantial documented follow-on attention. Priority, deployment, and independent replication were not separately audited.","basis_source_anchor_ids":["anchor-paper-37-problem","anchor-paper-37-citations"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI lookup","citation_count":72,"source_url":"https://openalex.org/W2604623598","signals":["OpenAlex reported 72 works citing the WiSec paper."],"limitation":"Citation counts vary by index and date, may include self-citations, and do not establish that later work reproduced the prototype or verified the full system composition."}},"paper_38":{"schema_version":"0.1","map_id":"paper-38-map","publication_id":38,"publication_anchor":"paper-38","slug":"paper-38","canonical_path":"/knowledge/papers/paper-38/","machine_path":"/knowledge/papers/paper-38.json","root_node_id":"paper-38","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned","year":2017,"status":"Published","venue":"47th IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W)","topic":"secure-systems-networks","labels":["Applied","System","Implementation","Formal Verification"],"authors":["Karim Eldefrawy","Norrathep Rattanavipanon","Gene Tsudik"],"keywords":["remote attestation","HYDRA","seL4","secure boot","embedded systems","lessons learned"],"research_question":"What engineering choices and platform obstacles arise when replacing custom hybrid-attestation hardware controls with a formally verified microkernel on a commodity embedded board?","central_answer":"The DSN-W paper condenses HYDRA's design and reports five engineering lessons: use a MAC-based hybrid design with software-efficient checksums; map minimal RA properties to seL4 capabilities but retain ROM immutability; bridge seL4's initialization and hardware proof assumptions with secure boot and, eventually, verified processors; approximate a missing real-time clock with persisted timestamps and a counter; and select a board with configurable hardware-authenticated boot. Its Sabre Lite prototype reports linear scaling and sub-500-millisecond attestation of 10 MB.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, lessons-learned mapping, and initial assessment"}],"method":"Source-grounded review of the complete four-page author-uploaded text exposed through the recorded ResearchGate route, cross-checked against the IEEE DOI and the authors' full HYDRA version. A currently listed coauthor PDF link redirected to a missing file, so no local PDF fixity or page rendering was possible; section and figure locators follow the author-uploaded text.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author audit. Companion-version differences, lesson interpretations, measurements, and ratings should be checked by an author before approval."}},"sources":[{"id":"source-paper-38-author-full-text","type":"author_hosted_copy","title":"Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned","url":"https://www.researchgate.net/publication/316555338_FUsing_Hybrid_Remote_Attestation_with_a_Formally_Verified_Microkernel_Lessons_Learned","provenance_category":"author","media_type":"application/pdf","availability_note":"Public author-uploaded full text is readable through the landing page; a separate coauthor PDF link was listed but returned a missing-file response during this audit."},{"id":"source-paper-38-official","type":"official_publication_record","title":"IEEE DSN-W 2017 publication record","url":"https://doi.org/10.1109/DSN-W.2017.31","provenance_category":"official"},{"id":"source-paper-38-full-version","type":"related_publication","title":"HYDRA: Hybrid Design for Remote Attestation Using a Formally Verified Microkernel","url":"https://arxiv.org/abs/1703.02688","provenance_category":"archive"},{"id":"source-paper-38-openalex","type":"citation_index_snapshot","title":"OpenAlex record W2750909795","url":"https://openalex.org/W2750909795","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-38-problem","source_id":"source-paper-38-author-full-text","label":"HYDRA motivation, contributions, and headline performance","locator":"Abstract and Section I","url":"https://www.researchgate.net/publication/316555338_FUsing_Hybrid_Remote_Attestation_with_a_Formally_Verified_Microkernel_Lessons_Learned"},{"id":"anchor-paper-38-properties","source_id":"source-paper-38-author-full-text","label":"Minimal security properties for hybrid remote attestation","locator":"Section III","url":"https://www.researchgate.net/publication/316555338_FUsing_Hybrid_Remote_Attestation_with_a_Formally_Verified_Microkernel_Lessons_Learned"},{"id":"anchor-paper-38-sel4","source_id":"source-paper-38-author-full-text","label":"seL4 proof and capability-enforcement basis","locator":"Section IV-A","url":"https://www.researchgate.net/publication/316555338_FUsing_Hybrid_Remote_Attestation_with_a_Formally_Verified_Microkernel_Lessons_Learned"},{"id":"anchor-paper-38-controls","source_id":"source-paper-38-author-full-text","label":"Mapping RA properties to access-control configuration C1-C3","locator":"Section IV-B and Table I","url":"https://www.researchgate.net/publication/316555338_FUsing_Hybrid_Remote_Attestation_with_a_Formally_Verified_Microkernel_Lessons_Learned"},{"id":"anchor-paper-38-protocol","source_id":"source-paper-38-author-full-text","label":"Boot, seL4 setup, and attestation sequence","locator":"Section IV-C and Figure 2","url":"https://www.researchgate.net/publication/316555338_FUsing_Hybrid_Remote_Attestation_with_a_Formally_Verified_Microkernel_Lessons_Learned"},{"id":"anchor-paper-38-evaluation","source_id":"source-paper-38-author-full-text","label":"Sabre Lite runtime breakdown, MAC comparison, and scaling","locator":"Section V and Figure 3","url":"https://www.researchgate.net/publication/316555338_FUsing_Hybrid_Remote_Attestation_with_a_Formally_Verified_Microkernel_Lessons_Learned"},{"id":"anchor-paper-38-lessons","source_id":"source-paper-38-author-full-text","label":"Five implementation challenges and lessons","locator":"Section VI","url":"https://www.researchgate.net/publication/316555338_FUsing_Hybrid_Remote_Attestation_with_a_Formally_Verified_Microkernel_Lessons_Learned"},{"id":"anchor-paper-38-publication","source_id":"source-paper-38-official","label":"Official DSN-W publication identity","locator":"DSN-W 2017, pages 141-144, DOI 10.1109/DSN-W.2017.31","url":"https://doi.org/10.1109/DSN-W.2017.31"},{"id":"anchor-paper-38-lineage","source_id":"source-paper-38-full-version","label":"Full HYDRA design and evaluation","locator":"arXiv 1703.02688; mapped separately as publication","url":"https://arxiv.org/abs/1703.02688"},{"id":"anchor-paper-38-citations","source_id":"source-paper-38-openalex","label":"Dated citation-count snapshot","locator":"OpenAlex reported 5 citing works when accessed 2026-07-11","url":"https://openalex.org/W2750909795"}],"nodes":[{"id":"paper-38","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned","summary":"A four-page companion paper that compresses HYDRA's seL4-based remote-attestation architecture, reports Sabre Lite feasibility data, and foregrounds the engineering gaps between a verified kernel and a trustworthy deployed attestation system.","source_anchor_ids":["anchor-paper-38-problem"]},{"id":"paper-38-question","kind":"question","parent_id":"paper-38","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Which security properties can seL4 enforce for hybrid attestation, which properties still require hardware or platform support, and what practical obstacles appear in a commodity prototype?","source_anchor_ids":["anchor-paper-38-problem","anchor-paper-38-lessons"]},{"id":"paper-38-answer","kind":"contribution","parent_id":"paper-38","order":2,"epistemic_status":"source_asserted","title":"Architecture plus implementation lessons","summary":"seL4 capabilities and scheduling can enforce most key, memory, isolation, and atomicity requirements, but secure initialization, immutable boot trust, hardware correctness, and reliable time remain outside the kernel proof and require explicit platform mechanisms.","source_anchor_ids":["anchor-paper-38-controls","anchor-paper-38-lessons"]},{"id":"paper-38-requirements","kind":"requirement_group","parent_id":"paper-38","order":3,"epistemic_status":"adopted_from_prior_analysis","title":"Hybrid-attestation security requirements","summary":"The paper uses exclusive key access, no key-derived leakage, code immutability, uninterruptible execution, and controlled invocation as the minimal properties; it argues secure reset is unnecessary when atomic invocation is enforced.","source_anchor_ids":["anchor-paper-38-properties"]},{"id":"paper-38-sel4","kind":"verified_component","parent_id":"paper-38","order":4,"epistemic_status":"externally_machine_checked","title":"seL4 guarantee base","summary":"The seL4 refinement proof and access-control work establish functional correctness, authority confinement, integrity, and confidentiality for the microkernel and a correctly specified capability configuration.","source_anchor_ids":["anchor-paper-38-sel4"]},{"id":"paper-38-assumption-proof","kind":"assumption","parent_id":"paper-38-sel4","order":1,"epistemic_status":"outside_proof","title":"Initialization and hardware assumptions","summary":"The inherited proof assumes the kernel is loaded correctly into a consistent state and the processor behaves correctly. HYDRA uses hardware secure boot for the first premise; no commercially available formally verified processor closes the second premise.","source_anchor_ids":["anchor-paper-38-lessons"]},{"id":"paper-38-design","kind":"system","parent_id":"paper-38","order":5,"epistemic_status":"specified_and_implemented","title":"HYDRA capability architecture","summary":"The attestation process is the initial and highest-priority user process, with exclusive access to its executable and embedded K, its thread-control block, and its virtual address space; it spawns lower-priority applications with non-conflicting capabilities.","source_anchor_ids":["anchor-paper-38-controls","anchor-paper-38-protocol"]},{"id":"paper-38-protocol","kind":"protocol","parent_id":"paper-38","order":6,"epistemic_status":"specified_and_implemented","title":"Boot-to-attestation sequence","summary":"ROM verifies seL4, seL4 authenticates and starts the protected process, and that process rejects stale or unauthenticated requests before MACing a named memory interval of a target process and returning the checksum.","source_anchor_ids":["anchor-paper-38-protocol"]},{"id":"paper-38-protocol-freshness","kind":"protocol","parent_id":"paper-38-protocol","order":1,"epistemic_status":"workaround","title":"Persisted pseudo-timestamp","summary":"Lacking a seL4 real-time-clock driver, the prototype loads a timestamp saved before reboot, validates the first new request's larger timestamp, starts a counter, and periodically persists their combination for later restarts.","source_anchor_ids":["anchor-paper-38-lessons"]},{"id":"paper-38-lessons","kind":"contribution_group","parent_id":"paper-38","order":7,"epistemic_status":"experience_report","title":"Engineering lessons","summary":"The paper records decisions and unresolved platform dependencies that are easy to hide when a verified component is described as if it verified an entire system.","source_anchor_ids":["anchor-paper-38-lessons"]},{"id":"paper-38-lesson-design","kind":"contribution","parent_id":"paper-38-lessons","order":1,"epistemic_status":"experience_based","title":"Choose hybrid MAC attestation deliberately","summary":"Software-only timing attestation depends on disputed optimal-checksum assumptions and complete hardware attestation is not easily emulated; a challenge-response MAC fits the hybrid model, with Speck and BLAKE2S performing best among the tested software implementations.","source_anchor_ids":["anchor-paper-38-lessons","anchor-paper-38-evaluation"]},{"id":"paper-38-lesson-properties","kind":"contribution","parent_id":"paper-38-lessons","order":2,"epistemic_status":"experience_based","title":"Verified isolation does not eliminate all hardware","summary":"seL4 emulates most access-control properties previously supplied by processor logic, while immutable storage and authenticated boot are still required to ensure the intended kernel and attestation code start first.","source_anchor_ids":["anchor-paper-38-controls","anchor-paper-38-lessons"]},{"id":"paper-38-lesson-platform","kind":"contribution","parent_id":"paper-38-lessons","order":3,"epistemic_status":"experience_based","title":"Board capabilities constrain assurance","summary":"A usable prototype needs configurable secure-boot ROM and drivers for security-critical devices. Sabre Lite's High Assurance Boot can authenticate a signed image, but the absent clock driver forced a weaker timestamp workaround.","source_anchor_ids":["anchor-paper-38-lessons"]},{"id":"paper-38-claims","kind":"claim_group","parent_id":"paper-38","order":8,"epistemic_status":"source_asserted","title":"Main claims","summary":"The source reports an implemented hybrid design, conditional enforcement of the adopted RA properties, and platform-scale feasibility; its compressed format refers readers to the full HYDRA paper for a broader threat and security analysis.","source_anchor_ids":["anchor-paper-38-controls","anchor-paper-38-evaluation","anchor-paper-38-lineage"]},{"id":"paper-38-claim-security","kind":"claim","parent_id":"paper-38-claims","order":1,"epistemic_status":"configuration_argument","title":"Capability realization of RA properties","summary":"Exclusive executable/key, TCB, and VSpace capabilities plus highest scheduling priority are argued to realize key secrecy, no leaks, immutability at runtime, uninterruptibility, and controlled invocation, conditional on correct secure boot and code.","source_anchor_ids":["anchor-paper-38-controls"]},{"id":"paper-38-claim-performance","kind":"claim","parent_id":"paper-38-claims","order":2,"epistemic_status":"measured","title":"Sabre Lite feasibility","summary":"The paper reports under 500 milliseconds for a 10 MB region with Speck, at least a one-third speed advantage for Speck and BLAKE2S over other tested MACs, and approximately linear runtime in memory size and process count.","source_anchor_ids":["anchor-paper-38-evaluation"]},{"id":"paper-38-evidence","kind":"evidence_group","parent_id":"paper-38","order":9,"epistemic_status":"compressed_mixed_evidence","title":"Evidence","summary":"Evidence consists of inherited seL4 proof results, an explicit property-to-capability mapping, the boot and protocol design, a commodity Sabre Lite implementation, and microbenchmarks decomposed into request verification, memory mapping, and MAC work.","source_anchor_ids":["anchor-paper-38-sel4","anchor-paper-38-controls","anchor-paper-38-protocol","anchor-paper-38-evaluation"]},{"id":"paper-38-evidence-runtime","kind":"evidence","parent_id":"paper-38-evidence","order":1,"epistemic_status":"reported_experiment","title":"Runtime composition","summary":"MacMem consumes about 84 percent of time for a 1 MB region and about 90 percent for 10 KB in this version; request verification and memory mapping together remain below 20 percent.","source_anchor_ids":["anchor-paper-38-evaluation"]},{"id":"paper-38-boundaries","kind":"limitation_group","parent_id":"paper-38","order":10,"epistemic_status":"material","title":"Assurance boundaries","summary":"seL4's proof covers the kernel, not the processor, boot ROM, board initialization, attestation code, cryptographic implementation, timestamp persistence, drivers, or the full composition. The paper also does not reproduce a complete adversarial model or end-to-end proof in four pages.","source_anchor_ids":["anchor-paper-38-lessons","anchor-paper-38-lineage"]},{"id":"paper-38-boundary-version","kind":"limitation","parent_id":"paper-38-boundaries","order":1,"epistemic_status":"companion_version","title":"Short companion, not the full HYDRA paper","summary":"This DSN-W article reports under 500 milliseconds and emphasizes lessons; the longer WiSec/arXiv version maps more assumptions, two platforms, and an expanded evaluation, including a later sub-250-millisecond Sabre Lite result. The records should not be conflated.","source_anchor_ids":["anchor-paper-38-evaluation","anchor-paper-38-lineage"]},{"id":"paper-38-artifacts","kind":"artifact_group","parent_id":"paper-38","order":11,"epistemic_status":"partial","title":"Artifacts and reproducibility","summary":"The author-uploaded paper, official DOI, public full HYDRA version, and public presentation material expose the design. No publication-specific code, exact build image, benchmark scripts, or raw measurements were located.","source_anchor_ids":["anchor-paper-38-problem","anchor-paper-38-lineage"]},{"id":"paper-38-scrutiny","kind":"scrutiny","parent_id":"paper-38","order":12,"epistemic_status":"workshop_reviewed","title":"External scrutiny","summary":"The work appeared in the DSN Workshops/industry-track proceedings and cites the separately reviewed full WiSec paper. Public reviews, an independent end-to-end proof audit, and a reproduction were not located.","source_anchor_ids":["anchor-paper-38-publication","anchor-paper-38-lineage"]}],"relations":[{"id":"paper-38-relation-answer-question","type":"addresses","from_id":"paper-38-answer","to_id":"paper-38-question"},{"id":"paper-38-relation-sel4-design","type":"supports","from_id":"paper-38-sel4","to_id":"paper-38-design"},{"id":"paper-38-relation-design-protocol","type":"enables","from_id":"paper-38-design","to_id":"paper-38-protocol"},{"id":"paper-38-relation-freshness-protocol","type":"component_of","from_id":"paper-38-protocol-freshness","to_id":"paper-38-protocol"},{"id":"paper-38-relation-design-security","type":"supports","from_id":"paper-38-design","to_id":"paper-38-claim-security"},{"id":"paper-38-relation-runtime-performance","type":"supports","from_id":"paper-38-evidence-runtime","to_id":"paper-38-claim-performance"},{"id":"paper-38-relation-proof-security","type":"qualifies","from_id":"paper-38-assumption-proof","to_id":"paper-38-claim-security"},{"id":"paper-38-relation-boundaries-security","type":"limits","from_id":"paper-38-boundaries","to_id":"paper-38-claim-security"},{"id":"paper-38-relation-lineage-paper","type":"contextualizes","from_id":"paper-38-boundary-version","to_id":"paper-38"}],"assessment":{"id":"paper-38-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The complete short paper combines inherited seL4 proofs, a concrete property mapping, an implemented protocol, and Sabre Lite measurements, but it compresses the threat/security analysis, provides no end-to-end proof, and points to the full HYDRA paper for detail.","basis_source_anchor_ids":["anchor-paper-38-sel4","anchor-paper-38-controls","anchor-paper-38-evaluation","anchor-paper-38-lineage"]},{"id":"auditability","level":"high","rationale":"A public author-uploaded full-text route, official DOI, and public full-version archive make the represented short paper directly inspectable, satisfying the author-defined High rule. A stable direct PDF and local fixity could not be obtained.","basis_source_anchor_ids":["anchor-paper-38-problem","anchor-paper-38-publication","anchor-paper-38-lineage"]},{"id":"production_provenance","level":"medium","rationale":"Named authors, affiliations, venue, DOI, author upload, companion-version identity, platform, and cited proof base are documented. Contributor roles, revision history, exact source commit, build image, and experiment lineage were not audited.","basis_source_anchor_ids":["anchor-paper-38-problem","anchor-paper-38-publication","anchor-paper-38-lineage"]},{"id":"external_scrutiny","level":"medium","rationale":"DSN-W publication and the separately reviewed full WiSec paper establish external exposure, while public reports, independent verification of the HYDRA composition, and reproduction remain unavailable.","basis_source_anchor_ids":["anchor-paper-38-publication","anchor-paper-38-lineage"]},{"id":"reception","level":"low","rationale":"OpenAlex reported 5 citations on 2026-07-11. Under the author-defined corpus rule, 0 through 8 located citations is Low. Citations to the longer HYDRA paper are counted separately.","basis_source_anchor_ids":["anchor-paper-38-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The companion captures reusable engineering lessons about verified-component composition, secure boot, trusted hardware, and time sources, but its core design contribution and much of its evaluation are shared with the separately mapped full HYDRA paper.","basis_source_anchor_ids":["anchor-paper-38-lessons","anchor-paper-38-lineage"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI lookup","citation_count":5,"source_url":"https://openalex.org/W2750909795","signals":["OpenAlex reported 5 works citing this DSN-W record."],"limitation":"Citation counts vary by index and date; many readers may cite the longer WiSec/arXiv HYDRA paper instead, and those citations should not be merged into this record without an explicit version-level rule."}},"paper_39":{"schema_version":"0.1","map_id":"paper-39-map","publication_id":39,"publication_anchor":"paper-39","slug":"paper-39","canonical_path":"/knowledge/papers/paper-39/","machine_path":"/knowledge/papers/paper-39.json","root_node_id":"paper-39","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":[],"title":"Security Threats, Defenses, and Recommended Practices for Enterprise Mobility","year":2018,"status":"Published · public full text not located","venue":"Information Systems Security Association (ISSA) Journal, Volume 16, Number 5","topic":"secure-systems-networks","labels":["Perspective"],"authors":["Karim Eldefrawy","Vincent Sritapan"],"keywords":["enterprise mobility","mobile security","security guidance","recommended practices"],"availability":"The official author bibliography and independent citations confirm publication on pages 25-31, but systematic title, author, issue, archive, and PDF searches did not locate public full text.","research_question":"What threats, defenses, and recommended organizational practices should enterprises consider when employees and services rely on mobile devices?","central_answer":"The title establishes a practitioner guidance objective, but no source-audited answer can be represented: the public record does not expose the article's threat taxonomy, recommendation set, evidence base, scope, or assumptions.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"systematic availability search, metadata mapping, and bounded assessment"}],"method":"Searched exact title, both authors, ISSA Journal volume 16 number 5, page range, and PDF variants across general web results, the publisher, author bibliographies, bibliographic indexes, and archives. Only publication metadata, author biographies, and later references were located. No claim about the article's substantive content is inferred beyond its title.","source_scope":"metadata_only_full_text_unavailable","approval":{"status":"pending","note":"AI-authored bounded map awaiting full author audit and a copy of the article. Substantive knowledge nodes should be added only after the 25-31 page text is supplied or located."}},"sources":[{"id":"source-paper-39-publisher","type":"official_publication_record","title":"ISSA Journal 2018 author bibliography","url":"https://www.members.issa.org/page/journal-authors-2018","provenance_category":"official"},{"id":"source-paper-39-author-record","type":"author_bibliography","title":"Karim Eldefrawy publication record","url":"https://keldefrawy.github.io/pubs.html","provenance_category":"author"},{"id":"source-paper-39-independent-citation","type":"bibliographic_citation","title":"Independent dissertation bibliography identifying ISSA Journal pages 25-31","url":"https://scholarworks.waldenu.edu/cgi/viewcontent.cgi?article=10638&context=dissertations","accessed_at":"2026-07-11"},{"id":"source-paper-39-patent-citation","type":"reception_signal","title":"Google Patents record citing the article","url":"https://patents.google.com/patent/US20180191760A1","accessed_at":"2026-07-11"},{"id":"source-paper-39-openalex-search","type":"citation_index_snapshot","title":"OpenAlex exact-title search","url":"https://api.openalex.org/works?filter=title.search:Security%20Threats%20Defenses%20and%20Recommended%20Practices%20for%20Enterprise%20Mobility","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-39-bibliography","source_id":"source-paper-39-publisher","label":"Publisher confirmation of title and authors","locator":"2018 ISSA Journal Authors entries for Vincent Sritapan and Karim Eldefrawy","url":"https://www.members.issa.org/page/journal-authors-2018"},{"id":"anchor-paper-39-author-record","source_id":"source-paper-39-author-record","label":"Author publication listing","locator":"Publication","url":"https://keldefrawy.github.io/pubs.html"},{"id":"anchor-paper-39-pages","source_id":"source-paper-39-independent-citation","label":"Independent bibliographic page-range confirmation","locator":"Bibliography entry cites ISSA Journal 16(5), pages 25-31","url":"https://scholarworks.waldenu.edu/cgi/viewcontent.cgi?article=10638&context=dissertations"},{"id":"anchor-paper-39-reception","source_id":"source-paper-39-patent-citation","label":"Located non-academic citation signal","locator":"Google Patents family-citation listing names the 2018 article","url":"https://patents.google.com/patent/US20180191760A1"},{"id":"anchor-paper-39-index-search","source_id":"source-paper-39-openalex-search","label":"Dated exact-title index search","locator":"OpenAlex returned no exact-title work record on 2026-07-11","url":"https://api.openalex.org/works?filter=title.search:Security%20Threats%20Defenses%20and%20Recommended%20Practices%20for%20Enterprise%20Mobility"}],"nodes":[{"id":"paper-39","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published_metadata_only","title":"Security Threats, Defenses, and Recommended Practices for Enterprise Mobility","summary":"A seven-page ISSA Journal practitioner article whose existence, authorship, issue, and page range are corroborated, but whose public full text and substantive contents were not located.","source_anchor_ids":["anchor-paper-39-bibliography","anchor-paper-39-pages"]},{"id":"paper-39-question","kind":"question","parent_id":"paper-39","order":1,"epistemic_status":"title_derived","title":"Apparent organizing question","summary":"Which security risks arise in enterprise mobility, and which defensive practices should organizations adopt? This wording is a conservative restatement of the title, not a quotation or source-audited research question.","source_anchor_ids":["anchor-paper-39-bibliography"]},{"id":"paper-39-format","kind":"scope","parent_id":"paper-39","order":2,"epistemic_status":"bibliographically_verified","title":"Publication form","summary":"The article appeared in the practitioner-facing ISSA Journal, volume 16, number 5, May 2018, on pages 25-31. The publisher page supplies author biographies but no abstract or article body.","source_anchor_ids":["anchor-paper-39-bibliography","anchor-paper-39-pages"]},{"id":"paper-39-orientation","kind":"contribution","parent_id":"paper-39","order":3,"epistemic_status":"title_and_venue_only","title":"Perspective and guidance orientation","summary":"The verified title frames the work as threat/defense synthesis and recommended practice, supporting the Perspective label. It does not establish a new protocol, primitive, system, algorithm, dataset, or formal theorem.","source_anchor_ids":["anchor-paper-39-bibliography"]},{"id":"paper-39-claims","kind":"claim_group","parent_id":"paper-39","order":4,"epistemic_status":"unavailable","title":"Substantive claims not represented","summary":"No threat taxonomy, defense mapping, recommendation, case study, empirical result, standards reference, or prioritization claim is included in this map because none could be checked against the article.","source_anchor_ids":["anchor-paper-39-bibliography"]},{"id":"paper-39-evidence","kind":"evidence_group","parent_id":"paper-39","order":5,"epistemic_status":"unavailable","title":"Evidence unavailable for audit","summary":"The public records do not reveal whether the guidance derives from literature review, field experience, government programs, incident data, standards analysis, or author judgment.","source_anchor_ids":["anchor-paper-39-bibliography","anchor-paper-39-pages"]},{"id":"paper-39-boundaries","kind":"limitation_group","parent_id":"paper-39","order":6,"epistemic_status":"material","title":"Map boundary","summary":"Without the article, its definition of enterprise mobility, covered platforms, adversary model, organizational assumptions, date-sensitive recommendations, and limitations remain unknown.","source_anchor_ids":["anchor-paper-39-bibliography"]},{"id":"paper-39-boundary-temporal","kind":"limitation","parent_id":"paper-39-boundaries","order":1,"epistemic_status":"editorial_caution","title":"Time-sensitive practice guidance","summary":"Any 2018 platform, product, threat, or practice recommendation may now be historically informative rather than current. The missing text prevents identifying which statements are stable principles and which are time-bound.","source_anchor_ids":["anchor-paper-39-pages"]},{"id":"paper-39-availability","kind":"artifact_group","parent_id":"paper-39","order":7,"epistemic_status":"searched_not_found","title":"Availability and artifacts","summary":"The publisher bibliography, author listing, and independent citations are public. No PDF, abstract, archived issue copy, supplementary artifact, code, dataset, or standards crosswalk was located.","source_anchor_ids":["anchor-paper-39-bibliography","anchor-paper-39-author-record","anchor-paper-39-pages"]},{"id":"paper-39-scrutiny","kind":"scrutiny","parent_id":"paper-39","order":8,"epistemic_status":"editorial_process_unknown","title":"External scrutiny","summary":"Publication in ISSA Journal establishes editorial exposure, but the represented sources do not document peer-review criteria, reviewer comments, corrections, independent validation, or formal endorsement of the recommendations.","source_anchor_ids":["anchor-paper-39-bibliography"]},{"id":"paper-39-reception","kind":"reception","parent_id":"paper-39","order":9,"epistemic_status":"bounded_search_result","title":"Located references","summary":"Exact-title searches located an independent dissertation bibliography and a patent-family citation listing. OpenAlex returned no exact-title work record, so these are minimum located signals rather than a comprehensive citation count.","source_anchor_ids":["anchor-paper-39-pages","anchor-paper-39-reception","anchor-paper-39-index-search"]}],"relations":[{"id":"paper-39-relation-question-paper","type":"organizes","from_id":"paper-39-question","to_id":"paper-39"},{"id":"paper-39-relation-orientation-paper","type":"characterizes","from_id":"paper-39-orientation","to_id":"paper-39"},{"id":"paper-39-relation-boundaries-claims","type":"prevents_assessment_of","from_id":"paper-39-boundaries","to_id":"paper-39-claims"},{"id":"paper-39-relation-availability-evidence","type":"limits_audit_of","from_id":"paper-39-availability","to_id":"paper-39-evidence"},{"id":"paper-39-relation-reception-paper","type":"contextualizes","from_id":"paper-39-reception","to_id":"paper-39"}],"assessment":{"id":"paper-39-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"low","rationale":"Only bibliographic facts and a title-derived orientation are auditable; no substantive claim, recommendation, evidence source, or limitation could be checked against the article.","basis_source_anchor_ids":["anchor-paper-39-bibliography","anchor-paper-39-pages"]},{"id":"auditability","level":"medium","rationale":"The resource record provides only official publication metadata and no public archive or author-hosted copy. Under the author-defined rule, this makes Auditability Medium rather than High.","basis_source_anchor_ids":["anchor-paper-39-bibliography","anchor-paper-39-author-record"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, author biographies, month, volume, issue, and pages establish baseline provenance. Contributor roles, revision history, source materials, conflicts, and approval trail are unavailable.","basis_source_anchor_ids":["anchor-paper-39-bibliography","anchor-paper-39-pages"]},{"id":"external_scrutiny","level":"medium","rationale":"ISSA Journal publication establishes editorial exposure, but peer-review status, review reports, correction history, and independent validation are unknown.","basis_source_anchor_ids":["anchor-paper-39-bibliography"]},{"id":"reception","level":"low","rationale":"The dated search located two explicit downstream references and no OpenAlex exact-title record. Under the author-defined corpus rule, 0 through 8 located citations is Low.","basis_source_anchor_ids":["anchor-paper-39-pages","anchor-paper-39-reception","anchor-paper-39-index-search"]},{"id":"contribution_significance","level":"not_assessed","rationale":"The unavailable article body prevents assessment of novelty, breadth, prioritization, or whether its recommendations changed practice; a title alone is insufficient to rate significance.","basis_source_anchor_ids":["anchor-paper-39-bibliography"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"Exact-title web, publisher, bibliography, patent, and OpenAlex title-index search","citation_count":2,"count_kind":"minimum_explicit_references_located","source_url":"https://www.members.issa.org/page/journal-authors-2018","signals":["A later dissertation bibliography cites the ISSA Journal article and identifies pages 25-31.","A Google Patents record lists the article in its citation family."],"limitation":"This is not a normalized scholarly-index total; OpenAlex has no exact-title record, search engines may miss paywalled citations, and the two located signals are heterogeneous."}},"paper_4":{"schema_version":"0.1","map_id":"paper-4-map","publication_id":4,"publication_anchor":"paper-4","slug":"paper-4","canonical_path":"/knowledge/papers/paper-4/","machine_path":"/knowledge/papers/paper-4.json","root_node_id":"paper-4","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":[],"title":"Incentive-Based Cooperative and Secure Inter-Personal Networking","year":2007,"venue":"ACM MobiOpp","topic":"secure-systems-networks","labels":["Applied","Perspective"],"authors":["Karim Eldefrawy","Magda El Zarki","Gene Tsudik"],"keywords":["cooperative networking","personal-area networks","connectivity sharing","incentive mechanisms"],"research_question":"How could one user's wireless personal-area network obtain short-lived connectivity through another user's devices while preserving policy control, accountability, privacy, and an incentive to share resources?","central_answer":"Treat each multi-device WPAN as a negotiating entity: gateways discover peer providers, exchange credentials, negotiate policy-constrained contracts, use escrowed anonymity and guest access controls, and settle service through micropayments. The paper outlines this architecture and its open design questions rather than implementing or experimentally validating it.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, evidence linking, and initial assessment"}],"method":"Full-source audit of the checked-in author-hosted paper and official ACM DOI record.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-drafted, source-linked map awaiting author verification before approval."}},"sources":[{"id":"source-paper-4-paper","type":"author_copy","title":"Incentive-Based Cooperative and Secure Inter-Personal Networking","url":"/pubs/2007/incentive-cooperative-interpersonal-mobiopp2007.pdf","media_type":"application/pdf","sha256":"6731baf7194145837211b27b6ede1b646d60591407dd2f497f36ecdd070ad514","page_count":5,"provenance_category":"author","version_note":"Author-hosted conference paper; local copy checked 2026-07-11."},{"id":"source-paper-4-official","type":"official_publication_record","title":"ACM DOI record","url":"https://doi.org/10.1145/1247694.1247706"},{"id":"source-paper-4-author","type":"author_copy_origin","title":"UCI author copy","url":"https://ics.uci.edu/~gts/paps/ezt07.pdf"},{"id":"source-paper-4-citations","type":"citation_search","title":"Dated scholarly-web citation search","url":"https://scholar.google.com/scholar?q=%22Incentive-Based+Cooperative+and+Secure+Inter-Personal+Networking%22","version_note":"Search attempted 2026-07-11; no transparent citation count was retrievable in this environment."}],"source_anchors":[{"id":"anchor-paper-4-problem","source_id":"source-paper-4-paper","label":"Motivation and contribution","locator":"Abstract and Section 1, PDF pages 1-2 (printed pages 57-58)","url":"/pubs/2007/incentive-cooperative-interpersonal-mobiopp2007.pdf#page=1"},{"id":"anchor-paper-4-operation","source_id":"source-paper-4-paper","label":"Framework overview and negotiation sequence","locator":"Sections 2 and 2.1, PDF page 2 (printed page 58)","url":"/pubs/2007/incentive-cooperative-interpersonal-mobiopp2007.pdf#page=2"},{"id":"anchor-paper-4-security","source_id":"source-paper-4-paper","label":"Escrowed anonymity and group-signature proposal","locator":"Section 3.1, PDF page 3 (printed page 59)","url":"/pubs/2007/incentive-cooperative-interpersonal-mobiopp2007.pdf#page=3"},{"id":"anchor-paper-4-policy","source_id":"source-paper-4-paper","label":"Authentication, access control, and policy questions","locator":"Section 3.3, PDF pages 3-4 (printed pages 59-60)","url":"/pubs/2007/incentive-cooperative-interpersonal-mobiopp2007.pdf#page=3"},{"id":"anchor-paper-4-incentives","source_id":"source-paper-4-paper","label":"Billing, reputation, and micropayments","locator":"Section 3.4, PDF page 4 (printed page 60)","url":"/pubs/2007/incentive-cooperative-interpersonal-mobiopp2007.pdf#page=4"},{"id":"anchor-paper-4-conclusion","source_id":"source-paper-4-paper","label":"Scope of the paper's result","locator":"Section 4, PDF page 4 (printed page 60)","url":"/pubs/2007/incentive-cooperative-interpersonal-mobiopp2007.pdf#page=4"},{"id":"anchor-paper-4-provenance","source_id":"source-paper-4-author","label":"Author-copy provenance","locator":"Public UCI author-hosted PDF","url":"https://ics.uci.edu/~gts/paps/ezt07.pdf"},{"id":"anchor-paper-4-publication","source_id":"source-paper-4-official","label":"Official publication metadata","locator":"DOI 10.1145/1247694.1247706","url":"https://doi.org/10.1145/1247694.1247706"},{"id":"anchor-paper-4-citation-search","source_id":"source-paper-4-citations","label":"Citation search attempted","locator":"Exact-title search, 2026-07-11; no verified count retrieved","url":"https://scholar.google.com/scholar?q=%22Incentive-Based+Cooperative+and+Secure+Inter-Personal+Networking%22"}],"nodes":[{"id":"paper-4","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Incentive-Based Cooperative and Secure Inter-Personal Networking","summary":"A perspective and architecture paper for policy-controlled, incentive-compatible connectivity sharing between users' multi-device WPANs.","source_anchor_ids":["anchor-paper-4-problem","anchor-paper-4-publication"]},{"id":"paper-4-question","kind":"question","parent_id":"paper-4","order":1,"epistemic_status":"research_question","title":"Research question","summary":"How can a stranded user's WPAN negotiate secure temporary access through a nearby user's WPAN?","source_anchor_ids":["anchor-paper-4-problem"]},{"id":"paper-4-answer","kind":"contribution","parent_id":"paper-4","order":2,"epistemic_status":"architectural_proposal","title":"Proposed framework","summary":"WPANs act as entities that discover peers, exchange certificates, negotiate short contracts under owner policies, enforce limited guest access, and exchange micropayments.","source_anchor_ids":["anchor-paper-4-operation","anchor-paper-4-policy","anchor-paper-4-incentives"]},{"id":"paper-4-workflow","kind":"mechanism","parent_id":"paper-4","order":3,"epistemic_status":"outlined","title":"Negotiation workflow","summary":"Devices coordinate interface information, select a gateway and peer provider, mutually authenticate, establish trust metrics and contractual terms, then initiate payment for the delivered service.","source_anchor_ids":["anchor-paper-4-operation"]},{"id":"paper-4-security","kind":"design","parent_id":"paper-4","order":4,"epistemic_status":"proposed","title":"Escrowed anonymity","summary":"Group signatures are proposed to authenticate customers and traders anonymously while allowing a group manager to reveal a signer during a dispute.","source_anchor_ids":["anchor-paper-4-security"]},{"id":"paper-4-policy","kind":"design","parent_id":"paper-4","order":5,"epistemic_status":"requirements_and_open_questions","title":"Access control and policy","summary":"Guest profiles should constrain relayed traffic, but policy authoring, distribution, adaptation, device failure, and traffic attribution remain design questions.","source_anchor_ids":["anchor-paper-4-policy"]},{"id":"paper-4-incentives","kind":"design","parent_id":"paper-4","order":6,"epistemic_status":"proposed","title":"Micropayments and reputation","summary":"Small incremental payments are intended to reduce losses from a misbehaving provider and reward users for resale of connectivity; a scalable cheat-resistant billing system is not supplied.","source_anchor_ids":["anchor-paper-4-incentives"]},{"id":"paper-4-scope","kind":"scope","parent_id":"paper-4","order":7,"epistemic_status":"explicitly_scoped","title":"System boundary","summary":"The unit of cooperation is a changing, multi-device WPAN rather than a single handset; the architecture assumes service-provider participation and trusted infrastructure for credentials, group management, and eventual settlement.","source_anchor_ids":["anchor-paper-4-problem","anchor-paper-4-security","anchor-paper-4-incentives"]},{"id":"paper-4-limitations","kind":"limitation_group","parent_id":"paper-4","order":8,"epistemic_status":"material","title":"Unvalidated components","summary":"The paper outlines a framework. It provides no complete protocol, security definition or proof, implementation, performance measurements, usability study, or deployment evidence.","source_anchor_ids":["anchor-paper-4-security","anchor-paper-4-policy","anchor-paper-4-conclusion"]},{"id":"paper-4-artifacts","kind":"artifact","parent_id":"paper-4","order":9,"epistemic_status":"paper_available_no_code","title":"Artifacts","summary":"A fixed local author copy is available; no code, prototype, policy language, payment implementation, or dataset was located.","source_anchor_ids":["anchor-paper-4-provenance","anchor-paper-4-conclusion"]},{"id":"paper-4-scrutiny","kind":"scrutiny","parent_id":"paper-4","order":10,"epistemic_status":"peer_reviewed","title":"Scrutiny and positioning","summary":"The framework appeared at MobiOpp 2007 and is explicitly positioned beyond single-device connectivity markets; independent implementation or validation was not located.","source_anchor_ids":["anchor-paper-4-operation","anchor-paper-4-publication"]}],"relations":[{"id":"paper-4-relation-workflow-realizes-answer","type":"realizes","from_id":"paper-4-workflow","to_id":"paper-4-answer"},{"id":"paper-4-relation-security-component","type":"component_of","from_id":"paper-4-security","to_id":"paper-4-answer"},{"id":"paper-4-relation-policy-component","type":"component_of","from_id":"paper-4-policy","to_id":"paper-4-answer"},{"id":"paper-4-relation-incentive-component","type":"component_of","from_id":"paper-4-incentives","to_id":"paper-4-answer"},{"id":"paper-4-relation-limits-qualify-answer","type":"qualifies","from_id":"paper-4-limitations","to_id":"paper-4-answer"}],"assessment":{"id":"paper-4-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"low","rationale":"The architecture and unresolved questions are stated clearly, but the paper contains no implemented protocol, proof, experiment, or deployment evaluation.","basis_source_anchor_ids":["anchor-paper-4-operation","anchor-paper-4-security","anchor-paper-4-policy","anchor-paper-4-conclusion"]},{"id":"auditability","level":"high","rationale":"A fixed author-hosted full text is checked in with page count and hash, making the proposal and its boundaries directly inspectable.","basis_source_anchor_ids":["anchor-paper-4-provenance","anchor-paper-4-conclusion"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, an author-origin copy, and official metadata are documented; roles, revision history, effort, and tool use are not.","basis_source_anchor_ids":["anchor-paper-4-provenance","anchor-paper-4-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"The paper has an official peer-reviewed workshop publication record, but no review reports or independent implementation were located.","basis_source_anchor_ids":["anchor-paper-4-publication"]},{"id":"reception","level":"low","rationale":"No citations were verifiably located in the constrained dated search. Under the author's 0-8 rule this is low, but it is not a claim that the paper has no citations.","basis_source_anchor_ids":["anchor-paper-4-citation-search"]},{"id":"contribution_significance","level":"medium","rationale":"The paper integrates connectivity barter, multi-device WPANs, privacy, policy, and incentives into a coherent agenda, while leaving feasibility and security unvalidated.","basis_source_anchor_ids":["anchor-paper-4-problem","anchor-paper-4-operation","anchor-paper-4-conclusion"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"Exact-title scholarly-web search; transparent index count unavailable","source":"Google Scholar query route plus general scholarly-web search","citation_count":0,"signals":[],"limitation":"Zero means no citations were verifiably located during this constrained search, not a total bibliometric count; author should replace it with a confirmed index snapshot."}},"paper_40":{"schema_version":"0.1","map_id":"paper-40-map","publication_id":40,"publication_anchor":"paper-40","slug":"paper-40","canonical_path":"/knowledge/papers/paper-40/","machine_path":"/knowledge/papers/paper-40.json","root_node_id":"paper-40","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"BlockCIS: A Blockchain-Based Cyber Insurance System","year":2018,"status":"Published","venue":"IEEE International Conference on Cloud Engineering (IC2E), BAT workshop track","topic":"secure-systems-networks","labels":["Applied","System","Implementation"],"authors":["Tancrède Lepoint","Gabriela F. Ciocarlie","Karim Eldefrawy"],"keywords":["cyber insurance","permissioned blockchain","continuous security monitoring","smart contracts","Hyperledger Fabric","selective disclosure"],"research_question":"Can a permissioned distributed ledger connect insured organizations, insurers, third-party security services, and auditors in a continuous, auditable cyber-risk feedback loop rather than relying only on static questionnaires and coarse premium formulas?","central_answer":"BlockCIS specifies a four-party architecture in which entity-local nodes collect or process security evidence and exchange authorized transactions through a permissioned blockchain. The paper instantiates the design with Hyperledger and discusses smart-contract automation, incentives, and confidentiality options, but leaves operational deployment and validation of computed cyber-risk scores to future work.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, technical claim mapping, and initial assessment"}],"method":"Source-grounded review of the complete public author-uploaded paper text and figures, cross-checked against the official DOI record. Architecture, prototype, motivation, proposed privacy mechanisms, and future-work boundaries are represented separately so that a design instantiation is not mistaken for an evaluated deployment or a proved security guarantee.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author audit. Architectural interpretations, implementation characterization, and ratings remain provisional until author approval."}},"sources":[{"id":"source-paper-40-author-copy","type":"author_hosted_copy","title":"BlockCIS: A Blockchain-Based Cyber Insurance System","url":"https://www.researchgate.net/publication/325207891_BlockCIS-A_Blockchain-Based_Cyber_Insurance_System","provenance_category":"author","media_type":"application/pdf","scope_note":"Public full text uploaded by Karim Eldefrawy; a stable local binary and file hash have not yet been recorded."},{"id":"source-paper-40-official","type":"official_publication_record","title":"IEEE IC2E 2018 publication record","url":"https://doi.org/10.1109/IC2E.2018.00072","provenance_category":"official"},{"id":"source-paper-40-coauthor-listing","type":"coauthor_bibliography","title":"Tancrède Lepoint publication listing","url":"https://tancre.de/publications/","provenance_category":"author"},{"id":"source-paper-40-openalex","type":"citation_index_snapshot","title":"OpenAlex record W2804424079","url":"https://openalex.org/W2804424079","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-40-abstract","source_id":"source-paper-40-author-copy","label":"Problem statement, system objective, and prototype overview","locator":"Abstract and Introduction","url":"https://www.researchgate.net/publication/325207891_BlockCIS-A_Blockchain-Based_Cyber_Insurance_System"},{"id":"anchor-paper-40-background","source_id":"source-paper-40-author-copy","label":"Cyber-insurance and permissioned-blockchain background","locator":"Section II","url":"https://www.researchgate.net/publication/325207891_BlockCIS-A_Blockchain-Based_Cyber_Insurance_System"},{"id":"anchor-paper-40-entities","source_id":"source-paper-40-author-copy","label":"Insured, insurer, third-party-service, and auditor roles","locator":"Section III-A and Figure 1","url":"https://www.researchgate.net/publication/325207891_BlockCIS-A_Blockchain-Based_Cyber_Insurance_System"},{"id":"anchor-paper-40-framework","source_id":"source-paper-40-author-copy","label":"BlockCIS node placement, transaction flow, and entity-local processing","locator":"Section III-B and Figures 2-4","url":"https://www.researchgate.net/publication/325207891_BlockCIS-A_Blockchain-Based_Cyber_Insurance_System"},{"id":"anchor-paper-40-incentives","source_id":"source-paper-40-author-copy","label":"Participation incentives and insurance-use cases","locator":"Section III-C","url":"https://www.researchgate.net/publication/325207891_BlockCIS-A_Blockchain-Based_Cyber_Insurance_System"},{"id":"anchor-paper-40-privacy","source_id":"source-paper-40-author-copy","label":"Confidentiality and selective-disclosure design options","locator":"Section III, privacy discussion","url":"https://www.researchgate.net/publication/325207891_BlockCIS-A_Blockchain-Based_Cyber_Insurance_System"},{"id":"anchor-paper-40-implementation","source_id":"source-paper-40-author-copy","label":"Hyperledger design instantiation","locator":"Section IV","url":"https://www.researchgate.net/publication/325207891_BlockCIS-A_Blockchain-Based_Cyber_Insurance_System"},{"id":"anchor-paper-40-conclusion","source_id":"source-paper-40-author-copy","label":"Conclusions, supported scope, and future validation","locator":"Conclusion","url":"https://www.researchgate.net/publication/325207891_BlockCIS-A_Blockchain-Based_Cyber_Insurance_System"},{"id":"anchor-paper-40-publication","source_id":"source-paper-40-official","label":"Official publication identity","locator":"IC2E 2018, pages 378-384, DOI 10.1109/IC2E.2018.00072","url":"https://doi.org/10.1109/IC2E.2018.00072"},{"id":"anchor-paper-40-coauthor","source_id":"source-paper-40-coauthor-listing","label":"Independent coauthor-hosted publication listing","locator":"2018 publications, BlockCIS entry","url":"https://tancre.de/publications/"},{"id":"anchor-paper-40-citations","source_id":"source-paper-40-openalex","label":"Dated citation-count snapshot","locator":"OpenAlex reported 31 citing works when accessed 2026-07-11","url":"https://openalex.org/W2804424079"}],"nodes":[{"id":"paper-40","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"BlockCIS: A Blockchain-Based Cyber Insurance System","summary":"A systems-and-protocol paper proposing a permissioned-blockchain infrastructure for continuously collecting and processing cyber-risk information shared among an insured organization, insurer, specialized third parties, and auditors, with an example Hyperledger implementation.","source_anchor_ids":["anchor-paper-40-abstract"]},{"id":"paper-40-question","kind":"question","parent_id":"paper-40","order":1,"epistemic_status":"research_question","title":"Research question","summary":"How can cyber insurance move from static, technically shallow questionnaires and coarse pricing formulas toward a continuously updated and auditable view of an organization's changing security posture?","source_anchor_ids":["anchor-paper-40-abstract","anchor-paper-40-background"]},{"id":"paper-40-answer","kind":"contribution","parent_id":"paper-40","order":2,"epistemic_status":"source_asserted","title":"Permissioned-ledger feedback architecture","summary":"BlockCIS places a ledger node at each participating organization and uses authorized transactions and insurer-side smart-contract logic to build an automated, real-time, immutable feedback loop while retaining role-specific control over what each participant can read or write.","source_anchor_ids":["anchor-paper-40-abstract","anchor-paper-40-framework"]},{"id":"paper-40-problem","kind":"motivation","parent_id":"paper-40","order":3,"epistemic_status":"source_asserted","title":"Three cyber-insurance data problems","summary":"The paper identifies three linked barriers: no standardized way to rate cyber risk, insufficient relevant technical data for premiums, and security postures that change much faster than conventional insurance assessments.","source_anchor_ids":["anchor-paper-40-abstract","anchor-paper-40-background"]},{"id":"paper-40-model","kind":"system_model","parent_id":"paper-40","order":4,"epistemic_status":"specified","title":"Four-party permissioned setting","summary":"The system connects an insured entity, its insurer, specialized third-party services, and potential auditors. Participation, consensus, ledger maintenance, and transaction access occur in a restricted permissioned network rather than an open public cryptocurrency.","source_anchor_ids":["anchor-paper-40-background","anchor-paper-40-entities"]},{"id":"paper-40-insured","kind":"actor","parent_id":"paper-40-model","order":1,"epistemic_status":"specified","title":"Insured organization","summary":"An enterprise-local BlockCIS node interfaces with services such as DNS, web, database, storage, and firewall logs, performs analytics, and submits selected reports or events to the shared system.","source_anchor_ids":["anchor-paper-40-entities","anchor-paper-40-framework"]},{"id":"paper-40-insurer","kind":"actor","parent_id":"paper-40-model","order":2,"epistemic_status":"specified","title":"Insurer","summary":"The insurer consumes authorized evidence, runs analytics and smart-contract logic, records insurance-contract events, and can adjust risk assessment or premiums as the insured party's posture changes.","source_anchor_ids":["anchor-paper-40-entities","anchor-paper-40-framework"]},{"id":"paper-40-third-parties","kind":"actor","parent_id":"paper-40-model","order":3,"epistemic_status":"specified","title":"Third-party security services","summary":"Specialized providers can combine external sources—such as vulnerability reports, open-web or dark-web information, news, and forums—with authorized enterprise evidence and contribute analyses that are difficult for either principal to produce alone.","source_anchor_ids":["anchor-paper-40-entities","anchor-paper-40-framework"]},{"id":"paper-40-auditor","kind":"actor","parent_id":"paper-40-model","order":4,"epistemic_status":"specified","title":"Auditor","summary":"An auditor receives policy-controlled read access to records needed to examine the relationship, claims, or compliance without necessarily gaining unrestricted access to all underlying enterprise data.","source_anchor_ids":["anchor-paper-40-entities","anchor-paper-40-framework"]},{"id":"paper-40-method","kind":"method","parent_id":"paper-40","order":5,"epistemic_status":"specified","title":"Continuous monitoring and processing workflow","summary":"BlockCIS couples entity-local data collection and analytics with a shared append-only transaction history. The ledger coordinates mutually interested parties, while smart contracts encode insurer-side business logic; blockchain payment is expressly decoupled from the design.","source_anchor_ids":["anchor-paper-40-framework"]},{"id":"paper-40-incentives","kind":"mechanism","parent_id":"paper-40-method","order":1,"epistemic_status":"proposed","title":"Participation incentives","summary":"Insurers gain more current technical evidence for tailoring premiums, while insured organizations gain a record with which to demonstrate posture changes and whether an incident falls within agreed coverage.","source_anchor_ids":["anchor-paper-40-incentives"]},{"id":"paper-40-privacy","kind":"mechanism","parent_id":"paper-40-method","order":2,"epistemic_status":"design_options","title":"Confidentiality and selective disclosure","summary":"The paper discusses access policy, encryption, and homomorphic-encryption techniques as options for limiting disclosure or enabling computation over protected evidence; these are architectural options, not a single formally analyzed end-to-end privacy construction.","source_anchor_ids":["anchor-paper-40-privacy"]},{"id":"paper-40-implementation","kind":"implementation","parent_id":"paper-40","order":6,"epistemic_status":"prototyped","title":"Hyperledger instantiation","summary":"The authors prototype the design using the open-source Hyperledger ecosystem, whose permissioned membership, replicated transaction processing, modular components, and chaincode smart contracts match the intended multi-organization setting.","source_anchor_ids":["anchor-paper-40-implementation"]},{"id":"paper-40-claims","kind":"claim_group","parent_id":"paper-40","order":7,"epistemic_status":"source_asserted","title":"Main claims","summary":"The source claims architectural feasibility and a useful cyber-insurance feedback structure. It does not report an operational deployment, statistically validate a risk-scoring model, or prove that every proposed privacy and security property holds in a complete implementation.","source_anchor_ids":["anchor-paper-40-abstract","anchor-paper-40-conclusion"]},{"id":"paper-40-claim-feasibility","kind":"claim","parent_id":"paper-40-claims","order":1,"epistemic_status":"supported_by_design_instantiation","title":"Framework feasibility","summary":"A permissioned ledger can represent the four-party workflow and automate selected transactions and insurer logic, as illustrated by the Hyperledger instantiation.","source_anchor_ids":["anchor-paper-40-framework","anchor-paper-40-implementation"]},{"id":"paper-40-claim-audit-loop","kind":"claim","parent_id":"paper-40-claims","order":2,"epistemic_status":"architectural_claim","title":"Shared audit trail","summary":"Authorized parties can use a common immutable transaction history to support continuous posture reporting and later auditing, conditional on the ledger's governance, consensus, identity, and access-control configuration.","source_anchor_ids":["anchor-paper-40-framework","anchor-paper-40-privacy"]},{"id":"paper-40-evidence","kind":"evidence_group","parent_id":"paper-40","order":8,"epistemic_status":"design_and_prototype","title":"Evidence","summary":"Evidence consists of a role-and-data-flow architecture, use-case and incentive analysis, privacy-design alternatives, and an example Hyperledger prototype. The paper does not present a production deployment, controlled performance study, or independently reproduced artifact.","source_anchor_ids":["anchor-paper-40-framework","anchor-paper-40-incentives","anchor-paper-40-implementation","anchor-paper-40-conclusion"]},{"id":"paper-40-evidence-design","kind":"evidence","parent_id":"paper-40-evidence","order":1,"epistemic_status":"design_artifact","title":"Explicit component and data-flow model","summary":"Figures and prose identify where BlockCIS nodes run, which enterprise and external sources feed them, what each actor reads or writes, and where smart-contract execution occurs.","source_anchor_ids":["anchor-paper-40-entities","anchor-paper-40-framework"]},{"id":"paper-40-evidence-prototype","kind":"evidence","parent_id":"paper-40-evidence","order":2,"epistemic_status":"implementation_report","title":"Open-source-platform instantiation","summary":"The Hyperledger construction shows how the design could be instantiated on a permissioned blockchain platform, but this map located no archived BlockCIS code, deployment recipe, test data, or benchmark package tied to the publication.","source_anchor_ids":["anchor-paper-40-implementation"]},{"id":"paper-40-boundaries","kind":"limitation_group","parent_id":"paper-40","order":9,"epistemic_status":"material","title":"Scope and limitations","summary":"The ledger can preserve submitted transactions but cannot by itself establish that sensors, logs, analytics, external feeds, or risk scores are truthful. Organizational governance, privacy configuration, and insurance validity remain separate concerns.","source_anchor_ids":["anchor-paper-40-framework","anchor-paper-40-privacy","anchor-paper-40-conclusion"]},{"id":"paper-40-boundary-input","kind":"limitation","parent_id":"paper-40-boundaries","order":1,"epistemic_status":"inferred_system_boundary","title":"Immutability is not input correctness","summary":"An immutable ledger can make a submitted record difficult to alter later; it does not certify the integrity, completeness, calibration, or semantics of evidence before submission. Those properties require trusted collection and analytic mechanisms outside consensus alone.","source_anchor_ids":["anchor-paper-40-framework"]},{"id":"paper-40-boundary-validation","kind":"limitation","parent_id":"paper-40-boundaries","order":2,"epistemic_status":"author_identified_future_work","title":"Deployment and risk-score validation remain future work","summary":"The conclusion explicitly leaves operational deployment and measurement of how well computed cyber-risk scores predict attacks or breaches for future work, so the paper does not establish actuarial accuracy or real-world effectiveness.","source_anchor_ids":["anchor-paper-40-conclusion"]},{"id":"paper-40-artifacts","kind":"artifact_group","parent_id":"paper-40","order":10,"epistemic_status":"partially_available","title":"Artifacts and reproducibility","summary":"The full paper and official record are public, and the prototype is described against an open-source platform. No publication-specific source repository, chaincode archive, configuration, dataset, or executable reproduction bundle was located.","source_anchor_ids":["anchor-paper-40-abstract","anchor-paper-40-implementation","anchor-paper-40-publication"]},{"id":"paper-40-scrutiny","kind":"scrutiny","parent_id":"paper-40","order":11,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The work appeared in the IC2E BAT workshop proceedings and has an official IEEE record. Review reports, rebuttal, independent security analysis, reproduction, deployment audit, and correction history are not represented here.","source_anchor_ids":["anchor-paper-40-publication","anchor-paper-40-coauthor"]}],"relations":[{"id":"paper-40-relation-answer-question","type":"addresses","from_id":"paper-40-answer","to_id":"paper-40-question"},{"id":"paper-40-relation-problem-question","type":"motivates","from_id":"paper-40-problem","to_id":"paper-40-question"},{"id":"paper-40-relation-model-answer","type":"scopes","from_id":"paper-40-model","to_id":"paper-40-answer"},{"id":"paper-40-relation-insured-model","type":"component_of","from_id":"paper-40-insured","to_id":"paper-40-model"},{"id":"paper-40-relation-insurer-model","type":"component_of","from_id":"paper-40-insurer","to_id":"paper-40-model"},{"id":"paper-40-relation-third-model","type":"component_of","from_id":"paper-40-third-parties","to_id":"paper-40-model"},{"id":"paper-40-relation-auditor-model","type":"component_of","from_id":"paper-40-auditor","to_id":"paper-40-model"},{"id":"paper-40-relation-method-answer","type":"implements","from_id":"paper-40-method","to_id":"paper-40-answer"},{"id":"paper-40-relation-incentive-method","type":"supports_adoption_of","from_id":"paper-40-incentives","to_id":"paper-40-method"},{"id":"paper-40-relation-privacy-method","type":"qualifies","from_id":"paper-40-privacy","to_id":"paper-40-method"},{"id":"paper-40-relation-implementation-feasibility","type":"supports","from_id":"paper-40-evidence-prototype","to_id":"paper-40-claim-feasibility"},{"id":"paper-40-relation-design-audit","type":"supports","from_id":"paper-40-evidence-design","to_id":"paper-40-claim-audit-loop"},{"id":"paper-40-relation-input-audit","type":"limits","from_id":"paper-40-boundary-input","to_id":"paper-40-claim-audit-loop"},{"id":"paper-40-relation-validation-feasibility","type":"limits","from_id":"paper-40-boundary-validation","to_id":"paper-40-claim-feasibility"}],"assessment":{"id":"paper-40-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The paper supplies an explicit architecture, role and data-flow model, proposed privacy options, and a Hyperledger instantiation. It does not report an operational deployment, controlled performance evaluation, validated risk model, formal end-to-end security proof, or independently reproduced artifact.","basis_source_anchor_ids":["anchor-paper-40-framework","anchor-paper-40-implementation","anchor-paper-40-conclusion"]},{"id":"auditability","level":"high","rationale":"A public author-uploaded full-text copy and the official DOI make the paper's architecture, assumptions, and future-work boundaries directly inspectable. A stable local binary, hash, implementation repository, configuration, and experimental data are not represented.","basis_source_anchor_ids":["anchor-paper-40-abstract","anchor-paper-40-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, affiliations, venue, date, DOI, and author/coauthor publication routes establish a baseline human and lifecycle provenance trail. Contributor roles, revision history, tool use, implementation lineage, and explicit final approval have not been audited.","basis_source_anchor_ids":["anchor-paper-40-abstract","anchor-paper-40-publication","anchor-paper-40-coauthor"]},{"id":"external_scrutiny","level":"medium","rationale":"Publication in the IC2E BAT workshop proceedings establishes external venue exposure, but review reports, rebuttal, independent security analysis, reproduction, operational audit, and correction history were not located.","basis_source_anchor_ids":["anchor-paper-40-publication"]},{"id":"reception","level":"high","rationale":"OpenAlex reported 31 citations on 2026-07-11. Under the author-defined corpus rule, 11 or more located citations is High. The count is index- and date-dependent and is not evidence of correctness, deployment, or actuarial validity.","basis_source_anchor_ids":["anchor-paper-40-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The paper connects continuous technical posture evidence, permissioned ledgers, and cyber-insurance administration in one concrete architecture and the dated citation record shows follow-on attention. Priority, operational adoption, and validated insurance impact were not independently established.","basis_source_anchor_ids":["anchor-paper-40-abstract","anchor-paper-40-conclusion","anchor-paper-40-citations"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI lookup","citation_count":31,"source_url":"https://openalex.org/W2804424079","signals":["OpenAlex reported 31 works citing the IC2E paper.","Later cyber-insurance and privacy-preserving insurance systems cite BlockCIS as a permissioned-blockchain precursor."],"limitation":"Citation counts vary by index and date, may include self-citations, and do not establish correctness, independent reproduction, deployment, or validated cyber-risk prediction."}},"paper_41":{"schema_version":"0.1","map_id":"paper-41-map","publication_id":41,"publication_anchor":"paper-41","slug":"paper-41","canonical_path":"/knowledge/papers/paper-41/","machine_path":"/knowledge/papers/paper-41.json","root_node_id":"paper-41","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol","scheme"],"title":"Temporal Consistency of Integrity-Ensuring Computations and Applications to Embedded Systems Security","year":2018,"status":"Published","venue":"ACM Asia Conference on Computer and Communications Security (AsiaCCS)","topic":"secure-systems-networks","labels":["Theory","Applied"],"authors":["Xavier Carpent","Karim Eldefrawy","Norrathep Rattanavipanon","Gene Tsudik"],"keywords":["temporal consistency","integrity measurement","remote attestation","embedded systems","memory locking"],"research_question":"How can an interruptible integrity computation over mutable memory be made to describe a state that actually existed, without making a real-time embedded device unavailable for the entire computation?","central_answer":"The paper defines temporal consistency, gives an attestation security game that makes the timing obligation explicit, and develops locking, copying, and inconsistency-detection mechanisms that trade memory availability against the interval for which the result is consistent. Implementations on two embedded boards report under ten-percent overhead for selected mechanisms.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, claim mapping, and initial assessment"}],"method":"Source-grounded review of the complete checked-in author copy, including visual inspection of the title page and experimental pages. Formal definitions, mechanisms, appendices, and reported experiments were read; implementation artifacts and independent reproduction were not audited.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author audit. Formal interpretations, experimental readings, and ratings remain provisional until author approval."}},"sources":[{"id":"source-paper-41-author-pdf","type":"author_hosted_copy","title":"Temporal Consistency of Integrity-Ensuring Computations and Applications to Embedded Systems Security","url":"/pubs/2018/temporal-consistency-asiaccs2018.pdf","provenance_category":"author","retrieved_from":"https://sprout.ics.uci.edu/projects/attestation/papers/consistency.pdf","media_type":"application/pdf","sha256":"66973edb677ae748d63120d391de14b2fb9601979c65874afc34e185e960e48f","page_count":15},{"id":"source-paper-41-official","type":"official_publication_record","title":"ACM AsiaCCS 2018 publication record","url":"https://doi.org/10.1145/3196494.3196526","provenance_category":"official"},{"id":"source-paper-41-citations","type":"citation_index_snapshot","title":"OpenAlex work W2806634969","url":"https://openalex.org/W2806634969","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-41-problem","source_id":"source-paper-41-author-pdf","label":"Problem, inconsistency attack, contributions, and claimed scope","locator":"Abstract and Section 1, PDF pages 1-2","url":"/pubs/2018/temporal-consistency-asiaccs2018.pdf#page=1"},{"id":"anchor-paper-41-model","source_id":"source-paper-41-author-pdf","label":"Temporal-consistency model, notation, and attestation timing","locator":"Section 3 and Figure 3, PDF page 4","url":"/pubs/2018/temporal-consistency-asiaccs2018.pdf#page=4"},{"id":"anchor-paper-41-game","source_id":"source-paper-41-author-pdf","label":"Temporal-consistency security game and adversarial objective","locator":"Appendix A, PDF pages 13-14","url":"/pubs/2018/temporal-consistency-asiaccs2018.pdf#page=13"},{"id":"anchor-paper-41-locks","source_id":"source-paper-41-author-pdf","label":"All-Lock, decreasing-lock, increasing-lock, and extended variants","locator":"Sections 4.1-4.2, PDF page 5","url":"/pubs/2018/temporal-consistency-asiaccs2018.pdf#page=5"},{"id":"anchor-paper-41-copy","source_id":"source-paper-41-author-pdf","label":"Copy-lock, writeback, lazy-copy, and non-sequential variants","locator":"Sections 4.3-4.4, PDF pages 5-7","url":"/pubs/2018/temporal-consistency-asiaccs2018.pdf#page=5"},{"id":"anchor-paper-41-detection","source_id":"source-paper-41-author-pdf","label":"Memory-access violations and inconsistency detection","locator":"Sections 4.6-4.7, PDF page 7","url":"/pubs/2018/temporal-consistency-asiaccs2018.pdf#page=7"},{"id":"anchor-paper-41-implementation","source_id":"source-paper-41-author-pdf","label":"seL4-based implementation and experimental setup","locator":"Sections 5.1-5.2, PDF pages 7-8","url":"/pubs/2018/temporal-consistency-asiaccs2018.pdf#page=7"},{"id":"anchor-paper-41-evaluation","source_id":"source-paper-41-author-pdf","label":"Primitive, mechanism, and inconsistency-detection measurements","locator":"Sections 5.3-5.6 and Figures 7-12, PDF pages 8-11","url":"/pubs/2018/temporal-consistency-asiaccs2018.pdf#page=8"},{"id":"anchor-paper-41-conclusion","source_id":"source-paper-41-author-pdf","label":"Conclusions and guarantee/performance boundary","locator":"Section 7, PDF page 12","url":"/pubs/2018/temporal-consistency-asiaccs2018.pdf#page=12"},{"id":"anchor-paper-41-publication","source_id":"source-paper-41-official","label":"Official peer-reviewed publication identity","locator":"AsiaCCS 2018, DOI 10.1145/3196494.3196526","url":"https://doi.org/10.1145/3196494.3196526"},{"id":"anchor-paper-41-reception","source_id":"source-paper-41-citations","label":"Dated citation-count snapshot","locator":"OpenAlex reported 21 citing works on 2026-07-11","url":"https://openalex.org/W2806634969"}],"nodes":[{"id":"paper-41","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Temporal consistency for integrity computations","summary":"A definition, attack analysis, mechanism family, and two-platform evaluation for making long-running integrity computations over mutable embedded-system memory correspond to a real state.","source_anchor_ids":["anchor-paper-41-problem"]},{"id":"paper-41-question","kind":"question","parent_id":"paper-41","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can integrity measurement remain interruptible for safety-critical work without producing a digest of a memory state that never existed?","source_anchor_ids":["anchor-paper-41-problem","anchor-paper-41-model"]},{"id":"paper-41-answer","kind":"contribution","parent_id":"paper-41","order":2,"epistemic_status":"source_asserted","title":"Central answer","summary":"Make the desired consistency time or interval explicit, then enforce it with memory locking, snapshot copying, or detection-and-recovery rather than assuming immutable input.","source_anchor_ids":["anchor-paper-41-model","anchor-paper-41-locks","anchor-paper-41-detection"]},{"id":"paper-41-definition","kind":"definition","parent_id":"paper-41","order":3,"epistemic_status":"defined","title":"Temporal consistency","summary":"For a sequential function F over memory M, the output must equal F evaluated on all of M at some relevant time, rather than on a patchwork assembled from values observed before and after interrupts.","source_anchor_ids":["anchor-paper-41-model"]},{"id":"paper-41-threat","kind":"threat_model","parent_id":"paper-41","order":4,"epistemic_status":"defined","title":"Mutable-memory and malware adversary","summary":"An interrupting process or self-relocating malware can modify already measured or not-yet-measured blocks; remote attestation adds the objective of returning a valid-looking report while evading detection.","source_anchor_ids":["anchor-paper-41-problem","anchor-paper-41-game"]},{"id":"paper-41-scope","kind":"scope","parent_id":"paper-41","order":5,"epistemic_status":"explicitly_scoped","title":"System and enforcement assumptions","summary":"The mechanisms assume enforceable page or region permissions, trustworthy measurement code and key handling, and a platform able to mediate writes; the implementation uses seL4 capabilities and page faults on two ARM boards.","source_anchor_ids":["anchor-paper-41-implementation"]},{"id":"paper-41-mechanisms","kind":"method","parent_id":"paper-41","order":6,"epistemic_status":"specified_and_implemented","title":"Consistency mechanism family","summary":"The paper maps different lock and copy schedules to different consistency points, availability costs, and memory overheads.","source_anchor_ids":["anchor-paper-41-locks","anchor-paper-41-copy"]},{"id":"paper-41-mechanism-locks","kind":"scheme","parent_id":"paper-41-mechanisms","order":1,"epistemic_status":"specified_and_implemented","title":"Locking variants","summary":"All-Lock freezes all input; Dec-Lock releases blocks after reading and gives start-time consistency; Inc-Lock locks blocks as read and gives end-time consistency. Extended variants hold locks longer to widen the guaranteed interval.","source_anchor_ids":["anchor-paper-41-locks"]},{"id":"paper-41-mechanism-copy","kind":"scheme","parent_id":"paper-41-mechanisms","order":2,"epistemic_status":"specified","title":"Copy-based variants","summary":"Cpy-Lock briefly locks while copying input into a stable buffer, then computes over the copy; writeback and lazy-copy variants change memory, pause, and storage tradeoffs.","source_anchor_ids":["anchor-paper-41-copy"]},{"id":"paper-41-mechanism-detect","kind":"protocol","parent_id":"paper-41-mechanisms","order":3,"epistemic_status":"implemented","title":"Detect and resolve inconsistency","summary":"Write-protect attested pages, catch a modifying process through fault IPC, suspend checksum computation, release affected memory, and choose to abort, restart, or continue while reporting the inconsistency.","source_anchor_ids":["anchor-paper-41-detection","anchor-paper-41-evaluation"]},{"id":"paper-41-claims","kind":"claim_group","parent_id":"paper-41","order":7,"epistemic_status":"mixed","title":"Principal claims","summary":"The work makes definitional, security-game, mechanism-correctness, and measured-overhead claims whose support types differ.","source_anchor_ids":["anchor-paper-41-model","anchor-paper-41-game","anchor-paper-41-evaluation"]},{"id":"paper-41-claim-correctness","kind":"claim","parent_id":"paper-41-claims","order":1,"epistemic_status":"analytically_supported","title":"Each mechanism realizes a stated consistency point","summary":"The lock/copy ordering arguments connect Dec-Lock to the start state, Inc-Lock to the end state, and full locking or stable copies to stronger intervals, conditional on enforcement and sequential access assumptions.","source_anchor_ids":["anchor-paper-41-locks","anchor-paper-41-copy"]},{"id":"paper-41-claim-overhead","kind":"claim","parent_id":"paper-41-claims","order":2,"epistemic_status":"experimentally_supported","title":"Practical overhead on tested platforms","summary":"The paper reports that selected consistency mechanisms add less than ten percent runtime overhead on I.MX6-SabreLite and ODROID-XU4, with availability behavior depending on page size, memory size, and write activity.","source_anchor_ids":["anchor-paper-41-evaluation","anchor-paper-41-conclusion"]},{"id":"paper-41-evidence","kind":"evidence_group","parent_id":"paper-41","order":8,"epistemic_status":"mixed_formal_and_empirical","title":"Evidence stack","summary":"Support consists of an explicit model and security game, mechanism-by-mechanism timing arguments, an seL4 implementation, primitive microbenchmarks, and end-to-end measurements over varying memory and page sizes.","source_anchor_ids":["anchor-paper-41-game","anchor-paper-41-implementation","anchor-paper-41-evaluation"]},{"id":"paper-41-boundaries","kind":"limitation_group","parent_id":"paper-41","order":9,"epistemic_status":"material","title":"Boundaries and tradeoffs","summary":"No mechanism simultaneously minimizes locking, storage, downtime, and detection latency. Guarantees depend on mediated memory writes, and results from two boards do not establish portability or independent reproduction.","source_anchor_ids":["anchor-paper-41-copy","anchor-paper-41-detection","anchor-paper-41-conclusion"]},{"id":"paper-41-artifacts","kind":"artifact_group","parent_id":"paper-41","order":10,"epistemic_status":"partial","title":"Artifacts and audit trail","summary":"The full paper and official record are public with local fixity; this audit did not locate a version-pinned implementation, benchmark scripts, raw data, or reproduction report.","source_anchor_ids":["anchor-paper-41-implementation","anchor-paper-41-publication"]},{"id":"paper-41-scrutiny","kind":"scrutiny","parent_id":"paper-41","order":11,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"AsiaCCS publication and later citations establish external exposure, but review reports and independent experimental or formal audits were not located.","source_anchor_ids":["anchor-paper-41-publication","anchor-paper-41-reception"]},{"id":"paper-41-lineage","kind":"lineage","parent_id":"paper-41","order":12,"epistemic_status":"documented","title":"Research lineage","summary":"The temporal-consistency analysis supplies the mechanism vocabulary later used to explain the availability conflict in paper #42 and forms part of the verified-attestation line leading to VRASED and PURE.","source_anchor_ids":["anchor-paper-41-problem","anchor-paper-41-conclusion"]}],"relations":[{"id":"paper-41-relation-answer-question","type":"addresses","from_id":"paper-41-answer","to_id":"paper-41-question"},{"id":"paper-41-relation-definition-answer","type":"operationalizes","from_id":"paper-41-definition","to_id":"paper-41-answer"},{"id":"paper-41-relation-threat-definition","type":"motivates","from_id":"paper-41-threat","to_id":"paper-41-definition"},{"id":"paper-41-relation-locks-mechanisms","type":"component_of","from_id":"paper-41-mechanism-locks","to_id":"paper-41-mechanisms"},{"id":"paper-41-relation-copy-mechanisms","type":"component_of","from_id":"paper-41-mechanism-copy","to_id":"paper-41-mechanisms"},{"id":"paper-41-relation-detect-mechanisms","type":"component_of","from_id":"paper-41-mechanism-detect","to_id":"paper-41-mechanisms"},{"id":"paper-41-relation-mechanisms-correctness","type":"supports","from_id":"paper-41-mechanisms","to_id":"paper-41-claim-correctness"},{"id":"paper-41-relation-evidence-overhead","type":"supports","from_id":"paper-41-evidence","to_id":"paper-41-claim-overhead"},{"id":"paper-41-relation-scope-claims","type":"qualifies","from_id":"paper-41-scope","to_id":"paper-41-claims"},{"id":"paper-41-relation-boundaries-claims","type":"qualifies","from_id":"paper-41-boundaries","to_id":"paper-41-claims"},{"id":"paper-41-relation-lineage-paper","type":"contextualizes","from_id":"paper-41-lineage","to_id":"paper-41"}],"assessment":{"id":"paper-41-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The complete paper combines an explicit model and security game, mechanism analysis, two implementations, and detailed experiments; code and independent reproduction were not audited.","basis_source_anchor_ids":["anchor-paper-41-model","anchor-paper-41-game","anchor-paper-41-evaluation"]},{"id":"auditability","level":"high","rationale":"The author copy is checked in with SHA-256, page count, precise anchors, and an official DOI; implementation and raw measurements are not version-pinned here.","basis_source_anchor_ids":["anchor-paper-41-problem","anchor-paper-41-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authors, venue, DOI, full text, platforms, and methods are documented, while contribution roles, revision history, exact source revision, and experiment lineage remain unaudited.","basis_source_anchor_ids":["anchor-paper-41-publication","anchor-paper-41-implementation"]},{"id":"external_scrutiny","level":"medium","rationale":"AsiaCCS publication establishes venue scrutiny, but review reports, an artifact evaluation, and independent reproduction were not found.","basis_source_anchor_ids":["anchor-paper-41-publication"]},{"id":"reception","level":"high","rationale":"OpenAlex reported 21 citations on 2026-07-11; under the author-defined rule, more than 10 located citations is High. Counts do not certify correctness.","basis_source_anchor_ids":["anchor-paper-41-reception"]},{"id":"contribution_significance","level":"high","rationale":"The paper frames a previously implicit implementation obligation, supplies a reusable definition and mechanism design space, and has documented follow-on attention; priority was not exhaustively audited.","basis_source_anchor_ids":["anchor-paper-41-problem","anchor-paper-41-reception"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI lookup","citation_count":21,"source_url":"https://openalex.org/W2806634969","signals":["OpenAlex reported 21 works citing the AsiaCCS paper."],"limitation":"Citation counts vary by index and date, may include self-citations, and do not establish that later work reproduced the implementation or validated every mechanism."}},"paper_42":{"schema_version":"0.1","map_id":"paper-42-map","publication_id":42,"publication_anchor":"paper-42","slug":"paper-42","canonical_path":"/knowledge/papers/paper-42/","machine_path":"/knowledge/papers/paper-42.json","root_node_id":"paper-42","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"Reconciling Remote Attestation and Safety-Critical Operation on Simple IoT Devices","year":2018,"status":"Published · invited paper","venue":"55th Design Automation Conference (DAC)","topic":"secure-systems-networks","labels":["Theory"],"authors":["Xavier Carpent","Karim Eldefrawy","Norrathep Rattanavipanon","Ahmad-Reza Sadeghi","Gene Tsudik"],"keywords":["remote attestation","safety-critical systems","transient malware","shuffled measurement","memory locking"],"research_question":"How can remote attestation preserve malware-detection value when its atomic memory scan can delay safety-critical work, yet making the scan interruptible creates opportunities for transient or self-relocating malware?","central_answer":"There is no single cost-free reconciliation. The paper organizes a protocol design space around periodic self-measurement, randomized traversal, and lock-scheduled interruptible measurements; each changes freshness, false-negative probability, temporal consistency, availability, hardware assumptions, or communication requirements.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, claim mapping, and initial assessment"}],"method":"Source-grounded review of the complete six-page invited paper downloaded from NSF/UCI public routes, including visual inspection of the first and mechanism pages. The map treats the work as a protocol/design analysis, not as a new implementation or formal proof.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author audit. Mechanism interpretations and ratings remain provisional until author approval."}},"sources":[{"id":"source-paper-42-author-pdf","type":"author_hosted_copy","title":"Invited: Reconciling Remote Attestation and Safety-Critical Operation on Simple IoT Devices","url":"/pubs/2018/reconcile-ra-safety-dac2018.pdf","provenance_category":"author","retrieved_from":"https://sprout.ics.uci.edu/projects/attestation/papers/reconcile-ra-safety.pdf","media_type":"application/pdf","sha256":"ba16e8faacd8788bfcc3db035f7e15d98b3b86705cf9cb7d648f38e83bdf7ef8","page_count":6},{"id":"source-paper-42-official","type":"official_publication_record","title":"DAC 2018 publication record","url":"https://doi.org/10.1145/3195970.3199853","provenance_category":"official"},{"id":"source-paper-42-archive","type":"public_archive_copy","title":"NSF Public Access copy","url":"https://par.nsf.gov/servlets/purl/10063867","provenance_category":"archive"},{"id":"source-paper-42-citations","type":"citation_index_snapshot","title":"OpenAlex work W2809340493","url":"https://openalex.org/W2809340493","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-42-problem","source_id":"source-paper-42-author-pdf","label":"Safety/security conflict, malware classes, and mitigation overview","locator":"Abstract and Section 1, PDF page 1","url":"/pubs/2018/reconcile-ra-safety-dac2018.pdf#page=1"},{"id":"anchor-paper-42-ra-model","source_id":"source-paper-42-author-pdf","label":"RA approaches, on-demand protocol, and coverage assumptions","locator":"Sections 2.1-2.3, PDF pages 1-2","url":"/pubs/2018/reconcile-ra-safety-dac2018.pdf#page=1"},{"id":"anchor-paper-42-overhead","source_id":"source-paper-42-author-pdf","label":"Hashing cost and safety-critical fire-alarm example","locator":"Sections 2.4-2.5 and Figure 2, PDF pages 2-3","url":"/pubs/2018/reconcile-ra-safety-dac2018.pdf#page=2"},{"id":"anchor-paper-42-threats","source_id":"source-paper-42-author-pdf","label":"Transient, self-relocating, and interrupt-triggering malware","locator":"Section 2.5, PDF page 3","url":"/pubs/2018/reconcile-ra-safety-dac2018.pdf#page=3"},{"id":"anchor-paper-42-locking","source_id":"source-paper-42-author-pdf","label":"All-Lock, decreasing-lock, and increasing-lock protocols","locator":"Section 3.1, PDF pages 3-5","url":"/pubs/2018/reconcile-ra-safety-dac2018.pdf#page=3"},{"id":"anchor-paper-42-shuffle","source_id":"source-paper-42-author-pdf","label":"SMARM shuffled-measurement analysis","locator":"Section 3.2, PDF page 5","url":"/pubs/2018/reconcile-ra-safety-dac2018.pdf#page=5"},{"id":"anchor-paper-42-self","source_id":"source-paper-42-author-pdf","label":"ERASMUS and SeED self-measurement designs and assumptions","locator":"Section 3.3, PDF pages 5-6","url":"/pubs/2018/reconcile-ra-safety-dac2018.pdf#page=5"},{"id":"anchor-paper-42-conclusion","source_id":"source-paper-42-author-pdf","label":"Conclusions and tradeoff boundary","locator":"Section 4, PDF page 6","url":"/pubs/2018/reconcile-ra-safety-dac2018.pdf#page=6"},{"id":"anchor-paper-42-publication","source_id":"source-paper-42-official","label":"Official invited-paper publication identity","locator":"DAC 2018, DOI 10.1145/3195970.3199853","url":"https://doi.org/10.1145/3195970.3199853"},{"id":"anchor-paper-42-reception","source_id":"source-paper-42-citations","label":"Dated citation-count snapshot","locator":"OpenAlex reported 12 citing works on 2026-07-11","url":"https://openalex.org/W2809340493"}],"nodes":[{"id":"paper-42","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published_invited_paper","title":"Remote attestation under safety-critical constraints","summary":"A protocol-level analysis of why atomic attestation threatens availability and why interruptibility threatens malware detection, with a taxonomy of imperfect mitigations.","source_anchor_ids":["anchor-paper-42-problem"]},{"id":"paper-42-question","kind":"question","parent_id":"paper-42","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can a simple IoT prover remain responsive to critical events while still producing a fresh, meaningful malware measurement?","source_anchor_ids":["anchor-paper-42-problem","anchor-paper-42-overhead"]},{"id":"paper-42-answer","kind":"contribution","parent_id":"paper-42","order":2,"epistemic_status":"analytical_synthesis","title":"Central answer","summary":"Use explicit tradeoffs among periodic self-measurement, randomized order, and progressive locking; no surveyed protocol dominates on freshness, detection, consistency, availability, and assumptions.","source_anchor_ids":["anchor-paper-42-locking","anchor-paper-42-shuffle","anchor-paper-42-self"]},{"id":"paper-42-baseline","kind":"protocol","parent_id":"paper-42","order":3,"epistemic_status":"defined","title":"On-demand RA baseline","summary":"A verifier sends a fresh challenge, the prover computes an authenticated measurement over selected memory, returns it, and the verifier checks it against an admissible state.","source_anchor_ids":["anchor-paper-42-ra-model"]},{"id":"paper-42-threat","kind":"threat_model","parent_id":"paper-42","order":4,"epistemic_status":"defined","title":"Malware and availability threats","summary":"Transient malware can leave between measurements, self-relocating malware can evade a predictable interruptible scan, and malware may trigger a nominally critical task to preempt attestation.","source_anchor_ids":["anchor-paper-42-threats"]},{"id":"paper-42-assumptions","kind":"assumption","parent_id":"paper-42","order":5,"epistemic_status":"model_dependent","title":"Mechanism-dependent assumptions","summary":"Solutions variously need secure keys and measurement code, memory-lock enforcement, secret scan order, protected clocks or counters, authenticated channels, and predictable verifier expectations.","source_anchor_ids":["anchor-paper-42-ra-model","anchor-paper-42-locking","anchor-paper-42-self"]},{"id":"paper-42-designs","kind":"method","parent_id":"paper-42","order":6,"epistemic_status":"comparative_analysis","title":"Mitigation design space","summary":"The paper compares three protocol families rather than presenting a single deployed system.","source_anchor_ids":["anchor-paper-42-locking","anchor-paper-42-shuffle","anchor-paper-42-self"]},{"id":"paper-42-design-lock","kind":"protocol","parent_id":"paper-42-designs","order":1,"epistemic_status":"specified","title":"Progressive locking","summary":"All-Lock freezes all memory; Dec-Lock releases measured blocks and targets start-time consistency; Inc-Lock progressively locks measured blocks and targets end-time consistency.","source_anchor_ids":["anchor-paper-42-locking"]},{"id":"paper-42-design-shuffle","kind":"protocol","parent_id":"paper-42-designs","order":2,"epistemic_status":"probability_analyzed","title":"Shuffled measurement","summary":"SMARM hides traversal order so roving malware cannot know which block is safe; one scan leaves escape probability near e^-1, so repeated independent scans reduce but do not eliminate false negatives.","source_anchor_ids":["anchor-paper-42-shuffle"]},{"id":"paper-42-design-self","kind":"protocol","parent_id":"paper-42-designs","order":3,"epistemic_status":"comparative_analysis","title":"Periodic self-measurement","summary":"ERASMUS decouples measurement frequency from verifier collection; SeED makes reports prover-initiated but adds protected time/replay and expected-delivery requirements.","source_anchor_ids":["anchor-paper-42-self"]},{"id":"paper-42-claims","kind":"claim_group","parent_id":"paper-42","order":7,"epistemic_status":"analytical","title":"Main conclusions","summary":"Atomic scans can be dangerously slow, while interruptible or scheduled protocols exchange stronger availability for weaker or more assumption-heavy detection guarantees.","source_anchor_ids":["anchor-paper-42-overhead","anchor-paper-42-conclusion"]},{"id":"paper-42-evidence","kind":"evidence_group","parent_id":"paper-42","order":8,"epistemic_status":"synthesis_of_prior_results","title":"Evidence basis","summary":"Support consists of measured hashing costs, worked attack scenarios, cited probability analysis for shuffled measurement, and a structured comparison of existing mechanisms; no new prototype or formal proof is reported.","source_anchor_ids":["anchor-paper-42-overhead","anchor-paper-42-shuffle","anchor-paper-42-self"]},{"id":"paper-42-boundaries","kind":"limitation_group","parent_id":"paper-42","order":9,"epistemic_status":"explicit","title":"Limits of reconciliation","summary":"Self-measurement can be stale; shuffled scans need repetition; locking impairs writes; protected time and communication expectations add hardware and availability assumptions; on-demand RA remains necessary for maximum freshness.","source_anchor_ids":["anchor-paper-42-locking","anchor-paper-42-shuffle","anchor-paper-42-self","anchor-paper-42-conclusion"]},{"id":"paper-42-artifacts","kind":"artifact_group","parent_id":"paper-42","order":10,"epistemic_status":"publication_only","title":"Artifacts","summary":"Full author and NSF copies plus the DOI are public. The invited synthesis does not claim a new implementation, dataset, proof artifact, or reproduction package.","source_anchor_ids":["anchor-paper-42-problem","anchor-paper-42-publication"]},{"id":"paper-42-scrutiny","kind":"scrutiny","parent_id":"paper-42","order":11,"epistemic_status":"invited_venue_paper","title":"External scrutiny","summary":"DAC publication provides external venue exposure, while the represented source is an invited analytical paper and public review reports were not located.","source_anchor_ids":["anchor-paper-42-publication"]},{"id":"paper-42-lineage","kind":"lineage","parent_id":"paper-42","order":12,"epistemic_status":"documented","title":"Relation to temporal consistency","summary":"The locking taxonomy and consistency vocabulary are drawn from the fuller treatment in paper","source_anchor_ids":["anchor-paper-42-locking","anchor-paper-42-conclusion"]}],"relations":[{"id":"paper-42-relation-answer-question","type":"addresses","from_id":"paper-42-answer","to_id":"paper-42-question"},{"id":"paper-42-relation-baseline-threat","type":"exposed_to","from_id":"paper-42-baseline","to_id":"paper-42-threat"},{"id":"paper-42-relation-lock-designs","type":"component_of","from_id":"paper-42-design-lock","to_id":"paper-42-designs"},{"id":"paper-42-relation-shuffle-designs","type":"component_of","from_id":"paper-42-design-shuffle","to_id":"paper-42-designs"},{"id":"paper-42-relation-self-designs","type":"component_of","from_id":"paper-42-design-self","to_id":"paper-42-designs"},{"id":"paper-42-relation-designs-answer","type":"supports","from_id":"paper-42-designs","to_id":"paper-42-answer"},{"id":"paper-42-relation-assumptions-designs","type":"qualifies","from_id":"paper-42-assumptions","to_id":"paper-42-designs"},{"id":"paper-42-relation-evidence-claims","type":"supports","from_id":"paper-42-evidence","to_id":"paper-42-claims"},{"id":"paper-42-relation-boundaries-claims","type":"qualifies","from_id":"paper-42-boundaries","to_id":"paper-42-claims"},{"id":"paper-42-relation-lineage-paper","type":"contextualizes","from_id":"paper-42-lineage","to_id":"paper-42"}],"assessment":{"id":"paper-42-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The complete paper offers explicit threat scenarios, timing evidence, and mechanism/probability analysis, but it is an invited synthesis without a new implementation, full formal proof, or independent evaluation.","basis_source_anchor_ids":["anchor-paper-42-overhead","anchor-paper-42-shuffle","anchor-paper-42-conclusion"]},{"id":"auditability","level":"high","rationale":"Checked-in author text with SHA-256/page count, an NSF copy, precise page anchors, and a DOI make all represented arguments directly inspectable.","basis_source_anchor_ids":["anchor-paper-42-problem","anchor-paper-42-publication"]},{"id":"production_provenance","level":"medium","rationale":"Authorship, invited status, venue, date, DOI, and manuscript are documented; contributor roles, revision history, and exact source lineage are not.","basis_source_anchor_ids":["anchor-paper-42-problem","anchor-paper-42-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"DAC publication establishes external exposure, but review reports, artifact review, and independent validation of the synthesis were not found.","basis_source_anchor_ids":["anchor-paper-42-publication"]},{"id":"reception","level":"high","rationale":"OpenAlex reported 12 citations on 2026-07-11; under the author-defined rule, more than 10 located citations is High.","basis_source_anchor_ids":["anchor-paper-42-reception"]},{"id":"contribution_significance","level":"medium","rationale":"The paper clearly exposes a safety/security conflict and organizes practical protocol choices, but it primarily synthesizes mechanisms developed across prior work.","basis_source_anchor_ids":["anchor-paper-42-problem","anchor-paper-42-conclusion"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI lookup","citation_count":12,"source_url":"https://openalex.org/W2809340493","signals":["OpenAlex reported 12 works citing the DAC invited paper."],"limitation":"Counts vary by index and date and do not distinguish citations to the synthesis from citations validating any particular mitigation."}},"paper_43":{"schema_version":"0.1","map_id":"paper-43-map","publication_id":43,"publication_anchor":"paper-43","slug":"paper-43","canonical_path":"/knowledge/papers/paper-43/","machine_path":"/knowledge/papers/paper-43.json","root_node_id":"paper-43","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"Secure Non-Interactive User Re-Enrollment in Biometrics-Based Identification and Authentication Systems","year":2018,"status":"Published · conference version","venue":"2nd International Symposium on Cyber Security, Cryptography and Machine Learning (CSCML)","topic":"privacy-identity","labels":["Theory","Applied"],"authors":["Ivan De Oliveira Nunes","Karim Eldefrawy","Tancrède Lepoint"],"keywords":["biometrics","re-enrollment","fuzzy vault","secure computation","secret sharing"],"research_question":"Can a large biometric-authentication deployment replace lost, revoked, or policy-dependent helper data without bringing every user back and without storing a complete reusable biometric template at any backend?","central_answer":"SNUSE secret-shares each biometric template among re-enrollment servers and uses MPC to generate fresh fuzzy-vault helper data. A prototype for fingerprints and irises shows non-interactive re-enrollment at scale, subject to honest-but-curious MPC, secure channels, threshold non-collusion, fuzzy-vault reuse, and online-compromise limitations.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, claim mapping, and initial assessment"}],"method":"Source-grounded review of the complete 28-page author manuscript, including its implementation, experiment, security, and related-work appendices. The title and substantive experiment/security pages were visually inspected; code and raw datasets were not independently reproduced.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author audit. Protocol interpretation, parameter readings, and ratings remain provisional."}},"sources":[{"id":"source-paper-43-author-pdf","type":"author_hosted_copy","title":"Secure Non-Interactive User Re-Enrollment in Biometrics-Based Identification and Authentication Systems","url":"/pubs/2018/snuse-cscml2018.pdf","provenance_category":"author","retrieved_from":"https://sprout.ics.uci.edu/people/ivan/pubs/2018_snuse.pdf","media_type":"application/pdf","sha256":"5da9d336e5b017b7e9960a08035916cd353b3015eef5868a61b770d1e89e0077","page_count":28},{"id":"source-paper-43-official","type":"official_publication_record","title":"CSCML 2018 publication record","url":"https://doi.org/10.1007/978-3-319-94147-9_13","provenance_category":"official"},{"id":"source-paper-43-citations","type":"citation_index_snapshot","title":"OpenAlex work W2808255709","url":"https://openalex.org/W2808255709","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-43-problem","source_id":"source-paper-43-author-pdf","label":"Re-enrollment problem, SNUSE contribution, and headline results","locator":"Abstract and Section 1, PDF pages 1-4","url":"/pubs/2018/snuse-cscml2018.pdf#page=1"},{"id":"anchor-paper-43-background","source_id":"source-paper-43-author-pdf","label":"BIA, Shamir sharing, honest-but-curious MPC, and fuzzy-vault background","locator":"Section 2, PDF pages 4-8","url":"/pubs/2018/snuse-cscml2018.pdf#page=4"},{"id":"anchor-paper-43-architecture","source_id":"source-paper-43-author-pdf","label":"Parties, data placement, and SNUSE lifecycle","locator":"Section 3, PDF pages 8-9","url":"/pubs/2018/snuse-cscml2018.pdf#page=8"},{"id":"anchor-paper-43-enrollment","source_id":"source-paper-43-author-pdf","label":"Initial enrollment protocol","locator":"Section 3.1 and Figure 2, PDF pages 9-11","url":"/pubs/2018/snuse-cscml2018.pdf#page=9"},{"id":"anchor-paper-43-authentication","source_id":"source-paper-43-author-pdf","label":"Local authentication protocol","locator":"Section 3.2 and Figure 3, PDF page 11","url":"/pubs/2018/snuse-cscml2018.pdf#page=11"},{"id":"anchor-paper-43-reenrollment","source_id":"source-paper-43-author-pdf","label":"Non-interactive re-enrollment and MPC helper-data generation","locator":"Sections 3.3-3.4 and Figure 4, PDF pages 11-15","url":"/pubs/2018/snuse-cscml2018.pdf#page=11"},{"id":"anchor-paper-43-implementation","source_id":"source-paper-43-author-pdf","label":"NTL prototype, finite-field parameters, TCP processes, fingerprint and iris extraction","locator":"Appendix A, PDF pages 19-22","url":"/pubs/2018/snuse-cscml2018.pdf#page=19"},{"id":"anchor-paper-43-accuracy","source_id":"source-paper-43-author-pdf","label":"Fingerprint and iris datasets, GAR/FAR method, and results","locator":"Appendix B and Figure 6, PDF pages 22-23","url":"/pubs/2018/snuse-cscml2018.pdf#page=22"},{"id":"anchor-paper-43-performance","source_id":"source-paper-43-author-pdf","label":"Execution, scale, and storage evaluation","locator":"Appendix C, Tables/Figures 1, 7, and 8, PDF pages 23-26","url":"/pubs/2018/snuse-cscml2018.pdf#page=23"},{"id":"anchor-paper-43-security","source_id":"source-paper-43-author-pdf","label":"Stored/execution confidentiality, collusion boundary, and fuzzy-vault reuse","locator":"Appendix D, PDF pages 26-27","url":"/pubs/2018/snuse-cscml2018.pdf#page=26"},{"id":"anchor-paper-43-conclusion","source_id":"source-paper-43-author-pdf","label":"Conclusion and future malicious/covert-security work","locator":"Section 4, PDF page 16","url":"/pubs/2018/snuse-cscml2018.pdf#page=16"},{"id":"anchor-paper-43-publication","source_id":"source-paper-43-official","label":"Official conference publication identity","locator":"CSCML 2018, DOI 10.1007/978-3-319-94147-9_13","url":"https://doi.org/10.1007/978-3-319-94147-9_13"},{"id":"anchor-paper-43-reception","source_id":"source-paper-43-citations","label":"Dated citation-count snapshot","locator":"OpenAlex reported 2 citing works on 2026-07-11","url":"https://openalex.org/W2808255709"}],"nodes":[{"id":"paper-43","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published_conference_version","title":"SNUSE conference paper","summary":"A protocol and prototype for refreshing fuzzy-vault authentication material from threshold-shared biometric templates without user participation.","source_anchor_ids":["anchor-paper-43-problem"]},{"id":"paper-43-question","kind":"question","parent_id":"paper-43","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can biometric helper data be regenerated for thousands of users without resampling each biometric or centralizing a lifetime-sensitive template?","source_anchor_ids":["anchor-paper-43-problem"]},{"id":"paper-43-answer","kind":"contribution","parent_id":"paper-43","order":2,"epistemic_status":"implemented","title":"Central answer","summary":"Distribute template shares to offline re-enrollment servers and jointly compute a fresh fuzzy vault under MPC; keep the authentication server limited to helper data.","source_anchor_ids":["anchor-paper-43-architecture","anchor-paper-43-reenrollment"]},{"id":"paper-43-model","kind":"scope","parent_id":"paper-43","order":3,"epistemic_status":"defined","title":"Parties and data placement","summary":"A trusted biometric reader sees the template transiently; N re-enrollment servers each store one share; an authentication server stores helper data; only the enrollment/re-enrollment phases invoke the RES set.","source_anchor_ids":["anchor-paper-43-architecture","anchor-paper-43-enrollment"]},{"id":"paper-43-adversary","kind":"threat_model","parent_id":"paper-43","order":4,"epistemic_status":"honest_but_curious","title":"Adversary model","summary":"The prototype assumes honest-but-curious MPC and secure authenticated channels. Stored-template confidentiality holds below the Shamir threshold, with separate leakage cases for joint online compromise.","source_anchor_ids":["anchor-paper-43-background","anchor-paper-43-security"]},{"id":"paper-43-assumptions","kind":"assumption","parent_id":"paper-43","order":5,"epistemic_status":"cryptographic_and_operational","title":"Security assumptions","summary":"Claims rely on Shamir-sharing privacy, fuzzy-vault polynomial-reconstruction hardness, secure channel establishment, trusted sampling, and enough non-colluding RESs.","source_anchor_ids":["anchor-paper-43-background","anchor-paper-43-security"]},{"id":"paper-43-protocols","kind":"protocol_group","parent_id":"paper-43","order":6,"epistemic_status":"specified_and_implemented","title":"SNUSE lifecycle","summary":"Three protocols separate one-time enrollment, routine authentication, and occasional server-side re-enrollment.","source_anchor_ids":["anchor-paper-43-enrollment","anchor-paper-43-authentication","anchor-paper-43-reenrollment"]},{"id":"paper-43-enroll","kind":"protocol","parent_id":"paper-43-protocols","order":1,"epistemic_status":"implemented","title":"Initial enrollment","summary":"The reader samples and shares the template; RESs agree on a secret and MPC-compute shares of the vault; AS reconstructs and stores only helper data.","source_anchor_ids":["anchor-paper-43-enrollment"]},{"id":"paper-43-auth","kind":"protocol","parent_id":"paper-43-protocols","order":2,"epistemic_status":"implemented","title":"Routine authentication","summary":"AS returns the user's helper data, and the reader applies fuzzy-vault opening to a fresh biometric sample; RESs are offline and uninvolved.","source_anchor_ids":["anchor-paper-43-authentication"]},{"id":"paper-43-reenroll","kind":"protocol","parent_id":"paper-43-protocols","order":3,"epistemic_status":"implemented","title":"Non-interactive re-enrollment","summary":"AS requests a fresh credential; RESs use their stored template shares and MPC to form new helper-data shares, which AS combines without reconstructing the template.","source_anchor_ids":["anchor-paper-43-reenrollment"]},{"id":"paper-43-implementation-node","kind":"implementation","parent_id":"paper-43","order":7,"epistemic_status":"prototype","title":"Fingerprint and iris prototype","summary":"The implementation uses NTL over GF(2^24), Shamir sharing, TCP processes, NBIS fingerprint minutiae, OSIRIS iris features, 20/18 data points, and 200 chaff points.","source_anchor_ids":["anchor-paper-43-implementation"]},{"id":"paper-43-claims","kind":"claim_group","parent_id":"paper-43","order":8,"epistemic_status":"mixed","title":"Main claims","summary":"SNUSE separates biometric storage across servers, preserves the underlying matching procedure, and makes bulk re-enrollment computationally feasible in the tested setting.","source_anchor_ids":["anchor-paper-43-security","anchor-paper-43-accuracy","anchor-paper-43-performance"]},{"id":"paper-43-claim-confidentiality","kind":"claim","parent_id":"paper-43-claims","order":1,"epistemic_status":"conditional_argument","title":"No complete backend template below threshold","summary":"AS sees helper data; fewer than K RESs see only shares; the template is not reconstructed during ordinary protocol execution, conditional on the stated fuzzy-vault, sharing, and corruption assumptions.","source_anchor_ids":["anchor-paper-43-security"]},{"id":"paper-43-claim-performance","kind":"claim","parent_id":"paper-43-claims","order":2,"epistemic_status":"experimentally_supported","title":"Fast bulk refresh","summary":"A single re-enrollment averages 13.2 ms in the reported setup; scaling is approximately linear, and the extrapolation places 100,000 users under five minutes with nine RESs.","source_anchor_ids":["anchor-paper-43-performance"]},{"id":"paper-43-claim-accuracy","kind":"claim","parent_id":"paper-43-claims","order":3,"epistemic_status":"dataset_supported","title":"Matching accuracy is governed by biometric/vault parameters","summary":"On the tested data, fingerprint degree 7 gives about 90% GAR and 3% FAR, while the simple iris encoding at degree 5 gives about 75% GAR and 5% FAR; SNUSE does not itself change vault opening.","source_anchor_ids":["anchor-paper-43-accuracy"]},{"id":"paper-43-evidence","kind":"evidence_group","parent_id":"paper-43","order":9,"epistemic_status":"prototype_and_security_analysis","title":"Evidence stack","summary":"Protocol pseudocode and confidentiality arguments are paired with public biometric datasets, cross-pair GAR/FAR tests, 100-run timing measurements, scale tests, and storage calculations.","source_anchor_ids":["anchor-paper-43-implementation","anchor-paper-43-accuracy","anchor-paper-43-performance","anchor-paper-43-security"]},{"id":"paper-43-boundaries","kind":"limitation_group","parent_id":"paper-43","order":10,"epistemic_status":"explicit","title":"Security and generality boundaries","summary":"Simultaneously compromising AS and one RES during computation can reveal the current template when k is visible; conventional fuzzy vaults are not reusable; the prototype is honest-but-curious and the iris encoding is intentionally simple.","source_anchor_ids":["anchor-paper-43-security","anchor-paper-43-conclusion"]},{"id":"paper-43-artifacts","kind":"artifact_group","parent_id":"paper-43","order":11,"epistemic_status":"partial","title":"Artifacts and reproducibility","summary":"Full text, algorithm detail, parameterization, and public dataset names are available. This audit did not locate version-pinned source code, raw outputs, or an independent reproduction.","source_anchor_ids":["anchor-paper-43-implementation","anchor-paper-43-performance"]},{"id":"paper-43-scrutiny","kind":"scrutiny","parent_id":"paper-43","order":12,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The conference publication establishes CSCML review exposure; review reports and artifact evaluation are not represented.","source_anchor_ids":["anchor-paper-43-publication"]},{"id":"paper-43-lineage","kind":"lineage","parent_id":"paper-43","order":13,"epistemic_status":"versioned","title":"Later journal version","summary":"Paper","source_anchor_ids":["anchor-paper-43-problem","anchor-paper-43-conclusion"]}],"relations":[{"id":"paper-43-relation-answer-question","type":"addresses","from_id":"paper-43-answer","to_id":"paper-43-question"},{"id":"paper-43-relation-enroll-protocols","type":"component_of","from_id":"paper-43-enroll","to_id":"paper-43-protocols"},{"id":"paper-43-relation-auth-protocols","type":"component_of","from_id":"paper-43-auth","to_id":"paper-43-protocols"},{"id":"paper-43-relation-reenroll-protocols","type":"component_of","from_id":"paper-43-reenroll","to_id":"paper-43-protocols"},{"id":"paper-43-relation-assumptions-confidentiality","type":"qualifies","from_id":"paper-43-assumptions","to_id":"paper-43-claim-confidentiality"},{"id":"paper-43-relation-adversary-confidentiality","type":"qualifies","from_id":"paper-43-adversary","to_id":"paper-43-claim-confidentiality"},{"id":"paper-43-relation-evidence-performance","type":"supports","from_id":"paper-43-evidence","to_id":"paper-43-claim-performance"},{"id":"paper-43-relation-evidence-accuracy","type":"supports","from_id":"paper-43-evidence","to_id":"paper-43-claim-accuracy"},{"id":"paper-43-relation-boundaries-claims","type":"qualifies","from_id":"paper-43-boundaries","to_id":"paper-43-claims"},{"id":"paper-43-relation-lineage-paper","type":"contextualizes","from_id":"paper-43-lineage","to_id":"paper-43"}],"assessment":{"id":"paper-43-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The full manuscript provides protocols, security analysis, a working two-modality prototype, named datasets, accuracy tests, timings, scaling, and storage analysis, with explicit limits.","basis_source_anchor_ids":["anchor-paper-43-reenrollment","anchor-paper-43-accuracy","anchor-paper-43-performance","anchor-paper-43-security"]},{"id":"auditability","level":"high","rationale":"A complete checked-in author manuscript with hash, page count, detailed appendices, precise anchors, and DOI makes the represented evidence directly inspectable.","basis_source_anchor_ids":["anchor-paper-43-problem","anchor-paper-43-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, venue, DOI, protocols, libraries, datasets, and environment are documented; roles, revision history, exact source revision, and raw experiment lineage are not.","basis_source_anchor_ids":["anchor-paper-43-publication","anchor-paper-43-implementation"]},{"id":"external_scrutiny","level":"medium","rationale":"CSCML publication establishes venue review, but public reports, artifact review, and independent reproduction were not located.","basis_source_anchor_ids":["anchor-paper-43-publication"]},{"id":"reception","level":"low","rationale":"OpenAlex reported 2 citations on 2026-07-11; under the author-defined rule, 0 through 8 located citations is Low. The later journal version is counted separately.","basis_source_anchor_ids":["anchor-paper-43-reception"]},{"id":"contribution_significance","level":"medium","rationale":"The work presents a concrete first claimed solution to a deployment-scale re-enrollment problem and validates feasibility, while retaining important collusion, reusability, and adversary-model limits.","basis_source_anchor_ids":["anchor-paper-43-problem","anchor-paper-43-security","anchor-paper-43-conclusion"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI lookup","citation_count":2,"source_url":"https://openalex.org/W2808255709","signals":["OpenAlex reported 2 works citing the CSCML conference version."],"limitation":"Citation counts vary by index/date; citations may instead accrue to the later FGCS journal version, and counts do not assess security or reproducibility."}},"paper_44":{"schema_version":"0.1","map_id":"paper-44-map","publication_id":44,"publication_anchor":"paper-44","slug":"paper-44","canonical_path":"/knowledge/papers/paper-44/","machine_path":"/knowledge/papers/paper-44.json","root_node_id":"paper-44","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"Proactive Secure Multiparty Computation with a Dishonest Majority","year":2018,"status":"Published","venue":"11th Conference on Security and Cryptography for Networks (SCN)","topic":"secure-encrypted-computation","labels":["Theory"],"authors":["Karim Eldefrawy","Rafail Ostrovsky","Sunoo Park","Moti Yung"],"keywords":["proactive MPC","dishonest majority","mobile adversary","identifiable abort","mixed corruptions"],"research_question":"Can proactive MPC retain privacy and correctness when a mobile adversary may passively observe a dishonest majority within a refresh period and eventually visit every party?","central_answer":"The exposed primary abstract states a first feasibility construction: a PMPC protocol with near-all-party passive resilience, identifiable-abort security for bounded active faults, and a mixed-corruption tradeoff. The full protocol body and proofs could not be retrieved in this audit, so exact algorithms and proof dependencies remain unmapped rather than inferred.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"bounded primary-source extraction, lineage comparison, and initial assessment"}],"method":"Bounded review of the official Springer record, author-uploaded ResearchGate page and exposed abstract, plus the later machine-checked evaluator's explicit description of this protocol lineage. Direct ResearchGate and Springer PDF downloads were blocked or paywalled on 2026-07-11; the paper body and proofs were not read.","source_scope":"abstract_and_primary_lineage_only","retrieval_note":"The public author-uploaded landing page reports a full-text PDF, but its direct payload returned access-denied code 1020; the official Springer PDF endpoint returned a no-access HTML page. No legitimate alternate public PDF was located in this audit.","approval":{"status":"pending","note":"AI-authored bounded map awaiting full author audit. No body-level claim is certified until the manuscript and proofs are reviewed."}},"sources":[{"id":"source-paper-44-official","type":"official_publication_record","title":"Proactive Secure Multiparty Computation with a Dishonest Majority","url":"https://doi.org/10.1007/978-3-319-98113-0_11","provenance_category":"official"},{"id":"source-paper-44-author-page","type":"author_uploaded_landing_page","title":"ResearchGate author-uploaded publication page","url":"https://www.researchgate.net/publication/325722786_Proactive_Secure_Multiparty_Computation_with_a_Dishonest_Majority","provenance_category":"author","access_note":"Full-text download advertised but payload unavailable to this audit."},{"id":"source-paper-44-lineage","type":"later_primary_source","title":"A High-Assurance Evaluator for Machine-Checked Secure Multiparty Computation","url":"/pubs/2019/verif-mpc_ccs2019.pdf","media_type":"application/pdf","sha256":"ab815efb0a8793e59af6f80b848746801dfb25c5dbfa092fbce68a0c8578fce3","page_count":48},{"id":"source-paper-44-citations","type":"citation_index_snapshot","title":"OpenAlex work W2887860185","url":"https://openalex.org/W2887860185","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-44-abstract","source_id":"source-paper-44-official","label":"Official abstract, stated thresholds, and feasibility claim","locator":"Springer chapter abstract, accessed 2026-07-11","url":"https://doi.org/10.1007/978-3-319-98113-0_11"},{"id":"anchor-paper-44-author-provenance","source_id":"source-paper-44-author-page","label":"Author upload, venue metadata, and public full-text indication","locator":"ResearchGate publication page; content uploaded by Karim Eldefrawy, accessed 2026-07-11","url":"https://www.researchgate.net/publication/325722786_Proactive_Secure_Multiparty_Computation_with_a_Dishonest_Majority"},{"id":"anchor-paper-44-lineage","source_id":"source-paper-44-lineage","label":"Later primary-source description of dishonest-majority proactive sharing lineage","locator":"Sections 1.2-1.3, PDF pages 3-5","url":"/pubs/2019/verif-mpc_ccs2019.pdf#page=3"},{"id":"anchor-paper-44-publication","source_id":"source-paper-44-official","label":"Official SCN publication identity","locator":"SCN 2018, DOI 10.1007/978-3-319-98113-0_11","url":"https://doi.org/10.1007/978-3-319-98113-0_11"},{"id":"anchor-paper-44-reception","source_id":"source-paper-44-citations","label":"Dated citation-count snapshot","locator":"OpenAlex reported 12 citing works on 2026-07-11","url":"https://openalex.org/W2887860185"}],"nodes":[{"id":"paper-44","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published_body_not_audited","title":"Dishonest-majority proactive MPC","summary":"A published feasibility result for proactive MPC under separate passive, active, and mixed mobile-corruption bounds; this map is intentionally limited to exposed primary claims.","source_anchor_ids":["anchor-paper-44-abstract"]},{"id":"paper-44-question","kind":"question","parent_id":"paper-44","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can long-lived MPC withstand a mobile adversary whose accumulated corruptions eventually cover all parties and whose within-period passive view may exceed an honest majority?","source_anchor_ids":["anchor-paper-44-abstract"]},{"id":"paper-44-answer","kind":"contribution","parent_id":"paper-44","order":2,"epistemic_status":"abstract_asserted","title":"Central answer","summary":"The abstract claims the first PMPC feasibility result for a dishonest-majority setting, with robustness only in the passive-only case and identifiable abort under active or mixed faults.","source_anchor_ids":["anchor-paper-44-abstract"]},{"id":"paper-44-model","kind":"threat_model","parent_id":"paper-44","order":3,"epistemic_status":"abstract_defined","title":"Mobile refresh-period adversary","summary":"Corrupted parties may change across refresh periods and all parties may be visited over the computation lifetime; security is conditioned on per-period passive and active thresholds.","source_anchor_ids":["anchor-paper-44-abstract"]},{"id":"paper-44-goals","kind":"definition","parent_id":"paper-44","order":4,"epistemic_status":"abstract_level","title":"Correctness, privacy, robustness, and identifiable abort","summary":"The exposed source distinguishes privacy/correctness security from guaranteed completion: active faults may be detected and attributed while still forcing abort.","source_anchor_ids":["anchor-paper-44-abstract"]},{"id":"paper-44-protocol","kind":"protocol","parent_id":"paper-44","order":5,"epistemic_status":"published_not_body_audited","title":"PMPC construction","summary":"A concrete PMPC protocol is claimed, but its share representation, refresh, recovery, gate evaluation, channels, cryptographic assumptions, and simulators cannot be responsibly reconstructed from the abstract alone.","source_anchor_ids":["anchor-paper-44-abstract","anchor-paper-44-author-provenance"]},{"id":"paper-44-claims","kind":"claim_group","parent_id":"paper-44","order":6,"epistemic_status":"abstract_asserted","title":"Exposed resilience claims","summary":"The abstract reports separate bounds rather than one universal corruption threshold.","source_anchor_ids":["anchor-paper-44-abstract"]},{"id":"paper-44-claim-passive","kind":"claim","parent_id":"paper-44-claims","order":1,"epistemic_status":"abstract_asserted_proof_unread","title":"Passive dishonest-majority case","summary":"With no active corruptions, the abstract states robust security for t < n - 2 passive corruptions per refresh period.","source_anchor_ids":["anchor-paper-44-abstract"]},{"id":"paper-44-claim-active","kind":"claim","parent_id":"paper-44-claims","order":2,"epistemic_status":"abstract_asserted_proof_unread","title":"Active-only case","summary":"With no additional passive corruptions, the abstract states non-robust security with identifiable abort for t < n/2 - 1 active corruptions.","source_anchor_ids":["anchor-paper-44-abstract"]},{"id":"paper-44-claim-mixed","kind":"claim","parent_id":"paper-44-claims","order":3,"epistemic_status":"abstract_asserted_proof_unread","title":"Mixed corruption case","summary":"For k active corruptions, the abstract states identifiable-abort security when total corruptions are fewer than n - k - 1; the full quantification and rounding conventions require body review.","source_anchor_ids":["anchor-paper-44-abstract"]},{"id":"paper-44-evidence","kind":"evidence_group","parent_id":"paper-44","order":7,"epistemic_status":"body_unavailable","title":"Evidence boundary","summary":"Publication and abstract establish that a construction and proofs were presented, but this audit did not inspect protocol pseudocode, formal games, lemmas, reductions, or proof completeness.","source_anchor_ids":["anchor-paper-44-abstract","anchor-paper-44-author-provenance"]},{"id":"paper-44-boundaries","kind":"limitation_group","parent_id":"paper-44","order":8,"epistemic_status":"audit_limitation","title":"Unresolved audit obligations","summary":"Exact network/setup assumptions, adaptive versus static corruption details, erasure model, computation class, communication cost, security assumptions, and theorem statements remain unknown from the accessible primary material.","source_anchor_ids":["anchor-paper-44-author-provenance"]},{"id":"paper-44-artifacts","kind":"artifact_group","parent_id":"paper-44","order":9,"epistemic_status":"inaccessible_full_text_route","title":"Publication resources","summary":"DOI and author-uploaded landing page are public, but no locally fixed full text, code, proof artifact, or independently accessible archive copy was obtained.","source_anchor_ids":["anchor-paper-44-author-provenance","anchor-paper-44-publication"]},{"id":"paper-44-scrutiny","kind":"scrutiny","parent_id":"paper-44","order":10,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"SCN publication indicates venue review. Review reports, artifact evaluation, independent proof checking, and reproduction are not represented.","source_anchor_ids":["anchor-paper-44-publication"]},{"id":"paper-44-lineage-node","kind":"lineage","parent_id":"paper-44","order":11,"epistemic_status":"documented_by_later_primary_source","title":"Later machine-checked lineage","summary":"Paper","source_anchor_ids":["anchor-paper-44-lineage"]}],"relations":[{"id":"paper-44-relation-answer-question","type":"addresses","from_id":"paper-44-answer","to_id":"paper-44-question"},{"id":"paper-44-relation-model-claims","type":"qualifies","from_id":"paper-44-model","to_id":"paper-44-claims"},{"id":"paper-44-relation-goals-claims","type":"defines","from_id":"paper-44-goals","to_id":"paper-44-claims"},{"id":"paper-44-relation-protocol-answer","type":"realizes","from_id":"paper-44-protocol","to_id":"paper-44-answer"},{"id":"paper-44-relation-evidence-claims","type":"qualifies","from_id":"paper-44-evidence","to_id":"paper-44-claims"},{"id":"paper-44-relation-boundaries-claims","type":"limits","from_id":"paper-44-boundaries","to_id":"paper-44-claims"},{"id":"paper-44-relation-lineage-paper","type":"contextualizes","from_id":"paper-44-lineage-node","to_id":"paper-44"}],"assessment":{"id":"paper-44-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The official abstract exposes a substantive construction and precise resilience claims, and a later primary source confirms the research lineage, but the protocol body and proofs were not available for audit.","basis_source_anchor_ids":["anchor-paper-44-abstract","anchor-paper-44-lineage"]},{"id":"auditability","level":"high","rationale":"The resource record includes a public author-uploaded full-text route in addition to the official DOI, which satisfies the site's author-copy rule for High auditability. The route was blocked to this audit client, so source_scope remains bounded and no body-level claim is treated as inspected.","basis_source_anchor_ids":["anchor-paper-44-author-provenance","anchor-paper-44-publication"]},{"id":"production_provenance","level":"medium","rationale":"Authors, venue, date, DOI, and author-upload provenance are documented; revision history, contributor roles, and manuscript fixity are not.","basis_source_anchor_ids":["anchor-paper-44-author-provenance","anchor-paper-44-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"SCN publication establishes venue scrutiny, but public reviews, proof audits, and reproduction were not located.","basis_source_anchor_ids":["anchor-paper-44-publication"]},{"id":"reception","level":"high","rationale":"OpenAlex reported 12 citations on 2026-07-11; under the finalized rubric, 11 or more located citations is High.","basis_source_anchor_ids":["anchor-paper-44-reception"]},{"id":"contribution_significance","level":"medium","rationale":"The abstract claims a first feasibility result across an important resilience barrier, but priority and technical scope could not be fully assessed without the paper body.","basis_source_anchor_ids":["anchor-paper-44-abstract"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI lookup","citation_count":12,"source_url":"https://openalex.org/W2887860185","signals":["OpenAlex reported 12 works citing the SCN chapter."],"limitation":"The count is index- and date-dependent, may include self-citations, and does not validate the unpublished-to-this-map proof details."}},"paper_45":{"schema_version":"0.1","map_id":"paper-45-map","publication_id":45,"publication_anchor":"paper-45","slug":"paper-45","canonical_path":"/knowledge/papers/paper-45/","machine_path":"/knowledge/papers/paper-45.json","root_node_id":"paper-45","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol","scheme"],"title":"Theoretical Foundations for Mobile Target Defense: Proactive Secret Sharing and Secure Multiparty Computation","year":2018,"status":"Published · book chapter","venue":"From Database to Cyber Security","topic":"secure-encrypted-computation","labels":["Theory"],"authors":["Karim Eldefrawy","Rafail Ostrovsky","Moti Yung"],"keywords":["moving-target defense","proactive secret sharing","proactive MPC","mobile adversary","identifiable abort"],"research_question":"How can moving-target defense in distributed storage and computation be given cryptographic confidentiality and correctness foundations rather than relying only on heuristic relocation or diversity?","central_answer":"The chapter presents proactive secret sharing and proactive MPC as a cryptographic realization of moving-target defense: periodic share refresh and node recovery replace a lifetime corruption threshold with a per-period penetration-rate bound. Its exposed abstract illustrates the thesis with the dishonest-majority PSS scheme and its separate passive, active, and mixed thresholds.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"bounded primary-source extraction, cross-paper lineage mapping, and initial assessment"}],"method":"Bounded review of the official Springer chapter record, the author-uploaded ResearchGate page and exposed full abstract, and the checked-in PODC brief for the PSS scheme used as the chapter's central example. Direct author-PDF and Springer-PDF retrieval was blocked or paywalled; the chapter body was not read.","source_scope":"abstract_and_primary_lineage_only","retrieval_note":"The ResearchGate author page advertises a full-text PDF but returned access-denied code 1020, and Springer returned a no-access HTML page. No alternate legitimate public copy was located on 2026-07-11.","approval":{"status":"pending","note":"AI-authored bounded map awaiting full author audit. Chapter organization and claims beyond the exposed abstract remain unverified."}},"sources":[{"id":"source-paper-45-official","type":"official_publication_record","title":"Theoretical Foundations for Mobile Target Defense: Proactive Secret Sharing and Secure Multiparty Computation","url":"https://doi.org/10.1007/978-3-030-04834-1_23","provenance_category":"official"},{"id":"source-paper-45-author-page","type":"author_uploaded_landing_page","title":"ResearchGate author-uploaded publication page","url":"https://www.researchgate.net/publication/324897081_Theoretical_Foundations_for_Mobile_Target_Defense_Proactive_Secret_Sharing_and_Secure_Multiparty_Computation","provenance_category":"author","access_note":"Full-text route advertised but PDF payload unavailable to this audit."},{"id":"source-paper-45-example","type":"primary_predecessor","title":"Brief Announcement: Proactive Secret Sharing with a Dishonest Majority","url":"/pubs/2016/proactive-secret-sharing-dishonest-majority-podc2016-brief.pdf","media_type":"application/pdf","sha256":"66c0484c3ad92a7849bc3bb4613b730f4d73a5ac0f6bce0fcd05d144d7435cba","page_count":3},{"id":"source-paper-45-citations","type":"citation_index_snapshot","title":"OpenAlex work W2902349212","url":"https://openalex.org/W2902349212","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-45-abstract","source_id":"source-paper-45-official","label":"MTD framing, PSS/PMPC thesis, and example thresholds","locator":"Springer chapter abstract, accessed 2026-07-11","url":"https://doi.org/10.1007/978-3-030-04834-1_23"},{"id":"anchor-paper-45-author-provenance","source_id":"source-paper-45-author-page","label":"Author upload, chapter metadata, and public full-text indication","locator":"ResearchGate publication page, accessed 2026-07-11","url":"https://www.researchgate.net/publication/324897081_Theoretical_Foundations_for_Mobile_Target_Defense_Proactive_Secret_Sharing_and_Secure_Multiparty_Computation"},{"id":"anchor-paper-45-example-model","source_id":"source-paper-45-example","label":"Predecessor PSS model and construction blueprint","locator":"Sections 2-3, PDF pages 1-3","url":"/pubs/2016/proactive-secret-sharing-dishonest-majority-podc2016-brief.pdf#page=1"},{"id":"anchor-paper-45-example-limits","source_id":"source-paper-45-example","label":"Example scheme thresholds, communication, and open problems","locator":"Abstract and Section 4, PDF pages 1 and 3","url":"/pubs/2016/proactive-secret-sharing-dishonest-majority-podc2016-brief.pdf#page=3"},{"id":"anchor-paper-45-publication","source_id":"source-paper-45-official","label":"Official book-chapter identity","locator":"From Database to Cyber Security, DOI 10.1007/978-3-030-04834-1_23","url":"https://doi.org/10.1007/978-3-030-04834-1_23"},{"id":"anchor-paper-45-reception","source_id":"source-paper-45-citations","label":"Dated citation-count snapshot","locator":"OpenAlex reported 1 citing work on 2026-07-11","url":"https://openalex.org/W2902349212"}],"nodes":[{"id":"paper-45","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published_chapter_body_not_audited","title":"Cryptographic foundations for moving-target defense","summary":"A theory chapter connecting periodic cryptographic rerandomization and recovery to the moving-target-defense objective, with dishonest-majority PSS as its exposed example.","source_anchor_ids":["anchor-paper-45-abstract"]},{"id":"paper-45-question","kind":"question","parent_id":"paper-45","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can changing a distributed system's cryptographic representation over time ensure that a persistent mobile attacker never accumulates a usable global view?","source_anchor_ids":["anchor-paper-45-abstract"]},{"id":"paper-45-answer","kind":"contribution","parent_id":"paper-45","order":2,"epistemic_status":"abstract_asserted_synthesis","title":"Central synthesis","summary":"Proactive refresh replaces a fixed lifetime corruption bound by a rate condition: old shares are rerandomized and erased before the attacker crosses the within-period threshold.","source_anchor_ids":["anchor-paper-45-abstract","anchor-paper-45-example-model"]},{"id":"paper-45-mtd","kind":"definition","parent_id":"paper-45","order":3,"epistemic_status":"conceptual_mapping","title":"Cryptographic moving-target defense","summary":"The target that moves is the representation of long-lived secrets and computation state, not necessarily the physical host, address, or software image.","source_anchor_ids":["anchor-paper-45-abstract"]},{"id":"paper-45-model","kind":"threat_model","parent_id":"paper-45","order":4,"epistemic_status":"abstract_defined","title":"Mobile adversary","summary":"The adversary may eventually compromise every party, but security requires its corruption set to stay within the appropriate threshold during each refresh period while repaired parties return clean.","source_anchor_ids":["anchor-paper-45-abstract","anchor-paper-45-example-model"]},{"id":"paper-45-foundations","kind":"method","parent_id":"paper-45","order":5,"epistemic_status":"survey_and_synthesis","title":"PSS and PMPC foundations","summary":"PSS preserves distributed secrets by refresh and recovery; MPC evaluates functions on shares; PMPC composes these ideas so long-running private computation tolerates a moving corruption set.","source_anchor_ids":["anchor-paper-45-abstract"]},{"id":"paper-45-example-node","kind":"scheme","parent_id":"paper-45-foundations","order":1,"epistemic_status":"predecessor_source_inspected","title":"Dishonest-majority PSS example","summary":"The cited example encodes a secret as additive summands shared by increasing-degree polynomials, with share, reconstruct, refresh, and recovery protocols.","source_anchor_ids":["anchor-paper-45-example-model"]},{"id":"paper-45-claims","kind":"claim_group","parent_id":"paper-45","order":6,"epistemic_status":"exposed_abstract_and_predecessor","title":"Example resilience profile","summary":"The example separates robust passive resilience from non-robust active and mixed security with identifiable abort; a single scalar threshold would misstate the result.","source_anchor_ids":["anchor-paper-45-abstract","anchor-paper-45-example-limits"]},{"id":"paper-45-claim-rate","kind":"claim","parent_id":"paper-45-claims","order":1,"epistemic_status":"conceptual","title":"Rate-based security interpretation","summary":"Proactive security constrains attacker penetration relative to refresh and repair speed, even when the adversary's lifetime union of corruptions contains all parties.","source_anchor_ids":["anchor-paper-45-abstract"]},{"id":"paper-45-claim-thresholds","kind":"claim","parent_id":"paper-45-claims","order":2,"epistemic_status":"abstract_asserted","title":"Dishonest-majority example thresholds","summary":"The abstract states robust passive security near n parties, non-robust active security below half, and a mixed active/total tradeoff; exact inequalities must be checked against the chapter body.","source_anchor_ids":["anchor-paper-45-abstract"]},{"id":"paper-45-evidence","kind":"evidence_group","parent_id":"paper-45","order":7,"epistemic_status":"bounded","title":"Evidence boundary","summary":"The chapter's central framing and example are visible in its abstract, and the predecessor brief exposes the example construction; the chapter's full exposition, comparisons, and any PMPC development were not audited.","source_anchor_ids":["anchor-paper-45-abstract","anchor-paper-45-example-model"]},{"id":"paper-45-boundaries","kind":"limitation_group","parent_id":"paper-45","order":8,"epistemic_status":"material","title":"Model and audit boundaries","summary":"Proactive guarantees require periods, repair, secure deletion, and channel/setup assumptions; the example's active mode can abort. The inaccessible chapter prevents certification of its full assumption set and open-problem analysis.","source_anchor_ids":["anchor-paper-45-example-model","anchor-paper-45-example-limits","anchor-paper-45-author-provenance"]},{"id":"paper-45-artifacts","kind":"artifact_group","parent_id":"paper-45","order":9,"epistemic_status":"partial","title":"Publication resources","summary":"Official and author-uploaded landing pages plus a public predecessor brief are available; no locally fixed chapter PDF, code, dataset, or proof artifact was obtained.","source_anchor_ids":["anchor-paper-45-author-provenance","anchor-paper-45-publication"]},{"id":"paper-45-scrutiny","kind":"scrutiny","parent_id":"paper-45","order":10,"epistemic_status":"edited_book_chapter","title":"External scrutiny","summary":"Publication in an edited Springer volume provides editorial exposure, but the review process, reports, and independent validation are not represented.","source_anchor_ids":["anchor-paper-45-publication"]},{"id":"paper-45-lineage","kind":"lineage","parent_id":"paper-45","order":11,"epistemic_status":"documented","title":"Position in the proactive-security line","summary":"The chapter synthesizes the PSS construction represented by papers","source_anchor_ids":["anchor-paper-45-abstract","anchor-paper-45-example-model"]}],"relations":[{"id":"paper-45-relation-answer-question","type":"addresses","from_id":"paper-45-answer","to_id":"paper-45-question"},{"id":"paper-45-relation-mtd-answer","type":"frames","from_id":"paper-45-mtd","to_id":"paper-45-answer"},{"id":"paper-45-relation-model-answer","type":"qualifies","from_id":"paper-45-model","to_id":"paper-45-answer"},{"id":"paper-45-relation-example-foundations","type":"exemplifies","from_id":"paper-45-example-node","to_id":"paper-45-foundations"},{"id":"paper-45-relation-foundations-answer","type":"supports","from_id":"paper-45-foundations","to_id":"paper-45-answer"},{"id":"paper-45-relation-evidence-claims","type":"qualifies","from_id":"paper-45-evidence","to_id":"paper-45-claims"},{"id":"paper-45-relation-boundaries-claims","type":"limits","from_id":"paper-45-boundaries","to_id":"paper-45-claims"},{"id":"paper-45-relation-lineage-paper","type":"contextualizes","from_id":"paper-45-lineage","to_id":"paper-45"}],"assessment":{"id":"paper-45-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The official abstract clearly exposes the conceptual mapping and example thresholds, and the predecessor construction is inspectable, but the chapter body was not available.","basis_source_anchor_ids":["anchor-paper-45-abstract","anchor-paper-45-example-model"]},{"id":"auditability","level":"high","rationale":"The resource record includes a public author-uploaded full-text route in addition to the official DOI, which satisfies the site's author-copy rule for High auditability. The route was blocked to this audit client, so source_scope remains bounded and no body-level claim is treated as inspected.","basis_source_anchor_ids":["anchor-paper-45-author-provenance","anchor-paper-45-publication"]},{"id":"production_provenance","level":"medium","rationale":"Authorship, title, edited volume, DOI, date, and author-upload provenance are documented; roles, revisions, and manuscript fixity are not.","basis_source_anchor_ids":["anchor-paper-45-author-provenance","anchor-paper-45-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"Springer edited-volume publication establishes editorial scrutiny, but review reports and independent technical evaluation were not located.","basis_source_anchor_ids":["anchor-paper-45-publication"]},{"id":"reception","level":"low","rationale":"OpenAlex reported 1 citation on 2026-07-11; under the finalized rubric, 0 through 8 located citations is Low.","basis_source_anchor_ids":["anchor-paper-45-reception"]},{"id":"contribution_significance","level":"medium","rationale":"The chapter articulates a useful formal bridge between MTD and proactive cryptography, but its detailed novelty and influence cannot be fully evaluated from the abstract alone.","basis_source_anchor_ids":["anchor-paper-45-abstract"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI lookup","citation_count":1,"source_url":"https://openalex.org/W2902349212","signals":["OpenAlex reported 1 work citing the book chapter."],"limitation":"Counts vary by index/date, and related citations may accrue to the underlying PSS and PMPC papers rather than this synthesis chapter."}},"paper_46":{"schema_version":"0.1","map_id":"paper-46-map","publication_id":46,"publication_anchor":"paper-46","slug":"paper-46","canonical_path":"/knowledge/papers/paper-46/","machine_path":"/knowledge/papers/paper-46.json","root_node_id":"paper-46","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"PURE: Using Verified Remote Attestation to Obtain Proofs of Update, Reset and Erasure in Low-End Embedded Systems","year":2019,"status":"Published","venue":"IEEE/ACM International Conference on Computer-Aided Design (ICCAD)","topic":"secure-systems-networks","labels":["Theory","Applied"],"authors":["Ivan De Oliveira Nunes","Karim Eldefrawy","Norrathep Rattanavipanon","Gene Tsudik"],"keywords":["remote attestation","proof of update","proof of reset","proof of erasure","formal verification","embedded systems"],"research_question":"Can a verifier do more than detect compromise on a low-end embedded device—can it obtain trustworthy evidence that the device was updated, erased, reset, and returned to a functional malware-free state?","central_answer":"PURE extends VRASED with three challenge-response services: Proof of Reset, Proof of Update, and Proof of Erasure. Security games and reductions tie valid proofs to the corresponding memory transition, modified trusted components are model-checked, and an OpenMSP430/Basys3 implementation adds about 0.4% registers and 50 bytes of trusted ROM.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, proof-boundary mapping, and initial assessment"}],"method":"Source-grounded review of the complete checked-in paper, including visual inspection of the first and evaluation pages. Security games, constructions, reductions, LTL changes, implementation, performance tables, and stated limitations were read; the repository was identified but not independently built or model-checked.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author audit. Proof interpretations, measurements, and ratings remain provisional."}},"sources":[{"id":"source-paper-46-author-pdf","type":"author_hosted_copy","title":"PURE: Using Verified Remote Attestation to Obtain Proofs of Update, Reset and Erasure in Low-End Embedded Systems","url":"/pubs/2019/pure_iccad2019.pdf","provenance_category":"author","media_type":"application/pdf","sha256":"390829f6114e86f1b43c428d84420bcaab00949f5c3dda6678c004200917fe2d","page_count":8},{"id":"source-paper-46-official","type":"official_publication_record","title":"IEEE ICCAD 2019 publication record","url":"https://doi.org/10.1109/ICCAD45719.2019.8942118","provenance_category":"official"},{"id":"source-paper-46-repository","type":"code_repository","title":"PURE branch in the VRASED repository","url":"https://github.com/sprout-uci/vrased/tree/pure","version_note":"Repository cited by the paper; no immutable commit was pinned in this audit."},{"id":"source-paper-46-citations","type":"citation_index_snapshot","title":"OpenAlex work W2997695369","url":"https://openalex.org/W2997695369","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-46-problem","source_id":"source-paper-46-author-pdf","label":"Problem, architecture goal, contributions, and headline overhead","locator":"Abstract and Section 1, PDF pages 1-2","url":"/pubs/2019/pure_iccad2019.pdf#page=1"},{"id":"anchor-paper-46-vrased","source_id":"source-paper-46-author-pdf","label":"VRASED architecture, LTL verification, and inherited RA game","locator":"Section 3, PDF pages 2-4","url":"/pubs/2019/pure_iccad2019.pdf#page=2"},{"id":"anchor-paper-46-adversary","source_id":"source-paper-46-author-pdf","label":"Full software-compromise adversary and physical/hardware assumptions","locator":"Section 4, PDF page 4","url":"/pubs/2019/pure_iccad2019.pdf#page=4"},{"id":"anchor-paper-46-por","source_id":"source-paper-46-author-pdf","label":"Proof-of-Reset game, construction, theorem, and verified implementation","locator":"Section 5, PDF pages 4-6","url":"/pubs/2019/pure_iccad2019.pdf#page=4"},{"id":"anchor-paper-46-pou","source_id":"source-paper-46-author-pdf","label":"Proof-of-Update game, construction, theorem, request authentication, and helper-code boundary","locator":"Section 6, PDF pages 6-7","url":"/pubs/2019/pure_iccad2019.pdf#page=6"},{"id":"anchor-paper-46-poe","source_id":"source-paper-46-author-pdf","label":"Proof-of-Erasure construction and helper-code caveat","locator":"Section 7, PDF page 7","url":"/pubs/2019/pure_iccad2019.pdf#page=7"},{"id":"anchor-paper-46-evaluation","source_id":"source-paper-46-author-pdf","label":"FPGA resources, ROM/RAM, and runtime evaluation","locator":"Section 8, Table 2 and Figure 5, PDF pages 7-8","url":"/pubs/2019/pure_iccad2019.pdf#page=7"},{"id":"anchor-paper-46-conclusion","source_id":"source-paper-46-author-pdf","label":"Serial-composition conclusion and future directions","locator":"Section 9, PDF page 8","url":"/pubs/2019/pure_iccad2019.pdf#page=8"},{"id":"anchor-paper-46-repository","source_id":"source-paper-46-repository","label":"Public implementation and verification artifacts","locator":"PURE repository branch, accessed 2026-07-11","url":"https://github.com/sprout-uci/vrased/tree/pure"},{"id":"anchor-paper-46-publication","source_id":"source-paper-46-official","label":"Official peer-reviewed publication identity","locator":"ICCAD 2019, DOI 10.1109/ICCAD45719.2019.8942118","url":"https://doi.org/10.1109/ICCAD45719.2019.8942118"},{"id":"anchor-paper-46-reception","source_id":"source-paper-46-citations","label":"Dated citation-count snapshot","locator":"OpenAlex reported 16 citing works on 2026-07-11","url":"https://openalex.org/W2997695369"}],"nodes":[{"id":"paper-46","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"PURE","summary":"A verified-attestation extension that gives a remote verifier cryptographic proofs of reset, update, and erasure on a low-end MCU.","source_anchor_ids":["anchor-paper-46-problem"]},{"id":"paper-46-question","kind":"question","parent_id":"paper-46","order":1,"epistemic_status":"research_question","title":"Research question","summary":"After remote attestation detects compromise, can the verifier prove that remediation really changed all intended device state and restarted execution safely?","source_anchor_ids":["anchor-paper-46-problem"]},{"id":"paper-46-answer","kind":"contribution","parent_id":"paper-46","order":2,"epistemic_status":"implemented_and_formally_analyzed","title":"Central answer","summary":"Reuse VRASED's protected HMAC and hardware monitor to bind a fresh challenge to reset, update, or erasure transitions, then serially compose the three services.","source_anchor_ids":["anchor-paper-46-vrased","anchor-paper-46-por","anchor-paper-46-pou","anchor-paper-46-poe"]},{"id":"paper-46-threat","kind":"threat_model","parent_id":"paper-46","order":3,"epistemic_status":"defined","title":"Full software-compromise adversary","summary":"Malware controls the prover's writable memory and software execution, including code-reuse attempts and refusal to cooperate, but cannot violate protected hardware/ROM, extract the attestation key, or mount physical/fault attacks.","source_anchor_ids":["anchor-paper-46-adversary"]},{"id":"paper-46-assumptions","kind":"assumption","parent_id":"paper-46","order":4,"epistemic_status":"inherited_and_extended","title":"Trusted boundary","summary":"Guarantees inherit VRASED's MCU-signal, reset, key, HMAC, compiler, and hardware-monitor assumptions; helper-code availability and verifier request authentication are separate operational concerns.","source_anchor_ids":["anchor-paper-46-vrased","anchor-paper-46-pou","anchor-paper-46-poe"]},{"id":"paper-46-services","kind":"protocol_group","parent_id":"paper-46","order":5,"epistemic_status":"specified_verified_and_implemented","title":"Three remediation services","summary":"Each service has a security game and construction; only trusted-component changes are model-checked, while theorem proofs connect accepted HMAC evidence to the intended state transition.","source_anchor_ids":["anchor-paper-46-por","anchor-paper-46-pou","anchor-paper-46-poe"]},{"id":"paper-46-por-node","kind":"protocol","parent_id":"paper-46-services","order":1,"epistemic_status":"implemented_and_model_checked","title":"Proof of Reset (PoR)","summary":"Trusted code authenticates reset completion under a challenge, and hardware rules ensure that the proof is emitted only through the reset path before execution returns to unprivileged software.","source_anchor_ids":["anchor-paper-46-por"]},{"id":"paper-46-pou-node","kind":"protocol","parent_id":"paper-46-services","order":2,"epistemic_status":"implemented_and_reduction_proved","title":"Proof of Update (PoU)","summary":"Untrusted helper code writes target software S into region UR; VRASED then authenticates UR and request context so a valid proof is tied to the installed bytes, assuming request origin is authenticated when needed.","source_anchor_ids":["anchor-paper-46-pou"]},{"id":"paper-46-poe-node","kind":"protocol","parent_id":"paper-46-services","order":3,"epistemic_status":"implemented_and_reduction_reused","title":"Proof of Erasure (PoE)","summary":"PoE specializes update to an all-zero target over the erased region; erasing all writable memory requires immutable or separately attested helper code to avoid hiding malware in an excluded region.","source_anchor_ids":["anchor-paper-46-poe"]},{"id":"paper-46-compose","kind":"protocol","parent_id":"paper-46-services","order":4,"epistemic_status":"composition_argument","title":"Serial remediation sequence","summary":"Update program memory, erase residual writable state, then reset so the verifier obtains evidence of new code, cleared old data, and reinitialized control flow.","source_anchor_ids":["anchor-paper-46-problem","anchor-paper-46-conclusion"]},{"id":"paper-46-claims","kind":"claim_group","parent_id":"paper-46","order":6,"epistemic_status":"mixed_formal_and_empirical","title":"Principal claims","summary":"PURE claims game-based service security, formal conformance of modified trusted hardware, low incremental footprint, and practical runtime.","source_anchor_ids":["anchor-paper-46-por","anchor-paper-46-pou","anchor-paper-46-evaluation"]},{"id":"paper-46-claim-security","kind":"claim","parent_id":"paper-46-claims","order":1,"epistemic_status":"proved_conditional","title":"Accepted proofs imply intended transitions","summary":"Under VRASED/HMAC assumptions, an adversary cannot produce accepted PoR or PoU/PoE evidence without taking the corresponding reset or memory-state action except with negligible probability.","source_anchor_ids":["anchor-paper-46-por","anchor-paper-46-pou","anchor-paper-46-poe"]},{"id":"paper-46-claim-verification","kind":"claim","parent_id":"paper-46-claims","order":2,"epistemic_status":"model_checked_within_rtl_model","title":"Modified trusted logic satisfies LTL policies","summary":"Additional reset-operation state and DMA/execution rules are translated to NuSMV and checked as extensions to VRASED's hardware monitor; this is not verification of every MCU component.","source_anchor_ids":["anchor-paper-46-vrased","anchor-paper-46-por"]},{"id":"paper-46-claim-overhead","kind":"claim","parent_id":"paper-46-claims","order":3,"epistemic_status":"experimentally_supported","title":"Small incremental cost","summary":"Relative to VRASED, PURE adds 4 LUTs, 3 registers, about 50 bytes of trusted ROM, and 26 bytes of helper code; PoR takes 26 ms at 8 MHz and update/erasure scale linearly with memory size.","source_anchor_ids":["anchor-paper-46-evaluation"]},{"id":"paper-46-evidence","kind":"evidence_group","parent_id":"paper-46","order":7,"epistemic_status":"formal_artifact_and_fpga_measurement","title":"Evidence stack","summary":"Security games and theorem arguments, NuSMV checks of added trusted logic, an OpenMSP430/Basys3 FPGA implementation, resource synthesis, runtime measurements, and a public code branch jointly support the claims.","source_anchor_ids":["anchor-paper-46-por","anchor-paper-46-pou","anchor-paper-46-evaluation","anchor-paper-46-repository"]},{"id":"paper-46-boundaries","kind":"limitation_group","parent_id":"paper-46","order":8,"epistemic_status":"material","title":"Security and deployment boundaries","summary":"A valid proof does not authenticate who requested a malicious update unless verifier authentication is enabled; writable helper code can be erased or infected; physical attacks, faults, and the complete MCU are outside the model.","source_anchor_ids":["anchor-paper-46-adversary","anchor-paper-46-pou","anchor-paper-46-poe"]},{"id":"paper-46-artifacts","kind":"artifact_group","parent_id":"paper-46","order":9,"epistemic_status":"public_unpinned","title":"Implementation and verification artifacts","summary":"The paper and PURE repository branch are public. This map records no immutable repository revision, build transcript, model-check log, FPGA bitstream hash, or independent reproduction.","source_anchor_ids":["anchor-paper-46-repository","anchor-paper-46-evaluation"]},{"id":"paper-46-scrutiny","kind":"scrutiny","parent_id":"paper-46","order":10,"epistemic_status":"venue_reviewed_with_machine_checked_components","title":"External scrutiny","summary":"ICCAD publication and public formal/implementation artifacts provide substantial exposure, but no public review reports or independent end-to-end verification were located.","source_anchor_ids":["anchor-paper-46-publication","anchor-paper-46-repository"]},{"id":"paper-46-lineage","kind":"lineage","parent_id":"paper-46","order":11,"epistemic_status":"explicit","title":"VRASED extension","summary":"PURE is downstream of VRASED (#50): it reuses VRASED's verified attestation TCB and HMAC path, adding remediation states and services rather than replacing the base architecture.","source_anchor_ids":["anchor-paper-46-vrased","anchor-paper-46-problem"]}],"relations":[{"id":"paper-46-relation-answer-question","type":"addresses","from_id":"paper-46-answer","to_id":"paper-46-question"},{"id":"paper-46-relation-por-services","type":"component_of","from_id":"paper-46-por-node","to_id":"paper-46-services"},{"id":"paper-46-relation-pou-services","type":"component_of","from_id":"paper-46-pou-node","to_id":"paper-46-services"},{"id":"paper-46-relation-poe-services","type":"component_of","from_id":"paper-46-poe-node","to_id":"paper-46-services"},{"id":"paper-46-relation-services-compose","type":"composed_by","from_id":"paper-46-services","to_id":"paper-46-compose"},{"id":"paper-46-relation-services-security","type":"supports","from_id":"paper-46-services","to_id":"paper-46-claim-security"},{"id":"paper-46-relation-evidence-overhead","type":"supports","from_id":"paper-46-evidence","to_id":"paper-46-claim-overhead"},{"id":"paper-46-relation-assumptions-security","type":"qualifies","from_id":"paper-46-assumptions","to_id":"paper-46-claim-security"},{"id":"paper-46-relation-boundaries-claims","type":"qualifies","from_id":"paper-46-boundaries","to_id":"paper-46-claims"},{"id":"paper-46-relation-lineage-paper","type":"contextualizes","from_id":"paper-46-lineage","to_id":"paper-46"}],"assessment":{"id":"paper-46-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The full paper combines explicit games and reductions, model-checked trusted-component changes, a concrete FPGA implementation, resource/runtime evaluation, and public artifacts, while retaining clear trusted-boundary limits.","basis_source_anchor_ids":["anchor-paper-46-por","anchor-paper-46-pou","anchor-paper-46-evaluation","anchor-paper-46-repository"]},{"id":"auditability","level":"high","rationale":"A checked-in full paper with hash/page count, precise anchors, DOI, and public code/verification branch make assumptions and evidence inspectable; the exact artifact revision is not pinned.","basis_source_anchor_ids":["anchor-paper-46-problem","anchor-paper-46-repository","anchor-paper-46-publication"]},{"id":"production_provenance","level":"medium","rationale":"Authors, venue, DOI, predecessor architecture, toolchain, hardware platform, and repository are documented; roles, revision history, immutable artifact versions, and run provenance remain incomplete.","basis_source_anchor_ids":["anchor-paper-46-publication","anchor-paper-46-repository","anchor-paper-46-evaluation"]},{"id":"external_scrutiny","level":"high","rationale":"ICCAD review plus inspectable model-checked components and public implementation provide multiple scrutiny surfaces; independent reproduction and public review reports were not found.","basis_source_anchor_ids":["anchor-paper-46-publication","anchor-paper-46-repository"]},{"id":"reception","level":"high","rationale":"OpenAlex reported 16 citations on 2026-07-11; under the finalized rubric, 11 or more located citations is High.","basis_source_anchor_ids":["anchor-paper-46-reception"]},{"id":"contribution_significance","level":"high","rationale":"PURE turns verified compromise detection into a composable remote-remediation path with formal and concrete evidence for constrained devices; broad deployment and independent replication remain unaudited.","basis_source_anchor_ids":["anchor-paper-46-problem","anchor-paper-46-evaluation"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI lookup","citation_count":16,"source_url":"https://openalex.org/W2997695369","signals":["OpenAlex reported 16 works citing the ICCAD paper."],"limitation":"The count varies by index/date, may include self-citations, and does not show whether later work reproduced the FPGA implementation or rechecked the proofs."}},"paper_47":{"schema_version":"0.1","map_id":"paper-47-map","publication_id":47,"publication_anchor":"paper-47","slug":"paper-47","canonical_path":"/knowledge/papers/paper-47/","machine_path":"/knowledge/papers/paper-47.json","root_node_id":"paper-47","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":[],"title":"Opinion: Advancing Remote Attestation via Computer-Aided Formal Verification of Designs and Synthesis of Executables","year":2019,"status":"Published · opinion paper","venue":"12th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec)","topic":"secure-systems-networks","labels":["Perspective"],"authors":["Karim Eldefrawy","Gene Tsudik"],"keywords":["remote attestation","formal verification","program synthesis","trusted computing","research agenda"],"research_question":"What must the remote-attestation community add to manual protocol reasoning and ad hoc implementation to obtain stronger confidence in claimed security, safety, and robustness?","central_answer":"The position paper argues for computer-aided specification and verification of RA protocols and hardware/software architectures, followed by correct-by-construction synthesis of executable components. It supports the agenda with concrete prior-design failures and identifies open obligations in property completeness, end-to-end verification, synthesis, and group attestation.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text argument mapping and initial assessment"}],"method":"Source-grounded review of the complete four-page opinion paper, including visual inspection of its first and research-agenda pages. The map distinguishes recommendations and case studies from proved technical results.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author audit. Interpretation of the agenda and significance ratings remains provisional."}},"sources":[{"id":"source-paper-47-author-pdf","type":"author_hosted_copy","title":"Opinion: Advancing Remote Attestation via Computer-Aided Formal Verification of Designs and Synthesis of Executables","url":"/pubs/2019/ra-opinion_wisec2019.pdf","provenance_category":"author","media_type":"application/pdf","sha256":"8783d63cfbc287967fe23e65a708f59c1ca1345409ccda52c9d0ad9444463df3","page_count":4},{"id":"source-paper-47-official","type":"official_publication_record","title":"ACM WiSec 2019 publication record","url":"https://doi.org/10.1145/3317549.3323403","provenance_category":"official"},{"id":"source-paper-47-archive","type":"public_archive_copy","title":"NSF Public Access copy","url":"https://par.nsf.gov/servlets/purl/10121392","provenance_category":"archive"},{"id":"source-paper-47-citations","type":"citation_index_snapshot","title":"OpenAlex work W2946516862","url":"https://openalex.org/W2946516862","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-47-thesis","source_id":"source-paper-47-author-pdf","label":"Opinion thesis, motivation, and claimed objective","locator":"Abstract and Section 1, PDF page 1","url":"/pubs/2019/ra-opinion_wisec2019.pdf#page=1"},{"id":"anchor-paper-47-model","source_id":"source-paper-47-author-pdf","label":"RA protocol, remote adversary, and scope of desired verification","locator":"Section 2.1, PDF pages 1-2","url":"/pubs/2019/ra-opinion_wisec2019.pdf#page=1"},{"id":"anchor-paper-47-landscape","source_id":"source-paper-47-author-pdf","label":"Software, hardware, and hybrid RA comparison","locator":"Section 2.2, PDF page 2","url":"/pubs/2019/ra-opinion_wisec2019.pdf#page=2"},{"id":"anchor-paper-47-methods","source_id":"source-paper-47-author-pdf","label":"Existing verification efforts, HYDRA, and VRASED boundaries","locator":"Section 3.1, PDF page 3","url":"/pubs/2019/ra-opinion_wisec2019.pdf#page=3"},{"id":"anchor-paper-47-cases","source_id":"source-paper-47-author-pdf","label":"Temporal-consistency, interrupt atomicity, and availability case studies","locator":"Section 3.2, PDF page 3","url":"/pubs/2019/ra-opinion_wisec2019.pdf#page=3"},{"id":"anchor-paper-47-agenda","source_id":"source-paper-47-author-pdf","label":"Four-part research agenda","locator":"Section 4, PDF pages 3-4","url":"/pubs/2019/ra-opinion_wisec2019.pdf#page=3"},{"id":"anchor-paper-47-publication","source_id":"source-paper-47-official","label":"Official opinion-paper publication identity","locator":"WiSec 2019, DOI 10.1145/3317549.3323403","url":"https://doi.org/10.1145/3317549.3323403"},{"id":"anchor-paper-47-reception","source_id":"source-paper-47-citations","label":"Dated citation-count snapshot","locator":"OpenAlex reported 1 citing work on 2026-07-11","url":"https://openalex.org/W2946516862"}],"nodes":[{"id":"paper-47","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published_opinion","title":"A formal-methods agenda for remote attestation","summary":"A position paper arguing that RA security claims need machine-assisted models, proofs, and synthesized implementations, supported by failure case studies and a four-part agenda.","source_anchor_ids":["anchor-paper-47-thesis"]},{"id":"paper-47-question","kind":"question","parent_id":"paper-47","order":1,"epistemic_status":"research_agenda_question","title":"Research question","summary":"How can RA move from plausible manual arguments to implementations whose architecture-level obligations are explicit and mechanically checked?","source_anchor_ids":["anchor-paper-47-thesis"]},{"id":"paper-47-answer","kind":"perspective","parent_id":"paper-47","order":2,"epistemic_status":"argued_position","title":"Central position","summary":"Specify RA requirements and threat models precisely, verify protocol and hardware/software components with computer aid, prove their composition, and synthesize executable artifacts from checked descriptions.","source_anchor_ids":["anchor-paper-47-thesis","anchor-paper-47-methods","anchor-paper-47-agenda"]},{"id":"paper-47-scope","kind":"scope","parent_id":"paper-47","order":3,"epistemic_status":"explicit","title":"Scope of the argument","summary":"The discussion focuses on challenge-response measurement against a remote software adversary; completeness of the initial security definition itself and physical adversaries are explicitly orthogonal or excluded.","source_anchor_ids":["anchor-paper-47-model"]},{"id":"paper-47-premise","kind":"premise","parent_id":"paper-47","order":4,"epistemic_status":"argued","title":"Why RA is a tractable first target","summary":"RA has only a few messages and basic primitives such as HMAC, yet hybrid implementations expose processor, memory, interrupt, and control-flow details that manual abstractions routinely miss.","source_anchor_ids":["anchor-paper-47-model","anchor-paper-47-methods"]},{"id":"paper-47-cases-node","kind":"evidence_group","parent_id":"paper-47","order":5,"epistemic_status":"case_based_argument","title":"Failure case studies","summary":"Three examples illustrate how omitted machine details can undermine a security or correctness story.","source_anchor_ids":["anchor-paper-47-cases"]},{"id":"paper-47-case-consistency","kind":"evidence","parent_id":"paper-47-cases-node","order":1,"epistemic_status":"literature_case","title":"Temporal consistency","summary":"Interruptible hashing may combine bytes from states that never coexisted, invalidating the implicit static-input premise and enabling relocating malware.","source_anchor_ids":["anchor-paper-47-cases"]},{"id":"paper-47-case-atomicity","kind":"evidence","parent_id":"paper-47-cases-node","order":2,"epistemic_status":"architecture_case","title":"Non-instantaneous interrupt control","summary":"On some MCUs, enabling or disabling interrupts spans cycles and can itself be interrupted, so a paper assumption of instantaneous atomicity may block formal verification or security.","source_anchor_ids":["anchor-paper-47-cases"]},{"id":"paper-47-case-availability","kind":"evidence","parent_id":"paper-47-cases-node","order":3,"epistemic_status":"design_case","title":"Self-attestation denial of service","summary":"A return-address API can point back to attestation entry and combine with enforced atomicity to trap a device in an endless attestation loop; a termination proof would expose the corner case.","source_anchor_ids":["anchor-paper-47-cases"]},{"id":"paper-47-agenda-node","kind":"agenda","parent_id":"paper-47","order":6,"epistemic_status":"proposed","title":"Four-part research program","summary":"The paper separates property completeness, design verification, implementation synthesis, and heterogeneous/group attestation as distinct obligations.","source_anchor_ids":["anchor-paper-47-agenda"]},{"id":"paper-47-agenda-properties","kind":"open_problem","parent_id":"paper-47-agenda-node","order":1,"epistemic_status":"proposed","title":"Prove completeness and minimality","summary":"Establish that the chosen properties/components are sufficient and no unnecessary hardware remains, especially for minimalist hybrid RA.","source_anchor_ids":["anchor-paper-47-agenda"]},{"id":"paper-47-agenda-verification","kind":"open_problem","parent_id":"paper-47-agenda-node","order":2,"epistemic_status":"proposed","title":"End-to-end computer-aided proofs","summary":"Verify protocols and HW/SW co-designs in compatible frameworks and prove composition rather than relying on separately checked components plus manual glue.","source_anchor_ids":["anchor-paper-47-agenda"]},{"id":"paper-47-agenda-synthesis","kind":"open_problem","parent_id":"paper-47-agenda-node","order":3,"epistemic_status":"proposed","title":"Correct-by-construction executables","summary":"Extend synthesis beyond small hardware monitors and inherited HMAC binaries to the complete attestation executable and services built on it.","source_anchor_ids":["anchor-paper-47-agenda"]},{"id":"paper-47-agenda-groups","kind":"open_problem","parent_id":"paper-47-agenda-node","order":4,"epistemic_status":"proposed","title":"Group and heterogeneous RA","summary":"Derive and verify properties for multiple, possibly heterogeneous provers instead of assuming single-prover requirements compose unchanged.","source_anchor_ids":["anchor-paper-47-agenda"]},{"id":"paper-47-boundaries","kind":"limitation_group","parent_id":"paper-47","order":7,"epistemic_status":"explicit","title":"Evidentiary boundary","summary":"This is an agenda and case-based argument, not a new protocol, proof, synthesized toolchain, implementation, or empirical evaluation; feasibility is illustrated by prior systems.","source_anchor_ids":["anchor-paper-47-thesis","anchor-paper-47-methods"]},{"id":"paper-47-artifacts","kind":"artifact_group","parent_id":"paper-47","order":8,"epistemic_status":"publication_only","title":"Publication resources","summary":"Author, NSF, and DOI copies are public with local fixity. No new code or dataset is claimed by the opinion paper.","source_anchor_ids":["anchor-paper-47-thesis","anchor-paper-47-publication"]},{"id":"paper-47-scrutiny","kind":"scrutiny","parent_id":"paper-47","order":9,"epistemic_status":"venue_reviewed_opinion","title":"External scrutiny","summary":"WiSec publication and shepherd acknowledgment establish venue exposure, but the normative agenda has not been independently validated as a theorem or standard.","source_anchor_ids":["anchor-paper-47-publication"]},{"id":"paper-47-lineage","kind":"lineage","parent_id":"paper-47","order":10,"epistemic_status":"documented","title":"VRASED/HYDRA/PURE context","summary":"HYDRA illustrates verified-component reuse, VRASED advances model-checked co-design, and PURE extends it to remediation; the paper argues the broader end-to-end agenda remains unfinished.","source_anchor_ids":["anchor-paper-47-methods","anchor-paper-47-agenda"]}],"relations":[{"id":"paper-47-relation-answer-question","type":"addresses","from_id":"paper-47-answer","to_id":"paper-47-question"},{"id":"paper-47-relation-premise-answer","type":"motivates","from_id":"paper-47-premise","to_id":"paper-47-answer"},{"id":"paper-47-relation-cases-answer","type":"supports","from_id":"paper-47-cases-node","to_id":"paper-47-answer"},{"id":"paper-47-relation-consistency-cases","type":"component_of","from_id":"paper-47-case-consistency","to_id":"paper-47-cases-node"},{"id":"paper-47-relation-atomicity-cases","type":"component_of","from_id":"paper-47-case-atomicity","to_id":"paper-47-cases-node"},{"id":"paper-47-relation-availability-cases","type":"component_of","from_id":"paper-47-case-availability","to_id":"paper-47-cases-node"},{"id":"paper-47-relation-agenda-answer","type":"operationalizes","from_id":"paper-47-agenda-node","to_id":"paper-47-answer"},{"id":"paper-47-relation-scope-answer","type":"qualifies","from_id":"paper-47-scope","to_id":"paper-47-answer"},{"id":"paper-47-relation-boundaries-answer","type":"qualifies","from_id":"paper-47-boundaries","to_id":"paper-47-answer"},{"id":"paper-47-relation-lineage-paper","type":"contextualizes","from_id":"paper-47-lineage","to_id":"paper-47"}],"assessment":{"id":"paper-47-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The complete paper gives concrete architecture-level case studies and a logically separated agenda, but it is explicitly an opinion paper without new formal or experimental validation.","basis_source_anchor_ids":["anchor-paper-47-cases","anchor-paper-47-agenda"]},{"id":"auditability","level":"high","rationale":"A complete checked-in author copy with hash/page count, NSF archive copy, precise anchors, and DOI makes every represented argument inspectable.","basis_source_anchor_ids":["anchor-paper-47-thesis","anchor-paper-47-publication"]},{"id":"production_provenance","level":"medium","rationale":"Authors, venue, DOI, shepherd acknowledgment, and manuscript are documented; contribution roles, revision history, and drafting process are not.","basis_source_anchor_ids":["anchor-paper-47-thesis","anchor-paper-47-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"WiSec publication establishes editorial and venue scrutiny, but public review reports or consensus validation of the proposed agenda were not located.","basis_source_anchor_ids":["anchor-paper-47-publication"]},{"id":"reception","level":"low","rationale":"OpenAlex reported 1 citation on 2026-07-11; under the finalized rubric, 0 through 8 located citations is Low.","basis_source_anchor_ids":["anchor-paper-47-reception"]},{"id":"contribution_significance","level":"medium","rationale":"The agenda identifies concrete, consequential gaps and links them to known failures, but downstream adoption is limited in the dated citation snapshot.","basis_source_anchor_ids":["anchor-paper-47-cases","anchor-paper-47-agenda","anchor-paper-47-reception"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI lookup","citation_count":1,"source_url":"https://openalex.org/W2946516862","signals":["OpenAlex reported 1 work citing the WiSec opinion paper."],"limitation":"Citation counts vary by index/date and may undercount influence expressed through citations to VRASED, HYDRA, PURE, or the underlying case-study papers."}},"paper_48":{"schema_version":"0.1","map_id":"paper-48-map","publication_id":48,"publication_anchor":"paper-48","slug":"paper-48","canonical_path":"/knowledge/papers/paper-48/","machine_path":"/knowledge/papers/paper-48.json","root_node_id":"paper-48","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"SNUSE: A Secure Computation Approach for Large-Scale User Re-Enrollment in Biometric Authentication Systems","year":2019,"status":"Published · journal article","venue":"Future Generation Computer Systems, Volume 98","topic":"privacy-identity","labels":["Theory","Applied"],"authors":["Ivan De Oliveira Nunes","Karim Eldefrawy","Tancrède Lepoint"],"keywords":["biometric authentication","re-enrollment","fuzzy vault","MPC","secret sharing","prototype"],"research_question":"Can enterprise-scale biometric credentials be refreshed automatically after compromise, policy change, or helper-data loss without collecting users again and without centralizing their biometric templates?","central_answer":"SNUSE stores threshold shares of each biometric template on mostly offline re-enrollment servers and MPC-computes new fuzzy-vault helper data on demand. Precomputing exponentiations shifts work to enrollment, enabling rapid bulk refresh; the fingerprint/iris prototype and security analysis expose both feasibility and collusion/reusability limits.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, evidence linking, and initial assessment"}],"method":"Source-grounded review of the complete checked-in 17-page journal manuscript, including visual inspection of title, protocol, evaluation, and security pages. The design, optimization, datasets, measurements, storage analysis, and limits were read; code and experiments were not independently reproduced.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author audit. Technical interpretations, version-lineage statements, and ratings remain provisional."}},"sources":[{"id":"source-paper-48-author-pdf","type":"author_hosted_copy","title":"SNUSE: A Secure Computation Approach for Large-Scale User Re-Enrollment in Biometric Authentication Systems","url":"/pubs/2019/snuse_fgcs2019.pdf","provenance_category":"author","media_type":"application/pdf","sha256":"009da76a8753d57a38b7e27439030cc6de4ab1ff2827bd813bc77ad922ddf3cb","page_count":17},{"id":"source-paper-48-official","type":"official_publication_record","title":"Future Generation Computer Systems publication record","url":"https://doi.org/10.1016/j.future.2019.03.051","provenance_category":"official"},{"id":"source-paper-48-citations","type":"citation_index_snapshot","title":"OpenAlex work W2930399968","url":"https://openalex.org/W2930399968","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-48-problem","source_id":"source-paper-48-author-pdf","label":"Problem, SNUSE contribution, enterprise setting, and claimed novelty","locator":"Abstract and Sections 1-1.1, PDF pages 1-3","url":"/pubs/2019/snuse_fgcs2019.pdf#page=1"},{"id":"anchor-paper-48-model","source_id":"source-paper-48-author-pdf","label":"BIA, threshold sharing, MPC, and fuzzy-vault assumptions","locator":"Section 2, PDF pages 3-5","url":"/pubs/2019/snuse_fgcs2019.pdf#page=3"},{"id":"anchor-paper-48-architecture","source_id":"source-paper-48-author-pdf","label":"Parties, lifecycle, and data placement","locator":"Section 4, PDF page 6","url":"/pubs/2019/snuse_fgcs2019.pdf#page=6"},{"id":"anchor-paper-48-protocols","source_id":"source-paper-48-author-pdf","label":"Enrollment, authentication, and re-enrollment protocols","locator":"Sections 4.1-4.3, PDF pages 7-8","url":"/pubs/2019/snuse_fgcs2019.pdf#page=7"},{"id":"anchor-paper-48-mpc","source_id":"source-paper-48-author-pdf","label":"MPC helper-data computation, three multiplication strategies, and secret handling","locator":"Sections 4.4-4.5, PDF pages 8-10","url":"/pubs/2019/snuse_fgcs2019.pdf#page=8"},{"id":"anchor-paper-48-implementation","source_id":"source-paper-48-author-pdf","label":"NTL implementation and fingerprint/iris template extraction","locator":"Sections 5-5.2, PDF pages 10-12","url":"/pubs/2019/snuse_fgcs2019.pdf#page=10"},{"id":"anchor-paper-48-accuracy","source_id":"source-paper-48-author-pdf","label":"GAR/FAR experiments and public datasets","locator":"Section 5.3 and Figure 6, PDF pages 12-13","url":"/pubs/2019/snuse_fgcs2019.pdf#page=12"},{"id":"anchor-paper-48-performance","source_id":"source-paper-48-author-pdf","label":"Timing, scale, and storage evaluation","locator":"Section 6, Table 1 and Figure 7, PDF pages 13-15","url":"/pubs/2019/snuse_fgcs2019.pdf#page=13"},{"id":"anchor-paper-48-security","source_id":"source-paper-48-author-pdf","label":"Stored and execution confidentiality, collusion leakage, and reusability","locator":"Section 7, PDF pages 14-15","url":"/pubs/2019/snuse_fgcs2019.pdf#page=14"},{"id":"anchor-paper-48-conclusion","source_id":"source-paper-48-author-pdf","label":"Conclusion, measured result, and open directions","locator":"Section 8, PDF page 15","url":"/pubs/2019/snuse_fgcs2019.pdf#page=15"},{"id":"anchor-paper-48-publication","source_id":"source-paper-48-official","label":"Official journal publication identity","locator":"FGCS 98, DOI 10.1016/j.future.2019.03.051","url":"https://doi.org/10.1016/j.future.2019.03.051"},{"id":"anchor-paper-48-reception","source_id":"source-paper-48-citations","label":"Dated citation-count snapshot","locator":"OpenAlex reported 6 citing works on 2026-07-11","url":"https://openalex.org/W2930399968"}],"nodes":[{"id":"paper-48","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published_journal_article","title":"SNUSE journal paper","summary":"An expanded protocol, optimization, prototype, evaluation, and security treatment of large-scale non-interactive biometric re-enrollment.","source_anchor_ids":["anchor-paper-48-problem"]},{"id":"paper-48-question","kind":"question","parent_id":"paper-48","order":1,"epistemic_status":"research_question","title":"Research question","summary":"How can an organization refresh many biometric-bound credentials while neither storing full templates centrally nor requiring every user to return?","source_anchor_ids":["anchor-paper-48-problem"]},{"id":"paper-48-answer","kind":"contribution","parent_id":"paper-48","order":2,"epistemic_status":"implemented","title":"Central answer","summary":"Store Shamir shares at re-enrollment servers, keep only helper data at the authentication server, and MPC-generate new fuzzy vaults from those shares.","source_anchor_ids":["anchor-paper-48-architecture","anchor-paper-48-protocols"]},{"id":"paper-48-model-node","kind":"scope","parent_id":"paper-48","order":3,"epistemic_status":"defined","title":"Deployment model","summary":"One trusted reader samples templates, one AS serves routine authentication, and configurable RESs remain offline except during enrollment/re-enrollment; secure channels are assumed.","source_anchor_ids":["anchor-paper-48-architecture","anchor-paper-48-protocols"]},{"id":"paper-48-adversary","kind":"threat_model","parent_id":"paper-48","order":4,"epistemic_status":"honest_but_curious","title":"Adversary and threshold","summary":"The implementation targets honest-but-curious parties. A (K,N) sharing threshold protects stored templates against fewer than K RES compromises, with stronger simultaneous-compromise caveats during computation.","source_anchor_ids":["anchor-paper-48-model","anchor-paper-48-security"]},{"id":"paper-48-assumptions","kind":"assumption","parent_id":"paper-48","order":5,"epistemic_status":"cryptographic_and_operational","title":"Required assumptions","summary":"Security depends on Shamir privacy, fuzzy-vault security, authenticated channels, trustworthy sampling, correct implementations, and enough non-colluding RESs.","source_anchor_ids":["anchor-paper-48-model","anchor-paper-48-security"]},{"id":"paper-48-protocol-group","kind":"protocol_group","parent_id":"paper-48","order":6,"epistemic_status":"specified_and_implemented","title":"Three-phase SNUSE protocol","summary":"Initial enrollment distributes template shares and creates helper data; routine authentication opens the vault locally; re-enrollment regenerates helper data without the user.","source_anchor_ids":["anchor-paper-48-protocols"]},{"id":"paper-48-protocol-enroll","kind":"protocol","parent_id":"paper-48-protocol-group","order":1,"epistemic_status":"implemented","title":"Initial enrollment","summary":"The reader samples and shares BT; RESs choose credential material and MPC-compute helper-data shares; AS reconstructs helper data, never BT.","source_anchor_ids":["anchor-paper-48-protocols"]},{"id":"paper-48-protocol-auth","kind":"protocol","parent_id":"paper-48-protocol-group","order":2,"epistemic_status":"implemented","title":"Routine authentication","summary":"A new biometric sample and stored helper data run fuzzy-vault opening at the reader; RESs are not online.","source_anchor_ids":["anchor-paper-48-protocols"]},{"id":"paper-48-protocol-refresh","kind":"protocol","parent_id":"paper-48-protocol-group","order":3,"epistemic_status":"implemented","title":"Non-interactive re-enrollment","summary":"RESs operate on their persistent shares to compute a vault for fresh credential material, then AS reconstructs the new helper data.","source_anchor_ids":["anchor-paper-48-protocols"]},{"id":"paper-48-optimization","kind":"algorithm","parent_id":"paper-48","order":7,"epistemic_status":"implemented_and_compared","title":"MPC multiplication optimization","summary":"Three strategies trade interactive multiplications against enrollment-time precomputation and share storage; precomputing template powers minimizes online rounds and enables fast bulk refresh.","source_anchor_ids":["anchor-paper-48-mpc"]},{"id":"paper-48-implementation-node","kind":"implementation","parent_id":"paper-48","order":8,"epistemic_status":"prototype","title":"Two-modality prototype","summary":"NTL over GF(2^24), TCP processes, NBIS fingerprint minutiae, OSIRIS iris codes, polynomial fuzzy vaults, and configurable RES counts implement the full lifecycle.","source_anchor_ids":["anchor-paper-48-implementation"]},{"id":"paper-48-claims","kind":"claim_group","parent_id":"paper-48","order":9,"epistemic_status":"mixed","title":"Principal claims","summary":"SNUSE protects backend template storage below threshold, keeps regular authentication simple, and makes server-side bulk credential refresh feasible without altering the base biometric matching decision.","source_anchor_ids":["anchor-paper-48-security","anchor-paper-48-performance","anchor-paper-48-accuracy"]},{"id":"paper-48-claim-security","kind":"claim","parent_id":"paper-48-claims","order":1,"epistemic_status":"conditional_security_argument","title":"Distributed biometric confidentiality","summary":"Compromising AS yields helper data but not BT under fuzzy-vault security; fewer than K RESs yield insufficient shares; the template remains unreconstructed during normal execution.","source_anchor_ids":["anchor-paper-48-security"]},{"id":"paper-48-claim-scale","kind":"claim","parent_id":"paper-48-claims","order":2,"epistemic_status":"experimentally_supported_and_extrapolated","title":"Large-scale refresh","summary":"The reported setup averages 13.2 ms for one re-enrollment and scales linearly; 100,000 users with nine RESs are projected under five minutes and one million under one hour.","source_anchor_ids":["anchor-paper-48-performance"]},{"id":"paper-48-claim-accuracy","kind":"claim","parent_id":"paper-48-claims","order":3,"epistemic_status":"dataset_supported","title":"Biometric matching behavior","summary":"The prototype reports over 90% GAR and under 5% FAR for selected parameters; accuracy comes from feature/vault choices, while SNUSE's re-enrollment uses the same helper-data semantics.","source_anchor_ids":["anchor-paper-48-accuracy","anchor-paper-48-conclusion"]},{"id":"paper-48-evidence","kind":"evidence_group","parent_id":"paper-48","order":10,"epistemic_status":"prototype_experiments_and_analysis","title":"Evidence stack","summary":"Detailed protocol algorithms, implementation parameters, three public biometric datasets, all-pairs GAR/FAR experiments, 100-run timings, scaling trials, storage calculations, and a dedicated security section support the paper.","source_anchor_ids":["anchor-paper-48-protocols","anchor-paper-48-implementation","anchor-paper-48-accuracy","anchor-paper-48-performance","anchor-paper-48-security"]},{"id":"paper-48-boundaries","kind":"limitation_group","parent_id":"paper-48","order":11,"epistemic_status":"explicit","title":"Security and scope limits","summary":"AS plus one RES compromised simultaneously during a run can expose that run's BT when k is visible; ordinary fuzzy vaults are cross-instance linkable; malicious/covert MPC, other modalities, and reusable FE/FV support remain future work.","source_anchor_ids":["anchor-paper-48-security","anchor-paper-48-conclusion"]},{"id":"paper-48-artifacts","kind":"artifact_group","parent_id":"paper-48","order":12,"epistemic_status":"partial","title":"Reproducibility resources","summary":"Full manuscript, algorithms, parameters, environment, and public dataset names are available. Version-pinned code, processed data, raw results, and independent reproduction were not located.","source_anchor_ids":["anchor-paper-48-implementation","anchor-paper-48-performance"]},{"id":"paper-48-scrutiny","kind":"scrutiny","parent_id":"paper-48","order":13,"epistemic_status":"journal_reviewed","title":"External scrutiny","summary":"FGCS journal publication provides external review exposure; reports, artifact evaluation, and independent replication are not represented.","source_anchor_ids":["anchor-paper-48-publication"]},{"id":"paper-48-lineage","kind":"lineage","parent_id":"paper-48","order":14,"epistemic_status":"expanded_version","title":"Relation to the CSCML paper","summary":"This journal article expands paper","source_anchor_ids":["anchor-paper-48-problem","anchor-paper-48-mpc"]}],"relations":[{"id":"paper-48-relation-answer-question","type":"addresses","from_id":"paper-48-answer","to_id":"paper-48-question"},{"id":"paper-48-relation-enroll-group","type":"component_of","from_id":"paper-48-protocol-enroll","to_id":"paper-48-protocol-group"},{"id":"paper-48-relation-auth-group","type":"component_of","from_id":"paper-48-protocol-auth","to_id":"paper-48-protocol-group"},{"id":"paper-48-relation-refresh-group","type":"component_of","from_id":"paper-48-protocol-refresh","to_id":"paper-48-protocol-group"},{"id":"paper-48-relation-optimization-refresh","type":"accelerates","from_id":"paper-48-optimization","to_id":"paper-48-protocol-refresh"},{"id":"paper-48-relation-assumptions-security","type":"qualifies","from_id":"paper-48-assumptions","to_id":"paper-48-claim-security"},{"id":"paper-48-relation-adversary-security","type":"qualifies","from_id":"paper-48-adversary","to_id":"paper-48-claim-security"},{"id":"paper-48-relation-evidence-claims","type":"supports","from_id":"paper-48-evidence","to_id":"paper-48-claims"},{"id":"paper-48-relation-boundaries-claims","type":"qualifies","from_id":"paper-48-boundaries","to_id":"paper-48-claims"},{"id":"paper-48-relation-lineage-paper","type":"contextualizes","from_id":"paper-48-lineage","to_id":"paper-48"}],"assessment":{"id":"paper-48-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The complete journal paper supplies protocols, optimization alternatives, a working prototype, public-dataset accuracy tests, performance/storage evaluation, and explicit security analysis and limits.","basis_source_anchor_ids":["anchor-paper-48-protocols","anchor-paper-48-accuracy","anchor-paper-48-performance","anchor-paper-48-security"]},{"id":"auditability","level":"high","rationale":"A checked-in full author copy with SHA-256/page count, precise page anchors, and DOI makes the complete represented paper inspectable; code and raw results are not fixed here.","basis_source_anchor_ids":["anchor-paper-48-problem","anchor-paper-48-publication"]},{"id":"production_provenance","level":"medium","rationale":"Authors, journal, DOI, libraries, datasets, parameters, hardware, and experiment procedure are documented; roles, revisions, exact code version, and raw-run lineage are not.","basis_source_anchor_ids":["anchor-paper-48-publication","anchor-paper-48-implementation","anchor-paper-48-performance"]},{"id":"external_scrutiny","level":"medium","rationale":"Journal publication establishes external review, but public reports, artifact evaluation, and independent reproduction were not located.","basis_source_anchor_ids":["anchor-paper-48-publication"]},{"id":"reception","level":"low","rationale":"OpenAlex reported 6 citations on 2026-07-11; under the finalized rubric, 0 through 8 located citations is Low.","basis_source_anchor_ids":["anchor-paper-48-reception"]},{"id":"contribution_significance","level":"medium","rationale":"The work develops and validates a concrete response to a real deployment bottleneck, while security remains bounded by honest-but-curious MPC, collusion, and fuzzy-vault reusability.","basis_source_anchor_ids":["anchor-paper-48-problem","anchor-paper-48-security","anchor-paper-48-conclusion"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI lookup","citation_count":6,"source_url":"https://openalex.org/W2930399968","signals":["OpenAlex reported 6 works citing the FGCS journal article."],"limitation":"The count varies by index/date and may be split with the CSCML version; it does not establish security, deployment, or reproduction."}},"paper_49":{"schema_version":"0.1","map_id":"paper-49-map","publication_id":49,"publication_anchor":"paper-49","slug":"paper-49","canonical_path":"/knowledge/papers/paper-49/","machine_path":"/knowledge/papers/paper-49.json","root_node_id":"paper-49","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["algorithm"],"title":"Longitudinal Analysis of Misuse of Bitcoin","year":2019,"status":"Published","venue":"17th International Conference on Applied Cryptography and Network Security (ACNS)","topic":"secure-systems-networks","labels":["Applied"],"authors":["Karim Eldefrawy","Ashish Gehani","Alexandre Matton"],"keywords":["Bitcoin","dark web","longitudinal measurement","CoinJoin detection","transaction graph","cryptocurrency misuse"],"research_question":"What quantitative patterns distinguish Bitcoin addresses observed on the dark web from the broader blockchain over time, and can CoinJoin transactions be detected well enough to avoid treating mixer-induced links as ordinary counterparties?","central_answer":"The study joins the Bitcoin blockchain through May 2018 with addresses harvested from dark-web pages in 2016–2017, filters and labels those addresses, and introduces a constrained subset-search heuristic for CoinJoin detection. It reports declining dark-web address visibility, much higher activity and mixing among dark-web addresses, and concentration of associated value, while explicitly warning that crawl coverage, inherited labels, and heuristic errors preclude causal or exhaustive claims.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text data/method extraction and initial assessment"}],"method":"Source-grounded review of the complete checked-in paper, including visual inspection of title, dataset, algorithm, and results pages. Data provenance, algorithm steps, quantitative findings, and stated limitations were read; code, datasets, and calculations were not independently rerun.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author audit. Statistical interpretations, counts, and ratings remain provisional."}},"sources":[{"id":"source-paper-49-author-pdf","type":"author_hosted_copy","title":"Longitudinal Analysis of Misuse of Bitcoin","url":"/pubs/2019/btc_acns2019.pdf","provenance_category":"author","media_type":"application/pdf","sha256":"da730c6a2804ed673c22f8dc7052837cfd87c3db19b378583b24eb88c8b5bd1f","page_count":20},{"id":"source-paper-49-official","type":"official_publication_record","title":"ACNS 2019 publication record","url":"https://doi.org/10.1007/978-3-030-21568-2_13","provenance_category":"official"},{"id":"source-paper-49-citations","type":"citation_index_snapshot","title":"OpenAlex work W2947572383","url":"https://openalex.org/W2947572383","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-49-problem","source_id":"source-paper-49-author-pdf","label":"Research objective, data scale, contributions, and headline findings","locator":"Abstract and Sections 1-1.3, PDF pages 1-4","url":"/pubs/2019/btc_acns2019.pdf#page=1"},{"id":"anchor-paper-49-limitations","source_id":"source-paper-49-author-pdf","label":"Coverage, labeling, ground-truth, and heuristic limitations","locator":"Section 1.4, PDF page 4","url":"/pubs/2019/btc_acns2019.pdf#page=4"},{"id":"anchor-paper-49-bitcoin","source_id":"source-paper-49-author-pdf","label":"Bitcoin address validation and CoinJoin mechanics","locator":"Section 2, PDF pages 4-6","url":"/pubs/2019/btc_acns2019.pdf#page=4"},{"id":"anchor-paper-49-blockchain","source_id":"source-paper-49-author-pdf","label":"Blockchain time range, counts, and cross-check","locator":"Section 3.1, PDF pages 6-7","url":"/pubs/2019/btc_acns2019.pdf#page=6"},{"id":"anchor-paper-49-darkweb","source_id":"source-paper-49-author-pdf","label":"IRB-approved upstream crawl, OnionCrawler, labeling, checksum filtering, and dataset","locator":"Section 3.2, PDF pages 7-9","url":"/pubs/2019/btc_acns2019.pdf#page=7"},{"id":"anchor-paper-49-dark-results","source_id":"source-paper-49-author-pdf","label":"Dark-web address time series, active/malicious subsets, and takedown observations","locator":"Section 3.3, PDF pages 9-10","url":"/pubs/2019/btc_acns2019.pdf#page=9"},{"id":"anchor-paper-49-heuristic","source_id":"source-paper-49-author-pdf","label":"CoinJoin conditions, constrained subset search, fee bounds, and pseudocode","locator":"Sections 4-4.1 and Algorithm 1, PDF pages 10-14","url":"/pubs/2019/btc_acns2019.pdf#page=10"},{"id":"anchor-paper-49-mixing-results","source_id":"source-paper-49-author-pdf","label":"Heuristic runtime, approximation boundary, and CoinJoin prevalence","locator":"Section 4.2, PDF page 14","url":"/pubs/2019/btc_acns2019.pdf#page=14"},{"id":"anchor-paper-49-neighborhood","source_id":"source-paper-49-author-pdf","label":"Transaction-graph construction and whole-chain statistics","locator":"Section 5.1 and Tables 3-4, PDF pages 14-16","url":"/pubs/2019/btc_acns2019.pdf#page=14"},{"id":"anchor-paper-49-comparison","source_id":"source-paper-49-author-pdf","label":"Dark-web neighborhood comparison and interpretation cautions","locator":"Section 5.2 and Tables 5-8, PDF pages 16-18","url":"/pubs/2019/btc_acns2019.pdf#page=16"},{"id":"anchor-paper-49-future","source_id":"source-paper-49-author-pdf","label":"Future cross-chain, attribution, and synchronization analyses","locator":"Section 6, PDF pages 18-19","url":"/pubs/2019/btc_acns2019.pdf#page=18"},{"id":"anchor-paper-49-publication","source_id":"source-paper-49-official","label":"Official peer-reviewed publication identity","locator":"ACNS 2019, DOI 10.1007/978-3-030-21568-2_13","url":"https://doi.org/10.1007/978-3-030-21568-2_13"},{"id":"anchor-paper-49-reception","source_id":"source-paper-49-citations","label":"Dated citation-count snapshot","locator":"OpenAlex reported 8 citing works on 2026-07-11","url":"https://openalex.org/W2947572383"}],"nodes":[{"id":"paper-49","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published_empirical_study","title":"Longitudinal Bitcoin misuse analysis","summary":"A blockchain/dark-web measurement study with a new CoinJoin heuristic and explicit caveats about observation, labels, and missing ground truth.","source_anchor_ids":["anchor-paper-49-problem"]},{"id":"paper-49-question","kind":"question","parent_id":"paper-49","order":1,"epistemic_status":"research_question","title":"Research question","summary":"How prevalent and behaviorally distinctive is suspicious Bitcoin activity visible on dark-web pages, after accounting for mixer-generated transaction graph noise?","source_anchor_ids":["anchor-paper-49-problem"]},{"id":"paper-49-answer","kind":"contribution","parent_id":"paper-49","order":2,"epistemic_status":"empirically_supported","title":"Central answer","summary":"Observed dark-web addresses are more active, more connected, and more likely to mix than random blockchain addresses, but the sample measures public crawl visibility rather than all misuse.","source_anchor_ids":["anchor-paper-49-dark-results","anchor-paper-49-mixing-results","anchor-paper-49-comparison"]},{"id":"paper-49-data","kind":"dataset_group","parent_id":"paper-49","order":3,"epistemic_status":"constructed_from_public_and_prior_data","title":"Joined longitudinal datasets","summary":"The analysis combines a nearly complete public blockchain window with candidate addresses extracted from an independently collected and labeled dark-web crawl.","source_anchor_ids":["anchor-paper-49-blockchain","anchor-paper-49-darkweb"]},{"id":"paper-49-data-chain","kind":"dataset","parent_id":"paper-49-data","order":1,"epistemic_status":"public_ledger_observation","title":"Bitcoin blockchain through May 2018","summary":"The study analyzes 397,301,155 unique active addresses and 316,386,663 transactions from genesis through May 2018, cross-checking aggregate counts against Blockchain.info.","source_anchor_ids":["anchor-paper-49-blockchain"]},{"id":"paper-49-data-dark","kind":"dataset","parent_id":"paper-49-data","order":2,"epistemic_status":"sampled_and_inherited_labels","title":"Dark-web address corpus","summary":"OnionCrawler ran twice daily from June 2016 to December 2017; checksum filtering reduces about 2.3 million candidates to 2,093,568 valid addresses, of which 47,697 carry selected suspicious/malicious tags.","source_anchor_ids":["anchor-paper-49-darkweb","anchor-paper-49-dark-results"]},{"id":"paper-49-measurement-model","kind":"scope","parent_id":"paper-49","order":4,"epistemic_status":"observational","title":"What is measured","summary":"An address inherits an onion page's labels, and activity is inferred from public transactions. This establishes associations and behaviors, not wallet ownership, intent, legal status, or causal effects.","source_anchor_ids":["anchor-paper-49-darkweb","anchor-paper-49-limitations"]},{"id":"paper-49-algorithm","kind":"algorithm","parent_id":"paper-49","order":5,"epistemic_status":"specified_and_executed","title":"CoinJoin identification heuristic","summary":"The algorithm detects repeated equal-valued outputs, checks participant/input consistency, then uses a fee-bounded depth-first subset search to assign inputs to participant outputs.","source_anchor_ids":["anchor-paper-49-heuristic"]},{"id":"paper-49-algorithm-bound","kind":"algorithmic_limit","parent_id":"paper-49-algorithm","order":1,"epistemic_status":"explicit_approximation","title":"NP-hard search and large-input shortcut","summary":"Subset allocation is NP-hard; transactions with over 17 inputs that pass the first filters are labeled CoinJoin without exhaustive search, creating an explicit false-positive/false-negative boundary.","source_anchor_ids":["anchor-paper-49-heuristic","anchor-paper-49-mixing-results"]},{"id":"paper-49-graph","kind":"method","parent_id":"paper-49","order":6,"epistemic_status":"specified","title":"Neighborhood analysis","summary":"Addresses are vertices and sender/receiver co-occurrence creates undirected edges; inferred CoinJoins are excluded from selected neighborhood calculations because mixer participants are not ordinary counterparties.","source_anchor_ids":["anchor-paper-49-neighborhood"]},{"id":"paper-49-claims","kind":"claim_group","parent_id":"paper-49","order":7,"epistemic_status":"descriptive_empirical","title":"Main quantitative findings","summary":"Findings describe the sampled windows and classification rules; they are not estimates of all illicit cryptocurrency use.","source_anchor_ids":["anchor-paper-49-problem","anchor-paper-49-dark-results","anchor-paper-49-comparison"]},{"id":"paper-49-claim-trend","kind":"claim","parent_id":"paper-49-claims","order":1,"epistemic_status":"observed_association","title":"Decline aligned with market takedowns","summary":"Monthly addresses seen on the dark web decline over the sample and show drops during known market-takedown periods; the paper does not claim the takedowns are the sole cause.","source_anchor_ids":["anchor-paper-49-dark-results"]},{"id":"paper-49-claim-mixing","kind":"claim","parent_id":"paper-49-claims","order":2,"epistemic_status":"heuristic_supported","title":"Higher observed CoinJoin participation","summary":"The heuristic marks 0.4% of all addresses but 2.3% of dark-web addresses as CoinJoin participants, approximately a fivefold difference.","source_anchor_ids":["anchor-paper-49-mixing-results"]},{"id":"paper-49-claim-activity","kind":"claim","parent_id":"paper-49-claims","order":3,"epistemic_status":"dataset_supported","title":"Higher connectivity and transaction volume","summary":"Dark-web addresses have much higher neighbor and activity distributions than the full chain, although public visibility and service/exchange addresses can strongly bias that comparison.","source_anchor_ids":["anchor-paper-49-comparison"]},{"id":"paper-49-claim-concentration","kind":"claim","parent_id":"paper-49-claims","order":4,"epistemic_status":"dataset_supported","title":"Concentrated associated value","summary":"Within the dark-web-associated set, 2,828 addresses account for 99% of held bitcoin; this does not mean those addresses are controlled by dark-web operators.","source_anchor_ids":["anchor-paper-49-dark-results","anchor-paper-49-comparison"]},{"id":"paper-49-evidence","kind":"evidence_group","parent_id":"paper-49","order":8,"epistemic_status":"large_scale_observational","title":"Evidence stack","summary":"Public-ledger data, twice-daily dark-web crawling, inherited and partially manually verified labels, address checksums, a specified heuristic, transaction graphs, descriptive statistics, and temporal comparisons support the findings.","source_anchor_ids":["anchor-paper-49-blockchain","anchor-paper-49-darkweb","anchor-paper-49-heuristic","anchor-paper-49-comparison"]},{"id":"paper-49-boundaries","kind":"limitation_group","parent_id":"paper-49","order":9,"epistemic_status":"explicit","title":"Validity limits","summary":"Crawl coverage is incomplete; labels come from prior page classification; address visibility favors popular services; ownership and ground truth are missing; mixer detection is heuristic; privacy coins and activity after the windows are outside scope.","source_anchor_ids":["anchor-paper-49-limitations","anchor-paper-49-comparison","anchor-paper-49-future"]},{"id":"paper-49-artifacts","kind":"artifact_group","parent_id":"paper-49","order":10,"epistemic_status":"partial","title":"Reproducibility resources","summary":"The paper provides pseudocode, date ranges, counts, tag lists, and methodology. This audit did not locate public code, the derived address/tag corpus, query outputs, or a fixed analysis environment.","source_anchor_ids":["anchor-paper-49-darkweb","anchor-paper-49-heuristic"]},{"id":"paper-49-scrutiny","kind":"scrutiny","parent_id":"paper-49","order":11,"epistemic_status":"venue_reviewed_and_irb_upstream","title":"External scrutiny","summary":"ACNS publication establishes venue review; the upstream crawl received SRI IRB approval. Neither is equivalent to independent statistical reproduction or label validation.","source_anchor_ids":["anchor-paper-49-darkweb","anchor-paper-49-publication"]},{"id":"paper-49-lineage","kind":"lineage","parent_id":"paper-49","order":12,"epistemic_status":"open_directions","title":"Follow-on analysis directions","summary":"The paper proposes extending the design across other cryptocurrencies, entity/geographic attribution sources, and synchronized cross-chain activity.","source_anchor_ids":["anchor-paper-49-future"]}],"relations":[{"id":"paper-49-relation-answer-question","type":"addresses","from_id":"paper-49-answer","to_id":"paper-49-question"},{"id":"paper-49-relation-chain-data","type":"component_of","from_id":"paper-49-data-chain","to_id":"paper-49-data"},{"id":"paper-49-relation-dark-data","type":"component_of","from_id":"paper-49-data-dark","to_id":"paper-49-data"},{"id":"paper-49-relation-data-claims","type":"supports","from_id":"paper-49-data","to_id":"paper-49-claims"},{"id":"paper-49-relation-algorithm-mixing","type":"supports","from_id":"paper-49-algorithm","to_id":"paper-49-claim-mixing"},{"id":"paper-49-relation-algorithm-graph","type":"filters","from_id":"paper-49-algorithm","to_id":"paper-49-graph"},{"id":"paper-49-relation-model-claims","type":"qualifies","from_id":"paper-49-measurement-model","to_id":"paper-49-claims"},{"id":"paper-49-relation-evidence-claims","type":"supports","from_id":"paper-49-evidence","to_id":"paper-49-claims"},{"id":"paper-49-relation-boundaries-claims","type":"limits","from_id":"paper-49-boundaries","to_id":"paper-49-claims"},{"id":"paper-49-relation-lineage-paper","type":"contextualizes","from_id":"paper-49-lineage","to_id":"paper-49"}],"assessment":{"id":"paper-49-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The paper analyzes hundreds of millions of ledger observations and millions of crawl candidates with documented collection, filtering, algorithm, statistics, and limitations; missing ground truth and heuristic error constrain interpretation.","basis_source_anchor_ids":["anchor-paper-49-blockchain","anchor-paper-49-darkweb","anchor-paper-49-heuristic","anchor-paper-49-limitations"]},{"id":"auditability","level":"high","rationale":"A complete checked-in paper with hash/page count, precise method/result anchors, and DOI is inspectable. The derived corpus, code, and raw analysis outputs are not available in this map.","basis_source_anchor_ids":["anchor-paper-49-problem","anchor-paper-49-publication"]},{"id":"production_provenance","level":"medium","rationale":"Authors, venue, funding, DOI, data windows, upstream IRB status, collection tool, and analysis procedures are documented; contributor roles, code revision, derived-data fixity, and run lineage are not.","basis_source_anchor_ids":["anchor-paper-49-darkweb","anchor-paper-49-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"ACNS review and upstream IRB oversight provide external process checks, but public peer reports, artifact evaluation, and independent reproduction were not located.","basis_source_anchor_ids":["anchor-paper-49-darkweb","anchor-paper-49-publication"]},{"id":"reception","level":"low","rationale":"OpenAlex reported 8 citations on 2026-07-11; under the finalized rubric, 0 through 8 located citations is Low.","basis_source_anchor_ids":["anchor-paper-49-reception"]},{"id":"contribution_significance","level":"medium","rationale":"The work contributes a large longitudinal joined dataset analysis and independent CoinJoin heuristic, while missing ground truth and unavailable artifacts limit certainty and reuse.","basis_source_anchor_ids":["anchor-paper-49-problem","anchor-paper-49-limitations"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI lookup","citation_count":8,"source_url":"https://openalex.org/W2947572383","signals":["OpenAlex reported 8 works citing the ACNS paper."],"limitation":"The count varies by index/date and does not indicate independent reproduction, data reuse, or validation of the CoinJoin classifier."}},"paper_5":{"schema_version":"0.1","map_id":"paper-5-map","publication_id":5,"publication_anchor":"paper-5","slug":"paper-5","canonical_path":"/knowledge/papers/paper-5/","machine_path":"/knowledge/papers/paper-5.json","root_node_id":"paper-5","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":[],"title":"BotTorrent: Misusing BitTorrent to Launch DDoS Attacks","year":2007,"venue":"USENIX Steps to Reducing Unwanted Traffic on the Internet (SRUTI)","topic":"secure-systems-networks","labels":["Applied"],"authors":["Karim Eldefrawy","Minas Gjoka","Athina Markopoulou"],"keywords":["BitTorrent","DDoS","protocol abuse"],"research_question":"Can an attacker convert ordinary BitTorrent clients into a distributed denial-of-service source against an arbitrary nonparticipant, and how severe is that abuse in a real Internet experiment?","central_answer":"Yes. A malicious torrent can list a victim as one of multiple trackers while a modified tracker advertises an attractive swarm. Because clients repeatedly contact listed trackers without first authenticating a BitTorrent endpoint, legitimate peers send traffic to the victim. Small proof-of-concept experiments observed tens of thousands of source addresses and sustained connection load, while also exposing protocol-level defenses and their availability tradeoffs.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, evidence linking, and initial assessment"}],"method":"Full-source audit of the checked-in official USENIX paper and conference record.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-drafted, source-linked map awaiting author verification before approval."}},"sources":[{"id":"source-paper-5-paper","type":"official_full_text","title":"BotTorrent: Misusing BitTorrent to Launch DDoS Attacks","url":"/pubs/2007/bottorrent-sruti2007.pdf","media_type":"application/pdf","sha256":"37d3de8bcb6bfed3181cd6d95e6306a40192258d82b53b82f2042f2810ab2f01","page_count":6,"provenance_category":"official","version_note":"Official USENIX-hosted workshop paper; local copy checked 2026-07-11."},{"id":"source-paper-5-official","type":"official_publication_record","title":"USENIX paper page","url":"https://www.usenix.org/conference/sruti-07/bottorrent-misusing-bittorrent-launch-ddos-attacks"},{"id":"source-paper-5-citations","type":"citation_search","title":"Dated scholarly-web citation search","url":"https://scholar.google.com/scholar?q=%22BotTorrent%3A+Misusing+BitTorrent+to+Launch+DDoS+Attacks%22","version_note":"Search attempted 2026-07-11; no transparent citation count was retrievable in this environment."}],"source_anchors":[{"id":"anchor-paper-5-problem","source_id":"source-paper-5-paper","label":"Problem, contribution, and scope","locator":"Abstract and Section 1, PDF page 1","url":"/pubs/2007/bottorrent-sruti2007.pdf#page=1"},{"id":"anchor-paper-5-attack","source_id":"source-paper-5-paper","label":"Attack taxonomy and multi-tracker exploit","locator":"Section 3 and Table 1, PDF pages 2-3","url":"/pubs/2007/bottorrent-sruti2007.pdf#page=2"},{"id":"anchor-paper-5-setup","source_id":"source-paper-5-paper","label":"Internet experiment design and safeguards","locator":"Section 4.1, PDF page 3","url":"/pubs/2007/bottorrent-sruti2007.pdf#page=3"},{"id":"anchor-paper-5-results","source_id":"source-paper-5-paper","label":"Attack volume, duration, and source spread","locator":"Section 4.2, Table 2, and Figures 3-7, PDF pages 3-5","url":"/pubs/2007/bottorrent-sruti2007.pdf#page=3"},{"id":"anchor-paper-5-defenses","source_id":"source-paper-5-paper","label":"Proposed fixes and tradeoffs","locator":"Section 5, PDF page 5","url":"/pubs/2007/bottorrent-sruti2007.pdf#page=5"},{"id":"anchor-paper-5-boundaries","source_id":"source-paper-5-paper","label":"Comparison, limitations, and conclusion","locator":"Sections 6-7, PDF page 6","url":"/pubs/2007/bottorrent-sruti2007.pdf#page=6"},{"id":"anchor-paper-5-publication","source_id":"source-paper-5-official","label":"Official publication and full-text provenance","locator":"USENIX SRUTI 2007 paper page","url":"https://www.usenix.org/conference/sruti-07/bottorrent-misusing-bittorrent-launch-ddos-attacks"},{"id":"anchor-paper-5-citation-search","source_id":"source-paper-5-citations","label":"Citation search attempted","locator":"Exact-title search, 2026-07-11; no verified count retrieved","url":"https://scholar.google.com/scholar?q=%22BotTorrent%3A+Misusing+BitTorrent+to+Launch+DDoS+Attacks%22"}],"nodes":[{"id":"paper-5","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"BotTorrent","summary":"An empirical security study showing that BitTorrent's multi-tracker behavior can redirect legitimate clients into a DDoS attack against an arbitrary host.","source_anchor_ids":["anchor-paper-5-problem","anchor-paper-5-publication"]},{"id":"paper-5-question","kind":"question","parent_id":"paper-5","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can unauthenticated BitTorrent coordination metadata be weaponized at Internet scale without compromising or infecting the clients?","source_anchor_ids":["anchor-paper-5-problem"]},{"id":"paper-5-answer","kind":"contribution","parent_id":"paper-5","order":2,"epistemic_status":"experimentally_demonstrated","title":"Central answer","summary":"A torrent can pair one responsive modified tracker with victim addresses in its tracker list, causing clients to contact a host that neither joined the swarm nor runs BitTorrent.","source_anchor_ids":["anchor-paper-5-attack","anchor-paper-5-results"]},{"id":"paper-5-mechanism","kind":"mechanism","parent_id":"paper-5","order":3,"epistemic_status":"demonstrated","title":"Multi-tracker redirection","summary":"The attacker publishes attractive torrents whose first tracker returns fabricated swarm statistics and whose remaining tracker entries name the victim; the missing peer-to-tracker handshake prevents clients from recognizing the victim as a non-tracker.","source_anchor_ids":["anchor-paper-5-attack"]},{"id":"paper-5-taxonomy","kind":"taxonomy","parent_id":"paper-5","order":4,"epistemic_status":"specified","title":"Four attack forms","summary":"The paper distinguishes announcing the victim as a peer, listing it as a centralized tracker, spoofing it into the DHT, and combinations; the experiments focus on the more potent tracker-list method.","source_anchor_ids":["anchor-paper-5-attack"]},{"id":"paper-5-evidence","kind":"evidence_group","parent_id":"paper-5","order":5,"epistemic_status":"real_world_proof_of_concept","title":"Internet experiment","summary":"Twenty-five deliberately small torrents targeted an author-controlled UCI host. Traffic was captured with tcpdump while torrent count, open/closed ports, and a combined peer-announcement variant were varied.","source_anchor_ids":["anchor-paper-5-setup","anchor-paper-5-results"]},{"id":"paper-5-result-scale","kind":"result","parent_id":"paper-5-evidence","order":1,"epistemic_status":"measured","title":"Sustained connection and traffic load","summary":"The strongest experiment reports 58,046 unique IP addresses, roughly 1,400 attempted TCP connections per second on average, and 176.69 Kbps average incoming traffic with a 482.81 Kbps maximum over multiple days.","source_anchor_ids":["anchor-paper-5-results"]},{"id":"paper-5-result-spread","kind":"result","parent_id":"paper-5-evidence","order":2,"epistemic_status":"measured","title":"Highly distributed sources","summary":"About 87% of observed source addresses lay in different /24 networks and 12% in different /16 networks, weakening simple victim-gateway source filtering.","source_anchor_ids":["anchor-paper-5-results"]},{"id":"paper-5-defenses","kind":"mitigation","parent_id":"paper-5","order":6,"epistemic_status":"proposed_not_evaluated","title":"Protocol and publication defenses","summary":"Clients can validate tracker responses and back off from non-trackers; torrent sites can test or constrain tracker lists and deter automated uploads. These controls trade openness, redundancy, and load balancing for security.","source_anchor_ids":["anchor-paper-5-defenses"]},{"id":"paper-5-boundaries","kind":"limitation_group","parent_id":"paper-5","order":7,"epistemic_status":"material","title":"Interpretation limits","summary":"The study intentionally limited its own attack volume and evaluated a 2007 centralized multi-tracker ecosystem. Larger-scale damage is an extrapolation, not an experiment, and implementation diversity affects both attack and defense.","source_anchor_ids":["anchor-paper-5-setup","anchor-paper-5-boundaries"]},{"id":"paper-5-artifacts","kind":"artifact","parent_id":"paper-5","order":8,"epistemic_status":"paper_available_no_dataset","title":"Artifacts","summary":"The official full text is fixed locally. The modified tracker, torrent corpus, packet logs, and analysis scripts were not located as public artifacts.","source_anchor_ids":["anchor-paper-5-setup","anchor-paper-5-publication"]},{"id":"paper-5-scrutiny","kind":"scrutiny","parent_id":"paper-5","order":9,"epistemic_status":"peer_reviewed","title":"Scrutiny and lineage","summary":"The study appeared at USENIX SRUTI 2007, compares its method with an earlier peer-announcement attack, and documents ethical scale restraint; no independent reproduction was located.","source_anchor_ids":["anchor-paper-5-boundaries","anchor-paper-5-publication"]}],"relations":[{"id":"paper-5-relation-mechanism-realizes-answer","type":"realizes","from_id":"paper-5-mechanism","to_id":"paper-5-answer"},{"id":"paper-5-relation-taxonomy-context","type":"contextualizes","from_id":"paper-5-taxonomy","to_id":"paper-5-mechanism"},{"id":"paper-5-relation-evidence-supports-answer","type":"supports","from_id":"paper-5-evidence","to_id":"paper-5-answer"},{"id":"paper-5-relation-scale-supports-answer","type":"supports","from_id":"paper-5-result-scale","to_id":"paper-5-answer"},{"id":"paper-5-relation-spread-supports-answer","type":"supports","from_id":"paper-5-result-spread","to_id":"paper-5-answer"},{"id":"paper-5-relation-defenses-mitigate","type":"mitigates","from_id":"paper-5-defenses","to_id":"paper-5-mechanism"},{"id":"paper-5-relation-boundaries-qualify","type":"qualifies","from_id":"paper-5-boundaries","to_id":"paper-5-answer"}],"assessment":{"id":"paper-5-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The attack is specified and demonstrated on the public Internet with a controlled victim, four experiments, packet measurements, and concrete quantitative results; scale extrapolations remain separate from measurements.","basis_source_anchor_ids":["anchor-paper-5-attack","anchor-paper-5-setup","anchor-paper-5-results","anchor-paper-5-boundaries"]},{"id":"auditability","level":"high","rationale":"The official full text is checked in with page count and hash, making methods, measurements, and caveats inspectable, though raw traces and code are unavailable.","basis_source_anchor_ids":["anchor-paper-5-results","anchor-paper-5-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, official provenance, experimental host, instrumentation, and support are documented; author roles, revision history, and raw-data lineage are not.","basis_source_anchor_ids":["anchor-paper-5-setup","anchor-paper-5-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"The work has an official USENIX workshop publication record; public reviews and an independent reproduction were not located.","basis_source_anchor_ids":["anchor-paper-5-publication"]},{"id":"reception","level":"low","rationale":"No citations were verifiably located in the constrained dated search. Under the author's 0-8 rule this is low, but it is not a claim that the paper has no citations.","basis_source_anchor_ids":["anchor-paper-5-citation-search"]},{"id":"contribution_significance","level":"high","rationale":"The paper demonstrates a protocol-abuse path that redirects uncompromised clients, quantifies its distribution and persistence, and derives concrete defenses with explicit tradeoffs.","basis_source_anchor_ids":["anchor-paper-5-problem","anchor-paper-5-results","anchor-paper-5-defenses"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"Exact-title scholarly-web search; transparent index count unavailable","source":"Google Scholar query route plus general scholarly-web search","citation_count":0,"signals":[],"limitation":"Zero means no citations were verifiably located during this constrained search, not a total bibliometric count; author should replace it with a confirmed index snapshot."}},"paper_50":{"schema_version":"0.1","map_id":"paper-50-map","publication_id":50,"publication_anchor":"paper-50","slug":"vrased","canonical_path":"/knowledge/papers/paper-50/","machine_path":"/knowledge/papers/paper-50.json","root_node_id":"paper-50","stage":"author_approved","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"VRASED: A Verified Hardware/Software Co-Design for Remote Attestation","short_title":"VRASED","year":2019,"venue":"28th USENIX Security Symposium","topic":"secure-systems-networks","labels":["Applied","System","Implementation","Formal Verification"],"authors":["Ivan De Oliveira Nunes","Karim Eldefrawy","Norrathep Rattanavipanon","Michael Steiner","Gene Tsudik"],"keywords":["remote attestation","formal verification","embedded systems","model checking","hardware/software co-design","verified system","FPGA implementation"],"research_question":"Can a low-end embedded device obtain strong, formally stated remote-attestation guarantees with only a small amount of additional hardware?","central_answer":"VRASED combines verified HMAC software with a small hardware monitor, then connects component properties to end-to-end soundness and security under explicit MCU, compiler, cryptographic, and physical-attack assumptions.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"source extraction, evidence linking, and initial assessment"}],"method":"Source-grounded review of the checked-in paper, its public artifact repository, the official publication record, and a later independent adversarial analysis.","source_scope":"full_source_audit","approval":{"status":"approved","approved_at":"2026-07-11","approved_by":{"actor_type":"human","name":"Karim Eldefrawy","role":"author"},"note":"Reviewed and approved by the author for publication on this website."}},"sources":[{"id":"source-vrased-paper","type":"scholarly_article","title":"VRASED: A Verified Hardware/Software Co-Design for Remote Attestation","url":"/pubs/2019/vrased_usenixsec2019.pdf","media_type":"application/pdf","sha256":"de6f64b83ff5f4397a8b2d9ad58f72ec33f6760860c66e95ef487390e16c5cc2","page_count":18},{"id":"source-usenix-record","type":"publication_record","title":"USENIX Security 2019 paper page","url":"https://www.usenix.org/conference/usenixsecurity19/presentation/de-oliveira-nunes"},{"id":"source-vrased-repository","type":"code_repository","title":"VRASED source code, verification specifications, and proofs","url":"https://github.com/sprout-uci/vrased","version_note":"Public repository cited by the paper; no immutable revision has yet been pinned in this map."},{"id":"source-mind-the-gap","type":"independent_analysis","title":"Mind the Gap: Studying the Insecurity of Provably Secure Embedded Trusted Execution Architectures","url":"https://jovanbulck.github.io/files/oakland22-gap.pdf","year":2022},{"id":"source-vrased-openalex","type":"citation_index_snapshot","title":"OpenAlex record W2965443102","url":"https://openalex.org/W2965443102","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-problem-novelty","source_id":"source-vrased-paper","label":"Problem, contribution, and priority claims","locator":"Abstract and Section 1, PDF page 1","url":"/pubs/2019/vrased_usenixsec2019.pdf#page=1"},{"id":"anchor-paper-threat-model","source_id":"source-vrased-paper","label":"Adversarial capabilities, axioms A1-A7, and exclusions","locator":"Section 3.1, PDF pages 4-5","url":"/pubs/2019/vrased_usenixsec2019.pdf#page=4"},{"id":"anchor-paper-properties","source_id":"source-vrased-paper","label":"Secure-attestation properties P1-P7","locator":"Section 3.2 and Figure 2, PDF page 5","url":"/pubs/2019/vrased_usenixsec2019.pdf#page=5"},{"id":"anchor-paper-verification-method","source_id":"source-vrased-paper","label":"LTL, NuSMV, Verilog2SMV, and composition workflow","locator":"Sections 3.3-3.4 and Figures 4-5, PDF page 6","url":"/pubs/2019/vrased_usenixsec2019.pdf#page=6"},{"id":"anchor-paper-soundness","source_id":"source-vrased-paper","label":"End-to-end soundness definition","locator":"Section 4.2, Definition 1, PDF page 7","url":"/pubs/2019/vrased_usenixsec2019.pdf#page=7"},{"id":"anchor-paper-security","source_id":"source-vrased-paper","label":"RA security game and SW-Att boundary","locator":"Section 4.2, Definition 2 and Figure 6, PDF page 8","url":"/pubs/2019/vrased_usenixsec2019.pdf#page=8"},{"id":"anchor-paper-ltl-enforcement","source_id":"source-vrased-paper","label":"LTL enforcement for access control, atomicity, confidentiality, DMA, and reset","locator":"Sections 4.4-4.9, PDF pages 9-11","url":"/pubs/2019/vrased_usenixsec2019.pdf#page=9"},{"id":"anchor-paper-implementation","source_id":"source-vrased-paper","label":"OpenMSP430 and FPGA implementation","locator":"Section 6.1, PDF page 12","url":"/pubs/2019/vrased_usenixsec2019.pdf#page=12"},{"id":"anchor-paper-evaluation","source_id":"source-vrased-paper","label":"Verification results, overhead, and performance","locator":"Sections 6.2-6.4 and Tables 2-4, PDF page 13","url":"/pubs/2019/vrased_usenixsec2019.pdf#page=13"},{"id":"anchor-paper-conclusion","source_id":"source-vrased-paper","label":"Claimed significance, portability, and future directions","locator":"Sections 7-8, PDF pages 14-15","url":"/pubs/2019/vrased_usenixsec2019.pdf#page=14"},{"id":"anchor-paper-formal-proofs","source_id":"source-vrased-paper","label":"Soundness and security proof chain","locator":"Appendix A, Theorems 1-2, PDF pages 16-18","url":"/pubs/2019/vrased_usenixsec2019.pdf#page=16"},{"id":"anchor-usenix-publication","source_id":"source-usenix-record","label":"Official peer-reviewed publication record","locator":"USENIX Security 2019","url":"https://www.usenix.org/conference/usenixsecurity19/presentation/de-oliveira-nunes"},{"id":"anchor-repository-artifacts","source_id":"source-vrased-repository","label":"Public implementation, build instructions, verification specifications, and proof artifacts","locator":"Repository README, accessed 2026-07-11","url":"https://github.com/sprout-uci/vrased"},{"id":"anchor-repository-boundary-response","source_id":"source-vrased-repository","label":"Author response clarifying the verified module, integration assumptions, and prototype changes","locator":"Repository README: A Note on the Extent of VRASED Verification, accessed 2026-07-11","url":"https://github.com/sprout-uci/vrased#a-note-on-the-extent-of-vrased-verification"},{"id":"anchor-mind-gap-context","source_id":"source-mind-the-gap","label":"Independent description of VRASED's formal model, trusted boundaries, and research lineage","locator":"Sections I-II, PDF pages 2-4","url":"https://jovanbulck.github.io/files/oakland22-gap.pdf#page=2"},{"id":"anchor-mind-gap-attacks","source_id":"source-mind-the-gap","label":"Independent adversarial analysis of gaps between formal models and concrete implementations","locator":"Abstract and contributions, PDF pages 1-2","url":"https://jovanbulck.github.io/files/oakland22-gap.pdf#page=1"},{"id":"anchor-vrased-citations","source_id":"source-vrased-openalex","label":"Dated citation-count snapshot","locator":"OpenAlex reported 89 citing works for the USENIX record when accessed 2026-07-11","url":"https://openalex.org/W2965443102"}],"nodes":[{"id":"paper-50","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"VRASED","summary":"A formally specified hardware/software architecture for remote attestation on low-end embedded devices, accompanied by proofs, model checking, a public implementation, and FPGA evaluation.","source_anchor_ids":["anchor-paper-problem-novelty"]},{"id":"paper-50-question","kind":"question","parent_id":"paper-50","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can remote attestation for a constrained MCU be both practical and connected to explicit end-to-end soundness and security definitions?","source_anchor_ids":["anchor-paper-problem-novelty"]},{"id":"paper-50-answer","kind":"contribution","parent_id":"paper-50","order":2,"epistemic_status":"source_asserted","title":"Central answer","summary":"Use verified HMAC software for the attestation computation and a small verified hardware monitor to enforce key protection, safe execution, and reset policies.","source_anchor_ids":["anchor-paper-problem-novelty","anchor-paper-verification-method"]},{"id":"paper-50-scope","kind":"scope","parent_id":"paper-50","order":3,"epistemic_status":"explicitly_scoped","title":"Scope, adversary, and assumptions","summary":"The guarantees concern software-controlled attacks on a low-end MCU and hold only when the stated machine, compiler, cryptographic, and hardware boundaries are satisfied.","source_anchor_ids":["anchor-paper-threat-model","anchor-paper-security"]},{"id":"paper-50-scope-adversary","kind":"threat_model","parent_id":"paper-50-scope","order":1,"epistemic_status":"defined","title":"Software adversary","summary":"The adversary controls all untrusted software and writable data, can relocate malware, and can control DMA, but cannot modify protected ROM or directly bypass HW-Mod.","source_anchor_ids":["anchor-paper-threat-model","anchor-paper-security"]},{"id":"paper-50-scope-axioms","kind":"assumption","parent_id":"paper-50-scope","order":2,"epistemic_status":"assumed","title":"Axioms A1-A7","summary":"The proof trusts accurate PC, memory, DMA, reset, and interrupt signals, plus compiler register cleanup and semantic preservation from verified C to assembly.","source_anchor_ids":["anchor-paper-threat-model","anchor-paper-formal-proofs"]},{"id":"paper-50-scope-exclusions","kind":"limitation","parent_id":"paper-50-scope","order":3,"epistemic_status":"explicitly_excluded","title":"Excluded attacks and components","summary":"Physical attacks, induced hardware faults, physical side channels, and verification of the complete MCU implementation are outside the proved model.","source_anchor_ids":["anchor-paper-threat-model"]},{"id":"paper-50-architecture","kind":"method","parent_id":"paper-50","order":4,"epistemic_status":"implemented","title":"Architecture and enforcement path","summary":"The design composes a trusted software attestation routine with hardware state machines that watch execution and force reset on policy violations.","source_anchor_ids":["anchor-paper-properties","anchor-paper-verification-method"]},{"id":"paper-50-architecture-sw-att","kind":"component","parent_id":"paper-50-architecture","order":1,"epistemic_status":"partially_machine_checked","title":"SW-Att","summary":"HACL* HMAC-SHA256 derives a challenge-specific key and authenticates the requested memory region; HACL* supplies inherited F* proofs, while mapping those guarantees into VRASED's model is manual.","source_anchor_ids":["anchor-paper-security"]},{"id":"paper-50-architecture-hw-mod","kind":"component","parent_id":"paper-50-architecture","order":2,"epistemic_status":"model_checked","title":"HW-Mod","summary":"Hardware monitors observe program-counter, memory, interrupt, DMA, and reset signals; FSMs enforce LTL policies and reset the MCU when a policy is violated.","source_anchor_ids":["anchor-paper-verification-method","anchor-paper-ltl-enforcement"]},{"id":"paper-50-architecture-properties","kind":"definition","parent_id":"paper-50-architecture","order":3,"epistemic_status":"defined","title":"Required properties P1-P7","summary":"Key access control, no leakage, secure reset, functional correctness, immutability, atomicity, and controlled invocation are the bridge from components to remote-attestation guarantees.","source_anchor_ids":["anchor-paper-properties"]},{"id":"paper-50-claims","kind":"claim_group","parent_id":"paper-50","order":5,"epistemic_status":"mixed","title":"Principal claims","summary":"The paper makes formal claims about a stated model, an empirical claim about concrete overhead, and a priority claim about first-of-kind verification.","source_anchor_ids":["anchor-paper-soundness","anchor-paper-security","anchor-paper-evaluation"]},{"id":"paper-50-claim-soundness","kind":"claim","parent_id":"paper-50-claims","order":1,"epistemic_status":"machine_checked_within_model","title":"End-to-end soundness","summary":"SW-Att returns a temporally consistent HMAC of the attested memory as it existed when attestation began, conditional on the stated model and trusted boundaries.","source_anchor_ids":["anchor-paper-soundness","anchor-paper-formal-proofs"]},{"id":"paper-50-claim-security","kind":"claim","parent_id":"paper-50-claims","order":2,"epistemic_status":"proved_conditional","title":"End-to-end security","summary":"A polynomial-time software adversary cannot forge a valid report for a different memory state except with negligible probability, assuming a secure HMAC and the machine/compiler axioms.","source_anchor_ids":["anchor-paper-security","anchor-paper-formal-proofs"]},{"id":"paper-50-claim-overhead","kind":"claim","parent_id":"paper-50-claims","order":3,"epistemic_status":"experimentally_supported","title":"Practical overhead","summary":"The standard FPGA design adds 6.3% logic cells and reports approximately 3.6 million cycles, or 450 ms at 8 MHz, to attest 4 KB.","source_anchor_ids":["anchor-paper-evaluation"]},{"id":"paper-50-evidence","kind":"evidence_group","parent_id":"paper-50","order":6,"epistemic_status":"documented","title":"Evidence chain","summary":"The evidence combines inherited software proofs, model-checked hardware properties, compositional reasoning, public artifacts, and FPGA measurements.","source_anchor_ids":["anchor-paper-verification-method","anchor-paper-evaluation","anchor-paper-formal-proofs"]},{"id":"paper-50-evidence-formal","kind":"evidence","parent_id":"paper-50-evidence","order":1,"epistemic_status":"machine_checked_and_proved","title":"Formal verification path","summary":"NuSMV checks the hardware LTL properties and composition; Spot checks stated LTL implications; the final HMAC security reduction is a conditional paper proof rather than a wholly machine-checked proof.","source_anchor_ids":["anchor-paper-verification-method","anchor-paper-formal-proofs"]},{"id":"paper-50-evidence-implementation","kind":"evidence","parent_id":"paper-50-evidence","order":2,"epistemic_status":"implemented_and_measured","title":"Prototype and measurements","summary":"The authors synthesize an OpenMSP430-based implementation for a Basys3 Artix-7 FPGA and report model-checker resources, hardware cost, memory, and attestation time.","source_anchor_ids":["anchor-paper-implementation","anchor-paper-evaluation"]},{"id":"paper-50-evidence-artifacts","kind":"artifact","parent_id":"paper-50-evidence","order":3,"epistemic_status":"publicly_available","title":"Public code and proof artifacts","summary":"The public repository includes source, build instructions, Verilog modules, verification specifications, scripts, and soundness/security proof material; this map has not pinned a commit or independently reproduced it.","source_anchor_ids":["anchor-repository-artifacts"]},{"id":"paper-50-boundaries","kind":"limitation_group","parent_id":"paper-50","order":7,"epistemic_status":"material","title":"Trusted boundary and limitations","summary":"The strongest guarantees apply to the formalized module and model; moving from verified source and FSMs to a concrete MCU/FPGA system introduces trusted steps.","source_anchor_ids":["anchor-paper-threat-model","anchor-paper-formal-proofs"]},{"id":"paper-50-boundary-compiler","kind":"limitation","parent_id":"paper-50-boundaries","order":1,"epistemic_status":"assumed","title":"Compiler and timing preservation","summary":"msp430-gcc is trusted to preserve functional semantics and register cleanup; preservation of HACL* timing properties by the compiler and MCU is also assumed.","source_anchor_ids":["anchor-paper-threat-model","anchor-paper-formal-proofs"]},{"id":"paper-50-boundary-core","kind":"limitation","parent_id":"paper-50-boundaries","order":2,"epistemic_status":"unverified_integration","title":"MCU core and integration","summary":"The whole OpenMSP430 core and its concrete integration are not verified; implementers must establish that each target MCU satisfies the abstract signal and reset axioms.","source_anchor_ids":["anchor-paper-threat-model","anchor-repository-boundary-response"]},{"id":"paper-50-boundary-physical","kind":"limitation","parent_id":"paper-50-boundaries","order":3,"epistemic_status":"out_of_scope","title":"Physical and availability attacks","summary":"Physical hardware attacks are excluded, and the base design does not authenticate verifier requests; the paper discusses an optional authenticated variant to reduce request-flooding risk.","source_anchor_ids":["anchor-paper-threat-model","anchor-paper-formal-proofs"]},{"id":"paper-50-scrutiny","kind":"scrutiny","parent_id":"paper-50","order":8,"epistemic_status":"independently_examined","title":"Independent scrutiny and correction context","summary":"Later researchers examined the gap between VRASED's formal model and its concrete openMSP430 instantiation, and the VRASED repository records a scoped response and prototype changes.","source_anchor_ids":["anchor-mind-gap-attacks","anchor-repository-boundary-response"]},{"id":"paper-50-scrutiny-analysis","kind":"counterevidence","parent_id":"paper-50-scrutiny","order":1,"epistemic_status":"independently_reported","title":"Mind the Gap analysis","summary":"The 2022 study reports attacks against concrete implementations and argues that formal guarantees do not automatically transfer across unmodeled assumptions and integration steps.","source_anchor_ids":["anchor-mind-gap-context","anchor-mind-gap-attacks"]},{"id":"paper-50-scrutiny-response","kind":"response","parent_id":"paper-50-scrutiny","order":2,"epistemic_status":"author_response","title":"VRASED repository response","summary":"The maintainers state that reported issues do not falsify properties of the verified RA module; they distinguish integration violations, out-of-model hardware changes, and an unverified fork, and report changes to the sample instantiation.","source_anchor_ids":["anchor-repository-boundary-response"]},{"id":"paper-50-lineage","kind":"lineage","parent_id":"paper-50","order":9,"epistemic_status":"documented","title":"Significance and research lineage","summary":"VRASED presents a first-of-kind verified hybrid remote-attestation architecture and became a basis for follow-on architectures and independent examination of how proofs meet real systems.","source_anchor_ids":["anchor-paper-conclusion","anchor-mind-gap-context","anchor-repository-artifacts"]}],"relations":[{"id":"relation-formal-supports-soundness","type":"supports","from_id":"paper-50-evidence-formal","to_id":"paper-50-claim-soundness"},{"id":"relation-formal-supports-security","type":"supports","from_id":"paper-50-evidence-formal","to_id":"paper-50-claim-security"},{"id":"relation-measurements-support-overhead","type":"supports","from_id":"paper-50-evidence-implementation","to_id":"paper-50-claim-overhead"},{"id":"relation-axioms-qualify-soundness","type":"qualifies","from_id":"paper-50-scope-axioms","to_id":"paper-50-claim-soundness"},{"id":"relation-axioms-qualify-security","type":"qualifies","from_id":"paper-50-scope-axioms","to_id":"paper-50-claim-security"},{"id":"relation-analysis-challenges-transfer","type":"challenges","from_id":"paper-50-scrutiny-analysis","to_id":"paper-50-answer"},{"id":"relation-response-qualifies-analysis","type":"qualifies","from_id":"paper-50-scrutiny-response","to_id":"paper-50-scrutiny-analysis"}],"assessment":{"id":"paper-50-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"author_approved","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"Strong formal and empirical evidence supports the stated model, but crucial transfer steps to the concrete compiler, MCU, and integration are assumed; later adversarial work found implementation-level gaps.","basis_source_anchor_ids":["anchor-paper-verification-method","anchor-paper-formal-proofs","anchor-paper-evaluation","anchor-mind-gap-attacks"]},{"id":"auditability","level":"high","rationale":"An author-hosted paper, implementation, verification specifications, scripts, and proof material are public and documented, making the work directly inspectable; auditability is high. The map has not pinned an immutable repository revision or recorded an independent full reproduction.","basis_source_anchor_ids":["anchor-repository-artifacts","anchor-paper-evaluation"]},{"id":"production_provenance","level":"medium","rationale":"The record documents named authorship and the publication or review status of the paper, establishing a baseline human and lifecycle provenance trail. Contributor roles, revision and effort history, AI or tool use, artifact-version lineage, and explicit final approval have not yet been audited, so this provisional medium rating should not be read as complete production provenance.","basis_source_anchor_ids":["anchor-paper-problem-novelty","anchor-repository-artifacts"]},{"id":"external_scrutiny","level":"high","rationale":"The work passed conference review, exposes public artifacts, received detailed independent adversarial examination, and has a public response that records scope distinctions and prototype changes.","basis_source_anchor_ids":["anchor-usenix-publication","anchor-mind-gap-attacks","anchor-repository-boundary-response"]},{"id":"reception","level":"high","rationale":"OpenAlex reported 89 citations for the USENIX record on 2026-07-11. Under the author-defined corpus rule, 11 or more located citations is High; follow-on architectures, outside analysis, and an independent reimplementation add qualitative evidence, but neither count nor uptake establishes correctness.","basis_source_anchor_ids":["anchor-vrased-citations","anchor-mind-gap-context","anchor-repository-artifacts"]},{"id":"contribution_significance","level":"high","rationale":"The paper introduced a first-of-kind verified hybrid remote-attestation architecture and helped establish a research line around both verified low-end security architectures and the limits of transferring proofs to implementations.","basis_source_anchor_ids":["anchor-paper-problem-novelty","anchor-paper-conclusion","anchor-mind-gap-context"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex exact-title record plus qualitative lineage audit","citation_count":89,"source_url":"https://openalex.org/W2965443102","signals":["OpenAlex reported 89 works citing the USENIX publication record.","The public repository identifies PURE and APEX as follow-on architectures.","The independent Mind the Gap study describes VRASED as part of a mature research project with several derived architectures and an outside reimplementation."],"limitation":"The count is index- and date-dependent, may include self-citations, and does not merge the separate arXiv record; citation and lineage signals do not establish correctness, deployment breadth, or complete independent reproduction."}},"paper_51":{"schema_version":"0.1","map_id":"paper-51-map","publication_id":51,"publication_anchor":"paper-51","slug":"paper-51","canonical_path":"/knowledge/papers/paper-51/","machine_path":"/knowledge/papers/paper-51.json","root_node_id":"paper-51","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol","scheme"],"title":"A High-Assurance Evaluator for Machine-Checked Secure Multiparty Computation","year":2019,"status":"Published","venue":"26th ACM Conference on Computer and Communications Security (CCS)","topic":"secure-encrypted-computation","labels":["Theory","Applied"],"authors":["Karim Eldefrawy","Vitor Pereira"],"keywords":["secure multiparty computation","proactive security","EasyCrypt","machine-checked proof","verified extraction","OCaml"],"research_question":"Can multiparty and proactive secure-computation protocols against active adversaries be specified and proved in a proof assistant, then turned into executable code while keeping the security argument modular and the performance usable?","central_answer":"The paper builds reusable EasyCrypt abstractions for secret sharing and MPC, proves real/ideal security and sequential-composition lemmas, instantiates them with Shamir/Pedersen, BGW-style arithmetic, refresh/recover, and gradual secret sharing, and extracts OCaml through a new EasyCrypt-to-Why3 toolchain. Microbenchmarks show feasibility while exposing an explicit trusted base of unverified arithmetic, randomness, decoder, and translation components.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text formal-method extraction, proof-boundary mapping, and initial assessment"}],"method":"Source-grounded review of the complete 48-page author/ePrint version, including visual inspection of title, proof architecture, extraction pipeline, and benchmark pages. Theorems, security experiments, instantiations, extraction path, trusted computing base, and measurements were read; EasyCrypt scripts and generated executables were not independently run.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author audit. Formal interpretations, implementation-boundary statements, and ratings remain provisional."}},"sources":[{"id":"source-paper-51-author-pdf","type":"author_hosted_copy","title":"A High-Assurance Evaluator for Machine-Checked Secure Multiparty Computation","url":"/pubs/2019/verif-mpc_ccs2019.pdf","provenance_category":"author","media_type":"application/pdf","sha256":"ab815efb0a8793e59af6f80b848746801dfb25c5dbfa092fbce68a0c8578fce3","page_count":48},{"id":"source-paper-51-official","type":"official_publication_record","title":"ACM CCS 2019 publication record","url":"https://doi.org/10.1145/3319535.3354205","provenance_category":"official"},{"id":"source-paper-51-eprint","type":"public_archive_record","title":"IACR ePrint 2019/922","url":"https://eprint.iacr.org/2019/922","provenance_category":"archive"},{"id":"source-paper-51-citations","type":"citation_index_snapshot","title":"OpenAlex work W2986715259","url":"https://openalex.org/W2986715259","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-51-problem","source_id":"source-paper-51-author-pdf","label":"Problem, gaps in prior work, contributions, and evaluator overview","locator":"Abstract and Sections 1-1.3, PDF pages 1-5","url":"/pubs/2019/verif-mpc_ccs2019.pdf#page=1"},{"id":"anchor-paper-51-model","source_id":"source-paper-51-author-pdf","label":"Secret sharing, BGW arithmetic, refresh periods, and proactive MPC model","locator":"Section 2, PDF page 6","url":"/pubs/2019/verif-mpc_ccs2019.pdf#page=6"},{"id":"anchor-paper-51-proof-overview","source_id":"source-paper-51-author-pdf","label":"Abstract/concrete proof architecture and code scale","locator":"Sections 3-3.1, PDF pages 6-8","url":"/pubs/2019/verif-mpc_ccs2019.pdf#page=6"},{"id":"anchor-paper-51-theorem","source_id":"source-paper-51-author-pdf","label":"Evaluator security reduction and Theorem 1","locator":"Section 3.1, Theorem 1, PDF pages 7-8","url":"/pubs/2019/verif-mpc_ccs2019.pdf#page=7"},{"id":"anchor-paper-51-sharing","source_id":"source-paper-51-author-pdf","label":"Abstract sharing, integrity, commitments, VSS, Shamir/Pedersen, and gradual PSS","locator":"Section 3.2, PDF pages 8-13","url":"/pubs/2019/verif-mpc_ccs2019.pdf#page=8"},{"id":"anchor-paper-51-mpc","source_id":"source-paper-51-author-pdf","label":"Private/random/proactive functionalities, real/ideal games, and corruption oracles","locator":"Section 3.3, PDF pages 13-16","url":"/pubs/2019/verif-mpc_ccs2019.pdf#page=13"},{"id":"anchor-paper-51-composition","source_id":"source-paper-51-author-pdf","label":"Sequential composition lemmas and concrete add/mul/refresh/recover protocols","locator":"Sections 3.3-3.4, PDF pages 15-18","url":"/pubs/2019/verif-mpc_ccs2019.pdf#page=15"},{"id":"anchor-paper-51-extraction","source_id":"source-paper-51-author-pdf","label":"EasyCrypt-to-WhyML translation and Why3-to-OCaml extraction","locator":"Section 4 and Figure 19, PDF pages 19-22","url":"/pubs/2019/verif-mpc_ccs2019.pdf#page=19"},{"id":"anchor-paper-51-tcb","source_id":"source-paper-51-author-pdf","label":"Abstracted finite fields, groups, randomness, Reed-Solomon decoder, and translation boundary","locator":"Sections 1.3, 4, and 5, PDF pages 5, 19-22","url":"/pubs/2019/verif-mpc_ccs2019.pdf#page=5"},{"id":"anchor-paper-51-implementation","source_id":"source-paper-51-author-pdf","label":"Extracted implementations, benchmark environment, and Charm comparison","locator":"Section 5, PDF pages 22-25","url":"/pubs/2019/verif-mpc_ccs2019.pdf#page=22"},{"id":"anchor-paper-51-benchmarks","source_id":"source-paper-51-author-pdf","label":"Secret-sharing and MPC microbenchmarks across party/field sizes","locator":"Section 5 and Tables 2-4, PDF pages 24-26","url":"/pubs/2019/verif-mpc_ccs2019.pdf#page=24"},{"id":"anchor-paper-51-limits","source_id":"source-paper-51-author-pdf","label":"Non-UC scope, performance-comparison limits, and future work","locator":"Sections 1.2-1.3, 5, and 7, PDF pages 4-5, 25-27","url":"/pubs/2019/verif-mpc_ccs2019.pdf#page=4"},{"id":"anchor-paper-51-appendices","source_id":"source-paper-51-author-pdf","label":"Polynomial library, security definitions, and concrete protocol specifications","locator":"Appendices A-D, PDF pages 33-48","url":"/pubs/2019/verif-mpc_ccs2019.pdf#page=33"},{"id":"anchor-paper-51-publication","source_id":"source-paper-51-official","label":"Official peer-reviewed publication identity","locator":"CCS 2019, DOI 10.1145/3319535.3354205","url":"https://doi.org/10.1145/3319535.3354205"},{"id":"anchor-paper-51-eprint","source_id":"source-paper-51-eprint","label":"Public full-version archive identity","locator":"IACR ePrint 2019/922","url":"https://eprint.iacr.org/2019/922"},{"id":"anchor-paper-51-reception","source_id":"source-paper-51-citations","label":"Dated citation-count snapshot","locator":"OpenAlex reported 7 citing works on 2026-07-11","url":"https://openalex.org/W2986715259"}],"nodes":[{"id":"paper-51","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"High-assurance MPC evaluator","summary":"A machine-checked modular security development and extraction toolchain for executable secret-sharing and proactive MPC components, paired with microbenchmarks and explicit TCB limits.","source_anchor_ids":["anchor-paper-51-problem"]},{"id":"paper-51-question","kind":"question","parent_id":"paper-51","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can active/proactive multiparty protocols be proved end-to-end in EasyCrypt and converted into executable evaluators without abandoning modularity or practical performance?","source_anchor_ids":["anchor-paper-51-problem"]},{"id":"paper-51-answer","kind":"contribution","parent_id":"paper-51","order":2,"epistemic_status":"machine_checked_and_extracted","title":"Central answer","summary":"Prove generic security once at abstract interfaces, discharge concrete instantiation obligations, then translate executable operators to WhyML and use Why3 extraction to produce OCaml.","source_anchor_ids":["anchor-paper-51-proof-overview","anchor-paper-51-extraction"]},{"id":"paper-51-model-node","kind":"threat_model","parent_id":"paper-51","order":3,"epistemic_status":"formally_modeled","title":"Passive, static-active, and proactive adversaries","summary":"Real/ideal experiments expose corrupt, corruptInput, and abort oracles; proactive security allows a changing corrupted set but requires refresh and recovery before accumulated views become useful.","source_anchor_ids":["anchor-paper-51-model","anchor-paper-51-mpc"]},{"id":"paper-51-assumptions","kind":"assumption","parent_id":"paper-51","order":4,"epistemic_status":"explicit","title":"Cryptographic and execution assumptions","summary":"Active security uses Pedersen-style commitments and DDH; protocol operation assumes the represented communication model, while concrete execution trusts field/group arithmetic, randomness, and Reed-Solomon implementations.","source_anchor_ids":["anchor-paper-51-problem","anchor-paper-51-sharing","anchor-paper-51-tcb"]},{"id":"paper-51-framework","kind":"formal_framework","parent_id":"paper-51","order":5,"epistemic_status":"machine_checked","title":"Abstract reusable EasyCrypt framework","summary":"Approximately 2K lines define abstract secret-sharing and MPC interfaces; approximately 7K more instantiate them, including about 1K lines of protocol specifications.","source_anchor_ids":["anchor-paper-51-proof-overview"]},{"id":"paper-51-sharing-node","kind":"scheme_group","parent_id":"paper-51-framework","order":1,"epistemic_status":"machine_checked","title":"Secret-sharing hierarchy","summary":"The framework separates passive privacy, share integrity, and malicious/verifiable security, proving that commitments plus integrity-preserving sharing construct VSS.","source_anchor_ids":["anchor-paper-51-sharing"]},{"id":"paper-51-mpc-node","kind":"protocol_group","parent_id":"paper-51-framework","order":2,"epistemic_status":"machine_checked","title":"MPC functionality hierarchy","summary":"Deterministic/private protocols compute arithmetic, random protocols rerandomize shares, and proactive protocols recover corrupted parties into fresh states.","source_anchor_ids":["anchor-paper-51-mpc"]},{"id":"paper-51-composition-node","kind":"theorem_group","parent_id":"paper-51-framework","order":3,"epistemic_status":"machine_checked","title":"Sequential composition lemmas","summary":"Machine-checked lemmas establish malicious-after-malicious, random-after-malicious, and proactive-after-random security, allowing evaluator proofs to be assembled from subprotocol proofs.","source_anchor_ids":["anchor-paper-51-composition"]},{"id":"paper-51-theorem-node","kind":"theorem","parent_id":"paper-51","order":6,"epistemic_status":"machine_checked","title":"Evaluator reduction theorem","summary":"Theorem 1 upper-bounds an adversary's proactive distinguishing advantage against the evaluator by advantages against its VSS and proactive-MPC components, with efficient simulators/reductions.","source_anchor_ids":["anchor-paper-51-theorem"]},{"id":"paper-51-instantiations","kind":"implementation_group","parent_id":"paper-51","order":7,"epistemic_status":"formalized_and_extracted","title":"Concrete protocol instantiations","summary":"The development includes Shamir sharing, Pedersen commitments, VSS, additive/batch/gradual sharing, BGW-style addition and multiplication, and refresh/recover protocols.","source_anchor_ids":["anchor-paper-51-sharing","anchor-paper-51-composition","anchor-paper-51-appendices"]},{"id":"paper-51-evaluator","kind":"protocol","parent_id":"paper-51-instantiations","order":1,"epistemic_status":"machine_checked_and_extracted","title":"Arithmetic-circuit evaluator","summary":"Parties share private inputs, locally add, synchronize for multiplication and degree reduction, periodically refresh/recover, then reconstruct the output.","source_anchor_ids":["anchor-paper-51-problem","anchor-paper-51-model"]},{"id":"paper-51-gradual","kind":"scheme","parent_id":"paper-51-instantiations","order":2,"epistemic_status":"machine_checked_and_extracted","title":"Gradual dishonest-majority PSS","summary":"An additive-summand/batch-sharing construction from the earlier dishonest-majority PSS line is formalized and used as the extraction example; it is distinct from the honest-majority BGW MPC instantiation.","source_anchor_ids":["anchor-paper-51-sharing","anchor-paper-51-extraction"]},{"id":"paper-51-extraction-node","kind":"toolchain","parent_id":"paper-51","order":8,"epistemic_status":"implemented_with_unverified_translation","title":"EasyCrypt → WhyML → OCaml","summary":"A syntactic translator maps executable EasyCrypt operators into WhyML, after which Why3's verified extraction generates OCaml; only OCaml is evaluated, though the architecture could target other languages.","source_anchor_ids":["anchor-paper-51-extraction"]},{"id":"paper-51-claims","kind":"claim_group","parent_id":"paper-51","order":9,"epistemic_status":"mixed_formal_and_empirical","title":"Principal claims","summary":"The paper claims machine-checked modular security, first-of-kind active BGW verification/extraction, feasible executable performance, and reuse of the abstract framework.","source_anchor_ids":["anchor-paper-51-problem","anchor-paper-51-theorem","anchor-paper-51-benchmarks"]},{"id":"paper-51-claim-security","kind":"claim","parent_id":"paper-51-claims","order":1,"epistemic_status":"machine_checked_within_model","title":"Modular real/ideal security","summary":"EasyCrypt checks the reductions and composition claims for the modeled protocols and instantiations; guarantees remain conditional on model fidelity and trusted abstract components.","source_anchor_ids":["anchor-paper-51-theorem","anchor-paper-51-composition"]},{"id":"paper-51-claim-executable","kind":"claim","parent_id":"paper-51-claims","order":2,"epistemic_status":"high_assurance_not_fully_verified_end_to_end","title":"Extracted executable correspondence","summary":"Why3 extraction preserves the translated WhyML program, while the EasyCrypt-to-WhyML translator is intentionally simple but not itself proved correct; external libraries remain in the TCB.","source_anchor_ids":["anchor-paper-51-extraction","anchor-paper-51-tcb"]},{"id":"paper-51-claim-performance","kind":"claim","parent_id":"paper-51-claims","order":3,"epistemic_status":"microbenchmark_supported","title":"Feasible but non-optimized performance","summary":"Benchmarks cover 5, 9, and 15 parties and 128–1024-bit fields. Passive operations are fast; malicious multiplication/refresh/recovery grow sharply, reaching seconds for larger parameters.","source_anchor_ids":["anchor-paper-51-implementation","anchor-paper-51-benchmarks"]},{"id":"paper-51-evidence","kind":"evidence_group","parent_id":"paper-51","order":10,"epistemic_status":"machine_checked_proofs_code_and_benchmarks","title":"Evidence stack","summary":"EasyCrypt definitions/proofs, explicit theorem reductions, code excerpts, a polynomial library, protocol appendices, generated WhyML/OCaml examples, and 100-run median microbenchmarks provide complementary evidence.","source_anchor_ids":["anchor-paper-51-theorem","anchor-paper-51-appendices","anchor-paper-51-extraction","anchor-paper-51-benchmarks"]},{"id":"paper-51-tcb-node","kind":"limitation","parent_id":"paper-51","order":11,"epistemic_status":"explicit_trusted_base","title":"Trusted computing base","summary":"Finite-field and cyclic-group implementations (Zarith/CryptoKit), randomness, OpenSSL-generated parameters, an external Reed-Solomon decoder, OCaml toolchain, and unverified EasyCrypt-to-WhyML translation sit outside the machine-checked core.","source_anchor_ids":["anchor-paper-51-tcb","anchor-paper-51-implementation"]},{"id":"paper-51-boundaries","kind":"limitation_group","parent_id":"paper-51","order":12,"epistemic_status":"explicit","title":"Formal and evaluation boundaries","summary":"The proof is not UC; BGW active corruption is static rather than adaptive; network/broadcast semantics and low-level libraries are not fully verified; only OCaml and microbenchmarks are evaluated; optimized MPC frameworks are not compared directly.","source_anchor_ids":["anchor-paper-51-limits"]},{"id":"paper-51-artifacts","kind":"artifact_group","parent_id":"paper-51","order":13,"epistemic_status":"paper_and_archive_available","title":"Artifacts and reproducibility","summary":"Full author/ePrint versions, extensive code excerpts, and dependency URLs are public. This audit did not locate a version-pinned repository containing every EasyCrypt proof, translator, generated program, and benchmark harness.","source_anchor_ids":["anchor-paper-51-eprint","anchor-paper-51-appendices"]},{"id":"paper-51-scrutiny","kind":"scrutiny","parent_id":"paper-51","order":14,"epistemic_status":"top_venue_and_machine_checked","title":"External scrutiny","summary":"ACM CCS review and machine checking supply distinct scrutiny layers, but public review reports, independent proof reruns, and reproduction of extracted executables were not located.","source_anchor_ids":["anchor-paper-51-publication","anchor-paper-51-eprint"]},{"id":"paper-51-lineage","kind":"lineage","parent_id":"paper-51","order":15,"epistemic_status":"documented","title":"Proactive-security lineage and future direction","summary":"The work formalizes components from dishonest-majority PSS and BGW, then identifies adaptive adversaries, dynamic/asynchronous groups, UC security, SPDZ/GMW, verified libraries, and verified communication as follow-on obligations.","source_anchor_ids":["anchor-paper-51-sharing","anchor-paper-51-limits"]}],"relations":[{"id":"paper-51-relation-answer-question","type":"addresses","from_id":"paper-51-answer","to_id":"paper-51-question"},{"id":"paper-51-relation-sharing-framework","type":"component_of","from_id":"paper-51-sharing-node","to_id":"paper-51-framework"},{"id":"paper-51-relation-mpc-framework","type":"component_of","from_id":"paper-51-mpc-node","to_id":"paper-51-framework"},{"id":"paper-51-relation-composition-framework","type":"component_of","from_id":"paper-51-composition-node","to_id":"paper-51-framework"},{"id":"paper-51-relation-framework-theorem","type":"supports","from_id":"paper-51-framework","to_id":"paper-51-theorem-node"},{"id":"paper-51-relation-instantiations-theorem","type":"instantiates","from_id":"paper-51-instantiations","to_id":"paper-51-theorem-node"},{"id":"paper-51-relation-evaluator-instantiations","type":"component_of","from_id":"paper-51-evaluator","to_id":"paper-51-instantiations"},{"id":"paper-51-relation-gradual-instantiations","type":"component_of","from_id":"paper-51-gradual","to_id":"paper-51-instantiations"},{"id":"paper-51-relation-extraction-executable","type":"supports","from_id":"paper-51-extraction-node","to_id":"paper-51-claim-executable"},{"id":"paper-51-relation-theorem-security","type":"supports","from_id":"paper-51-theorem-node","to_id":"paper-51-claim-security"},{"id":"paper-51-relation-tcb-security","type":"qualifies","from_id":"paper-51-tcb-node","to_id":"paper-51-claim-security"},{"id":"paper-51-relation-tcb-executable","type":"qualifies","from_id":"paper-51-tcb-node","to_id":"paper-51-claim-executable"},{"id":"paper-51-relation-evidence-claims","type":"supports","from_id":"paper-51-evidence","to_id":"paper-51-claims"},{"id":"paper-51-relation-boundaries-claims","type":"qualifies","from_id":"paper-51-boundaries","to_id":"paper-51-claims"},{"id":"paper-51-relation-lineage-paper","type":"contextualizes","from_id":"paper-51-lineage","to_id":"paper-51"}],"assessment":{"id":"paper-51-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The full version supplies machine-checked definitions, reductions, composition lemmas, concrete instantiations, extraction examples, explicit TCB limits, and systematic microbenchmarks.","basis_source_anchor_ids":["anchor-paper-51-theorem","anchor-paper-51-composition","anchor-paper-51-extraction","anchor-paper-51-benchmarks"]},{"id":"auditability","level":"high","rationale":"A checked-in full author copy with hash/page count, IACR archive, DOI, precise theorem/code/benchmark anchors, and extensive appendices make the represented work inspectable.","basis_source_anchor_ids":["anchor-paper-51-problem","anchor-paper-51-eprint","anchor-paper-51-publication"]},{"id":"production_provenance","level":"medium","rationale":"Authors, venue, DOI/ePrint, proof/code scale, toolchain, dependencies, compiler, hardware, and benchmark procedure are documented; roles, revisions, exact repository commits, proof logs, and generated artifact hashes are not.","basis_source_anchor_ids":["anchor-paper-51-publication","anchor-paper-51-extraction","anchor-paper-51-implementation"]},{"id":"external_scrutiny","level":"high","rationale":"ACM CCS review and machine checking offer strong but different scrutiny surfaces; independent reruns, artifact evaluation status, and public review reports were not located.","basis_source_anchor_ids":["anchor-paper-51-publication","anchor-paper-51-eprint","anchor-paper-51-theorem"]},{"id":"reception","level":"low","rationale":"OpenAlex reported 7 citations on 2026-07-11; under the finalized rubric, 0 through 8 located citations is Low.","basis_source_anchor_ids":["anchor-paper-51-reception"]},{"id":"contribution_significance","level":"high","rationale":"The paper crosses from machine-checked multiparty security arguments to extracted executable protocols against active/proactive adversaries and exposes the remaining end-to-end TCB, a substantial methodological contribution despite modest dated citation count.","basis_source_anchor_ids":["anchor-paper-51-problem","anchor-paper-51-theorem","anchor-paper-51-tcb"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI lookup","citation_count":7,"source_url":"https://openalex.org/W2986715259","signals":["OpenAlex reported 7 works citing the CCS paper."],"limitation":"Citation counts vary by index/date, may include self-citations, and do not establish independent proof reruns or adoption of the extraction toolchain."}},"paper_52":{"schema_version":"0.1","map_id":"paper-52-map","publication_id":52,"publication_anchor":"paper-52","slug":"paper-52","canonical_path":"/knowledge/papers/paper-52/","machine_path":"/knowledge/papers/paper-52.json","root_node_id":"paper-52","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol","scheme"],"title":"Communication-Efficient Proactive Secret Sharing for Dynamic Groups with Dishonest Majorities","year":2020,"status":"Published","venue":"18th International Conference on Applied Cryptography and Network Security (ACNS)","topic":"secure-encrypted-computation","labels":["Theory"],"authors":["Karim Eldefrawy","Tancrède Lepoint","Antonin Leroux"],"keywords":["proactive secret sharing","dynamic groups","dishonest majority","bivariate polynomials"],"research_question":"Can proactive secret sharing simultaneously tolerate a mobile dishonest majority, batch many secrets without a linear threshold loss, reduce communication, and redistribute shares as the participant set changes?","central_answer":"The paper builds a computationally secure dynamic proactive secret-sharing scheme from bivariate-polynomial batching, gradual reconstruction, and dedicated increase/decrease protocols. For batches of up to n minus 2 secrets it reports O(n squared) amortized communication per secret, while preserving mixed-adversary secrecy and fairness under explicitly stated thresholds.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, formal-claim mapping, and initial assessment"}],"method":"Complete review of the 53-page checked-in manuscript, including its definitions, protocols, theorem statements, supplementary security proofs, and visual inspection of the title page and a protocol/theorem page. Claims below distinguish theorem statements from implementation or deployment evidence, neither of which the paper supplies.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author verification. Threshold transcriptions and interpretations should be checked against the source before approval."}},"sources":[{"id":"source-paper-52-author-pdf","type":"author_hosted_copy","title":"Communication-Efficient Proactive Secret Sharing for Dynamic Groups with Dishonest Majorities","url":"/pubs/2020/pssdgdm_acns2020.pdf","provenance_category":"author","media_type":"application/pdf","sha256":"48669813efeca12ddb68c1996e13e475131660748cfeff3512de42fa37a36a54","page_count":53},{"id":"source-paper-52-official","type":"official_publication_record","title":"ACNS 2020 publisher record","url":"https://doi.org/10.1007/978-3-030-57808-4_1","provenance_category":"official"},{"id":"source-paper-52-archive","type":"public_archive_record","title":"IACR ePrint 2019/1383","url":"https://eprint.iacr.org/2019/1383","provenance_category":"archive"},{"id":"source-paper-52-citations","type":"citation_index_snapshot","title":"OpenAlex work W3003915831","url":"https://api.openalex.org/works/W3003915831","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-52-problem","source_id":"source-paper-52-author-pdf","label":"Problem, contributions, and asymptotic comparison","locator":"Abstract and Sections 1.2-1.4, PDF pages 1-7","url":"/pubs/2020/pssdgdm_acns2020.pdf#page=1"},{"id":"anchor-paper-52-model","source_id":"source-paper-52-author-pdf","label":"Network, mixed adversary, and security properties","locator":"Sections 2.1-2.3, PDF pages 7-10","url":"/pubs/2020/pssdgdm_acns2020.pdf#page=7"},{"id":"anchor-paper-52-assumptions","source_id":"source-paper-52-author-pdf","label":"Commitments and bivariate-polynomial assumptions","locator":"Sections 2.4-2.5, PDF pages 10-11","url":"/pubs/2020/pssdgdm_acns2020.pdf#page=10"},{"id":"anchor-paper-52-batched-definition","source_id":"source-paper-52-author-pdf","label":"Batched and dynamic proactive secret-sharing definitions","locator":"Section 3, PDF pages 11-14","url":"/pubs/2020/pssdgdm_acns2020.pdf#page=11"},{"id":"anchor-paper-52-core-protocols","source_id":"source-paper-52-author-pdf","label":"Bivariate Share, Recover, Reconstruct, and Refresh","locator":"Sections 4.1-4.4, PDF pages 14-20","url":"/pubs/2020/pssdgdm_acns2020.pdf#page=14"},{"id":"anchor-paper-52-static-theorems","source_id":"source-paper-52-author-pdf","label":"Static batched-PSS correctness, secrecy, and communication","locator":"Theorems 1-2 and Remarks 2 and 6, PDF pages 15-20","url":"/pubs/2020/pssdgdm_acns2020.pdf#page=15"},{"id":"anchor-paper-52-dynamic","source_id":"source-paper-52-author-pdf","label":"Increase, Decrease, DecreaseCorrupt, and Redistribute","locator":"Section 5 and Theorem 3, PDF pages 20-26","url":"/pubs/2020/pssdgdm_acns2020.pdf#page=20"},{"id":"anchor-paper-52-proofs","source_id":"source-paper-52-author-pdf","label":"Ideal functionalities, simulators, and full proofs","locator":"Supplementary Material, Appendices A-D, PDF pages 29-52","url":"/pubs/2020/pssdgdm_acns2020.pdf#page=29"},{"id":"anchor-paper-52-boundaries","source_id":"source-paper-52-author-pdf","label":"Robustness, threshold, batching, and synchrony boundaries","locator":"Sections 1.3, 2.2, 4.4, 5.4, and related-work comparison, PDF pages 5-10, 19-26, and 52-53","url":"/pubs/2020/pssdgdm_acns2020.pdf#page=5"},{"id":"anchor-paper-52-publication","source_id":"source-paper-52-official","label":"Official ACNS publication identity","locator":"DOI 10.1007/978-3-030-57808-4_1","url":"https://doi.org/10.1007/978-3-030-57808-4_1"},{"id":"anchor-paper-52-citations","source_id":"source-paper-52-citations","label":"Dated citation-count snapshot","locator":"OpenAlex reported 0 citations when accessed 2026-07-11","url":"https://api.openalex.org/works/W3003915831"}],"nodes":[{"id":"paper-52","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Communication-Efficient Proactive Secret Sharing for Dynamic Groups with Dishonest Majorities","summary":"A formally analyzed dynamic PSS construction that batches secrets with bivariate polynomials, supports a mobile mixed adversary and changing membership, and reduces amortized communication relative to earlier dishonest-majority schemes.","source_anchor_ids":["anchor-paper-52-problem"]},{"id":"paper-52-question","kind":"question","parent_id":"paper-52","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can one combine dishonest-majority proactive security, large batches, fair reconstruction, efficient communication, and dynamic group membership in one secret-sharing scheme?","source_anchor_ids":["anchor-paper-52-problem"]},{"id":"paper-52-answer","kind":"contribution","parent_id":"paper-52","order":2,"epistemic_status":"source_asserted","title":"Central construction","summary":"Encode a batch on the diagonal of a bivariate polynomial, use specialized masking and gradual-reconstruction procedures for proactive maintenance, and change the sharing degree through redistribution protocols when parties join or leave.","source_anchor_ids":["anchor-paper-52-problem","anchor-paper-52-core-protocols","anchor-paper-52-dynamic"]},{"id":"paper-52-scope","kind":"scope","parent_id":"paper-52","order":3,"epistemic_status":"defined","title":"System and adversary model","summary":"The parties operate synchronously over pairwise secure channels and authenticated broadcast. A polynomial-time mixed adversary may passively observe and actively control parties within each phase, and its corrupted set may move between refresh periods.","source_anchor_ids":["anchor-paper-52-model"]},{"id":"paper-52-scope-security","kind":"threat_model","parent_id":"paper-52-scope","order":1,"epistemic_status":"defined","title":"Separate secrecy, correctness, fairness, and robustness thresholds","summary":"The paper assigns distinct multi-thresholds to secrecy, correctness, fairness, and robustness; a claim at one threshold must not be read as establishing the others. Robustness is generally limited to one or two active faults.","source_anchor_ids":["anchor-paper-52-model","anchor-paper-52-boundaries"]},{"id":"paper-52-scope-assumptions","kind":"assumption","parent_id":"paper-52-scope","order":2,"epistemic_status":"computational_assumption","title":"Commitment and erasure assumptions","summary":"Active-fault checking uses Pedersen-style homomorphic commitments and computational security under discrete-log hardness; proactive security also relies on phase separation, reset or recovery, and disposal of obsolete state.","source_anchor_ids":["anchor-paper-52-assumptions","anchor-paper-52-model"]},{"id":"paper-52-construction","kind":"method","parent_id":"paper-52","order":4,"epistemic_status":"specified","title":"Batched bivariate proactive sharing","summary":"A degree-d bivariate polynomial stores secrets at public diagonal points. A party holds a univariate slice, enabling the batch to be refreshed, recovered, reconstructed, and redistributed without exposing the embedded secrets.","source_anchor_ids":["anchor-paper-52-batched-definition","anchor-paper-52-core-protocols"]},{"id":"paper-52-construction-batching","kind":"scheme","parent_id":"paper-52-construction","order":1,"epistemic_status":"specified","title":"Sublinear threshold loss under batching","summary":"The bivariate encoding replaces the usual linear loss in corruption tolerance with a square-root dependence on batch size and supports up to n minus 2 embedded secrets in the maximum batch.","source_anchor_ids":["anchor-paper-52-problem","anchor-paper-52-static-theorems"]},{"id":"paper-52-construction-maintenance","kind":"protocol","parent_id":"paper-52-construction","order":2,"epistemic_status":"specified","title":"Share, Recover, Reconstruct, and Refresh","summary":"Share distributes polynomial slices; Recover replaces a missing slice with blinded assistance; Reconstruct builds a gradual ladder for fair release; and Refresh adds a zero-encoding random bivariate sharing to rerandomize state.","source_anchor_ids":["anchor-paper-52-core-protocols"]},{"id":"paper-52-construction-membership","kind":"protocol","parent_id":"paper-52-construction","order":3,"epistemic_status":"specified","title":"Dynamic membership protocols","summary":"Increase and Decrease adjust the sharing degree as parties join or cooperate in leaving, while DecreaseCorrupt handles one non-participating failed or corrupted departure; Redistribute composes these operations for group changes.","source_anchor_ids":["anchor-paper-52-dynamic"]},{"id":"paper-52-claims","kind":"claim_group","parent_id":"paper-52","order":5,"epistemic_status":"formally_analyzed","title":"Main stated guarantees","summary":"Theorems establish static and dynamic PSS correctness and secrecy under stated mixed-adversary thresholds, together with fairness and amortized communication results.","source_anchor_ids":["anchor-paper-52-static-theorems","anchor-paper-52-dynamic"]},{"id":"paper-52-claim-efficiency","kind":"claim","parent_id":"paper-52-claims","order":1,"epistemic_status":"asymptotic_theorem","title":"O(n squared) amortized communication","summary":"With a maximum-size batch, the paper reports O(n squared) communication per secret overall, versus O(n cubed) for its single-secret specialization and O(n to the fourth) for the compared prior dishonest-majority construction.","source_anchor_ids":["anchor-paper-52-problem","anchor-paper-52-static-theorems","anchor-paper-52-dynamic"]},{"id":"paper-52-claim-security","kind":"claim","parent_id":"paper-52-claims","order":2,"epistemic_status":"proved_under_model","title":"Mixed-adversary security and fairness","summary":"The theorem statements give secrecy and correctness thresholds with a square-root batch-size loss and a separate gradual-reconstruction fairness region; they do not claim robustness at the full dishonest-majority threshold.","source_anchor_ids":["anchor-paper-52-static-theorems","anchor-paper-52-proofs","anchor-paper-52-boundaries"]},{"id":"paper-52-claim-dynamic","kind":"claim","parent_id":"paper-52-claims","order":3,"epistemic_status":"proved_under_model","title":"Dynamic redistribution preserves the shared secret","summary":"Theorem 3 composes the five principal protocols into a dynamic PSS scheme whose new group receives a fresh sharing of the same batch, subject to the old and new phases satisfying the stated thresholds.","source_anchor_ids":["anchor-paper-52-dynamic","anchor-paper-52-proofs"]},{"id":"paper-52-evidence","kind":"evidence_group","parent_id":"paper-52","order":6,"epistemic_status":"proof_documented","title":"Formal evidence","summary":"The source supplies protocol pseudocode, definitions, ideal functionalities, simulators, intermediate lemmas, and proofs for the static and dynamic constructions. This map audits their presence and logical role but does not independently machine-check them.","source_anchor_ids":["anchor-paper-52-core-protocols","anchor-paper-52-proofs"]},{"id":"paper-52-boundaries","kind":"limitation_group","parent_id":"paper-52","order":7,"epistemic_status":"material","title":"Boundaries and costs","summary":"The construction is synchronous and computational, assumes secure channels and authenticated broadcast, loses threshold as the batch grows, is not robust against a general active dishonest majority, and offers asymptotic analysis rather than an implementation or deployment evaluation.","source_anchor_ids":["anchor-paper-52-model","anchor-paper-52-assumptions","anchor-paper-52-boundaries"]},{"id":"paper-52-boundary-membership","kind":"limitation","parent_id":"paper-52-boundaries","order":1,"epistemic_status":"explicitly_scoped","title":"Departure constraints","summary":"Cooperative Decrease requires leaving parties to participate, while DecreaseCorrupt handles only one non-participating departure at a time; broader churn behavior is not established by that subprotocol.","source_anchor_ids":["anchor-paper-52-dynamic"]},{"id":"paper-52-resources","kind":"artifact_group","parent_id":"paper-52","order":8,"epistemic_status":"source_available","title":"Auditable resources","summary":"The complete manuscript is checked into the site with page count and SHA-256, the IACR ePrint supplies an archive identity, and the DOI identifies the ACNS publication. No implementation artifact is claimed.","source_anchor_ids":["anchor-paper-52-problem","anchor-paper-52-publication"]},{"id":"paper-52-scrutiny","kind":"scrutiny","parent_id":"paper-52","order":9,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The work appeared at ACNS 2020. Review reports, rebuttal material, independent proof audits, and implementations are not represented in the available record.","source_anchor_ids":["anchor-paper-52-publication"]},{"id":"paper-52-lineage","kind":"lineage","parent_id":"paper-52","order":10,"epistemic_status":"documented","title":"Research lineage","summary":"The work improves the earlier dishonest-majority PSS line with batching and dynamic groups, and its bivariate sharing becomes the PSS substrate for the later proactive-MPC construction mapped as paper #61.","source_anchor_ids":["anchor-paper-52-problem","anchor-paper-52-dynamic"]}],"relations":[{"id":"paper-52-relation-answer-question","type":"addresses","from_id":"paper-52-answer","to_id":"paper-52-question"},{"id":"paper-52-relation-batching-answer","type":"realizes","from_id":"paper-52-construction-batching","to_id":"paper-52-answer"},{"id":"paper-52-relation-maintenance-construction","type":"component_of","from_id":"paper-52-construction-maintenance","to_id":"paper-52-construction"},{"id":"paper-52-relation-membership-construction","type":"component_of","from_id":"paper-52-construction-membership","to_id":"paper-52-construction"},{"id":"paper-52-relation-proof-security","type":"supports","from_id":"paper-52-evidence","to_id":"paper-52-claim-security"},{"id":"paper-52-relation-proof-dynamic","type":"supports","from_id":"paper-52-evidence","to_id":"paper-52-claim-dynamic"},{"id":"paper-52-relation-model-claims","type":"qualifies","from_id":"paper-52-scope","to_id":"paper-52-claims"},{"id":"paper-52-relation-boundaries-claims","type":"qualifies","from_id":"paper-52-boundaries","to_id":"paper-52-claims"},{"id":"paper-52-relation-lineage-paper","type":"contextualizes","from_id":"paper-52-lineage","to_id":"paper-52"}],"assessment":{"id":"paper-52-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The complete source gives formal definitions, protocol specifications, threshold statements, ideal functionalities, and full proofs. The rating reflects documented theoretical support, not an independent proof verification or empirical deployment test.","basis_source_anchor_ids":["anchor-paper-52-static-theorems","anchor-paper-52-proofs"]},{"id":"auditability","level":"high","rationale":"A complete checked-in author copy with recorded page count and SHA-256, plus archive and DOI identities, makes assumptions and proof claims directly inspectable from this map.","basis_source_anchor_ids":["anchor-paper-52-problem","anchor-paper-52-publication"]},{"id":"production_provenance","level":"medium","rationale":"Authorship, venue, date, official identity, archive version, and author copy are documented; contributor roles, revision history, and tool use are not.","basis_source_anchor_ids":["anchor-paper-52-publication","anchor-paper-52-problem"]},{"id":"external_scrutiny","level":"medium","rationale":"ACNS publication establishes venue review, while review reports, independent proof checking, and reproduction evidence are unavailable here.","basis_source_anchor_ids":["anchor-paper-52-publication"]},{"id":"reception","level":"low","rationale":"The dated OpenAlex record located 0 citations for the DOI-identified work. Under the author-defined corpus rule, 0 through 8 located citations is Low; counts are index- and date-dependent.","basis_source_anchor_ids":["anchor-paper-52-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The source reports a quadratic amortized improvement and a new combination of dishonest-majority batching and dynamic groups, but priority and downstream impact have not been independently established by this map.","basis_source_anchor_ids":["anchor-paper-52-problem","anchor-paper-52-dynamic"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex exact DOI lookup","citation_count":0,"source_url":"https://api.openalex.org/works/W3003915831","signals":["The exact DOI-matched OpenAlex work reported zero citing works."],"limitation":"Citation counts vary across indexes and versions; citations to the IACR ePrint may be merged differently from the proceedings DOI."}},"paper_53":{"schema_version":"0.1","map_id":"paper-53-map","publication_id":53,"publication_anchor":"paper-53","slug":"paper-53","canonical_path":"/knowledge/papers/paper-53/","machine_path":"/knowledge/papers/paper-53.json","root_node_id":"paper-53","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["algorithm"],"title":"Towards Automated Augmentation and Instrumentation of Legacy Cryptographic Executables","short_title":"ALICE","year":2020,"status":"Published","venue":"18th International Conference on Applied Cryptography and Network Security (ACNS)","topic":"secure-systems-networks","labels":["Applied"],"authors":["Karim Eldefrawy","Michael E. Locasto","Norrathep Rattanavipanon","Hassen Saïdi"],"keywords":["binary instrumentation","legacy cryptography","cryptographic migration","dynamic taint analysis"],"research_question":"Can weak cryptographic routines in legacy executables be identified, scoped, and replaced with stronger primitives when source code and debugging symbols are unavailable?","central_answer":"ALICE combines static feature and call-graph analysis, offline dynamic execution, dynamic taint tracking, and static binary rewriting. Its prototype replaces several hash-function implementations in ELF x86-64 binaries and largely preserves tested behavior, while retaining explicit manual and platform limitations.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, experimental-evidence mapping, and initial assessment"}],"method":"Complete review of the 29-page arXiv extended version, including design, experiments, appendices, stated limitations, and visual inspection of the title and evaluation pages. Experimental statements are tied to the tested binaries and do not imply semantic equivalence for arbitrary programs.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author verification. Tool behavior, experiment transcriptions, and ratings remain provisional until author approval."}},"sources":[{"id":"source-paper-53-archive-pdf","type":"public_archive_copy","title":"Towards Automated Augmentation and Instrumentation of Legacy Cryptographic Executables: Extended Version","url":"/pubs/2020/alice-acns2020-extended.pdf","provenance_category":"archive","retrieved_from":"https://arxiv.org/pdf/2004.09713","media_type":"application/pdf","sha256":"9f4139bcbc3b7a7c0f6034b9988391df099b78262c833e0f9c1d493ee52fde8c","page_count":29},{"id":"source-paper-53-official","type":"official_publication_record","title":"ACNS 2020 publisher record","url":"https://doi.org/10.1007/978-3-030-57878-7_18","provenance_category":"official"},{"id":"source-paper-53-code","type":"source_code_repository","title":"ALICE source code","url":"https://github.com/SRI-CSL/ALICE","provenance_category":"artifact"},{"id":"source-paper-53-citations","type":"citation_index_snapshot","title":"OpenAlex work W3081940522","url":"https://api.openalex.org/works/W3081940522","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-53-problem","source_id":"source-paper-53-archive-pdf","label":"Problem, ALICE goals, and contribution summary","locator":"Abstract and Section 1, PDF pages 1-3","url":"/pubs/2020/alice-acns2020-extended.pdf#page=1"},{"id":"anchor-paper-53-scope","source_id":"source-paper-53-archive-pdf","label":"Target platform and explicit scope","locator":"Section 3, Goal and Scope, PDF pages 4-6","url":"/pubs/2020/alice-acns2020-extended.pdf#page=4"},{"id":"anchor-paper-53-identification","source_id":"source-paper-53-archive-pdf","label":"Primitive identification pipeline","locator":"Section 4.1, PDF pages 6-8","url":"/pubs/2020/alice-acns2020-extended.pdf#page=6"},{"id":"anchor-paper-53-scoping","source_id":"source-paper-53-archive-pdf","label":"Change classes and dynamic-taint scoping","locator":"Section 4.2, PDF pages 8-11","url":"/pubs/2020/alice-acns2020-extended.pdf#page=8"},{"id":"anchor-paper-53-rewriting","source_id":"source-paper-53-archive-pdf","label":"Binary augmentation and static rewriting","locator":"Section 4.3, PDF pages 11-12","url":"/pubs/2020/alice-acns2020-extended.pdf#page=11"},{"id":"anchor-paper-53-experiment-design","source_id":"source-paper-53-archive-pdf","label":"Experimental setup, datasets, and correctness criteria","locator":"Section 5.1, PDF pages 12-13","url":"/pubs/2020/alice-acns2020-extended.pdf#page=12"},{"id":"anchor-paper-53-library-results","source_id":"source-paper-53-archive-pdf","label":"Cryptographic-library results","locator":"Section 5.2, Table 1, and Figure 3, PDF pages 13-15","url":"/pubs/2020/alice-acns2020-extended.pdf#page=13"},{"id":"anchor-paper-53-application-results","source_id":"source-paper-53-archive-pdf","label":"Real-world-binary results and manual-effort analysis","locator":"Section 5.3, Tables 2-3 and Figures 4-5, PDF pages 15-17","url":"/pubs/2020/alice-acns2020-extended.pdf#page=15"},{"id":"anchor-paper-53-limitations","source_id":"source-paper-53-archive-pdf","label":"Limitations and future work","locator":"Section 6, PDF pages 17-18","url":"/pubs/2020/alice-acns2020-extended.pdf#page=17"},{"id":"anchor-paper-53-conclusion","source_id":"source-paper-53-archive-pdf","label":"Conclusion and bounded claim","locator":"Section 7, PDF page 18","url":"/pubs/2020/alice-acns2020-extended.pdf#page=18"},{"id":"anchor-paper-53-code","source_id":"source-paper-53-code","label":"Public ALICE repository","locator":"Repository linked by the paper; repository state was not independently reproduced in this audit","url":"https://github.com/SRI-CSL/ALICE"},{"id":"anchor-paper-53-publication","source_id":"source-paper-53-official","label":"Official ACNS publication identity","locator":"DOI 10.1007/978-3-030-57878-7_18","url":"https://doi.org/10.1007/978-3-030-57878-7_18"},{"id":"anchor-paper-53-citations","source_id":"source-paper-53-citations","label":"Dated citation-count snapshot","locator":"OpenAlex reported 2 citations when accessed 2026-07-11","url":"https://api.openalex.org/works/W3081940522"}],"nodes":[{"id":"paper-53","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Towards Automated Augmentation and Instrumentation of Legacy Cryptographic Executables","summary":"ALICE is an implemented binary-analysis and rewriting toolchain for replacing weak hash functions in legacy executables without source code or debugging symbols.","source_anchor_ids":["anchor-paper-53-problem"]},{"id":"paper-53-question","kind":"question","parent_id":"paper-53","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Is automatic cryptographic migration at the binary level practically feasible when maintainers cannot recompile or inspect original source?","source_anchor_ids":["anchor-paper-53-problem"]},{"id":"paper-53-answer","kind":"contribution","parent_id":"paper-53","order":2,"epistemic_status":"demonstrated_on_tested_scope","title":"Central answer","summary":"For a bounded class of non-obfuscated ELF x86-64 binaries, ALICE identifies hash routines, propagates digest-size changes through affected buffers, injects a replacement routine, and redirects calls with low measured overhead.","source_anchor_ids":["anchor-paper-53-scope","anchor-paper-53-identification","anchor-paper-53-rewriting"]},{"id":"paper-53-scope","kind":"scope","parent_id":"paper-53","order":3,"epistemic_status":"explicitly_scoped","title":"Target environment","summary":"The prototype targets ELF-format x86-64 binaries produced from C, assumes ordinary defensive software rather than malware, and requires neither source code nor debugging symbols.","source_anchor_ids":["anchor-paper-53-scope"]},{"id":"paper-53-scope-boundary","kind":"assumption","parent_id":"paper-53-scope","order":1,"epistemic_status":"assumed","title":"Non-malicious and unobfuscated input","summary":"Correctness of the workflow depends on the binary being non-obfuscated and on underlying disassembly, symbolic execution, assembly, and rewriting tools behaving adequately on the encountered instructions.","source_anchor_ids":["anchor-paper-53-scope","anchor-paper-53-limitations"]},{"id":"paper-53-pipeline","kind":"method","parent_id":"paper-53","order":4,"epistemic_status":"implemented","title":"Three-phase ALICE pipeline","summary":"ALICE identifies target cryptography, scopes affected state, and then augments and rewrites the executable. The paper separates these phases so failures and manual obligations remain visible.","source_anchor_ids":["anchor-paper-53-identification","anchor-paper-53-scoping","anchor-paper-53-rewriting"]},{"id":"paper-53-pipeline-identify","kind":"algorithm","parent_id":"paper-53-pipeline","order":1,"epistemic_status":"implemented","title":"Identify hash routines","summary":"The tool scans for known constants, follows the binary call graph to collect candidates, enumerates plausible calling conventions, and executes candidates offline on known inputs to remove false positives and recover parameter order.","source_anchor_ids":["anchor-paper-53-identification"]},{"id":"paper-53-pipeline-scope","kind":"algorithm","parent_id":"paper-53-pipeline","order":2,"epistemic_status":"implemented","title":"Scope propagated buffer changes","summary":"Dynamic taint analysis marks the target digest output and tracks affected memory buffers so a larger replacement digest can be accommodated. It handles routine replacement and buffer resizing, not arbitrary semantic logic changes.","source_anchor_ids":["anchor-paper-53-scoping"]},{"id":"paper-53-pipeline-rewrite","kind":"algorithm","parent_id":"paper-53-pipeline","order":3,"epistemic_status":"implemented","title":"Inject and redirect","summary":"ALICE appends replacement code, rewrites affected stack and memory references, and redirects calls statically, minimizing runtime instrumentation overhead.","source_anchor_ids":["anchor-paper-53-rewriting"]},{"id":"paper-53-evidence","kind":"evidence_group","parent_id":"paper-53","order":5,"epistemic_status":"empirical","title":"Experimental evidence","summary":"The prototype is evaluated across multiple cryptographic libraries, compiler optimization levels, and six real applications, with explicit functional tests, code-size measurements, instruction counts, and tool runtime.","source_anchor_ids":["anchor-paper-53-experiment-design","anchor-paper-53-library-results","anchor-paper-53-application-results"]},{"id":"paper-53-evidence-libraries","kind":"evidence","parent_id":"paper-53-evidence","order":1,"epistemic_status":"measured","title":"Library corpus","summary":"Tests cover hash implementations from OpenSSL, libgcrypt, mbedTLS, and FreeBL across common compiler optimization settings. The rewritten library binaries add little executed-instruction overhead relative to manually rebuilt baselines.","source_anchor_ids":["anchor-paper-53-experiment-design","anchor-paper-53-library-results"]},{"id":"paper-53-evidence-applications","kind":"evidence","parent_id":"paper-53-evidence","order":2,"epistemic_status":"measured_with_failure","title":"Real-world application corpus","summary":"The paper tests md5sum, sha1sum, smd5_mkpass, ssha_mkpass, curl, and lighttpd. Most rewritten binaries pass project tests and the target hash behavior, but one misidentified routine and an O3 curl case expose concrete failure modes.","source_anchor_ids":["anchor-paper-53-application-results"]},{"id":"paper-53-claim-functionality","kind":"claim","parent_id":"paper-53","order":6,"epistemic_status":"demonstrated_on_corpus","title":"Functionality preservation on tested binaries","summary":"For the successful cases, rewritten applications pass the available original test suites and produce the expected stronger-hash behavior. This is test-based evidence, not a proof of semantic equivalence.","source_anchor_ids":["anchor-paper-53-application-results"]},{"id":"paper-53-claim-overhead","kind":"claim","parent_id":"paper-53","order":7,"epistemic_status":"measured","title":"Low measured runtime and code-size overhead","summary":"Library experiments add about 300 executed instructions on average, and application runs remain below roughly five percent instruction overhead; rewritten real binaries add about 4-11 KB. Tool execution ranges from under a minute on simple cases to about five minutes on the largest tested program.","source_anchor_ids":["anchor-paper-53-library-results","anchor-paper-53-application-results"]},{"id":"paper-53-claim-automation","kind":"claim","parent_id":"paper-53","order":8,"epistemic_status":"measured_on_corpus","title":"Reduced manual rewriting effort","summary":"On the reported O2 application set, ALICE automatically rewrites 99.87 percent of counted changed instructions when routine and buffer changes are included; excluding routine identification, it handles about 70.17 percent of buffer-plus-logic changes.","source_anchor_ids":["anchor-paper-53-application-results"]},{"id":"paper-53-boundaries","kind":"limitation_group","parent_id":"paper-53","order":9,"epistemic_status":"material","title":"Limitations","summary":"The prototype does not automatically infer arbitrary control-logic changes, does not replace primitives inside dynamic libraries, does not support obfuscated programs, and inherits unsoundness or unsupported-instruction risks from angr, Keystone, and other components.","source_anchor_ids":["anchor-paper-53-scoping","anchor-paper-53-limitations"]},{"id":"paper-53-boundary-generality","kind":"limitation","parent_id":"paper-53-boundaries","order":1,"epistemic_status":"explicitly_scoped","title":"Demonstrated only for hash replacement","summary":"Although the architecture is presented as extensible, the concrete evaluation replaces hash functions; it does not establish automated migration for arbitrary encryption, signature, protocol, or post-quantum primitives.","source_anchor_ids":["anchor-paper-53-scope","anchor-paper-53-conclusion"]},{"id":"paper-53-artifacts","kind":"artifact_group","parent_id":"paper-53","order":10,"epistemic_status":"publicly_available","title":"Paper and code","summary":"The extended manuscript is checked in with fixity metadata and the authors link a public ALICE repository. This audit confirmed the repository link but did not rebuild or reproduce the toolchain.","source_anchor_ids":["anchor-paper-53-code","anchor-paper-53-publication"]},{"id":"paper-53-scrutiny","kind":"scrutiny","parent_id":"paper-53","order":11,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The conference paper appeared at ACNS 2020 and the extended source exposes its experiments and limitations. Review reports and an independent reproduction are not represented.","source_anchor_ids":["anchor-paper-53-publication","anchor-paper-53-limitations"]},{"id":"paper-53-lineage","kind":"lineage","parent_id":"paper-53","order":12,"epistemic_status":"documented","title":"Role in cryptographic migration","summary":"ALICE extends binary cryptographic identification from detection toward replacement, while leaving semantic logic repair and broader primitive support as subsequent work.","source_anchor_ids":["anchor-paper-53-problem","anchor-paper-53-limitations"]}],"relations":[{"id":"paper-53-relation-answer-question","type":"addresses","from_id":"paper-53-answer","to_id":"paper-53-question"},{"id":"paper-53-relation-identify-pipeline","type":"component_of","from_id":"paper-53-pipeline-identify","to_id":"paper-53-pipeline"},{"id":"paper-53-relation-scope-pipeline","type":"component_of","from_id":"paper-53-pipeline-scope","to_id":"paper-53-pipeline"},{"id":"paper-53-relation-rewrite-pipeline","type":"component_of","from_id":"paper-53-pipeline-rewrite","to_id":"paper-53-pipeline"},{"id":"paper-53-relation-evidence-functionality","type":"supports","from_id":"paper-53-evidence","to_id":"paper-53-claim-functionality"},{"id":"paper-53-relation-evidence-overhead","type":"supports","from_id":"paper-53-evidence","to_id":"paper-53-claim-overhead"},{"id":"paper-53-relation-scope-answer","type":"qualifies","from_id":"paper-53-scope","to_id":"paper-53-answer"},{"id":"paper-53-relation-boundaries-functionality","type":"qualifies","from_id":"paper-53-boundaries","to_id":"paper-53-claim-functionality"},{"id":"paper-53-relation-artifact-evidence","type":"enables_audit_of","from_id":"paper-53-artifacts","to_id":"paper-53-evidence"},{"id":"paper-53-relation-lineage-paper","type":"contextualizes","from_id":"paper-53-lineage","to_id":"paper-53"}],"assessment":{"id":"paper-53-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The full source documents an implemented pipeline, explicit success criteria, multiple datasets, measured overheads, observed failures, and limitations. Generalization beyond the tested platform and hashes remains unsupported.","basis_source_anchor_ids":["anchor-paper-53-experiment-design","anchor-paper-53-library-results","anchor-paper-53-application-results","anchor-paper-53-limitations"]},{"id":"auditability","level":"high","rationale":"A checked-in complete archive copy with page count and SHA-256, the official DOI, and a public source repository make the principal evidence inspectable, although this audit did not reproduce the experiments.","basis_source_anchor_ids":["anchor-paper-53-problem","anchor-paper-53-code","anchor-paper-53-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authors, venue, archive version, DOI, and repository are documented; contributor roles, exact experimental environment capture, commit-to-paper correspondence, and revision workflow are not fully recorded.","basis_source_anchor_ids":["anchor-paper-53-publication","anchor-paper-53-code"]},{"id":"external_scrutiny","level":"medium","rationale":"ACNS publication and public code provide external exposure, but review reports and independent reproduction are not represented.","basis_source_anchor_ids":["anchor-paper-53-publication","anchor-paper-53-code"]},{"id":"reception","level":"low","rationale":"The dated exact-DOI OpenAlex record located 2 citations. Under the author-defined rule, 0 through 8 located citations is Low; the count is index- and date-dependent.","basis_source_anchor_ids":["anchor-paper-53-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The paper moves from primitive identification to executable rewriting and publishes a prototype, but broader adoption and durable downstream impact are not established by this audit.","basis_source_anchor_ids":["anchor-paper-53-problem","anchor-paper-53-conclusion"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex exact DOI lookup","citation_count":2,"source_url":"https://api.openalex.org/works/W3081940522","signals":["The exact DOI-matched OpenAlex work reported two citing works."],"limitation":"Citation counts vary by index and may split the conference and arXiv extended versions."}},"paper_54":{"schema_version":"0.1","map_id":"paper-54-map","publication_id":54,"publication_anchor":"paper-54","slug":"paper-54","canonical_path":"/knowledge/papers/paper-54/","machine_path":"/knowledge/papers/paper-54.json","root_node_id":"paper-54","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol","primitive"],"title":"APEX: A Verified Architecture for Proofs of Execution on Remote Devices Under Full Software Compromise","short_title":"APEX","year":2020,"status":"Published","venue":"29th USENIX Security Symposium","topic":"secure-systems-networks","labels":["Theory","Applied"],"authors":["Ivan De Oliveira Nunes","Karim Eldefrawy","Norrathep Rattanavipanon","Gene Tsudik"],"keywords":["proof of execution","remote attestation","embedded systems","formal verification"],"research_question":"Can a low-end embedded device under complete software compromise prove to a remote verifier that specified software ran atomically and produced an authentic fresh output?","central_answer":"APEX defines a proof-of-execution security game and extends the verified VRASED attestation architecture with hardware-enforced execution, output, and metadata invariants. The design is model checked, implemented on OpenMSP430 and an FPGA, released as an artifact, and evaluated with low measured hardware overhead.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, formal-and-empirical evidence mapping, and initial assessment"}],"method":"Complete review of the 18-page checked-in USENIX paper, including security definitions, architecture, LTL specifications, proof argument, implementation, evaluation, limitations, and visual inspection of the title and formal-specification pages. The map keeps guarantees about execution distinct from correctness of the executed software.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author verification. Security-game, invariant, overhead, and limitation transcriptions should be author-checked."}},"sources":[{"id":"source-paper-54-author-pdf","type":"author_hosted_copy","title":"APEX: A Verified Architecture for Proofs of Execution on Remote Devices Under Full Software Compromise","url":"/pubs/2020/apex_usenixsec2020.pdf","provenance_category":"author","media_type":"application/pdf","sha256":"c6b0c52488dcc69a6fcc34453d8f4f7a527120c2b3726ba2ddfe84e8fd585c7a","page_count":18},{"id":"source-paper-54-official","type":"official_publication_record","title":"USENIX Security 2020 paper page","url":"https://www.usenix.org/conference/usenixsecurity20/presentation/nunes","provenance_category":"official"},{"id":"source-paper-54-code","type":"source_code_repository","title":"APEX implementation","url":"https://github.com/sprout-uci/APEX","provenance_category":"artifact"},{"id":"source-paper-54-citations","type":"citation_index_snapshot","title":"OpenAlex work W3017753896","url":"https://api.openalex.org/works/W3017753896","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-54-problem","source_id":"source-paper-54-author-pdf","label":"Motivation, questions, and claimed contribution","locator":"Abstract and Section 1, PDF pages 1-2","url":"/pubs/2020/apex_usenixsec2020.pdf#page=1"},{"id":"anchor-paper-54-pox-definition","source_id":"source-paper-54-author-pdf","label":"Proof-of-execution syntax and security game","locator":"Section 4 and Definitions 1-2, PDF pages 4-6","url":"/pubs/2020/apex_usenixsec2020.pdf#page=4"},{"id":"anchor-paper-54-adversary","source_id":"source-paper-54-author-pdf","label":"Full-software-compromise adversary and exclusions","locator":"Section 4.1 and physical-attack discussion, PDF pages 5-6","url":"/pubs/2020/apex_usenixsec2020.pdf#page=5"},{"id":"anchor-paper-54-machine","source_id":"source-paper-54-author-pdf","label":"MCU machine axioms","locator":"Section 4.2, PDF pages 5-6","url":"/pubs/2020/apex_usenixsec2020.pdf#page=5"},{"id":"anchor-paper-54-architecture","source_id":"source-paper-54-author-pdf","label":"APEX protocol, architecture, and authenticated proof","locator":"Section 5.1 and Definition 3, PDF pages 6-8","url":"/pubs/2020/apex_usenixsec2020.pdf#page=6"},{"id":"anchor-paper-54-subproperties","source_id":"source-paper-54-author-pdf","label":"Execution, output, and metadata protection","locator":"Section 5.2, PDF pages 8-9","url":"/pubs/2020/apex_usenixsec2020.pdf#page=8"},{"id":"anchor-paper-54-formal","source_id":"source-paper-54-author-pdf","label":"LTL specification, model checking, and PoX proof argument","locator":"Section 6 and Definitions 4-6, PDF pages 9-11","url":"/pubs/2020/apex_usenixsec2020.pdf#page=9"},{"id":"anchor-paper-54-evaluation","source_id":"source-paper-54-author-pdf","label":"OpenMSP430 implementation and evaluation","locator":"Sections 7-7.2 and Tables 2-3, PDF pages 11-13","url":"/pubs/2020/apex_usenixsec2020.pdf#page=11"},{"id":"anchor-paper-54-case-study","source_id":"source-paper-54-author-pdf","label":"Authenticated sensing and actuation proof of concept","locator":"Section 7.3, PDF pages 13-15","url":"/pubs/2020/apex_usenixsec2020.pdf#page=13"},{"id":"anchor-paper-54-limitations","source_id":"source-paper-54-author-pdf","label":"Limitations and future directions","locator":"Section 8, PDF pages 14-15","url":"/pubs/2020/apex_usenixsec2020.pdf#page=14"},{"id":"anchor-paper-54-conclusion","source_id":"source-paper-54-author-pdf","label":"Conclusion","locator":"Section 9, PDF page 15","url":"/pubs/2020/apex_usenixsec2020.pdf#page=15"},{"id":"anchor-paper-54-code","source_id":"source-paper-54-code","label":"Public implementation repository","locator":"Repository cited by the paper; artifact was not rebuilt in this map audit","url":"https://github.com/sprout-uci/APEX"},{"id":"anchor-paper-54-publication","source_id":"source-paper-54-official","label":"USENIX publication and artifact record","locator":"USENIX Security 2020 paper page; paper carries an Artifact Evaluated - Passed badge","url":"https://www.usenix.org/conference/usenixsecurity20/presentation/nunes"},{"id":"anchor-paper-54-citations","source_id":"source-paper-54-citations","label":"Dated citation-count snapshot","locator":"OpenAlex reported 38 citations when accessed 2026-07-11","url":"https://api.openalex.org/works/W3017753896"}],"nodes":[{"id":"paper-54","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"APEX: A Verified Architecture for Proofs of Execution on Remote Devices Under Full Software Compromise","summary":"A formally specified, model-checked, implemented, and evaluated proof-of-execution architecture for low-end microcontrollers under complete software compromise.","source_anchor_ids":["anchor-paper-54-problem"]},{"id":"paper-54-question","kind":"question","parent_id":"paper-54","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can a remote verifier bind a fresh device output to complete atomic execution of expected code even when every unprotected software component is adversarial?","source_anchor_ids":["anchor-paper-54-problem","anchor-paper-54-pox-definition"]},{"id":"paper-54-answer","kind":"contribution","parent_id":"paper-54","order":2,"epistemic_status":"constructed_and_verified","title":"Central answer","summary":"APEX adds verified hardware monitors and protected execution metadata to VRASED so an attestation token authenticates the executable region, output region, request challenge, bounds, and a hardware-controlled successful-execution flag.","source_anchor_ids":["anchor-paper-54-architecture","anchor-paper-54-subproperties"]},{"id":"paper-54-pox","kind":"primitive","parent_id":"paper-54","order":3,"epistemic_status":"formally_defined","title":"Proof of execution primitive","summary":"PoX consists of request, atomic execution, proof generation, and verification algorithms. Security forbids convincing the verifier after no or incomplete execution and forbids substituting a tampered output for the actual execution result.","source_anchor_ids":["anchor-paper-54-pox-definition"]},{"id":"paper-54-scope","kind":"threat_model","parent_id":"paper-54","order":4,"epistemic_status":"defined","title":"Full software compromise","summary":"The adversary controls all device software, writable state, and DMA, and may read any memory not hardware-protected. It cannot change ROM, violate the assumed CPU semantics, induce physical faults, or extract secrets through physical side channels.","source_anchor_ids":["anchor-paper-54-adversary","anchor-paper-54-machine"]},{"id":"paper-54-scope-correctness","kind":"limitation","parent_id":"paper-54-scope","order":1,"epistemic_status":"explicitly_scoped","title":"Execution is not program correctness","summary":"A valid APEX proof says the requested code ran under the defined conditions and produced the authenticated bytes; it does not establish that the code is bug-free, functionally correct, or safe on malicious inputs.","source_anchor_ids":["anchor-paper-54-pox-definition","anchor-paper-54-limitations"]},{"id":"paper-54-architecture-node","kind":"protocol","parent_id":"paper-54","order":5,"epistemic_status":"specified","title":"APEX protocol","summary":"The verifier supplies code or identifies preinstalled code, memory bounds, and a fresh challenge. Hardware enforces atomic execution and sets EXEC only after success; VRASED then computes an HMAC-based proof over code, output, and metadata.","source_anchor_ids":["anchor-paper-54-architecture"]},{"id":"paper-54-architecture-execution","kind":"mechanism","parent_id":"paper-54-architecture-node","order":1,"epistemic_status":"hardware_enforced","title":"Execution and output protection","summary":"The verified logic rejects interrupted execution, entry or exit at the wrong boundary, DMA or software modification of protected regions, and changes to the executable or output between completion and proof generation.","source_anchor_ids":["anchor-paper-54-subproperties"]},{"id":"paper-54-architecture-metadata","kind":"mechanism","parent_id":"paper-54-architecture-node","order":2,"epistemic_status":"hardware_enforced","title":"Protected metadata and freshness","summary":"Hardware makes the EXEC flag software read-only and protects challenge and region bounds; including the fresh challenge in key derivation and the MAC binds the proof to the current request.","source_anchor_ids":["anchor-paper-54-architecture","anchor-paper-54-subproperties"]},{"id":"paper-54-formal","kind":"evidence_group","parent_id":"paper-54","order":6,"epistemic_status":"machine_checked","title":"Formal evidence","summary":"APEX subproperties are expressed in linear temporal logic, translated into a finite-state hardware model, and checked with NuSMV; the security argument composes these invariants with VRASED remote-attestation security.","source_anchor_ids":["anchor-paper-54-formal"]},{"id":"paper-54-claim-security","kind":"claim","parent_id":"paper-54-formal","order":1,"epistemic_status":"proved_under_assumptions","title":"PoX security under the stated MCU model","summary":"The paper argues that satisfying the verified execution, output, and metadata properties reduces a successful PoX forgery to breaking VRASED's attestation guarantee, under the cryptographic and machine assumptions.","source_anchor_ids":["anchor-paper-54-pox-definition","anchor-paper-54-formal"]},{"id":"paper-54-implementation","kind":"artifact_group","parent_id":"paper-54","order":7,"epistemic_status":"implemented","title":"Hardware and software implementation","summary":"The authors implement APEX on OpenMSP430, synthesize the design for an Artix-7 FPGA, reuse VRASED's protected attestation software, and publish the implementation.","source_anchor_ids":["anchor-paper-54-evaluation","anchor-paper-54-code"]},{"id":"paper-54-evidence-overhead","kind":"evidence","parent_id":"paper-54-implementation","order":1,"epistemic_status":"measured","title":"Hardware, memory, and verification cost","summary":"Relative to VRASED, APEX adds 44 registers and 302 lookup tables, reported as about 2 percent and 12 percent respectively, plus 9 bytes of metadata RAM. Model checking takes about three minutes and 280 MB on the reported workstation.","source_anchor_ids":["anchor-paper-54-evaluation"]},{"id":"paper-54-evidence-runtime","kind":"evidence","parent_id":"paper-54-implementation","order":2,"epistemic_status":"measured","title":"Runtime boundary","summary":"The hardware monitor adds no instructions to the protected program; proof latency is the program's own execution plus VRASED attestation, reported around 900 ms on an 8 MHz device for the evaluated configuration.","source_anchor_ids":["anchor-paper-54-evaluation"]},{"id":"paper-54-case-study","kind":"demonstration","parent_id":"paper-54","order":8,"epistemic_status":"proof_of_concept","title":"Authenticated sensing and actuation","summary":"A fire-sensor prototype on an APEX-enabled MSP430 and FPGA binds temperature or humidity reads and buzzer actuation to specified code, illustrating how a verifier can detect spoofed software outputs in the model.","source_anchor_ids":["anchor-paper-54-case-study"]},{"id":"paper-54-boundaries","kind":"limitation_group","parent_id":"paper-54","order":9,"epistemic_status":"material","title":"Limitations","summary":"Physical attacks and CPU-design faults are outside scope; code with external shared-library calls must be made self-contained; self-modifying code violates immutability; and atomic execution currently rejects interrupts, creating a real-time compatibility problem.","source_anchor_ids":["anchor-paper-54-adversary","anchor-paper-54-limitations"]},{"id":"paper-54-artifacts","kind":"artifact_group","parent_id":"paper-54","order":10,"epistemic_status":"evaluated_artifact","title":"Public and evaluated artifact","summary":"The paper, source repository, and official USENIX record are public, and the paper carries an Artifact Evaluated - Passed badge. This map did not independently rebuild the repository.","source_anchor_ids":["anchor-paper-54-code","anchor-paper-54-publication"]},{"id":"paper-54-scrutiny","kind":"scrutiny","parent_id":"paper-54","order":11,"epistemic_status":"venue_and_artifact_reviewed","title":"External scrutiny","summary":"APEX appeared at USENIX Security 2020 and passed the venue's represented artifact evaluation. Public review reports and independent formal re-verification are not linked.","source_anchor_ids":["anchor-paper-54-publication"]},{"id":"paper-54-lineage","kind":"lineage","parent_id":"paper-54","order":12,"epistemic_status":"documented","title":"Extension of VRASED","summary":"APEX deliberately reuses VRASED's verified remote-attestation root and adds a proof-of-execution layer without changing the protected attestation routine, so the two services can coexist.","source_anchor_ids":["anchor-paper-54-architecture","anchor-paper-54-formal"]}],"relations":[{"id":"paper-54-relation-answer-question","type":"addresses","from_id":"paper-54-answer","to_id":"paper-54-question"},{"id":"paper-54-relation-pox-answer","type":"defines","from_id":"paper-54-pox","to_id":"paper-54-answer"},{"id":"paper-54-relation-execution-architecture","type":"component_of","from_id":"paper-54-architecture-execution","to_id":"paper-54-architecture-node"},{"id":"paper-54-relation-metadata-architecture","type":"component_of","from_id":"paper-54-architecture-metadata","to_id":"paper-54-architecture-node"},{"id":"paper-54-relation-formal-security","type":"supports","from_id":"paper-54-formal","to_id":"paper-54-claim-security"},{"id":"paper-54-relation-implementation-answer","type":"realizes","from_id":"paper-54-implementation","to_id":"paper-54-answer"},{"id":"paper-54-relation-case-study-answer","type":"demonstrates","from_id":"paper-54-case-study","to_id":"paper-54-answer"},{"id":"paper-54-relation-scope-security","type":"qualifies","from_id":"paper-54-scope","to_id":"paper-54-claim-security"},{"id":"paper-54-relation-boundaries-security","type":"qualifies","from_id":"paper-54-boundaries","to_id":"paper-54-claim-security"},{"id":"paper-54-relation-lineage-architecture","type":"contextualizes","from_id":"paper-54-lineage","to_id":"paper-54-architecture-node"}],"assessment":{"id":"paper-54-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The source combines a formal security game, machine-checked hardware invariants, a reduction argument, synthesizable implementation, measured overheads, and an end-to-end proof of concept, while clearly stating its assumptions and exclusions.","basis_source_anchor_ids":["anchor-paper-54-pox-definition","anchor-paper-54-formal","anchor-paper-54-evaluation","anchor-paper-54-limitations"]},{"id":"auditability","level":"high","rationale":"A checked-in author copy with fixity metadata, official open-access record, public code, formal specifications, and represented artifact badge make the evidence highly inspectable.","basis_source_anchor_ids":["anchor-paper-54-problem","anchor-paper-54-code","anchor-paper-54-publication"]},{"id":"production_provenance","level":"medium","rationale":"Authors, venue, source copy, public repository, platform, and verification stack are documented, but contributor roles and exact commit-to-paper build provenance are not fully captured in this map.","basis_source_anchor_ids":["anchor-paper-54-code","anchor-paper-54-publication"]},{"id":"external_scrutiny","level":"high","rationale":"Publication at USENIX Security plus the Artifact Evaluated - Passed badge provides both venue and artifact scrutiny; private review reports and independent proof rechecking remain unavailable.","basis_source_anchor_ids":["anchor-paper-54-publication"]},{"id":"reception","level":"high","rationale":"The dated exact-title OpenAlex record located 38 citations. Under the author-defined corpus rule, 11 or more located citations is High; the count remains index- and date-dependent.","basis_source_anchor_ids":["anchor-paper-54-citations"]},{"id":"contribution_significance","level":"high","rationale":"The work defines and realizes a new low-end proof-of-execution service with formal and concrete evidence, and the citation snapshot indicates substantial uptake. Priority and correctness are still not guaranteed by this rating.","basis_source_anchor_ids":["anchor-paper-54-problem","anchor-paper-54-conclusion","anchor-paper-54-citations"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex exact-title lookup because the USENIX record has no DOI","citation_count":38,"source_url":"https://api.openalex.org/works/W3017753896","signals":["The exact-title OpenAlex work reported 38 citing works."],"limitation":"The USENIX record has no DOI in the mapped metadata; title matching was checked against authors and venue, and counts remain index-dependent."}},"paper_55":{"schema_version":"0.1","map_id":"paper-55-map","publication_id":55,"publication_anchor":"paper-55","slug":"paper-55","canonical_path":"/knowledge/papers/paper-55/","machine_path":"/knowledge/papers/paper-55.json","root_node_id":"paper-55","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"Communication-Efficient (Proactive) Secure Computation for Dynamic General Adversary Structures and Dynamic Groups","year":2020,"status":"Published","venue":"12th Conference on Security and Cryptography for Networks (SCN)","topic":"secure-encrypted-computation","labels":["Theory"],"authors":["Karim Eldefrawy","Seoyeon Hwang","Rafail Ostrovsky","Moti Yung"],"keywords":["proactive MPC","general adversary structures","dynamic groups","monotone span programs"],"research_question":"Can proactive secure multiparty computation remain communication-aware when corruption patterns are non-threshold, the general adversary structure changes over time, and parties join or leave?","central_answer":"The paper proactivizes both additive-sharing and monotone-span-program MPC, adds refresh, recovery, and redistribution for dynamic groups, and introduces secure conversions between the two representations so a system can select the one better suited to the current adversary structure.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, formal-claim mapping, and initial assessment"}],"method":"Complete review of the 41-page IACR ePrint PDF through the public archive renderer, including the model, protocols, complexity statements, ideal functionalities, and appendical proofs. A direct local download was attempted but IACR returned an anti-bot HTML challenge; therefore this map records archive and author-hosted URLs without claiming local PDF fixity.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author verification. Protocol roles, dimensions, and complexity expressions should be checked against the typeset source."}},"sources":[{"id":"source-paper-55-archive-pdf","type":"public_archive_copy","title":"Communication-Efficient (Proactive) Secure Computation for Dynamic General Adversary Structures and Dynamic Groups","url":"https://eprint.iacr.org/2020/747.pdf","provenance_category":"archive","media_type":"application/pdf","page_count":41},{"id":"source-paper-55-author-copy","type":"author_hosted_copy","title":"ResearchGate author-uploaded full text","url":"https://www.researchgate.net/publication/343112200_Communication-Efficient_Proactive_Secure_Computation_for_Dynamic_General_Adversary_Structures_and_Dynamic_Groups","provenance_category":"author"},{"id":"source-paper-55-official","type":"official_publication_record","title":"SCN 2020 publisher record","url":"https://doi.org/10.1007/978-3-030-57990-6_6","provenance_category":"official"},{"id":"source-paper-55-citations","type":"citation_index_snapshot","title":"OpenAlex work W3037463771","url":"https://api.openalex.org/works/W3037463771","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-55-problem","source_id":"source-paper-55-archive-pdf","label":"Problem, contributions, and structure-adaptive objective","locator":"Abstract and Section 1, PDF pages 1-3","url":"https://eprint.iacr.org/2020/747.pdf#page=1"},{"id":"anchor-paper-55-author-copy","source_id":"source-paper-55-author-copy","label":"Author-uploaded full text","locator":"ResearchGate public full-text record uploaded by an author","url":"https://www.researchgate.net/publication/343112200_Communication-Efficient_Proactive_Secure_Computation_for_Dynamic_General_Adversary_Structures_and_Dynamic_Groups"},{"id":"anchor-paper-55-blueprint","source_id":"source-paper-55-archive-pdf","label":"Dynamic PMPC blueprint and design roadblocks","locator":"Sections 3.1-3.2, PDF pages 4-6","url":"https://eprint.iacr.org/2020/747.pdf#page=4"},{"id":"anchor-paper-55-model","source_id":"source-paper-55-archive-pdf","label":"Phase model, communication, and general adversary structures","locator":"Sections 4.1-4.3, PDF pages 6-8","url":"https://eprint.iacr.org/2020/747.pdf#page=6"},{"id":"anchor-paper-55-overview","source_id":"source-paper-55-archive-pdf","label":"Two PMPC representations and conversion strategy","locator":"Section 5 introduction, PDF pages 8-9","url":"https://eprint.iacr.org/2020/747.pdf#page=8"},{"id":"anchor-paper-55-additive","source_id":"source-paper-55-archive-pdf","label":"Additive-sharing PMPC protocols","locator":"Section 5.1, PDF pages 9-12","url":"https://eprint.iacr.org/2020/747.pdf#page=9"},{"id":"anchor-paper-55-msp","source_id":"source-paper-55-archive-pdf","label":"MSP-based PMPC protocols","locator":"Section 5.2, PDF pages 12-17","url":"https://eprint.iacr.org/2020/747.pdf#page=12"},{"id":"anchor-paper-55-convert","source_id":"source-paper-55-archive-pdf","label":"Share conversion between additive and MSP representations","locator":"Section 5.3, PDF pages 17-19","url":"https://eprint.iacr.org/2020/747.pdf#page=17"},{"id":"anchor-paper-55-proofs","source_id":"source-paper-55-archive-pdf","label":"Protocol specifications, simulators, and proofs","locator":"Appendices B-F, PDF pages 24-41","url":"https://eprint.iacr.org/2020/747.pdf#page=24"},{"id":"anchor-paper-55-boundaries","source_id":"source-paper-55-archive-pdf","label":"Representation-size, scheduling, and communication boundaries","locator":"Sections 3.1-3.2 and 4.2, PDF pages 4-7","url":"https://eprint.iacr.org/2020/747.pdf#page=4"},{"id":"anchor-paper-55-publication","source_id":"source-paper-55-official","label":"Official SCN publication identity","locator":"DOI 10.1007/978-3-030-57990-6_6","url":"https://doi.org/10.1007/978-3-030-57990-6_6"},{"id":"anchor-paper-55-citations","source_id":"source-paper-55-citations","label":"Dated citation-count snapshot","locator":"OpenAlex reported 3 citations when accessed 2026-07-11","url":"https://api.openalex.org/works/W3037463771"}],"nodes":[{"id":"paper-55","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Communication-Efficient (Proactive) Secure Computation for Dynamic General Adversary Structures and Dynamic Groups","summary":"A formal protocol suite for proactive MPC under changing non-threshold adversary structures and participant sets, with conversions between additive and MSP secret-sharing representations.","source_anchor_ids":["anchor-paper-55-problem"]},{"id":"paper-55-question","kind":"question","parent_id":"paper-55","order":1,"epistemic_status":"research_question","title":"Research question","summary":"How can long-lived MPC adapt its security encoding when both the parties and the allowed corruption subsets change over time?","source_anchor_ids":["anchor-paper-55-problem"]},{"id":"paper-55-answer","kind":"contribution","parent_id":"paper-55","order":2,"epistemic_status":"source_asserted","title":"Structure-adaptive PMPC","summary":"Maintain two proactive MPC realizations with different communication profiles and securely convert shares between them whenever the current general adversary structure makes the alternative representation preferable.","source_anchor_ids":["anchor-paper-55-overview","anchor-paper-55-convert"]},{"id":"paper-55-scope","kind":"scope","parent_id":"paper-55","order":3,"epistemic_status":"defined","title":"Communication and phase model","summary":"Parties use a synchronous network with authenticated broadcast and point-to-point channels. Operational and refresh phases alternate; a mobile adversary may change its corruption set subject to the current general adversary structure.","source_anchor_ids":["anchor-paper-55-model"]},{"id":"paper-55-scope-gas","kind":"threat_model","parent_id":"paper-55-scope","order":1,"epistemic_status":"defined","title":"Dynamic general adversary structure","summary":"Access, secrecy, and adversary structures specify qualified, ignorant, and potentially corrupted subsets rather than a single cardinality threshold. The active protocol results rely on the Q2 condition that no two allowed adversary sets cover all parties.","source_anchor_ids":["anchor-paper-55-model","anchor-paper-55-overview"]},{"id":"paper-55-framework","kind":"protocol","parent_id":"paper-55","order":4,"epistemic_status":"specified","title":"Eight-operation dynamic PMPC framework","summary":"Share, Reconstruct, Add, Multiply, Refresh, Recover, Redistribute, and Convert cover computation, proactive maintenance, membership change, and representation adaptation.","source_anchor_ids":["anchor-paper-55-blueprint","anchor-paper-55-overview"]},{"id":"paper-55-framework-additive","kind":"protocol","parent_id":"paper-55-framework","order":1,"epistemic_status":"specified","title":"Additive-sharing PMPC","summary":"The additive realization distributes each summand to a designated holder set, uses information checking and dispute control against active faults, and adds new refresh, recover, and redistribution procedures.","source_anchor_ids":["anchor-paper-55-additive"]},{"id":"paper-55-framework-msp","kind":"protocol","parent_id":"paper-55-framework","order":2,"epistemic_status":"specified","title":"MSP-based PMPC","summary":"The monotone-span-program realization represents access structures with an MSP matrix and develops random-sharing, robust-resharing, recovery, refresh, and redistribution components around the base MPC protocol.","source_anchor_ids":["anchor-paper-55-msp"]},{"id":"paper-55-framework-convert","kind":"protocol","parent_id":"paper-55-framework","order":3,"epistemic_status":"specified","title":"Bidirectional share conversion","summary":"Conversion protocols transform an additive sharing into an MSP sharing and vice versa while preserving the secret, enabling protocol selection to follow the changing structure rather than remain fixed.","source_anchor_ids":["anchor-paper-55-convert"]},{"id":"paper-55-claims","kind":"claim_group","parent_id":"paper-55","order":5,"epistemic_status":"formally_analyzed","title":"Security and efficiency claims","summary":"The paper proves correctness and secrecy of the new maintenance and conversion subprotocols under their GAS conditions and gives separate communication bounds in terms of parties, maximal secrecy sets, MSP rows, field size, and checking parameters.","source_anchor_ids":["anchor-paper-55-additive","anchor-paper-55-msp","anchor-paper-55-convert","anchor-paper-55-proofs"]},{"id":"paper-55-claim-proactive","kind":"claim","parent_id":"paper-55-claims","order":1,"epistemic_status":"proved_under_model","title":"Proactive refresh and recovery","summary":"Refresh rerandomizes shares so views across stages cannot be combined, and Recover reconstructs replacement shares for reset parties without revealing the maintained secret beyond the model's prescribed views.","source_anchor_ids":["anchor-paper-55-additive","anchor-paper-55-msp","anchor-paper-55-proofs"]},{"id":"paper-55-claim-dynamic","kind":"claim","parent_id":"paper-55-claims","order":2,"epistemic_status":"proved_under_model","title":"Dynamic group redistribution","summary":"Redistribute transfers a sharing of the same secret to a changed participant group under the old and new phase structures, so departing shares do not remain sufficient under the stated assumptions.","source_anchor_ids":["anchor-paper-55-blueprint","anchor-paper-55-additive","anchor-paper-55-msp","anchor-paper-55-proofs"]},{"id":"paper-55-claim-adaptive","kind":"claim","parent_id":"paper-55-claims","order":3,"epistemic_status":"construction_supported","title":"Representation-aware communication","summary":"Because additive complexity scales with the secrecy-structure description while MSP complexity scales with matrix dimension, conversion permits choosing the more communication-efficient representation for the current structure.","source_anchor_ids":["anchor-paper-55-overview","anchor-paper-55-convert"]},{"id":"paper-55-evidence","kind":"evidence_group","parent_id":"paper-55","order":6,"epistemic_status":"proof_documented","title":"Formal evidence","summary":"The full source contains protocol pseudocode, correctness and secrecy statements, ideal-world formulations, simulators, and proofs for additive, MSP, and conversion components. This audit maps those obligations but does not independently verify every algebraic step.","source_anchor_ids":["anchor-paper-55-proofs"]},{"id":"paper-55-boundaries","kind":"limitation_group","parent_id":"paper-55","order":7,"epistemic_status":"material","title":"Boundaries","summary":"The results assume synchrony, authenticated broadcast, point-to-point channels, phase-based reboot and erasure behavior, and Q2-compatible structures. Communication can still be large because an adversary-structure description itself may be exponential in the party count.","source_anchor_ids":["anchor-paper-55-model","anchor-paper-55-boundaries"]},{"id":"paper-55-boundary-scheduling","kind":"limitation","parent_id":"paper-55-boundaries","order":1,"epistemic_status":"explicitly_out_of_scope","title":"Refresh policy and structure compression are not solved","summary":"The paper constructs refresh mechanisms but does not specify when a deployment should trigger them, and it explicitly does not minimize the description size of general adversary structures.","source_anchor_ids":["anchor-paper-55-blueprint","anchor-paper-55-boundaries"]},{"id":"paper-55-boundary-evaluation","kind":"limitation","parent_id":"paper-55-boundaries","order":2,"epistemic_status":"absent_evidence","title":"No implementation evaluation","summary":"Evidence is formal and asymptotic; the represented paper does not supply a prototype, concrete benchmark, network experiment, or deployment study.","source_anchor_ids":["anchor-paper-55-problem","anchor-paper-55-proofs"]},{"id":"paper-55-resources","kind":"artifact_group","parent_id":"paper-55","order":8,"epistemic_status":"full_text_available","title":"Publication resources","summary":"The complete IACR ePrint and an author-uploaded ResearchGate full text expose the protocol and proofs, while the DOI identifies the SCN version. No code artifact is claimed.","source_anchor_ids":["anchor-paper-55-problem","anchor-paper-55-publication"]},{"id":"paper-55-scrutiny","kind":"scrutiny","parent_id":"paper-55","order":9,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The paper appeared at SCN 2020. Review reports, independent proof audits, and reproductions are not represented.","source_anchor_ids":["anchor-paper-55-publication"]},{"id":"paper-55-lineage","kind":"lineage","parent_id":"paper-55","order":10,"epistemic_status":"documented","title":"Extends two general-adversary MPC lines","summary":"The construction proactivizes prior additive and MSP-based GAS MPC protocols and connects them through conversion, while later paper #61 follows a different dishonest-majority bivariate-PSS route for threshold-style dynamic groups.","source_anchor_ids":["anchor-paper-55-overview","anchor-paper-55-convert"]}],"relations":[{"id":"paper-55-relation-answer-question","type":"addresses","from_id":"paper-55-answer","to_id":"paper-55-question"},{"id":"paper-55-relation-additive-framework","type":"component_of","from_id":"paper-55-framework-additive","to_id":"paper-55-framework"},{"id":"paper-55-relation-msp-framework","type":"component_of","from_id":"paper-55-framework-msp","to_id":"paper-55-framework"},{"id":"paper-55-relation-convert-framework","type":"component_of","from_id":"paper-55-framework-convert","to_id":"paper-55-framework"},{"id":"paper-55-relation-convert-answer","type":"realizes","from_id":"paper-55-framework-convert","to_id":"paper-55-answer"},{"id":"paper-55-relation-evidence-claims","type":"supports","from_id":"paper-55-evidence","to_id":"paper-55-claims"},{"id":"paper-55-relation-scope-claims","type":"qualifies","from_id":"paper-55-scope","to_id":"paper-55-claims"},{"id":"paper-55-relation-boundaries-claims","type":"qualifies","from_id":"paper-55-boundaries","to_id":"paper-55-claims"},{"id":"paper-55-relation-lineage-paper","type":"contextualizes","from_id":"paper-55-lineage","to_id":"paper-55"}],"assessment":{"id":"paper-55-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The complete source provides definitions, explicit protocol suites, communication bounds, ideal functionalities, and appendical proofs. It supplies theoretical rather than implementation evidence.","basis_source_anchor_ids":["anchor-paper-55-overview","anchor-paper-55-proofs","anchor-paper-55-boundaries"]},{"id":"auditability","level":"high","rationale":"The full archive PDF and an author-uploaded copy expose assumptions and proofs, with an official DOI for publication identity. Direct local byte fixity could not be recorded because the archive blocked automated download.","basis_source_anchor_ids":["anchor-paper-55-author-copy","anchor-paper-55-publication"]},{"id":"production_provenance","level":"medium","rationale":"Authors, venue, DOI, archive, and author-hosted full text are documented; revision history, contributor roles, and tool use are not.","basis_source_anchor_ids":["anchor-paper-55-publication","anchor-paper-55-problem"]},{"id":"external_scrutiny","level":"medium","rationale":"SCN publication establishes venue review, but review reports, independent proof checks, and implementations are unavailable.","basis_source_anchor_ids":["anchor-paper-55-publication"]},{"id":"reception","level":"low","rationale":"The dated exact-DOI OpenAlex record located 3 citations. Under the author-defined rule, 0 through 8 located citations is Low; counts are index- and date-dependent.","basis_source_anchor_ids":["anchor-paper-55-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The paper addresses dynamic GAS, dynamic groups, and representation conversion in one PMPC framework, but this map does not independently establish priority or broad deployment impact.","basis_source_anchor_ids":["anchor-paper-55-problem","anchor-paper-55-convert"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex exact DOI lookup","citation_count":3,"source_url":"https://api.openalex.org/works/W3037463771","signals":["The exact DOI-matched OpenAlex work reported three citing works."],"limitation":"Citation counts vary by index and may merge or split the ePrint and SCN versions."}},"paper_56":{"schema_version":"0.1","map_id":"paper-56-map","publication_id":56,"publication_anchor":"paper-56","slug":"paper-56","canonical_path":"/knowledge/papers/paper-56/","machine_path":"/knowledge/papers/paper-56.json","root_node_id":"paper-56","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["scheme"],"title":"Optimizing Registration Based Encryption","year":2021,"status":"Published","venue":"18th IMA International Conference on Cryptography and Coding (IMACC)","topic":"algorithms-foundations","labels":["Theory","Applied"],"authors":["Kelong Cong","Karim Eldefrawy","Nigel P. Smart"],"keywords":["registration-based encryption","key escrow","crit-bit trees","hash garbling"],"research_question":"Can registration-based encryption preserve its no-key-escrow and asymptotic efficiency goals while reducing the enormous concrete ciphertext and decryption costs of existing constructions?","central_answer":"Replacing Merkle trees with authenticated crit-bit trees shortens garbled inputs, and publishing a small square-root-sized identity filter lets encryptors skip roughly half the tree snapshots. The paper analytically estimates a 57.5 percent combined ciphertext reduction, proves standard RBE security for the crit-bit construction, and states important remaining security and practicality gaps.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, theorem-and-cost mapping, and initial assessment"}],"method":"Complete review of the 28-page IACR ePrint PDF through the public archive and the author-uploaded ResearchGate full text. Direct local download attempts were blocked by anti-bot responses, so no local hash is claimed. Cost reductions are recorded as analytical estimates, not benchmark measurements.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author verification. Security scope, performance arithmetic, and tradeoff interpretations should be checked before approval."}},"sources":[{"id":"source-paper-56-archive-pdf","type":"public_archive_copy","title":"Optimizing Registration Based Encryption","url":"https://eprint.iacr.org/2021/499.pdf","provenance_category":"archive","media_type":"application/pdf","page_count":28},{"id":"source-paper-56-author-copy","type":"author_hosted_copy","title":"ResearchGate author-uploaded full text","url":"https://www.researchgate.net/publication/354783718_Optimizing_Registration_Based_Encryption","provenance_category":"author"},{"id":"source-paper-56-official","type":"official_publication_record","title":"IMACC 2021 publisher record","url":"https://doi.org/10.1007/978-3-030-92641-0_7","provenance_category":"official"},{"id":"source-paper-56-citations","type":"citation_index_snapshot","title":"OpenAlex work W3158584413","url":"https://api.openalex.org/works/W3158584413","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-56-problem","source_id":"source-paper-56-archive-pdf","label":"RBE motivation, baseline cost, and contributions","locator":"Abstract and Sections 1.1-1.2, PDF pages 1-3","url":"https://eprint.iacr.org/2021/499.pdf#page=1"},{"id":"anchor-paper-56-author-copy","source_id":"source-paper-56-author-copy","label":"Author-uploaded full text","locator":"ResearchGate public full-text record uploaded by Karim Eldefrawy on 2021-09-29","url":"https://www.researchgate.net/publication/354783718_Optimizing_Registration_Based_Encryption"},{"id":"anchor-paper-56-model","source_id":"source-paper-56-archive-pdf","label":"RBE roles, algorithms, efficiency, and message-hiding definition","locator":"Sections 2 and 3.5, PDF pages 4-12","url":"https://eprint.iacr.org/2021/499.pdf#page=4"},{"id":"anchor-paper-56-assumptions","source_id":"source-paper-56-archive-pdf","label":"Hash garbling, hash encryption, and cryptographic assumptions","locator":"Sections 3.3-3.4 and Appendix A, PDF pages 9-10 and 25-28","url":"https://eprint.iacr.org/2021/499.pdf#page=9"},{"id":"anchor-paper-56-critbit","source_id":"source-paper-56-archive-pdf","label":"Authenticated crit-bit tree","locator":"Sections 3.6 and 4.1, PDF pages 12-14","url":"https://eprint.iacr.org/2021/499.pdf#page=12"},{"id":"anchor-paper-56-construction","source_id":"source-paper-56-archive-pdf","label":"Compact-parameter optimized RBE construction","locator":"Sections 4.2-4.3, PDF pages 14-17","url":"https://eprint.iacr.org/2021/499.pdf#page=14"},{"id":"anchor-paper-56-security","source_id":"source-paper-56-archive-pdf","label":"Single-user and general RBE security proofs","locator":"Section 4.4, Theorems 1-2, PDF pages 17-19","url":"https://eprint.iacr.org/2021/499.pdf#page=17"},{"id":"anchor-paper-56-cost","source_id":"source-paper-56-archive-pdf","label":"Analytical cost reduction","locator":"Section 4.5, PDF page 19","url":"https://eprint.iacr.org/2021/499.pdf#page=19"},{"id":"anchor-paper-56-verifiability","source_id":"source-paper-56-archive-pdf","label":"Verifiability argument and proof boundary","locator":"Section 4.6, PDF pages 19-20","url":"https://eprint.iacr.org/2021/499.pdf#page=19"},{"id":"anchor-paper-56-larger-pp","source_id":"source-paper-56-archive-pdf","label":"Larger-public-parameter optimization","locator":"Section 5, PDF pages 20-23","url":"https://eprint.iacr.org/2021/499.pdf#page=20"},{"id":"anchor-paper-56-boundaries","source_id":"source-paper-56-archive-pdf","label":"CCA, implementation, and compactness boundaries","locator":"Sections 1.2, 4.5-4.6, and 5, PDF pages 3 and 19-23","url":"https://eprint.iacr.org/2021/499.pdf#page=3"},{"id":"anchor-paper-56-publication","source_id":"source-paper-56-official","label":"Official IMACC publication identity","locator":"DOI 10.1007/978-3-030-92641-0_7","url":"https://doi.org/10.1007/978-3-030-92641-0_7"},{"id":"anchor-paper-56-citations","source_id":"source-paper-56-citations","label":"Dated citation-count snapshot","locator":"OpenAlex reported 0 citations when accessed 2026-07-11","url":"https://api.openalex.org/works/W3158584413"}],"nodes":[{"id":"paper-56","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Optimizing Registration Based Encryption","summary":"An optimized RBE scheme using authenticated crit-bit trees and a public-parameter tradeoff to reduce the concrete cost of garbled public-key operations.","source_anchor_ids":["anchor-paper-56-problem"]},{"id":"paper-56-question","kind":"question","parent_id":"paper-56","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can RBE's attractive asymptotics be retained while shrinking ciphertext and decryption costs enough to move toward practice?","source_anchor_ids":["anchor-paper-56-problem"]},{"id":"paper-56-answer","kind":"contribution","parent_id":"paper-56","order":2,"epistemic_status":"construction_and_estimate","title":"Central answer","summary":"Compress authenticated tree paths with crit-bit nodes, then optionally disclose a square-root-sized set of identities so encryption traverses fewer snapshots; both changes reduce the number of costly public-key operations inside garbled circuits.","source_anchor_ids":["anchor-paper-56-critbit","anchor-paper-56-cost","anchor-paper-56-larger-pp"]},{"id":"paper-56-scope","kind":"scope","parent_id":"paper-56","order":3,"epistemic_status":"defined","title":"RBE model","summary":"Users generate their own keys; a key curator holds no secret and maintains registrations, auxiliary state, and short public parameters; an encryptor uses recipient identity plus public parameters, and a decryptor combines its secret key with periodically updated supporting information.","source_anchor_ids":["anchor-paper-56-model"]},{"id":"paper-56-scope-security","kind":"threat_model","parent_id":"paper-56-scope","order":1,"epistemic_status":"explicitly_scoped","title":"Message-hiding, not chosen-ciphertext security","summary":"The proof targets the standard RBE message-hiding definition used by prior work and does not provide a decryption oracle; active chosen-ciphertext security remains open.","source_anchor_ids":["anchor-paper-56-model","anchor-paper-56-boundaries"]},{"id":"paper-56-scheme","kind":"scheme","parent_id":"paper-56","order":4,"epistemic_status":"specified","title":"Crit-bit-tree RBE","summary":"Authenticated crit-bit trees replace balanced Merkle trees in snapshot-based registration. Each internal node stores a critical bit and two hash pointers, shortening the garbled input while preserving searchable authenticated paths.","source_anchor_ids":["anchor-paper-56-critbit","anchor-paper-56-construction"]},{"id":"paper-56-scheme-security","kind":"claim","parent_id":"paper-56-scheme","order":1,"epistemic_status":"proved_under_assumptions","title":"Standard RBE security","summary":"A single-user argument combines hash-garbling simulation with semantic PKE security; the general theorem replaces path programs through hybrids and concludes message-hiding for the crit-bit construction.","source_anchor_ids":["anchor-paper-56-assumptions","anchor-paper-56-security"]},{"id":"paper-56-scheme-compact","kind":"claim","parent_id":"paper-56-scheme","order":2,"epistemic_status":"analytical_estimate","title":"Compact-parameter reduction","summary":"For the paper's two-billion-user, 256-bit example, shorter tree nodes are estimated to reduce encryptor public-key operations and ciphertext size by about 15 percent and decryptor work by about 30 percent on average.","source_anchor_ids":["anchor-paper-56-cost"]},{"id":"paper-56-scheme-largepp","kind":"method","parent_id":"paper-56","order":5,"epistemic_status":"specified_tradeoff","title":"Larger public parameter","summary":"Publishing membership information for a square-root-sized minority of snapshot users lets encryption ignore roughly half the trees. A cuckoo filter is proposed to represent that set compactly.","source_anchor_ids":["anchor-paper-56-larger-pp"]},{"id":"paper-56-claim-combined","kind":"claim","parent_id":"paper-56-scheme-largepp","order":1,"epistemic_status":"analytical_estimate","title":"57.5 percent combined ciphertext reduction","summary":"Combining the 15 percent crit-bit reduction with a further one-half encryptor reduction yields the stated 57.5 percent decrease; the larger-parameter example adds about 187 KB for two billion users.","source_anchor_ids":["anchor-paper-56-problem","anchor-paper-56-larger-pp"]},{"id":"paper-56-evidence","kind":"evidence_group","parent_id":"paper-56","order":6,"epistemic_status":"formal_and_analytical","title":"Evidence boundary","summary":"Security is supported by definitions and hybrid proofs, while performance is supported by operation counts and asymptotic tree-depth facts. The paper does not implement or benchmark an RBE system.","source_anchor_ids":["anchor-paper-56-security","anchor-paper-56-cost"]},{"id":"paper-56-verifiability","kind":"claim","parent_id":"paper-56","order":7,"epistemic_status":"argued_not_fully_proved","title":"Verifiable registration compatibility","summary":"Adjacent authenticated paths support non-membership and unique-membership proof sketches, but the paper explicitly does not provide the full verification algorithm or prove its soundness and completeness.","source_anchor_ids":["anchor-paper-56-verifiability"]},{"id":"paper-56-boundaries","kind":"limitation_group","parent_id":"paper-56","order":8,"epistemic_status":"material","title":"Limitations","summary":"The optimized ciphertext remains extremely large in the motivating regime, performance is estimated rather than measured, chosen-ciphertext security is absent, the verifiability extension is incomplete, and the second optimization weakens public-parameter compactness from polylogarithmic in users to square-root dependence.","source_anchor_ids":["anchor-paper-56-problem","anchor-paper-56-boundaries"]},{"id":"paper-56-resources","kind":"artifact_group","parent_id":"paper-56","order":9,"epistemic_status":"full_text_available","title":"Publication resources","summary":"The IACR archive, author-uploaded full text, and official DOI make the construction and proofs inspectable. No implementation or benchmark artifact is represented.","source_anchor_ids":["anchor-paper-56-problem","anchor-paper-56-publication"]},{"id":"paper-56-scrutiny","kind":"scrutiny","parent_id":"paper-56","order":10,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The paper appeared at IMACC 2021. Review reports and independent implementation or proof audits are not linked.","source_anchor_ids":["anchor-paper-56-publication"]},{"id":"paper-56-lineage","kind":"lineage","parent_id":"paper-56","order":11,"epistemic_status":"documented","title":"Optimization of prior RBE blueprints","summary":"The work retains the hash-garbling and snapshot approach of earlier RBE and verifiable-RBE constructions while changing authenticated data structures and the public-parameter tradeoff.","source_anchor_ids":["anchor-paper-56-problem","anchor-paper-56-construction"]}],"relations":[{"id":"paper-56-relation-answer-question","type":"addresses","from_id":"paper-56-answer","to_id":"paper-56-question"},{"id":"paper-56-relation-scheme-answer","type":"realizes","from_id":"paper-56-scheme","to_id":"paper-56-answer"},{"id":"paper-56-relation-largepp-answer","type":"extends","from_id":"paper-56-scheme-largepp","to_id":"paper-56-answer"},{"id":"paper-56-relation-evidence-security","type":"supports","from_id":"paper-56-evidence","to_id":"paper-56-scheme-security"},{"id":"paper-56-relation-evidence-compact","type":"supports","from_id":"paper-56-evidence","to_id":"paper-56-scheme-compact"},{"id":"paper-56-relation-scope-security","type":"qualifies","from_id":"paper-56-scope","to_id":"paper-56-scheme-security"},{"id":"paper-56-relation-boundaries-combined","type":"qualifies","from_id":"paper-56-boundaries","to_id":"paper-56-claim-combined"},{"id":"paper-56-relation-lineage-scheme","type":"contextualizes","from_id":"paper-56-lineage","to_id":"paper-56-scheme"}],"assessment":{"id":"paper-56-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The construction and standard-security proof are detailed, but the paper's central concrete-efficiency claims are analytical estimates without an implementation, and verifiability is only sketched.","basis_source_anchor_ids":["anchor-paper-56-security","anchor-paper-56-cost","anchor-paper-56-verifiability","anchor-paper-56-boundaries"]},{"id":"auditability","level":"high","rationale":"Full archive and author-uploaded copies plus the DOI expose the definitions, proofs, and arithmetic. Anti-bot controls prevented recording a local byte hash in this pass.","basis_source_anchor_ids":["anchor-paper-56-author-copy","anchor-paper-56-publication"]},{"id":"production_provenance","level":"medium","rationale":"Authorship, venue, DOI, archive, and author upload are documented; revision history, roles, and tool use are not.","basis_source_anchor_ids":["anchor-paper-56-publication","anchor-paper-56-problem"]},{"id":"external_scrutiny","level":"medium","rationale":"IMACC publication establishes venue review, but no public review report, artifact evaluation, or independent proof audit is represented.","basis_source_anchor_ids":["anchor-paper-56-publication"]},{"id":"reception","level":"low","rationale":"The dated exact-DOI OpenAlex record located 0 citations. Under the author-defined rule, 0 through 8 located citations is Low; counts vary across indexes and dates.","basis_source_anchor_ids":["anchor-paper-56-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The work materially reduces an identified concrete bottleneck in the prior blueprint, but the resulting construction remains impractical and downstream impact is not established here.","basis_source_anchor_ids":["anchor-paper-56-problem","anchor-paper-56-boundaries"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex exact DOI lookup","citation_count":0,"source_url":"https://api.openalex.org/works/W3158584413","signals":["The exact DOI-matched OpenAlex work reported zero citing works."],"limitation":"Other indexes may merge the ePrint and proceedings versions differently; the count is a dated snapshot, not a quality measure."}},"paper_57":{"schema_version":"0.1","map_id":"paper-57-map","publication_id":57,"publication_anchor":"paper-57","slug":"paper-57","canonical_path":"/knowledge/papers/paper-57/","machine_path":"/knowledge/papers/paper-57.json","root_node_id":"paper-57","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":[],"title":"On Regenerating Codes and Proactive Secret Sharing: Relationships and Implications","year":2021,"status":"Published","venue":"23rd International Symposium on Stabilization, Safety, and Security of Distributed Systems (SSS)","topic":"secure-encrypted-computation","labels":["Theory"],"authors":["Karim Eldefrawy","Nicholas Genise","Rutuja Kshirsagar","Moti Yung"],"keywords":["proactive secret sharing","regenerating codes","leakage","generalized decoding"],"research_question":"What formal relationships connect proactive secret sharing and regenerating codes, and what new efficiency opportunities, leakage risks, and coding notions follow from those relationships?","central_answer":"The paper gives conditional translations in both directions, uses Reed-Solomon repair methods to expose partial-leakage attacks and an alternative recovery procedure, and transfers general adversary structures into a new generalized-decoding regenerating-code definition with an existence theorem.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, theorem mapping, and initial assessment"}],"method":"Complete review of the 19-page IACR ePrint PDF through the public archive and author-uploaded full text, including definitions, propositions, theorems, proofs, and future-work boundaries. Direct local download was blocked by archive anti-bot controls, so no local hash is claimed.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author verification. Parameter correspondences and leakage interpretations should be checked before approval."}},"sources":[{"id":"source-paper-57-archive-pdf","type":"public_archive_copy","title":"On Regenerating Codes and Proactive Secret Sharing: Relationships and Implications","url":"https://eprint.iacr.org/2022/096.pdf","provenance_category":"archive","media_type":"application/pdf","page_count":19},{"id":"source-paper-57-author-copy","type":"author_hosted_copy","title":"ResearchGate author-uploaded full text","url":"https://www.researchgate.net/publication/356008654_On_Regenerating_Codes_and_Proactive_Secret_Sharing_Relationships_and_Implications","provenance_category":"author"},{"id":"source-paper-57-official","type":"official_publication_record","title":"SSS 2021 publisher record","url":"https://doi.org/10.1007/978-3-030-91081-5_23","provenance_category":"official"},{"id":"source-paper-57-citations","type":"citation_index_snapshot","title":"OpenAlex work W3211377169","url":"https://api.openalex.org/works/W3211377169","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-57-problem","source_id":"source-paper-57-archive-pdf","label":"Motivation, contributions, and claimed relationships","locator":"Abstract and Section 1, PDF pages 1-4","url":"https://eprint.iacr.org/2022/096.pdf#page=1"},{"id":"anchor-paper-57-author-copy","source_id":"source-paper-57-author-copy","label":"Author-uploaded full text","locator":"ResearchGate public full-text record","url":"https://www.researchgate.net/publication/356008654_On_Regenerating_Codes_and_Proactive_Secret_Sharing_Relationships_and_Implications"},{"id":"anchor-paper-57-models","source_id":"source-paper-57-archive-pdf","label":"Reed-Solomon repair, regenerating codes, and PSS definitions","locator":"Sections 2.1-2.3, PDF pages 4-6","url":"https://eprint.iacr.org/2022/096.pdf#page=4"},{"id":"anchor-paper-57-leakage-model","source_id":"source-paper-57-archive-pdf","label":"Full-field and subfield leakage model","locator":"Section 2.4, PDF pages 6-7","url":"https://eprint.iacr.org/2022/096.pdf#page=6"},{"id":"anchor-paper-57-leakage-results","source_id":"source-paper-57-archive-pdf","label":"Static and dynamic leakage attacks","locator":"Section 4 and Propositions 1-2, PDF pages 8-10","url":"https://eprint.iacr.org/2022/096.pdf#page=8"},{"id":"anchor-paper-57-equivalence","source_id":"source-paper-57-archive-pdf","label":"PSS-to-RC and RC-to-PSS translations","locator":"Section 5, Theorems 1-2 and Corollary 1, PDF pages 10-11","url":"https://eprint.iacr.org/2022/096.pdf#page=10"},{"id":"anchor-paper-57-grc","source_id":"source-paper-57-archive-pdf","label":"Generalized-decoding regenerating codes","locator":"Section 6, Definition 10 and Theorem 3, PDF pages 11-14","url":"https://eprint.iacr.org/2022/096.pdf#page=11"},{"id":"anchor-paper-57-conclusion","source_id":"source-paper-57-archive-pdf","label":"Conclusions and open directions","locator":"Section 7, PDF page 14","url":"https://eprint.iacr.org/2022/096.pdf#page=14"},{"id":"anchor-paper-57-proofs","source_id":"source-paper-57-archive-pdf","label":"Repair background and missing proofs","locator":"Appendices A-B, PDF pages 16-19","url":"https://eprint.iacr.org/2022/096.pdf#page=16"},{"id":"anchor-paper-57-publication","source_id":"source-paper-57-official","label":"Official SSS publication identity","locator":"DOI 10.1007/978-3-030-91081-5_23","url":"https://doi.org/10.1007/978-3-030-91081-5_23"},{"id":"anchor-paper-57-citations","source_id":"source-paper-57-citations","label":"Dated citation-count snapshot","locator":"OpenAlex reported 2 citations when accessed 2026-07-11","url":"https://api.openalex.org/works/W3211377169"}],"nodes":[{"id":"paper-57","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"On Regenerating Codes and Proactive Secret Sharing: Relationships and Implications","summary":"A theory paper relating two self-repairing representations, deriving leakage implications and conditional translations, and defining generalized-decoding regenerating codes.","source_anchor_ids":["anchor-paper-57-problem"]},{"id":"paper-57-question","kind":"question","parent_id":"paper-57","order":1,"epistemic_status":"research_question","title":"Research question","summary":"When do PSS recovery and regenerating-code repair represent the same mathematical capability, and what transfers across the two domains?","source_anchor_ids":["anchor-paper-57-problem"]},{"id":"paper-57-answer","kind":"contribution","parent_id":"paper-57","order":2,"epistemic_status":"theorem_supported","title":"Central answer","summary":"Match PSS sharing, reconstruction, recovery, and refresh to coding encode, decode, and repair; under additional linear-MDS conditions the mapping reverses, enabling repair-bandwidth insights and general adversary structures to cross domains.","source_anchor_ids":["anchor-paper-57-equivalence","anchor-paper-57-grc"]},{"id":"paper-57-scope","kind":"scope","parent_id":"paper-57","order":3,"epistemic_status":"defined","title":"Mathematical setting","summary":"The central comparison uses finite-field secret sharing, Shamir-based proactive protocols, Reed-Solomon repair, and regenerating-code parameters for storage per node, contacted helpers, and repair bandwidth.","source_anchor_ids":["anchor-paper-57-models"]},{"id":"paper-57-leakage","kind":"threat_model","parent_id":"paper-57","order":4,"epistemic_status":"defined","title":"Partial leakage across epochs","summary":"Nodes may leak whole field elements or collections of smaller-subfield elements. Static leakage repeats one linear view, while dynamic leakage can change transformations between refresh epochs, including through incomplete erasure of intermediate state.","source_anchor_ids":["anchor-paper-57-leakage-model","anchor-paper-57-leakage-results"]},{"id":"paper-57-claim-static-leakage","kind":"claim","parent_id":"paper-57-leakage","order":1,"epistemic_status":"proved_under_model","title":"Static partial leakage defeats a whole-share threshold","summary":"Proposition 1 quantifies how full-share and subfield leakage reduce the remaining Reed-Solomon repair information needed to reconstruct the secret, even when fewer than the nominal threshold of whole shares leak in an epoch.","source_anchor_ids":["anchor-paper-57-leakage-results","anchor-paper-57-proofs"]},{"id":"paper-57-claim-dynamic-leakage","kind":"claim","parent_id":"paper-57-leakage","order":2,"epistemic_status":"proved_under_strong_model","title":"Dynamic leakage accumulates across epochs","summary":"Proposition 2 gives an efficient adversary that gathers enough subfield information across epochs to reconstruct the secret when leakage functions vary and affected nodes store nonzero values; the paper labels this a strong but plausible implementation model.","source_anchor_ids":["anchor-paper-57-leakage-results","anchor-paper-57-proofs"]},{"id":"paper-57-equivalence","kind":"claim_group","parent_id":"paper-57","order":5,"epistemic_status":"proved_with_conditions","title":"Conditional PSS-RC correspondence","summary":"Two theorems preserve storage and repair parameters across translations, but the reverse direction requires a linear MDS regenerating code and the baseline forward encoding has a low rate unless linearity or batching is exploited.","source_anchor_ids":["anchor-paper-57-equivalence"]},{"id":"paper-57-equivalence-forward","kind":"claim","parent_id":"paper-57-equivalence","order":1,"epistemic_status":"proved","title":"PSS implies an erasure regenerating code","summary":"A (t,n) PSS storing alpha bits per node and recovering through d helpers sending beta bits yields an erasure regenerating code with n nodes, reconstruction dimension t plus 1, and the same storage and repair parameters.","source_anchor_ids":["anchor-paper-57-equivalence","anchor-paper-57-proofs"]},{"id":"paper-57-equivalence-reverse","kind":"claim","parent_id":"paper-57-equivalence","order":2,"epistemic_status":"proved_with_conditions","title":"Linear MDS RC implies PSS","summary":"Every specified linear MDS regenerating code with n plus 1 nodes and dimension k plus 1 yields a (k,n) PSS whose recovery contacts the same d helpers for beta bits each.","source_anchor_ids":["anchor-paper-57-equivalence","anchor-paper-57-proofs"]},{"id":"paper-57-recovery","kind":"analytical_result","parent_id":"paper-57","order":6,"epistemic_status":"corollary","title":"Subfield-based Shamir recovery","summary":"Combining the reverse translation with Guruswami-Wootters repair yields an alternative Shamir recovery that contacts n minus 1 nodes and receives smaller-subfield symbols, under the corollary's field-degree conditions and without leakage.","source_anchor_ids":["anchor-paper-57-equivalence"]},{"id":"paper-57-grc","kind":"definition","parent_id":"paper-57","order":7,"epistemic_status":"introduced","title":"Generalized-decoding regenerating code","summary":"GRC replaces one uniform threshold with monotone decoding sets and allowed error patterns, requiring Decode to correct every permitted error set and every erasure pattern leaving some decoding set intact.","source_anchor_ids":["anchor-paper-57-grc"]},{"id":"paper-57-claim-grc","kind":"claim","parent_id":"paper-57-grc","order":1,"epistemic_status":"existence_theorem","title":"Linear GRC existence for Q2 error structures","summary":"Theorem 3 maps a Q2 general adversary structure into a linear GRC over a finite field, while explicitly leaving parameter optimization and achievable rates open.","source_anchor_ids":["anchor-paper-57-grc"]},{"id":"paper-57-evidence","kind":"evidence_group","parent_id":"paper-57","order":8,"epistemic_status":"proof_documented","title":"Formal evidence","summary":"Definitions, propositions, parameter-preserving reductions, an existence theorem, and appendical proofs support the analysis. There is no prototype, benchmark, or deployed storage-system evaluation.","source_anchor_ids":["anchor-paper-57-equivalence","anchor-paper-57-grc","anchor-paper-57-proofs"]},{"id":"paper-57-boundaries","kind":"limitation_group","parent_id":"paper-57","order":9,"epistemic_status":"material","title":"Boundaries and open problems","summary":"The equivalence is conditional, the basic PSS-to-RC rate can be only 1/n, the dynamic leakage attack uses a strong model, and GRC is an unoptimized existence result. Efficient GRCs, generalized repair sets, dynamic groups, and verifiable RC remain future work.","source_anchor_ids":["anchor-paper-57-leakage-results","anchor-paper-57-equivalence","anchor-paper-57-grc","anchor-paper-57-conclusion"]},{"id":"paper-57-resources","kind":"artifact_group","parent_id":"paper-57","order":10,"epistemic_status":"full_text_available","title":"Publication resources","summary":"Archive and author-uploaded full texts expose the proofs, and the DOI identifies the SSS chapter. No code or data artifact is claimed.","source_anchor_ids":["anchor-paper-57-problem","anchor-paper-57-publication"]},{"id":"paper-57-scrutiny","kind":"scrutiny","parent_id":"paper-57","order":11,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The work appeared at SSS 2021. Public review reports and independent theorem checking are not represented.","source_anchor_ids":["anchor-paper-57-publication"]},{"id":"paper-57-lineage","kind":"lineage","parent_id":"paper-57","order":12,"epistemic_status":"documented","title":"Bridge between cryptography and coding theory","summary":"The paper imports repair-bandwidth methods into proactive sharing and exports general adversary structures into regenerating codes, framing a bidirectional research program rather than a deployed system.","source_anchor_ids":["anchor-paper-57-problem","anchor-paper-57-conclusion"]}],"relations":[{"id":"paper-57-relation-answer-question","type":"addresses","from_id":"paper-57-answer","to_id":"paper-57-question"},{"id":"paper-57-relation-forward-equivalence","type":"component_of","from_id":"paper-57-equivalence-forward","to_id":"paper-57-equivalence"},{"id":"paper-57-relation-reverse-equivalence","type":"component_of","from_id":"paper-57-equivalence-reverse","to_id":"paper-57-equivalence"},{"id":"paper-57-relation-equivalence-answer","type":"supports","from_id":"paper-57-equivalence","to_id":"paper-57-answer"},{"id":"paper-57-relation-equivalence-recovery","type":"enables","from_id":"paper-57-equivalence","to_id":"paper-57-recovery"},{"id":"paper-57-relation-equivalence-grc","type":"motivates","from_id":"paper-57-equivalence","to_id":"paper-57-grc"},{"id":"paper-57-relation-evidence-equivalence","type":"supports","from_id":"paper-57-evidence","to_id":"paper-57-equivalence"},{"id":"paper-57-relation-leakage-recovery","type":"qualifies","from_id":"paper-57-leakage","to_id":"paper-57-recovery"},{"id":"paper-57-relation-boundaries-answer","type":"qualifies","from_id":"paper-57-boundaries","to_id":"paper-57-answer"}],"assessment":{"id":"paper-57-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The source gives precise models, parameterized propositions, two conditional translation theorems, a new definition, an existence theorem, and proofs, while clearly marking strong assumptions and open optimization questions.","basis_source_anchor_ids":["anchor-paper-57-leakage-results","anchor-paper-57-equivalence","anchor-paper-57-grc","anchor-paper-57-proofs"]},{"id":"auditability","level":"high","rationale":"Complete archive and author-uploaded copies expose the full argument, and the DOI fixes the publication identity. Archive anti-bot controls prevented a local hash in this pass.","basis_source_anchor_ids":["anchor-paper-57-author-copy","anchor-paper-57-publication"]},{"id":"production_provenance","level":"medium","rationale":"Authors, venue, DOI, archive, and author copy are documented; revision history, contributor roles, and tooling are not.","basis_source_anchor_ids":["anchor-paper-57-publication","anchor-paper-57-problem"]},{"id":"external_scrutiny","level":"medium","rationale":"SSS publication establishes venue review, but public reports or independent formal checking are unavailable.","basis_source_anchor_ids":["anchor-paper-57-publication"]},{"id":"reception","level":"low","rationale":"The dated exact-DOI OpenAlex record located 2 citations. Under the author-defined rule, 0 through 8 located citations is Low; counts vary across indexes and dates.","basis_source_anchor_ids":["anchor-paper-57-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The paper opens a useful cross-domain correspondence and a generalized coding notion, but the low-rate and unoptimized existence boundaries mean broader impact should be assessed separately.","basis_source_anchor_ids":["anchor-paper-57-problem","anchor-paper-57-conclusion"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex exact DOI lookup","citation_count":2,"source_url":"https://api.openalex.org/works/W3211377169","signals":["The exact DOI-matched OpenAlex work reported two citing works."],"limitation":"Citation counts are index- and date-dependent and may handle the later-dated ePrint separately from the 2021 proceedings chapter."}},"paper_58":{"schema_version":"0.1","map_id":"paper-58-map","publication_id":58,"publication_anchor":"paper-58","slug":"paper-58","canonical_path":"/knowledge/papers/paper-58/","machine_path":"/knowledge/papers/paper-58.json","root_node_id":"paper-58","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol","algorithm"],"title":"Machine-Checked ZKP for NP Relations: Formally Verified Security Proofs and Implementations of MPC-in-the-Head","year":2021,"status":"Published","venue":"28th ACM Conference on Computer and Communications Security (CCS)","topic":"secure-encrypted-computation","labels":["Theory","Applied"],"authors":["José Carlos Bacelar Almeida","Manuel Barbosa","Manuel L. Correia","Karim Eldefrawy","Stéphane Graham-Lengrand","Hugo Pacheco","Vitor Pereira"],"keywords":["zero knowledge","MPC-in-the-head","EasyCrypt","formal verification"],"research_question":"Can the generic MPC-in-the-Head transformation for NP zero-knowledge relations be specified and proved modularly in a proof assistant, then extracted into an executable verified implementation?","central_answer":"The paper formalizes MitH in EasyCrypt with abstract interfaces for secret sharing, MPC, commitments, and zero knowledge; proves completeness, soundness, and zero knowledge; instantiates the framework with five-party BGW and two commitment choices; and extracts benchmarkable OCaml code.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, formal-development mapping, and initial assessment"}],"method":"Complete review of the 29-page arXiv manuscript, including the EasyCrypt interfaces and proof claims, concrete instantiation, extraction paths, benchmarks, appendix, and visual inspection of title and formal-code pages. Machine checking is attributed only to the represented EasyCrypt development; this audit did not rerun it.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author verification. Formal-property wording, implementation boundaries, and benchmark transcription should be checked."}},"sources":[{"id":"source-paper-58-archive-pdf","type":"public_archive_copy","title":"Machine-checked ZKP for NP-relations: Formally Verified Security Proofs and Implementations of MPC-in-the-Head","url":"/pubs/2021/machine-checked-zkp-mpc-in-the-head.pdf","provenance_category":"archive","retrieved_from":"https://arxiv.org/pdf/2104.05516","media_type":"application/pdf","sha256":"ff902956233cac0529a5c1283fcb83fde1c7be887aa32e0ef41a0dda8ef62d78","page_count":29},{"id":"source-paper-58-official","type":"official_publication_record","title":"ACM CCS 2021 publication record","url":"https://doi.org/10.1145/3460120.3484771","provenance_category":"official"},{"id":"source-paper-58-eprint","type":"public_archive_record","title":"IACR ePrint 2021/1149","url":"https://eprint.iacr.org/2021/1149","provenance_category":"archive"},{"id":"source-paper-58-code","type":"source_code_repository","title":"High Assurance Zero Knowledge development","url":"https://github.com/SRI-CSL/high-assurance-crypto/tree/main/high-assurance-zk","provenance_category":"artifact"},{"id":"source-paper-58-citations","type":"citation_index_snapshot","title":"OpenAlex work W3155472145","url":"https://api.openalex.org/works/W3155472145","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-58-problem","source_id":"source-paper-58-archive-pdf","label":"MitH motivation and contributions","locator":"Abstract and Section 1, PDF pages 1-4","url":"/pubs/2021/machine-checked-zkp-mpc-in-the-head.pdf#page=1"},{"id":"anchor-paper-58-preliminaries","source_id":"source-paper-58-archive-pdf","label":"Cryptographic definitions and EasyCrypt background","locator":"Section 3, PDF pages 5-8","url":"/pubs/2021/machine-checked-zkp-mpc-in-the-head.pdf#page=5"},{"id":"anchor-paper-58-zk","source_id":"source-paper-58-archive-pdf","label":"ZK syntax, completeness, soundness, and simulation","locator":"Section 4.1, PDF pages 9-12","url":"/pubs/2021/machine-checked-zkp-mpc-in-the-head.pdf#page=9"},{"id":"anchor-paper-58-mpc","source_id":"source-paper-58-archive-pdf","label":"Abstract MPC syntax and privacy","locator":"Section 4.2, PDF pages 12-14","url":"/pubs/2021/machine-checked-zkp-mpc-in-the-head.pdf#page=12"},{"id":"anchor-paper-58-transformation","source_id":"source-paper-58-archive-pdf","label":"Formal MitH transformation and security arguments","locator":"Sections 4.3-4.4, PDF pages 14-20","url":"/pubs/2021/machine-checked-zkp-mpc-in-the-head.pdf#page=14"},{"id":"anchor-paper-58-instantiation","source_id":"source-paper-58-archive-pdf","label":"Five-party BGW arithmetic-circuit instantiation","locator":"Section 5.1, PDF pages 20-23","url":"/pubs/2021/machine-checked-zkp-mpc-in-the-head.pdf#page=20"},{"id":"anchor-paper-58-commitment","source_id":"source-paper-58-archive-pdf","label":"PRF-based commitment proof","locator":"Section 5.2, PDF pages 23-25","url":"/pubs/2021/machine-checked-zkp-mpc-in-the-head.pdf#page=23"},{"id":"anchor-paper-58-extraction","source_id":"source-paper-58-archive-pdf","label":"Verified code extraction paths","locator":"Section 5.3, PDF page 25","url":"/pubs/2021/machine-checked-zkp-mpc-in-the-head.pdf#page=25"},{"id":"anchor-paper-58-benchmarks","source_id":"source-paper-58-archive-pdf","label":"Preliminary performance results","locator":"Section 5.4 and Table 1, PDF pages 25-26","url":"/pubs/2021/machine-checked-zkp-mpc-in-the-head.pdf#page=25"},{"id":"anchor-paper-58-boundaries","source_id":"source-paper-58-archive-pdf","label":"Instantiation and evaluation boundaries","locator":"Sections 1 and 5, PDF pages 3-4 and 20-26","url":"/pubs/2021/machine-checked-zkp-mpc-in-the-head.pdf#page=3"},{"id":"anchor-paper-58-code","source_id":"source-paper-58-code","label":"Public EasyCrypt and extracted-code repository","locator":"Repository path cited in Section 1; not rebuilt during this audit","url":"https://github.com/SRI-CSL/high-assurance-crypto/tree/main/high-assurance-zk"},{"id":"anchor-paper-58-publication","source_id":"source-paper-58-official","label":"Official ACM CCS publication identity","locator":"DOI 10.1145/3460120.3484771","url":"https://doi.org/10.1145/3460120.3484771"},{"id":"anchor-paper-58-citations","source_id":"source-paper-58-citations","label":"Dated citation-count snapshot","locator":"OpenAlex reported 1 citation when accessed 2026-07-11","url":"https://api.openalex.org/works/W3155472145"}],"nodes":[{"id":"paper-58","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Machine-Checked ZKP for NP Relations","summary":"A modular EasyCrypt formalization of MPC-in-the-Head, with machine-checked security arguments, concrete five-party arithmetic-circuit instantiation, and extracted executable code.","source_anchor_ids":["anchor-paper-58-problem"]},{"id":"paper-58-question","kind":"question","parent_id":"paper-58","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can generic MitH proofs and their implementations be connected end to end through machine-checked definitions, modular components, and code extraction?","source_anchor_ids":["anchor-paper-58-problem"]},{"id":"paper-58-answer","kind":"contribution","parent_id":"paper-58","order":2,"epistemic_status":"machine_checked_and_extracted","title":"Central answer","summary":"Specify each cryptographic layer as an EasyCrypt interface, prove the generic transformation once, instantiate its assumptions with verified components, and extract the resulting concrete protocol into OCaml.","source_anchor_ids":["anchor-paper-58-transformation","anchor-paper-58-instantiation","anchor-paper-58-extraction"]},{"id":"paper-58-scope","kind":"scope","parent_id":"paper-58","order":3,"epistemic_status":"explicitly_scoped","title":"Concrete instantiation","summary":"The represented executable uses Shamir sharing and five-party BGW arithmetic-circuit evaluation tolerating two semi-honest corruptions; the abstract framework permits other components, but those alternatives are not all verified here.","source_anchor_ids":["anchor-paper-58-problem","anchor-paper-58-instantiation"]},{"id":"paper-58-protocol","kind":"protocol","parent_id":"paper-58","order":4,"epistemic_status":"formally_specified","title":"Commit-challenge-response MitH","summary":"The prover emulates an MPC evaluation on shared witness data, commits to party views, opens a verifier-selected subset, and is accepted when the views are pairwise consistent and produce an accepting circuit result.","source_anchor_ids":["anchor-paper-58-zk","anchor-paper-58-transformation"]},{"id":"paper-58-framework","kind":"method","parent_id":"paper-58","order":5,"epistemic_status":"machine_checked","title":"Modular EasyCrypt framework","summary":"Abstract theories define ZK protocols, relations, secret sharing, MPC circuits, party views, commitments, adversaries, simulators, and games; concrete clones discharge the interfaces and inherit the generic result.","source_anchor_ids":["anchor-paper-58-preliminaries","anchor-paper-58-zk","anchor-paper-58-mpc"]},{"id":"paper-58-claims","kind":"claim_group","parent_id":"paper-58","order":6,"epistemic_status":"machine_checked","title":"Verified security properties","summary":"The development proves perfect completeness, concrete single-execution soundness and zero-knowledge bounds, and repetition meta-arguments in EasyCrypt rather than idealizing the commitment layer away.","source_anchor_ids":["anchor-paper-58-zk","anchor-paper-58-transformation"]},{"id":"paper-58-claim-completeness","kind":"claim","parent_id":"paper-58-claims","order":1,"epistemic_status":"machine_checked","title":"Perfect completeness","summary":"For a valid witness-statement pair and honest randomness, the formal protocol's verifier accepts with probability one.","source_anchor_ids":["anchor-paper-58-zk","anchor-paper-58-transformation"]},{"id":"paper-58-claim-soundness-zk","kind":"claim","parent_id":"paper-58-claims","order":2,"epistemic_status":"machine_checked_under_component_assumptions","title":"Soundness and zero knowledge","summary":"Soundness follows from MPC correctness and commitment binding, while simulation-based zero knowledge follows from privacy of the opened MPC views and commitment hiding; repetition reduces the one-shot error under the formalized meta-argument.","source_anchor_ids":["anchor-paper-58-zk","anchor-paper-58-transformation"]},{"id":"paper-58-components","kind":"method","parent_id":"paper-58","order":7,"epistemic_status":"concretely_instantiated","title":"Verified arithmetic-circuit components","summary":"The concrete stack fixes five BGW parties, Shamir sharing, addition, multiplication, scalar multiplication, and refresh gates over a finite field, and proves circuit correctness and two-view privacy compositionally.","source_anchor_ids":["anchor-paper-58-instantiation"]},{"id":"paper-58-commitments","kind":"algorithm","parent_id":"paper-58-components","order":1,"epistemic_status":"machine_checked","title":"Pedersen and PRF commitment choices","summary":"One path reuses Pedersen commitments; a faster path commits to a whole serialized view with a collision-resistant PRF instantiated by HMAC/SHA-256, with EasyCrypt reductions for binding and hiding.","source_anchor_ids":["anchor-paper-58-commitment"]},{"id":"paper-58-extraction","kind":"artifact_group","parent_id":"paper-58","order":8,"epistemic_status":"verified_code_extracted","title":"Executable extraction","summary":"An EasyCrypt extraction tool produces OCaml from concrete specifications. The efficient path manually preserves the modular scaffold while automatically extracting concrete components, a boundary distinct from fully automatic end-to-end module extraction.","source_anchor_ids":["anchor-paper-58-extraction","anchor-paper-58-code"]},{"id":"paper-58-benchmarks","kind":"evidence","parent_id":"paper-58","order":9,"epistemic_status":"preliminary_measurement","title":"Preliminary benchmark evidence","summary":"Small arithmetic circuits are benchmarked on a 2016 dual-core MacBook Pro. The SHA-256 commitment path substantially reduces commit and verify time relative to Pedersen in the reported examples, but the experiments are not application-scale.","source_anchor_ids":["anchor-paper-58-benchmarks"]},{"id":"paper-58-boundaries","kind":"limitation_group","parent_id":"paper-58","order":10,"epistemic_status":"material","title":"Boundaries","summary":"The concrete protocol fixes five parties and passive two-party corruption, evaluates arithmetic circuits represented as less-efficient trees, benchmarks only tiny circuits, and leaves actively secure or highly optimized MitH families and low-level optimized arithmetic to future work.","source_anchor_ids":["anchor-paper-58-problem","anchor-paper-58-instantiation","anchor-paper-58-benchmarks","anchor-paper-58-boundaries"]},{"id":"paper-58-resources","kind":"artifact_group","parent_id":"paper-58","order":11,"epistemic_status":"publicly_available","title":"Auditable paper and development","summary":"The complete checked-in arXiv source has fixity metadata, the IACR ePrint and ACM DOI establish version identities, and the linked repository exposes formalization and extracted code. This audit did not rerun EasyCrypt or benchmarks.","source_anchor_ids":["anchor-paper-58-code","anchor-paper-58-publication"]},{"id":"paper-58-scrutiny","kind":"scrutiny","parent_id":"paper-58","order":12,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The work appeared at ACM CCS 2021 and makes its formal development public. Review reports and independent reproduction are not linked.","source_anchor_ids":["anchor-paper-58-publication","anchor-paper-58-code"]},{"id":"paper-58-lineage","kind":"lineage","parent_id":"paper-58","order":13,"epistemic_status":"documented","title":"Builds on verified MPC extraction","summary":"The work reuses the earlier high-assurance BGW development and extraction mechanism, then lifts them through a generic MitH transformation to verified zero-knowledge protocols.","source_anchor_ids":["anchor-paper-58-problem","anchor-paper-58-instantiation"]}],"relations":[{"id":"paper-58-relation-answer-question","type":"addresses","from_id":"paper-58-answer","to_id":"paper-58-question"},{"id":"paper-58-relation-framework-answer","type":"realizes","from_id":"paper-58-framework","to_id":"paper-58-answer"},{"id":"paper-58-relation-protocol-framework","type":"instantiated_by","from_id":"paper-58-protocol","to_id":"paper-58-framework"},{"id":"paper-58-relation-components-protocol","type":"instantiates","from_id":"paper-58-components","to_id":"paper-58-protocol"},{"id":"paper-58-relation-commitments-components","type":"component_of","from_id":"paper-58-commitments","to_id":"paper-58-components"},{"id":"paper-58-relation-claims-protocol","type":"supports","from_id":"paper-58-claims","to_id":"paper-58-protocol"},{"id":"paper-58-relation-extraction-answer","type":"realizes","from_id":"paper-58-extraction","to_id":"paper-58-answer"},{"id":"paper-58-relation-benchmarks-extraction","type":"evaluates","from_id":"paper-58-benchmarks","to_id":"paper-58-extraction"},{"id":"paper-58-relation-boundaries-claims","type":"qualifies","from_id":"paper-58-boundaries","to_id":"paper-58-claims"}],"assessment":{"id":"paper-58-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The paper links formal definitions, machine-checked proofs, concrete verified components, executable extraction, public code, and preliminary measurements, while stating the concrete instantiation's limits.","basis_source_anchor_ids":["anchor-paper-58-transformation","anchor-paper-58-instantiation","anchor-paper-58-extraction","anchor-paper-58-benchmarks"]},{"id":"auditability","level":"high","rationale":"A checked-in full manuscript with page count and SHA-256, archive and DOI identities, and a public formal-development repository make the evidence directly inspectable.","basis_source_anchor_ids":["anchor-paper-58-problem","anchor-paper-58-code","anchor-paper-58-publication"]},{"id":"production_provenance","level":"medium","rationale":"Authors, venue, archive versions, repository, toolchain, and benchmark machine are documented, but exact commit-to-paper correspondence and contributor roles are not fully captured.","basis_source_anchor_ids":["anchor-paper-58-code","anchor-paper-58-publication","anchor-paper-58-benchmarks"]},{"id":"external_scrutiny","level":"medium","rationale":"ACM CCS publication and public source provide external exposure, but review reports and an independent rerun are not represented.","basis_source_anchor_ids":["anchor-paper-58-publication","anchor-paper-58-code"]},{"id":"reception","level":"low","rationale":"The dated exact-DOI OpenAlex record located 1 citation. Under the author-defined rule, 0 through 8 located citations is Low; counts vary by index and date.","basis_source_anchor_ids":["anchor-paper-58-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The source claims the first end-to-end machine-checked MitH development for general NP relations, but independent priority and broad downstream uptake are not established by this map.","basis_source_anchor_ids":["anchor-paper-58-problem","anchor-paper-58-boundaries"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex exact DOI lookup","citation_count":1,"source_url":"https://api.openalex.org/works/W3155472145","signals":["The exact DOI-matched OpenAlex work reported one citing work."],"limitation":"Citation indexes may merge or split arXiv, IACR ePrint, and ACM versions differently."}},"paper_59":{"schema_version":"0.1","map_id":"paper-59-map","publication_id":59,"publication_anchor":"paper-59","slug":"paper-59","canonical_path":"/knowledge/papers/paper-59/","machine_path":"/knowledge/papers/paper-59.json","root_node_id":"paper-59","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["algorithm"],"title":"F1: A Fast and Programmable Accelerator for Fully Homomorphic Encryption (Extended Version)","short_title":"F1","year":2021,"status":"Extended version of the MICRO 2021 paper","venue":"54th IEEE/ACM International Symposium on Microarchitecture (MICRO)","topic":"secure-encrypted-computation","labels":["Applied"],"authors":["Axel Feldmann","Nikola Samardzic","Aleksandar Krastev","Srini Devadas","Ronald G. Dreslinski","Karim Eldefrawy","Nicholas Genise","Chris Peikert","Daniel Sánchez"],"keywords":["fully homomorphic encryption","hardware acceleration","compiler scheduling","vector architecture"],"research_question":"Can one programmable hardware architecture accelerate complete fully homomorphic encryption programs, rather than isolated cryptographic kernels, enough to offset most software overhead?","central_answer":"F1 combines wide FHE-specific vector units, static compiler scheduling, and an explicitly managed memory hierarchy designed around data movement. RTL synthesis and cycle-accurate simulation across seven full workloads report a 5,432-fold geometric-mean speedup over a multicore CPU, with important simulation, scheme-support, and control-flow boundaries.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, architecture-and-evaluation mapping, and initial assessment"}],"method":"Complete review of the 15-page arXiv extended version, including FHE model, architecture, compiler, RTL methodology, workloads, performance tables, sensitivity studies, functional simulator, and visual inspection of title and evaluation pages. All performance results are labeled as synthesis or simulation rather than measurements from fabricated silicon.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author verification. Hardware parameters, benchmark values, and version lineage should be checked before approval."}},"sources":[{"id":"source-paper-59-archive-pdf","type":"public_archive_copy","title":"F1: A Fast and Programmable Accelerator for Fully Homomorphic Encryption (Extended Version)","url":"/pubs/2021/f1-fhe-accelerator-extended.pdf","provenance_category":"archive","retrieved_from":"https://arxiv.org/pdf/2109.05371","media_type":"application/pdf","sha256":"b637400c0a5ee59a593a588cf151521708152613e299b9f4a625848a5a5f2f4b","page_count":15},{"id":"source-paper-59-official","type":"related_official_publication_record","title":"MICRO 2021 conference version","url":"https://doi.org/10.1145/3466752.3480070","provenance_category":"official"},{"id":"source-paper-59-citations","type":"citation_index_snapshot","title":"OpenAlex work W3207326900","url":"https://api.openalex.org/works/W3207326900","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-59-problem","source_id":"source-paper-59-archive-pdf","label":"Problem, architecture thesis, and headline results","locator":"Abstract and Section 1, PDF pages 1-2","url":"/pubs/2021/f1-fhe-accelerator-extended.pdf#page=1"},{"id":"anchor-paper-59-fhe-model","source_id":"source-paper-59-archive-pdf","label":"FHE programming model, operations, and security parameters","locator":"Section 2, PDF pages 2-4","url":"/pubs/2021/f1-fhe-accelerator-extended.pdf#page=2"},{"id":"anchor-paper-59-architecture","source_id":"source-paper-59-archive-pdf","label":"Vector architecture and managed hierarchy","locator":"Section 3, PDF pages 4-5","url":"/pubs/2021/f1-fhe-accelerator-extended.pdf#page=4"},{"id":"anchor-paper-59-compiler","source_id":"source-paper-59-archive-pdf","label":"Dataflow translation and static scheduling compiler","locator":"Section 4, PDF pages 5-7","url":"/pubs/2021/f1-fhe-accelerator-extended.pdf#page=5"},{"id":"anchor-paper-59-units","source_id":"source-paper-59-archive-pdf","label":"Automorphism and four-step NTT units","locator":"Section 5, PDF pages 7-9","url":"/pubs/2021/f1-fhe-accelerator-extended.pdf#page=7"},{"id":"anchor-paper-59-rtl","source_id":"source-paper-59-archive-pdf","label":"RTL synthesis, area, frequency, and power model","locator":"Section 6 and Table 2, PDF pages 9-10","url":"/pubs/2021/f1-fhe-accelerator-extended.pdf#page=9"},{"id":"anchor-paper-59-methodology","source_id":"source-paper-59-archive-pdf","label":"Cycle-accurate methodology, workloads, and baselines","locator":"Section 7, PDF pages 10-11","url":"/pubs/2021/f1-fhe-accelerator-extended.pdf#page=10"},{"id":"anchor-paper-59-performance","source_id":"source-paper-59-archive-pdf","label":"Full-program and microbenchmark performance","locator":"Section 8.1 and Tables 3-4, PDF pages 11-12","url":"/pubs/2021/f1-fhe-accelerator-extended.pdf#page=11"},{"id":"anchor-paper-59-analysis","source_id":"source-paper-59-archive-pdf","label":"Data movement, sensitivity, scalability, and functional simulation","locator":"Sections 8.2-8.5, PDF pages 12-13","url":"/pubs/2021/f1-fhe-accelerator-extended.pdf#page=12"},{"id":"anchor-paper-59-boundaries","source_id":"source-paper-59-archive-pdf","label":"Scheme, branching, and evidence boundaries","locator":"Sections 1, 2.1, 2.5, 6-8, PDF pages 1-4 and 9-13","url":"/pubs/2021/f1-fhe-accelerator-extended.pdf#page=1"},{"id":"anchor-paper-59-publication","source_id":"source-paper-59-official","label":"Related MICRO publication identity","locator":"DOI 10.1145/3466752.3480070; this map represents the distinct arXiv extended version","url":"https://doi.org/10.1145/3466752.3480070"},{"id":"anchor-paper-59-citations","source_id":"source-paper-59-citations","label":"Dated citation-count snapshot","locator":"OpenAlex reported 262 citations for the DOI-identified MICRO work when accessed 2026-07-11","url":"https://api.openalex.org/works/W3207326900"}],"nodes":[{"id":"paper-59","kind":"paper","parent_id":null,"order":1,"epistemic_status":"extended_version","title":"F1: A Fast and Programmable Accelerator for Fully Homomorphic Encryption","summary":"A synthesized programmable FHE accelerator and scheduling compiler evaluated by cycle-accurate simulation on complete encrypted workloads.","source_anchor_ids":["anchor-paper-59-problem"]},{"id":"paper-59-question","kind":"question","parent_id":"paper-59","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can architecture and compiler co-design accelerate complete parameter-diverse FHE dataflow graphs while keeping their massive data movement manageable?","source_anchor_ids":["anchor-paper-59-problem"]},{"id":"paper-59-answer","kind":"contribution","parent_id":"paper-59","order":2,"epistemic_status":"simulated_and_synthesized","title":"Central answer","summary":"Specialize high-throughput vector units to FHE primitives, expose all data movement to a static compiler, and prioritize reuse through scratchpads and distributed register files rather than relying on a host for unsupported operations.","source_anchor_ids":["anchor-paper-59-architecture","anchor-paper-59-compiler","anchor-paper-59-units"]},{"id":"paper-59-scope","kind":"scope","parent_id":"paper-59","order":3,"epistemic_status":"explicitly_scoped","title":"FHE workload model","summary":"FHE programs are known-ahead-of-time dataflow DAGs over large encrypted vectors. F1 supports the common ciphertext operations needed by BGV, GSW, and CKKS; data-dependent branching is unavailable and B/FV is not directly supported by this design.","source_anchor_ids":["anchor-paper-59-fhe-model","anchor-paper-59-boundaries"]},{"id":"paper-59-architecture-node","kind":"system","parent_id":"paper-59","order":4,"epistemic_status":"rtl_implemented","title":"F1 architecture","summary":"Sixteen compute clusters combine NTT, automorphism, modular multiply and add units with local registers, a banked 64 MB scratchpad, three crossbar networks, and dual HBM2 interfaces.","source_anchor_ids":["anchor-paper-59-architecture","anchor-paper-59-units","anchor-paper-59-rtl"]},{"id":"paper-59-architecture-vector","kind":"mechanism","parent_id":"paper-59-architecture-node","order":1,"epistemic_status":"rtl_implemented","title":"FHE-specific wide-vector units","summary":"Dedicated four-step NTT and automorphism pipelines handle the structured permutations that do not map well to ordinary element-wise SIMD, while modular units provide high arithmetic throughput.","source_anchor_ids":["anchor-paper-59-units"]},{"id":"paper-59-architecture-memory","kind":"mechanism","parent_id":"paper-59-architecture-node","order":2,"epistemic_status":"rtl_implemented","title":"Data-movement-first hierarchy","summary":"Explicit register files and scratchpad storage, decoupled loads, and high-throughput interconnects are designed to reuse key-switch hints and ciphertexts and hide off-chip latency.","source_anchor_ids":["anchor-paper-59-architecture","anchor-paper-59-analysis"]},{"id":"paper-59-compiler","kind":"algorithm","parent_id":"paper-59","order":5,"epistemic_status":"implemented","title":"Static scheduling compiler","summary":"The compiler lowers homomorphic operations to primitive dataflows, chooses operation variants, assigns compute and storage, schedules transfers far ahead of use, and emits cycle-level instructions with fixed component latencies.","source_anchor_ids":["anchor-paper-59-compiler"]},{"id":"paper-59-implementation","kind":"evidence_group","parent_id":"paper-59","order":6,"epistemic_status":"rtl_synthesized","title":"Implementation evidence","summary":"Components are implemented in RTL and synthesized in a commercial 14/12 nm flow. The modeled 151.4 square millimeter design runs most logic at 1 GHz, double-pumps SRAM at 2 GHz, and has a reported 180.4 W thermal design power.","source_anchor_ids":["anchor-paper-59-rtl"]},{"id":"paper-59-evaluation","kind":"evidence_group","parent_id":"paper-59","order":7,"epistemic_status":"cycle_accurate_simulation","title":"Evaluation design","summary":"A cycle-accurate simulator and RTL-derived activity energies evaluate logistic regression, two LoLa networks with weight variants, encrypted database lookup, and BGV and CKKS bootstrapping against a four-core Xeon baseline; HEAX is used for operation-level comparison.","source_anchor_ids":["anchor-paper-59-methodology"]},{"id":"paper-59-claim-speedup","kind":"claim","parent_id":"paper-59-evaluation","order":1,"epistemic_status":"simulated_measurement","title":"5,432-fold geometric-mean full-program speedup","summary":"Across seven workloads the reported speedups range from 1,195-fold to 17,412-fold over the CPU, with LoLa-CIFAR falling from about 20 minutes to 241 ms in the model.","source_anchor_ids":["anchor-paper-59-performance"]},{"id":"paper-59-claim-prior-accelerator","kind":"claim","parent_id":"paper-59-evaluation","order":2,"epistemic_status":"simulated_microbenchmark","title":"Operation-level speedups over HEAX extension","summary":"NTT, automorphism, homomorphic multiplication, and permutation microbenchmarks report roughly 172-fold to 1,866-fold speedups over an augmented HEAX design across selected parameter sets.","source_anchor_ids":["anchor-paper-59-performance"]},{"id":"paper-59-evidence-analysis","kind":"evidence","parent_id":"paper-59-evaluation","order":3,"epistemic_status":"sensitivity_study","title":"Data movement and ablation analysis","summary":"Traffic breakdowns show key-switch hints dominate high-depth workloads, while alternate low-throughput units and a generic capacity-aware scheduler substantially slow the design, supporting the paper's co-design rationale.","source_anchor_ids":["anchor-paper-59-analysis"]},{"id":"paper-59-functional","kind":"artifact","parent_id":"paper-59","order":8,"epistemic_status":"internal_simulator_described","title":"Functional simulator","summary":"A C++ simulator built on NTL checks FHE-level input-output behavior and produces dataflow graphs for supported parameter ranges, but its internal algorithms are not the same as the RTL functional units.","source_anchor_ids":["anchor-paper-59-analysis"]},{"id":"paper-59-boundaries","kind":"limitation_group","parent_id":"paper-59","order":9,"epistemic_status":"material","title":"Boundaries","summary":"Results come from RTL synthesis and cycle-accurate simulation, not fabricated silicon; the architecture assumes static branch-free FHE DAGs, omits direct B/FV support, compares to a particular CPU and augmented prior accelerator, and does not expose a reproduction artifact in this map.","source_anchor_ids":["anchor-paper-59-fhe-model","anchor-paper-59-methodology","anchor-paper-59-boundaries"]},{"id":"paper-59-resources","kind":"artifact_group","parent_id":"paper-59","order":10,"epistemic_status":"source_available","title":"Versioned paper resources","summary":"The complete extended version is checked in with fixity metadata. The DOI identifies the related, distinct MICRO conference version; this map does not treat the two author lists or texts as byte-identical.","source_anchor_ids":["anchor-paper-59-problem","anchor-paper-59-publication"]},{"id":"paper-59-scrutiny","kind":"scrutiny","parent_id":"paper-59","order":11,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The related F1 paper appeared at MICRO 2021 and the extended manuscript exposes more detail. Review reports and independent hardware reproduction are not linked.","source_anchor_ids":["anchor-paper-59-publication"]},{"id":"paper-59-lineage","kind":"lineage","parent_id":"paper-59","order":12,"epistemic_status":"documented","title":"From kernel accelerators to complete programs","summary":"F1 positions itself against host-assisted accelerators for isolated FHE operations by supporting all operations of complete selected programs in one compiler-controlled architecture.","source_anchor_ids":["anchor-paper-59-problem","anchor-paper-59-performance"]}],"relations":[{"id":"paper-59-relation-answer-question","type":"addresses","from_id":"paper-59-answer","to_id":"paper-59-question"},{"id":"paper-59-relation-vector-architecture","type":"component_of","from_id":"paper-59-architecture-vector","to_id":"paper-59-architecture-node"},{"id":"paper-59-relation-memory-architecture","type":"component_of","from_id":"paper-59-architecture-memory","to_id":"paper-59-architecture-node"},{"id":"paper-59-relation-compiler-answer","type":"realizes","from_id":"paper-59-compiler","to_id":"paper-59-answer"},{"id":"paper-59-relation-architecture-answer","type":"realizes","from_id":"paper-59-architecture-node","to_id":"paper-59-answer"},{"id":"paper-59-relation-evaluation-speedup","type":"supports","from_id":"paper-59-evaluation","to_id":"paper-59-claim-speedup"},{"id":"paper-59-relation-analysis-memory","type":"supports","from_id":"paper-59-evidence-analysis","to_id":"paper-59-architecture-memory"},{"id":"paper-59-relation-boundaries-speedup","type":"qualifies","from_id":"paper-59-boundaries","to_id":"paper-59-claim-speedup"},{"id":"paper-59-relation-lineage-paper","type":"contextualizes","from_id":"paper-59-lineage","to_id":"paper-59"}],"assessment":{"id":"paper-59-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The source documents RTL synthesis, a cycle-level model, complete workloads, multiple baselines, traffic analysis, sensitivity studies, and functional checking. The absence of fabricated-silicon measurements remains an explicit boundary.","basis_source_anchor_ids":["anchor-paper-59-rtl","anchor-paper-59-methodology","anchor-paper-59-performance","anchor-paper-59-analysis"]},{"id":"auditability","level":"high","rationale":"The complete extended PDF is checked in with page count and SHA-256 and is linked to its arXiv source and related official DOI. No public code or simulator artifact is represented.","basis_source_anchor_ids":["anchor-paper-59-problem","anchor-paper-59-publication"]},{"id":"production_provenance","level":"medium","rationale":"Authors, extended-version date, synthesis process, benchmark systems, and related conference DOI are documented, but exact source, RTL, compiler, and simulator revisions are not public in this record.","basis_source_anchor_ids":["anchor-paper-59-rtl","anchor-paper-59-methodology","anchor-paper-59-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"MICRO publication establishes strong venue scrutiny, but review reports and an independently reproducible hardware artifact are not linked.","basis_source_anchor_ids":["anchor-paper-59-publication"]},{"id":"reception","level":"high","rationale":"The dated exact-DOI OpenAlex record located 262 citations. Under the author-defined rule, 11 or more located citations is High; the count is index- and date-dependent.","basis_source_anchor_ids":["anchor-paper-59-citations"]},{"id":"contribution_significance","level":"high","rationale":"The work advances from operation kernels to full programmable FHE workloads and has substantial measured scholarly reception. This rating does not validate every benchmark assumption or confer correctness.","basis_source_anchor_ids":["anchor-paper-59-problem","anchor-paper-59-performance","anchor-paper-59-citations"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex exact DOI lookup for the related MICRO conference work","citation_count":262,"source_url":"https://api.openalex.org/works/W3207326900","signals":["The exact DOI-matched OpenAlex work reported 262 citing works."],"limitation":"The citation record is for the conference DOI and may aggregate attention to the arXiv extended version; this map explicitly represents the extended text."}},"paper_6":{"schema_version":"0.1","map_id":"paper-6-map","publication_id":6,"publication_anchor":"paper-6","slug":"paper-6","canonical_path":"/knowledge/papers/paper-6/","machine_path":"/knowledge/papers/paper-6.json","root_node_id":"paper-6","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["algorithm"],"title":"Optimal Filtering for DDoS Attacks","year":2007,"venue":"Information Theory and Applications Workshop (ITA)","topic":"algorithms-foundations","labels":["Theory","Applied"],"authors":["Karim Eldefrawy","Athina Markopoulou","Katerina Argyraki"],"keywords":["DDoS","filter allocation","dynamic programming"],"research_question":"Given a congested victim link and too few packet filters, which individual attackers or aggregate gateways should be filtered or rate-limited to maximize preserved legitimate traffic?","central_answer":"At one aggregation tier the binary formulation is a computationally hard 0-1 knapsack; its fractional, rate-limiting relaxation admits a greedy optimum using filters plus one rate limiter. Across gateway and attacker tiers the problem becomes a cardinality-constrained optimization with an exact dynamic program over gateways, capacity, and filters. Simulations compare these optimized policies and a lower-cost heuristic on synthetic, worm, and commercial-attack scenarios.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, evidence linking, and initial assessment"}],"method":"Full-source audit of the checked-in arXiv manuscript and archive record.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-drafted, source-linked map awaiting author verification before approval."}},"sources":[{"id":"source-paper-6-paper","type":"manuscript_archive","title":"Optimal Filtering for DDoS Attacks","url":"/pubs/2007/optimal-filtering-ddos-ita2007.pdf","media_type":"application/pdf","sha256":"060a455001e42016718e3e0ac46aa85ca5bd335a2f63dcf4739be285c6839b24","page_count":13,"provenance_category":"archive","version_note":"arXiv manuscript cs/0612066; local copy checked 2026-07-11."},{"id":"source-paper-6-arxiv","type":"manuscript_record","title":"arXiv record","url":"https://arxiv.org/abs/cs/0612066"},{"id":"source-paper-6-citations","type":"citation_search","title":"Dated scholarly-web citation search","url":"https://scholar.google.com/scholar?q=%22Optimal+Filtering+for+DDoS+Attacks%22","version_note":"Search attempted 2026-07-11; no transparent citation count was retrievable in this environment."}],"source_anchors":[{"id":"anchor-paper-6-problem","source_id":"source-paper-6-paper","label":"Problem and contributions","locator":"Abstract and Section 1, PDF pages 1-2","url":"/pubs/2007/optimal-filtering-ddos-ita2007.pdf#page=1"},{"id":"anchor-paper-6-assumptions","source_id":"source-paper-6-paper","label":"Filtering model and detection boundary","locator":"Section 2, PDF pages 2-3","url":"/pubs/2007/optimal-filtering-ddos-ita2007.pdf#page=2"},{"id":"anchor-paper-6-single","source_id":"source-paper-6-paper","label":"Single-tier knapsack formulation and greedy optimum","locator":"Section 3.1 and Algorithm 1, PDF pages 3-5","url":"/pubs/2007/optimal-filtering-ddos-ita2007.pdf#page=3"},{"id":"anchor-paper-6-two","source_id":"source-paper-6-paper","label":"Two-tier formulation and dynamic program","locator":"Sections 3.2-3.3 and Algorithm 2, PDF pages 5-8","url":"/pubs/2007/optimal-filtering-ddos-ita2007.pdf#page=5"},{"id":"anchor-paper-6-proof","source_id":"source-paper-6-paper","label":"Optimal-substructure proposition and complexity","locator":"Section 3.3, PDF pages 7-8","url":"/pubs/2007/optimal-filtering-ddos-ita2007.pdf#page=7"},{"id":"anchor-paper-6-evaluation","source_id":"source-paper-6-paper","label":"Synthetic and realistic simulation scenarios","locator":"Section 4, PDF pages 9-12","url":"/pubs/2007/optimal-filtering-ddos-ita2007.pdf#page=9"},{"id":"anchor-paper-6-conclusion","source_id":"source-paper-6-paper","label":"Conclusions and scope","locator":"Section 5, PDF page 13","url":"/pubs/2007/optimal-filtering-ddos-ita2007.pdf#page=13"},{"id":"anchor-paper-6-provenance","source_id":"source-paper-6-arxiv","label":"Public manuscript provenance","locator":"arXiv cs/0612066","url":"https://arxiv.org/abs/cs/0612066"},{"id":"anchor-paper-6-citation-search","source_id":"source-paper-6-citations","label":"Citation search attempted","locator":"Exact-title search, 2026-07-11; no verified count retrieved","url":"https://scholar.google.com/scholar?q=%22Optimal+Filtering+for+DDoS+Attacks%22"}],"nodes":[{"id":"paper-6","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Optimal Filtering for DDoS Attacks","summary":"An optimization and algorithm paper for allocating scarce router filters under DDoS traffic while preserving legitimate throughput.","source_anchor_ids":["anchor-paper-6-problem","anchor-paper-6-provenance"]},{"id":"paper-6-question","kind":"question","parent_id":"paper-6","order":1,"epistemic_status":"research_question","title":"Research question","summary":"How should a victim choose filtering granularity under simultaneous link-capacity and filter-count constraints?","source_anchor_ids":["anchor-paper-6-problem"]},{"id":"paper-6-answer","kind":"contribution","parent_id":"paper-6","order":2,"epistemic_status":"proved_and_simulated","title":"Central answer","summary":"Use greedy knapsack allocation at one tier and a Bellman dynamic program when filters may be assigned at both gateway and individual-attacker tiers.","source_anchor_ids":["anchor-paper-6-single","anchor-paper-6-two","anchor-paper-6-evaluation"]},{"id":"paper-6-model","kind":"model","parent_id":"paper-6","order":3,"epistemic_status":"formalized","title":"Traffic and resource model","summary":"A victim gateway knows good and bad traffic rates per attack gateway and attacker, has link capacity C and at most F filters, and optimizes admitted legitimate traffic.","source_anchor_ids":["anchor-paper-6-assumptions","anchor-paper-6-single"]},{"id":"paper-6-single","kind":"algorithm","parent_id":"paper-6","order":4,"epistemic_status":"optimally_solved","title":"Single-tier fractional-knapsack allocation","summary":"Blocking entire gateways yields a computationally hard 0-1 knapsack. Relaxing each decision to a passed traffic fraction models rate limiting; sorting by legitimate-traffic efficiency then gives a fractional-knapsack optimum with filters on later gateways and one rate limiter at the capacity boundary.","source_anchor_ids":["anchor-paper-6-single"]},{"id":"paper-6-two","kind":"algorithm","parent_id":"paper-6","order":5,"epistemic_status":"optimally_solved","title":"Two-tier dynamic program","summary":"The algorithm considers each gateway, residual capacity, and filter budget, choosing how many filters to assign within that gateway and reusing stored optima for the previous gateways.","source_anchor_ids":["anchor-paper-6-two"]},{"id":"paper-6-proof","kind":"theorem","parent_id":"paper-6-two","order":1,"epistemic_status":"proved","title":"Optimal-substructure justification","summary":"A proposition shows that an optimal allocation for n gateways contains an optimal allocation for its first n-1 gateways under the induced capacity and filter budgets, justifying the recurrence.","source_anchor_ids":["anchor-paper-6-proof"]},{"id":"paper-6-complexity","kind":"limitation","parent_id":"paper-6-two","order":2,"epistemic_status":"analyzed","title":"Pseudo-polynomial cost","summary":"The exact table scales with N, discretized capacity C, and filter budget F and can be prohibitively large; the paper therefore also studies a simpler heuristic.","source_anchor_ids":["anchor-paper-6-proof"]},{"id":"paper-6-evidence","kind":"evidence_group","parent_id":"paper-6","order":6,"epistemic_status":"simulation","title":"Comparative simulations","summary":"The algorithms are compared with uniform, random, max-min, and heuristic policies on generated traffic plus Code Red, Slammer, and commercial DDoS-report distributions.","source_anchor_ids":["anchor-paper-6-evaluation"]},{"id":"paper-6-result","kind":"result","parent_id":"paper-6-evidence","order":1,"epistemic_status":"simulation_supported","title":"Goodput/filter tradeoff","summary":"Across the reported scenarios, optimized placement preserves more good traffic and can use fewer filters than baselines; exact magnitudes depend on the assumed traffic distributions and capacity.","source_anchor_ids":["anchor-paper-6-evaluation"]},{"id":"paper-6-boundaries","kind":"limitation_group","parent_id":"paper-6","order":7,"epistemic_status":"material","title":"Model boundaries","summary":"Attack identification is assumed rather than solved, good/bad rates are treated as known, one victim-side hierarchy is optimized, and experiments are simulations rather than router deployment.","source_anchor_ids":["anchor-paper-6-assumptions","anchor-paper-6-evaluation","anchor-paper-6-conclusion"]},{"id":"paper-6-artifacts","kind":"artifact","parent_id":"paper-6","order":8,"epistemic_status":"paper_available_no_code","title":"Artifacts","summary":"A fixed arXiv full text is available locally; algorithm code, scenario inputs, and simulation outputs were not located.","source_anchor_ids":["anchor-paper-6-evaluation","anchor-paper-6-provenance"]},{"id":"paper-6-scrutiny","kind":"scrutiny","parent_id":"paper-6","order":9,"epistemic_status":"peer_reviewed","title":"Scrutiny","summary":"The work appeared at ITA 2007 and has a public preprint; review reports and independent reproduction were not located.","source_anchor_ids":["anchor-paper-6-provenance"]}],"relations":[{"id":"paper-6-relation-model-frames-question","type":"formalizes","from_id":"paper-6-model","to_id":"paper-6-question"},{"id":"paper-6-relation-single-realizes-answer","type":"realizes","from_id":"paper-6-single","to_id":"paper-6-answer"},{"id":"paper-6-relation-two-realizes-answer","type":"realizes","from_id":"paper-6-two","to_id":"paper-6-answer"},{"id":"paper-6-relation-proof-supports-two","type":"supports","from_id":"paper-6-proof","to_id":"paper-6-two"},{"id":"paper-6-relation-evidence-supports-answer","type":"supports","from_id":"paper-6-evidence","to_id":"paper-6-answer"},{"id":"paper-6-relation-complexity-qualifies-two","type":"qualifies","from_id":"paper-6-complexity","to_id":"paper-6-two"},{"id":"paper-6-relation-boundaries-qualify-answer","type":"qualifies","from_id":"paper-6-boundaries","to_id":"paper-6-answer"}],"assessment":{"id":"paper-6-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The optimization problems, algorithms, optimal-substructure argument, complexity, and comparative simulations are documented; operational detection and deployment are outside the evidence.","basis_source_anchor_ids":["anchor-paper-6-single","anchor-paper-6-two","anchor-paper-6-proof","anchor-paper-6-evaluation"]},{"id":"auditability","level":"high","rationale":"A fixed public arXiv full text is checked in with page count and hash, enabling direct inspection of definitions, algorithms, arguments, and results.","basis_source_anchor_ids":["anchor-paper-6-provenance","anchor-paper-6-proof","anchor-paper-6-evaluation"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship and public manuscript lineage are documented; roles, revision/effort history, tool use, and simulation-code lineage are not.","basis_source_anchor_ids":["anchor-paper-6-provenance"]},{"id":"external_scrutiny","level":"medium","rationale":"The paper has a workshop publication and public preprint, but review reports, code review, and independent replication were not located.","basis_source_anchor_ids":["anchor-paper-6-provenance"]},{"id":"reception","level":"low","rationale":"No citations were verifiably located in the constrained dated search. Under the author's 0-8 rule this is low, but it is not a claim that the paper has no citations.","basis_source_anchor_ids":["anchor-paper-6-citation-search"]},{"id":"contribution_significance","level":"high","rationale":"The work identifies the precise filter/granularity tradeoff, supplies exact algorithms for two settings, and evaluates practical approximations while exposing computational limits.","basis_source_anchor_ids":["anchor-paper-6-problem","anchor-paper-6-two","anchor-paper-6-evaluation"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"Exact-title scholarly-web search; transparent index count unavailable","source":"Google Scholar query route plus general scholarly-web search","citation_count":0,"signals":[],"limitation":"Zero means no citations were verifiably located during this constrained search, not a total bibliometric count; author should replace it with a confirmed index snapshot."}},"paper_60":{"schema_version":"0.1","map_id":"paper-60-map","publication_id":60,"publication_anchor":"paper-60","slug":"paper-60","canonical_path":"/knowledge/papers/paper-60/","machine_path":"/knowledge/papers/paper-60.json","root_node_id":"paper-60","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["algorithm"],"title":"Quantum Optimization Heuristics with an Application to Knapsack Problems","year":2021,"status":"Published","venue":"IEEE International Conference on Quantum Computing and Engineering (QCE)","topic":"algorithms-foundations","labels":["Theory","Applied"],"authors":["Wim van Dam","Karim Eldefrawy","Nicholas Genise","Natalie Parham"],"keywords":["quantum optimization","QAOA","knapsack","constrained optimization"],"research_question":"Can shallow QAOA-style heuristics use a classical greedy solution to stay near feasible high-value regions of a constrained knapsack search space and outperform comparably simple classical heuristics?","central_answer":"The paper initializes qubits from smoothed greedy marginals and introduces hourglass and copula mixers that preserve those biases while exploring nearby solutions. Statevector simulations on small hard-instance families report better performance than selected shallow classical baselines, with explicit classical-simulability and scaling caveats.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, algorithm-and-experiment mapping, and initial assessment"}],"method":"Complete review of the 21-page arXiv manuscript, including derivations, pseudocode, hard-instance generators, parameter optimization, comparisons, conclusions, and visual inspection of title and simulation-result pages. Claims are bounded to depth-one statevector simulations at n equals 10 and the selected baselines.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author verification. Mixer descriptions, experimental settings, and interpretation of comparative results should be checked."}},"sources":[{"id":"source-paper-60-archive-pdf","type":"public_archive_copy","title":"Quantum Optimization Heuristics with an Application to Knapsack Problems","url":"/pubs/2021/quantum-optimization-knapsack.pdf","provenance_category":"archive","retrieved_from":"https://arxiv.org/pdf/2108.08805","media_type":"application/pdf","sha256":"d403fa39c25c7b77b806b19cc86dee9c1a2dab74976f6d9fdb967230d5603ac5","page_count":21},{"id":"source-paper-60-official","type":"official_publication_record","title":"IEEE QCE 2021 publication record","url":"https://doi.org/10.1109/QCE52317.2021.00033","provenance_category":"official"},{"id":"source-paper-60-citations","type":"citation_index_snapshot","title":"OpenAlex work W3194167622","url":"https://api.openalex.org/works/W3194167622","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-60-problem","source_id":"source-paper-60-archive-pdf","label":"Motivation, contributions, and classical-simulability caveat","locator":"Abstract and Sections 1-1.1, PDF pages 1-2","url":"/pubs/2021/quantum-optimization-knapsack.pdf#page=1"},{"id":"anchor-paper-60-qaoa","source_id":"source-paper-60-archive-pdf","label":"QAOA and penalty-function baseline","locator":"Section 2, PDF pages 2-3","url":"/pubs/2021/quantum-optimization-knapsack.pdf#page=2"},{"id":"anchor-paper-60-mixers","source_id":"source-paper-60-archive-pdf","label":"Biased initial states, hourglass mixer, and copula mixer","locator":"Section 3, PDF pages 3-7","url":"/pubs/2021/quantum-optimization-knapsack.pdf#page=3"},{"id":"anchor-paper-60-knapsack","source_id":"source-paper-60-archive-pdf","label":"Knapsack definition and classical baselines","locator":"Section 4, PDF pages 7-9","url":"/pubs/2021/quantum-optimization-knapsack.pdf#page=7"},{"id":"anchor-paper-60-qkp","source_id":"source-paper-60-archive-pdf","label":"Knapsack-specific xQAOA design","locator":"Section 5, PDF pages 9-11","url":"/pubs/2021/quantum-optimization-knapsack.pdf#page=9"},{"id":"anchor-paper-60-instances","source_id":"source-paper-60-archive-pdf","label":"Five hard-instance distributions","locator":"Section 6.1, PDF pages 11-12","url":"/pubs/2021/quantum-optimization-knapsack.pdf#page=11"},{"id":"anchor-paper-60-classical","source_id":"source-paper-60-archive-pdf","label":"Classical comparison setup","locator":"Section 6.2, PDF pages 12-13","url":"/pubs/2021/quantum-optimization-knapsack.pdf#page=12"},{"id":"anchor-paper-60-quantum","source_id":"source-paper-60-archive-pdf","label":"Quantum algorithms and parameter optimization","locator":"Sections 6.3.1-6.3.2, PDF pages 13-15","url":"/pubs/2021/quantum-optimization-knapsack.pdf#page=13"},{"id":"anchor-paper-60-results","source_id":"source-paper-60-archive-pdf","label":"Simulation results and sensitivity","locator":"Sections 6.3.3-6.3.4, PDF pages 15-16","url":"/pubs/2021/quantum-optimization-knapsack.pdf#page=15"},{"id":"anchor-paper-60-conclusion","source_id":"source-paper-60-archive-pdf","label":"Conclusions, limits, and future work","locator":"Section 7, PDF page 18","url":"/pubs/2021/quantum-optimization-knapsack.pdf#page=18"},{"id":"anchor-paper-60-publication","source_id":"source-paper-60-official","label":"Official IEEE QCE publication identity","locator":"DOI 10.1109/QCE52317.2021.00033","url":"https://doi.org/10.1109/QCE52317.2021.00033"},{"id":"anchor-paper-60-citations","source_id":"source-paper-60-citations","label":"Dated citation-count snapshot","locator":"OpenAlex reported 4 citations when accessed 2026-07-11","url":"https://api.openalex.org/works/W3194167622"}],"nodes":[{"id":"paper-60","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Quantum Optimization Heuristics with an Application to Knapsack Problems","summary":"Two biased QAOA-style optimization algorithms for constrained knapsack instances, analyzed algebraically and evaluated by small statevector simulations.","source_anchor_ids":["anchor-paper-60-problem"]},{"id":"paper-60-question","kind":"question","parent_id":"paper-60","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can a greedy warm start and bias-preserving mixers focus a shallow quantum search near feasible solutions without the qubit cost of penalty encodings?","source_anchor_ids":["anchor-paper-60-problem","anchor-paper-60-qaoa"]},{"id":"paper-60-answer","kind":"contribution","parent_id":"paper-60","order":2,"epistemic_status":"simulated_support","title":"Central answer","summary":"Convert a smoothed lazy-greedy profile into product-state qubit marginals, preserve those marginals with an hourglass mixer, and optionally add pairwise anticorrelation through a copula mixer.","source_anchor_ids":["anchor-paper-60-mixers","anchor-paper-60-qkp"]},{"id":"paper-60-scope","kind":"scope","parent_id":"paper-60","order":3,"epistemic_status":"explicitly_scoped","title":"Experimental regime","summary":"Results use binary knapsack instances with ten items, depth-one circuits, statevector simulation, ten output samples per algorithm run, and 100 instances from each of five selected hard distributions.","source_anchor_ids":["anchor-paper-60-instances","anchor-paper-60-quantum","anchor-paper-60-results"]},{"id":"paper-60-method","kind":"algorithm","parent_id":"paper-60","order":4,"epistemic_status":"specified","title":"Biased xQAOA","summary":"A logistic smoothing of the lazy-greedy stopping ratio assigns each item a qubit inclusion probability, creating a constant-depth initial state near the capacity boundary rather than a uniform superposition.","source_anchor_ids":["anchor-paper-60-mixers","anchor-paper-60-qkp"]},{"id":"paper-60-method-hourglass","kind":"algorithm","parent_id":"paper-60-method","order":1,"epistemic_status":"specified","title":"QKP hourglass mixer","summary":"A single-qubit mixer has each biased marginal state as an eigenstate, preserving the chosen product-distribution bias while the objective phase steers probability toward higher-value strings.","source_anchor_ids":["anchor-paper-60-mixers","anchor-paper-60-qkp"]},{"id":"paper-60-method-copula","kind":"algorithm","parent_id":"paper-60-method","order":2,"epistemic_status":"specified","title":"QKP copula mixer","summary":"Two-qubit copula operations preserve individual marginals while adding tunable correlations; the evaluated ring construction favors anticorrelation so neighboring items are less likely to be jointly selected.","source_anchor_ids":["anchor-paper-60-mixers","anchor-paper-60-qkp"]},{"id":"paper-60-baselines","kind":"evidence_group","parent_id":"paper-60","order":5,"epistemic_status":"controlled_simulation","title":"Comparison design","summary":"Quantum heuristics are compared with lazy greedy, very greedy, warm-start simulated annealing, and a global one-step annealing variant on strongly correlated, inverse-strong, profit, and two spanner distributions.","source_anchor_ids":["anchor-paper-60-instances","anchor-paper-60-classical"]},{"id":"paper-60-parameters","kind":"method","parent_id":"paper-60-baselines","order":1,"epistemic_status":"per_instance_optimized","title":"Parameter search","summary":"Quantum angles are grid-searched then refined with BFGS for each instance across bias strengths and selected copula correlations; simulated annealing temperature is also tuned per instance from repeated trials.","source_anchor_ids":["anchor-paper-60-classical","anchor-paper-60-quantum"]},{"id":"paper-60-claim-comparison","kind":"claim","parent_id":"paper-60","order":6,"epistemic_status":"simulation_result","title":"Better results than selected shallow heuristics","summary":"Across the sampled ten-item instances, the hourglass variant typically exceeds the four chosen classical heuristics and the copula variant improves further; infeasible outputs count as zero rather than being postselected away.","source_anchor_ids":["anchor-paper-60-results"]},{"id":"paper-60-claim-sensitivity","kind":"claim","parent_id":"paper-60","order":7,"epistemic_status":"numerical_observation","title":"Limited sensitivity on the tested size","summary":"The tested copula mixer generally prefers maximal anticorrelation, performance varies weakly across the sampled bias strengths, and favorable beta angles cluster in two regions, suggesting some parameter reuse at n equals 10.","source_anchor_ids":["anchor-paper-60-results"]},{"id":"paper-60-boundaries","kind":"limitation_group","parent_id":"paper-60","order":8,"epistemic_status":"material","title":"Boundaries","summary":"Experiments are statevector simulations at n equals 10 and depth one, use heavily optimized per-instance parameters, and compare only simple classical methods. The authors expect more elaborate classical algorithms to outperform these quantum heuristics and leave larger n, deeper p, and parameter-scaling behavior open.","source_anchor_ids":["anchor-paper-60-quantum","anchor-paper-60-results","anchor-paper-60-conclusion"]},{"id":"paper-60-boundary-classical","kind":"limitation","parent_id":"paper-60-boundaries","order":1,"epistemic_status":"explicitly_acknowledged","title":"Hourglass path can be quantum-inspired classical","summary":"For a linear objective such as knapsack, the first non-entangling technique can be classically simulated with comparable circuit complexity, so its improvement is not evidence of quantum advantage.","source_anchor_ids":["anchor-paper-60-problem","anchor-paper-60-conclusion"]},{"id":"paper-60-evidence","kind":"evidence_group","parent_id":"paper-60","order":9,"epistemic_status":"analytical_and_simulated","title":"Evidence boundary","summary":"The paper supplies circuit derivations, pseudocode, instance generators, baseline settings, scatter plots, and sensitivity results. It supplies neither hardware experiments nor a proof of asymptotic advantage.","source_anchor_ids":["anchor-paper-60-mixers","anchor-paper-60-instances","anchor-paper-60-results"]},{"id":"paper-60-resources","kind":"artifact_group","parent_id":"paper-60","order":10,"epistemic_status":"source_available","title":"Publication resources","summary":"The checked-in arXiv manuscript has fixity metadata and the DOI identifies the IEEE publication. No code or data artifact is represented in the paper map.","source_anchor_ids":["anchor-paper-60-problem","anchor-paper-60-publication"]},{"id":"paper-60-scrutiny","kind":"scrutiny","parent_id":"paper-60","order":11,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The paper appeared at IEEE QCE 2021. Public review reports and independent experimental reproduction are not linked.","source_anchor_ids":["anchor-paper-60-publication"]},{"id":"paper-60-lineage","kind":"lineage","parent_id":"paper-60","order":12,"epistemic_status":"documented","title":"Warm-start constrained QAOA line","summary":"The work extends prior alternating-operator and warm-start approaches with constant-depth bias-preserving and copula mixers specialized and tested for knapsack.","source_anchor_ids":["anchor-paper-60-mixers","anchor-paper-60-conclusion"]}],"relations":[{"id":"paper-60-relation-answer-question","type":"addresses","from_id":"paper-60-answer","to_id":"paper-60-question"},{"id":"paper-60-relation-method-answer","type":"realizes","from_id":"paper-60-method","to_id":"paper-60-answer"},{"id":"paper-60-relation-hourglass-method","type":"component_of","from_id":"paper-60-method-hourglass","to_id":"paper-60-method"},{"id":"paper-60-relation-copula-method","type":"component_of","from_id":"paper-60-method-copula","to_id":"paper-60-method"},{"id":"paper-60-relation-baselines-comparison","type":"supports","from_id":"paper-60-baselines","to_id":"paper-60-claim-comparison"},{"id":"paper-60-relation-parameters-comparison","type":"qualifies","from_id":"paper-60-parameters","to_id":"paper-60-claim-comparison"},{"id":"paper-60-relation-boundaries-comparison","type":"qualifies","from_id":"paper-60-boundaries","to_id":"paper-60-claim-comparison"},{"id":"paper-60-relation-evidence-answer","type":"supports","from_id":"paper-60-evidence","to_id":"paper-60-answer"}],"assessment":{"id":"paper-60-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The algorithms are derived and evaluated systematically on five instance families with transparent baselines and caveats, but evidence is limited to small statevector simulations and does not establish scaling or quantum advantage.","basis_source_anchor_ids":["anchor-paper-60-mixers","anchor-paper-60-classical","anchor-paper-60-results","anchor-paper-60-conclusion"]},{"id":"auditability","level":"high","rationale":"The complete checked-in archive copy has page count and SHA-256 and is linked to the official DOI; algorithms and experiment settings are explicit, though code and raw results are absent.","basis_source_anchor_ids":["anchor-paper-60-problem","anchor-paper-60-publication"]},{"id":"production_provenance","level":"medium","rationale":"Authors, venue, versions, funding, algorithms, and experimental choices are documented; code revision, raw data, contributor roles, and tool versions are not.","basis_source_anchor_ids":["anchor-paper-60-publication","anchor-paper-60-instances","anchor-paper-60-results"]},{"id":"external_scrutiny","level":"medium","rationale":"IEEE QCE publication establishes venue review, but review reports and independent reproduction are not represented.","basis_source_anchor_ids":["anchor-paper-60-publication"]},{"id":"reception","level":"low","rationale":"The dated exact-DOI OpenAlex record located 4 citations. Under the author-defined rule, 0 through 8 located citations is Low; counts vary by index and date.","basis_source_anchor_ids":["anchor-paper-60-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The bias-preserving and copula mixer constructions are reusable ideas for constrained optimization, but the paper itself rules out a quantum-advantage interpretation for one path and leaves scaling open.","basis_source_anchor_ids":["anchor-paper-60-problem","anchor-paper-60-conclusion"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex exact DOI lookup","citation_count":4,"source_url":"https://api.openalex.org/works/W3194167622","signals":["The exact DOI-matched OpenAlex work reported four citing works."],"limitation":"Citation counts are index- and date-dependent and may merge arXiv and IEEE versions differently."}},"paper_61":{"schema_version":"0.1","map_id":"paper-61-map","publication_id":61,"publication_anchor":"paper-61","slug":"paper-61","canonical_path":"/knowledge/papers/paper-61/","machine_path":"/knowledge/papers/paper-61.json","root_node_id":"paper-61","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"Communication-Efficient Proactive MPC for Dynamic Groups with Dishonest Majorities","year":2022,"status":"Published","venue":"20th International Conference on Applied Cryptography and Network Security (ACNS)","topic":"secure-encrypted-computation","labels":["Theory"],"authors":["Karim Eldefrawy","Tancrède Lepoint","Antonin Leroux"],"keywords":["secure multiparty computation","proactive security","dynamic groups","dishonest majority"],"research_question":"Can a full proactive MPC protocol evaluate arithmetic circuits efficiently when a mobile adversary may control a dishonest majority and the participant group changes between computation layers?","central_answer":"The paper extends batched bivariate proactive secret sharing with multi-dealer input sharing, addition, permutation, and a new no-precomputation multiplication pipeline. It proves conditional proactive security and fair reconstruction and reports O(n squared) amortized communication per secret for maximum-size batches.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, protocol-and-proof mapping, and initial assessment"}],"method":"Complete review of the 44-page IACR ePrint PDF through the public archive, including the adversary model, multi-dealer sharing, eight-operation PMPC, multiplication subprotocols, thresholds, ideal functionalities, and appendical proofs. Direct local download was blocked by an archive anti-bot challenge, so no local hash is claimed.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author verification. Thresholds, proof-composition wording, and asymptotic expressions require author checking."}},"sources":[{"id":"source-paper-61-archive-pdf","type":"public_archive_copy","title":"Communication-Efficient Proactive MPC for Dynamic Groups with Dishonest Majorities","url":"https://eprint.iacr.org/2021/1564.pdf","provenance_category":"archive","media_type":"application/pdf","page_count":44},{"id":"source-paper-61-official","type":"official_publication_record","title":"ACNS 2022 publisher record","url":"https://doi.org/10.1007/978-3-031-09234-3_28","provenance_category":"official"},{"id":"source-paper-61-citations","type":"citation_index_snapshot","title":"OpenAlex work W3214757571","url":"https://api.openalex.org/works/W3214757571","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-61-problem","source_id":"source-paper-61-archive-pdf","label":"Problem, contributions, and headline thresholds","locator":"Abstract and Section 1.1, PDF pages 1-3","url":"https://eprint.iacr.org/2021/1564.pdf#page=1"},{"id":"anchor-paper-61-overview","source_id":"source-paper-61-archive-pdf","label":"Bivariate multiplication overview","locator":"Section 1.2, PDF pages 3-5","url":"https://eprint.iacr.org/2021/1564.pdf#page=3"},{"id":"anchor-paper-61-model","source_id":"source-paper-61-archive-pdf","label":"Mobile mixed adversary and cryptographic assumptions","locator":"Sections 2.1-2.3, PDF pages 5-8","url":"https://eprint.iacr.org/2021/1564.pdf#page=5"},{"id":"anchor-paper-61-share","source_id":"source-paper-61-archive-pdf","label":"Multi-dealer batched proactive sharing","locator":"Section 3 and Protocol 1, PDF pages 8-10","url":"https://eprint.iacr.org/2021/1564.pdf#page=8"},{"id":"anchor-paper-61-pmpc","source_id":"source-paper-61-archive-pdf","label":"Eight-subprotocol dynamic PMPC","locator":"Section 4 and Protocol 2, PDF pages 10-13","url":"https://eprint.iacr.org/2021/1564.pdf#page=10"},{"id":"anchor-paper-61-main-theorem","source_id":"source-paper-61-archive-pdf","label":"Full PMPC security and fairness theorem","locator":"Theorem 1, PDF page 13, with proof in Appendix D, PDF pages 39-41","url":"https://eprint.iacr.org/2021/1564.pdf#page=13"},{"id":"anchor-paper-61-multiplication","source_id":"source-paper-61-archive-pdf","label":"Resharing, masking, product, verification, and Mult","locator":"Sections 5.1-5.5 and Protocols 3-7, PDF pages 13-20","url":"https://eprint.iacr.org/2021/1564.pdf#page=13"},{"id":"anchor-paper-61-mult-theorem","source_id":"source-paper-61-archive-pdf","label":"Multiplication security and communication","locator":"Theorem 2, PDF page 20","url":"https://eprint.iacr.org/2021/1564.pdf#page=20"},{"id":"anchor-paper-61-proofs","source_id":"source-paper-61-archive-pdf","label":"Updated PSS proofs, multiplication proofs, permutation, and full composition","locator":"Appendices A-E, PDF pages 21-44","url":"https://eprint.iacr.org/2021/1564.pdf#page=21"},{"id":"anchor-paper-61-boundaries","source_id":"source-paper-61-archive-pdf","label":"Scheduling, planned membership, fairness, and evidence boundaries","locator":"Sections 2.1 and 4 and Appendix D, PDF pages 5-6, 10-13, and 39-41","url":"https://eprint.iacr.org/2021/1564.pdf#page=5"},{"id":"anchor-paper-61-publication","source_id":"source-paper-61-official","label":"Official ACNS publication identity","locator":"DOI 10.1007/978-3-031-09234-3_28","url":"https://doi.org/10.1007/978-3-031-09234-3_28"},{"id":"anchor-paper-61-citations","source_id":"source-paper-61-citations","label":"Dated citation-count snapshot","locator":"OpenAlex reported 3 citations when accessed 2026-07-11","url":"https://api.openalex.org/works/W3214757571"}],"nodes":[{"id":"paper-61","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Communication-Efficient Proactive MPC for Dynamic Groups with Dishonest Majorities","summary":"A formal batched proactive MPC protocol for arithmetic circuits, dynamic groups, mobile mixed adversaries, and dishonest-majority thresholds.","source_anchor_ids":["anchor-paper-61-problem"]},{"id":"paper-61-question","kind":"question","parent_id":"paper-61","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can the efficient dynamic dishonest-majority PSS of paper #52 be extended to multiplication and full circuit evaluation without returning to quartic communication?","source_anchor_ids":["anchor-paper-61-problem"]},{"id":"paper-61-answer","kind":"contribution","parent_id":"paper-61","order":2,"epistemic_status":"theorem_supported","title":"Central answer","summary":"Add a multi-dealer Share, local Add, batched Permute, and a new verified bivariate multiplication pipeline to the existing refresh, recover, redistribute, and reconstruct protocols.","source_anchor_ids":["anchor-paper-61-share","anchor-paper-61-pmpc","anchor-paper-61-multiplication"]},{"id":"paper-61-scope","kind":"threat_model","parent_id":"paper-61","order":3,"epistemic_status":"defined","title":"Mobile mixed adversary","summary":"A computationally bounded adversary adaptively chooses passive and active corruptions between predefined refresh phases and may eventually visit every party, while the within-phase multi-threshold remains satisfied.","source_anchor_ids":["anchor-paper-61-model"]},{"id":"paper-61-scope-network","kind":"assumption","parent_id":"paper-61-scope","order":1,"epistemic_status":"assumed","title":"Network, reset, and cryptographic assumptions","summary":"Parties use synchronous pairwise secure channels and authenticated broadcast, reset parties return to a pristine state, old shares are not retained, and proofs rely on DDH-based homomorphic commitments plus Paillier and zero-knowledge multiplication components.","source_anchor_ids":["anchor-paper-61-model","anchor-paper-61-multiplication"]},{"id":"paper-61-pmpc","kind":"protocol","parent_id":"paper-61","order":4,"epistemic_status":"specified","title":"Layered dynamic PMPC","summary":"Inputs are batched and shared, then each arithmetic-circuit layer permutes operands, applies Add or Mult, redistributes shares for planned departures and arrivals, optionally refreshes, and finally reconstructs designated outputs.","source_anchor_ids":["anchor-paper-61-pmpc"]},{"id":"paper-61-pmpc-maintenance","kind":"protocol","parent_id":"paper-61-pmpc","order":1,"epistemic_status":"reused_and_adapted","title":"Proactive and dynamic maintenance","summary":"Refresh rerandomizes current batches, Recover restores reset parties, Redistribute changes membership, and gradual Reconstruct releases outputs fairly within a separate threshold region.","source_anchor_ids":["anchor-paper-61-pmpc","anchor-paper-61-proofs"]},{"id":"paper-61-share","kind":"protocol","parent_id":"paper-61-pmpc","order":2,"epistemic_status":"specified","title":"Multi-dealer batched Share","summary":"Multiple input owners first Shamir-share their values and the parties combine those univariate sharings into a common bivariate batch, removing the earlier requirement that every batched secret originate from one dealer.","source_anchor_ids":["anchor-paper-61-share"]},{"id":"paper-61-mult","kind":"protocol","parent_id":"paper-61-pmpc","order":3,"epistemic_status":"specified","title":"Bivariate batched multiplication","summary":"The protocol splits each batch into roughly square-root-sized univariate groups, creates bivariate zero masks, computes blinded cross-products with pairwise zero-knowledge multiplication, verifies random evaluations, and recombines product sharings.","source_anchor_ids":["anchor-paper-61-overview","anchor-paper-61-multiplication"]},{"id":"paper-61-mult-verification","kind":"mechanism","parent_id":"paper-61-mult","order":1,"epistemic_status":"cryptographically_checked","title":"Commitment and random-evaluation checks","summary":"Homomorphic commitments check local algebra, Paillier-based ZK-Mult protects pairwise products, and a jointly sampled random evaluation detects malformed bivariate commitments except with the theorem's bounded probability.","source_anchor_ids":["anchor-paper-61-model","anchor-paper-61-multiplication","anchor-paper-61-proofs"]},{"id":"paper-61-claims","kind":"claim_group","parent_id":"paper-61","order":5,"epistemic_status":"formally_analyzed","title":"Main guarantees","summary":"Theorems separately state multiplication security, full PMPC secrecy and correctness, conditional fairness, and amortized communication; the thresholds and ideal functionalities must be read together.","source_anchor_ids":["anchor-paper-61-main-theorem","anchor-paper-61-mult-theorem"]},{"id":"paper-61-claim-efficiency","kind":"claim","parent_id":"paper-61-claims","order":1,"epistemic_status":"asymptotic_theorem","title":"Quadratic amortized communication","summary":"For batches of size n minus 2, the complete PMPC reports O(n squared) amortized communication per secret; the new multiplication and permutation procedures report O(n times square root of n) amortized communication.","source_anchor_ids":["anchor-paper-61-problem","anchor-paper-61-mult-theorem","anchor-paper-61-proofs"]},{"id":"paper-61-claim-security","kind":"claim","parent_id":"paper-61-claims","order":2,"epistemic_status":"proved_under_model","title":"Dishonest-majority proactive security","summary":"Under DDH and the formal model, Theorem 1 gives a secrecy and correctness region with a square-root batch-size loss from n minus 3, plus a distinct mixed active/passive threshold for fair reconstruction.","source_anchor_ids":["anchor-paper-61-main-theorem","anchor-paper-61-proofs"]},{"id":"paper-61-claim-mult","kind":"claim","parent_id":"paper-61-claims","order":3,"epistemic_status":"proved_under_model","title":"No-precomputation multiplication","summary":"Theorem 2 realizes the multiplication ideal functionality for batches within the degree bound and a square-root-loss corruption threshold, without a preprocessing phase.","source_anchor_ids":["anchor-paper-61-mult-theorem","anchor-paper-61-proofs"]},{"id":"paper-61-evidence","kind":"evidence_group","parent_id":"paper-61","order":6,"epistemic_status":"proof_documented","title":"Formal evidence","summary":"The source contains detailed pseudocode, commitment checks, ideal functionalities, subprotocol simulators, permutation constructions, and an appendical composition argument. This map audits their presence, not every proof step independently.","source_anchor_ids":["anchor-paper-61-multiplication","anchor-paper-61-proofs"]},{"id":"paper-61-boundaries","kind":"limitation_group","parent_id":"paper-61","order":7,"epistemic_status":"material","title":"Boundaries","summary":"Membership changes are assumed planned before execution and occur between circuit layers; corruption sets change only during refresh; fairness holds only in its narrower region; the protocol assumes synchrony, secure channels, reset and erasure; and evidence is formal rather than implemented or benchmarked.","source_anchor_ids":["anchor-paper-61-model","anchor-paper-61-pmpc","anchor-paper-61-boundaries"]},{"id":"paper-61-boundary-refresh","kind":"limitation","parent_id":"paper-61-boundaries","order":1,"epistemic_status":"deployment_tradeoff","title":"Refresh frequency is a policy input","summary":"More frequent refresh permits the adversary less time within a corruption set but costs more communication; the protocol accepts a set of refresh layers rather than deriving an operational schedule.","source_anchor_ids":["anchor-paper-61-pmpc","anchor-paper-61-boundaries"]},{"id":"paper-61-resources","kind":"artifact_group","parent_id":"paper-61","order":8,"epistemic_status":"full_text_available","title":"Publication resources","summary":"The complete IACR ePrint exposes all proofs and the DOI fixes the ACNS identity. No public implementation artifact or local byte copy is represented in this map.","source_anchor_ids":["anchor-paper-61-problem","anchor-paper-61-publication"]},{"id":"paper-61-scrutiny","kind":"scrutiny","parent_id":"paper-61","order":9,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The work appeared at ACNS 2022. Public reviews, independent proof checking, and reproductions are not linked.","source_anchor_ids":["anchor-paper-61-publication"]},{"id":"paper-61-lineage","kind":"lineage","parent_id":"paper-61","order":10,"epistemic_status":"documented","title":"Builds full PMPC on paper","summary":"The paper reuses the dynamic bivariate PSS from paper #52, adapts its proof to multi-dealer batches, and adds the missing arithmetic-circuit multiplication and permutation layers.","source_anchor_ids":["anchor-paper-61-problem","anchor-paper-61-share","anchor-paper-61-multiplication"]}],"relations":[{"id":"paper-61-relation-answer-question","type":"addresses","from_id":"paper-61-answer","to_id":"paper-61-question"},{"id":"paper-61-relation-maintenance-pmpc","type":"component_of","from_id":"paper-61-pmpc-maintenance","to_id":"paper-61-pmpc"},{"id":"paper-61-relation-share-pmpc","type":"component_of","from_id":"paper-61-share","to_id":"paper-61-pmpc"},{"id":"paper-61-relation-mult-pmpc","type":"component_of","from_id":"paper-61-mult","to_id":"paper-61-pmpc"},{"id":"paper-61-relation-verification-mult","type":"supports","from_id":"paper-61-mult-verification","to_id":"paper-61-mult"},{"id":"paper-61-relation-pmpc-answer","type":"realizes","from_id":"paper-61-pmpc","to_id":"paper-61-answer"},{"id":"paper-61-relation-evidence-claims","type":"supports","from_id":"paper-61-evidence","to_id":"paper-61-claims"},{"id":"paper-61-relation-scope-security","type":"qualifies","from_id":"paper-61-scope","to_id":"paper-61-claim-security"},{"id":"paper-61-relation-boundaries-claims","type":"qualifies","from_id":"paper-61-boundaries","to_id":"paper-61-claims"},{"id":"paper-61-relation-lineage-paper","type":"contextualizes","from_id":"paper-61-lineage","to_id":"paper-61"}],"assessment":{"id":"paper-61-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The complete source defines the model, specifies all subprotocols, states exact thresholds and ideal functionalities, and supplies appendical proofs and a composition argument. It provides no implementation evidence.","basis_source_anchor_ids":["anchor-paper-61-main-theorem","anchor-paper-61-multiplication","anchor-paper-61-mult-theorem","anchor-paper-61-proofs"]},{"id":"auditability","level":"high","rationale":"The complete IACR archive PDF and official DOI expose assumptions, protocols, and proofs. Archive anti-bot controls prevented recording local byte fixity, and no author-hosted copy is represented.","basis_source_anchor_ids":["anchor-paper-61-problem","anchor-paper-61-publication"]},{"id":"production_provenance","level":"medium","rationale":"Authorship, date, archive identity, venue, and DOI are documented; revision history, roles, tool use, and artifact lineage are not.","basis_source_anchor_ids":["anchor-paper-61-publication","anchor-paper-61-problem"]},{"id":"external_scrutiny","level":"medium","rationale":"ACNS publication establishes venue review, but public reports, independent proof checks, and implementation review are unavailable.","basis_source_anchor_ids":["anchor-paper-61-publication"]},{"id":"reception","level":"low","rationale":"The dated exact-DOI OpenAlex record located 3 citations. Under the author-defined rule, 0 through 8 located citations is Low; counts vary by index and date.","basis_source_anchor_ids":["anchor-paper-61-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The work closes the full-MPC gap in its bivariate dishonest-majority line and reports a large asymptotic improvement, but priority and downstream impact remain to be independently assessed.","basis_source_anchor_ids":["anchor-paper-61-problem","anchor-paper-61-share","anchor-paper-61-multiplication"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex exact DOI lookup","citation_count":3,"source_url":"https://api.openalex.org/works/W3214757571","signals":["The exact DOI-matched OpenAlex work reported three citing works."],"limitation":"Citation counts are index- and date-dependent and may merge or split ePrint and proceedings versions differently."}},"paper_62":{"schema_version":"0.1","map_id":"paper-62-map","publication_id":62,"publication_anchor":"paper-62","slug":"paper-62","canonical_path":"/knowledge/papers/paper-62/","machine_path":"/knowledge/papers/paper-62.json","root_node_id":"paper-62","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["scheme"],"title":"In-App Cryptographically-Enforced Selective Access Control for Microsoft Office and Similar Platforms","short_title":"In-App Selective Access Control","year":2022,"venue":"6th International Symposium on Cyber Security, Cryptology, and Machine Learning (CSCML)","publication_status":"Published","topic":"privacy-identity","labels":["Applied"],"authors":["Karim Eldefrawy","Tancrede Lepoint","Laura Tam"],"keywords":["selective access control","ciphertext-policy attribute-based encryption","hybrid encryption","Microsoft Office add-in","fine-grained document protection","enterprise deployment"],"research_question":"Can fine-grained access policies be enforced cryptographically inside familiar Office documents, while preserving the document format and keeping encryption and decryption responsive enough for ordinary use?","central_answer":"The paper implements an Excel add-in that encrypts selected cell ranges locally under random symmetric keys and protects those keys with FAME ciphertext-policy attribute-based encryption. The same document remains usable by recipients with different attributes, and prototype measurements report sub-second to low-second workflows for the tested policies and spreadsheet sizes, subject to key-management, platform, and deployment assumptions.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, version comparison, evidence mapping, and initial assessment"}],"method":"Source-grounded review of both checked-in PDFs: the 16-page published paper and the distinct 26-page extended version. Both title pages and a substantive evaluation page were rendered and visually inspected. Technical details below use the extended version where it adds deployment and platform analysis, while publication identity and the published abstract remain tied to the proceedings version.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting author verification. In particular, the version relationship, prototype-to-production boundary, and security interpretations should be checked before approval."}},"sources":[{"id":"source-paper-62-published","type":"author_hosted_copy","title":"In-App Cryptographically-Enforced Selective Access Control for Microsoft Office and Similar Platforms","url":"/pubs/2022/cscml2022-abe-msoffice.pdf","provenance_category":"author","media_type":"application/pdf","sha256":"2e7ff82af4619bd136419bc6efe8e1d42f6dd441ab4181896008c60e44bd9b00","page_count":16,"version_note":"Published CSCML proceedings version."},{"id":"source-paper-62-extended","type":"author_hosted_copy","title":"In-App Cryptographically-Enforced Selective Access Control for Microsoft Office and Similar Platforms (Extended Version)","url":"/pubs/2022/cscml2022-abe-msoffice-extended-version.pdf","provenance_category":"author","media_type":"application/pdf","sha256":"182274d9bbabd5049e614f795a9da4dc274d885ec9b0f377fdbafa5d19b16239","page_count":26,"version_note":"Distinct extended version with additional enterprise-deployment, alternative-encryption, and platform-extension material."},{"id":"source-paper-62-official","type":"official_publication_record","title":"Springer CSCML 2022 chapter record","url":"https://doi.org/10.1007/978-3-031-07689-3_32","provenance_category":"official"},{"id":"source-paper-62-openalex","type":"citation_index_snapshot","title":"OpenAlex record W4285178185","url":"https://api.openalex.org/works/W4285178185","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-62-problem","source_id":"source-paper-62-extended","label":"Motivation, contribution, and prototype boundary","locator":"Abstract and Section 1, PDF pages 1-3","url":"/pubs/2022/cscml2022-abe-msoffice-extended-version.pdf#page=1"},{"id":"anchor-paper-62-setting","source_id":"source-paper-62-extended","label":"Key authority, hosting, encryption/decryption services, and recipients","locator":"Sections 3.1-3.2, PDF pages 6-7","url":"/pubs/2022/cscml2022-abe-msoffice-extended-version.pdf#page=6"},{"id":"anchor-paper-62-workflows","source_id":"source-paper-62-extended","label":"Spreadsheet creation, hybrid encryption, storage, and decryption workflows","locator":"Sections 3.3-3.5, PDF pages 7-11","url":"/pubs/2022/cscml2022-abe-msoffice-extended-version.pdf#page=7"},{"id":"anchor-paper-62-policies","source_id":"source-paper-62-extended","label":"Policy language, numerical attributes, parser modification, and bit-length caveat","locator":"Section 3.6, PDF pages 11-13","url":"/pubs/2022/cscml2022-abe-msoffice-extended-version.pdf#page=11"},{"id":"anchor-paper-62-evaluation","source_id":"source-paper-62-extended","label":"FAME/Charm environment and encryption, decryption, and size measurements","locator":"Section 4 and Tables 1-3, PDF pages 13-16","url":"/pubs/2022/cscml2022-abe-msoffice-extended-version.pdf#page=13"},{"id":"anchor-paper-62-alternative","source_id":"source-paper-62-extended","label":"Standardized multi-receiver alternative, informal security reasoning, and limits","locator":"Section 5, PDF pages 16-20","url":"/pubs/2022/cscml2022-abe-msoffice-extended-version.pdf#page=16"},{"id":"anchor-paper-62-deployment","source_id":"source-paper-62-extended","label":"Enterprise building blocks and cloud, hybrid, and on-premises deployment options","locator":"Section 6, PDF pages 20-22","url":"/pubs/2022/cscml2022-abe-msoffice-extended-version.pdf#page=20"},{"id":"anchor-paper-62-platforms","source_id":"source-paper-62-extended","label":"Extension to other platforms and client-side-execution boundary","locator":"Sections 7-8, PDF pages 22-24","url":"/pubs/2022/cscml2022-abe-msoffice-extended-version.pdf#page=22"},{"id":"anchor-paper-62-published-version","source_id":"source-paper-62-published","label":"Published version identity and abstract","locator":"Title page and abstract, PDF page 1","url":"/pubs/2022/cscml2022-abe-msoffice.pdf#page=1"},{"id":"anchor-paper-62-publication","source_id":"source-paper-62-official","label":"Official peer-reviewed publication record","locator":"CSCML 2022, DOI 10.1007/978-3-031-07689-3_32","url":"https://doi.org/10.1007/978-3-031-07689-3_32"},{"id":"anchor-paper-62-citations","source_id":"source-paper-62-openalex","label":"Dated citation-count snapshot","locator":"OpenAlex cited_by_count = 0, queried by DOI on 2026-07-11","url":"https://api.openalex.org/works/W4285178185"}],"nodes":[{"id":"paper-62","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"In-app selective access control","summary":"A working Office add-in design for encrypting selected document regions under attribute policies, evaluated as an Excel prototype and extended with enterprise-deployment analysis.","source_anchor_ids":["anchor-paper-62-problem","anchor-paper-62-published-version"]},{"id":"paper-62-question","kind":"question","parent_id":"paper-62","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can users selectively share one intact Office document while cryptography, rather than a trusted document server, determines which protected regions each recipient can read?","source_anchor_ids":["anchor-paper-62-problem"]},{"id":"paper-62-answer","kind":"contribution","parent_id":"paper-62","order":2,"epistemic_status":"implemented_and_measured","title":"Central answer","summary":"Integrate a policy UI and hybrid encryption into an Office JavaScript add-in, place encrypted cell data in the document's custom XML, and release a data key only when a recipient's CP-ABE attributes satisfy the policy.","source_anchor_ids":["anchor-paper-62-workflows","anchor-paper-62-evaluation"]},{"id":"paper-62-scope","kind":"scope","parent_id":"paper-62","order":3,"epistemic_status":"explicitly_scoped","title":"System and trust boundary","summary":"The prototype protects selected spreadsheet content while relying on a key-issuing authority, Office's add-in and document APIs, cryptographic implementations, and secure handling of recipient keys.","source_anchor_ids":["anchor-paper-62-setting","anchor-paper-62-deployment"]},{"id":"paper-62-scope-authority","kind":"assumption","parent_id":"paper-62-scope","order":1,"epistemic_status":"trusted_component","title":"Key authority and identity integration","summary":"An authority alone holds the CP-ABE master secret and issues attribute keys; an enterprise deployment must connect that lifecycle to IAM, private-key storage, revocation, and logging infrastructure.","source_anchor_ids":["anchor-paper-62-setting","anchor-paper-62-deployment"]},{"id":"paper-62-scheme","kind":"scheme","parent_id":"paper-62","order":4,"epistemic_status":"implemented","title":"Selective-encryption scheme","summary":"The design combines local authenticated symmetric encryption for cell contents with FAME CP-ABE encapsulation of a random content key and an embedded policy describing eligible attributes.","source_anchor_ids":["anchor-paper-62-workflows","anchor-paper-62-evaluation"]},{"id":"paper-62-scheme-document","kind":"component","parent_id":"paper-62-scheme","order":1,"epistemic_status":"implemented","title":"Document-preserving storage","summary":"Ciphertexts and metadata are stored in a custom XML part, protected cells are cleared or shown as unavailable, and formulas remain recoverable because the workflow encrypts underlying cell inputs rather than only rendered text.","source_anchor_ids":["anchor-paper-62-workflows"]},{"id":"paper-62-scheme-policy","kind":"component","parent_id":"paper-62-scheme","order":2,"epistemic_status":"implemented_with_caveats","title":"Policy representation","summary":"The UI supports AND/OR combinations over string and numerical predicates; numerical comparisons are compiled into bit attributes, increasing policy size and requiring a fixed bit length chosen consistently by issuers and encryptors.","source_anchor_ids":["anchor-paper-62-policies"]},{"id":"paper-62-claims","kind":"claim_group","parent_id":"paper-62","order":5,"epistemic_status":"mixed","title":"Principal claims","summary":"The paper makes an implementation claim, a conditional confidentiality claim, and a measured usability/performance claim; it does not claim a production deployment or an end-to-end formal proof.","source_anchor_ids":["anchor-paper-62-workflows","anchor-paper-62-evaluation","anchor-paper-62-alternative"]},{"id":"paper-62-claim-access","kind":"claim","parent_id":"paper-62-claims","order":1,"epistemic_status":"cryptographically_conditional","title":"Attribute-gated confidentiality","summary":"A recipient who lacks a CP-ABE key satisfying the cell policy should not recover the symmetric content key, conditional on the CP-ABE, authenticated-encryption, key-issuance, and client-execution assumptions.","source_anchor_ids":["anchor-paper-62-workflows","anchor-paper-62-evaluation"]},{"id":"paper-62-claim-performance","kind":"claim","parent_id":"paper-62-claims","order":2,"epistemic_status":"experimentally_supported","title":"Interactive-scale prototype performance","summary":"In the reported laptop/Docker environment, encrypting 10,000 cells ranges from 580 ms for the simplest policy to 1.614 s for the largest tested policy; decrypting one to ten 100-cell ranges averages about 1.082-1.851 s.","source_anchor_ids":["anchor-paper-62-evaluation"]},{"id":"paper-62-evidence","kind":"evidence_group","parent_id":"paper-62","order":6,"epistemic_status":"implemented_and_measured","title":"Evidence chain","summary":"Evidence consists of described add-in workflows, screenshots, a FAME/Charm prototype, concrete policy and file-size tests, and deployment analysis; no public code repository or independent reproduction is identified in the audited sources.","source_anchor_ids":["anchor-paper-62-workflows","anchor-paper-62-evaluation","anchor-paper-62-deployment"]},{"id":"paper-62-boundaries","kind":"limitation_group","parent_id":"paper-62","order":7,"epistemic_status":"material","title":"Limits and unresolved obligations","summary":"The tested system is a prototype, large numerical policies expand substantially, the standardized fallback loses collusion resistance for AND clauses, and production security depends on key lifecycle, trusted client execution, Office APIs, and enterprise integration.","source_anchor_ids":["anchor-paper-62-policies","anchor-paper-62-alternative","anchor-paper-62-deployment"]},{"id":"paper-62-boundary-platform","kind":"limitation","parent_id":"paper-62-boundaries","order":1,"epistemic_status":"platform_dependent","title":"Client-side execution is essential","summary":"Platforms that execute extensions only on a server may expose plaintext or long-term keys to that server; the paper's out-of-platform workaround improves trust placement at a cost in usability.","source_anchor_ids":["anchor-paper-62-platforms"]},{"id":"paper-62-resources","kind":"artifact_group","parent_id":"paper-62","order":8,"epistemic_status":"source_available","title":"Auditable resources and versions","summary":"Both the published and extended PDFs are checked into this site with fixity and page counts. They are distinct versions: the extended copy adds material and should not silently replace the published record.","source_anchor_ids":["anchor-paper-62-published-version","anchor-paper-62-deployment","anchor-paper-62-publication"]},{"id":"paper-62-scrutiny","kind":"scrutiny","parent_id":"paper-62","order":9,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The proceedings paper appeared at CSCML 2022. No public review reports, artifact evaluation, independent reproduction, correction, or adversarial analysis was located in this audit.","source_anchor_ids":["anchor-paper-62-publication"]},{"id":"paper-62-lineage","kind":"lineage","parent_id":"paper-62","order":10,"epistemic_status":"documented","title":"Research and version lineage","summary":"The work applies mature CP-ABE ideas to widely used authoring software, with Excel as the measured case and Word, Outlook, PowerPoint, browser, and other platform directions treated at different implementation or future-work stages.","source_anchor_ids":["anchor-paper-62-problem","anchor-paper-62-platforms"]}],"relations":[{"id":"paper-62-relation-question-answer","type":"answered_by","from_id":"paper-62-question","to_id":"paper-62-answer"},{"id":"paper-62-relation-scheme-answer","type":"realizes","from_id":"paper-62-scheme","to_id":"paper-62-answer"},{"id":"paper-62-relation-scope-claims","type":"qualifies","from_id":"paper-62-scope","to_id":"paper-62-claims"},{"id":"paper-62-relation-policy-scheme","type":"component_of","from_id":"paper-62-scheme-policy","to_id":"paper-62-scheme"},{"id":"paper-62-relation-evidence-claims","type":"supports","from_id":"paper-62-evidence","to_id":"paper-62-claims"},{"id":"paper-62-relation-boundaries-claims","type":"qualifies","from_id":"paper-62-boundaries","to_id":"paper-62-claims"},{"id":"paper-62-relation-resources-evidence","type":"enables_audit_of","from_id":"paper-62-resources","to_id":"paper-62-evidence"},{"id":"paper-62-relation-scrutiny-claims","type":"contextualizes","from_id":"paper-62-scrutiny","to_id":"paper-62-claims"}],"assessment":{"id":"paper-62-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The paper specifies a concrete scheme and trust boundary, implements the central workflow, and reports multiple performance and size experiments; production deployment, public code, usability studies, and independent reproduction remain outside that evidence.","basis_source_anchor_ids":["anchor-paper-62-workflows","anchor-paper-62-evaluation","anchor-paper-62-alternative"]},{"id":"auditability","level":"high","rationale":"Both public full-text versions are checked into the author site with recorded SHA-256 hashes and page counts, making the assumptions, workflow, measurements, and version differences directly inspectable.","basis_source_anchor_ids":["anchor-paper-62-published-version","anchor-paper-62-problem","anchor-paper-62-evaluation"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, two identifiable versions, and peer-reviewed publication establish baseline provenance; contributor roles, revision history, prototype revision, tool/AI use, and author approval of this map are incomplete.","basis_source_anchor_ids":["anchor-paper-62-published-version","anchor-paper-62-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"CSCML publication supplies venue-level scrutiny, but no public reviews, artifact evaluation, independent reproduction, or adversarial analysis was located.","basis_source_anchor_ids":["anchor-paper-62-publication"]},{"id":"reception","level":"low","rationale":"OpenAlex record W4285178185 reported 0 citations in a DOI-specific query on 2026-07-11; this is a time-dependent index snapshot with database coverage and record-linkage limits.","basis_source_anchor_ids":["anchor-paper-62-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The work demonstrates a concrete route from ABE research to familiar enterprise documents and measures it, but the audited evidence does not establish broad deployment, standardization, or downstream adoption.","basis_source_anchor_ids":["anchor-paper-62-problem","anchor-paper-62-evaluation","anchor-paper-62-platforms"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex work lookup filtered by DOI 10.1007/978-3-031-07689-3_32","citation_count":0,"signals":[{"type":"citation_count","value":0,"source_url":"https://api.openalex.org/works/W4285178185"}],"limitation":"OpenAlex coverage, deduplication, and citation linkage are incomplete and can change; the count is a dated observation rather than a quality judgment."}},"paper_63":{"schema_version":"0.1","map_id":"paper-63-map","publication_id":63,"publication_anchor":"paper-63","slug":"paper-63","canonical_path":"/knowledge/papers/paper-63/","machine_path":"/knowledge/papers/paper-63.json","root_node_id":"paper-63","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":[],"title":"How Byzantine Is a Send Corruption?","year":2022,"venue":"20th International Conference on Applied Cryptography and Network Security (ACNS)","publication_status":"Published","topic":"algorithms-foundations","labels":["Theory"],"authors":["Karim Eldefrawy","Julian Loss","Ben Terner"],"keywords":["Byzantine agreement","consensus","send corruption","receive corruption","strongly adaptive adversary","expected constant rounds"],"research_question":"In synchronous consensus with Byzantine, receive, and honest-but-faulty send corruptions, what fault thresholds are achievable in expected constant rounds, and how much weaker than Byzantine control is the ability to suppress an honest party's outgoing messages?","central_answer":"The paper constructs expected-constant-round consensus from all-to-all repair, weak broadcast, weak consensus, graded consensus, and a common coin. It proves security for n greater than t_rcv + 2t_snd + 2t_byz under general send corruption, and for n greater than t_rcv + t_snd + 2t_byz under spotty all-or-none per-round send corruption; the latter threshold is proved optimal, while optimality in the general case remains open.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text theorem extraction, model mapping, and initial assessment"}],"method":"Source-grounded review of the complete 33-page IACR ePrint and the official and CISPA publication records. The map separates the general-send theorem from the stronger spotty-send theorem and its matching impossibility result.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting author verification. Fault-model terminology, threshold notation, and the scope of the optimality theorem should be checked before approval."}},"sources":[{"id":"source-paper-63-eprint","type":"public_archive_copy","title":"How Byzantine Is a Send Corruption?","url":"https://eprint.iacr.org/2021/796.pdf","provenance_category":"archive","media_type":"application/pdf","page_count":33,"version_note":"IACR ePrint full version used for the technical audit."},{"id":"source-paper-63-official","type":"official_publication_record","title":"Springer ACNS 2022 chapter record","url":"https://doi.org/10.1007/978-3-031-09234-3_34","provenance_category":"official"},{"id":"source-paper-63-author","type":"author_affiliation_record","title":"CISPA publication page","url":"https://cispa.de/en/research/publications/66354-how-byzantine-is-a-send-corruption-","provenance_category":"author"},{"id":"source-paper-63-openalex","type":"citation_index_snapshot","title":"OpenAlex record W3186077535","url":"https://api.openalex.org/works/W3186077535","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-63-results","source_id":"source-paper-63-eprint","label":"Research question, thresholds, pathology, and open general-case optimality","locator":"Abstract and Sections 1.1-1.5, PDF pages 1-7","url":"https://eprint.iacr.org/2021/796.pdf#page=1"},{"id":"anchor-paper-63-model","source_id":"source-paper-63-eprint","label":"Synchronous network, corruption modes, strong rushing, PKI, and common coin","locator":"Sections 2.1-2.2, PDF pages 7-10","url":"https://eprint.iacr.org/2021/796.pdf#page=7"},{"id":"anchor-paper-63-pathology","source_id":"source-paper-63-eprint","label":"Dolev-Strong lower bound, degradation, and failure of recent techniques","locator":"Section 3, PDF pages 11-14","url":"https://eprint.iacr.org/2021/796.pdf#page=11"},{"id":"anchor-paper-63-fixreceive","source_id":"source-paper-63-eprint","label":"Two-round all-to-all FixReceive and zombie detection","locator":"Section 4.1 and Protocol 2, PDF pages 14-15","url":"https://eprint.iacr.org/2021/796.pdf#page=14"},{"id":"anchor-paper-63-building-blocks","source_id":"source-paper-63-eprint","label":"Weak broadcast, weak consensus, and graded consensus","locator":"Sections 4.2-4.4 and Protocols 3-5, PDF pages 15-21","url":"https://eprint.iacr.org/2021/796.pdf#page=15"},{"id":"anchor-paper-63-main-theorem","source_id":"source-paper-63-eprint","label":"Expected-constant-round protocol and general-send security theorem","locator":"Section 4.5, Theorem 3, Protocol 6, and Lemmas 7-11, PDF pages 22-26","url":"https://eprint.iacr.org/2021/796.pdf#page=22"},{"id":"anchor-paper-63-spotty","source_id":"source-paper-63-eprint","label":"Improved spotty-send threshold and matching impossibility","locator":"Section 5, Theorems 4-5, PDF pages 26-28","url":"https://eprint.iacr.org/2021/796.pdf#page=26"},{"id":"anchor-paper-63-publication","source_id":"source-paper-63-official","label":"Official peer-reviewed publication record","locator":"ACNS 2022, DOI 10.1007/978-3-031-09234-3_34","url":"https://doi.org/10.1007/978-3-031-09234-3_34"},{"id":"anchor-paper-63-author-summary","source_id":"source-paper-63-author","label":"Author-affiliation summary and publication identity","locator":"CISPA publication page, accessed 2026-07-11","url":"https://cispa.de/en/research/publications/66354-how-byzantine-is-a-send-corruption-"},{"id":"anchor-paper-63-citations","source_id":"source-paper-63-openalex","label":"Dated citation-count snapshot","locator":"OpenAlex cited_by_count = 5, queried by DOI on 2026-07-11","url":"https://api.openalex.org/works/W3186077535"}],"nodes":[{"id":"paper-63","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"How Byzantine is send corruption?","summary":"A theory of synchronous consensus under mixed Byzantine, send, and receive corruptions, with expected-constant-round constructions and a tight result for the spotty-send submodel.","source_anchor_ids":["anchor-paper-63-results"]},{"id":"paper-63-question","kind":"question","parent_id":"paper-63","order":1,"epistemic_status":"research_question","title":"Research question","summary":"How do achievable consensus thresholds change when faulty parties follow the protocol but an adaptive adversary suppresses messages they send or receive?","source_anchor_ids":["anchor-paper-63-results"]},{"id":"paper-63-answer","kind":"contribution","parent_id":"paper-63","order":2,"epistemic_status":"proved_conditional","title":"Central answer","summary":"General send faults incur a coefficient of two in the proved threshold; restricting each corrupted sender's round to uniform delivery or uniform dropping removes that extra coefficient and yields a matching lower bound.","source_anchor_ids":["anchor-paper-63-main-theorem","anchor-paper-63-spotty"]},{"id":"paper-63-model-node","kind":"threat_model","parent_id":"paper-63","order":3,"epistemic_status":"defined","title":"Synchronous mixed-corruption model","summary":"Parties communicate over authenticated point-to-point channels with known delay bound; a strongly rushing adaptive adversary may select Byzantine, receive-corrupt, and send-corrupt parties, with overlap counted in each applicable budget.","source_anchor_ids":["anchor-paper-63-model"]},{"id":"paper-63-model-live","kind":"definition","parent_id":"paper-63-model-node","order":1,"epistemic_status":"defined","title":"Live parties and zombies","summary":"Honest, send-corrupt, and undetected receive-corrupt parties are live and must produce consistent outputs; a receive-corrupt party that detects missing traffic becomes a zombie, stops participating, and outputs failure.","source_anchor_ids":["anchor-paper-63-model","anchor-paper-63-fixreceive"]},{"id":"paper-63-model-spotty","kind":"definition","parent_id":"paper-63-model-node","order":2,"epistemic_status":"defined","title":"General versus spotty send corruption","summary":"General send corruption permits recipient-selective suppression, whereas spotty corruption requires all of a sender's still-undelivered messages in a round to be delivered or dropped together.","source_anchor_ids":["anchor-paper-63-model"]},{"id":"paper-63-pathology-node","kind":"analysis","parent_id":"paper-63","order":4,"epistemic_status":"proved_and_demonstrated","title":"Why send faults are unexpectedly strong","summary":"Selective delivery can give honest and send-corrupt groups incompatible views while both groups' outputs remain constrained; threshold signatures, leader-election techniques, and time-lock-puzzle broadcast do not automatically repair this asymmetry.","source_anchor_ids":["anchor-paper-63-pathology"]},{"id":"paper-63-construction","kind":"method","parent_id":"paper-63","order":5,"epistemic_status":"formally_specified","title":"Consensus construction","summary":"The construction composes all-to-all FixReceive, weak broadcast, weak consensus, graded consensus, a common coin, and signed decision certificates in a repeated coin-loop.","source_anchor_ids":["anchor-paper-63-fixreceive","anchor-paper-63-building-blocks","anchor-paper-63-main-theorem"]},{"id":"paper-63-construction-repair","kind":"component","parent_id":"paper-63-construction","order":1,"epistemic_status":"specified_and_proved","title":"All-to-all FixReceive","summary":"Parties send signed inputs, relay unique first-round messages, and become zombies if too few messages arrive; the proofs ensure a non-zombie party receives honest-origin traffic and propagates honest messages across live views.","source_anchor_ids":["anchor-paper-63-fixreceive"]},{"id":"paper-63-construction-graded","kind":"component","parent_id":"paper-63-construction","order":2,"epistemic_status":"specified_and_proved","title":"Graded-consensus bridge","summary":"Weak-consensus outputs are weak-broadcast in parallel; a party chooses the majority bit and assigns grade one only after a large enough support threshold rules out a conflicting live grade-one output.","source_anchor_ids":["anchor-paper-63-building-blocks"]},{"id":"paper-63-construction-coin","kind":"component","parent_id":"paper-63-construction","order":3,"epistemic_status":"assumes_primitive","title":"Common-coin loop and certificates","summary":"Each iteration combines graded consensus with a common coin; signed decision certificates propagate termination while preserving a single decision value.","source_anchor_ids":["anchor-paper-63-main-theorem"]},{"id":"paper-63-claims","kind":"claim_group","parent_id":"paper-63","order":6,"epistemic_status":"proved_conditional","title":"Main results","summary":"The full version proves validity, consistency, and expected termination under explicit threshold, synchrony, PKI/signature, and common-coin assumptions.","source_anchor_ids":["anchor-paper-63-main-theorem","anchor-paper-63-spotty"]},{"id":"paper-63-claim-general","kind":"theorem","parent_id":"paper-63-claims","order":1,"epistemic_status":"proved_conditional","title":"General-send threshold","summary":"Theorem 3 proves expected-constant-round consensus when n is greater than t_rcv + 2t_snd + 2t_byz, assuming the specified common coin is available.","source_anchor_ids":["anchor-paper-63-main-theorem"]},{"id":"paper-63-claim-spotty","kind":"theorem","parent_id":"paper-63-claims","order":2,"epistemic_status":"proved_tight","title":"Optimal spotty-send threshold","summary":"Theorems 4 and 5 establish sufficiency above, and impossibility at or below, n = t_rcv + t_snd + 2t_byz in the spotty-send model with zombies.","source_anchor_ids":["anchor-paper-63-spotty"]},{"id":"paper-63-claim-lowerbound","kind":"theorem","parent_id":"paper-63-claims","order":3,"epistemic_status":"inherited_and_reproved","title":"Deterministic-round lower bound","summary":"The Dolev-Strong neighboring-execution argument transfers to send corruptions, so deterministic authenticated broadcast tolerating t_snd send faults cannot finish in fewer than t_snd + 1 rounds.","source_anchor_ids":["anchor-paper-63-pathology"]},{"id":"paper-63-evidence","kind":"evidence_group","parent_id":"paper-63","order":7,"epistemic_status":"formal_paper_proofs","title":"Evidence and proof chain","summary":"Protocol pseudocode, definitions, quorum arguments, reductions among consensus primitives, termination bounds, and a partition-style impossibility proof support the results; no machine-checked proof or implementation artifact is claimed.","source_anchor_ids":["anchor-paper-63-building-blocks","anchor-paper-63-main-theorem","anchor-paper-63-spotty"]},{"id":"paper-63-boundaries","kind":"limitation_group","parent_id":"paper-63","order":8,"epistemic_status":"material","title":"Limits and open questions","summary":"The model is synchronous and uses authenticated channels, a PKI, signatures, and a common coin; optimal combined send/Byzantine tolerance for recipient-selective general send corruption remains unresolved.","source_anchor_ids":["anchor-paper-63-results","anchor-paper-63-model","anchor-paper-63-pathology"]},{"id":"paper-63-resources","kind":"artifact_group","parent_id":"paper-63","order":9,"epistemic_status":"source_available","title":"Auditable resources","summary":"A complete public ePrint supplies definitions, protocols, and proofs, while the Springer DOI and CISPA page establish publication identity; no executable artifact is represented.","source_anchor_ids":["anchor-paper-63-results","anchor-paper-63-publication","anchor-paper-63-author-summary"]},{"id":"paper-63-scrutiny","kind":"scrutiny","parent_id":"paper-63","order":10,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The work appeared at ACNS 2022 and has a public full version. This audit did not locate public reviews, a machine-checked proof audit, a correction, or an independent reproduction.","source_anchor_ids":["anchor-paper-63-publication","anchor-paper-63-citations"]},{"id":"paper-63-lineage","kind":"lineage","parent_id":"paper-63","order":11,"epistemic_status":"documented","title":"Research lineage","summary":"The paper extends mixed crash/send/receive/Byzantine models, diagnoses why dishonest-majority broadcast techniques do not transfer directly, and reframes send corruption through the gap between general and spotty delivery.","source_anchor_ids":["anchor-paper-63-results","anchor-paper-63-pathology"]}],"relations":[{"id":"paper-63-relation-question-answer","type":"answered_by","from_id":"paper-63-question","to_id":"paper-63-answer"},{"id":"paper-63-relation-model-claims","type":"scopes","from_id":"paper-63-model-node","to_id":"paper-63-claims"},{"id":"paper-63-relation-pathology-construction","type":"motivates","from_id":"paper-63-pathology-node","to_id":"paper-63-construction"},{"id":"paper-63-relation-repair-construction","type":"component_of","from_id":"paper-63-construction-repair","to_id":"paper-63-construction"},{"id":"paper-63-relation-construction-general","type":"realizes","from_id":"paper-63-construction","to_id":"paper-63-claim-general"},{"id":"paper-63-relation-spotty-answer","type":"supports","from_id":"paper-63-claim-spotty","to_id":"paper-63-answer"},{"id":"paper-63-relation-evidence-claims","type":"supports","from_id":"paper-63-evidence","to_id":"paper-63-claims"},{"id":"paper-63-relation-boundaries-claims","type":"qualifies","from_id":"paper-63-boundaries","to_id":"paper-63-claims"},{"id":"paper-63-relation-resources-evidence","type":"enables_audit_of","from_id":"paper-63-resources","to_id":"paper-63-evidence"}],"assessment":{"id":"paper-63-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The full version defines the model, specifies all subprotocols, proves the general and spotty thresholds, and supplies a matching spotty impossibility; the general threshold remains non-optimal and the proofs are not machine checked.","basis_source_anchor_ids":["anchor-paper-63-model","anchor-paper-63-main-theorem","anchor-paper-63-spotty"]},{"id":"auditability","level":"high","rationale":"A complete public IACR full text exposes the definitions, protocol pseudocode, theorem statements, and proofs, with official and author-affiliation metadata linked separately.","basis_source_anchor_ids":["anchor-paper-63-results","anchor-paper-63-main-theorem","anchor-paper-63-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, ePrint identity, and peer-reviewed publication establish baseline provenance; roles, revision decisions, proof review, tool/AI use, and author approval of this map are not fully documented.","basis_source_anchor_ids":["anchor-paper-63-results","anchor-paper-63-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"ACNS publication and public availability provide external exposure, but no public review reports, independent proof audit, formal mechanization, or correction history was located.","basis_source_anchor_ids":["anchor-paper-63-publication","anchor-paper-63-author-summary"]},{"id":"reception","level":"low","rationale":"OpenAlex record W3186077535 reported 5 citations in a DOI-specific query on 2026-07-11; this lies in the rubric's 0-8 range and remains a time-dependent, coverage-limited snapshot.","basis_source_anchor_ids":["anchor-paper-63-citations"]},{"id":"contribution_significance","level":"high","rationale":"The paper supplies the first claimed sublinear-round consensus result allowing a majority of online faulty parties in the spotty model, proves that threshold optimal, and identifies a structural obstruction for general send faults.","basis_source_anchor_ids":["anchor-paper-63-results","anchor-paper-63-spotty"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex work lookup filtered by DOI 10.1007/978-3-031-09234-3_34","citation_count":5,"signals":[{"type":"citation_count","value":5,"source_url":"https://api.openalex.org/works/W3186077535"}],"limitation":"OpenAlex coverage, deduplication, and citation linkage are incomplete and can change; the count is a dated observation rather than a quality judgment."}},"paper_64":{"schema_version":"0.1","map_id":"paper-64-map","publication_id":64,"publication_anchor":"paper-64","slug":"paper-64","canonical_path":"/knowledge/papers/paper-64/","machine_path":"/knowledge/papers/paper-64.json","root_node_id":"paper-64","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["algorithm"],"title":"CraterLake: A Hardware Accelerator for Efficient Unbounded Computation on Encrypted Data","short_title":"CraterLake","year":2022,"venue":"49th International Symposium on Computer Architecture (ISCA)","publication_status":"Published","topic":"secure-encrypted-computation","labels":["Applied"],"authors":["Nikola Samardzic","Axel Feldmann","Aleksandar Krastev","Nathan Manohar","Nicholas Genise","Srinivas Devadas","Karim Eldefrawy","Chris Peikert","Daniel Sánchez"],"keywords":["fully homomorphic encryption","FHE accelerator","bootstrapping","boosted key switching","hardware compiler co-design"],"research_question":"Can a programmable hardware accelerator remove the refresh bottleneck that had limited prior FHE accelerators to bounded-depth programs and efficiently execute deep encrypted workloads?","central_answer":"CraterLake combines boosted key switching, a 2,048-lane vector architecture, specialized residue and key-switch generation units, and a scheduling compiler. In cycle-accurate simulation and RTL synthesis it supports CKKS, BGV, and GSW computations with bootstrapping and substantially outperforms the evaluated CPU and prior-accelerator baselines on deep workloads; these are modeled and synthesized results, not measurements from fabricated silicon.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, claim-evidence mapping, and initial assessment"}],"method":"Source-grounded review of the complete 15-page author copy, including visual inspection of the title page and evaluation pages, cross-checked against the official DOI and public-access record.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting author verification; architecture interpretations, benchmark readings, and ratings remain provisional until approval."}},"sources":[{"id":"source-paper-64-local-pdf","type":"author_hosted_copy","title":"CraterLake: A Hardware Accelerator for Efficient Unbounded Computation on Encrypted Data","url":"/pubs/2022/craterlake-isca2022.pdf","provenance_category":"author","retrieved_from":"https://people.csail.mit.edu/sanchez/papers/2022.craterlake.isca.pdf","media_type":"application/pdf","sha256":"3800eb135cdf91e1c86b959ecdf86df15cf72a8d64d97d8c820040cdbad9e5de","page_count":15},{"id":"source-paper-64-official","type":"official_publication_record","title":"ACM ISCA 2022 publication record","url":"https://doi.org/10.1145/3470496.3527393","provenance_category":"official"},{"id":"source-paper-64-public-access","type":"public_archive_copy","title":"NSF Public Access copy","url":"https://par.nsf.gov/servlets/purl/10350313","provenance_category":"archive"},{"id":"source-paper-64-citations","type":"citation_index_snapshot","title":"OpenAlex record W4281792301","url":"https://api.openalex.org/works/W4281792301","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-64-problem","source_id":"source-paper-64-local-pdf","label":"FHE depth barrier and CraterLake contributions","locator":"Abstract and Sections 1-2, PDF pages 1-4","url":"/pubs/2022/craterlake-isca2022.pdf#page=1"},{"id":"anchor-paper-64-fhe-model","source_id":"source-paper-64-local-pdf","label":"Supported schemes, ciphertext representation, and key switching","locator":"Section 2, PDF pages 2-4","url":"/pubs/2022/craterlake-isca2022.pdf#page=2"},{"id":"anchor-paper-64-boosted","source_id":"source-paper-64-local-pdf","label":"Boosted key-switching algorithm and data reduction","locator":"Section 3, PDF pages 4-6","url":"/pubs/2022/craterlake-isca2022.pdf#page=4"},{"id":"anchor-paper-64-architecture","source_id":"source-paper-64-local-pdf","label":"Vector organization, transpose network, residue conversion, and key-switch generation","locator":"Sections 4-5, PDF pages 6-9","url":"/pubs/2022/craterlake-isca2022.pdf#page=6"},{"id":"anchor-paper-64-compiler","source_id":"source-paper-64-local-pdf","label":"Compiler scheduling, chaining, and data movement","locator":"Section 6, PDF pages 9-10","url":"/pubs/2022/craterlake-isca2022.pdf#page=9"},{"id":"anchor-paper-64-implementation","source_id":"source-paper-64-local-pdf","label":"RTL synthesis, physical estimates, and simulation method","locator":"Sections 7-8, PDF pages 10-11","url":"/pubs/2022/craterlake-isca2022.pdf#page=10"},{"id":"anchor-paper-64-performance","source_id":"source-paper-64-local-pdf","label":"Deep-workload latency and baseline comparisons","locator":"Section 9 and Table 3, PDF pages 11-13","url":"/pubs/2022/craterlake-isca2022.pdf#page=11"},{"id":"anchor-paper-64-energy-security","source_id":"source-paper-64-local-pdf","label":"Energy and higher-security-parameter sensitivity","locator":"Section 9, PDF pages 12-13","url":"/pubs/2022/craterlake-isca2022.pdf#page=12"},{"id":"anchor-paper-64-conclusion","source_id":"source-paper-64-local-pdf","label":"Conclusions and stated scope","locator":"Section 11, PDF page 14","url":"/pubs/2022/craterlake-isca2022.pdf#page=14"},{"id":"anchor-paper-64-publication","source_id":"source-paper-64-official","label":"Official publication identity","locator":"ISCA 2022, DOI 10.1145/3470496.3527393","url":"https://doi.org/10.1145/3470496.3527393"},{"id":"anchor-paper-64-citation-count","source_id":"source-paper-64-citations","label":"Dated citation-count snapshot","locator":"OpenAlex cited_by_count was 177 when accessed 2026-07-11","url":"https://api.openalex.org/works/W4281792301"}],"nodes":[{"id":"paper-64","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"CraterLake","summary":"A hardware-software co-design for bootstrappable, programmable FHE whose evaluated contribution is efficient execution of workloads that exceed a fixed multiplicative-depth budget.","source_anchor_ids":["anchor-paper-64-problem"]},{"id":"paper-64-question","kind":"question","parent_id":"paper-64","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can an FHE accelerator efficiently refresh very large ciphertexts and thereby support general computations of unbounded multiplicative depth?","source_anchor_ids":["anchor-paper-64-problem"]},{"id":"paper-64-answer","kind":"contribution","parent_id":"paper-64","order":2,"epistemic_status":"source_asserted","title":"Central answer","summary":"The design makes bootstrapping a first-class workload through a compact key-switch method, wide parallel datapath, on-chip specialization, and compiler-controlled reuse; the resulting simulated system executes deep CKKS workloads much faster than the evaluated baselines.","source_anchor_ids":["anchor-paper-64-boosted","anchor-paper-64-architecture","anchor-paper-64-performance"]},{"id":"paper-64-model","kind":"model","parent_id":"paper-64","order":3,"epistemic_status":"defined","title":"Cryptographic and workload model","summary":"The architecture targets ring-based FHE operations and supports CKKS, BGV, and GSW, with evaluation centered on CKKS. Deep parameter sets contain 64K ring elements and roughly 1,600-bit coefficients, making one ciphertext about 25 MB.","source_anchor_ids":["anchor-paper-64-fhe-model","anchor-paper-64-problem"]},{"id":"paper-64-model-security","kind":"assumption","parent_id":"paper-64-model","order":1,"epistemic_status":"parameter_dependent","title":"Security and correctness are parameter dependent","summary":"CraterLake accelerates cryptographic computations chosen by the application and compiler; semantic security, numerical precision, circuit correctness, and parameter adequacy remain properties of the selected FHE scheme and parameter set.","source_anchor_ids":["anchor-paper-64-fhe-model","anchor-paper-64-energy-security"]},{"id":"paper-64-design","kind":"system","parent_id":"paper-64","order":4,"epistemic_status":"constructed","title":"Hardware-software construction","summary":"The system integrates algorithmic key-switch compression, a wide vector processor, specialized functional units, memory organization, and static compiler scheduling.","source_anchor_ids":["anchor-paper-64-boosted","anchor-paper-64-architecture","anchor-paper-64-compiler"]},{"id":"paper-64-design-boosted","kind":"algorithm","parent_id":"paper-64-design","order":1,"epistemic_status":"constructed","title":"Boosted key switching","summary":"The boosted formulation reduces projected auxiliary key material for a deep parameter set from roughly 1.4 GB to about 50 MB, making reuse and movement feasible; KSHGen can generate half of a hint on demand and reduce resident hint storage to about 25 MB.","source_anchor_ids":["anchor-paper-64-boosted","anchor-paper-64-architecture"]},{"id":"paper-64-design-datapath","kind":"architecture","parent_id":"paper-64-design","order":2,"epistemic_status":"constructed","title":"Wide-vector datapath","summary":"A 2,048-lane uniprocessor, fixed transpose network, and specialized residue-conversion and key-switch-generation units expose the parallelism and data transforms used by large polynomial operations.","source_anchor_ids":["anchor-paper-64-architecture"]},{"id":"paper-64-design-compiler","kind":"method","parent_id":"paper-64-design","order":3,"epistemic_status":"implemented","title":"Compiler-directed scheduling","summary":"The compiler schedules operations, reuses data, overlaps or decouples movement from computation, and chains kernels so intermediate values need not repeatedly traverse costly memory paths.","source_anchor_ids":["anchor-paper-64-compiler"]},{"id":"paper-64-claims","kind":"claim_group","parent_id":"paper-64","order":5,"epistemic_status":"source_asserted","title":"Principal claims","summary":"The paper claims practical acceleration of unbounded-depth FHE and reports advantages in latency and energy over its evaluated CPU and F1+ baselines.","source_anchor_ids":["anchor-paper-64-performance","anchor-paper-64-energy-security"]},{"id":"paper-64-claim-depth","kind":"claim","parent_id":"paper-64-claims","order":1,"epistemic_status":"supported_by_evaluation","title":"Refresh enables deep workloads","summary":"Unlike accelerators restricted to circuits within a fixed noise budget, the represented design includes bootstrapping and therefore runs the evaluated deep ResNet, LSTM, and other workloads without a bounded-depth architectural ceiling.","source_anchor_ids":["anchor-paper-64-problem","anchor-paper-64-performance"]},{"id":"paper-64-claim-speed","kind":"claim","parent_id":"paper-64-claims","order":2,"epistemic_status":"measured_in_model","title":"Large modeled speedups on deep workloads","summary":"Across the paper's deep benchmark set, CraterLake reports an 11.2x geometric-mean speedup over the scaled F1+ baseline and 4,611x over the CPU baseline; reported examples include 249.45 ms for ResNet-20 and 3.91 ms for packed bootstrapping.","source_anchor_ids":["anchor-paper-64-performance"]},{"id":"paper-64-claim-energy","kind":"claim","parent_id":"paper-64-claims","order":3,"epistemic_status":"estimated","title":"Energy advantage","summary":"The modeled deep-workload evaluation reports about 18x lower energy and about 201x higher performance per joule than scaled F1+.","source_anchor_ids":["anchor-paper-64-energy-security"]},{"id":"paper-64-evidence","kind":"evidence_group","parent_id":"paper-64","order":6,"epistemic_status":"documented","title":"Evaluation evidence","summary":"The evidence combines RTL synthesis and cycle-accurate architectural simulation with a 32-core AMD Threadripper CPU and a scaled improved F1+ design as baselines.","source_anchor_ids":["anchor-paper-64-implementation","anchor-paper-64-performance"]},{"id":"paper-64-evidence-scaling","kind":"evidence","parent_id":"paper-64-evidence","order":1,"epistemic_status":"sensitivity_analysis","title":"Security-parameter sensitivity","summary":"Relative to the base 80-bit parameter evaluation, the paper reports a 1.36x geometric-mean slowdown at 128-bit security and 2.60x at 200-bit security, the latter using a larger 128K-element hardware configuration.","source_anchor_ids":["anchor-paper-64-energy-security"]},{"id":"paper-64-boundaries","kind":"limitation_group","parent_id":"paper-64","order":7,"epistemic_status":"explicitly_bounded","title":"Scope and limitations","summary":"The results establish a simulated and synthesized architecture under selected cryptographic parameters and workloads, not universal FHE performance or deployment readiness.","source_anchor_ids":["anchor-paper-64-implementation","anchor-paper-64-performance","anchor-paper-64-conclusion"]},{"id":"paper-64-boundary-silicon","kind":"limitation","parent_id":"paper-64-boundaries","order":1,"epistemic_status":"evidence_boundary","title":"No fabricated-silicon measurement","summary":"Area, power, timing, energy, and workload latency are derived from synthesis and simulation rather than a fabricated chip, so manufacturing and deployment effects remain unevaluated.","source_anchor_ids":["anchor-paper-64-implementation"]},{"id":"paper-64-boundary-generalization","kind":"limitation","parent_id":"paper-64-boundaries","order":2,"epistemic_status":"benchmark_bounded","title":"Benchmark and baseline dependence","summary":"Speedups depend on the selected workloads, parameter sets, compiler schedules, and scaled comparison designs; shallow workloads sometimes narrow or reverse the advantage over F1+.","source_anchor_ids":["anchor-paper-64-performance","anchor-paper-64-energy-security"]},{"id":"paper-64-resources","kind":"artifact_group","parent_id":"paper-64","order":8,"epistemic_status":"source_available","title":"Auditable resources","summary":"The complete author copy is checked into this site with page count and SHA-256; official and NSF public-access records establish publication identity and an independent access route.","source_anchor_ids":["anchor-paper-64-problem","anchor-paper-64-publication"]},{"id":"paper-64-scrutiny","kind":"scrutiny","parent_id":"paper-64","order":9,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"ISCA publication provides venue-level scrutiny. No public review reports, fabricated-hardware reproduction, correction, or independent benchmark replication was located in this audit.","source_anchor_ids":["anchor-paper-64-publication"]},{"id":"paper-64-lineage","kind":"lineage","parent_id":"paper-64","order":10,"epistemic_status":"documented","title":"Architectural lineage","summary":"The evaluation explicitly positions CraterLake against CPU FHE software and the prior F1/F1+ accelerator line, while changing the target from bounded-depth acceleration to refresh-capable deep computation.","source_anchor_ids":["anchor-paper-64-problem","anchor-paper-64-performance"]}],"relations":[{"id":"paper-64-rel-answer-question","type":"addresses","from_id":"paper-64-answer","to_id":"paper-64-question"},{"id":"paper-64-rel-design-answer","type":"realizes","from_id":"paper-64-design","to_id":"paper-64-answer"},{"id":"paper-64-rel-boosted-design","type":"component_of","from_id":"paper-64-design-boosted","to_id":"paper-64-design"},{"id":"paper-64-rel-datapath-design","type":"component_of","from_id":"paper-64-design-datapath","to_id":"paper-64-design"},{"id":"paper-64-rel-compiler-design","type":"component_of","from_id":"paper-64-design-compiler","to_id":"paper-64-design"},{"id":"paper-64-rel-evidence-speed","type":"supports","from_id":"paper-64-evidence","to_id":"paper-64-claim-speed"},{"id":"paper-64-rel-evidence-depth","type":"supports","from_id":"paper-64-evidence","to_id":"paper-64-claim-depth"},{"id":"paper-64-rel-evidence-energy","type":"supports","from_id":"paper-64-evidence","to_id":"paper-64-claim-energy"},{"id":"paper-64-rel-model-claims","type":"qualifies","from_id":"paper-64-model","to_id":"paper-64-claims"},{"id":"paper-64-rel-boundaries-claims","type":"qualifies","from_id":"paper-64-boundaries","to_id":"paper-64-claims"},{"id":"paper-64-rel-resources-evidence","type":"enables_audit_of","from_id":"paper-64-resources","to_id":"paper-64-evidence"},{"id":"paper-64-rel-lineage-paper","type":"contextualizes","from_id":"paper-64-lineage","to_id":"paper-64"}],"assessment":{"id":"paper-64-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The full paper documents algorithms, architecture, synthesis and simulation methods, baselines, benchmark results, and parameter sensitivity. The evidence is strong for the evaluated model but is not fabricated-silicon validation.","basis_source_anchor_ids":["anchor-paper-64-boosted","anchor-paper-64-implementation","anchor-paper-64-performance"]},{"id":"auditability","level":"high","rationale":"A complete checked-in author copy with fixity and page count, plus official and public-archive records, makes assumptions, methods, and reported measurements directly inspectable.","basis_source_anchor_ids":["anchor-paper-64-problem","anchor-paper-64-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, venue, DOI, manuscript identity, and public copies are documented; contributor roles, revision history, tool use, and artifact-version lineage are not.","basis_source_anchor_ids":["anchor-paper-64-problem","anchor-paper-64-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"ISCA publication establishes venue review, but public reports, independent silicon reproduction, correction history, and adversarial re-evaluation were not located.","basis_source_anchor_ids":["anchor-paper-64-publication"]},{"id":"reception","level":"high","rationale":"The dated OpenAlex snapshot located 177 citations. Under the author-defined rule, 11 or more located citations is High; citation counts do not establish correctness.","basis_source_anchor_ids":["anchor-paper-64-citation-count"]},{"id":"contribution_significance","level":"high","rationale":"The source presents the first accelerator targeting efficient unbounded-depth FHE and demonstrates large deep-workload improvements against contemporary baselines; the rating remains an AI draft pending author review.","basis_source_anchor_ids":["anchor-paper-64-problem","anchor-paper-64-performance"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex work lookup by DOI 10.1145/3470496.3527393","citation_count":177,"source_url":"https://api.openalex.org/works/W4281792301","signals":["OpenAlex reported 177 citing works for the matched publication record."],"limitation":"Citation counts are index- and date-dependent and measure visibility rather than validity, implementation quality, or practical adoption."}},"paper_65":{"schema_version":"0.1","map_id":"paper-65-map","publication_id":65,"publication_anchor":"paper-65","slug":"paper-65","canonical_path":"/knowledge/papers/paper-65/","machine_path":"/knowledge/papers/paper-65.json","root_node_id":"paper-65","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":[],"title":"On the Hardness of Scheme-Switching Between SIMD FHE Schemes","short_title":"Hardness of SIMD FHE Scheme Switching","year":2023,"venue":"14th International Conference on Post-Quantum Cryptography (PQCrypto)","publication_status":"Published","topic":"secure-encrypted-computation","labels":["Theory"],"authors":["Karim Eldefrawy","Nicholas Genise","Nathan Manohar"],"keywords":["fully homomorphic encryption","scheme switching","BGV and BFV","CKKS","bootstrapping","oracle reduction"],"research_question":"Can exact SIMD ciphertexts from BGV or BFV be efficiently converted to approximate CKKS ciphertexts, and back, without making expensive FHE capabilities such as bootstrapping unexpectedly cheap?","central_answer":"The paper gives conditional reductions rather than an unconditional lower bound: sufficiently capable scheme-switching oracles imply bootstrapping for the target schemes with little additional homomorphic work. It also relates comparison access to bootstrapping and nonlinear functions, supplying barrier evidence for general-purpose switching across exact and approximate encodings.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text theorem extraction, assumption mapping, and initial assessment"}],"method":"Source-grounded review of the complete IACR ePrint body, cross-checked against the PQCrypto DOI and IBM author record. The map distinguishes oracle reductions from unconditional impossibility or concrete security lower bounds.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting author verification; theorem readings, reduction boundaries, and ratings should be checked before approval."}},"sources":[{"id":"source-paper-65-eprint","type":"public_preprint","title":"On the Hardness of Scheme-Switching Between SIMD FHE Schemes","url":"https://eprint.iacr.org/2023/988","provenance_category":"archive"},{"id":"source-paper-65-official","type":"official_publication_record","title":"PQCrypto 2023 publication record","url":"https://doi.org/10.1007/978-3-031-40003-2_8","provenance_category":"official"},{"id":"source-paper-65-author","type":"author_record","title":"IBM Research author page","url":"https://research.ibm.com/publications/on-the-hardness-of-scheme-switching-between-simd-fhe-schemes","provenance_category":"author"},{"id":"source-paper-65-citations","type":"citation_index_snapshot","title":"OpenAlex record W4385698748","url":"https://api.openalex.org/works/W4385698748","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-65-problem","source_id":"source-paper-65-eprint","label":"Problem statement, contributions, and interpretation","locator":"Abstract and Section 1","url":"https://eprint.iacr.org/2023/988.pdf"},{"id":"anchor-paper-65-preliminaries","source_id":"source-paper-65-eprint","label":"BGV, BFV, CKKS, SIMD encodings, and oracle notation","locator":"Section 2","url":"https://eprint.iacr.org/2023/988.pdf"},{"id":"anchor-paper-65-switch-definitions","source_id":"source-paper-65-eprint","label":"Weak and strong scheme-switch definitions","locator":"Section 3, including Lemmas 3.1-3.2 and Theorems 3-4","url":"https://eprint.iacr.org/2023/988.pdf"},{"id":"anchor-paper-65-exact-to-approx","source_id":"source-paper-65-eprint","label":"BGV-to-CKKS switching implies CKKS bootstrapping","locator":"Section 4, Theorem 5","url":"https://eprint.iacr.org/2023/988.pdf"},{"id":"anchor-paper-65-approx-to-exact","source_id":"source-paper-65-eprint","label":"CKKS-to-BGV switching implies BGV bootstrapping","locator":"Section 4, Theorem 6 and BFV extension","url":"https://eprint.iacr.org/2023/988.pdf"},{"id":"anchor-paper-65-comparison","source_id":"source-paper-65-eprint","label":"Comparison-oracle consequences","locator":"Section 5","url":"https://eprint.iacr.org/2023/988.pdf"},{"id":"anchor-paper-65-conclusion","source_id":"source-paper-65-eprint","label":"Interpretation and open scope","locator":"Conclusion","url":"https://eprint.iacr.org/2023/988.pdf"},{"id":"anchor-paper-65-publication","source_id":"source-paper-65-official","label":"Official publication identity","locator":"PQCrypto 2023, DOI 10.1007/978-3-031-40003-2_8","url":"https://doi.org/10.1007/978-3-031-40003-2_8"},{"id":"anchor-paper-65-citation-count","source_id":"source-paper-65-citations","label":"Dated citation-count snapshot","locator":"OpenAlex cited_by_count was 1 when accessed 2026-07-11","url":"https://api.openalex.org/works/W4385698748"}],"nodes":[{"id":"paper-65","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Hardness of SIMD FHE scheme switching","summary":"A theory paper that studies exact-to-approximate and approximate-to-exact SIMD FHE conversion through oracle reductions, showing that broadly useful switching would subsume costly refresh capabilities.","source_anchor_ids":["anchor-paper-65-problem"]},{"id":"paper-65-question","kind":"question","parent_id":"paper-65","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Is generic, efficient switching between BGV/BFV exact SIMD encodings and CKKS approximate SIMD encodings substantially easier than bootstrapping?","source_anchor_ids":["anchor-paper-65-problem"]},{"id":"paper-65-answer","kind":"contribution","parent_id":"paper-65","order":2,"epistemic_status":"proved_conditionally","title":"Conditional barrier answer","summary":"Under the formal oracle interfaces, switching in either direction yields bootstrapping for the destination scheme with small additional work. Thus an efficient switching primitive of the modeled strength would also solve a capability usually regarded as expensive.","source_anchor_ids":["anchor-paper-65-exact-to-approx","anchor-paper-65-approx-to-exact"]},{"id":"paper-65-model","kind":"model","parent_id":"paper-65","order":3,"epistemic_status":"defined","title":"Exact and approximate SIMD model","summary":"BGV and BFV represent exact modular plaintext slots, whereas CKKS represents approximate complex or real slots with scale and error; switching must address both ciphertext semantics and plaintext encoding.","source_anchor_ids":["anchor-paper-65-preliminaries"]},{"id":"paper-65-model-oracle","kind":"definition","parent_id":"paper-65-model","order":1,"epistemic_status":"formalized","title":"Weak versus strong switching","summary":"A weak oracle preserves a compatible underlying ring-polynomial representation without performing the full slot-encoding conversion. A strong oracle includes the encoding transformation expected by an application-facing scheme switch.","source_anchor_ids":["anchor-paper-65-switch-definitions"]},{"id":"paper-65-model-encoding","kind":"theorem","parent_id":"paper-65-model","order":2,"epistemic_status":"proved","title":"Weak-to-strong lifting","summary":"The Section 3 lemmas and theorems connect the weak oracle formulations to strong switching by accounting for the relevant BGV and CKKS encoding transformations.","source_anchor_ids":["anchor-paper-65-switch-definitions"]},{"id":"paper-65-results","kind":"claim_group","parent_id":"paper-65","order":4,"epistemic_status":"proved","title":"Reduction results","summary":"The central results are black-box consequences of possessing the specified switching oracle; they are not constructions of a cheap switching implementation.","source_anchor_ids":["anchor-paper-65-exact-to-approx","anchor-paper-65-approx-to-exact"]},{"id":"paper-65-result-bgv-ckks","kind":"theorem","parent_id":"paper-65-results","order":1,"epistemic_status":"proved","title":"Exact-to-approximate switch bootstraps CKKS","summary":"Theorem 5 shows that a weak BGV-to-CKKS switching oracle can be used to bootstrap CKKS with one oracle call and one rescaling step, subject to the theorem's parameter and noise conditions.","source_anchor_ids":["anchor-paper-65-exact-to-approx"]},{"id":"paper-65-result-ckks-bgv","kind":"theorem","parent_id":"paper-65-results","order":2,"epistemic_status":"proved","title":"Approximate-to-exact switch bootstraps BGV","summary":"The reverse reduction uses one CKKS-to-BGV oracle call followed by a homomorphic inner-product style computation, plaintext multiplication and addition, and modulus switching to obtain a refreshed BGV ciphertext; the treatment extends to BFV through the stated conversion.","source_anchor_ids":["anchor-paper-65-approx-to-exact"]},{"id":"paper-65-result-comparison","kind":"theorem","parent_id":"paper-65-results","order":3,"epistemic_status":"proved_conditionally","title":"Comparison access also carries refresh power","summary":"The comparison analysis shows how a suitable comparison oracle can support bootstrapping with few calls for typical parameter regimes and connects the mechanism to nonlinear operations such as minimum, maximum, and ReLU.","source_anchor_ids":["anchor-paper-65-comparison"]},{"id":"paper-65-evidence","kind":"evidence_group","parent_id":"paper-65","order":5,"epistemic_status":"formal","title":"Formal evidence","summary":"The paper's evidence consists of definitions, encoding lemmas, constructive oracle reductions, and explicit noise or parameter accounting rather than implementation benchmarks.","source_anchor_ids":["anchor-paper-65-switch-definitions","anchor-paper-65-exact-to-approx","anchor-paper-65-approx-to-exact"]},{"id":"paper-65-boundaries","kind":"limitation_group","parent_id":"paper-65","order":6,"epistemic_status":"explicitly_bounded","title":"What the reductions do not establish","summary":"The reductions delimit the consequences of modeled switching capabilities but do not prove an unconditional complexity lower bound or impossibility theorem.","source_anchor_ids":["anchor-paper-65-problem","anchor-paper-65-conclusion"]},{"id":"paper-65-boundary-conditional","kind":"limitation","parent_id":"paper-65-boundaries","order":1,"epistemic_status":"logical_boundary","title":"Conditional, not unconditional, hardness","summary":"Showing that A implies B does not prove that A is impossible or as hard as B under every implementation model; the result becomes a hardness barrier only together with an external belief or lower bound about bootstrapping cost.","source_anchor_ids":["anchor-paper-65-exact-to-approx","anchor-paper-65-approx-to-exact"]},{"id":"paper-65-boundary-interface","kind":"limitation","parent_id":"paper-65-boundaries","order":2,"epistemic_status":"model_bounded","title":"Oracle-interface dependence","summary":"A specialized converter outside the weak or strong oracle semantics, a restricted plaintext domain, amortization, or changed correctness and precision requirements may fall outside a theorem's conclusion.","source_anchor_ids":["anchor-paper-65-switch-definitions","anchor-paper-65-conclusion"]},{"id":"paper-65-boundary-empirical","kind":"limitation","parent_id":"paper-65-boundaries","order":3,"epistemic_status":"not_evaluated","title":"No implementation comparison","summary":"The work does not implement a switch, benchmark bootstrapping, or measure engineering tradeoffs; it establishes relative capability, not concrete runtime cost.","source_anchor_ids":["anchor-paper-65-problem","anchor-paper-65-conclusion"]},{"id":"paper-65-resources","kind":"artifact_group","parent_id":"paper-65","order":7,"epistemic_status":"source_available","title":"Auditable resources","summary":"The full IACR manuscript, official DOI, and IBM author record expose the definitions and proof arguments; no code or experimental artifact is claimed.","source_anchor_ids":["anchor-paper-65-problem","anchor-paper-65-publication"]},{"id":"paper-65-scrutiny","kind":"scrutiny","parent_id":"paper-65","order":8,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"PQCrypto publication establishes venue review. No public proof review, correction, independent formalization, or subsequent technical critique was located in this audit.","source_anchor_ids":["anchor-paper-65-publication"]},{"id":"paper-65-lineage","kind":"lineage","parent_id":"paper-65","order":9,"epistemic_status":"documented","title":"Place in the FHE design space","summary":"The paper reframes scheme switching as a relative-capability question linking exact and approximate SIMD schemes to bootstrapping and comparison, rather than proposing another FHE scheme.","source_anchor_ids":["anchor-paper-65-problem","anchor-paper-65-conclusion"]}],"relations":[{"id":"paper-65-rel-answer-question","type":"addresses","from_id":"paper-65-answer","to_id":"paper-65-question"},{"id":"paper-65-rel-model-answer","type":"scopes","from_id":"paper-65-model","to_id":"paper-65-answer"},{"id":"paper-65-rel-lifting-model","type":"connects","from_id":"paper-65-model-encoding","to_id":"paper-65-model-oracle"},{"id":"paper-65-rel-forward-answer","type":"supports","from_id":"paper-65-result-bgv-ckks","to_id":"paper-65-answer"},{"id":"paper-65-rel-reverse-answer","type":"supports","from_id":"paper-65-result-ckks-bgv","to_id":"paper-65-answer"},{"id":"paper-65-rel-comparison-results","type":"extends","from_id":"paper-65-result-comparison","to_id":"paper-65-results"},{"id":"paper-65-rel-evidence-results","type":"supports","from_id":"paper-65-evidence","to_id":"paper-65-results"},{"id":"paper-65-rel-boundaries-results","type":"qualifies","from_id":"paper-65-boundaries","to_id":"paper-65-results"},{"id":"paper-65-rel-conditional-answer","type":"qualifies","from_id":"paper-65-boundary-conditional","to_id":"paper-65-answer"},{"id":"paper-65-rel-resources-evidence","type":"enables_audit_of","from_id":"paper-65-resources","to_id":"paper-65-evidence"},{"id":"paper-65-rel-lineage-paper","type":"contextualizes","from_id":"paper-65-lineage","to_id":"paper-65"}],"assessment":{"id":"paper-65-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The full source supplies formal oracle interfaces, lemmas, reductions, and parameter conditions. High describes the documented support for conditional theorems, not an unconditional hardness proof.","basis_source_anchor_ids":["anchor-paper-65-switch-definitions","anchor-paper-65-exact-to-approx","anchor-paper-65-approx-to-exact"]},{"id":"auditability","level":"high","rationale":"The full IACR manuscript and author record make assumptions, theorem statements, and proofs publicly inspectable, while the official DOI fixes the publication identity.","basis_source_anchor_ids":["anchor-paper-65-problem","anchor-paper-65-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authors, public manuscript, venue, year, and DOI are documented; author roles, revision history, tools, and proof-development process are not.","basis_source_anchor_ids":["anchor-paper-65-problem","anchor-paper-65-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"PQCrypto publication establishes venue scrutiny, but no public reports, independent proof audit, formal verification, or correction history was located.","basis_source_anchor_ids":["anchor-paper-65-publication"]},{"id":"reception","level":"low","rationale":"The dated OpenAlex snapshot located 1 citation. Under the author-defined rule, 0 through 8 located citations is Low; counts do not measure validity.","basis_source_anchor_ids":["anchor-paper-65-citation-count"]},{"id":"contribution_significance","level":"high","rationale":"The reductions expose a general barrier between scheme switching and bootstrapping across major SIMD FHE families. This is a significance assessment of the theorem's scope, not a claim of unconditional impossibility.","basis_source_anchor_ids":["anchor-paper-65-problem","anchor-paper-65-exact-to-approx","anchor-paper-65-approx-to-exact"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex work lookup by DOI 10.1007/978-3-031-40003-2_8","citation_count":1,"source_url":"https://api.openalex.org/works/W4385698748","signals":["OpenAlex reported one citing work for the matched publication record."],"limitation":"Citation counts are index- and date-dependent and do not establish correctness, novelty, or adoption."}},"paper_66":{"schema_version":"0.1","map_id":"paper-66-map","publication_id":66,"publication_anchor":"paper-66","slug":"paper-66","canonical_path":"/knowledge/papers/paper-66/","machine_path":"/knowledge/papers/paper-66.json","root_node_id":"paper-66","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["algorithm"],"title":"Traffic Analysis by Adversaries with Partial Visibility","short_title":"Traffic Analysis with Partial Visibility","year":2023,"venue":"28th European Symposium on Research in Computer Security (ESORICS 2023)","publication_status":"Published · proceedings issued in 2024","topic":"privacy-identity","labels":["Theory","Applied"],"ai_ml_labels":["AI for security"],"authors":["Iness Ben Guirat","Claudia Díaz","Karim Eldefrawy","Hadas Zeilberger"],"keywords":["traffic analysis","mix networks","partial visibility","Bayesian inference","Metropolis-Hastings sampling","anonymity measurement"],"research_question":"How can one estimate what a traffic-analysis adversary can infer when the adversary sees or compromises only selected parts of a mix network and the remaining message-flow trace is hidden?","central_answer":"The paper models visible and hidden flow matrices, factors an adversary into goal, prior knowledge, and observation or compromise capabilities, and uses Metropolis-Hastings sampling to approximate a posterior distribution over hidden traces. A nine-mix case study demonstrates how different partial-visibility adversaries can be represented and sampled; it is a framework and proof-of-concept evaluation, not a universal de-anonymization rate.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text algorithm extraction, evidence mapping, and initial assessment"}],"method":"Source-grounded review of the complete 20-page author-hosted manuscript, including visual inspection of the title and evaluation pages, cross-checked against the official DOI.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting author verification; adversary-model interpretation, evaluation readings, and ratings remain provisional."}},"sources":[{"id":"source-paper-66-local-pdf","type":"author_hosted_copy","title":"Traffic Analysis by Adversaries with Partial Visibility","url":"/pubs/2023/traffic-analysis-partial-visibility-esorics2023.pdf","provenance_category":"author","retrieved_from":"https://www.esat.kuleuven.be/cosic/publications/article-3637.pdf","media_type":"application/pdf","sha256":"ebc2f1971bee7b977274b374f76302ad41e888a6be507d85fed1eddcab348c0a","page_count":20},{"id":"source-paper-66-official","type":"official_publication_record","title":"ESORICS 2023 publication record","url":"https://doi.org/10.1007/978-3-031-51476-0_17","provenance_category":"official"},{"id":"source-paper-66-citations","type":"citation_index_snapshot","title":"OpenAlex record W4390698000","url":"https://api.openalex.org/works/W4390698000","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-66-problem","source_id":"source-paper-66-local-pdf","label":"Partial-visibility problem and contributions","locator":"Abstract and Sections 1-2, PDF pages 1-4","url":"/pubs/2023/traffic-analysis-partial-visibility-esorics2023.pdf#page=1"},{"id":"anchor-paper-66-adversary","source_id":"source-paper-66-local-pdf","label":"Adversary goals, prior knowledge, and capabilities","locator":"Section 3, PDF pages 4-6","url":"/pubs/2023/traffic-analysis-partial-visibility-esorics2023.pdf#page=4"},{"id":"anchor-paper-66-matrices","source_id":"source-paper-66-local-pdf","label":"Matrix trace, observations, hidden state, and constraints","locator":"Section 4, PDF pages 6-9","url":"/pubs/2023/traffic-analysis-partial-visibility-esorics2023.pdf#page=6"},{"id":"anchor-paper-66-sampler","source_id":"source-paper-66-local-pdf","label":"Metropolis-Hastings inference procedure","locator":"Section 5, PDF pages 9-12","url":"/pubs/2023/traffic-analysis-partial-visibility-esorics2023.pdf#page=9"},{"id":"anchor-paper-66-case-study","source_id":"source-paper-66-local-pdf","label":"Nine-mix demonstrator and adversary instantiations","locator":"Section 6, PDF pages 12-13","url":"/pubs/2023/traffic-analysis-partial-visibility-esorics2023.pdf#page=12"},{"id":"anchor-paper-66-evaluation","source_id":"source-paper-66-local-pdf","label":"Implementation, sampling experiments, and convergence checks","locator":"Section 7, PDF pages 13-17","url":"/pubs/2023/traffic-analysis-partial-visibility-esorics2023.pdf#page=13"},{"id":"anchor-paper-66-limitations","source_id":"source-paper-66-local-pdf","label":"Interpretation, limitations, and future work","locator":"Sections 8-9, PDF pages 17-18","url":"/pubs/2023/traffic-analysis-partial-visibility-esorics2023.pdf#page=17"},{"id":"anchor-paper-66-publication","source_id":"source-paper-66-official","label":"Official publication identity","locator":"ESORICS 2023 proceedings, DOI 10.1007/978-3-031-51476-0_17","url":"https://doi.org/10.1007/978-3-031-51476-0_17"},{"id":"anchor-paper-66-citation-count","source_id":"source-paper-66-citations","label":"Dated citation-count snapshot","locator":"OpenAlex cited_by_count was 0 when accessed 2026-07-11","url":"https://api.openalex.org/works/W4390698000"}],"nodes":[{"id":"paper-66","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Traffic analysis with partial visibility","summary":"A general inference framework for representing and sampling the hidden parts of a mix-network trace under adversaries with heterogeneous monitoring and compromise capabilities.","source_anchor_ids":["anchor-paper-66-problem"]},{"id":"paper-66-question","kind":"question","parent_id":"paper-66","order":1,"epistemic_status":"research_question","title":"Research question","summary":"What posterior knowledge about sender-receiver flows is available when an adversary sees only a subset of the network's traffic matrices or internal mappings?","source_anchor_ids":["anchor-paper-66-problem","anchor-paper-66-adversary"]},{"id":"paper-66-answer","kind":"contribution","parent_id":"paper-66","order":2,"epistemic_status":"source_asserted","title":"Central answer","summary":"Represent the known and unknown portions of the network as constrained matrices and sample hidden traces from a posterior that combines observations with an adversarial prior.","source_anchor_ids":["anchor-paper-66-matrices","anchor-paper-66-sampler"]},{"id":"paper-66-model","kind":"model","parent_id":"paper-66","order":3,"epistemic_status":"defined","title":"Mix-network and adversary model","summary":"The communication trace is a sequence of matrices over flows between entities and mixes; an adversary is characterized by its inference goal, prior knowledge, and capability to monitor links or compromise mixes.","source_anchor_ids":["anchor-paper-66-adversary","anchor-paper-66-matrices"]},{"id":"paper-66-model-observation","kind":"definition","parent_id":"paper-66-model","order":1,"epistemic_status":"formalized","title":"Observation and hidden state","summary":"The trace is partitioned into an observed component O and hidden state HS. Network conservation, observed counts, topology, and compromised mappings constrain the set of feasible hidden matrices.","source_anchor_ids":["anchor-paper-66-matrices"]},{"id":"paper-66-model-capabilities","kind":"threat_model","parent_id":"paper-66-model","order":2,"epistemic_status":"defined","title":"Monitoring and compromise capabilities","summary":"The framework distinguishes observation of inter-entity traffic matrices from compromise of a mix, which can expose the mix's input-output correspondence under the modeled honest-but-curious behavior.","source_anchor_ids":["anchor-paper-66-adversary","anchor-paper-66-matrices"]},{"id":"paper-66-algorithm","kind":"algorithm","parent_id":"paper-66","order":4,"epistemic_status":"specified","title":"Posterior inference by Metropolis-Hastings","summary":"A Markov-chain sampler explores feasible hidden traces and estimates adversary-relevant probabilities without enumerating the complete hidden-state space.","source_anchor_ids":["anchor-paper-66-sampler"]},{"id":"paper-66-algorithm-transition","kind":"algorithm_step","parent_id":"paper-66-algorithm","order":1,"epistemic_status":"specified","title":"Feasibility-preserving proposal","summary":"The transition chooses a hidden matrix and exchanges entries across two columns in a way designed to preserve the trace constraints and produce another feasible candidate state.","source_anchor_ids":["anchor-paper-66-sampler"]},{"id":"paper-66-algorithm-posterior","kind":"algorithm_step","parent_id":"paper-66-algorithm","order":2,"epistemic_status":"specified","title":"Bayesian acceptance and estimation","summary":"Candidate transitions are accepted according to the Metropolis-Hastings ratio induced by the adversary's prior and observations, after which samples estimate the posterior quantity tied to the attack goal.","source_anchor_ids":["anchor-paper-66-sampler"]},{"id":"paper-66-claims","kind":"claim_group","parent_id":"paper-66","order":5,"epistemic_status":"source_asserted","title":"Principal claims","summary":"The authors claim a flexible representation for partial visibility and a sampling method that can instantiate substantially different traffic-analysis adversaries within one framework.","source_anchor_ids":["anchor-paper-66-problem","anchor-paper-66-evaluation"]},{"id":"paper-66-claim-generality","kind":"claim","parent_id":"paper-66-claims","order":1,"epistemic_status":"demonstrated","title":"Common model for different adversaries","summary":"The case study instantiates both link-monitoring and mix-compromise views, including a global passive adversary and an adversary compromising entry and exit mixes.","source_anchor_ids":["anchor-paper-66-case-study","anchor-paper-66-evaluation"]},{"id":"paper-66-claim-feasibility","kind":"claim","parent_id":"paper-66-claims","order":2,"epistemic_status":"experimentally_supported","title":"Sampling is feasible in the demonstrator","summary":"The Python implementation generates posterior samples for the evaluated nine-mix, three-layer source-routed topology, and the paper reports convergence diagnostics across generated traces.","source_anchor_ids":["anchor-paper-66-case-study","anchor-paper-66-evaluation"]},{"id":"paper-66-evidence","kind":"evidence_group","parent_id":"paper-66","order":6,"epistemic_status":"documented","title":"Evidence and checks","summary":"The paper gives the mathematical representation and sampler, a 2,363-line Python implementation, multiple adversary configurations, repeated traces, and Wilson-score intervals used to assess sampling convergence.","source_anchor_ids":["anchor-paper-66-sampler","anchor-paper-66-evaluation"]},{"id":"paper-66-boundaries","kind":"limitation_group","parent_id":"paper-66","order":7,"epistemic_status":"explicitly_bounded","title":"Scope and limitations","summary":"The evaluation demonstrates the framework on one mix-network model and does not establish universal anonymity loss, production scalability, or resistance to active manipulation.","source_anchor_ids":["anchor-paper-66-evaluation","anchor-paper-66-limitations"]},{"id":"paper-66-boundary-adversary","kind":"limitation","parent_id":"paper-66-boundaries","order":1,"epistemic_status":"model_bounded","title":"Compromise is not an active-attack model","summary":"The compromised mixes reveal internal mappings under the paper's modeled behavior; arbitrary packet dropping, modification, delay attacks, and adaptive malicious control require additional modeling.","source_anchor_ids":["anchor-paper-66-adversary","anchor-paper-66-limitations"]},{"id":"paper-66-boundary-generalization","kind":"limitation","parent_id":"paper-66-boundaries","order":2,"epistemic_status":"benchmark_bounded","title":"Topology and prior dependence","summary":"Posterior conclusions and convergence depend on the nine-mix topology, source routing, traffic assumptions, prior, capability placement, and attack goal; broader empirical coverage is left for future work.","source_anchor_ids":["anchor-paper-66-case-study","anchor-paper-66-limitations"]},{"id":"paper-66-boundary-computation","kind":"limitation","parent_id":"paper-66-boundaries","order":3,"epistemic_status":"scalability_open","title":"Sampling cost remains a boundary","summary":"Metropolis-Hastings avoids exhaustive enumeration but may require substantial burn-in and sampling for large hidden spaces; the paper does not provide a general polynomial-time convergence guarantee.","source_anchor_ids":["anchor-paper-66-sampler","anchor-paper-66-evaluation","anchor-paper-66-limitations"]},{"id":"paper-66-resources","kind":"artifact_group","parent_id":"paper-66","order":8,"epistemic_status":"source_available","title":"Auditable resources","summary":"The complete author copy is checked into this site with page count and SHA-256, and the official DOI establishes the proceedings identity. The paper describes implementation code but this audit did not locate a public repository.","source_anchor_ids":["anchor-paper-66-problem","anchor-paper-66-evaluation","anchor-paper-66-publication"]},{"id":"paper-66-scrutiny","kind":"scrutiny","parent_id":"paper-66","order":9,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"ESORICS publication provides venue-level review. No public review reports, independent reproduction, correction, or comparative re-evaluation was located.","source_anchor_ids":["anchor-paper-66-publication"]},{"id":"paper-66-lineage","kind":"lineage","parent_id":"paper-66","order":10,"epistemic_status":"documented","title":"Methodological lineage","summary":"The work connects classical mix-network traffic analysis with Bayesian latent-state inference and Markov-chain sampling, explicitly broadening analysis beyond all-seeing global observers.","source_anchor_ids":["anchor-paper-66-problem","anchor-paper-66-sampler"]}],"relations":[{"id":"paper-66-rel-answer-question","type":"addresses","from_id":"paper-66-answer","to_id":"paper-66-question"},{"id":"paper-66-rel-model-answer","type":"scopes","from_id":"paper-66-model","to_id":"paper-66-answer"},{"id":"paper-66-rel-observation-model","type":"component_of","from_id":"paper-66-model-observation","to_id":"paper-66-model"},{"id":"paper-66-rel-algorithm-answer","type":"realizes","from_id":"paper-66-algorithm","to_id":"paper-66-answer"},{"id":"paper-66-rel-transition-algorithm","type":"component_of","from_id":"paper-66-algorithm-transition","to_id":"paper-66-algorithm"},{"id":"paper-66-rel-posterior-algorithm","type":"component_of","from_id":"paper-66-algorithm-posterior","to_id":"paper-66-algorithm"},{"id":"paper-66-rel-evidence-generality","type":"supports","from_id":"paper-66-evidence","to_id":"paper-66-claim-generality"},{"id":"paper-66-rel-evidence-feasibility","type":"supports","from_id":"paper-66-evidence","to_id":"paper-66-claim-feasibility"},{"id":"paper-66-rel-boundaries-claims","type":"qualifies","from_id":"paper-66-boundaries","to_id":"paper-66-claims"},{"id":"paper-66-rel-resources-evidence","type":"enables_audit_of","from_id":"paper-66-resources","to_id":"paper-66-evidence"},{"id":"paper-66-rel-lineage-paper","type":"contextualizes","from_id":"paper-66-lineage","to_id":"paper-66"}],"assessment":{"id":"paper-66-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The full source defines the adversary and latent-state model, specifies the sampler, documents implementation and experiments, and reports convergence checks. Evidence remains bounded to the evaluated topology and assumptions.","basis_source_anchor_ids":["anchor-paper-66-adversary","anchor-paper-66-sampler","anchor-paper-66-evaluation"]},{"id":"auditability","level":"high","rationale":"A complete checked-in author copy with fixity and page count and an official DOI make the assumptions, algorithm, and reported evaluation directly inspectable.","basis_source_anchor_ids":["anchor-paper-66-problem","anchor-paper-66-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, venue, DOI, and an author-hosted manuscript are documented; contributor roles, version history, source-code identity, and tool-use provenance are not.","basis_source_anchor_ids":["anchor-paper-66-problem","anchor-paper-66-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"ESORICS publication establishes venue scrutiny, but public reports, independent reproduction, correction history, and adversarial re-analysis were not located.","basis_source_anchor_ids":["anchor-paper-66-publication"]},{"id":"reception","level":"low","rationale":"The dated OpenAlex snapshot located 0 citations. Under the author-defined rule, 0 through 8 located citations is Low; a zero in one index is not evidence of no readership.","basis_source_anchor_ids":["anchor-paper-66-citation-count"]},{"id":"contribution_significance","level":"medium","rationale":"The paper supplies a reusable framework for partial-visibility traffic analysis and demonstrates it concretely, while broad applicability and independent uptake remain to be established.","basis_source_anchor_ids":["anchor-paper-66-problem","anchor-paper-66-evaluation"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex work lookup by DOI 10.1007/978-3-031-51476-0_17","citation_count":0,"source_url":"https://api.openalex.org/works/W4390698000","signals":["OpenAlex reported no citing works for the matched record at the snapshot date."],"limitation":"Citation counts are index- and date-dependent; zero in one index does not prove no reception, and counts do not establish correctness."}},"paper_67":{"schema_version":"0.1","map_id":"paper-67-map","publication_id":67,"publication_anchor":"paper-67","slug":"paper-67","canonical_path":"/knowledge/papers/paper-67/","machine_path":"/knowledge/papers/paper-67.json","root_node_id":"paper-67","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["algorithm"],"title":"Boosting the Performance of High-Assurance Cryptography: Parallel Execution and Optimizing Memory Access in Formally Verified Line-Point Zero-Knowledge","short_title":"Optimized Formally Verified LPZK","year":2023,"venue":"30th ACM Conference on Computer and Communications Security (CCS)","publication_status":"Published","topic":"algorithms-foundations","labels":["Theory","Applied"],"authors":["Samuel Dittmer","Karim Eldefrawy","Stéphane Graham-Lengrand","Steve Lu","Rafail Ostrovsky","Vitor Pereira"],"keywords":["line-point zero knowledge","EasyCrypt","formal verification","parallel execution","memory optimization","extracted OCaml"],"research_question":"Can verified changes to data representation, memory access, and parallel scheduling make extracted Line-Point Zero-Knowledge code competitive with a hand-written implementation while preserving the protocol's security properties?","central_answer":"The 2023 paper presents sequential, parallel, list, and array optimizations proved in EasyCrypt and reports speedups up to about 3,000x. A 2025 peer-reviewed re-analysis subsequently found defects in the modeled soundness and zero-knowledge proofs and a randomness-generation gap in the extracted verifier. The performance contribution remains separately evidenced, but the represented sources no longer support the original claim that the resulting protocol implementation has the asserted end-to-end high-assurance security.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text claim mapping, artifact tracing, later-scrutiny integration, and initial assessment"}],"method":"Source-grounded review of the full IACR version, public code repository, official CCS record, and the 2025 peer-reviewed technical re-analysis. Performance and program-equivalence evidence are separated from challenged soundness, zero-knowledge, and extraction claims.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting author verification; especially verify the characterization and present status of the 2025 findings before approval."}},"sources":[{"id":"source-paper-67-eprint","type":"public_preprint","title":"Boosting the Performance of High-Assurance Cryptography","url":"https://eprint.iacr.org/2023/1322","provenance_category":"archive"},{"id":"source-paper-67-official","type":"official_publication_record","title":"ACM CCS 2023 publication record","url":"https://doi.org/10.1145/3576915.3616583","provenance_category":"official"},{"id":"source-paper-67-code","type":"source_code_repository","title":"SRI High-Assurance Cryptography LPZK repository","url":"https://github.com/SRI-CSL/high-assurance-crypto/tree/main/high-assurance-zk/lpzk","provenance_category":"artifact"},{"id":"source-paper-67-critique","type":"peer_reviewed_followup","title":"Who Verifies the Verifiers? Lessons Learned From Formally Verified Line-Point Zero-Knowledge","url":"https://doi.org/10.62056/a0wa0lmol","provenance_category":"official","publication_year":2025},{"id":"source-paper-67-critique-record","type":"institutional_record","title":"Vrije Universiteit Amsterdam record for the 2025 re-analysis","url":"https://research.vu.nl/en/publications/who-verifies-the-verifiers-lessons-learned-from-formally-verified/","provenance_category":"author"},{"id":"source-paper-67-citations","type":"citation_index_snapshot","title":"OpenAlex record W4388858956","url":"https://api.openalex.org/works/W4388858956","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-67-problem","source_id":"source-paper-67-eprint","label":"Performance problem, approach, and reported contributions","locator":"Abstract and Section 1","url":"https://eprint.iacr.org/2023/1322.pdf"},{"id":"anchor-paper-67-baseline","source_id":"source-paper-67-eprint","label":"LPZK baseline and EasyCrypt proof/extraction path","locator":"Section 2","url":"https://eprint.iacr.org/2023/1322.pdf"},{"id":"anchor-paper-67-list-sequential","source_id":"source-paper-67-eprint","label":"List-based sequential optimization","locator":"Section 3","url":"https://eprint.iacr.org/2023/1322.pdf"},{"id":"anchor-paper-67-list-parallel","source_id":"source-paper-67-eprint","label":"List-based parallel optimization and split/aggregate framework","locator":"Section 4","url":"https://eprint.iacr.org/2023/1322.pdf"},{"id":"anchor-paper-67-array","source_id":"source-paper-67-eprint","label":"Array-based sequential and parallel variants","locator":"Section 5","url":"https://eprint.iacr.org/2023/1322.pdf"},{"id":"anchor-paper-67-performance","source_id":"source-paper-67-eprint","label":"Extracted-code evaluation and speedup comparisons","locator":"Section 6 and performance figures","url":"https://eprint.iacr.org/2023/1322.pdf"},{"id":"anchor-paper-67-original-conclusion","source_id":"source-paper-67-eprint","label":"Original assurance and performance conclusions","locator":"Section 7, PDF page 28 in the ePrint version","url":"https://eprint.iacr.org/2023/1322.pdf#page=28"},{"id":"anchor-paper-67-code","source_id":"source-paper-67-code","label":"Public EasyCrypt and implementation materials","locator":"LPZK subtree of the high-assurance-crypto repository","url":"https://github.com/SRI-CSL/high-assurance-crypto/tree/main/high-assurance-zk/lpzk"},{"id":"anchor-paper-67-critique-overview","source_id":"source-paper-67-critique","label":"Independent re-analysis and summary of findings","locator":"Abstract, introduction, and overview of findings","url":"https://doi.org/10.62056/a0wa0lmol"},{"id":"anchor-paper-67-critique-security","source_id":"source-paper-67-critique","label":"Soundness and zero-knowledge model defects","locator":"Technical analyses of soundness, zero knowledge, and the underlying pen-and-paper proof, Sections 3-5","url":"https://doi.org/10.62056/a0wa0lmol"},{"id":"anchor-paper-67-critique-extraction","source_id":"source-paper-67-critique","label":"Extracted-verifier randomness gap and lessons","locator":"Extraction analysis and recommendations, Section 6 and conclusion","url":"https://doi.org/10.62056/a0wa0lmol"},{"id":"anchor-paper-67-publication","source_id":"source-paper-67-official","label":"Official publication identity","locator":"ACM CCS 2023, DOI 10.1145/3576915.3616583","url":"https://doi.org/10.1145/3576915.3616583"},{"id":"anchor-paper-67-citation-count","source_id":"source-paper-67-citations","label":"Dated citation-count snapshot","locator":"OpenAlex cited_by_count was 5 when accessed 2026-07-11","url":"https://api.openalex.org/works/W4388858956"}],"nodes":[{"id":"paper-67","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published_with_material_followup_critique","title":"Optimized formally verified LPZK","summary":"An optimization and proof-engineering paper for LPZK whose reported performance gains are accompanied by EasyCrypt verification; later peer-reviewed scrutiny found that the security model and extracted verifier did not establish the claimed end-to-end security.","source_anchor_ids":["anchor-paper-67-problem","anchor-paper-67-critique-overview"]},{"id":"paper-67-question","kind":"question","parent_id":"paper-67","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can data-structure and parallelism changes close the performance gap between formally extracted and hand-written LPZK implementations without changing security-relevant behavior?","source_anchor_ids":["anchor-paper-67-problem"]},{"id":"paper-67-answer-original","kind":"contribution","parent_id":"paper-67","order":2,"epistemic_status":"partially_supported_and_materially_qualified","title":"Original answer, now qualified","summary":"The paper answers yes by verifying transformations and extracting optimized OCaml that approaches the manual implementation. The speed result is documented, but the later audit shows that the formal development's security specification and extraction boundary were insufficient to justify the original high-assurance conclusion.","source_anchor_ids":["anchor-paper-67-problem","anchor-paper-67-performance","anchor-paper-67-critique-security","anchor-paper-67-critique-extraction"]},{"id":"paper-67-model","kind":"model","parent_id":"paper-67","order":3,"epistemic_status":"defined_but_later_found_defective","title":"LPZK proof and extraction boundary","summary":"EasyCrypt models protocol procedures and security games, proves transformations relative to those models, and extracts selected procedures to OCaml; assurance is therefore only as strong as the modeled properties and the faithfulness of the extraction boundary.","source_anchor_ids":["anchor-paper-67-baseline","anchor-paper-67-critique-overview"]},{"id":"paper-67-methods","kind":"algorithm","parent_id":"paper-67","order":4,"epistemic_status":"implemented_and_verified_relative_to_model","title":"Optimization family","summary":"The work develops four related variants that alter traversal, memory representation, and execution parallelism while proving equivalence obligations in EasyCrypt.","source_anchor_ids":["anchor-paper-67-list-sequential","anchor-paper-67-list-parallel","anchor-paper-67-array"]},{"id":"paper-67-method-ls","kind":"algorithm","parent_id":"paper-67-methods","order":1,"epistemic_status":"implemented","title":"List-sequential variant","summary":"The list-sequential transformation restructures verifier-side computation to reduce repeated circuit or list traversal while retaining a sequential list representation.","source_anchor_ids":["anchor-paper-67-list-sequential"]},{"id":"paper-67-method-lp","kind":"algorithm","parent_id":"paper-67-methods","order":2,"epistemic_status":"implemented","title":"List-parallel variant","summary":"A generic split-compute-aggregate framework and parallel RAM wrappers distribute independent work across an arbitrary number of cores, subject to user-proved decomposition and aggregation conditions.","source_anchor_ids":["anchor-paper-67-list-parallel"]},{"id":"paper-67-method-array","kind":"algorithm","parent_id":"paper-67-methods","order":3,"epistemic_status":"implemented","title":"Array-sequential and array-parallel variants","summary":"Replacing linked-list access with arrays improves locality and supports both sequential and parallel extracted implementations.","source_anchor_ids":["anchor-paper-67-array"]},{"id":"paper-67-claims","kind":"claim_group","parent_id":"paper-67","order":5,"epistemic_status":"mixed_after_followup","title":"Claims and present evidence status","summary":"Performance and transformation claims must be evaluated separately from soundness, zero-knowledge, and end-to-end assurance claims.","source_anchor_ids":["anchor-paper-67-performance","anchor-paper-67-critique-overview"]},{"id":"paper-67-claim-performance","kind":"claim","parent_id":"paper-67-claims","order":1,"epistemic_status":"experimentally_supported","title":"Large performance improvement","summary":"The evaluation reports speedups reaching roughly 3,000x over the prior extracted baseline and performance close to the hand-written LPZK implementation for the measured configurations.","source_anchor_ids":["anchor-paper-67-performance"]},{"id":"paper-67-claim-security-original","kind":"claim","parent_id":"paper-67-claims","order":2,"epistemic_status":"contradicted_by_later_analysis","title":"Original high-assurance security conclusion","summary":"The original paper presents the optimized extracted protocol as retaining verified LPZK security; the 2025 analysis gives attacks and model gaps showing that this conclusion is not established by the represented formal development.","source_anchor_ids":["anchor-paper-67-original-conclusion","anchor-paper-67-critique-security","anchor-paper-67-critique-extraction"]},{"id":"paper-67-evidence","kind":"evidence_group","parent_id":"paper-67","order":6,"epistemic_status":"mixed","title":"Evidence layers","summary":"EasyCrypt proofs support properties of the encoded programs and games, extracted-code benchmarks support performance, and the public repository supports inspection; later adversarial analysis tests whether those layers capture the intended cryptographic guarantees.","source_anchor_ids":["anchor-paper-67-baseline","anchor-paper-67-performance","anchor-paper-67-code","anchor-paper-67-critique-overview"]},{"id":"paper-67-followup","kind":"scrutiny","parent_id":"paper-67","order":7,"epistemic_status":"independent_peer_reviewed_critique","title":"2025 independent security re-analysis","summary":"The follow-up paper audits the proof models and implementation boundary and reports multiple security-critical discrepancies, making it essential context for interpreting the 2023 claims.","source_anchor_ids":["anchor-paper-67-critique-overview"]},{"id":"paper-67-followup-soundness","kind":"counterevidence","parent_id":"paper-67-followup","order":1,"epistemic_status":"demonstrated_attack","title":"Soundness model permits false statements","summary":"The re-analysis reports that the EasyCrypt soundness model and proof are incorrect and supplies an attack under which the verifier can accept a false statement.","source_anchor_ids":["anchor-paper-67-critique-security"]},{"id":"paper-67-followup-zk","kind":"counterevidence","parent_id":"paper-67-followup","order":2,"epistemic_status":"demonstrated_model_failure","title":"Zero-knowledge model is deficient","summary":"The re-analysis finds that the modeled zero-knowledge property does not exclude a verifier recovering the witness and also identifies a gap in the underlying pen-and-paper perfect-zero-knowledge argument under the analyzed interpretation.","source_anchor_ids":["anchor-paper-67-critique-security"]},{"id":"paper-67-followup-extraction","kind":"counterevidence","parent_id":"paper-67-followup","order":3,"epistemic_status":"implementation_gap","title":"Randomness generation crosses the extraction boundary incorrectly","summary":"The extracted verifier combines randomness generation with verified logic in a way the re-analysis identifies as inconsistent with the proved model, so proof-to-code correspondence is not end-to-end.","source_anchor_ids":["anchor-paper-67-critique-extraction"]},{"id":"paper-67-boundaries","kind":"limitation_group","parent_id":"paper-67","order":8,"epistemic_status":"materially_revised_by_followup","title":"Present boundaries","summary":"Formal verification establishes only a specified model and implementation boundary; it does not automatically validate the cryptographic definition, environmental assumptions, randomness interface, or extracted system.","source_anchor_ids":["anchor-paper-67-critique-overview","anchor-paper-67-critique-extraction"]},{"id":"paper-67-boundary-performance","kind":"limitation","parent_id":"paper-67-boundaries","order":1,"epistemic_status":"evidence_separation","title":"Performance does not repair security","summary":"The reported speedups can remain accurate even though the security model is deficient; conversely, the later attacks do not by themselves show that every program transformation or timing measurement is wrong.","source_anchor_ids":["anchor-paper-67-performance","anchor-paper-67-critique-overview"]},{"id":"paper-67-resources","kind":"artifact_group","parent_id":"paper-67","order":9,"epistemic_status":"public_artifacts_available","title":"Auditable resources","summary":"The IACR manuscript, public EasyCrypt and implementation repository, official CCS record, and peer-reviewed 2025 audit together make the claim history unusually inspectable.","source_anchor_ids":["anchor-paper-67-problem","anchor-paper-67-code","anchor-paper-67-publication","anchor-paper-67-critique-overview"]},{"id":"paper-67-lineage","kind":"lineage","parent_id":"paper-67","order":10,"epistemic_status":"documented_and_revised","title":"Scientific lineage","summary":"The work optimizes an earlier LPZK formalization; the 2025 paper is a direct technical reassessment that changes the warranted interpretation of its security contribution and records lessons for future high-assurance cryptography.","source_anchor_ids":["anchor-paper-67-baseline","anchor-paper-67-critique-overview"]}],"relations":[{"id":"paper-67-rel-answer-question","type":"addresses","from_id":"paper-67-answer-original","to_id":"paper-67-question"},{"id":"paper-67-rel-methods-answer","type":"realizes","from_id":"paper-67-methods","to_id":"paper-67-answer-original"},{"id":"paper-67-rel-ls-methods","type":"component_of","from_id":"paper-67-method-ls","to_id":"paper-67-methods"},{"id":"paper-67-rel-lp-methods","type":"component_of","from_id":"paper-67-method-lp","to_id":"paper-67-methods"},{"id":"paper-67-rel-array-methods","type":"component_of","from_id":"paper-67-method-array","to_id":"paper-67-methods"},{"id":"paper-67-rel-evidence-performance","type":"supports","from_id":"paper-67-evidence","to_id":"paper-67-claim-performance"},{"id":"paper-67-rel-soundness-security","type":"contradicts","from_id":"paper-67-followup-soundness","to_id":"paper-67-claim-security-original"},{"id":"paper-67-rel-zk-security","type":"contradicts","from_id":"paper-67-followup-zk","to_id":"paper-67-claim-security-original"},{"id":"paper-67-rel-extraction-security","type":"contradicts","from_id":"paper-67-followup-extraction","to_id":"paper-67-claim-security-original"},{"id":"paper-67-rel-followup-answer","type":"qualifies","from_id":"paper-67-followup","to_id":"paper-67-answer-original"},{"id":"paper-67-rel-boundaries-claims","type":"qualifies","from_id":"paper-67-boundaries","to_id":"paper-67-claims"},{"id":"paper-67-rel-resources-evidence","type":"enables_audit_of","from_id":"paper-67-resources","to_id":"paper-67-evidence"},{"id":"paper-67-rel-lineage-paper","type":"contextualizes","from_id":"paper-67-lineage","to_id":"paper-67"}],"assessment":{"id":"paper-67-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The original paper and repository strongly document optimization and benchmark evidence, but peer-reviewed follow-up work materially contradicts the soundness, zero-knowledge, and extraction assurance. Medium reflects this mixed evidentiary state.","basis_source_anchor_ids":["anchor-paper-67-performance","anchor-paper-67-code","anchor-paper-67-critique-security","anchor-paper-67-critique-extraction"]},{"id":"auditability","level":"high","rationale":"Public full text, code and proof artifacts, official metadata, and an independent technical audit expose both the original claims and later counterevidence.","basis_source_anchor_ids":["anchor-paper-67-problem","anchor-paper-67-code","anchor-paper-67-critique-overview"]},{"id":"production_provenance","level":"medium","rationale":"Authorship, publication records, manuscript, and repository are documented, but contributor roles, exact artifact-to-paper commit identity, revision history, and toolchain provenance are incomplete.","basis_source_anchor_ids":["anchor-paper-67-publication","anchor-paper-67-code"]},{"id":"external_scrutiny","level":"high","rationale":"Beyond CCS review, a later peer-reviewed paper independently reconstructed and adversarially tested the formal claims, identifying concrete attacks and implementation gaps.","basis_source_anchor_ids":["anchor-paper-67-publication","anchor-paper-67-critique-overview","anchor-paper-67-critique-security"]},{"id":"reception","level":"low","rationale":"The dated OpenAlex snapshot located 5 citations. Under the author-defined rule, 0 through 8 located citations is Low; the qualitative importance of a direct audit is recorded separately.","basis_source_anchor_ids":["anchor-paper-67-citation-count","anchor-paper-67-critique-overview"]},{"id":"contribution_significance","level":"medium","rationale":"The work contributes substantial optimization and a reusable parallelization approach, but later findings substantially reduce the warranted security significance of the high-assurance claim.","basis_source_anchor_ids":["anchor-paper-67-list-parallel","anchor-paper-67-performance","anchor-paper-67-critique-overview"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex work lookup by DOI 10.1145/3576915.3616583","citation_count":5,"source_url":"https://api.openalex.org/works/W4388858956","signals":["OpenAlex reported 5 citing works for the matched publication record.","A 2025 peer-reviewed paper directly re-analyzed the formal models and extracted verifier."],"limitation":"Citation counts are index- and date-dependent; the qualitative scrutiny signal is not reducible to citation count, and neither signal alone determines correctness."}},"paper_68":{"schema_version":"0.1","map_id":"paper-68-map","publication_id":68,"publication_anchor":"paper-68","slug":"paper-68","canonical_path":"/knowledge/papers/paper-68/","machine_path":"/knowledge/papers/paper-68.json","root_node_id":"paper-68","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"Short Concurrent Covert Authenticated Key Exchange (Short cAKE)","short_title":"Short cAKE","year":2023,"venue":"29th Annual International Conference on the Theory and Applications of Cryptology and Information Security (ASIACRYPT)","publication_status":"Published","topic":"privacy-identity","labels":["Theory","Applied"],"authors":["Karim Eldefrawy","Nicholas Genise","Stanislaw Jarecki"],"keywords":["covert authenticated key exchange","concurrency","universal composability","covert identity escrow","covert KEM","group credentials"],"research_question":"Can members of a credentialed group establish independent authenticated keys in many concurrent sessions while making the protocol traffic and even the fact of group participation indistinguishable from random beacon strings?","central_answer":"Short cAKE combines covert identity escrow and a covert KEM inside a UC functionality. Each party sends one simultaneous 351-byte message, and the construction derives a key only when both parties hold valid, non-revoked group credentials. The security theorem is conditional on the modeled components and assumptions, including static corruption and random-oracle-based building blocks; later compromise does not preserve past-session participation covertness.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text protocol extraction, assumption mapping, and initial assessment"}],"method":"Source-grounded review of the complete 35-page publicly archived ASIACRYPT chapter, cross-checked against the official DOI and IACR full-version record. Proof and implementation details that the proceedings chapter defers to the full version are marked as such.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting author verification; UC interpretation, theorem dependencies, efficiency accounting, and ratings remain provisional."}},"sources":[{"id":"source-paper-68-public-pdf","type":"public_archive_copy","title":"Short Concurrent Covert Authenticated Key Exchange (Short cAKE)","url":"https://par.nsf.gov/servlets/purl/10616428","provenance_category":"archive","media_type":"application/pdf","page_count":35},{"id":"source-paper-68-eprint","type":"public_preprint","title":"IACR ePrint full version 2023/1418","url":"https://eprint.iacr.org/2023/1418","provenance_category":"archive"},{"id":"source-paper-68-official","type":"official_publication_record","title":"ASIACRYPT 2023 publication record","url":"https://doi.org/10.1007/978-981-99-8742-9_3","provenance_category":"official"},{"id":"source-paper-68-citations","type":"citation_index_snapshot","title":"OpenAlex record W4389897179","url":"https://api.openalex.org/works/W4389897179","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-68-problem","source_id":"source-paper-68-public-pdf","label":"Covert AKE problem, contributions, and efficiency summary","locator":"Abstract and Section 1, PDF pages 1-6","url":"https://par.nsf.gov/servlets/purl/10616428#page=1"},{"id":"anchor-paper-68-overview","source_id":"source-paper-68-public-pdf","label":"Construction overview, components, and limitations","locator":"Technical overview, PDF pages 6-9","url":"https://par.nsf.gov/servlets/purl/10616428#page=6"},{"id":"anchor-paper-68-uc-model","source_id":"source-paper-68-public-pdf","label":"Concurrent UC model and cAKE functionality","locator":"Section 3, PDF pages 10-16","url":"https://par.nsf.gov/servlets/purl/10616428#page=10"},{"id":"anchor-paper-68-building-blocks","source_id":"source-paper-68-public-pdf","label":"Commitments, SPHF, credentials, and covert primitives","locator":"Section 4, PDF pages 16-25","url":"https://par.nsf.gov/servlets/purl/10616428#page=16"},{"id":"anchor-paper-68-ckem","source_id":"source-paper-68-public-pdf","label":"Covert KEM construction and security theorem","locator":"Section 5, PDF pages 25-28, including Theorem 5.1","url":"https://par.nsf.gov/servlets/purl/10616428#page=25"},{"id":"anchor-paper-68-cake","source_id":"source-paper-68-public-pdf","label":"Short cAKE protocol and UC realization","locator":"Section 6, PDF pages 28-31, including Theorem 6.1","url":"https://par.nsf.gov/servlets/purl/10616428#page=28"},{"id":"anchor-paper-68-full-version","source_id":"source-paper-68-eprint","label":"Full-version proofs and proof-of-concept material","locator":"IACR ePrint 2023/1418, cited by the proceedings chapter for deferred details","url":"https://eprint.iacr.org/2023/1418.pdf"},{"id":"anchor-paper-68-publication","source_id":"source-paper-68-official","label":"Official publication identity","locator":"ASIACRYPT 2023, DOI 10.1007/978-981-99-8742-9_3","url":"https://doi.org/10.1007/978-981-99-8742-9_3"},{"id":"anchor-paper-68-citation-count","source_id":"source-paper-68-citations","label":"Dated citation-count snapshot","locator":"OpenAlex cited_by_count was 2 when accessed 2026-07-11","url":"https://api.openalex.org/works/W4389897179"}],"nodes":[{"id":"paper-68","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Short concurrent covert AKE","summary":"A one-flow group-authenticated key-exchange protocol whose UC goal includes hiding protocol execution and participant credentials within random-looking beacon traffic under concurrent execution.","source_anchor_ids":["anchor-paper-68-problem"]},{"id":"paper-68-question","kind":"question","parent_id":"paper-68","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can covert AKE simultaneously achieve concurrent composability, group membership and revocation checks, independent session keys, short messages, and no visible protocol marker?","source_anchor_ids":["anchor-paper-68-problem","anchor-paper-68-uc-model"]},{"id":"paper-68-answer","kind":"contribution","parent_id":"paper-68","order":2,"epistemic_status":"proved_conditionally","title":"Central construction","summary":"Combine a covert identity-escrow mechanism and a covert KEM so that both credential checks must succeed before either party derives the session key, while each transmitted string remains distributed like a beacon string to outsiders.","source_anchor_ids":["anchor-paper-68-overview","anchor-paper-68-cake"]},{"id":"paper-68-model","kind":"model","parent_id":"paper-68","order":3,"epistemic_status":"formalized","title":"UC functionality and adversary","summary":"The functionality represents a group manager, member credentials, revocation, concurrent sessions, authentication, key independence, and covert transcripts under static corruptions.","source_anchor_ids":["anchor-paper-68-uc-model"]},{"id":"paper-68-model-covertness","kind":"security_goal","parent_id":"paper-68-model","order":1,"epistemic_status":"defined","title":"Transcript and identity covertness","summary":"Before successful mutual recognition, observable protocol strings should be indistinguishable from the ambient random-beacon distribution and should not reveal a party's group token or membership.","source_anchor_ids":["anchor-paper-68-problem","anchor-paper-68-uc-model"]},{"id":"paper-68-model-authentication","kind":"security_goal","parent_id":"paper-68-model","order":2,"epistemic_status":"defined","title":"Authenticated independent keys","summary":"Honest parties accepting the same session obtain a shared key only for valid, non-revoked credentials, and concurrent sessions obtain independent keys under the ideal functionality.","source_anchor_ids":["anchor-paper-68-uc-model"]},{"id":"paper-68-protocol","kind":"protocol","parent_id":"paper-68","order":4,"epistemic_status":"constructed","title":"Short cAKE protocol","summary":"Each party simultaneously sends one compound message containing the commitment and sender/receiver material needed for covert credential escrow and covert encapsulation, then locally combines both acceptance conditions before deriving a key.","source_anchor_ids":["anchor-paper-68-overview","anchor-paper-68-cake"]},{"id":"paper-68-protocol-identity","kind":"protocol_component","parent_id":"paper-68-protocol","order":1,"epistemic_status":"constructed","title":"Covert identity escrow","summary":"A group credential is committed and tested without exposing it to non-members; revocation information is included in the local decision.","source_anchor_ids":["anchor-paper-68-building-blocks","anchor-paper-68-cake"]},{"id":"paper-68-protocol-ckem","kind":"protocol_component","parent_id":"paper-68-protocol","order":2,"epistemic_status":"constructed","title":"Covert key encapsulation","summary":"The CKEM is compiled from Sigma-protocol, trapdoor-commitment, and smooth-projective-hash ingredients in the random-oracle model, with properties designed for same-statement concurrency and postponed statements.","source_anchor_ids":["anchor-paper-68-building-blocks","anchor-paper-68-ckem"]},{"id":"paper-68-protocol-efficiency","kind":"property","parent_id":"paper-68-protocol","order":3,"epistemic_status":"analytically_derived","title":"One simultaneous flow and short messages","summary":"Each party sends one 351-byte message consisting of four DDH-group elements and two type-3 pairing-curve points; the paper reports roughly a tenfold size reduction over its prior comparison point.","source_anchor_ids":["anchor-paper-68-problem","anchor-paper-68-cake"]},{"id":"paper-68-results","kind":"claim_group","parent_id":"paper-68","order":5,"epistemic_status":"theorem_backed","title":"Security and efficiency results","summary":"The source states separate conditional security results for the CKEM compiler and for the composed cAKE realization, together with operation counts.","source_anchor_ids":["anchor-paper-68-ckem","anchor-paper-68-cake"]},{"id":"paper-68-result-ckem","kind":"theorem","parent_id":"paper-68-results","order":1,"epistemic_status":"proved_conditionally","title":"Covert KEM theorem","summary":"Theorem 5.1 establishes the required CKEM security from the listed commitment, proof, hash, and random-oracle assumptions under the theorem's concurrency conditions.","source_anchor_ids":["anchor-paper-68-ckem"]},{"id":"paper-68-result-cake","kind":"theorem","parent_id":"paper-68-results","order":2,"epistemic_status":"proved_conditionally","title":"UC realization theorem","summary":"Theorem 6.1 states that the composed protocol realizes the defined cAKE functionality when the covert identity-escrow and CKEM components satisfy their required properties.","source_anchor_ids":["anchor-paper-68-cake"]},{"id":"paper-68-result-cost","kind":"claim","parent_id":"paper-68-results","order":3,"epistemic_status":"analytically_derived","title":"Per-party computation","summary":"The proceedings analysis reports 14 exponentiations in total, including ten fixed-base and four variable-base operations, plus 4+n pairings for a group parameter n.","source_anchor_ids":["anchor-paper-68-problem","anchor-paper-68-cake"]},{"id":"paper-68-evidence","kind":"evidence_group","parent_id":"paper-68","order":6,"epistemic_status":"formal_with_deferred_details","title":"Evidence structure","summary":"The chapter gives the UC functionality, component definitions, concrete construction, theorem statements, and analytical costs; it directs readers to the IACR full version for deferred proofs and proof-of-concept implementation details.","source_anchor_ids":["anchor-paper-68-uc-model","anchor-paper-68-ckem","anchor-paper-68-cake","anchor-paper-68-full-version"]},{"id":"paper-68-boundaries","kind":"limitation_group","parent_id":"paper-68","order":7,"epistemic_status":"explicitly_bounded","title":"Scope and limitations","summary":"The result is conditional on a trusted credential lifecycle and specific cryptographic models; its covertness guarantee does not automatically survive later endpoint compromise.","source_anchor_ids":["anchor-paper-68-overview","anchor-paper-68-uc-model"]},{"id":"paper-68-boundary-corruption","kind":"limitation","parent_id":"paper-68-boundaries","order":1,"epistemic_status":"model_bounded","title":"Static corruption and no forward covertness","summary":"The analysis uses static corruption. Later compromise may reveal that a party participated in past sessions even when session-key security remains, so forward privacy of participation is outside the claim.","source_anchor_ids":["anchor-paper-68-overview","anchor-paper-68-uc-model"]},{"id":"paper-68-boundary-setup","kind":"limitation","parent_id":"paper-68-boundaries","order":2,"epistemic_status":"assumption_dependent","title":"Credential and random-oracle assumptions","summary":"A group manager must issue credentials and distribute revocation state securely, and the CKEM compiler relies on random-oracle and group assumptions; these are prerequisites rather than guarantees of cAKE itself.","source_anchor_ids":["anchor-paper-68-building-blocks","anchor-paper-68-ckem"]},{"id":"paper-68-boundary-implementation","kind":"limitation","parent_id":"paper-68-boundaries","order":3,"epistemic_status":"evidence_boundary","title":"Proceedings chapter defers implementation detail","summary":"The represented 35-page chapter gives analytical costs but sends readers to the full ePrint for proof-of-concept measurements; no independent deployment or side-channel evaluation is established here.","source_anchor_ids":["anchor-paper-68-problem","anchor-paper-68-full-version"]},{"id":"paper-68-resources","kind":"artifact_group","parent_id":"paper-68","order":8,"epistemic_status":"source_available","title":"Auditable resources","summary":"A complete public proceedings copy, IACR full-version record, and official DOI expose the protocol and its formal context. No public source-code repository was located in this audit.","source_anchor_ids":["anchor-paper-68-problem","anchor-paper-68-full-version","anchor-paper-68-publication"]},{"id":"paper-68-scrutiny","kind":"scrutiny","parent_id":"paper-68","order":9,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"ASIACRYPT publication establishes venue scrutiny, but public reports, independent implementation reproduction, proof verification, correction, or adversarial follow-up were not located.","source_anchor_ids":["anchor-paper-68-publication"]},{"id":"paper-68-lineage","kind":"lineage","parent_id":"paper-68","order":10,"epistemic_status":"documented","title":"Protocol lineage","summary":"Short cAKE compresses earlier covert AKE directions by combining covert credential recognition and encapsulation under a composable concurrent-session model.","source_anchor_ids":["anchor-paper-68-problem","anchor-paper-68-overview"]}],"relations":[{"id":"paper-68-rel-answer-question","type":"addresses","from_id":"paper-68-answer","to_id":"paper-68-question"},{"id":"paper-68-rel-model-answer","type":"scopes","from_id":"paper-68-model","to_id":"paper-68-answer"},{"id":"paper-68-rel-protocol-answer","type":"realizes","from_id":"paper-68-protocol","to_id":"paper-68-answer"},{"id":"paper-68-rel-identity-protocol","type":"component_of","from_id":"paper-68-protocol-identity","to_id":"paper-68-protocol"},{"id":"paper-68-rel-ckem-protocol","type":"component_of","from_id":"paper-68-protocol-ckem","to_id":"paper-68-protocol"},{"id":"paper-68-rel-ckem-theorem-component","type":"supports","from_id":"paper-68-result-ckem","to_id":"paper-68-protocol-ckem"},{"id":"paper-68-rel-cake-theorem-answer","type":"supports","from_id":"paper-68-result-cake","to_id":"paper-68-answer"},{"id":"paper-68-rel-evidence-results","type":"supports","from_id":"paper-68-evidence","to_id":"paper-68-results"},{"id":"paper-68-rel-boundaries-results","type":"qualifies","from_id":"paper-68-boundaries","to_id":"paper-68-results"},{"id":"paper-68-rel-resources-evidence","type":"enables_audit_of","from_id":"paper-68-resources","to_id":"paper-68-evidence"},{"id":"paper-68-rel-lineage-paper","type":"contextualizes","from_id":"paper-68-lineage","to_id":"paper-68"}],"assessment":{"id":"paper-68-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The complete chapter defines the UC target, components, protocol, theorem statements, and cost analysis, but defers proof and implementation details to the full version and has no independent verification represented here.","basis_source_anchor_ids":["anchor-paper-68-uc-model","anchor-paper-68-ckem","anchor-paper-68-cake","anchor-paper-68-full-version"]},{"id":"auditability","level":"high","rationale":"A complete public archive copy, IACR full-version route, and official DOI make the protocol, assumptions, and formal claims directly inspectable.","basis_source_anchor_ids":["anchor-paper-68-problem","anchor-paper-68-full-version","anchor-paper-68-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, publication identity, and public manuscript versions are documented; author roles, revision lineage, proof-tool use, and artifact-version history are not.","basis_source_anchor_ids":["anchor-paper-68-problem","anchor-paper-68-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"ASIACRYPT publication establishes venue review, but public reports, independent proof checking, implementation reproduction, and correction history were not located.","basis_source_anchor_ids":["anchor-paper-68-publication"]},{"id":"reception","level":"low","rationale":"The dated OpenAlex snapshot located 2 citations. Under the author-defined rule, 0 through 8 located citations is Low; citation count does not measure correctness.","basis_source_anchor_ids":["anchor-paper-68-citation-count"]},{"id":"contribution_significance","level":"high","rationale":"The source combines concurrent UC covertness, group credential controls, one simultaneous flow, and short concrete messages in one protocol result; the assessment remains pending author verification.","basis_source_anchor_ids":["anchor-paper-68-problem","anchor-paper-68-uc-model","anchor-paper-68-cake"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex work lookup by DOI 10.1007/978-981-99-8742-9_3","citation_count":2,"source_url":"https://api.openalex.org/works/W4389897179","signals":["OpenAlex reported 2 citing works for the matched publication record."],"limitation":"Citation counts are index- and date-dependent and do not establish validity, implementation maturity, or adoption."}},"paper_69":{"schema_version":"0.1","map_id":"paper-69-map","publication_id":69,"publication_anchor":"paper-69","slug":"paper-69","canonical_path":"/knowledge/papers/paper-69/","machine_path":"/knowledge/papers/paper-69.json","root_node_id":"paper-69","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"The Key Lattice Framework for Concurrent Group Messaging","short_title":"Key Lattice Group Messaging","year":2024,"venue":"22nd International Conference on Applied Cryptography and Network Security (ACNS)","publication_status":"Published","topic":"privacy-identity","labels":["Theory"],"authors":["Kelong Cong","Karim Eldefrawy","Nigel P. Smart","Ben Terner"],"keywords":["concurrent group messaging","key lattice","forward secrecy","post-compromise security","asynchronous delivery","group random messaging"],"research_question":"Can asynchronous concurrent group messaging express forward secrecy and post-compromise security without imposing a single global epoch or a total order on concurrent updates?","central_answer":"The paper indexes evolving keys by points in an n-dimensional lattice, one dimension per participant, so forward secrecy and post-compromise recovery become directional reachability properties. It constructs a group-messaging protocol from initial group key agreement, group random messaging, and AEAD, proving security and O(1) payload plus O(n) update cost for the static group model. Dynamic membership is sketched separately and is not covered by a corresponding re-proof in the represented body.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text model and theorem extraction, boundary analysis, and initial assessment"}],"method":"Source-grounded review of the complete author-uploaded manuscript and IACR record, cross-checked against the ACNS DOI. The map distinguishes the proved static-group construction from the informal dynamic-membership extension.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting author verification; verify theorem notation, cost interpretation, dynamic-group boundary, and ratings before approval."}},"sources":[{"id":"source-paper-69-eprint","type":"public_preprint","title":"The Key Lattice Framework for Concurrent Group Messaging","url":"https://eprint.iacr.org/2022/1531","provenance_category":"archive"},{"id":"source-paper-69-author-copy","type":"author_hosted_copy","title":"ResearchGate author-uploaded full text","url":"https://www.researchgate.net/publication/378588233_The_Key_Lattice_Framework_for_Concurrent_Group_Messaging","provenance_category":"author"},{"id":"source-paper-69-official","type":"official_publication_record","title":"ACNS 2024 publication record","url":"https://doi.org/10.1007/978-3-031-54773-7_6","provenance_category":"official"},{"id":"source-paper-69-citations","type":"citation_index_snapshot","title":"OpenAlex record W4392529045","url":"https://api.openalex.org/works/W4392529045","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-69-problem","source_id":"source-paper-69-eprint","label":"Concurrency problem, lattice idea, contributions, and costs","locator":"Abstract and Section 1","url":"https://eprint.iacr.org/2022/1531.pdf"},{"id":"anchor-paper-69-model","source_id":"source-paper-69-author-copy","label":"Concurrent group-messaging syntax and security setting","locator":"Preliminaries and formal model, Sections 2-3","url":"https://www.researchgate.net/publication/378588233_The_Key_Lattice_Framework_for_Concurrent_Group_Messaging"},{"id":"anchor-paper-69-lattice","source_id":"source-paper-69-author-copy","label":"Key lattice, local views, KeyRoll, and directional security","locator":"Key-lattice framework, Section 4","url":"https://www.researchgate.net/publication/378588233_The_Key_Lattice_Framework_for_Concurrent_Group_Messaging"},{"id":"anchor-paper-69-grm","source_id":"source-paper-69-author-copy","label":"Group random messaging primitive and construction","locator":"Section 5, including Theorem 5.1","url":"https://www.researchgate.net/publication/378588233_The_Key_Lattice_Framework_for_Concurrent_Group_Messaging"},{"id":"anchor-paper-69-group-protocol","source_id":"source-paper-69-author-copy","label":"Concurrent group-messaging construction","locator":"Section 6","url":"https://www.researchgate.net/publication/378588233_The_Key_Lattice_Framework_for_Concurrent_Group_Messaging"},{"id":"anchor-paper-69-security","source_id":"source-paper-69-author-copy","label":"Group-messaging reduction and concrete advantage bound","locator":"Section 6, including Theorem 6.1","url":"https://www.researchgate.net/publication/378588233_The_Key_Lattice_Framework_for_Concurrent_Group_Messaging"},{"id":"anchor-paper-69-window","source_id":"source-paper-69-author-copy","label":"Out-of-order delivery, buffering, and bounded-window tradeoff","locator":"Correctness and concurrency discussion, Section 7","url":"https://www.researchgate.net/publication/378588233_The_Key_Lattice_Framework_for_Concurrent_Group_Messaging"},{"id":"anchor-paper-69-dynamic","source_id":"source-paper-69-author-copy","label":"Informal dynamic-membership extension","locator":"Section 8","url":"https://www.researchgate.net/publication/378588233_The_Key_Lattice_Framework_for_Concurrent_Group_Messaging"},{"id":"anchor-paper-69-publication","source_id":"source-paper-69-official","label":"Official publication identity","locator":"ACNS 2024, DOI 10.1007/978-3-031-54773-7_6","url":"https://doi.org/10.1007/978-3-031-54773-7_6"},{"id":"anchor-paper-69-citation-count","source_id":"source-paper-69-citations","label":"Dated citation-count snapshot","locator":"OpenAlex cited_by_count was 1 when accessed 2026-07-11","url":"https://api.openalex.org/works/W4392529045"}],"nodes":[{"id":"paper-69","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Key lattice for concurrent group messaging","summary":"A framework and protocol that replace globally synchronized messaging epochs with partially ordered per-participant key evolution while formalizing forward and post-compromise security.","source_anchor_ids":["anchor-paper-69-problem"]},{"id":"paper-69-question","kind":"question","parent_id":"paper-69","order":1,"epistemic_status":"research_question","title":"Research question","summary":"How can a group evolve keys securely when members issue updates concurrently and messages arrive out of order, so that no universally agreed current epoch exists?","source_anchor_ids":["anchor-paper-69-problem","anchor-paper-69-model"]},{"id":"paper-69-answer","kind":"contribution","parent_id":"paper-69","order":2,"epistemic_status":"proved_conditionally","title":"Central answer","summary":"Place each key state at a lattice coordinate, advance the sender's coordinate with a commutative KeyRoll operation, and define security through which coordinates a compromised view can or cannot traverse.","source_anchor_ids":["anchor-paper-69-lattice","anchor-paper-69-group-protocol"]},{"id":"paper-69-model","kind":"model","parent_id":"paper-69","order":3,"epistemic_status":"formalized","title":"Concurrent static-group model","summary":"The core theorem treats a fixed set of n participants exchanging application messages and update messages over an asynchronous network with possible reordering and concurrent sender updates.","source_anchor_ids":["anchor-paper-69-model","anchor-paper-69-group-protocol"]},{"id":"paper-69-model-adversary","kind":"threat_model","parent_id":"paper-69-model","order":1,"epistemic_status":"defined","title":"Adaptive compromise and freshness","summary":"Security games expose evolving participant state and message transcripts; freshness is expressed relative to compromise and recovery paths through the lattice rather than by one global epoch number.","source_anchor_ids":["anchor-paper-69-model","anchor-paper-69-lattice"]},{"id":"paper-69-framework","kind":"framework","parent_id":"paper-69","order":4,"epistemic_status":"constructed","title":"n-dimensional key lattice","summary":"A point in the integer lattice records how many key rolls are known along each participant's dimension, and each receiver maintains a local view sufficient to process reachable updates and messages.","source_anchor_ids":["anchor-paper-69-lattice"]},{"id":"paper-69-framework-fs","kind":"security_goal","parent_id":"paper-69-framework","order":1,"epistemic_status":"formalized","title":"Forward secrecy as backward non-traversability","summary":"Deleting obsolete state should prevent a later compromise at a newer coordinate from traversing backward to derive protected earlier keys.","source_anchor_ids":["anchor-paper-69-lattice"]},{"id":"paper-69-framework-pcs","kind":"security_goal","parent_id":"paper-69-framework","order":2,"epistemic_status":"formalized","title":"Post-compromise security as forward recovery","summary":"A fresh honest update moves key state in a direction the adversary cannot traverse from compromised coordinates, restoring secrecy for later reachable states.","source_anchor_ids":["anchor-paper-69-lattice"]},{"id":"paper-69-protocol","kind":"protocol","parent_id":"paper-69","order":5,"epistemic_status":"constructed","title":"Concurrent group-messaging protocol","summary":"The construction composes an initial group key agreement, a group-random-messaging update layer, and AEAD-protected application payloads.","source_anchor_ids":["anchor-paper-69-grm","anchor-paper-69-group-protocol"]},{"id":"paper-69-protocol-gka","kind":"protocol_component","parent_id":"paper-69-protocol","order":1,"epistemic_status":"assumed_primitive","title":"Initial group key agreement","summary":"A secure asynchronous GKA establishes the initial shared state; its security is assumed by the group-messaging reduction rather than reconstructed by the key-lattice layer.","source_anchor_ids":["anchor-paper-69-model","anchor-paper-69-security"]},{"id":"paper-69-protocol-grm","kind":"protocol_component","parent_id":"paper-69-protocol","order":2,"epistemic_status":"constructed","title":"Group random messaging update","summary":"The concrete GRM sends evolving ephemeral public-key material and authenticated encrypted randomness, erasing obsolete decryption keys so updates can refresh the appropriate lattice direction.","source_anchor_ids":["anchor-paper-69-grm"]},{"id":"paper-69-protocol-payload","kind":"protocol_component","parent_id":"paper-69-protocol","order":3,"epistemic_status":"constructed_from_primitive","title":"AEAD payload protection","summary":"Application messages use the key at the relevant local lattice point and carry coordinate information needed for receivers to select or derive the matching state.","source_anchor_ids":["anchor-paper-69-group-protocol"]},{"id":"paper-69-results","kind":"claim_group","parent_id":"paper-69","order":6,"epistemic_status":"theorem_backed","title":"Security and cost results","summary":"The source proves security by reductions to GKA, GRM, and AEAD and analytically derives constant payload and linear update overhead.","source_anchor_ids":["anchor-paper-69-security","anchor-paper-69-problem"]},{"id":"paper-69-result-grm","kind":"theorem","parent_id":"paper-69-results","order":1,"epistemic_status":"proved_conditionally","title":"GRM security","summary":"Theorem 5.1 reduces security of the concrete evolving-key GRM construction to the stated public-key encryption, authenticated-encryption or MAC, and deletion assumptions.","source_anchor_ids":["anchor-paper-69-grm"]},{"id":"paper-69-result-group","kind":"theorem","parent_id":"paper-69-results","order":2,"epistemic_status":"proved_conditionally","title":"Group-messaging reduction","summary":"Theorem 6.1 bounds the group-messaging adversary by 2 nS times GKA advantage, plus 2 nS n times GRM advantage, plus nS nq times AEAD CCA advantage, with nS and nq denoting the theorem's session and query bounds.","source_anchor_ids":["anchor-paper-69-security"]},{"id":"paper-69-result-cost","kind":"claim","parent_id":"paper-69-results","order":3,"epistemic_status":"analytically_derived","title":"Constant payload, linear update","summary":"Application-message overhead is O(1) in group size and update-message overhead is O(n); the paper argues these asymptotics are optimal for the modeled functionality.","source_anchor_ids":["anchor-paper-69-problem","anchor-paper-69-group-protocol"]},{"id":"paper-69-evidence","kind":"evidence_group","parent_id":"paper-69","order":7,"epistemic_status":"formal","title":"Formal evidence","summary":"The evidence consists of syntax and security games, lattice definitions, concrete constructions, reduction theorems, and asymptotic communication analysis; no implementation benchmark is presented.","source_anchor_ids":["anchor-paper-69-model","anchor-paper-69-lattice","anchor-paper-69-grm","anchor-paper-69-security"]},{"id":"paper-69-boundaries","kind":"limitation_group","parent_id":"paper-69","order":8,"epistemic_status":"explicitly_bounded","title":"Scope and tradeoffs","summary":"The core proof covers a static group and relies on secure primitives, key deletion, and state handling; fully asynchronous delivery creates an unavoidable correctness-versus-forward-secrecy storage tradeoff.","source_anchor_ids":["anchor-paper-69-window","anchor-paper-69-dynamic"]},{"id":"paper-69-boundary-window","kind":"limitation","parent_id":"paper-69-boundaries","order":1,"epistemic_status":"explicit_tradeoff","title":"Out-of-order window","summary":"Retaining every obsolete key allows arbitrarily delayed decryption but defeats forward deletion; bounding the receive window preserves deletion but may make sufficiently delayed messages undecryptable.","source_anchor_ids":["anchor-paper-69-window"]},{"id":"paper-69-boundary-dynamic","kind":"limitation","parent_id":"paper-69-boundaries","order":2,"epistemic_status":"informal_extension","title":"Dynamic membership is not re-proved","summary":"Section 8 sketches joins and removals as an extension, but the represented body does not restate and prove the full security theorem for dynamic groups; the formal core should therefore be read as static-group security.","source_anchor_ids":["anchor-paper-69-dynamic"]},{"id":"paper-69-boundary-implementation","kind":"limitation","parent_id":"paper-69-boundaries","order":3,"epistemic_status":"not_evaluated","title":"No implementation or operational evaluation","summary":"The source does not measure latency, storage growth, failed deliveries, state rollback, side channels, or deployment behavior under real messaging workloads.","source_anchor_ids":["anchor-paper-69-group-protocol","anchor-paper-69-window"]},{"id":"paper-69-resources","kind":"artifact_group","parent_id":"paper-69","order":9,"epistemic_status":"source_available","title":"Auditable resources","summary":"IACR and author-uploaded full-text routes expose the model and proofs, and the DOI establishes publication identity. No code artifact is claimed.","source_anchor_ids":["anchor-paper-69-problem","anchor-paper-69-publication"]},{"id":"paper-69-scrutiny","kind":"scrutiny","parent_id":"paper-69","order":10,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"ACNS publication establishes venue review; no public proof audit, implementation reproduction, correction, or independent adversarial analysis was located.","source_anchor_ids":["anchor-paper-69-publication"]},{"id":"paper-69-lineage","kind":"lineage","parent_id":"paper-69","order":11,"epistemic_status":"documented","title":"Conceptual lineage","summary":"The key lattice generalizes epoch-based forward-secure and post-compromise-secure messaging into a partial order suited to concurrent senders and locally observed state.","source_anchor_ids":["anchor-paper-69-problem","anchor-paper-69-lattice"]}],"relations":[{"id":"paper-69-rel-answer-question","type":"addresses","from_id":"paper-69-answer","to_id":"paper-69-question"},{"id":"paper-69-rel-framework-answer","type":"realizes","from_id":"paper-69-framework","to_id":"paper-69-answer"},{"id":"paper-69-rel-fs-framework","type":"formalized_by","from_id":"paper-69-framework-fs","to_id":"paper-69-framework"},{"id":"paper-69-rel-pcs-framework","type":"formalized_by","from_id":"paper-69-framework-pcs","to_id":"paper-69-framework"},{"id":"paper-69-rel-protocol-answer","type":"instantiates","from_id":"paper-69-protocol","to_id":"paper-69-answer"},{"id":"paper-69-rel-grm-protocol","type":"component_of","from_id":"paper-69-protocol-grm","to_id":"paper-69-protocol"},{"id":"paper-69-rel-group-result-protocol","type":"supports","from_id":"paper-69-result-group","to_id":"paper-69-protocol"},{"id":"paper-69-rel-grm-result-component","type":"supports","from_id":"paper-69-result-grm","to_id":"paper-69-protocol-grm"},{"id":"paper-69-rel-evidence-results","type":"supports","from_id":"paper-69-evidence","to_id":"paper-69-results"},{"id":"paper-69-rel-boundaries-results","type":"qualifies","from_id":"paper-69-boundaries","to_id":"paper-69-results"},{"id":"paper-69-rel-dynamic-result","type":"does_not_extend_automatically_to","from_id":"paper-69-boundary-dynamic","to_id":"paper-69-result-group"},{"id":"paper-69-rel-resources-evidence","type":"enables_audit_of","from_id":"paper-69-resources","to_id":"paper-69-evidence"},{"id":"paper-69-rel-lineage-paper","type":"contextualizes","from_id":"paper-69-lineage","to_id":"paper-69"}],"assessment":{"id":"paper-69-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The full source gives formal syntax, security games, constructions, reduction theorems, and cost analysis. High applies to the static-group conditional claims and does not extend to the informal dynamic-membership sketch.","basis_source_anchor_ids":["anchor-paper-69-model","anchor-paper-69-lattice","anchor-paper-69-grm","anchor-paper-69-security"]},{"id":"auditability","level":"high","rationale":"Public IACR and author-uploaded full text plus the official DOI make assumptions, definitions, theorem statements, and proof arguments directly inspectable.","basis_source_anchor_ids":["anchor-paper-69-problem","anchor-paper-69-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, public manuscript routes, venue, year, and DOI are documented; contributor roles, revision history, proof-development tools, and artifact lineage are not.","basis_source_anchor_ids":["anchor-paper-69-problem","anchor-paper-69-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"ACNS publication establishes venue scrutiny, but public review reports, independent proof checking, implementation replication, and correction history were not located.","basis_source_anchor_ids":["anchor-paper-69-publication"]},{"id":"reception","level":"low","rationale":"The dated OpenAlex snapshot located 1 citation. Under the author-defined rule, 0 through 8 located citations is Low; counts do not determine correctness.","basis_source_anchor_ids":["anchor-paper-69-citation-count"]},{"id":"contribution_significance","level":"high","rationale":"The lattice formulation supplies a new abstraction for concurrent key evolution and unifies directional views of forward and post-compromise security with a proved protocol instantiation.","basis_source_anchor_ids":["anchor-paper-69-problem","anchor-paper-69-lattice","anchor-paper-69-security"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex work lookup by DOI 10.1007/978-3-031-54773-7_6","citation_count":1,"source_url":"https://api.openalex.org/works/W4392529045","signals":["OpenAlex reported one citing work for the matched publication record."],"limitation":"Citation counts are index- and date-dependent and do not establish validity, novelty, or real-world use."}},"paper_7":{"schema_version":"0.1","map_id":"paper-7-map","publication_id":7,"publication_anchor":"paper-7","slug":"paper-7","canonical_path":"/knowledge/papers/paper-7/","machine_path":"/knowledge/papers/paper-7.json","root_node_id":"paper-7","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"ALARM: Anonymous Location-Aided Routing in Suspicious MANETs","year":2007,"venue":"IEEE International Conference on Network Protocols (ICNP)","topic":"privacy-identity","labels":["Theory","Applied"],"authors":["Karim Eldefrawy","Gene Tsudik"],"keywords":["anonymous routing","location privacy","group signatures"],"research_question":"Can a link-state mobile ad hoc routing protocol authenticate topology information and deliver to geographic destinations without exposing stable node identities or readily linkable location histories?","central_answer":"ALARM has every member periodically flood a group-signed location announcement containing a timestamp, temporary public key, and one-time pseudonym. Nodes construct a location topology and route to locations rather than long-term identities. The paper informally analyzes passive-insider and active-outsider security and simulates privacy under several mobility models.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, evidence linking, and initial assessment"}],"method":"Full-source audit of the checked-in UCI author copy and official IEEE DOI record.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-drafted, source-linked map awaiting author verification before approval."}},"sources":[{"id":"source-paper-7-paper","type":"author_copy","title":"ALARM: Anonymous Location-Aided Routing in Suspicious MANETs","url":"/pubs/2007/alarm-icnp2007.pdf","media_type":"application/pdf","sha256":"8413fcbe7caba7e218d60019e7a7e4ae4ad5ca28a1c695cbf5fdb5abbc613e14","page_count":10,"provenance_category":"author","version_note":"UCI author-hosted conference paper; local copy checked 2026-07-11."},{"id":"source-paper-7-author","type":"author_copy_origin","title":"UCI author copy","url":"https://ics.uci.edu/~gts/paps/alarm07.pdf"},{"id":"source-paper-7-official","type":"official_publication_record","title":"IEEE DOI record","url":"https://doi.org/10.1109/ICNP.2007.4375861"},{"id":"source-paper-7-citations","type":"citation_search","title":"Dated scholarly-web citation search","url":"https://scholar.google.com/scholar?q=%22ALARM%3A+Anonymous+Location-Aided+Routing+in+Suspicious+MANETs%22","version_note":"Search attempted 2026-07-11; no transparent citation count was retrievable in this environment."}],"source_anchors":[{"id":"anchor-paper-7-problem","source_id":"source-paper-7-paper","label":"Goals, contributions, and routing choice","locator":"Abstract and Sections I-II, PDF pages 1-3","url":"/pubs/2007/alarm-icnp2007.pdf#page=1"},{"id":"anchor-paper-7-assumptions","source_id":"source-paper-7-paper","label":"System assumptions and group-signature interface","locator":"Section IV, PDF pages 4-5","url":"/pubs/2007/alarm-icnp2007.pdf#page=4"},{"id":"anchor-paper-7-protocol","source_id":"source-paper-7-paper","label":"LAM generation, flooding, pseudonyms, and delivery","locator":"Section IV, PDF pages 5-6","url":"/pubs/2007/alarm-icnp2007.pdf#page=5"},{"id":"anchor-paper-7-security","source_id":"source-paper-7-paper","label":"Threat model and informal security analysis","locator":"Section V, PDF pages 6-7","url":"/pubs/2007/alarm-icnp2007.pdf#page=6"},{"id":"anchor-paper-7-metric","source_id":"source-paper-7-paper","label":"Average Node Privacy definition","locator":"Section VI, PDF pages 7-8","url":"/pubs/2007/alarm-icnp2007.pdf#page=7"},{"id":"anchor-paper-7-results","source_id":"source-paper-7-paper","label":"Mobility-model simulation results","locator":"Section VI and Figures 3-6, PDF pages 7-9","url":"/pubs/2007/alarm-icnp2007.pdf#page=7"},{"id":"anchor-paper-7-discussion","source_id":"source-paper-7-paper","label":"Overhead, insider protection, and deployment boundaries","locator":"Section VII, PDF pages 9-10","url":"/pubs/2007/alarm-icnp2007.pdf#page=9"},{"id":"anchor-paper-7-provenance","source_id":"source-paper-7-author","label":"Author-copy provenance","locator":"Public UCI author-hosted PDF","url":"https://ics.uci.edu/~gts/paps/alarm07.pdf"},{"id":"anchor-paper-7-publication","source_id":"source-paper-7-official","label":"Official publication metadata","locator":"DOI 10.1109/ICNP.2007.4375861","url":"https://doi.org/10.1109/ICNP.2007.4375861"},{"id":"anchor-paper-7-citation-search","source_id":"source-paper-7-citations","label":"Citation search attempted","locator":"Exact-title search, 2026-07-11; no verified count retrieved","url":"https://scholar.google.com/scholar?q=%22ALARM%3A+Anonymous+Location-Aided+Routing+in+Suspicious+MANETs%22"}],"nodes":[{"id":"paper-7","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"ALARM","summary":"A location-aided link-state routing protocol that combines group signatures, rotating pseudonyms, and temporary encryption keys to reduce identity and movement disclosure.","source_anchor_ids":["anchor-paper-7-problem","anchor-paper-7-publication"]},{"id":"paper-7-question","kind":"question","parent_id":"paper-7","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can nodes authenticate a mobile topology and route by location while remaining anonymous and difficult to track?","source_anchor_ids":["anchor-paper-7-problem"]},{"id":"paper-7-answer","kind":"contribution","parent_id":"paper-7","order":2,"epistemic_status":"proposed_and_simulated","title":"Central answer","summary":"Authenticate unlinkable per-slot location announcements with group signatures, derive a common topology snapshot, and address encrypted traffic to a location-bound temporary key and pseudonym.","source_anchor_ids":["anchor-paper-7-protocol","anchor-paper-7-results"]},{"id":"paper-7-scope","kind":"scope","parent_id":"paper-7","order":3,"epistemic_status":"explicitly_scoped","title":"Environment and trust assumptions","summary":"Nodes know location and time, share a bounded radio range, move enough to create ambiguity, and obtain group credentials from an offline group manager; the analysis assumes a passive insider or active outsider.","source_anchor_ids":["anchor-paper-7-assumptions","anchor-paper-7-security"]},{"id":"paper-7-protocol","kind":"protocol","parent_id":"paper-7","order":4,"epistemic_status":"specified","title":"Location Announcement Message protocol","summary":"Each slot, a node floods its location, timestamp, temporary public key, and group signature. Recipients verify and deduplicate LAMs, build a geographic connectivity graph, and use the signature as a one-slot pseudonym.","source_anchor_ids":["anchor-paper-7-protocol"]},{"id":"paper-7-routing","kind":"component","parent_id":"paper-7-protocol","order":1,"epistemic_status":"specified","title":"Location-addressed delivery","summary":"A sender selects the current pseudonym at the destination location and encrypts under that LAM's temporary key, avoiding a stable identity in route establishment.","source_anchor_ids":["anchor-paper-7-protocol"]},{"id":"paper-7-security","kind":"claim_group","parent_id":"paper-7","order":5,"epistemic_status":"informally_argued","title":"Security and privacy claims","summary":"Group-signature verification authenticates membership without naming the signer; timestamps resist replay, while randomized movement and fresh signatures are intended to frustrate linking across topology snapshots.","source_anchor_ids":["anchor-paper-7-security"]},{"id":"paper-7-insider","kind":"limitation","parent_id":"paper-7-security","order":1,"epistemic_status":"conditional","title":"Active-insider boundary","summary":"Ordinary group signatures do not stop a malicious member from multiple-location Sybil announcements; self-distinguishing signatures or tamper-resistant location/signing hardware is required for that stronger threat.","source_anchor_ids":["anchor-paper-7-protocol","anchor-paper-7-discussion"]},{"id":"paper-7-metric","kind":"metric","parent_id":"paper-7","order":6,"epistemic_status":"defined","title":"Average Node Privacy","summary":"ANP measures, across two topology snapshots, the average fraction of later nodes to which an earlier node can remain plausibly mapped; it ranges from complete traceability to full ambiguity.","source_anchor_ids":["anchor-paper-7-metric"]},{"id":"paper-7-evidence","kind":"evidence_group","parent_id":"paper-7","order":7,"epistemic_status":"simulation","title":"Mobility simulations","summary":"Random-walk, random-waypoint, and reference-point group mobility experiments vary speed and evaluate ANP; privacy deteriorates when motion is slow, predictable, or preserves relative group positions.","source_anchor_ids":["anchor-paper-7-results"]},{"id":"paper-7-boundaries","kind":"limitation_group","parent_id":"paper-7","order":8,"epistemic_status":"material","title":"Protocol boundaries","summary":"Jamming and DoS, physical observation, and strongly correlated movement are outside the claimed protection. Periodic network-wide LAM flooding costs bandwidth and power and reveals topology and network size.","source_anchor_ids":["anchor-paper-7-security","anchor-paper-7-results","anchor-paper-7-discussion"]},{"id":"paper-7-artifacts","kind":"artifact","parent_id":"paper-7","order":9,"epistemic_status":"paper_available_no_code","title":"Artifacts","summary":"A fixed author copy is available locally; protocol code, group-signature integration, simulator configuration, and result data were not located.","source_anchor_ids":["anchor-paper-7-results","anchor-paper-7-provenance"]},{"id":"paper-7-scrutiny","kind":"scrutiny","parent_id":"paper-7","order":10,"epistemic_status":"peer_reviewed","title":"Scrutiny","summary":"ALARM appeared at IEEE ICNP 2007. The paper provides an informal analysis and simulations, but no formal security proof or independent reproduction was located.","source_anchor_ids":["anchor-paper-7-security","anchor-paper-7-publication"]}],"relations":[{"id":"paper-7-relation-protocol-realizes-answer","type":"realizes","from_id":"paper-7-protocol","to_id":"paper-7-answer"},{"id":"paper-7-relation-routing-component","type":"component_of","from_id":"paper-7-routing","to_id":"paper-7-protocol"},{"id":"paper-7-relation-security-supports-answer","type":"supports","from_id":"paper-7-security","to_id":"paper-7-answer"},{"id":"paper-7-relation-metric-evaluates-answer","type":"evaluates","from_id":"paper-7-metric","to_id":"paper-7-answer"},{"id":"paper-7-relation-evidence-supports-answer","type":"supports","from_id":"paper-7-evidence","to_id":"paper-7-answer"},{"id":"paper-7-relation-insider-qualifies-security","type":"qualifies","from_id":"paper-7-insider","to_id":"paper-7-security"},{"id":"paper-7-relation-boundaries-qualify-answer","type":"qualifies","from_id":"paper-7-boundaries","to_id":"paper-7-answer"}],"assessment":{"id":"paper-7-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The protocol, threat boundaries, informal analysis, privacy metric, and mobility simulations are documented, but no formal proof, implementation, or independent reproduction is supplied.","basis_source_anchor_ids":["anchor-paper-7-protocol","anchor-paper-7-security","anchor-paper-7-metric","anchor-paper-7-results"]},{"id":"auditability","level":"high","rationale":"A fixed author-hosted full text is checked in with page count and hash, making the protocol and evidence directly inspectable.","basis_source_anchor_ids":["anchor-paper-7-provenance","anchor-paper-7-results"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, author-copy provenance, and official metadata are documented; roles, revisions, tool use, and simulation lineage are not.","basis_source_anchor_ids":["anchor-paper-7-provenance","anchor-paper-7-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"The work has an official full-conference publication record; public reviews, formal verification, and independent reproduction were not located.","basis_source_anchor_ids":["anchor-paper-7-publication"]},{"id":"reception","level":"low","rationale":"No citations were verifiably located in the constrained dated search. Under the author's 0-8 rule this is low, but it is not a claim that the paper has no citations.","basis_source_anchor_ids":["anchor-paper-7-citation-search"]},{"id":"contribution_significance","level":"high","rationale":"ALARM combines a concrete routing protocol, anonymity mechanism, insider/outsider analysis, and an explicit privacy metric, while making its mobility and insider assumptions visible.","basis_source_anchor_ids":["anchor-paper-7-problem","anchor-paper-7-protocol","anchor-paper-7-metric","anchor-paper-7-discussion"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"Exact-title scholarly-web search; transparent index count unavailable","source":"Google Scholar query route plus general scholarly-web search","citation_count":0,"signals":[],"limitation":"Zero means no citations were verifiably located during this constrained search, not a total bibliometric count; author should replace it with a confirmed index snapshot."}},"paper_70":{"schema_version":"0.1","map_id":"paper-70-map","publication_id":70,"publication_anchor":"paper-70","slug":"paper-70","canonical_path":"/knowledge/papers/paper-70/","machine_path":"/knowledge/papers/paper-70.json","root_node_id":"paper-70","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"Entanglement-Based Mutual Quantum Distance Bounding","short_title":"Mutual Quantum Distance Bounding","year":2024,"venue":"8th International Symposium on Cyber Security, Cryptology, and Machine Learning (CSCML)","publication_status":"Published","topic":"secure-systems-networks","labels":["Theory"],"authors":["Aysajan Abidin","Karim Eldefrawy","Dave Singelée"],"keywords":["quantum distance bounding","mutual authentication","entanglement","relay attacks","distance fraud","mafia fraud"],"research_question":"Can entangled quantum challenges let two parties bound each other's distance in one protocol execution, with fewer rounds than running two one-way protocols and with explicit resistance arguments for reflection and relay attacks?","central_answer":"The paper proposes an entanglement-based one-way protocol and a mutual protocol in which both parties obtain timing evidence during one execution. The mutual design reduces rounds and communication relative to two separate one-way runs and gives informal success-probability analyses for several frauds. It is not terrorist-fraud resistant as presented, and it provides neither a formal quantum security proof nor an experimental implementation.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text protocol extraction, attack-boundary mapping, and initial assessment"}],"method":"Source-grounded review of the complete 23-page arXiv manuscript, including visual inspection of the title and security-analysis pages, cross-checked against the official CSCML DOI.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting author verification; verify protocol-flow interpretation, attack probabilities, evidence boundaries, and ratings before approval."}},"sources":[{"id":"source-paper-70-local-pdf","type":"public_preprint","title":"Entanglement-Based Mutual Quantum Distance Bounding","url":"/pubs/2024/quantum-distance-bounding-cscml2024.pdf","provenance_category":"archive","retrieved_from":"https://arxiv.org/pdf/2305.09905","media_type":"application/pdf","sha256":"a0fa5f76a6fdec8dbf53df826fc5169cfde32d05885581c9e60bdca18c14d033","page_count":23},{"id":"source-paper-70-arxiv","type":"public_preprint_record","title":"arXiv 2305.09905","url":"https://arxiv.org/abs/2305.09905","provenance_category":"archive"},{"id":"source-paper-70-official","type":"official_publication_record","title":"CSCML publication record","url":"https://doi.org/10.1007/978-3-031-76934-4_14","provenance_category":"official"},{"id":"source-paper-70-citations","type":"citation_index_snapshot","title":"OpenAlex record W4405464499","url":"https://api.openalex.org/works/W4405464499","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-70-problem","source_id":"source-paper-70-local-pdf","label":"Distance-bounding problem and claimed contributions","locator":"Abstract and Section 1, PDF pages 1-4","url":"/pubs/2024/quantum-distance-bounding-cscml2024.pdf#page=1"},{"id":"anchor-paper-70-background","source_id":"source-paper-70-local-pdf","label":"Classical and quantum distance-bounding background and attacks","locator":"Sections 2-3, PDF pages 4-10","url":"/pubs/2024/quantum-distance-bounding-cscml2024.pdf#page=4"},{"id":"anchor-paper-70-one-way","source_id":"source-paper-70-local-pdf","label":"Entanglement-based one-way protocol","locator":"Section 4, PDF pages 11-13","url":"/pubs/2024/quantum-distance-bounding-cscml2024.pdf#page=11"},{"id":"anchor-paper-70-mutual","source_id":"source-paper-70-local-pdf","label":"Mutual protocol, message flow, and efficiency","locator":"Section 5, PDF pages 13-15","url":"/pubs/2024/quantum-distance-bounding-cscml2024.pdf#page=13"},{"id":"anchor-paper-70-security","source_id":"source-paper-70-local-pdf","label":"Informal security analysis and attack probabilities","locator":"Section 6, PDF pages 16-20","url":"/pubs/2024/quantum-distance-bounding-cscml2024.pdf#page=16"},{"id":"anchor-paper-70-feasibility","source_id":"source-paper-70-local-pdf","label":"Feasibility discussion and relation to QKD equipment","locator":"Section 7, PDF pages 20-21","url":"/pubs/2024/quantum-distance-bounding-cscml2024.pdf#page=20"},{"id":"anchor-paper-70-conclusion","source_id":"source-paper-70-local-pdf","label":"Conclusions and open formal and experimental work","locator":"Section 8, PDF pages 21-22","url":"/pubs/2024/quantum-distance-bounding-cscml2024.pdf#page=21"},{"id":"anchor-paper-70-publication","source_id":"source-paper-70-official","label":"Official publication identity","locator":"CSCML proceedings, DOI 10.1007/978-3-031-76934-4_14","url":"https://doi.org/10.1007/978-3-031-76934-4_14"},{"id":"anchor-paper-70-citation-count","source_id":"source-paper-70-citations","label":"Dated citation-count snapshot","locator":"OpenAlex cited_by_count was 2 when accessed 2026-07-11","url":"https://api.openalex.org/works/W4405464499"}],"nodes":[{"id":"paper-70","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Entanglement-based mutual quantum distance bounding","summary":"A pair of shared-key quantum protocols, culminating in a mutual construction that uses entanglement and timed rapid exchanges to let both endpoints estimate an upper bound on their separation.","source_anchor_ids":["anchor-paper-70-problem"]},{"id":"paper-70-question","kind":"question","parent_id":"paper-70","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can one quantum execution provide authenticated distance evidence in both directions while avoiding reflection and relay weaknesses of simply composing earlier one-way protocols?","source_anchor_ids":["anchor-paper-70-problem","anchor-paper-70-background"]},{"id":"paper-70-answer","kind":"contribution","parent_id":"paper-70","order":2,"epistemic_status":"source_asserted","title":"Central answer","summary":"The proposed mutual exchange entangles the timing-sensitive responses of both parties and adds a commitment to prevent one side from adapting its hidden random value, allowing each side to time a response within one execution.","source_anchor_ids":["anchor-paper-70-mutual","anchor-paper-70-security"]},{"id":"paper-70-model","kind":"model","parent_id":"paper-70","order":3,"epistemic_status":"informally_defined","title":"Shared-key quantum distance-bounding setting","summary":"Parties share a long-term secret and derive per-session bit strings from a PRF and fresh nonces; they can prepare, transmit, and measure entangled quantum states while timing selected message legs.","source_anchor_ids":["anchor-paper-70-one-way","anchor-paper-70-mutual"]},{"id":"paper-70-model-adversaries","kind":"threat_model","parent_id":"paper-70-model","order":1,"epistemic_status":"informally_defined","title":"Fraud classes considered","summary":"The analysis treats distance fraud by a dishonest endpoint, mafia fraud by a relay, reflection, photon splitting, and terrorist fraud in which a legitimate prover helps an attacker without intending to reveal its long-term key.","source_anchor_ids":["anchor-paper-70-background","anchor-paper-70-security"]},{"id":"paper-70-protocols","kind":"protocol","parent_id":"paper-70","order":4,"epistemic_status":"specified","title":"Entanglement-based protocol family","summary":"The paper first gives a one-way primitive and then couples two timing directions in a mutual exchange rather than executing the primitive twice independently.","source_anchor_ids":["anchor-paper-70-one-way","anchor-paper-70-mutual"]},{"id":"paper-70-protocol-one-way","kind":"protocol_component","parent_id":"paper-70-protocols","order":1,"epistemic_status":"specified","title":"One-way entangled challenge","summary":"The verifier prepares entangled pairs, sends one half as the rapid challenge, keeps the other half, and checks the prover's measurement-dependent response against secret-derived bases while using round-trip time to bound distance.","source_anchor_ids":["anchor-paper-70-one-way"]},{"id":"paper-70-protocol-mutual","kind":"protocol_component","parent_id":"paper-70-protocols","order":2,"epistemic_status":"specified","title":"Mutual timed exchange","summary":"One party commits to a random mask r; the other sends entangled challenges; the first rapid response is masked by r; the challenger returns r in the reverse timing direction; and the commitment opening and check data allow both parties to validate the same execution.","source_anchor_ids":["anchor-paper-70-mutual"]},{"id":"paper-70-protocol-efficiency","kind":"property","parent_id":"paper-70-protocols","order":3,"epistemic_status":"analytically_derived","title":"Fewer rounds than two one-way runs","summary":"The source reports 25 percent fewer communication rounds and correspondingly less communication than sequentially running two one-way protocols.","source_anchor_ids":["anchor-paper-70-mutual"]},{"id":"paper-70-results","kind":"claim_group","parent_id":"paper-70","order":5,"epistemic_status":"informally_analyzed","title":"Security claims and calculations","summary":"The paper gives attack-specific probability calculations and qualitative arguments rather than one composable quantum-security theorem.","source_anchor_ids":["anchor-paper-70-security"]},{"id":"paper-70-result-reflection","kind":"claim","parent_id":"paper-70-results","order":1,"epistemic_status":"argued","title":"Reflection is detected","summary":"Entanglement correlations and distinct secret-derived strings are used to distinguish a reflected challenge from the response expected from a legitimate remote party.","source_anchor_ids":["anchor-paper-70-security"]},{"id":"paper-70-result-distance","kind":"claim","parent_id":"paper-70-results","order":2,"epistemic_status":"analytically_derived_under_model","title":"Distance-fraud probabilities","summary":"The one-way analysis gives success probability 2^(-HD(a,b)). In the mutual protocol the two dishonest-party cases are asymmetric: one endpoint can use unentangled states for a 2^(-HD(b,c)) strategy, while the other has the stated default bound 2^(-n).","source_anchor_ids":["anchor-paper-70-security"]},{"id":"paper-70-result-mafia","kind":"claim","parent_id":"paper-70-results","order":3,"epistemic_status":"analytically_derived_under_model","title":"Mafia-fraud bound","summary":"The relay analysis gives a per-n-bit success probability of (5/8)^n under the protocol's idealized state-preparation, measurement, and timing assumptions.","source_anchor_ids":["anchor-paper-70-security"]},{"id":"paper-70-result-photon","kind":"claim","parent_id":"paper-70-results","order":4,"epistemic_status":"argued","title":"Photon splitting gives no modeled advantage","summary":"Under the assumed source and measurement model, the paper argues that splitting photons does not improve the attacker beyond the analyzed mafia-fraud strategy.","source_anchor_ids":["anchor-paper-70-security"]},{"id":"paper-70-evidence","kind":"evidence_group","parent_id":"paper-70","order":6,"epistemic_status":"analytical_not_formal_or_empirical","title":"Evidence structure","summary":"The source provides explicit message flows, operation and round comparisons, and informal attack calculations. Feasibility is argued from similarity to QKD components, not shown by a prototype or experiment.","source_anchor_ids":["anchor-paper-70-mutual","anchor-paper-70-security","anchor-paper-70-feasibility"]},{"id":"paper-70-boundaries","kind":"limitation_group","parent_id":"paper-70","order":7,"epistemic_status":"explicitly_bounded","title":"Scope and open requirements","summary":"The work is a protocol proposal with idealized analysis; a complete quantum game-based proof, noisy-channel treatment, hardware implementation, and experimental distance measurements remain open.","source_anchor_ids":["anchor-paper-70-security","anchor-paper-70-feasibility","anchor-paper-70-conclusion"]},{"id":"paper-70-boundary-terrorist","kind":"limitation","parent_id":"paper-70-boundaries","order":1,"epistemic_status":"acknowledged_gap","title":"No terrorist-fraud resistance as presented","summary":"The current PRF-based response structure allows a legitimate prover to help an attacker in the modeled terrorist-fraud setting; the paper sketches a possible modification rather than proving resistance.","source_anchor_ids":["anchor-paper-70-security"]},{"id":"paper-70-boundary-proof","kind":"limitation","parent_id":"paper-70-boundaries","order":2,"epistemic_status":"not_formally_proved","title":"No unified formal security model","summary":"The probability arguments do not constitute a composable or machine-checked quantum proof covering concurrency, adaptive corruption, noise, device imperfections, and all fraud classes.","source_anchor_ids":["anchor-paper-70-security","anchor-paper-70-conclusion"]},{"id":"paper-70-boundary-experiment","kind":"limitation","parent_id":"paper-70-boundaries","order":3,"epistemic_status":"not_evaluated","title":"No prototype or measured distance bound","summary":"QKD hardware compatibility is a feasibility argument only; the paper does not report photon loss, detector error, clock resolution, processing delay, or field distance measurements.","source_anchor_ids":["anchor-paper-70-feasibility","anchor-paper-70-conclusion"]},{"id":"paper-70-resources","kind":"artifact_group","parent_id":"paper-70","order":8,"epistemic_status":"source_available","title":"Auditable resources","summary":"The complete arXiv manuscript is checked into this site with page count and SHA-256, and the official DOI establishes the published CSCML identity. No implementation artifact is claimed.","source_anchor_ids":["anchor-paper-70-problem","anchor-paper-70-publication"]},{"id":"paper-70-scrutiny","kind":"scrutiny","parent_id":"paper-70","order":9,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"CSCML publication establishes venue review. No public formal proof audit, experimental reproduction, correction, or independent attack analysis was located.","source_anchor_ids":["anchor-paper-70-publication"]},{"id":"paper-70-lineage","kind":"lineage","parent_id":"paper-70","order":10,"epistemic_status":"documented","title":"Protocol lineage","summary":"The work extends one-way quantum distance-bounding approaches to mutual distance evidence and explicitly compares the single mutual execution with composing two one-way runs.","source_anchor_ids":["anchor-paper-70-background","anchor-paper-70-one-way","anchor-paper-70-mutual"]}],"relations":[{"id":"paper-70-rel-answer-question","type":"addresses","from_id":"paper-70-answer","to_id":"paper-70-question"},{"id":"paper-70-rel-model-answer","type":"scopes","from_id":"paper-70-model","to_id":"paper-70-answer"},{"id":"paper-70-rel-protocols-answer","type":"realizes","from_id":"paper-70-protocols","to_id":"paper-70-answer"},{"id":"paper-70-rel-one-way-protocols","type":"component_of","from_id":"paper-70-protocol-one-way","to_id":"paper-70-protocols"},{"id":"paper-70-rel-mutual-one-way","type":"extends","from_id":"paper-70-protocol-mutual","to_id":"paper-70-protocol-one-way"},{"id":"paper-70-rel-evidence-results","type":"supports","from_id":"paper-70-evidence","to_id":"paper-70-results"},{"id":"paper-70-rel-boundaries-results","type":"qualifies","from_id":"paper-70-boundaries","to_id":"paper-70-results"},{"id":"paper-70-rel-terrorist-results","type":"limits","from_id":"paper-70-boundary-terrorist","to_id":"paper-70-results"},{"id":"paper-70-rel-resources-evidence","type":"enables_audit_of","from_id":"paper-70-resources","to_id":"paper-70-evidence"},{"id":"paper-70-rel-lineage-paper","type":"contextualizes","from_id":"paper-70-lineage","to_id":"paper-70"}],"assessment":{"id":"paper-70-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The full source specifies both protocols and gives attack-specific probability arguments, but lacks a unified formal quantum proof, implementation, and experimental measurements. Medium reflects concrete analytical support with major validation boundaries.","basis_source_anchor_ids":["anchor-paper-70-one-way","anchor-paper-70-mutual","anchor-paper-70-security","anchor-paper-70-conclusion"]},{"id":"auditability","level":"high","rationale":"A complete checked-in arXiv manuscript with fixity and page count and the official DOI make the protocol flow, assumptions, calculations, and acknowledged limitations directly inspectable.","basis_source_anchor_ids":["anchor-paper-70-problem","anchor-paper-70-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, preprint identity, venue, year, and DOI are documented; contributor roles, revision history, tools, and artifact lineage are not.","basis_source_anchor_ids":["anchor-paper-70-problem","anchor-paper-70-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"CSCML publication establishes venue scrutiny, but public reports, formal proof review, experimental reproduction, and correction history were not located.","basis_source_anchor_ids":["anchor-paper-70-publication"]},{"id":"reception","level":"low","rationale":"The dated OpenAlex snapshot located 2 citations. Under the author-defined rule, 0 through 8 located citations is Low; counts do not measure validity.","basis_source_anchor_ids":["anchor-paper-70-citation-count"]},{"id":"contribution_significance","level":"high","rationale":"The source presents the first entanglement-based mutual quantum distance-bounding protocol and reduces rounds relative to two one-way executions, while practical and formal validation remain open.","basis_source_anchor_ids":["anchor-paper-70-problem","anchor-paper-70-mutual","anchor-paper-70-conclusion"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex work lookup by DOI 10.1007/978-3-031-76934-4_14","citation_count":2,"source_url":"https://api.openalex.org/works/W4405464499","signals":["OpenAlex reported 2 citing works for the matched publication record."],"limitation":"Citation counts are index- and date-dependent and do not establish security, feasibility, or adoption."}},"paper_71":{"schema_version":"0.1","map_id":"paper-71-map","publication_id":71,"publication_anchor":"paper-71","slug":"paper-71","canonical_path":"/knowledge/papers/paper-71/","machine_path":"/knowledge/papers/paper-71.json","root_node_id":"paper-71","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":[],"title":"Challenges in Timed-Cryptography: A Position Paper (Short Paper)","year":2024,"status":"Published · short paper","venue":"8th International Symposium on Cyber Security, Cryptology, and Machine Learning (CSCML)","topic":"secure-encrypted-computation","labels":["Theory","Perspective"],"authors":["Karim Eldefrawy","Ben Terner","Moti Yung"],"keywords":["timed cryptography","time-lock puzzles","random oracle model","simulation-based security","composability","falsifiable assumptions"],"research_question":"What foundational inconsistencies and proof gaps prevent current time-lock-puzzle analyses from supporting sound, generally composable timed cryptographic protocols?","central_answer":"The position paper identifies three recurring problems: mixing algebraic generation with random-oracle-like solving analyses, granting simulators enough computation to defeat the timed privacy being modeled, and proving only specialized forms of combination rather than general MPC composition. It argues that future foundations must model leakage and computational budgets consistently under falsifiable assumptions.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, argument mapping, and initial assessment"}],"method":"Source-grounded review of the complete 11-page IACR ePrint version, cross-checked against the official Springer chapter and dated citation-index record. The map distinguishes the authors' position and comparative critique from established impossibility results that the paper invokes, and does not recast argumentative claims as new formal theorems.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author audit. Interpretations of the critique, literature comparison, and ratings remain provisional until author approval."}},"sources":[{"id":"source-paper-71-eprint","type":"public_archive_copy","title":"Challenges in Timed Cryptography: A Position Paper","url":"https://eprint.iacr.org/2024/1529.pdf","landing_page_url":"https://eprint.iacr.org/2024/1529","provenance_category":"archive","media_type":"application/pdf","page_count":11,"license":"CC BY"},{"id":"source-paper-71-official","type":"official_publication_record","title":"Springer CSCML 2024 chapter record","url":"https://doi.org/10.1007/978-3-031-76934-4_22","provenance_category":"official"},{"id":"source-paper-71-openalex","type":"citation_index_snapshot","title":"OpenAlex record W4405464518","url":"https://openalex.org/W4405464518","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-71-abstract","source_id":"source-paper-71-eprint","label":"Position, three concerns, and paper objective","locator":"Abstract and Section 1, PDF pages 1-2","url":"https://eprint.iacr.org/2024/1529.pdf#page=1"},{"id":"anchor-paper-71-table","source_id":"source-paper-71-eprint","label":"Comparative model table","locator":"Table 1, PDF page 3","url":"https://eprint.iacr.org/2024/1529.pdf#page=3"},{"id":"anchor-paper-71-inconsistency","source_id":"source-paper-71-eprint","label":"Algebraic-generation and idealized-solving inconsistency argument","locator":"Sections 2-3, PDF pages 3-6","url":"https://eprint.iacr.org/2024/1529.pdf#page=3"},{"id":"anchor-paper-71-bbs","source_id":"source-paper-71-eprint","label":"Generalized BBS example and bounded indistinguishability","locator":"Section 3, Definition 1, PDF page 6","url":"https://eprint.iacr.org/2024/1529.pdf#page=6"},{"id":"anchor-paper-71-simulation","source_id":"source-paper-71-eprint","label":"Computationally meaningful simulation requirement","locator":"Section 4, PDF pages 6-8","url":"https://eprint.iacr.org/2024/1529.pdf#page=6"},{"id":"anchor-paper-71-stepwise","source_id":"source-paper-71-eprint","label":"Step-by-step companion simulation pattern and global-clock caution","locator":"Section 4, PDF pages 7-8","url":"https://eprint.iacr.org/2024/1529.pdf#page=7"},{"id":"anchor-paper-71-composition","source_id":"source-paper-71-eprint","label":"Limits of combination, non-malleability, and IND-CCA analyses","locator":"Section 5, PDF pages 8-9","url":"https://eprint.iacr.org/2024/1529.pdf#page=8"},{"id":"anchor-paper-71-conclusion","source_id":"source-paper-71-eprint","label":"Research agenda and three summarized shortcomings","locator":"Section 6, PDF pages 9-10","url":"https://eprint.iacr.org/2024/1529.pdf#page=9"},{"id":"anchor-paper-71-publication","source_id":"source-paper-71-official","label":"Official CSCML publication identity","locator":"CSCML 2024, pages 310-321, DOI 10.1007/978-3-031-76934-4_22","url":"https://doi.org/10.1007/978-3-031-76934-4_22"},{"id":"anchor-paper-71-citations","source_id":"source-paper-71-openalex","label":"Dated citation-count snapshot","locator":"OpenAlex reported 0 citing works when accessed 2026-07-11","url":"https://openalex.org/W4405464518"}],"nodes":[{"id":"paper-71","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published_position_paper","title":"Challenges in Timed-Cryptography: A Position Paper (Short Paper)","summary":"A theory-focused position paper auditing the modeling and proof obligations required for timed cryptography, especially time-lock puzzles used inside larger multi-party protocols.","source_anchor_ids":["anchor-paper-71-abstract"]},{"id":"paper-71-question","kind":"question","parent_id":"paper-71","order":1,"epistemic_status":"research_question","title":"Foundational question","summary":"Which parts of existing time-lock-puzzle analyses fail to support a consistent, falsifiable, and generally composable security claim?","source_anchor_ids":["anchor-paper-71-abstract"]},{"id":"paper-71-answer","kind":"contribution","parent_id":"paper-71","order":2,"epistemic_status":"argued_position","title":"Three-part diagnosis","summary":"The paper diagnoses inconsistent model mixing, computationally overpowered simulation, and insufficient composition guarantees, then advocates explicit computational budgets and a consistent treatment of intermediate-state leakage.","source_anchor_ids":["anchor-paper-71-abstract","anchor-paper-71-conclusion"]},{"id":"paper-71-background","kind":"definition","parent_id":"paper-71","order":3,"epistemic_status":"literature_grounded","title":"Timed security and the generation-solving gap","summary":"A time-lock puzzle should be efficient to generate using a trapdoor while requiring a substantially longer sequential computation to solve publicly. Unlike ordinary indefinite security, privacy intentionally expires after a chosen time.","source_anchor_ids":["anchor-paper-71-abstract","anchor-paper-71-inconsistency"]},{"id":"paper-71-critique","kind":"argument_group","parent_id":"paper-71","order":4,"epistemic_status":"author_argument","title":"Model-consistency critique","summary":"The central critique is that one cannot claim a super-polynomial generation-solving gap from algebraic structure while analyzing the solver's intermediate states as independent random labels without confronting the random-oracle impossibility result.","source_anchor_ids":["anchor-paper-71-inconsistency"]},{"id":"paper-71-impossibility","kind":"premise","parent_id":"paper-71-critique","order":1,"epistemic_status":"prior_result_invoked","title":"Random-oracle impossibility premise","summary":"The argument relies on prior work showing that random oracles alone, and repetitive computation whose next state is completely random given the previous state, cannot yield the desired super-polynomial time gap.","source_anchor_ids":["anchor-paper-71-abstract","anchor-paper-71-inconsistency"]},{"id":"paper-71-model-mixing","kind":"claim","parent_id":"paper-71-critique","order":2,"epistemic_status":"comparative_literature_claim","title":"Algebraic generation versus idealized solving","summary":"For the surveyed constructions that claim the large gap, generation is analyzed algebraically while solving is analyzed in a random-oracle, generic-group, or effectively equivalent model; the authors argue these two halves are not jointly consistent.","source_anchor_ids":["anchor-paper-71-table","anchor-paper-71-inconsistency"]},{"id":"paper-71-random-to-whom","kind":"diagnostic_question","parent_id":"paper-71-critique","order":3,"epistemic_status":"author_argument","title":"“Random” must be relative to a bounded observer","summary":"If intermediate states only look random to a bounded distinguisher, the proof must identify that observer and keep its allowed computation below the point at which the algebraic sequence becomes distinguishable or predictable.","source_anchor_ids":["anchor-paper-71-inconsistency","anchor-paper-71-bbs"]},{"id":"paper-71-bbs-example","kind":"analytical_example","parent_id":"paper-71-critique","order":4,"epistemic_status":"illustrative_not_general_proof","title":"Generalized BBS boundary example","summary":"The generalized BBS assumption illustrates that a next repeated-square value can look random to a sufficiently shallow algorithm while the guarantee degrades as computation approaches the puzzle's solving depth.","source_anchor_ids":["anchor-paper-71-bbs"]},{"id":"paper-71-simulator","kind":"argument_group","parent_id":"paper-71","order":5,"epistemic_status":"author_argument","title":"Meaningful simulation","summary":"In real-ideal security, a simulator should establish that an adversary can do no worse than an input-ignorant ideal process. For timed privacy, that comparison becomes uninformative if the simulator itself is allowed enough depth to solve the puzzle.","source_anchor_ids":["anchor-paper-71-simulation"]},{"id":"paper-71-budget","kind":"requirement","parent_id":"paper-71-simulator","order":1,"epistemic_status":"proposed_proof_obligation","title":"Bound the simulator explicitly","summary":"The simulator's computational class or depth must be stated and must respect the adversarial bound relevant to the privacy interval; arbitrary polynomial time is not automatically meaningful when puzzle solving is itself polynomial but intentionally slow.","source_anchor_ids":["anchor-paper-71-simulation"]},{"id":"paper-71-stepwise-pattern","kind":"method","parent_id":"paper-71-simulator","order":2,"epistemic_status":"recommended_pattern","title":"Step-by-step companion simulation","summary":"The paper recommends a natural design pattern in which the simulator advances with the adversary and uses ideal access only to provide each next response, keeping its computational progress comparable rather than jumping to the final puzzle solution.","source_anchor_ids":["anchor-paper-71-stepwise"]},{"id":"paper-71-clock-boundary","kind":"caution","parent_id":"paper-71-simulator","order":3,"epistemic_status":"case_study_argument","title":"Global clocks do not automatically tether computation","summary":"A global timekeeping functionality can synchronize protocol time without necessarily limiting how much local computation an untethered simulator performs between clock events; resource accounting must therefore be explicit.","source_anchor_ids":["anchor-paper-71-stepwise"]},{"id":"paper-71-composability","kind":"argument_group","parent_id":"paper-71","order":6,"epistemic_status":"comparative_literature_claim","title":"Specialized combination is not general MPC composition","summary":"The surveyed literature offers useful but narrower properties—homomorphic combination, concurrent non-malleability, or IND-CCA security—without yet supplying the general subroutine composition needed for timed primitives inside arbitrary MPC.","source_anchor_ids":["anchor-paper-71-composition"]},{"id":"paper-71-evidence","kind":"evidence_group","parent_id":"paper-71","order":7,"epistemic_status":"analytical_literature_review","title":"Evidence and argument structure","summary":"Support consists of a comparative table, close reading of model assumptions and simulation strategies, the prior impossibility theorem, and worked conceptual examples. The paper is not a new construction, empirical study, or complete impossibility proof for every future model.","source_anchor_ids":["anchor-paper-71-table","anchor-paper-71-inconsistency","anchor-paper-71-bbs","anchor-paper-71-composition"]},{"id":"paper-71-boundaries","kind":"limitation_group","parent_id":"paper-71","order":8,"epistemic_status":"material","title":"Boundaries of the position","summary":"Several conclusions are critical interpretations of how idealized and generic analyses interact with prior impossibility results. The authors invite the community to falsify or refine those interpretations and do not claim that all idealization is useless.","source_anchor_ids":["anchor-paper-71-inconsistency","anchor-paper-71-conclusion"]},{"id":"paper-71-boundary-constructive","kind":"limitation","parent_id":"paper-71-boundaries","order":1,"epistemic_status":"explicit_scope_boundary","title":"Diagnosis rather than final construction","summary":"The short paper identifies necessary proof obligations and a research direction; it does not itself deliver a fully general composable timed-MPC framework or protocol satisfying the requested foundations.","source_anchor_ids":["anchor-paper-71-abstract","anchor-paper-71-conclusion"]},{"id":"paper-71-boundary-prior","kind":"limitation","parent_id":"paper-71-boundaries","order":2,"epistemic_status":"explicit_qualification","title":"Existing work retains partial value","summary":"The paper recognizes that earlier idealized and specialized analyses provided insight and that some reviewed works state machine bounds consistently; its objection is to treating those partial guarantees as the final basis for general realizable composition.","source_anchor_ids":["anchor-paper-71-composition","anchor-paper-71-conclusion"]},{"id":"paper-71-agenda","kind":"lineage","parent_id":"paper-71","order":9,"epistemic_status":"proposed_research_agenda","title":"Moving-forward agenda","summary":"Establish timed-cryptography foundations that represent leakage during solving, bound adversaries, simulators, and distinguishers coherently, use falsifiable assumptions, and support general composition as a protocol subroutine.","source_anchor_ids":["anchor-paper-71-conclusion"]},{"id":"paper-71-scrutiny","kind":"scrutiny","parent_id":"paper-71","order":10,"epistemic_status":"venue_reviewed","title":"External scrutiny","summary":"The short paper appeared in the peer-reviewed CSCML proceedings and has a public archive copy. Review reports, rebuttal, a published technical response to the critique, or an independent formal audit are not represented here.","source_anchor_ids":["anchor-paper-71-publication"]}],"relations":[{"id":"paper-71-relation-answer-question","type":"addresses","from_id":"paper-71-answer","to_id":"paper-71-question"},{"id":"paper-71-relation-background-question","type":"contextualizes","from_id":"paper-71-background","to_id":"paper-71-question"},{"id":"paper-71-relation-impossibility-mixing","type":"supports","from_id":"paper-71-impossibility","to_id":"paper-71-model-mixing"},{"id":"paper-71-relation-random-mixing","type":"refines","from_id":"paper-71-random-to-whom","to_id":"paper-71-model-mixing"},{"id":"paper-71-relation-bbs-random","type":"illustrates","from_id":"paper-71-bbs-example","to_id":"paper-71-random-to-whom"},{"id":"paper-71-relation-budget-simulator","type":"constrains","from_id":"paper-71-budget","to_id":"paper-71-simulator"},{"id":"paper-71-relation-stepwise-budget","type":"operationalizes","from_id":"paper-71-stepwise-pattern","to_id":"paper-71-budget"},{"id":"paper-71-relation-clock-budget","type":"qualifies","from_id":"paper-71-clock-boundary","to_id":"paper-71-budget"},{"id":"paper-71-relation-critique-answer","type":"supports","from_id":"paper-71-critique","to_id":"paper-71-answer"},{"id":"paper-71-relation-simulator-answer","type":"supports","from_id":"paper-71-simulator","to_id":"paper-71-answer"},{"id":"paper-71-relation-composition-answer","type":"supports","from_id":"paper-71-composability","to_id":"paper-71-answer"},{"id":"paper-71-relation-boundary-answer","type":"qualifies","from_id":"paper-71-boundary-constructive","to_id":"paper-71-answer"},{"id":"paper-71-relation-agenda-question","type":"responds_to","from_id":"paper-71-agenda","to_id":"paper-71-question"}],"assessment":{"id":"paper-71-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The paper supplies a structured literature comparison, traces its critique to a prior impossibility result, and analyzes simulator and distinguisher bounds with a concrete BBS example. It is a position paper rather than a new construction, exhaustive meta-analysis, or formal impossibility theorem covering every future model.","basis_source_anchor_ids":["anchor-paper-71-table","anchor-paper-71-inconsistency","anchor-paper-71-bbs","anchor-paper-71-simulation"]},{"id":"auditability","level":"high","rationale":"The complete paper is publicly inspectable through the IACR archive, with precise section/page anchors and an official DOI record. This map does not yet record a stable local binary or hash, and no formalization or review reports were located.","basis_source_anchor_ids":["anchor-paper-71-abstract","anchor-paper-71-publication"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, affiliations, archive history, venue, pages, and DOI establish baseline human and lifecycle provenance. Contributor roles, revision history, tool use, and the relationship between the archive and final typeset version have not been fully audited.","basis_source_anchor_ids":["anchor-paper-71-abstract","anchor-paper-71-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"Publication in the CSCML proceedings establishes venue review, but reports, rebuttal, independent formal checking, published responses, and correction history are not represented.","basis_source_anchor_ids":["anchor-paper-71-publication"]},{"id":"reception","level":"low","rationale":"OpenAlex reported 0 citations for the published chapter on 2026-07-11. Under the author-defined corpus rule, 0 through 8 located citations is Low; this is an index-specific snapshot, not a claim that no citation exists elsewhere.","basis_source_anchor_ids":["anchor-paper-71-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The paper articulates concrete proof obligations and a coherent agenda for an underdeveloped foundation of timed cryptography. Its priority, acceptance by the broader community, and effect on subsequent models remain to be independently established.","basis_source_anchor_ids":["anchor-paper-71-abstract","anchor-paper-71-conclusion"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI lookup","citation_count":0,"source_url":"https://openalex.org/W4405464518","signals":[],"limitation":"OpenAlex reported no citing works for the Springer chapter, but index coverage, version merging with IACR ePrint 2024/1529, and very recent citations may be incomplete; zero means none located in this dated record."}},"paper_72":{"schema_version":"0.1","map_id":"paper-72-map","publication_id":72,"publication_anchor":"paper-72","slug":"paper-72","canonical_path":"/knowledge/papers/paper-72/","machine_path":"/knowledge/papers/paper-72.json","root_node_id":"paper-72","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":[],"title":"Challenges in Timed Cryptography: A Position Paper (Full Paper)","short_title":"Challenges in Timed Cryptography: A Position Paper (Full Paper)","year":2025,"venue":"Cryptography and Communications special issue","publication_status":"Full version · under review","topic":"secure-encrypted-computation","labels":["Theory","Perspective"],"authors":["Karim Eldefrawy","Ben Terner","Moti Yung"],"keywords":["timed cryptography","research agenda"],"research_question":"How should a full treatment of timed cryptography replace idealized time-lock analyses with realistic models of computation time, leakage, simulators, and composition?","central_answer":"The curated editorial summary cautiously states that the listed full version appears to expand the earlier position paper's critique, while also warning that no distinct public full-paper record was found.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"metadata synthesis, conservative claim mapping, and resource linking"}],"method":"AI drafting from the curated site metadata, editorial summary, and represented resource links; no full-text source audit was performed.","source_scope":"metadata_and_editorial_summary","approval":{"status":"pending","note":"AI-authored draft awaiting author review. The local summary is editorial, and all technical claims and ratings remain provisional until source audit."}},"sources":[{"id":"source-paper-72-curated","type":"curated_site_record","title":"Website publication record for Paper #72","url":"/publications/#paper-72","scope_note":"Local metadata and editorial summary; not a quotation from or substitute for the paper."},{"id":"source-paper-72-citation-search","type":"citation_search_snapshot","title":"Exact-title scholarly-web search for the distinct full-paper record","url":"https://www.google.com/search?q=%22Challenges+in+Timed+Cryptography%3A+A+Position+Paper+%28Full+Paper%29%22","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-72-curated","source_id":"source-paper-72-curated","label":"Curated metadata and editorial summary","locator":"Website publication record. The summary is editorial and has not been checked against full text.","url":"/publications/#paper-72"},{"id":"anchor-paper-72-citations","source_id":"source-paper-72-citation-search","label":"Dated exact-title citation search","locator":"Search located no distinct full-paper publication or citing work; results referred to the short paper or IACR ePrint version","url":"https://www.google.com/search?q=%22Challenges+in+Timed+Cryptography%3A+A+Position+Paper+%28Full+Paper%29%22"}],"nodes":[{"id":"paper-72","kind":"paper","parent_id":null,"order":1,"epistemic_status":"editorial_synthesis_pending_source_audit","title":"Challenges in Timed Cryptography: A Position Paper (Full Paper)","summary":"The listed full version appears to expand the position paper's critique of idealized time-lock analyses, unbounded simulators, and missing composition guarantees. No distinct public full-paper record was found, and the linked ePrint may instead correspond to the shorter published version.","source_anchor_ids":["anchor-paper-72-curated"]},{"id":"paper-72-question","kind":"question","parent_id":"paper-72","order":1,"epistemic_status":"editorial_synthesis_pending_source_audit","title":"Research question","summary":"How should a full treatment of timed cryptography replace idealized time-lock analyses with realistic models of computation time, leakage, simulators, and composition?","source_anchor_ids":["anchor-paper-72-curated"]},{"id":"paper-72-contribution","kind":"contribution","parent_id":"paper-72","order":2,"epistemic_status":"reported_not_independently_audited","title":"Proposed contribution","summary":"The curated editorial summary cautiously states that the listed full version appears to expand the earlier position paper's critique, while also warning that no distinct public full-paper record was found.","source_anchor_ids":["anchor-paper-72-curated"]},{"id":"paper-72-method","kind":"method","parent_id":"paper-72","order":3,"epistemic_status":"reported_not_independently_audited","title":"Method or construction","summary":"The represented method is an editorially inferred expansion of a position-paper analysis; no distinct manuscript is linked, so its actual definitions, arguments, and organization are unknown.","source_anchor_ids":["anchor-paper-72-curated"]},{"id":"paper-72-claims","kind":"claim_group","parent_id":"paper-72","order":4,"epistemic_status":"reported_not_independently_audited","title":"Principal reported claims","summary":"The only supported claim at this stage is bibliographic and provisional: a full version is listed as under review and is described as extending the critique of idealized timed-cryptography models.","source_anchor_ids":["anchor-paper-72-curated"]},{"id":"paper-72-evidence","kind":"evidence_group","parent_id":"paper-72","order":5,"epistemic_status":"reported_not_independently_audited","title":"Reported evidence","summary":"No distinct public full paper or resource is represented. The draft relies solely on the local metadata and editorial summary, which explicitly records uncertainty about the work's public identity.","source_anchor_ids":["anchor-paper-72-curated"]},{"id":"paper-72-scope","kind":"limitation_group","parent_id":"paper-72","order":6,"epistemic_status":"editorial_synthesis_pending_source_audit","title":"Scope and limitations","summary":"The manuscript identity, relationship to the published short paper, submission status, formal content, examples, results, and any previously linked ePrint correspondence all require author verification.","source_anchor_ids":["anchor-paper-72-curated"]},{"id":"paper-72-artifacts","kind":"artifact_group","parent_id":"paper-72","order":7,"epistemic_status":"editorial_synthesis_pending_source_audit","title":"Artifacts and resources","summary":"The resource data contains no official, archive, or author-hosted link for this item, so this draft cannot expose a manuscript or artifact audit path.","source_anchor_ids":["anchor-paper-72-curated"]},{"id":"paper-72-scrutiny","kind":"scrutiny","parent_id":"paper-72","order":8,"epistemic_status":"editorial_synthesis_pending_source_audit","title":"Scrutiny and status","summary":"The curated record gives the status Full version · under review. No completed external review outcome, public review report, independent reproduction, correction, or adversarial analysis is represented.","source_anchor_ids":["anchor-paper-72-curated"]}],"relations":[{"id":"paper-72-relation-question-contribution","type":"motivates","from_id":"paper-72-question","to_id":"paper-72-contribution"},{"id":"paper-72-relation-method-contribution","type":"realizes","from_id":"paper-72-method","to_id":"paper-72-contribution"},{"id":"paper-72-relation-contribution-claims","type":"grounds","from_id":"paper-72-contribution","to_id":"paper-72-claims"},{"id":"paper-72-relation-evidence-claims","type":"supports","from_id":"paper-72-evidence","to_id":"paper-72-claims"},{"id":"paper-72-relation-scope-claims","type":"qualifies","from_id":"paper-72-scope","to_id":"paper-72-claims"},{"id":"paper-72-relation-artifacts-evidence","type":"enables_audit_of","from_id":"paper-72-artifacts","to_id":"paper-72-evidence"},{"id":"paper-72-relation-scrutiny-claims","type":"contextualizes","from_id":"paper-72-scrutiny","to_id":"paper-72-claims"}],"assessment":{"id":"paper-72-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"low","rationale":"Only curated metadata and an editorial summary support this draft; no public manuscript is represented, so the proposed method, claims, and evidence have not been source-audited.","basis_source_anchor_ids":["anchor-paper-72-curated"]},{"id":"auditability","level":"low","rationale":"No paper-specific official publication record, public archive, or author-hosted copy is represented; full-text assumptions, evidence, artifacts, and version identity cannot presently be audited from this map. Auditability is therefore low.","basis_source_anchor_ids":["anchor-paper-72-curated"]},{"id":"production_provenance","level":"medium","rationale":"The record documents named authorship and the publication or review status of the paper, establishing a baseline human and lifecycle provenance trail. Contributor roles, revision and effort history, AI or tool use, artifact-version lineage, and explicit final approval have not yet been audited, so this provisional medium rating should not be read as complete production provenance.","basis_source_anchor_ids":["anchor-paper-72-curated"]},{"id":"external_scrutiny","level":"low","rationale":"The item is listed as under review or otherwise lacks a represented completed review outcome; no independent scrutiny evidence was audited.","basis_source_anchor_ids":["anchor-paper-72-curated"]},{"id":"reception","level":"low","rationale":"A dated exact-title search located no distinct full-paper record or citation; results referred to the short paper or ePrint instead. Under the author-defined corpus rule, 0 through 8 located citations is Low. This is not a claim that no private review or unindexed reference exists.","basis_source_anchor_ids":["anchor-paper-72-citations"]},{"id":"contribution_significance","level":"not_assessed","rationale":"Only a bibliographic listing and editorially inferred relationship to an earlier position paper are available; this full version's distinct contribution, novelty, priority, and impact cannot yet be assessed.","basis_source_anchor_ids":["anchor-paper-72-curated"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"Exact-title scholarly-web search for the distinct full-paper identity","citation_count":0,"source_url":"https://www.google.com/search?q=%22Challenges+in+Timed+Cryptography%3A+A+Position+Paper+%28Full+Paper%29%22","signals":[],"limitation":"No distinct public full-paper identity was located. Zero means no citation was verifiably attributable to this record, not that related short-paper or ePrint versions have no reception."}},"paper_73":{"schema_version":"0.1","map_id":"paper-73-map","publication_id":73,"publication_anchor":"paper-73","slug":"paper-73","canonical_path":"/knowledge/papers/paper-73/","machine_path":"/knowledge/papers/paper-73.json","root_node_id":"paper-73","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol","primitive"],"title":"Multi-Party Time-Lock Puzzles: Quorum-Controlled Delays Without a Single Point of Failure","short_title":"Multi-Party Time-Lock Puzzles: Quorum-Controlled Delays Without a Single Point of Failure","year":2025,"venue":"9th International Symposium on Cyber Security, Cryptology, and Machine Learning (CSCML)","publication_status":"Published","topic":"secure-encrypted-computation","labels":["Theory"],"authors":["Karim Eldefrawy","Sashidhar Jakkamsetti","Ben Terner","Moti Yung"],"keywords":["time-lock puzzles","threshold cryptography"],"research_question":"Can a quorum jointly generate and control a time-lock puzzle so that no single participant can reveal its secret early or become a single point of failure?","central_answer":"The curated editorial summary reports a multi-party time-lock-puzzle protocol with collective secret control and an application to multiparty computation whose output remains time locked.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"metadata synthesis, conservative claim mapping, and resource linking"}],"method":"Source-grounded audit of the complete publisher abstract and official proceedings metadata, supplemented by the related 2023/439 ePrint lineage record. No public copy of the CSCML chapter itself was located, so algorithms, thresholds, assumptions, and proofs remain unaudited.","source_scope":"official_abstract_and_metadata","approval":{"status":"pending","note":"AI-authored draft awaiting author review. The local summary is editorial, and all technical claims and ratings remain provisional until source audit."}},"sources":[{"id":"source-paper-73-curated","type":"curated_site_record","title":"Website publication record for Paper #73","url":"/publications/#paper-73","scope_note":"Local metadata and editorial summary; not a quotation from or substitute for the paper."},{"id":"source-paper-73-official-1","type":"official_publication_resource","title":"Publisher / DOI","url":"https://doi.org/10.1007/978-3-032-10759-6_5","scope_note":"Official chapter record and abstract; full chapter text was not publicly accessible in this audit."},{"id":"source-paper-73-related-eprint","type":"related_preprint","title":"Standard Model Time-Lock Puzzles: Defining Security and Constructing via Composition","url":"https://eprint.iacr.org/2023/439","scope_note":"Earlier work by the same four authors and the ePrint named in the older site listing. Its different title and abstract show that it is related lineage, not established here as the author manuscript of Paper #73."},{"id":"source-paper-73-openalex","type":"citation_index_snapshot","title":"OpenAlex record W4416558403","url":"https://openalex.org/W4416558403","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-73-curated","source_id":"source-paper-73-curated","label":"Curated metadata and editorial summary","locator":"Website publication record. The summary is editorial and has not been checked against full text.","url":"/publications/#paper-73"},{"id":"anchor-paper-73-official-1","source_id":"source-paper-73-official-1","label":"Publisher / DOI","locator":"Official abstract and proceedings pages 68-85.","url":"https://doi.org/10.1007/978-3-032-10759-6_5"},{"id":"anchor-paper-73-abstract","source_id":"source-paper-73-official-1","label":"Motivation, MTP contribution, quorum property, and TMPC application","locator":"Publisher abstract","url":"https://doi.org/10.1007/978-3-032-10759-6_5"},{"id":"anchor-paper-73-lineage","source_id":"source-paper-73-related-eprint","label":"Related standard-model timed-cryptography work by the same authors","locator":"ePrint 2023/439 title, abstract, authorship, and metadata","url":"https://eprint.iacr.org/2023/439"},{"id":"anchor-paper-73-citations","source_id":"source-paper-73-openalex","label":"Dated citation-count snapshot","locator":"OpenAlex reported 0 citing works when accessed 2026-07-11","url":"https://openalex.org/W4416558403"}],"nodes":[{"id":"paper-73","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published_abstract_audited","title":"Multi-Party Time-Lock Puzzles: Quorum-Controlled Delays Without a Single Point of Failure","summary":"This paper introduces time-lock puzzles whose secret is generated and controlled collectively, preventing any one participant from revealing it early. It gives a practical protocol and uses it to construct timed multiparty computation with a time-locked output.","source_anchor_ids":["anchor-paper-73-abstract"]},{"id":"paper-73-question","kind":"question","parent_id":"paper-73","order":1,"epistemic_status":"abstract_grounded_question","title":"Research question","summary":"Can a quorum jointly generate and control a time-lock puzzle so that no single participant can reveal its secret early or become a single point of failure?","source_anchor_ids":["anchor-paper-73-abstract"]},{"id":"paper-73-contribution","kind":"contribution","parent_id":"paper-73","order":2,"epistemic_status":"abstract_reported","title":"Proposed contribution","summary":"The curated editorial summary reports a multi-party time-lock-puzzle protocol with collective secret control and an application to multiparty computation whose output remains time locked.","source_anchor_ids":["anchor-paper-73-abstract"]},{"id":"paper-73-method","kind":"method","parent_id":"paper-73","order":3,"epistemic_status":"abstract_reported","title":"Method or construction","summary":"The described construction distributes puzzle generation and control across multiple parties, then uses the resulting delayed-release mechanism within a timed MPC application.","source_anchor_ids":["anchor-paper-73-abstract"]},{"id":"paper-73-claims","kind":"claim_group","parent_id":"paper-73","order":4,"epistemic_status":"abstract_reported","title":"Principal reported claims","summary":"The summary reports quorum-controlled delayed release without unilateral early disclosure and a construction of timed MPC with a time-locked output.","source_anchor_ids":["anchor-paper-73-abstract"]},{"id":"paper-73-evidence","kind":"evidence_group","parent_id":"paper-73","order":5,"epistemic_status":"abstract_level_evidence_only","title":"Reported evidence","summary":"A practical protocol and cryptographic application are reported, but algorithms, threat model, setup, proofs, timing assumptions, quorum thresholds, implementation, and measurements were not audited.","source_anchor_ids":["anchor-paper-73-abstract"]},{"id":"paper-73-scope","kind":"limitation_group","parent_id":"paper-73","order":6,"epistemic_status":"editorial_synthesis_pending_source_audit","title":"Scope and limitations","summary":"This draft has not checked collusion bounds, abort and availability behavior, sequentiality assumptions, clock or hardware assumptions, fairness, setup trust, recovery from failed parties, or concrete performance.","source_anchor_ids":["anchor-paper-73-curated"]},{"id":"paper-73-artifacts","kind":"artifact_group","parent_id":"paper-73","order":7,"epistemic_status":"editorial_synthesis_pending_source_audit","title":"Artifacts and resources","summary":"The resource data links 1 resource (1 official, 0 archive, 0 author-hosted). Their content, version identity, fixity, and correspondence to the summarized work were not audited.","source_anchor_ids":["anchor-paper-73-curated","anchor-paper-73-official-1"]},{"id":"paper-73-scrutiny","kind":"scrutiny","parent_id":"paper-73","order":8,"epistemic_status":"editorial_synthesis_pending_source_audit","title":"Scrutiny and status","summary":"The curated record lists this work in 9th International Symposium on Cyber Security, Cryptology, and Machine Learning (CSCML). That publication status supplies venue-level scrutiny, but no review reports, independent reproductions, corrections, or adversarial analyses were audited.","source_anchor_ids":["anchor-paper-73-official-1"]},{"id":"paper-73-motivation","kind":"threat_model","parent_id":"paper-73","order":9,"epistemic_status":"abstract_reported","title":"Malicious or compromised committer boundary","summary":"Classical time-lock puzzles let one committer know the secret and therefore assume that party will not selectively disclose it early. MTP distributes generation so premature recovery requires compromising a quorum rather than one party.","source_anchor_ids":["anchor-paper-73-abstract"]},{"id":"paper-73-primitive","kind":"primitive","parent_id":"paper-73","order":10,"epistemic_status":"abstract_reported_definition","title":"Multi-party time-lock puzzle","summary":"The abstract characterizes MTP as a new primitive with distributed puzzle generation and a threshold-controlled early-reconstruction condition. The exact interface, threshold, setup, and security experiment require full-text audit.","source_anchor_ids":["anchor-paper-73-abstract"]},{"id":"paper-73-application","kind":"protocol","parent_id":"paper-73","order":11,"epistemic_status":"abstract_reported_construction","title":"Timed multi-party computation","summary":"The paper reports using MTP to construct TMPC, modeled as multiparty computation with a single time-locked output. No stronger fairness, availability, or multiple-output claim is inferred from the abstract.","source_anchor_ids":["anchor-paper-73-abstract"]},{"id":"paper-73-lineage","kind":"lineage","parent_id":"paper-73","order":12,"epistemic_status":"bibliographic_relationship_not_version_equivalence","title":"Relation to ePrint 2023/439","summary":"The older site listing linked ePrint 2023/439 by the same authors. That record develops standard-model definitions and composition under a different title; this map treats it as related foundations, not as a verified full-text version of the MTP chapter.","source_anchor_ids":["anchor-paper-73-lineage"]}],"relations":[{"id":"paper-73-relation-question-contribution","type":"motivates","from_id":"paper-73-question","to_id":"paper-73-contribution"},{"id":"paper-73-relation-method-contribution","type":"realizes","from_id":"paper-73-method","to_id":"paper-73-contribution"},{"id":"paper-73-relation-contribution-claims","type":"grounds","from_id":"paper-73-contribution","to_id":"paper-73-claims"},{"id":"paper-73-relation-evidence-claims","type":"supports","from_id":"paper-73-evidence","to_id":"paper-73-claims"},{"id":"paper-73-relation-scope-claims","type":"qualifies","from_id":"paper-73-scope","to_id":"paper-73-claims"},{"id":"paper-73-relation-artifacts-evidence","type":"enables_audit_of","from_id":"paper-73-artifacts","to_id":"paper-73-evidence"},{"id":"paper-73-relation-scrutiny-claims","type":"contextualizes","from_id":"paper-73-scrutiny","to_id":"paper-73-claims"},{"id":"paper-73-relation-motivation-question","type":"motivates","from_id":"paper-73-motivation","to_id":"paper-73-question"},{"id":"paper-73-relation-primitive-contribution","type":"realizes","from_id":"paper-73-primitive","to_id":"paper-73-contribution"},{"id":"paper-73-relation-primitive-application","type":"enables","from_id":"paper-73-primitive","to_id":"paper-73-application"},{"id":"paper-73-relation-lineage-contribution","type":"contextualizes","from_id":"paper-73-lineage","to_id":"paper-73-contribution"}],"assessment":{"id":"paper-73-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The official abstract states a new primitive, practical protocol, quorum security goal, and TMPC application, and the official record fixes the publication identity. Full definitions, construction, assumptions, proofs, and any performance evidence were unavailable, so the rating does not exceed medium.","basis_source_anchor_ids":["anchor-paper-73-abstract","anchor-paper-73-official-1"]},{"id":"auditability","level":"medium","rationale":"The resource record provides only official publication metadata and no archive or author-hosted copy; full-text assumptions, evidence, and version identity are not readily auditable from this map. Auditability is therefore medium.","basis_source_anchor_ids":["anchor-paper-73-curated","anchor-paper-73-official-1"]},{"id":"production_provenance","level":"medium","rationale":"The record documents named authorship and the publication or review status of the paper, establishing a baseline human and lifecycle provenance trail. Contributor roles, revision and effort history, AI or tool use, artifact-version lineage, and explicit final approval have not yet been audited, so this provisional medium rating should not be read as complete production provenance.","basis_source_anchor_ids":["anchor-paper-73-curated"]},{"id":"external_scrutiny","level":"medium","rationale":"The curated record reports publication and links official metadata, providing evidence of venue-level external exposure. Review policy, review reports, independent replication, criticism, correction history, and adversarial analysis were not audited.","basis_source_anchor_ids":["anchor-paper-73-official-1"]},{"id":"reception","level":"low","rationale":"OpenAlex reported 0 citations for the published chapter on 2026-07-11. Under the author-defined corpus rule, 0 through 8 located citations is Low; this is an index-specific snapshot and does not merge citations to related ePrint 2023/439.","basis_source_anchor_ids":["anchor-paper-73-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The editorial summary describes a concrete research contribution, supporting a provisional medium rating; novelty, comparative baselines, and downstream importance were not independently audited.","basis_source_anchor_ids":["anchor-paper-73-curated"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex DOI lookup","citation_count":0,"source_url":"https://openalex.org/W4416558403","signals":[],"limitation":"The chapter is recent, and index coverage may lag. Zero means no citing works were present in this dated OpenAlex record; citations to the differently titled 2023/439 ePrint are not merged without a verified version relationship."}},"paper_74":{"schema_version":"0.1","map_id":"paper-74-map","publication_id":74,"publication_anchor":"paper-74","slug":"paper-74","canonical_path":"/knowledge/papers/paper-74/","machine_path":"/knowledge/papers/paper-74.json","root_node_id":"paper-74","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol","scheme"],"title":"Private Identity-Based Bulletin Boards for Anonymous Messaging and Other Online Services (Regular Academic Track Paper)","short_title":"Private Identity-Based Bulletin Boards","year":null,"venue":null,"publication_status":"Under review","topic":"privacy-identity","labels":["Theory","Applied","System","Implementation"],"availability":"An author-hosted manuscript PDF is available on this site; the work remains under review.","abstract_kind":"Full paper abstract","abstract_review_status":"extracted_from_checked_in_pdf","abstract_added_at":"2026-07-11","abstract_note":"Transcribed from the checked-in author manuscript; mathematical notation was normalized to plain Unicode, and only typography, discretionary hyphenation, and line-break artifacts were otherwise normalized. The source typo 'independet' is retained.","abstract_source_url":"/pubs/2026/private-identity-bulletin-boards-cscml2026.pdf#page=1","abstract":"Secure and anonymous messaging has many compelling use-cases and is becoming increasingly popular. In this paper, we consider it in the context of delay-and-disruption-prone networks, which are characterized by handicapped network access, disrupted operation, censorship, and intermittent network outages. With such settings in mind, we define and design a Private Identity-Based Bulletin Board (PIB³) scheme, which allows users to anonymously post and retrieve messages to and from a distributed database, and supports communication between users without pre-established setup or pre-exchanged keys. Anyone can encrypt a message for an identity and public epoch, such that only the party with the decryption key for that identity can identify, retrieve, and decrypt the message. Against one corrupted non-colluding PIB³ server, the server learns neither the recipient identity nor the retrieved record indices beyond the leakage explicitly modeled by the scheme: the public epoch, the database size, and the number of retrievals made by the receiver. If retrieval-count privacy is required, retrievals can be padded to a fixed bound. The multi-server construction extends this guarantee to larger server sets, and gives coalition privacy whenever the underlying multi-server PIR scheme is private against the corresponding coalition. Contributions of this work are: (1) formally defining functionality and security requirements for PIB³-s, (2) defining and constructing a Hierarchical Identity-Based Encryption (HIBE) scheme with searchable ciphertexts, which serves as a building block for the proposed PIB³ scheme and may be of independet interest, (3) designing an efficient PIB³ scheme that can be realized with n ≥ 2 servers based on the HIBE scheme with searchable ciphertexts combined with additional primitives, and (4) implementing a functional PIB³ prototype which demonstrates practicality of the entire concept and allows us to assess its performance empirically.","authors":["Karim Eldefrawy","Stanislaw Jarecki","Benjamin Terner","Gene Tsudik"],"keywords":["anonymous messaging","delay-and-disruption-prone networks","identity-based encryption","searchable HIBE","private information retrieval","metadata privacy","distributed bulletin boards"],"research_question":"Can users who know only one another's identities exchange messages asynchronously through disruption-prone networks while hiding both recipient identity and retrieved record indices from corrupted non-colluding bulletin-board servers?","central_answer":"PIB³ combines ciphertext-anonymous IBE for payloads, a new two-level searchable HIBE for identity-and-epoch discovery, token sharing across replicated non-colluding servers, and multi-server PIR for private retrieval. Its formal guarantees expose the public epoch, database size, and unpadded retrieval count, and its prototype reports practical—but linear-in-database-size—search and retrieval costs.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, proof-and-protocol mapping, and initial assessment"}],"method":"Source-grounded review of the complete 44-page checked-in author manuscript, including its definitions, construction, theorem statements and proof sketches, appendices, single-server attack, multi-server extension, prototype setup, and reported measurements. Formal claims are tied to their assumptions and leakage model; prototype measurements are kept separate from theorem evidence and are not treated as independent reproduction.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source map awaiting full author audit. Cryptographic interpretations, theorem boundaries, experimental readings, and ratings remain provisional until author approval."}},"sources":[{"id":"source-paper-74-author-pdf","type":"author_hosted_copy","title":"Private Identity-Based Bulletin Boards for Anonymous Messaging and Other Online Services","url":"/pubs/2026/private-identity-bulletin-boards-cscml2026.pdf","media_type":"application/pdf","sha256":"05579c33303df2bbbab58bcb627c8a7ee717fd22a2a802755e1199ab69f4a265","page_count":44,"provenance_category":"author"},{"id":"source-paper-74-curated","type":"curated_site_record","title":"Website publication record for Paper","url":"/publications/#paper-74","scope_note":"Author-supplied bibliographic status and local editorial record."},{"id":"source-paper-74-citation-search","type":"citation_search_snapshot","title":"Exact-title scholarly-web search","url":"https://www.google.com/search?q=%22Private+Identity-Based+Bulletin+Boards+for+Anonymous+Messaging+and+Other+Online+Services%22","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-74-abstract","source_id":"source-paper-74-author-pdf","label":"Problem, guarantees, four contributions, and prototype claim","locator":"Abstract and Section 1, PDF pages 1-5","url":"/pubs/2026/private-identity-bulletin-boards-cscml2026.pdf#page=1"},{"id":"anchor-paper-74-model","source_id":"source-paper-74-author-pdf","label":"System, network, adversary, anonymous-channel, and leakage model","locator":"Section 2.1, PDF page 5","url":"/pubs/2026/private-identity-bulletin-boards-cscml2026.pdf#page=5"},{"id":"anchor-paper-74-overview","source_id":"source-paper-74-author-pdf","label":"Record format, discovery mechanism, token sharing, and PIR retrieval","locator":"Section 2.2, PDF pages 5-7","url":"/pubs/2026/private-identity-bulletin-boards-cscml2026.pdf#page=5"},{"id":"anchor-paper-74-hibesc-definition","source_id":"source-paper-74-author-pdf","label":"Searchable-HIBE syntax, correctness, soundness, and fixed-epoch anonymity","locator":"Section 5, PDF pages 8-10","url":"/pubs/2026/private-identity-bulletin-boards-cscml2026.pdf#page=8"},{"id":"anchor-paper-74-hibesc-construction","source_id":"source-paper-74-author-pdf","label":"Two-level searchable-HIBE construction","locator":"Section 6, PDF pages 9-11","url":"/pubs/2026/private-identity-bulletin-boards-cscml2026.pdf#page=9"},{"id":"anchor-paper-74-pib-definition","source_id":"source-paper-74-author-pdf","label":"PIB³ syntax, correctness, and bulletin-board privacy experiment","locator":"Section 7 and Figure 4, PDF pages 11-13","url":"/pubs/2026/private-identity-bulletin-boards-cscml2026.pdf#page=11"},{"id":"anchor-paper-74-construction","source_id":"source-paper-74-author-pdf","label":"PIB record encoding and two-server query protocol","locator":"Section 8.1 and Figures 5-6, PDF pages 13-15","url":"/pubs/2026/private-identity-bulletin-boards-cscml2026.pdf#page=13"},{"id":"anchor-paper-74-security","source_id":"source-paper-74-author-pdf","label":"Main bulletin-board privacy theorem and hybrid proof sketch","locator":"Section 8.2, Theorem 1, PDF pages 14-15","url":"/pubs/2026/private-identity-bulletin-boards-cscml2026.pdf#page=14"},{"id":"anchor-paper-74-complexity","source_id":"source-paper-74-author-pdf","label":"Collision analysis, optimized communication, and round count","locator":"Appendix A and Section 8.2, PDF pages 15 and 18-19","url":"/pubs/2026/private-identity-bulletin-boards-cscml2026.pdf#page=18"},{"id":"anchor-paper-74-experiments","source_id":"source-paper-74-author-pdf","label":"Prototype setup, search and PIR measurements, latency, and omitted client benchmark","locator":"Appendix B, PDF pages 19-22","url":"/pubs/2026/private-identity-bulletin-boards-cscml2026.pdf#page=19"},{"id":"anchor-paper-74-single-server","source_id":"source-paper-74-author-pdf","label":"Single-server access-profile leakage and chosen-identity attack","locator":"Appendix F, PDF pages 29-30","url":"/pubs/2026/private-identity-bulletin-boards-cscml2026.pdf#page=29"},{"id":"anchor-paper-74-hibesc-proof","source_id":"source-paper-74-author-pdf","label":"Searchable-HIBE reductions and fixed-epoch anonymity proof","locator":"Appendix G, PDF pages 30-35","url":"/pubs/2026/private-identity-bulletin-boards-cscml2026.pdf#page=30"},{"id":"anchor-paper-74-pib-proof","source_id":"source-paper-74-author-pdf","label":"Full PIB privacy hybrid argument","locator":"Appendix H, PDF pages 35-42","url":"/pubs/2026/private-identity-bulletin-boards-cscml2026.pdf#page=35"},{"id":"anchor-paper-74-multiserver","source_id":"source-paper-74-author-pdf","label":"N-server protocol and conditional coalition-privacy theorem","locator":"Appendix I, Theorem 2, PDF pages 42-44","url":"/pubs/2026/private-identity-bulletin-boards-cscml2026.pdf#page=42"},{"id":"anchor-paper-74-status","source_id":"source-paper-74-curated","label":"Under-review status","locator":"Website publication record accessed 2026-07-11","url":"/publications/#paper-74"},{"id":"anchor-paper-74-citations","source_id":"source-paper-74-citation-search","label":"Dated exact-title citation search","locator":"No citing work was verifiably located when searched 2026-07-11","url":"https://www.google.com/search?q=%22Private+Identity-Based+Bulletin+Boards+for+Anonymous+Messaging+and+Other+Online+Services%22"}],"nodes":[{"id":"paper-74","kind":"paper","parent_id":null,"order":1,"epistemic_status":"under_review_manuscript","title":"Private Identity-Based Bulletin Boards","summary":"A theory-and-systems paper defining metadata-private identity-based bulletin boards, constructing the required searchable-encryption and retrieval protocols, proving privacy under explicit leakage and non-collusion assumptions, and evaluating a functional prototype.","source_anchor_ids":["anchor-paper-74-abstract"]},{"id":"paper-74-question","kind":"question","parent_id":"paper-74","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can parties who have never exchanged keys post and retrieve messages asynchronously through censored or intermittent networks without revealing recipient identities or requested database indices to the storage service?","source_anchor_ids":["anchor-paper-74-abstract"]},{"id":"paper-74-answer","kind":"contribution","parent_id":"paper-74","order":2,"epistemic_status":"source_asserted","title":"PIB³ construction","summary":"The answer combines anonymous IBE, two-level searchable HIBE, randomized token shares, and multi-server PIR so senders need only a receiver identity and public epoch while each allowed corrupted-server coalition sees only the stated leakage.","source_anchor_ids":["anchor-paper-74-overview","anchor-paper-74-construction","anchor-paper-74-multiserver"]},{"id":"paper-74-use-case","kind":"scope","parent_id":"paper-74","order":3,"epistemic_status":"explicitly_scoped","title":"Delay-and-disruption-prone communication","summary":"Clients may be offline at different times and face censorship, rate limits, shutdowns, or intermittent links; replicated bulletin-board servers provide temporary application-layer storage until connectivity returns.","source_anchor_ids":["anchor-paper-74-abstract","anchor-paper-74-model"]},{"id":"paper-74-model-clients","kind":"assumption","parent_id":"paper-74-use-case","order":1,"epistemic_status":"assumed","title":"Identity knowledge and public setup","summary":"Senders and receivers know pseudonyms for one another and possess a client with public IBE/HIBE parameters, but they need no pairwise pre-shared key or prior synchronous exchange.","source_anchor_ids":["anchor-paper-74-model"]},{"id":"paper-74-model-channel","kind":"assumption","parent_id":"paper-74-use-case","order":2,"epistemic_status":"assumed_external_service","title":"Anonymous client-server channels","summary":"Uploads and queries are assumed to travel through an anonymity network such as Tor; PIB³ does not itself hide the client's network address from a server observing an ordinary identified transport.","source_anchor_ids":["anchor-paper-74-model"]},{"id":"paper-74-model-adversary","kind":"threat_model","parent_id":"paper-74-use-case","order":3,"epistemic_status":"defined","title":"Network and bulletin-board adversary","summary":"A polynomial-time adversary may observe and disrupt links, corrupt a server, control malicious uploaders, adaptively insert records, and participate in retrieval as that server, but cannot violate the stated cryptographic assumptions.","source_anchor_ids":["anchor-paper-74-model"]},{"id":"paper-74-leakage","kind":"definition","parent_id":"paper-74-use-case","order":4,"epistemic_status":"explicitly_modeled","title":"Explicit leakage","summary":"Privacy exposes the public epoch, database size, and number of PIR retrievals. Padding to a fixed bound can hide retrieval count only if the application also specifies dummy retrievals and behavior when real matches exceed that bound.","source_anchor_ids":["anchor-paper-74-model","anchor-paper-74-security"]},{"id":"paper-74-hibesc","kind":"primitive","parent_id":"paper-74","order":4,"epistemic_status":"formally_defined_and_constructed","title":"HIBE with searchable ciphertexts","summary":"HIBESC extends two-level HIBE with CipherGen, Token, and Check. Anyone can create a searchable ciphertext for identity vector (id, epoch), but only the first-level identity-key holder can form the matching epoch token.","source_anchor_ids":["anchor-paper-74-hibesc-definition","anchor-paper-74-hibesc-construction"]},{"id":"paper-74-hibesc-properties","kind":"security_definition","parent_id":"paper-74-hibesc","order":1,"epistemic_status":"defined","title":"Correctness, soundness, and fixed-epoch anonymity","summary":"Correct matching tokens and ciphertexts must accept; mismatched identity or epoch should reject; and ciphertexts for different identities in the same public epoch should be computationally indistinguishable under the specified games.","source_anchor_ids":["anchor-paper-74-hibesc-definition"]},{"id":"paper-74-hibesc-proof","kind":"proof","parent_id":"paper-74-hibesc","order":2,"epistemic_status":"reduction_provided","title":"Searchable-HIBE reduction chain","summary":"The appendices establish an intermediate ciphertext-identity-indifferentiability property and reduce fixed-epoch anonymity to decisional bilinear Diffie-Hellman, with explicit random-oracle programming and abort probability accounting.","source_anchor_ids":["anchor-paper-74-hibesc-proof"]},{"id":"paper-74-record","kind":"scheme","parent_id":"paper-74","order":5,"epistemic_status":"specified","title":"Two-ciphertext bulletin-board record","summary":"Each record contains an anonymous-IBE payload ciphertext and a searchable-HIBE discovery ciphertext for (recipient identity, public epoch). The encrypted plaintext includes a hash of the discovery ciphertext to bind the two components.","source_anchor_ids":["anchor-paper-74-overview","anchor-paper-74-construction"]},{"id":"paper-74-query","kind":"protocol","parent_id":"paper-74","order":6,"epistemic_status":"specified","title":"Two-server private query","summary":"The receiver splits a search token between two replicated, non-colluding servers. Each partially evaluates Check for every record; the receiver combines replies into a matching index set and uses two-server PIR to fetch the corresponding IBE ciphertexts.","source_anchor_ids":["anchor-paper-74-overview","anchor-paper-74-construction"]},{"id":"paper-74-single-server-attack","kind":"attack","parent_id":"paper-74-query","order":1,"epistemic_status":"demonstrated_analytically","title":"Why one server is insufficient","summary":"A single server sees which records share a query token and can upload a probe ciphertext for a chosen identity and epoch, then test future tokens against it. Token sharing removes that direct Check oracle from any one allowed corrupted server.","source_anchor_ids":["anchor-paper-74-single-server"]},{"id":"paper-74-multiserver","kind":"protocol","parent_id":"paper-74","order":7,"epistemic_status":"specified","title":"N-server extension","summary":"The receiver distributes correlated token shares across N servers and combines all partial values before PIR. No server-to-server communication is needed during a query, but every server must hold identically ordered records.","source_anchor_ids":["anchor-paper-74-multiserver"]},{"id":"paper-74-claims","kind":"claim_group","parent_id":"paper-74","order":8,"epistemic_status":"formally_supported","title":"Main claims","summary":"The manuscript claims correctness and privacy for the concrete scheme under the component assumptions and leakage model, conditional coalition privacy for the extension, and practical feasibility for the measured prototype configurations.","source_anchor_ids":["anchor-paper-74-security","anchor-paper-74-multiserver","anchor-paper-74-experiments"]},{"id":"paper-74-claim-privacy","kind":"claim","parent_id":"paper-74-claims","order":1,"epistemic_status":"theorem_with_reduction","title":"Two-server bulletin-board privacy","summary":"Theorem 1 bounds a bulletin-board adversary by two PIR-privacy terms, two searchable-HIBE anonymity terms, two IBE-anonymity terms, and an IBE IND-CPA term, with active probing captured up to retrieval-count leakage.","source_anchor_ids":["anchor-paper-74-security","anchor-paper-74-pib-proof"]},{"id":"paper-74-claim-coalition","kind":"claim","parent_id":"paper-74-claims","order":2,"epistemic_status":"conditional_theorem","title":"Conditional coalition privacy","summary":"Theorem 2 extends privacy to a strict server coalition only when token shares are simulatable for that coalition and the chosen N-server PIR is private against the same coalition, with retrieval count available to its simulator.","source_anchor_ids":["anchor-paper-74-multiserver"]},{"id":"paper-74-claim-complexity","kind":"claim","parent_id":"paper-74-claims","order":3,"epistemic_status":"asymptotically_analyzed","title":"Optimized retrieval communication","summary":"Hash-compressed partial Check values and batched PIR yield four rounds and reported communication O((n + λ) log n + C + G), where n is record count, λ the security parameter, C record size, and G group-element size.","source_anchor_ids":["anchor-paper-74-complexity"]},{"id":"paper-74-evidence","kind":"evidence_group","parent_id":"paper-74","order":9,"epistemic_status":"formal_and_empirical","title":"Evidence","summary":"Support includes formal syntax and games, reductions for component and composed privacy, an explicit attack on the tempting one-server design, asymptotic analysis, and a prototype benchmark of the heavy server-side search and PIR operations.","source_anchor_ids":["anchor-paper-74-hibesc-proof","anchor-paper-74-pib-proof","anchor-paper-74-single-server","anchor-paper-74-experiments"]},{"id":"paper-74-evidence-setup","kind":"evidence","parent_id":"paper-74-evidence","order":1,"epistemic_status":"reported_experiment","title":"Prototype benchmark setup","summary":"The 128-bit-security prototype ran on an AWS c6a.8xlarge instance with 32 vCPUs. Most configurations were repeated ten times; the largest final PIR row was repeated twice, and reported variance was negligible but omitted.","source_anchor_ids":["anchor-paper-74-experiments"]},{"id":"paper-74-evidence-search","kind":"evidence","parent_id":"paper-74-evidence","order":2,"epistemic_status":"reported_measurement","title":"Linear full-database search","summary":"Server-side pairing search scaled from roughly 0.47-0.48 seconds at 1,000 ciphertexts to about 45 seconds at 100,000 ciphertexts on the test machine.","source_anchor_ids":["anchor-paper-74-experiments"]},{"id":"paper-74-evidence-pir","kind":"evidence","parent_id":"paper-74-evidence","order":3,"epistemic_status":"reported_measurement","title":"PIR and end-to-end server computation","summary":"For 100-kilobit payloads and 100,000 records, reported DPF evaluation is 35.597 seconds and total server computation is just over 80 seconds; smaller records or databases take seconds or fractions of seconds.","source_anchor_ids":["anchor-paper-74-experiments"]},{"id":"paper-74-boundaries","kind":"limitation_group","parent_id":"paper-74","order":10,"epistemic_status":"material","title":"Scope and limitations","summary":"Privacy is conditional on cryptographic assumptions, anonymous transport, synchronized replicated databases, the allowed non-colluding coalition, and explicit leakage. The prototype is not a deployed censorship-resistance study or independent reproduction.","source_anchor_ids":["anchor-paper-74-model","anchor-paper-74-security","anchor-paper-74-experiments","anchor-paper-74-multiserver"]},{"id":"paper-74-boundary-collusion","kind":"limitation","parent_id":"paper-74-boundaries","order":1,"epistemic_status":"theorem_boundary","title":"Non-collusion and PIR boundary","summary":"Two-server privacy excludes both servers colluding. The N-server claim covers only coalitions for which both token-share simulation and the underlying PIR privacy property hold.","source_anchor_ids":["anchor-paper-74-security","anchor-paper-74-multiserver"]},{"id":"paper-74-boundary-leakage","kind":"limitation","parent_id":"paper-74-boundaries","order":2,"epistemic_status":"explicit_leakage","title":"Epoch, size, and access-count leakage","summary":"The scheme does not hide public epoch, database size, or unpadded retrieval count. Padding shifts rather than eliminates costs and requires an overflow rule when a user has more than the fixed number of matches.","source_anchor_ids":["anchor-paper-74-model","anchor-paper-74-security"]},{"id":"paper-74-boundary-evaluation","kind":"limitation","parent_id":"paper-74-boundaries","order":3,"epistemic_status":"experimental_boundary","title":"Partial prototype evaluation","summary":"The benchmark covers computationally heavy server components, not the complete client path, WAN anonymity-network delay, censorship behavior, database synchronization, availability attacks, or a real multi-user deployment.","source_anchor_ids":["anchor-paper-74-experiments"]},{"id":"paper-74-artifacts","kind":"artifact_group","parent_id":"paper-74","order":11,"epistemic_status":"manuscript_available_code_pending","title":"Artifacts and reproducibility","summary":"The 44-page manuscript is checked in with a recorded hash. It states that implementation code will be open-sourced after publication; no repository, benchmark scripts, raw measurements, or environment image is currently linked.","source_anchor_ids":["anchor-paper-74-abstract","anchor-paper-74-experiments"]},{"id":"paper-74-scrutiny","kind":"scrutiny","parent_id":"paper-74","order":12,"epistemic_status":"under_review","title":"External scrutiny","summary":"The site records the manuscript as under review. No acceptance, public review report, rebuttal, independent cryptographic audit, reproduction, correction, or adversarial follow-up is represented.","source_anchor_ids":["anchor-paper-74-status"]}],"relations":[{"id":"paper-74-relation-answer-question","type":"addresses","from_id":"paper-74-answer","to_id":"paper-74-question"},{"id":"paper-74-relation-usecase-question","type":"motivates","from_id":"paper-74-use-case","to_id":"paper-74-question"},{"id":"paper-74-relation-hibesc-answer","type":"component_of","from_id":"paper-74-hibesc","to_id":"paper-74-answer"},{"id":"paper-74-relation-properties-hibesc","type":"specifies_security_of","from_id":"paper-74-hibesc-properties","to_id":"paper-74-hibesc"},{"id":"paper-74-relation-proof-properties","type":"supports","from_id":"paper-74-hibesc-proof","to_id":"paper-74-hibesc-properties"},{"id":"paper-74-relation-record-answer","type":"component_of","from_id":"paper-74-record","to_id":"paper-74-answer"},{"id":"paper-74-relation-query-answer","type":"component_of","from_id":"paper-74-query","to_id":"paper-74-answer"},{"id":"paper-74-relation-attack-query","type":"motivates","from_id":"paper-74-single-server-attack","to_id":"paper-74-query"},{"id":"paper-74-relation-multiserver-answer","type":"generalizes","from_id":"paper-74-multiserver","to_id":"paper-74-query"},{"id":"paper-74-relation-privacy-evidence","type":"supported_by","from_id":"paper-74-claim-privacy","to_id":"paper-74-evidence"},{"id":"paper-74-relation-coalition-multiserver","type":"characterizes","from_id":"paper-74-claim-coalition","to_id":"paper-74-multiserver"},{"id":"paper-74-relation-setup-results","type":"contextualizes","from_id":"paper-74-evidence-setup","to_id":"paper-74-evidence-search"},{"id":"paper-74-relation-search-feasibility","type":"supports","from_id":"paper-74-evidence-search","to_id":"paper-74-claims"},{"id":"paper-74-relation-pir-feasibility","type":"supports","from_id":"paper-74-evidence-pir","to_id":"paper-74-claims"},{"id":"paper-74-relation-collusion-coalition","type":"limits","from_id":"paper-74-boundary-collusion","to_id":"paper-74-claim-coalition"},{"id":"paper-74-relation-leakage-privacy","type":"qualifies","from_id":"paper-74-boundary-leakage","to_id":"paper-74-claim-privacy"},{"id":"paper-74-relation-evaluation-results","type":"limits","from_id":"paper-74-boundary-evaluation","to_id":"paper-74-evidence-pir"}],"assessment":{"id":"paper-74-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The full manuscript defines the primitive and leakage model, gives concrete constructions, states and proves component and composed privacy results, exhibits a motivating attack, analyzes asymptotic cost, and reports repeated prototype measurements. The work is under review, code and raw data are not yet linked, and no independent proof audit or reproduction was located.","basis_source_anchor_ids":["anchor-paper-74-hibesc-definition","anchor-paper-74-security","anchor-paper-74-pib-proof","anchor-paper-74-experiments"]},{"id":"auditability","level":"high","rationale":"A complete checked-in author manuscript with recorded SHA-256 and page count, precise source anchors, full definitions and proofs, and detailed experiment tables makes the represented claims directly inspectable. Code, scripts, and raw measurements remain unavailable.","basis_source_anchor_ids":["anchor-paper-74-abstract","anchor-paper-74-security","anchor-paper-74-experiments"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, affiliations, checked-in manuscript identity, and under-review lifecycle status establish baseline provenance. Contributor roles, revision history, tool use, code-version lineage, and final publication approval are not documented.","basis_source_anchor_ids":["anchor-paper-74-abstract","anchor-paper-74-status"]},{"id":"external_scrutiny","level":"low","rationale":"The manuscript is under review and no completed independent review outcome is represented. Public review reports, rebuttal, cryptographic audit, reproduction, and correction history were not located.","basis_source_anchor_ids":["anchor-paper-74-status"]},{"id":"reception","level":"low","rationale":"A dated exact-title scholarly-web search located 0 citations for this under-review manuscript. Under the author-defined corpus rule, 0 through 8 located citations is Low; this may change after stable publication and indexing.","basis_source_anchor_ids":["anchor-paper-74-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The work combines a new identity-discovery primitive, a formally analyzed distributed bulletin-board construction, a single-server impossibility-motivating attack, and a functioning prototype for a difficult communication setting. Priority, adoption, peer-review outcome, and broader field impact remain unverified.","basis_source_anchor_ids":["anchor-paper-74-abstract","anchor-paper-74-single-server","anchor-paper-74-experiments"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"Exact-title scholarly-web search","citation_count":0,"source_url":"https://www.google.com/search?q=%22Private+Identity-Based+Bulletin+Boards+for+Anonymous+Messaging+and+Other+Online+Services%22","signals":[],"limitation":"The paper is under review and may not yet have a stable public scholarly identity; zero means no verifiable citation was located in this dated search, not that future or unindexed citations are impossible."}},"paper_75":{"schema_version":"0.1","map_id":"paper-75-map","publication_id":75,"publication_anchor":"paper-75","slug":"paper-75","canonical_path":"/knowledge/papers/paper-75/","machine_path":"/knowledge/papers/paper-75.json","root_node_id":"paper-75","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":[],"title":"Decomposable MPC with Security Against Malicious Adversaries","short_title":"Decomposable MPC with Security Against Malicious Adversaries","year":null,"venue":null,"publication_status":"Under review","topic":"secure-encrypted-computation","labels":["Theory"],"availability":"Public manuscript not found; this work is listed as under review.","authors":["Kelong Cong","Karim Eldefrawy","Ben Terner","Titouan Tanguy"],"keywords":["secure multiparty computation","malicious security"],"research_question":"Can secure multiparty computation be decomposed into separately handled components while retaining a meaningful security guarantee against malicious parties?","central_answer":"The title identifies this as the intended research direction, but no public manuscript was located. The map therefore does not assert a decomposition definition, construction, malicious-security theorem, composition rule, or efficiency result.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"metadata verification, bounded concept mapping, public-source searching, and uncertainty documentation"}],"method":"AI drafting from the curated author-site record followed by exact-title, author-title, archive, index, and coauthor-profile searches. No public manuscript or stable scholarly record was located, so technical content is deliberately limited to what the title and status establish.","source_scope":"metadata_and_documented_public_source_search","approval":{"status":"pending","note":"AI-authored bounded map awaiting full author audit; no manuscript-level technical claim is treated as established."}},"sources":[{"id":"source-paper-75-curated","type":"curated_site_record","title":"Website publication record for Paper #75","url":"/publications/#paper-75","scope_note":"Author-site title, authorship, and under-review status plus an editorial summary; not a manuscript or technical source."},{"id":"source-paper-75-manuscript-search","type":"source_search_record","title":"Public-manuscript search for Paper #75","url":"https://www.google.com/search?q=%22Decomposable+MPC+with+Security+Against+Malicious+Adversaries%22","accessed_at":"2026-07-11","scope_note":"Exact-title and author-title variants were checked across the open web, IACR ePrint, arXiv, DBLP, Crossref, OpenAlex, and discoverable author or coauthor pages. No paper-specific public manuscript, abstract, DOI, ePrint identifier, or stable index record was located."},{"id":"source-paper-75-citation-search","type":"citation_search_snapshot","title":"Exact-title scholarly-web citation search","url":"https://www.google.com/search?q=%22Decomposable+MPC+with+Security+Against+Malicious+Adversaries%22","accessed_at":"2026-07-11","scope_note":"No citing scholarly work attributable to this exact paper identity was located."}],"source_anchors":[{"id":"anchor-paper-75-metadata","source_id":"source-paper-75-curated","label":"Author-site metadata","locator":"Paper #75 title, named authors, topic labels, and Under review status","url":"/publications/#paper-75"},{"id":"anchor-paper-75-search-gap","source_id":"source-paper-75-manuscript-search","label":"Documented full-text search gap","locator":"Search completed 2026-07-11 across exact-title and author-title web queries, IACR ePrint, arXiv, DBLP, Crossref, OpenAlex, and discoverable author/coauthor pages; no primary full text or stable paper record found","url":"https://www.google.com/search?q=%22Decomposable+MPC+with+Security+Against+Malicious+Adversaries%22"},{"id":"anchor-paper-75-citations","source_id":"source-paper-75-citation-search","label":"Dated exact-title citation search","locator":"No citing scholarly work verifiably located when searched 2026-07-11","url":"https://www.google.com/search?q=%22Decomposable+MPC+with+Security+Against+Malicious+Adversaries%22"}],"nodes":[{"id":"paper-75","kind":"paper","parent_id":null,"order":1,"epistemic_status":"metadata_only_pending_author_audit","title":"Decomposable MPC with Security Against Malicious Adversaries","summary":"An under-review theory paper whose public title joins two technical commitments—decomposability and malicious security—but for which no public manuscript or abstract was located.","source_anchor_ids":["anchor-paper-75-metadata","anchor-paper-75-search-gap"]},{"id":"paper-75-question","kind":"question","parent_id":"paper-75","order":1,"epistemic_status":"title_inferred","title":"Research direction","summary":"The title motivates asking whether an MPC execution or functionality can be divided into components without losing security when corrupted parties may deviate arbitrarily.","source_anchor_ids":["anchor-paper-75-metadata"]},{"id":"paper-75-decomposable","kind":"concept","parent_id":"paper-75","order":2,"epistemic_status":"term_present_definition_unavailable","title":"Decomposable MPC","summary":"“Decomposable” is part of the title, but the available sources do not define what is decomposed: functionality, protocol phases, parties, state, preprocessing and online work, or some other object.","source_anchor_ids":["anchor-paper-75-metadata","anchor-paper-75-search-gap"]},{"id":"paper-75-malicious","kind":"threat_model","parent_id":"paper-75","order":3,"epistemic_status":"term_present_model_unavailable","title":"Malicious-adversary target","summary":"The title explicitly targets malicious adversaries. Corruption timing, threshold, adaptivity, setup, network model, fairness, abort, robustness, and composability framework are not publicly specified.","source_anchor_ids":["anchor-paper-75-metadata","anchor-paper-75-search-gap"]},{"id":"paper-75-construction","kind":"construction","parent_id":"paper-75","order":4,"epistemic_status":"not_available_for_audit","title":"Construction not publicly auditable","summary":"No protocol, compiler, sharing method, decomposition interface, simulator, or ideal functionality can be extracted from the located sources.","source_anchor_ids":["anchor-paper-75-search-gap"]},{"id":"paper-75-theorem","kind":"theorem_group","parent_id":"paper-75","order":5,"epistemic_status":"not_available_for_audit","title":"Security theorem not publicly auditable","summary":"The sources do not establish that a construction exists or state its assumptions, quantifiers, security loss, failure probability, round complexity, or communication and computation costs.","source_anchor_ids":["anchor-paper-75-search-gap"]},{"id":"paper-75-evidence","kind":"evidence_group","parent_id":"paper-75","order":6,"epistemic_status":"no_public_evidence_located","title":"Evidence status","summary":"No proof, formalization, implementation, benchmark, experiment, or linked artifact was located. Under-review status is process metadata, not evidence for the technical result.","source_anchor_ids":["anchor-paper-75-metadata","anchor-paper-75-search-gap"]},{"id":"paper-75-unknowns","kind":"limitation_group","parent_id":"paper-75","order":7,"epistemic_status":"explicit_unknowns","title":"Information needed for a substantive map","summary":"A manuscript audit must recover the decomposition object and interface, security definition, adversary and setup, construction, proof architecture, composition claim, efficiency bounds, comparison baseline, and any artifact lineage.","source_anchor_ids":["anchor-paper-75-search-gap"]},{"id":"paper-75-search","kind":"audit_record","parent_id":"paper-75","order":8,"epistemic_status":"documented_search","title":"Public-source search","summary":"The audit checked exact-title and author-title variants across general search, major cryptography and preprint archives, bibliographic indexes, and discoverable author/coauthor pages without locating a public technical source.","source_anchor_ids":["anchor-paper-75-search-gap"]},{"id":"paper-75-artifacts","kind":"artifact_group","parent_id":"paper-75","order":9,"epistemic_status":"metadata_only","title":"Available artifacts","summary":"Only the author-site bibliographic listing is represented; no manuscript or supplementary artifact is linked.","source_anchor_ids":["anchor-paper-75-metadata","anchor-paper-75-search-gap"]},{"id":"paper-75-scrutiny","kind":"scrutiny","parent_id":"paper-75","order":10,"epistemic_status":"review_outcome_unavailable","title":"Scrutiny and reception","summary":"The item is listed as under review, but no acceptance, venue identity, public review, reproduction, correction, or citation was located.","source_anchor_ids":["anchor-paper-75-metadata","anchor-paper-75-citations"]}],"relations":[{"id":"paper-75-relation-question-decomposable","type":"frames","from_id":"paper-75-question","to_id":"paper-75-decomposable"},{"id":"paper-75-relation-malicious-qualifies-question","type":"qualifies","from_id":"paper-75-malicious","to_id":"paper-75-question"},{"id":"paper-75-relation-construction-would-answer-question","type":"would_answer","from_id":"paper-75-construction","to_id":"paper-75-question"},{"id":"paper-75-relation-theorem-would-support-construction","type":"would_support","from_id":"paper-75-theorem","to_id":"paper-75-construction"},{"id":"paper-75-relation-search-limits-construction","type":"limits_audit_of","from_id":"paper-75-search","to_id":"paper-75-construction"},{"id":"paper-75-relation-unknowns-qualify-paper","type":"qualifies","from_id":"paper-75-unknowns","to_id":"paper-75"},{"id":"paper-75-relation-artifacts-limit-evidence","type":"limits_audit_of","from_id":"paper-75-artifacts","to_id":"paper-75-evidence"},{"id":"paper-75-relation-scrutiny-contextualizes-paper","type":"contextualizes","from_id":"paper-75-scrutiny","to_id":"paper-75"}],"assessment":{"id":"paper-75-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"low","rationale":"Only author-site metadata supports the map; no manuscript, abstract, theorem, proof, or artifact was located.","basis_source_anchor_ids":["anchor-paper-75-metadata","anchor-paper-75-search-gap"]},{"id":"auditability","level":"low","rationale":"No paper-specific official publication record, public archive, or author-hosted copy was located; assumptions, evidence, and version identity cannot be audited from this map.","basis_source_anchor_ids":["anchor-paper-75-search-gap"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship and under-review status provide baseline human and lifecycle provenance. Contributor roles, revision history, AI or tool use, artifact lineage, and final author approval remain unaudited.","basis_source_anchor_ids":["anchor-paper-75-metadata"]},{"id":"external_scrutiny","level":"low","rationale":"Under-review status records a pending process; no completed review outcome or independent technical scrutiny was located.","basis_source_anchor_ids":["anchor-paper-75-metadata","anchor-paper-75-search-gap"]},{"id":"reception","level":"low","rationale":"The dated exact-title search located 0 citations. Under the author-defined rule, 0–8 located citations is Low, 9–10 is Medium, and 11 or more is High.","basis_source_anchor_ids":["anchor-paper-75-citations"]},{"id":"contribution_significance","level":"not_assessed","rationale":"The title identifies a potentially substantive objective, but novelty, result strength, and impact cannot be assessed without a technical source.","basis_source_anchor_ids":["anchor-paper-75-metadata","anchor-paper-75-search-gap"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"Exact-title scholarly-web search","citation_count":0,"source_url":"https://www.google.com/search?q=%22Decomposable+MPC+with+Security+Against+Malicious+Adversaries%22","signals":[],"limitation":"No public manuscript or stable index record was located. Zero means no verifiable citation was attributable to this exact work in the dated search, not that no private or future reference exists."}},"paper_76":{"schema_version":"0.1","map_id":"paper-76-map","publication_id":76,"publication_anchor":"paper-76","slug":"paper-76","canonical_path":"/knowledge/papers/paper-76/","machine_path":"/knowledge/papers/paper-76.json","root_node_id":"paper-76","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"PRISM: PRivacy-Preserving Intrusion-Resilient Secure Multiparty-Computation-Based Messaging Overlay","short_title":"PRISM Messaging Overlay","year":null,"venue":null,"publication_status":"Ongoing work","topic":"privacy-identity","labels":["Applied"],"availability":"Public manuscript not found; this work is listed as ongoing.","authors":["Linda Briesemeister","Karim Eldefrawy","Bob Haley","Tim McCarthy","Ben Terner"],"keywords":["anonymous messaging","intrusion resilience","MPC"],"research_question":"Can a messaging overlay combine privacy-preserving secure multiparty computation with continued operation or recovery despite compromised infrastructure?","central_answer":"The title and project record establish that PRISM targets privacy-preserving, intrusion-resilient messaging using MPC. No public manuscript was located, so the overlay architecture, protocol messages, anonymity and resilience definitions, compromise threshold, proof, implementation, and evaluation remain unverified.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"metadata verification, project-provenance mapping, public-source searching, and uncertainty documentation"}],"method":"AI drafting from the author-site paper and project records followed by exact-title, author-title, archive, index, project, and coauthor-profile searches. Project provenance is separated from paper evidence; no public manuscript or stable paper-specific scholarly record was located.","source_scope":"metadata_project_provenance_and_documented_public_source_search","approval":{"status":"pending","note":"AI-authored bounded map awaiting full author audit; project descriptions are not treated as manuscript evidence."}},"sources":[{"id":"source-paper-76-curated","type":"curated_site_record","title":"Website publication record for Paper #76","url":"/publications/#paper-76","scope_note":"Author-site title, authorship, ongoing-work status, and editorial summary; not a manuscript or source for protocol details."},{"id":"source-paper-76-project","type":"project_provenance_record","title":"Author-site PRISM project listing","url":"/projects.html","scope_note":"Records Karim Eldefrawy's 2019–2023 role as PI of PRISM and identifies DARPA RACE funding. It establishes project lineage only, not this paper's technical claims, authorship roles, review status, or results."},{"id":"source-paper-76-manuscript-search","type":"source_search_record","title":"Public-manuscript search for Paper #76","url":"https://www.google.com/search?q=%22PRISM%3A+PRivacy-Preserving+Intrusion-Resilient+Secure+Multiparty-Computation-Based+Messaging+Overlay%22","accessed_at":"2026-07-11","scope_note":"Exact-title and author-title variants were checked across the open web, arXiv, IACR ePrint, DBLP, Crossref, OpenAlex, DARPA/project pages, and discoverable author or coauthor pages. Project mentions were found, but no paper-specific public manuscript, abstract, DOI, archive identifier, or stable index record was located."},{"id":"source-paper-76-citation-search","type":"citation_search_snapshot","title":"Exact-title scholarly-web citation search","url":"https://www.google.com/search?q=%22PRISM%3A+PRivacy-Preserving+Intrusion-Resilient+Secure+Multiparty-Computation-Based+Messaging+Overlay%22","accessed_at":"2026-07-11","scope_note":"Project and award descriptions were excluded because they do not cite a paper with this identity."}],"source_anchors":[{"id":"anchor-paper-76-metadata","source_id":"source-paper-76-curated","label":"Author-site paper metadata","locator":"Paper #76 title, named authors, protocol tag, topic, and Ongoing work status","url":"/publications/#paper-76"},{"id":"anchor-paper-76-project","source_id":"source-paper-76-project","label":"PRISM project provenance","locator":"Projects listing: 2019–2023 PI of PRISM, funded by DARPA RACE","url":"/projects.html"},{"id":"anchor-paper-76-search-gap","source_id":"source-paper-76-manuscript-search","label":"Documented full-text search gap","locator":"Search completed 2026-07-11 across exact-title and author-title web queries, arXiv, IACR ePrint, DBLP, Crossref, OpenAlex, project pages, and discoverable author/coauthor pages; project provenance found but no primary paper text or stable record","url":"https://www.google.com/search?q=%22PRISM%3A+PRivacy-Preserving+Intrusion-Resilient+Secure+Multiparty-Computation-Based+Messaging+Overlay%22"},{"id":"anchor-paper-76-citations","source_id":"source-paper-76-citation-search","label":"Dated exact-title citation search","locator":"No citation to a manuscript with this exact identity verifiably located when searched 2026-07-11","url":"https://www.google.com/search?q=%22PRISM%3A+PRivacy-Preserving+Intrusion-Resilient+Secure+Multiparty-Computation-Based+Messaging+Overlay%22"}],"nodes":[{"id":"paper-76","kind":"paper","parent_id":null,"order":1,"epistemic_status":"metadata_only_pending_author_audit","title":"PRISM messaging overlay","summary":"An ongoing applied-protocol effort whose title combines privacy-preserving messaging, intrusion resilience, and secure multiparty computation. Public project provenance exists, but no paper manuscript was located.","source_anchor_ids":["anchor-paper-76-metadata","anchor-paper-76-project","anchor-paper-76-search-gap"]},{"id":"paper-76-question","kind":"question","parent_id":"paper-76","order":1,"epistemic_status":"title_inferred","title":"Research direction","summary":"Can a messaging overlay hide sensitive communication relationships or content while continuing to provide useful service despite compromised components?","source_anchor_ids":["anchor-paper-76-metadata"]},{"id":"paper-76-objective-privacy","kind":"objective","parent_id":"paper-76","order":2,"epistemic_status":"term_present_definition_unavailable","title":"Privacy-preserving messaging","summary":"Privacy is an explicit design objective in the title. The protected objects—sender, receiver, relationship, message content, membership, metadata, or traffic patterns—and the anonymity game are not stated in the located sources.","source_anchor_ids":["anchor-paper-76-metadata","anchor-paper-76-search-gap"]},{"id":"paper-76-objective-resilience","kind":"objective","parent_id":"paper-76","order":3,"epistemic_status":"term_present_definition_unavailable","title":"Intrusion resilience","summary":"Intrusion resilience is explicit in the title, but compromise thresholds, proactive recovery, state refresh, availability target, detection assumptions, and recovery semantics are unavailable.","source_anchor_ids":["anchor-paper-76-metadata","anchor-paper-76-search-gap"]},{"id":"paper-76-mpc","kind":"method","parent_id":"paper-76","order":4,"epistemic_status":"method_named_details_unavailable","title":"MPC-based design","summary":"Secure multiparty computation is named as a design basis. The computed functionality, participating roles, corruption model, setup, chosen MPC protocol, and online costs are not publicly specified.","source_anchor_ids":["anchor-paper-76-metadata","anchor-paper-76-search-gap"]},{"id":"paper-76-protocol","kind":"protocol","parent_id":"paper-76","order":5,"epistemic_status":"classified_but_not_publicly_specified","title":"Messaging-overlay protocol","summary":"The curated taxonomy classifies the work as a protocol, while the title identifies a messaging overlay. No roles, message flow, state machine, cryptographic subprotocols, or failure handling can be extracted without the manuscript.","source_anchor_ids":["anchor-paper-76-metadata","anchor-paper-76-search-gap"]},{"id":"paper-76-project-lineage","kind":"provenance","parent_id":"paper-76","order":6,"epistemic_status":"documented_project_context","title":"DARPA RACE project lineage","summary":"The author-site projects page records PRISM as a 2019–2023 DARPA RACE effort led by Karim Eldefrawy. This connects the work to a funded research program but does not validate paper-level claims.","source_anchor_ids":["anchor-paper-76-project"]},{"id":"paper-76-security","kind":"security_argument","parent_id":"paper-76","order":7,"epistemic_status":"not_available_for_audit","title":"Security argument unavailable","summary":"No formal privacy or resilience definition, theorem, reduction, assumption set, failure probability, or composition guarantee was located.","source_anchor_ids":["anchor-paper-76-search-gap"]},{"id":"paper-76-evidence","kind":"evidence_group","parent_id":"paper-76","order":8,"epistemic_status":"no_public_evidence_located","title":"Evidence status","summary":"No implementation, deployment, experiment, simulation, proof, architecture specification, or supplementary artifact attributable to this paper was located.","source_anchor_ids":["anchor-paper-76-search-gap"]},{"id":"paper-76-boundaries","kind":"limitation_group","parent_id":"paper-76","order":9,"epistemic_status":"explicit_unknowns","title":"Unresolved technical boundaries","summary":"A substantive audit requires the system and trust boundaries, messaging and MPC roles, attacker visibility, compromise threshold, recovery mechanism, anonymity and availability definitions, network assumptions, performance model, and evaluation evidence.","source_anchor_ids":["anchor-paper-76-search-gap"]},{"id":"paper-76-search","kind":"audit_record","parent_id":"paper-76","order":10,"epistemic_status":"documented_search","title":"Public-source search","summary":"The audit found project-level provenance but no manuscript after exact-title, author-title, archive, index, project, and public-profile searches; project mentions were not promoted into technical claims.","source_anchor_ids":["anchor-paper-76-project","anchor-paper-76-search-gap"]},{"id":"paper-76-artifacts","kind":"artifact_group","parent_id":"paper-76","order":11,"epistemic_status":"metadata_and_project_record_only","title":"Available artifacts","summary":"The represented resources are the author-site paper listing and project listing; neither is a manuscript, protocol specification, or implementation.","source_anchor_ids":["anchor-paper-76-metadata","anchor-paper-76-project"]},{"id":"paper-76-scrutiny","kind":"scrutiny","parent_id":"paper-76","order":12,"epistemic_status":"no_completed_paper_scrutiny_located","title":"Scrutiny and reception","summary":"The work is listed as ongoing. Program sponsorship is not peer review, and no completed venue review, independent audit, reproduction, correction, or paper citation was located.","source_anchor_ids":["anchor-paper-76-project","anchor-paper-76-citations"]}],"relations":[{"id":"paper-76-relation-question-privacy","type":"motivates","from_id":"paper-76-question","to_id":"paper-76-objective-privacy"},{"id":"paper-76-relation-question-resilience","type":"motivates","from_id":"paper-76-question","to_id":"paper-76-objective-resilience"},{"id":"paper-76-relation-mpc-would-realize-protocol","type":"would_help_realize","from_id":"paper-76-mpc","to_id":"paper-76-protocol"},{"id":"paper-76-relation-protocol-targets-privacy","type":"targets","from_id":"paper-76-protocol","to_id":"paper-76-objective-privacy"},{"id":"paper-76-relation-protocol-targets-resilience","type":"targets","from_id":"paper-76-protocol","to_id":"paper-76-objective-resilience"},{"id":"paper-76-relation-project-contextualizes-paper","type":"contextualizes","from_id":"paper-76-project-lineage","to_id":"paper-76"},{"id":"paper-76-relation-security-would-support-protocol","type":"would_support","from_id":"paper-76-security","to_id":"paper-76-protocol"},{"id":"paper-76-relation-boundaries-qualify-paper","type":"qualifies","from_id":"paper-76-boundaries","to_id":"paper-76"},{"id":"paper-76-relation-search-limits-evidence","type":"limits_audit_of","from_id":"paper-76-search","to_id":"paper-76-evidence"},{"id":"paper-76-relation-artifacts-limit-protocol","type":"limits_audit_of","from_id":"paper-76-artifacts","to_id":"paper-76-protocol"},{"id":"paper-76-relation-scrutiny-contextualizes-paper","type":"contextualizes","from_id":"paper-76-scrutiny","to_id":"paper-76"}],"assessment":{"id":"paper-76-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"low","rationale":"The title and project record establish objectives and lineage, but no manuscript, security definition, proof, protocol specification, implementation, or evaluation was located.","basis_source_anchor_ids":["anchor-paper-76-metadata","anchor-paper-76-project","anchor-paper-76-search-gap"]},{"id":"auditability","level":"low","rationale":"No paper-specific official publication record, public archive, or author-hosted copy was located; full-text assumptions, evidence, and version identity cannot be audited from this map.","basis_source_anchor_ids":["anchor-paper-76-search-gap"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, ongoing-work status, and documented project lineage provide baseline human and lifecycle provenance. Contributor roles, manuscript revisions, AI or tool use, and artifact lineage remain unaudited.","basis_source_anchor_ids":["anchor-paper-76-metadata","anchor-paper-76-project"]},{"id":"external_scrutiny","level":"low","rationale":"The item is ongoing work. DARPA program context is not a completed paper review or independent technical validation.","basis_source_anchor_ids":["anchor-paper-76-metadata","anchor-paper-76-project"]},{"id":"reception","level":"low","rationale":"The dated exact-title search located 0 paper citations. Under the author-defined rule, 0–8 located citations is Low, 9–10 is Medium, and 11 or more is High; project and award pages are not citations.","basis_source_anchor_ids":["anchor-paper-76-citations"]},{"id":"contribution_significance","level":"not_assessed","rationale":"The objectives are potentially important, but novelty, achieved guarantees, and impact cannot be assessed from project and title metadata.","basis_source_anchor_ids":["anchor-paper-76-metadata","anchor-paper-76-search-gap"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"Exact-title scholarly-web search","citation_count":0,"source_url":"https://www.google.com/search?q=%22PRISM%3A+PRivacy-Preserving+Intrusion-Resilient+Secure+Multiparty-Computation-Based+Messaging+Overlay%22","signals":[],"limitation":"The exact manuscript may not be public or indexed. Zero excludes project and award descriptions that do not cite a paper with this identity; it does not preclude private, variant-title, or future references."}},"paper_77":{"schema_version":"0.1","map_id":"paper-77-map","publication_id":77,"publication_anchor":"paper-77","slug":"paper-77","canonical_path":"/knowledge/papers/paper-77/","machine_path":"/knowledge/papers/paper-77.json","root_node_id":"paper-77","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":[],"title":"Towards Further Realizing Random Oracles: Post-Quantum Non-Malleable Point Obfuscation","short_title":"Post-Quantum Non-Malleable Point Obfuscation","year":null,"venue":null,"publication_status":"Ongoing work","topic":"algorithms-foundations","labels":["Theory"],"availability":"Public manuscript not found; this work is listed as ongoing.","authors":["Daniel Apon","Chongwon Cho","Karim Eldefrawy","Feng-Hao Liu","Rafail Ostrovsky"],"keywords":["post-quantum cryptography","obfuscation"],"research_question":"Can a post-quantum point-function obfuscation notion resist malleation while reproducing a useful aspect of random-oracle behavior?","central_answer":"The title establishes this research objective, and a NIST administrative email verifies that a manuscript with this title and author list entered an internal review process in 2021. No public manuscript was located, so the construction, security notion, quantum-access model, assumptions, theorem, and proof remain unaudited.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"metadata verification, administrative-provenance analysis, public-source searching, and uncertainty documentation"}],"method":"AI drafting from the author-site record, a public NIST administrative email, and exact-title, author-title, archive, index, and coauthor-profile searches. The NIST document is used only as manuscript provenance; it is not treated as full text, peer review, a citation, or evidence for any technical claim.","source_scope":"metadata_administrative_provenance_and_documented_public_source_search","approval":{"status":"pending","note":"AI-authored bounded map awaiting full author audit; technical content is intentionally not reconstructed from the title alone."}},"sources":[{"id":"source-paper-77-curated","type":"curated_site_record","title":"Website publication record for Paper #77","url":"/publications/#paper-77","scope_note":"Author-site title, authorship, ongoing-work status, and editorial summary; not a manuscript or technical source."},{"id":"source-paper-77-nist-email","type":"administrative_provenance_record","title":"NIST ERB sponsor-review email mentioning the manuscript","url":"https://nist.pqcrypto.org/foia/20250416/RE_%20NPS_%20REMINDER%20-%20ERB%20Sponsor%20Review%20Manuscript.pdf","media_type":"application/pdf","scope_note":"The email names the manuscript and authors, records a 2021-03-02 submission date and ERB Control G2021-0620, and discusses administrative sponsor review before intended conference submission. It is neither the manuscript nor a scholarly citation, venue decision, review report, or technical validation."},{"id":"source-paper-77-manuscript-search","type":"source_search_record","title":"Public-manuscript search for Paper #77","url":"https://www.google.com/search?q=%22Towards+Further+Realizing+Random+Oracles%3A+Post-Quantum+Non-Malleable+Point+Obfuscation%22","accessed_at":"2026-07-11","scope_note":"Exact-title and author-title variants were checked across the open web, IACR ePrint, arXiv, DBLP, Crossref, OpenAlex, NIST/public-record pages, and discoverable author or coauthor pages. The NIST email was located, but no public manuscript, abstract, DOI, ePrint identifier, venue paper page, or stable scholarly index record was found."},{"id":"source-paper-77-citation-search","type":"citation_search_snapshot","title":"Exact-title scholarly-web citation search","url":"https://www.google.com/search?q=%22Towards+Further+Realizing+Random+Oracles%3A+Post-Quantum+Non-Malleable+Point+Obfuscation%22","accessed_at":"2026-07-11","scope_note":"The NIST administrative email was excluded from reception because it does not cite the work as scholarship."}],"source_anchors":[{"id":"anchor-paper-77-metadata","source_id":"source-paper-77-curated","label":"Author-site paper metadata","locator":"Paper #77 title, named authors, topic, Theory label, and Ongoing work status","url":"/publications/#paper-77"},{"id":"anchor-paper-77-nist-email","source_id":"source-paper-77-nist-email","label":"NIST administrative manuscript provenance","locator":"Public email record naming the manuscript and five authors; submitted 2021-03-02 under ERB Control G2021-0620; administrative sponsor-review correspondence, not manuscript content or scholarly review","url":"https://nist.pqcrypto.org/foia/20250416/RE_%20NPS_%20REMINDER%20-%20ERB%20Sponsor%20Review%20Manuscript.pdf"},{"id":"anchor-paper-77-search-gap","source_id":"source-paper-77-manuscript-search","label":"Documented full-text search gap","locator":"Search completed 2026-07-11 across exact-title and author-title web queries, IACR ePrint, arXiv, DBLP, Crossref, OpenAlex, NIST records, and discoverable author/coauthor pages; administrative provenance found but no primary full text or stable scholarly record","url":"https://www.google.com/search?q=%22Towards+Further+Realizing+Random+Oracles%3A+Post-Quantum+Non-Malleable+Point+Obfuscation%22"},{"id":"anchor-paper-77-citations","source_id":"source-paper-77-citation-search","label":"Dated exact-title citation search","locator":"No citing scholarly work verifiably located; the NIST administrative email was excluded from the count","url":"https://www.google.com/search?q=%22Towards+Further+Realizing+Random+Oracles%3A+Post-Quantum+Non-Malleable+Point+Obfuscation%22"}],"nodes":[{"id":"paper-77","kind":"paper","parent_id":null,"order":1,"epistemic_status":"metadata_and_administrative_provenance_pending_author_audit","title":"Post-quantum non-malleable point obfuscation","summary":"An ongoing theory project whose title targets a post-quantum, non-malleable point-obfuscation primitive. A NIST email verifies manuscript identity and administrative history, but no technical text is public in the located sources.","source_anchor_ids":["anchor-paper-77-metadata","anchor-paper-77-nist-email","anchor-paper-77-search-gap"]},{"id":"paper-77-question","kind":"question","parent_id":"paper-77","order":1,"epistemic_status":"title_inferred","title":"Research direction","summary":"Can point-function obfuscation retain a non-malleability property against quantum-capable adversaries and thereby realize a useful random-oracle-like capability?","source_anchor_ids":["anchor-paper-77-metadata"]},{"id":"paper-77-point-obfuscation","kind":"primitive","parent_id":"paper-77","order":2,"epistemic_status":"primitive_named_definition_unavailable","title":"Point obfuscation","summary":"Point obfuscation is named in the title. The point-function domain, correctness condition, hiding notion, auxiliary input, reusable access, and output representation are not specified publicly.","source_anchor_ids":["anchor-paper-77-metadata","anchor-paper-77-search-gap"]},{"id":"paper-77-nonmalleability","kind":"security_property","parent_id":"paper-77","order":3,"epistemic_status":"property_named_definition_unavailable","title":"Non-malleability target","summary":"Non-malleability is explicit in the title, but the admissible relation, challenge game, adversarial output, success event, and handling of trivial transformations are unavailable.","source_anchor_ids":["anchor-paper-77-metadata","anchor-paper-77-search-gap"]},{"id":"paper-77-postquantum","kind":"threat_model","parent_id":"paper-77","order":4,"epistemic_status":"adversary_class_named_model_unavailable","title":"Post-quantum adversary","summary":"The title claims a post-quantum setting, but it does not disclose whether the model permits quantum advice, superposition access, quantum random-oracle queries, adaptive challenge selection, or quantum outputs.","source_anchor_ids":["anchor-paper-77-metadata","anchor-paper-77-search-gap"]},{"id":"paper-77-random-oracle-goal","kind":"objective","parent_id":"paper-77","order":5,"epistemic_status":"objective_named_scope_unavailable","title":"Further realizing random oracles","summary":"The title situates the work in a program of realizing random-oracle behavior, but the targeted functionality, application class, and sense of realization cannot be inferred safely without the manuscript.","source_anchor_ids":["anchor-paper-77-metadata","anchor-paper-77-search-gap"]},{"id":"paper-77-construction","kind":"construction","parent_id":"paper-77","order":6,"epistemic_status":"not_available_for_audit","title":"Construction unavailable","summary":"No algorithm, compiler, parameter set, underlying primitive, or post-quantum assumption can be extracted from the located records.","source_anchor_ids":["anchor-paper-77-search-gap"]},{"id":"paper-77-theorem","kind":"theorem_group","parent_id":"paper-77","order":7,"epistemic_status":"not_available_for_audit","title":"Theorem and proof unavailable","summary":"The available records do not establish existence, correctness, security, efficiency, or any reduction to a named hardness assumption.","source_anchor_ids":["anchor-paper-77-search-gap"]},{"id":"paper-77-nist-provenance","kind":"provenance","parent_id":"paper-77","order":8,"epistemic_status":"administratively_documented","title":"NIST ERB record","summary":"A NIST email records that a manuscript with this title and author list was submitted on March 2, 2021 under ERB Control G2021-0620 and discusses sponsor review before intended conference peer review.","source_anchor_ids":["anchor-paper-77-nist-email"]},{"id":"paper-77-provenance-boundary","kind":"limitation","parent_id":"paper-77-nist-provenance","order":1,"epistemic_status":"source_scope_boundary","title":"What the email does not establish","summary":"The email does not provide the manuscript, theorem statements, proof, public release, venue submission identity, acceptance decision, reviewer judgment, or citation evidence.","source_anchor_ids":["anchor-paper-77-nist-email"]},{"id":"paper-77-evidence","kind":"evidence_group","parent_id":"paper-77","order":9,"epistemic_status":"no_public_technical_evidence_located","title":"Evidence status","summary":"No public proof, formalization, implementation, experiment, or supplementary artifact attributable to this paper was located.","source_anchor_ids":["anchor-paper-77-search-gap"]},{"id":"paper-77-unknowns","kind":"limitation_group","parent_id":"paper-77","order":10,"epistemic_status":"explicit_unknowns","title":"Information needed for a substantive map","summary":"Manuscript audit must establish the point-obfuscation syntax, correctness and non-malleability games, quantum oracle-access model, assumptions, construction, reduction, parameter loss, efficiency, applications, and relation to prior random-oracle realizations.","source_anchor_ids":["anchor-paper-77-search-gap"]},{"id":"paper-77-search","kind":"audit_record","parent_id":"paper-77","order":11,"epistemic_status":"documented_search","title":"Public-source search","summary":"Exact-title, author-title, archive, index, NIST-record, and public-profile searches located administrative provenance but no primary technical source; the provenance record was kept separate from evidence and reception.","source_anchor_ids":["anchor-paper-77-nist-email","anchor-paper-77-search-gap"]},{"id":"paper-77-artifacts","kind":"artifact_group","parent_id":"paper-77","order":12,"epistemic_status":"metadata_and_administrative_record_only","title":"Available artifacts","summary":"The represented resources are an author-site listing and a NIST administrative email; neither is the manuscript or a technical artifact.","source_anchor_ids":["anchor-paper-77-metadata","anchor-paper-77-nist-email"]},{"id":"paper-77-scrutiny","kind":"scrutiny","parent_id":"paper-77","order":13,"epistemic_status":"no_completed_scholarly_scrutiny_located","title":"Scrutiny and reception","summary":"Administrative sponsor review is provenance, not completed scholarly peer review. No venue outcome, public review, reproduction, correction, cryptanalysis, or scholarly citation was located.","source_anchor_ids":["anchor-paper-77-nist-email","anchor-paper-77-citations"]}],"relations":[{"id":"paper-77-relation-question-point","type":"concerns","from_id":"paper-77-question","to_id":"paper-77-point-obfuscation"},{"id":"paper-77-relation-nonmalleability-qualifies-point","type":"constrains","from_id":"paper-77-nonmalleability","to_id":"paper-77-point-obfuscation"},{"id":"paper-77-relation-postquantum-qualifies-nonmalleability","type":"qualifies","from_id":"paper-77-postquantum","to_id":"paper-77-nonmalleability"},{"id":"paper-77-relation-point-targets-random-oracle-goal","type":"intended_to_support","from_id":"paper-77-point-obfuscation","to_id":"paper-77-random-oracle-goal"},{"id":"paper-77-relation-construction-would-realize-point","type":"would_realize","from_id":"paper-77-construction","to_id":"paper-77-point-obfuscation"},{"id":"paper-77-relation-theorem-would-support-construction","type":"would_support","from_id":"paper-77-theorem","to_id":"paper-77-construction"},{"id":"paper-77-relation-nist-contextualizes-paper","type":"establishes_provenance_for","from_id":"paper-77-nist-provenance","to_id":"paper-77"},{"id":"paper-77-relation-provenance-boundary-qualifies-nist","type":"qualifies","from_id":"paper-77-provenance-boundary","to_id":"paper-77-nist-provenance"},{"id":"paper-77-relation-search-limits-evidence","type":"limits_audit_of","from_id":"paper-77-search","to_id":"paper-77-evidence"},{"id":"paper-77-relation-unknowns-qualify-paper","type":"qualifies","from_id":"paper-77-unknowns","to_id":"paper-77"},{"id":"paper-77-relation-scrutiny-contextualizes-paper","type":"contextualizes","from_id":"paper-77-scrutiny","to_id":"paper-77"}],"assessment":{"id":"paper-77-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"low","rationale":"The title and NIST email establish identity, objective, and administrative history, but no manuscript, definition, construction, theorem, proof, or technical artifact was located.","basis_source_anchor_ids":["anchor-paper-77-metadata","anchor-paper-77-nist-email","anchor-paper-77-search-gap"]},{"id":"auditability","level":"low","rationale":"No paper-specific public archive or author-hosted manuscript was located. The NIST email is inspectable provenance but does not expose assumptions, evidence, or version content.","basis_source_anchor_ids":["anchor-paper-77-nist-email","anchor-paper-77-search-gap"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, ongoing-work status, submission date, and ERB control number provide a concrete human and lifecycle trail. Contributor roles, revisions, AI or tool use, and manuscript/artifact lineage remain unaudited.","basis_source_anchor_ids":["anchor-paper-77-metadata","anchor-paper-77-nist-email"]},{"id":"external_scrutiny","level":"low","rationale":"The located record documents administrative sponsor review and intended later conference review, not a completed scholarly review outcome or independent technical validation.","basis_source_anchor_ids":["anchor-paper-77-nist-email"]},{"id":"reception","level":"low","rationale":"The dated exact-title search located 0 scholarly citations. Under the author-defined rule, 0–8 located citations is Low, 9–10 is Medium, and 11 or more is High; the NIST email is provenance, not a citation.","basis_source_anchor_ids":["anchor-paper-77-citations"]},{"id":"contribution_significance","level":"not_assessed","rationale":"The title describes an ambitious theoretical objective, but result strength, novelty, assumptions, and impact cannot be assessed without technical text.","basis_source_anchor_ids":["anchor-paper-77-metadata","anchor-paper-77-search-gap"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"Exact-title scholarly-web search with administrative mentions excluded","citation_count":0,"source_url":"https://www.google.com/search?q=%22Towards+Further+Realizing+Random+Oracles%3A+Post-Quantum+Non-Malleable+Point+Obfuscation%22","signals":[],"limitation":"No public manuscript or stable index record was located. Zero means no scholarly citation was verifiably attributable to the exact title; the NIST email establishes manuscript provenance only."}},"paper_78":{"schema_version":"0.1","map_id":"paper-78-map","publication_id":78,"publication_anchor":"paper-78","slug":"paper-78","canonical_path":"/knowledge/papers/paper-78/","machine_path":"/knowledge/papers/paper-78.json","root_node_id":"paper-78","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":[],"title":"Composing Timed Cryptographic Protocols: Foundations and Applications","short_title":"Composing Timed Cryptographic Protocols","year":2024,"venue":"IACR Cryptology ePrint Archive","publication_status":"Preprint · under review","topic":"secure-encrypted-computation","labels":["Theory"],"authors":["Karim Eldefrawy","Ben Terner","Moti Yung"],"keywords":["timed cryptography","protocol composition"],"research_question":"How can cryptographic protocols soundly compose components whose secrecy expires within feasible polynomial time, while accounting for leakage, simulator cost, adversary depth, and the time at which each guarantee ceases to be meaningful?","central_answer":"The paper defines residual complexity and a critical time for leaky timed primitives, embeds them in a depth-bounded real/ideal MPC framework parameterized by adversary, simulator, and environment depth, and proves composition theorems with explicit security degradation. It adds a one-random-oracle compiler for leaky algebraic puzzles and applies the framework to time-lock-puzzle auctions, including a simultaneous multi-round auction whose parameters are retuned for composition loss.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, definition and theorem decomposition, proof-evidence linking, protocol analysis, and initial assessment"}],"method":"Source-grounded audit of the complete 43-page IACR ePrint, its archive metadata, the author-site record, and a dated citation search. Definitions, theorem parameters, proof locations, application assumptions, and stated limitations are separated; self-reported novelty is not converted into an independently verified priority claim.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source-linked map awaiting full author audit; mathematical summaries and ratings may be revised before approval."}},"sources":[{"id":"source-paper-78-paper","type":"scholarly_preprint","title":"Composing Timed Cryptographic Protocols: Foundations and Applications","url":"https://eprint.iacr.org/2024/676.pdf","media_type":"application/pdf","page_count":43,"provenance_category":"public_archive","retrieved_at":"2026-07-11","scope_note":"Complete IACR ePrint used for the technical audit; no machine-checked proof artifact or implementation accompanies the represented source."},{"id":"source-paper-78-archive","type":"archive_record","title":"IACR ePrint 2024/676 record","url":"https://eprint.iacr.org/2024/676","scope_note":"Public archive landing record for the audited preprint."},{"id":"source-paper-78-curated","type":"curated_site_record","title":"Website publication record for Paper #78","url":"/publications/#paper-78","scope_note":"Author-site bibliographic identity and under-review status."},{"id":"source-paper-78-dblp","type":"bibliographic_record","title":"DBLP record for IACR ePrint 2024/676","url":"https://dblp.org/rec/journals/iacr/EldefrawyTY24","scope_note":"Independent bibliographic record; not peer review or evidence for the paper's theorems."},{"id":"source-paper-78-citation-search","type":"citation_search_snapshot","title":"Exact-title scholarly-web citation search","url":"https://www.google.com/search?q=%22Composing+Timed+Cryptographic+Protocols%3A+Foundations+and+Applications%22","accessed_at":"2026-07-11","scope_note":"Three distinct downstream scholarly references were located; this is a conservative lower bound, not a normalized citation-index total."}],"source_anchors":[{"id":"anchor-paper-78-problem","source_id":"source-paper-78-paper","label":"Problem, contributions, and claimed scope","locator":"Abstract and Section 1, PDF pages 1–5","url":"https://eprint.iacr.org/2024/676.pdf#page=1"},{"id":"anchor-paper-78-leakage-motivation","source_id":"source-paper-78-paper","label":"Leaky algebraic solving and fine-grained motivation","locator":"Section 2, PDF pages 5–7","url":"https://eprint.iacr.org/2024/676.pdf#page=5"},{"id":"anchor-paper-78-residual","source_id":"source-paper-78-paper","label":"Residual complexity and critical time","locator":"Informal Definition 1 and formal Definition 7, PDF pages 6–7 and 13","url":"https://eprint.iacr.org/2024/676.pdf#page=6"},{"id":"anchor-paper-78-depth-model","source_id":"source-paper-78-paper","label":"Depth-bounded circuits and indistinguishability","locator":"Definitions 3–4, PDF page 12","url":"https://eprint.iacr.org/2024/676.pdf#page=12"},{"id":"anchor-paper-78-depth-mpc","source_id":"source-paper-78-paper","label":"Depth-bounded real/ideal MPC","locator":"Section 5 and Definitions 8–9, PDF pages 13–17","url":"https://eprint.iacr.org/2024/676.pdf#page=13"},{"id":"anchor-paper-78-temporary-privacy","source_id":"source-paper-78-paper","label":"Leaky functionalities and temporary privacy","locator":"Section 5.4, PDF pages 16–17","url":"https://eprint.iacr.org/2024/676.pdf#page=16"},{"id":"anchor-paper-78-concurrent","source_id":"source-paper-78-paper","label":"Concurrent composition theorem","locator":"Theorem 3 and proof, PDF pages 18–20","url":"https://eprint.iacr.org/2024/676.pdf#page=18"},{"id":"anchor-paper-78-sequential","source_id":"source-paper-78-paper","label":"Sequential and lockstep composition","locator":"Theorem 4 and Corollaries 1–2, PDF pages 20–21; deferred proof in Appendix C, PDF pages 34–37","url":"https://eprint.iacr.org/2024/676.pdf#page=20"},{"id":"anchor-paper-78-arbitrary-poly","source_id":"source-paper-78-paper","label":"Boundary with arbitrary-polynomial MPC","locator":"Section 6.4, Corollaries 3–4 and Lemma 2, PDF pages 21–22","url":"https://eprint.iacr.org/2024/676.pdf#page=21"},{"id":"anchor-paper-78-compiler","source_id":"source-paper-78-paper","label":"One-random-oracle compiler","locator":"Section 7.1, Figure 2, Theorem 5 and Lemma 3, PDF pages 22–24","url":"https://eprint.iacr.org/2024/676.pdf#page=22"},{"id":"anchor-paper-78-equivocation","source_id":"source-paper-78-paper","label":"Simulation-equivocation and temporary-privacy boundary","locator":"Section 7.2, PDF page 24","url":"https://eprint.iacr.org/2024/676.pdf#page=24"},{"id":"anchor-paper-78-auction","source_id":"source-paper-78-paper","label":"Single-round auction functionality and protocol","locator":"Section 8.1, Figures 3–4 and Theorem 6, PDF pages 25–27","url":"https://eprint.iacr.org/2024/676.pdf#page=25"},{"id":"anchor-paper-78-smra","source_id":"source-paper-78-paper","label":"Simultaneous multi-round auction composition","locator":"Section 8.2 and Theorem 7, PDF pages 27–28","url":"https://eprint.iacr.org/2024/676.pdf#page=27"},{"id":"anchor-paper-78-appendices","source_id":"source-paper-78-paper","label":"Deferred model details and proofs","locator":"Appendices A–F, PDF pages 32–43","url":"https://eprint.iacr.org/2024/676.pdf#page=32"},{"id":"anchor-paper-78-archive","source_id":"source-paper-78-archive","label":"Public ePrint record","locator":"IACR ePrint 2024/676 landing page","url":"https://eprint.iacr.org/2024/676"},{"id":"anchor-paper-78-bibliography","source_id":"source-paper-78-dblp","label":"Independent bibliographic identity","locator":"DBLP record Eldefrawy–Terner–Yung, 2024","url":"https://dblp.org/rec/journals/iacr/EldefrawyTY24"},{"id":"anchor-paper-78-citations","source_id":"source-paper-78-citation-search","label":"Dated lower-bound citation snapshot","locator":"Exact-title search located three distinct citing works when accessed 2026-07-11","url":"https://www.google.com/search?q=%22Composing+Timed+Cryptographic+Protocols%3A+Foundations+and+Applications%22"}],"nodes":[{"id":"paper-78","kind":"paper","parent_id":null,"order":1,"epistemic_status":"public_preprint_pending_author_audit","title":"A compositional foundation for expiring security","summary":"A 43-page theory preprint that models timed cryptographic security with fine-grained circuit depth, makes leakage explicit through residual complexity, proves composition rules with quantified degradation, and demonstrates the framework through timed auction protocols.","source_anchor_ids":["anchor-paper-78-problem","anchor-paper-78-archive"]},{"id":"paper-78-question","kind":"question","parent_id":"paper-78","order":1,"epistemic_status":"explicitly_stated","title":"Research question","summary":"How can a larger MPC protocol use time-lock primitives whose secrecy expires in feasible time without hiding leakage, giving the simulator unrealistic power, or assuming composition preserves an undegraded guarantee?","source_anchor_ids":["anchor-paper-78-problem","anchor-paper-78-leakage-motivation"]},{"id":"paper-78-diagnosis","kind":"problem_analysis","parent_id":"paper-78","order":2,"epistemic_status":"source_argued","title":"Why conventional idealization is insufficient","summary":"The paper argues that existing approaches lack composability, consistent analysis, or required functionality when algebraic time-lock solving is modeled as opaque or random-oracle-like at every step despite possible intermediate leakage.","source_anchor_ids":["anchor-paper-78-problem","anchor-paper-78-leakage-motivation"]},{"id":"paper-78-framework","kind":"contribution","parent_id":"paper-78","order":3,"epistemic_status":"formally_defined","title":"Depth-bounded timed-cryptography framework","summary":"The framework parameterizes adversary, simulator, and environment by polynomial circuit depth and represents a timed primitive's changing hardness rather than treating it as perfectly hidden until an instantaneous expiry.","source_anchor_ids":["anchor-paper-78-residual","anchor-paper-78-depth-model","anchor-paper-78-depth-mpc"]},{"id":"paper-78-residual-complexity","kind":"definition","parent_id":"paper-78-framework","order":1,"epistemic_status":"formally_defined","title":"Residual complexity","summary":"A puzzle has residual complexity (d, r) when every depth-d adversary guesses a random puzzle solution with probability at most r; the paper calls 1−r the remaining hardness and uses the curve across depths as a leakage profile.","source_anchor_ids":["anchor-paper-78-residual"]},{"id":"paper-78-critical-time","kind":"definition","parent_id":"paper-78-framework","order":2,"epistemic_status":"formally_defined_and_designer_parameterized","title":"Critical time","summary":"Given a designer-chosen unacceptable guessing threshold, the critical time is the first depth at which residual complexity crosses it. Timed privacy is claimed only before that point, which may conservatively precede honest completion.","source_anchor_ids":["anchor-paper-78-residual"]},{"id":"paper-78-falsifiability","kind":"methodological_property","parent_id":"paper-78-framework","order":3,"epistemic_status":"explicitly_argued","title":"Falsifiable leakage assumptions","summary":"Rather than asserting an opaque generic step, the framework's depth-indexed guessing bounds can in principle be falsified by a sampling and guessing algorithm that outperforms the assumed residual-complexity curve.","source_anchor_ids":["anchor-paper-78-leakage-motivation","anchor-paper-78-residual"]},{"id":"paper-78-depth-machines","kind":"definition_group","parent_id":"paper-78-framework","order":4,"epistemic_status":"formally_defined","title":"Depth-bounded machines and indistinguishability","summary":"The model bounds circuit depth while retaining polynomial size, extends this accounting to interactive circuits, and defines indistinguishability relative to a depth-bounded distinguisher.","source_anchor_ids":["anchor-paper-78-depth-model"]},{"id":"paper-78-depth-mpc","kind":"security_definition","parent_id":"paper-78-framework","order":5,"epistemic_status":"formally_defined","title":"(d_a, d_s, d_e)-depth-secure MPC","summary":"A protocol is depth-secure when a d_s-depth simulator makes real and ideal executions indistinguishable to every d_a-depth adversary and d_e-depth environment; the paper gives a concurrent UC-like model and a separate sequential model.","source_anchor_ids":["anchor-paper-78-depth-mpc"]},{"id":"paper-78-simulator-budget","kind":"modeling_constraint","parent_id":"paper-78-depth-mpc","order":1,"epistemic_status":"explicitly_justified","title":"Simulator budget is security-critical","summary":"Constraining simulator depth prevents a vacuous proof in which the simulator solves a time-lock puzzle to learn information unavailable to the real adversary; meaningful parameters require the simulation budget to remain below relevant adversary and environment depths.","source_anchor_ids":["anchor-paper-78-depth-mpc","anchor-paper-78-sequential"]},{"id":"paper-78-temporary-privacy","kind":"security_property","parent_id":"paper-78-depth-mpc","order":2,"epistemic_status":"formally_modeled","title":"Temporary privacy with matched leakage","summary":"Leaky ideal functionalities reveal information in phases so that a simulator learns no more than the adversary at the corresponding depth; outputs may become public after the timed protection has served its purpose.","source_anchor_ids":["anchor-paper-78-temporary-privacy"]},{"id":"paper-78-composition","kind":"theorem_group","parent_id":"paper-78","order":4,"epistemic_status":"formally_proved","title":"Composition with explicit degradation","summary":"The paper tracks how simulator work reduces the adversary depth covered by the result, increases the composite simulator budget, and limits the environment to the weaker component bound.","source_anchor_ids":["anchor-paper-78-concurrent","anchor-paper-78-sequential"]},{"id":"paper-78-concurrent-theorem","kind":"theorem","parent_id":"paper-78-composition","order":1,"epistemic_status":"proved","title":"Concurrent composition (Theorem 3)","summary":"If π is (d_a,d_s,d_e)-secure and ρ is (d'_a,d'_s,d'_e)-secure, their concurrent composition is (d_a−d'_s, d_s+d'_s, min(d_e,d'_e))-secure, under the theorem's meaningful-depth conditions.","source_anchor_ids":["anchor-paper-78-concurrent"]},{"id":"paper-78-sequential-theorem","kind":"theorem","parent_id":"paper-78-composition","order":2,"epistemic_status":"proved","title":"Sequential composition (Theorem 4)","summary":"When π invokes ρ sequentially, the general bound is (d_a−d'_s, d_s·d'_s, min(d_e,d'_e)); if the caller's simulator never rewinds across the invocation, Corollary 1 improves the simulator term to d_s+d'_s.","source_anchor_ids":["anchor-paper-78-sequential"]},{"id":"paper-78-lockstep","kind":"corollary","parent_id":"paper-78-composition","order":3,"epistemic_status":"proved_or_claimed_as_specified","title":"Lockstep and serial structure","summary":"Lockstep execution lets multiple subprotocol simulators run in parallel so degradation depends on the largest relevant simulator depth rather than summing all of them. For serially separated executions, the paper states that independent analyses need not degrade one another.","source_anchor_ids":["anchor-paper-78-sequential","anchor-paper-78-arbitrary-poly"]},{"id":"paper-78-arbitrary-poly-boundary","kind":"boundary","parent_id":"paper-78-composition","order":4,"epistemic_status":"explicitly_characterized","title":"Boundary with standard arbitrary-polynomial MPC","summary":"Depth-bounded protocols may use or run beside standard MPC through the stated composition bounds. The reverse direction has no general black-box theorem; it is supported in the special case where the timed subprotocol's inputs and outputs may all be revealed when it terminates.","source_anchor_ids":["anchor-paper-78-arbitrary-poly"]},{"id":"paper-78-compiler","kind":"construction","parent_id":"paper-78","order":5,"epistemic_status":"proposed_and_analyzed","title":"One-random-oracle compiler for leaky algebraic puzzles","summary":"Generate an algebraic puzzle Z with random solution r, mask the intended solution χ as γ=H(r) xor χ, and publish (Z,γ). Solving recovers r and then χ; only the final masking step uses the random oracle.","source_anchor_ids":["anchor-paper-78-compiler"]},{"id":"paper-78-compiler-theorem","kind":"theorem","parent_id":"paper-78-compiler","order":1,"epistemic_status":"proved","title":"Compiler guarantee (Theorem 5)","summary":"The compiled construction's critical time is no earlier than the last point at which the base algebraic solution still hides on the order of the security parameter in bits; the proof links this hidden information to negligible guessing probability.","source_anchor_ids":["anchor-paper-78-compiler"]},{"id":"paper-78-equivocation","kind":"simulation_technique","parent_id":"paper-78-compiler","order":2,"epistemic_status":"analyzed_in_random_oracle_model","title":"Late equivocation","summary":"A simulator can initially use a random puzzle solution and later program the random oracle so the puzzle opens to the required value. This requires a small timing advantage and guarantees privacy only until the critical time.","source_anchor_ids":["anchor-paper-78-equivocation"]},{"id":"paper-78-auction-application","kind":"application","parent_id":"paper-78","order":6,"epistemic_status":"formally_specified","title":"Timed auction application","summary":"The paper uses auctions to demonstrate how temporary privacy, non-malleability, simulator budgeting, and composition loss interact in a concrete multi-party protocol.","source_anchor_ids":["anchor-paper-78-auction","anchor-paper-78-smra"]},{"id":"paper-78-single-auction","kind":"protocol","parent_id":"paper-78-auction-application","order":1,"epistemic_status":"specified_and_proved_under_assumptions","title":"Single-round single-item auction","summary":"Each party unfair-broadcasts a time-lock puzzle containing its bid before t_bid, solves all timely puzzles in parallel by t_end, and outputs all bids and the maximum. Puzzle parameters require the critical time to follow the bid deadline.","source_anchor_ids":["anchor-paper-78-auction"]},{"id":"paper-78-auction-security","kind":"theorem","parent_id":"paper-78-single-auction","order":1,"epistemic_status":"proved_under_named_assumptions","title":"Single-auction security (Theorem 6)","summary":"Given an equivocable, non-malleable time-lock puzzle and a bounded unfair-broadcast simulator, the protocol realizes the auction functionality with adversary depth reduced by the broadcast-simulation cost and simulator depth covering puzzle generation plus equivocation.","source_anchor_ids":["anchor-paper-78-auction","anchor-paper-78-appendices"]},{"id":"paper-78-nonmalleability","kind":"assumption","parent_id":"paper-78-single-auction","order":2,"epistemic_status":"explicitly_required","title":"Non-malleability blocks bid adaptation","summary":"The proof requires a corrupt bidder not to transform honest parties' unsolved puzzles into related bid puzzles. Appendix F reduces indistinguishability of real and simulated executions to concurrent puzzle non-malleability, with a CCA-based alternative discussed.","source_anchor_ids":["anchor-paper-78-auction","anchor-paper-78-appendices"]},{"id":"paper-78-smra","kind":"protocol","parent_id":"paper-78-auction-application","order":2,"epistemic_status":"specified_and_composition_analyzed","title":"Simultaneous multi-round auction","summary":"A round runs one single-item auction per item in lockstep, and rounds are then composed serially. Because concurrent composition weakens the adversary-depth guarantee, the bid deadline and puzzle hardness must be retuned.","source_anchor_ids":["anchor-paper-78-smra"]},{"id":"paper-78-smra-theorem","kind":"theorem","parent_id":"paper-78-smra","order":1,"epistemic_status":"proved","title":"SMRA security (Theorem 7)","summary":"If the single-auction protocol is (d_a,d_s,d_e)-secure, one lockstep SMRA round is (d_a−d_s,2d_s,d_e)-secure; with appropriate parameterization and end-of-round revelation, the full serial SMRA implements its functionality in the arbitrary-polynomial regime.","source_anchor_ids":["anchor-paper-78-smra"]},{"id":"paper-78-proof-evidence","kind":"formal_evidence","parent_id":"paper-78","order":7,"epistemic_status":"human_written_proofs_present","title":"Formal evidence","summary":"The preprint contains formal definitions, theorem statements, reductions and simulation arguments, with deferred composition, residual-hardness, non-malleability, and auction proofs in the appendices. No proof is represented as machine checked.","source_anchor_ids":["anchor-paper-78-concurrent","anchor-paper-78-sequential","anchor-paper-78-compiler","anchor-paper-78-appendices"]},{"id":"paper-78-empirical-evidence","kind":"evidence_boundary","parent_id":"paper-78","order":8,"epistemic_status":"not_claimed","title":"No empirical system evaluation","summary":"The evidence is definitional and proof-based. The represented preprint does not provide an implementation, measured puzzle leakage curve, benchmark, deployment study, or machine-checked formalization.","source_anchor_ids":["anchor-paper-78-problem","anchor-paper-78-appendices"]},{"id":"paper-78-limitations","kind":"limitation_group","parent_id":"paper-78","order":9,"epistemic_status":"source_reported_and_audit_inferred","title":"Technical boundaries","summary":"Composition analysis is black-box and not proven tight; the critical time depends on a designer's hardness belief and threshold; the compiler uses the random-oracle model; auction security requires equivocation, non-malleability, unfair broadcast, parameter retuning, and eventual revelation of all bids.","source_anchor_ids":["anchor-paper-78-residual","anchor-paper-78-sequential","anchor-paper-78-compiler","anchor-paper-78-auction","anchor-paper-78-smra"]},{"id":"paper-78-artifacts","kind":"artifact_group","parent_id":"paper-78","order":10,"epistemic_status":"public_full_text_only","title":"Artifacts","summary":"The complete 43-page ePrint and stable archive/bibliographic records are public. No code, dataset, proof-assistant development, immutable local copy, or experimental artifact is represented.","source_anchor_ids":["anchor-paper-78-archive","anchor-paper-78-bibliography","anchor-paper-78-appendices"]},{"id":"paper-78-scrutiny","kind":"scrutiny","parent_id":"paper-78","order":11,"epistemic_status":"public_preprint_under_review","title":"Scrutiny and reception","summary":"The work is publicly archived and independently indexed but remains listed as under review. Three downstream scholarly references were located; no acceptance, public review, independent proof audit, correction, or implementation was located.","source_anchor_ids":["anchor-paper-78-archive","anchor-paper-78-bibliography","anchor-paper-78-citations"]}],"relations":[{"id":"paper-78-relation-diagnosis-motivates-framework","type":"motivates","from_id":"paper-78-diagnosis","to_id":"paper-78-framework"},{"id":"paper-78-relation-framework-answers-question","type":"answers","from_id":"paper-78-framework","to_id":"paper-78-question"},{"id":"paper-78-relation-residual-defines-critical","type":"parameterizes","from_id":"paper-78-residual-complexity","to_id":"paper-78-critical-time"},{"id":"paper-78-relation-falsifiability-qualifies-residual","type":"qualifies","from_id":"paper-78-falsifiability","to_id":"paper-78-residual-complexity"},{"id":"paper-78-relation-machines-enable-mpc","type":"enables","from_id":"paper-78-depth-machines","to_id":"paper-78-depth-mpc"},{"id":"paper-78-relation-simulator-qualifies-mpc","type":"qualifies","from_id":"paper-78-simulator-budget","to_id":"paper-78-depth-mpc"},{"id":"paper-78-relation-critical-bounds-privacy","type":"bounds","from_id":"paper-78-critical-time","to_id":"paper-78-temporary-privacy"},{"id":"paper-78-relation-mpc-enables-composition","type":"enables","from_id":"paper-78-depth-mpc","to_id":"paper-78-composition"},{"id":"paper-78-relation-concurrent-instantiates-composition","type":"instantiates","from_id":"paper-78-concurrent-theorem","to_id":"paper-78-composition"},{"id":"paper-78-relation-sequential-instantiates-composition","type":"instantiates","from_id":"paper-78-sequential-theorem","to_id":"paper-78-composition"},{"id":"paper-78-relation-lockstep-refines-composition","type":"refines","from_id":"paper-78-lockstep","to_id":"paper-78-composition"},{"id":"paper-78-relation-arbitrary-qualifies-composition","type":"qualifies","from_id":"paper-78-arbitrary-poly-boundary","to_id":"paper-78-composition"},{"id":"paper-78-relation-compiler-theorem-supports-compiler","type":"supports","from_id":"paper-78-compiler-theorem","to_id":"paper-78-compiler"},{"id":"paper-78-relation-compiler-enables-equivocation","type":"enables","from_id":"paper-78-compiler","to_id":"paper-78-equivocation"},{"id":"paper-78-relation-equivocation-realizes-temporary","type":"helps_realize","from_id":"paper-78-equivocation","to_id":"paper-78-temporary-privacy"},{"id":"paper-78-relation-auction-applies-framework","type":"applies","from_id":"paper-78-auction-application","to_id":"paper-78-framework"},{"id":"paper-78-relation-single-instantiates-auction","type":"instantiates","from_id":"paper-78-single-auction","to_id":"paper-78-auction-application"},{"id":"paper-78-relation-nonmalleability-supports-auction","type":"supports","from_id":"paper-78-nonmalleability","to_id":"paper-78-auction-security"},{"id":"paper-78-relation-auction-security-supports-single","type":"supports","from_id":"paper-78-auction-security","to_id":"paper-78-single-auction"},{"id":"paper-78-relation-smra-composes-single","type":"composes","from_id":"paper-78-smra","to_id":"paper-78-single-auction"},{"id":"paper-78-relation-smra-theorem-supports-smra","type":"supports","from_id":"paper-78-smra-theorem","to_id":"paper-78-smra"},{"id":"paper-78-relation-composition-supports-smra","type":"supports","from_id":"paper-78-composition","to_id":"paper-78-smra-theorem"},{"id":"paper-78-relation-proof-supports-framework","type":"supports","from_id":"paper-78-proof-evidence","to_id":"paper-78-framework"},{"id":"paper-78-relation-empirical-qualifies-evidence","type":"qualifies","from_id":"paper-78-empirical-evidence","to_id":"paper-78-proof-evidence"},{"id":"paper-78-relation-limitations-qualify-paper","type":"qualifies","from_id":"paper-78-limitations","to_id":"paper-78"},{"id":"paper-78-relation-artifacts-enable-audit","type":"enables_audit_of","from_id":"paper-78-artifacts","to_id":"paper-78-proof-evidence"},{"id":"paper-78-relation-scrutiny-contextualizes-paper","type":"contextualizes","from_id":"paper-78-scrutiny","to_id":"paper-78"}],"assessment":{"id":"paper-78-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The complete preprint contains explicit definitions, quantified theorem statements, reductions, deferred proofs, and a fully specified auction application. Evidence is formal and human-written rather than empirical or machine checked.","basis_source_anchor_ids":["anchor-paper-78-residual","anchor-paper-78-depth-mpc","anchor-paper-78-concurrent","anchor-paper-78-sequential","anchor-paper-78-compiler","anchor-paper-78-auction","anchor-paper-78-appendices"]},{"id":"auditability","level":"high","rationale":"A complete 43-page public ePrint exposes the assumptions, definitions, theorem statements, proofs, protocol, and limitations for direct inspection. No code, proof-assistant artifact, or immutable checked-in copy is represented.","basis_source_anchor_ids":["anchor-paper-78-archive","anchor-paper-78-problem","anchor-paper-78-appendices"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, a stable ePrint identity, independent bibliographic indexing, and under-review status provide baseline provenance. Contributor roles, revision history, AI or tool use, proof-review history, and explicit final author approval remain unaudited.","basis_source_anchor_ids":["anchor-paper-78-archive","anchor-paper-78-bibliography"]},{"id":"external_scrutiny","level":"low","rationale":"Public archiving and downstream citation create exposure, but the site lists the paper as under review and no completed venue decision, public review, independent proof audit, or reproduction was located.","basis_source_anchor_ids":["anchor-paper-78-archive","anchor-paper-78-citations"]},{"id":"reception","level":"low","rationale":"The dated search located 3 distinct citing works. Under the author-defined rule, 0–8 located citations is Low, 9–10 is Medium, and 11 or more is High; 3 is a conservative lower bound rather than a normalized total.","basis_source_anchor_ids":["anchor-paper-78-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The source presents a new model, explicit composition degradation, a compiler, and a nontrivial protocol application. Priority, tightness, adoption, and breakthrough status are not independently established, so significance remains provisional.","basis_source_anchor_ids":["anchor-paper-78-problem","anchor-paper-78-concurrent","anchor-paper-78-compiler","anchor-paper-78-smra"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"Exact-title scholarly-web search; conservative distinct-work count","citation_count":3,"source_url":"https://www.google.com/search?q=%22Composing+Timed+Cryptographic+Protocols%3A+Foundations+and+Applications%22","signals":["Improved Rate for Non-Malleable Codes and Time-Lock Puzzles cites ePrint 2024/676.","A dissertation on scaling verifiable computations cites the work.","Expanding the Toolbox: Coercion and Cast-as-Intended Verifiability cites the work."],"limitation":"The three located references are a lower bound from open-web searching, not a normalized Google Scholar, Scopus, Web of Science, or OpenAlex total; additional citations may be unindexed or omitted."}},"paper_79":{"schema_version":"0.1","map_id":"paper-79-map","publication_id":79,"publication_anchor":"paper-79","slug":"paper-79","canonical_path":"/knowledge/papers/paper-79/","machine_path":"/knowledge/papers/paper-79.json","root_node_id":"paper-79","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":[],"title":"Can Composing Generative Models Avoid Hallucinations? Implications for Cybersecurity Use Cases","short_title":"Can Composing Generative Models Avoid Hallucinations?","year":2026,"venue":"10th International Symposium on Cyber Security, Cryptology and Machine Learning (CSCML 2026)","venue_url":"https://www.cscml.org/","publication_status":"Under review","topic":"ai-machine-learning","labels":["Theory"],"ai_ml_labels":["Foundations","AI for security"],"availability":"Public manuscript not yet linked; an author-supplied abstract and the CSCML 2026 venue website are represented.","abstract_kind":"Author-supplied abstract","abstract_review_status":"author_supplied_not_manuscript_audited","abstract_added_at":"2026-07-11","abstract_note":"Supplied by the author for this website; the manuscript and theorem proofs have not been independently audited.","abstract_source_url":"/knowledge/papers/paper-79/#paper-abstract","abstract":"Today’s AI-powered enterprise systems are increasingly combining multiple models with pre- and post-processing, score aggregation, routing to expert models, and model-as-judge mechanisms. This raises a natural theoretical question with immediate practical implications: can compositions of models and pre- and post-processing techniques reduce hallucination rates inherent in single models?\n\nWe answer this question for the calibrated core of systems composing multiple models with pre- and post-processing techniques. Calibration in this context means that among all claims assigned score z, the average truth rate is z. Kalai and Vempala (KV) proved a limitation for a single calibrated fact-level generator: it must hallucinate monofacts (facts appearing once in training data) at a rate lower-bounded by the Good–Turing missing-mass estimate minus calibration error.\n\nWe show that calibration is preserved by three natural and common composition operators: (1) deterministic semantic post-processing, (2) Bayesian-compatible score aggregation, and (3) routing to one of many expert models (sometimes called a mixture of experts). The KV hallucination floor thus survives compositions built from these operators. A combined system that beats this floor must therefore either be miscalibrated as a final composite or violate one of our closure theorems. We give two counterexamples showing that, when the conditions of our theorems are violated, the overall system may not be calibrated: marginally calibrated experts need not average to a calibrated ensemble, and globally calibrated expert models need not remain calibrated under routing to one of the expert models.\n\nWe map our results to cybersecurity-relevant settings; in such settings, composed systems powered by generative models discover vulnerabilities, review code, generate code and test cases, analyze logs, triage alerts, and summarize incidents. In cybersecurity, “facts” are operational claims whose tail can be viewed as the monofact regime. Such claims can concern, for example, vulnerability existence, exploitability, patch safety, alert validity, or incident attribution. Vulnerability discovery also marks the theorem’s boundary: a model-generated claim that a rare bug exists is monofact-like when supported only by model confidence, while a concrete exploit, proof certificate, or execution trace is a checkable witness. Thus, our theorems apply to pre-verification composition; verified witnesses provide an escape by changing the evidence state.\n\nWe conclude with an evaluation procedure for auditing composed systems powered by generative models acting as a cybersecurity AI assistant or automated pipeline addressing specific tasks in such settings. The evaluation procedure enables one to explain whether, and by which mechanism, an observed hallucination reduction is compatible with our analysis.","authors":["Karim Eldefrawy"],"keywords":["generative models","model composition","hallucinations","cybersecurity AI"],"research_question":"Does calibration—and therefore the Kalai–Vempala monofact hallucination lower bound—persist when fact-level generators are composed using deterministic semantic post-processing, Bayesian-compatible score aggregation, or routing to expert models?","central_answer":"The author-supplied abstract reports that, under the paper’s closure conditions, calibration is preserved by all three operators, so the Kalai–Vempala hallucination floor persists for calibrated composites. Beating the floor requires final miscalibration, violation of a closure condition, or a changed evidence state such as a verified witness.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"abstract-grounded synthesis, conservative claim mapping, and venue linking"}],"method":"AI drafting from author-supplied bibliographic metadata and abstract plus the supplied venue URL; no paper full text, formal theorem statement, proof, review record, dataset, code, or experiment was audited.","source_scope":"metadata_and_author_supplied_abstract","approval":{"status":"pending","note":"The author supplied the abstract. The AI-authored map remains pending author review; technical claims reflect the abstract, while formal theorem statements, hypotheses, and proofs remain unaudited."}},"sources":[{"id":"source-paper-79-curated","type":"curated_site_record","title":"Website publication record for Paper #79","url":"/publications/#paper-79","scope_note":"Author-supplied title, authorship, under-review status, venue, and topical characterization, plus an AI editorial summary. Technical claims are grounded separately in the author-supplied abstract."},{"id":"source-paper-79-author-abstract","type":"author_supplied_abstract","title":"Author-supplied abstract for Paper #79","url":"/knowledge/papers/paper-79/#paper-abstract","scope_note":"Abstract supplied directly by the author for this website; it reports the paper's results but is not a substitute for auditing the manuscript, theorem statements, hypotheses, or proofs."},{"id":"source-paper-79-venue","type":"official_venue_resource","title":"CSCML 2026 venue website","url":"https://www.cscml.org/","scope_note":"Author-supplied venue homepage. It supports venue-level context only and is not a paper-specific listing, acceptance notice, manuscript, or source for technical claims."},{"id":"source-paper-79-citation-search","type":"citation_search_snapshot","title":"Exact-title scholarly-web search","url":"https://www.google.com/search?q=%22Can+Composing+Generative+Models+Avoid+Hallucinations%3F+Implications+for+Cybersecurity+Use+Cases%22","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-79-curated","source_id":"source-paper-79-curated","label":"Author-supplied metadata and editorial summary","locator":"Website publication record. The title, authorship, status, venue, and topical characterization were supplied by the author; the concise summary is editorial.","url":"/publications/#paper-79"},{"id":"anchor-paper-79-author-abstract","source_id":"source-paper-79-author-abstract","label":"Author-supplied abstract","locator":"Full abstract rendered on the Paper #79 knowledge-map landing page. The manuscript, formal theorem statements, hypotheses, and proofs were not inspected.","url":"/knowledge/papers/paper-79/#paper-abstract"},{"id":"anchor-paper-79-venue","source_id":"source-paper-79-venue","label":"CSCML 2026 venue website","locator":"Venue homepage only. It is not a paper-specific page, acceptance notice, manuscript, review record, or source for technical claims.","url":"https://www.cscml.org/"},{"id":"anchor-paper-79-citations","source_id":"source-paper-79-citation-search","label":"Dated exact-title citation search","locator":"No citing work was verifiably located for the under-review manuscript when searched 2026-07-11","url":"https://www.google.com/search?q=%22Can+Composing+Generative+Models+Avoid+Hallucinations%3F+Implications+for+Cybersecurity+Use+Cases%22"}],"nodes":[{"id":"paper-79","kind":"paper","parent_id":null,"order":1,"epistemic_status":"author_supplied_abstract_pending_full_text_audit","title":"Can Composing Generative Models Avoid Hallucinations? Implications for Cybersecurity Use Cases","summary":"The author-supplied abstract reports that a Kalai–Vempala hallucination lower bound persists under deterministic semantic post-processing, Bayesian-compatible score aggregation, and expert-model routing when the resulting system remains calibrated. It identifies counterexamples outside these closure conditions, connects the theory to cybersecurity workflows, distinguishes unverified model claims from checkable witnesses, and proposes an audit procedure for explaining apparent hallucination reductions.","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-question","kind":"question","parent_id":"paper-79","order":1,"epistemic_status":"reported_in_author_abstract_not_independently_audited","title":"Research question","summary":"Does calibration—and therefore the Kalai–Vempala monofact hallucination lower bound—persist when fact-level generators are composed using deterministic semantic post-processing, Bayesian-compatible score aggregation, or routing to expert models?","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-contribution","kind":"contribution","parent_id":"paper-79","order":2,"epistemic_status":"reported_in_author_abstract_not_independently_audited","title":"Reported contribution","summary":"The abstract reports three calibration-closure theorems for common composition operators, two counterexamples outside their conditions, a cybersecurity interpretation, and an evaluation procedure for explaining apparent hallucination reductions.","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-method","kind":"method","parent_id":"paper-79","order":3,"epistemic_status":"reported_in_author_abstract_not_independently_audited","title":"Method or construction","summary":"The abstract reports closure theorems, under the paper’s conditions, for deterministic semantic post-processing, Bayesian-compatible score aggregation, and expert routing. It also reports two calibration counterexamples and separates confidence-only claims from claims backed by checkable witnesses. Exact formal definitions and hypotheses remain unavailable without the manuscript.","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-calibration","kind":"definition","parent_id":"paper-79-method","order":1,"epistemic_status":"defined_in_author_abstract","title":"Calibration","summary":"The abstract defines calibration operationally: among claims assigned score z, the average truth rate is z. The manuscript's probability space, conditioning, claim granularity, and approximation conventions remain unaudited.","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-kv-baseline","kind":"prior_result","parent_id":"paper-79-method","order":2,"epistemic_status":"reported_in_author_abstract_not_independently_audited","title":"Kalai–Vempala single-generator floor","summary":"The abstract reports the prior result that a calibrated fact-level generator must hallucinate monofacts—facts occurring once in training—at a rate lower-bounded by the Good–Turing missing-mass estimate minus calibration error.","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-closure","kind":"theorem_group","parent_id":"paper-79-method","order":3,"epistemic_status":"reported_in_author_abstract_not_independently_audited","title":"Calibration closure under three operators","summary":"The abstract reports that calibration is preserved by three specified composition operators under the paper's conditions; exact theorem statements, domains, measurability assumptions, and error propagation require the manuscript.","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-postprocessing","kind":"operator","parent_id":"paper-79-closure","order":1,"epistemic_status":"reported_operator","title":"Deterministic semantic post-processing","summary":"The first covered operator deterministically transforms generated semantic content. The abstract reports calibration closure but does not expose the formal semantic map or sufficient conditions.","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-aggregation","kind":"operator","parent_id":"paper-79-closure","order":2,"epistemic_status":"reported_operator","title":"Bayesian-compatible score aggregation","summary":"The second operator combines scores in a Bayesian-compatible way. This is narrower than arbitrary averaging; the abstract's first counterexample warns that marginal calibration alone does not make an averaged ensemble calibrated.","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-routing","kind":"operator","parent_id":"paper-79-closure","order":3,"epistemic_status":"reported_operator","title":"Routing to expert models","summary":"The third operator selects one of several expert models, sometimes described as a mixture of experts. The abstract reports a closure theorem under conditions and separately shows that global expert calibration alone is insufficient under arbitrary routing.","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-floor","kind":"theorem_consequence","parent_id":"paper-79-method","order":4,"epistemic_status":"reported_in_author_abstract_not_independently_audited","title":"Hallucination floor survives covered composition","summary":"Because the covered operators preserve calibration, the abstract concludes that the Kalai–Vempala monofact floor also applies to composites built from those operators.","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-escape","kind":"boundary","parent_id":"paper-79-method","order":5,"epistemic_status":"reported_in_author_abstract_not_independently_audited","title":"Ways to fall outside the conclusion","summary":"An observed composite below the floor must, according to the abstract, be miscalibrated at its final output, violate a closure theorem's conditions, or operate after verification has changed the evidence state.","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-counterexamples","kind":"counterexample_group","parent_id":"paper-79-method","order":6,"epistemic_status":"reported_in_author_abstract_not_independently_audited","title":"Two calibration counterexamples","summary":"The abstract reports examples showing that natural but weaker premises do not guarantee calibration of the composite.","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-counterexample-average","kind":"counterexample","parent_id":"paper-79-counterexamples","order":1,"epistemic_status":"reported_in_author_abstract_not_independently_audited","title":"Marginally calibrated experts may not average safely","summary":"Experts that are each marginally calibrated need not yield a calibrated ensemble when their outputs are simply averaged.","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-counterexample-route","kind":"counterexample","parent_id":"paper-79-counterexamples","order":2,"epistemic_status":"reported_in_author_abstract_not_independently_audited","title":"Globally calibrated experts may fail under routing","summary":"Experts that are globally calibrated need not remain calibrated after a router selectively sends different cases to them.","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-model-judge-boundary","kind":"scope_boundary","parent_id":"paper-79-method","order":7,"epistemic_status":"abstract_scope_observation","title":"Model-as-judge is motivation, not a listed closure operator","summary":"Model-as-judge mechanisms appear in the abstract's system motivation, but the three reported closure results are post-processing, Bayesian-compatible aggregation, and expert routing; the abstract does not claim a general model-as-judge closure theorem.","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-claims","kind":"claim_group","parent_id":"paper-79","order":4,"epistemic_status":"reported_in_author_abstract_not_independently_audited","title":"Principal reported claims","summary":"The abstract reports that calibrated compositions built from the three covered operators retain the Kalai–Vempala monofact hallucination floor; a system that beats it must be finally miscalibrated, violate a closure condition, or change the evidence state through verification.","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-cyber-workflows","kind":"application_context","parent_id":"paper-79-claims","order":1,"epistemic_status":"mapped_in_author_abstract","title":"Cybersecurity workflows","summary":"The abstract maps the theory to vulnerability discovery, code review and generation, test generation, log analysis, alert triage, and incident summarization by generative systems.","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-operational-facts","kind":"concept","parent_id":"paper-79-claims","order":2,"epistemic_status":"mapped_in_author_abstract","title":"Operational claims as facts","summary":"Cybersecurity 'facts' include claims about vulnerability existence, exploitability, patch safety, alert validity, and incident attribution; rare claims in their tail are treated as analogous to monofacts.","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-witness-boundary","kind":"boundary","parent_id":"paper-79-claims","order":3,"epistemic_status":"explicitly_reported_boundary","title":"Verification changes the evidence state","summary":"A rare-bug claim supported only by model confidence remains monofact-like, while a concrete exploit, proof certificate, or execution trace is a checkable witness. The abstract places verified witnesses outside its pre-verification composition analysis.","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-audit-procedure","kind":"evaluation_method","parent_id":"paper-79-claims","order":4,"epistemic_status":"reported_in_author_abstract_not_independently_audited","title":"Evaluation procedure for composed systems","summary":"The abstract reports a procedure for determining whether an observed hallucination reduction is compatible with the analysis and identifying whether calibration, operator conditions, or verification explain it; procedural steps and validation evidence require manuscript audit.","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-evidence","kind":"evidence_group","parent_id":"paper-79","order":5,"epistemic_status":"source_scope_limitation","title":"Reported evidence","summary":"The author-supplied abstract identifies the operators, reported closure results, two counterexamples, cybersecurity boundary, and evaluation procedure. The manuscript, formal definitions, theorem statements, proofs, examples, and any evaluation results were not audited.","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-scope","kind":"limitation_group","parent_id":"paper-79","order":6,"epistemic_status":"author_supplied_abstract_pending_full_text_audit","title":"Scope and limitations","summary":"The reported theorems concern the calibrated fact-level core, the three named operators, and pre-verification composition. They do not claim that every composition preserves calibration or that verified witnesses remain in the same evidence state; exact hypotheses, definitions, and theorem boundaries require manuscript audit.","source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"paper-79-artifacts","kind":"artifact_group","parent_id":"paper-79","order":7,"epistemic_status":"linked_not_content_audited","title":"Artifacts and resources","summary":"The site represents an author-supplied abstract and the venue homepage, but no manuscript, formal proof, code, dataset, evaluation artifact, immutable version, or paper-specific public URL.","source_anchor_ids":["anchor-paper-79-curated","anchor-paper-79-author-abstract","anchor-paper-79-venue"]},{"id":"paper-79-scrutiny","kind":"scrutiny","parent_id":"paper-79","order":8,"epistemic_status":"publication_status_reported_not_independently_audited","title":"Scrutiny and status","summary":"The work is described as under review. That records a pending process, not acceptance, a completed review outcome, or validation; no review report, reproduction, correction, or adversarial analysis is represented.","source_anchor_ids":["anchor-paper-79-curated","anchor-paper-79-venue"]}],"relations":[{"id":"paper-79-relation-question-contribution","type":"motivates","from_id":"paper-79-question","to_id":"paper-79-contribution"},{"id":"paper-79-relation-method-contribution","type":"realizes","from_id":"paper-79-method","to_id":"paper-79-contribution"},{"id":"paper-79-relation-calibration-enables-closure","type":"defines_property_for","from_id":"paper-79-calibration","to_id":"paper-79-closure"},{"id":"paper-79-relation-postprocessing-instantiates-closure","type":"instantiates","from_id":"paper-79-postprocessing","to_id":"paper-79-closure"},{"id":"paper-79-relation-aggregation-instantiates-closure","type":"instantiates","from_id":"paper-79-aggregation","to_id":"paper-79-closure"},{"id":"paper-79-relation-routing-instantiates-closure","type":"instantiates","from_id":"paper-79-routing","to_id":"paper-79-closure"},{"id":"paper-79-relation-closure-transfers-floor","type":"transfers","from_id":"paper-79-closure","to_id":"paper-79-floor"},{"id":"paper-79-relation-kv-grounds-floor","type":"grounds","from_id":"paper-79-kv-baseline","to_id":"paper-79-floor"},{"id":"paper-79-relation-escape-qualifies-floor","type":"qualifies","from_id":"paper-79-escape","to_id":"paper-79-floor"},{"id":"paper-79-relation-counterexamples-bound-closure","type":"bounds","from_id":"paper-79-counterexamples","to_id":"paper-79-closure"},{"id":"paper-79-relation-average-instantiates-counterexamples","type":"instantiates","from_id":"paper-79-counterexample-average","to_id":"paper-79-counterexamples"},{"id":"paper-79-relation-route-instantiates-counterexamples","type":"instantiates","from_id":"paper-79-counterexample-route","to_id":"paper-79-counterexamples"},{"id":"paper-79-relation-model-judge-qualifies-method","type":"qualifies","from_id":"paper-79-model-judge-boundary","to_id":"paper-79-method"},{"id":"paper-79-relation-contribution-claims","type":"grounds","from_id":"paper-79-contribution","to_id":"paper-79-claims"},{"id":"paper-79-relation-cyber-applies-claims","type":"applies","from_id":"paper-79-cyber-workflows","to_id":"paper-79-claims"},{"id":"paper-79-relation-operational-instantiates-cyber","type":"instantiates","from_id":"paper-79-operational-facts","to_id":"paper-79-cyber-workflows"},{"id":"paper-79-relation-witness-bounds-claims","type":"bounds","from_id":"paper-79-witness-boundary","to_id":"paper-79-claims"},{"id":"paper-79-relation-audit-evaluates-claims","type":"evaluates","from_id":"paper-79-audit-procedure","to_id":"paper-79-claims"},{"id":"paper-79-relation-evidence-claims","type":"supports","from_id":"paper-79-evidence","to_id":"paper-79-claims"},{"id":"paper-79-relation-scope-claims","type":"qualifies","from_id":"paper-79-scope","to_id":"paper-79-claims"},{"id":"paper-79-relation-artifacts-evidence","type":"enables_audit_of","from_id":"paper-79-artifacts","to_id":"paper-79-evidence"},{"id":"paper-79-relation-scrutiny-claims","type":"contextualizes","from_id":"paper-79-scrutiny","to_id":"paper-79-claims"}],"assessment":{"id":"paper-79-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The author-supplied abstract precisely reports the calibration definition, covered operators, closure results, counterexamples, cybersecurity boundary, and audit procedure. The formal statements, hypotheses, and proofs remain unaudited because the manuscript is not represented.","basis_source_anchor_ids":["anchor-paper-79-author-abstract"]},{"id":"auditability","level":"low","rationale":"The author-supplied abstract is inspectable, but no paper-specific official publication record, public archive, or author-hosted manuscript is represented; full-text assumptions, evidence, artifacts, and version identity cannot presently be audited from this map. Auditability is therefore low.","basis_source_anchor_ids":["anchor-paper-79-author-abstract","anchor-paper-79-venue"]},{"id":"production_provenance","level":"medium","rationale":"The record documents named authorship and the publication or review status of the paper, establishing a baseline human and lifecycle provenance trail. Contributor roles, revision and effort history, AI or tool use, artifact-version lineage, and explicit final approval have not yet been audited, so this provisional medium rating should not be read as complete production provenance.","basis_source_anchor_ids":["anchor-paper-79-curated","anchor-paper-79-author-abstract"]},{"id":"external_scrutiny","level":"low","rationale":"Under-review status records a pending process. No acceptance, completed review outcome, public review report, independent reproduction, correction, or adversarial analysis is represented.","basis_source_anchor_ids":["anchor-paper-79-curated"]},{"id":"reception","level":"low","rationale":"A dated exact-title scholarly-web search located 0 citations for this under-review manuscript. Under the author-defined rule, 0–8 located citations is Low, 9–10 is Medium, and 11 or more is High; this may change after dissemination.","basis_source_anchor_ids":["anchor-paper-79-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The abstract reports a theoretical closure limitation with direct cybersecurity implications, counterexamples, an evidence-state boundary, and an audit procedure. Novelty comparisons, formal proofs, and downstream impact remain unaudited, so this is a provisional significance assessment rather than a breakthrough claim.","basis_source_anchor_ids":["anchor-paper-79-author-abstract"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"Exact-title scholarly-web search","citation_count":0,"source_url":"https://www.google.com/search?q=%22Can+Composing+Generative+Models+Avoid+Hallucinations%3F+Implications+for+Cybersecurity+Use+Cases%22","signals":[],"limitation":"The work is under review and no manuscript or index record is public. Zero means no verifiable citation was located in this dated exact-title search, not that future or unindexed references are impossible."}},"paper_8":{"schema_version":"0.1","map_id":"paper-8-map","publication_id":8,"publication_anchor":"paper-8","slug":"paper-8","canonical_path":"/knowledge/papers/paper-8/","machine_path":"/knowledge/papers/paper-8.json","root_node_id":"paper-8","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["algorithm"],"title":"Filtering Sources of Unwanted Traffic Based on Blacklists","year":2008,"venue":"Information Theory and Applications Workshop (ITA)","topic":"algorithms-foundations","labels":["Theory","Applied"],"authors":["Fabio Soldo","Karim Eldefrawy","Athina Markopoulou","Bala Krishnamurthy","Kobus van der Merwe"],"keywords":["traffic filtering","blacklists","optimization"],"research_question":"How can a router compress a large, possibly changing IP blacklist into a small set of source-prefix filters while controlling collateral damage and the fraction of malicious addresses left unblocked?","central_answer":"Model filters as address intervals and exploit their one-dimensional order. FILTER-ALL-STATIC greedily merges the cheapest adjacent bad-address ranges; FILTER-SOME-STATIC also weighs the cost of leaving a bad address unfiltered. The paper proves both greedy constructions optimal, extends them incrementally to changing blacklists, and simulates how address clustering and density affect filter efficiency.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, evidence linking, and initial assessment"}],"method":"Full-source audit of the checked-in author-hosted paper and official IEEE DOI record.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-drafted, source-linked map awaiting author verification before approval."}},"sources":[{"id":"source-paper-8-paper","type":"author_copy","title":"Filtering Sources of Unwanted Traffic Based on Blacklists","url":"/pubs/2008/filtering-blacklists-ita2008.pdf","media_type":"application/pdf","sha256":"988b4c9b50eb5f2ad774ced50a405be8584a51b54c79d3d36a94ecc9369d7d75","page_count":10,"provenance_category":"author","version_note":"Author-hosted conference paper; local copy checked 2026-07-11."},{"id":"source-paper-8-author","type":"author_copy_origin","title":"Author-hosted paper","url":"https://rfob.org/papers/ita08.pdf"},{"id":"source-paper-8-official","type":"official_publication_record","title":"IEEE DOI record","url":"https://doi.org/10.1109/ITA.2008.4601049"},{"id":"source-paper-8-citations","type":"citation_search","title":"Dated scholarly-web citation search","url":"https://scholar.google.com/scholar?q=%22Filtering+Sources+of+Unwanted+Traffic+Based+on+Blacklists%22","version_note":"Search attempted 2026-07-11; no transparent citation count was retrievable in this environment."}],"source_anchors":[{"id":"anchor-paper-8-problem","source_id":"source-paper-8-paper","label":"Problem, assumptions, and contributions","locator":"Abstract and Section I, PDF pages 1-2","url":"/pubs/2008/filtering-blacklists-ita2008.pdf#page=1"},{"id":"anchor-paper-8-model","source_id":"source-paper-8-paper","label":"Blacklist, filter, weight, and objective definitions","locator":"Section II, PDF pages 2-3","url":"/pubs/2008/filtering-blacklists-ita2008.pdf#page=2"},{"id":"anchor-paper-8-p0","source_id":"source-paper-8-paper","label":"FILTER-ALL-STATIC algorithm and optimality","locator":"Section III-A, Algorithms 1-2 and Theorem 3.1, PDF pages 3-5","url":"/pubs/2008/filtering-blacklists-ita2008.pdf#page=3"},{"id":"anchor-paper-8-p1","source_id":"source-paper-8-paper","label":"FILTER-SOME-STATIC algorithm and optimality","locator":"Section III-B, Algorithm 3 and Theorem 3.2, PDF pages 5-7","url":"/pubs/2008/filtering-blacklists-ita2008.pdf#page=5"},{"id":"anchor-paper-8-dynamic","source_id":"source-paper-8-paper","label":"Dynamic blacklist updates","locator":"Sections III-C and III-D, PDF pages 7-8","url":"/pubs/2008/filtering-blacklists-ita2008.pdf#page=7"},{"id":"anchor-paper-8-evaluation","source_id":"source-paper-8-paper","label":"Clustering and density simulations","locator":"Section IV, PDF pages 8-10","url":"/pubs/2008/filtering-blacklists-ita2008.pdf#page=8"},{"id":"anchor-paper-8-conclusion","source_id":"source-paper-8-paper","label":"Summary and future work","locator":"Section V, PDF page 10","url":"/pubs/2008/filtering-blacklists-ita2008.pdf#page=10"},{"id":"anchor-paper-8-provenance","source_id":"source-paper-8-author","label":"Author-copy provenance","locator":"Public author-hosted PDF","url":"https://rfob.org/papers/ita08.pdf"},{"id":"anchor-paper-8-publication","source_id":"source-paper-8-official","label":"Official publication metadata","locator":"DOI 10.1109/ITA.2008.4601049","url":"https://doi.org/10.1109/ITA.2008.4601049"},{"id":"anchor-paper-8-citation-search","source_id":"source-paper-8-citations","label":"Citation search attempted","locator":"Exact-title search, 2026-07-11; no verified count retrieved","url":"https://scholar.google.com/scholar?q=%22Filtering+Sources+of+Unwanted+Traffic+Based+on+Blacklists%22"}],"nodes":[{"id":"paper-8","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"Filtering Sources of Unwanted Traffic Based on Blacklists","summary":"A family of provably optimal algorithms for compiling static and changing source-IP blacklists into a bounded number of interval filters.","source_anchor_ids":["anchor-paper-8-problem","anchor-paper-8-publication"]},{"id":"paper-8-question","kind":"question","parent_id":"paper-8","order":1,"epistemic_status":"research_question","title":"Research question","summary":"How should limited ACL entries aggregate blacklist addresses while balancing missed malicious sources against blocked legitimate addresses?","source_anchor_ids":["anchor-paper-8-problem"]},{"id":"paper-8-answer","kind":"contribution","parent_id":"paper-8","order":2,"epistemic_status":"proved_and_simulated","title":"Central answer","summary":"Exploit the total order of IP addresses: greedy adjacent-range operations produce optimal static filter sets and efficient incremental variants reuse that structure as a blacklist changes.","source_anchor_ids":["anchor-paper-8-p0","anchor-paper-8-p1","anchor-paper-8-dynamic"]},{"id":"paper-8-model","kind":"model","parent_id":"paper-8","order":3,"epistemic_status":"formalized","title":"Weighted interval-filter model","summary":"Each filter blocks a contiguous address range. Address weights can encode legitimate-traffic cost, confidence in maliciousness, or operator policy, under a maximum filter count.","source_anchor_ids":["anchor-paper-8-model"]},{"id":"paper-8-p0","kind":"algorithm","parent_id":"paper-8","order":4,"epistemic_status":"proved_optimal","title":"FILTER-ALL-STATIC","summary":"Starting with one filter per bad address, the greedy algorithm merges the N-F least-cost adjacent ranges. Theorem 3.1 proves optimality; sorting yields O(N log N) time.","source_anchor_ids":["anchor-paper-8-p0"]},{"id":"paper-8-p1","kind":"algorithm","parent_id":"paper-8","order":5,"epistemic_status":"proved_optimal","title":"FILTER-SOME-STATIC","summary":"At each step the algorithm compares removing a bad-address filter with merging adjacent filters, using signed address weights to trade false negatives against collateral damage. Theorem 3.2 proves optimality.","source_anchor_ids":["anchor-paper-8-p1"]},{"id":"paper-8-dynamic","kind":"algorithm","parent_id":"paper-8","order":6,"epistemic_status":"incrementally_specified","title":"Dynamic blacklist variants","summary":"FILTER-ALL-DYNAMIC updates the sorted merge-cost list after an address arrives or departs; a corresponding filter-some method is outlined to exploit temporal correlation rather than recomputing from scratch.","source_anchor_ids":["anchor-paper-8-dynamic"]},{"id":"paper-8-evidence","kind":"evidence_group","parent_id":"paper-8","order":7,"epistemic_status":"simulation","title":"Clustering and density evaluation","summary":"Multifractal and synthetic blacklist distributions vary clustering, blacklist density, filter budget, and weights to measure blocked bad addresses and collateral damage.","source_anchor_ids":["anchor-paper-8-evaluation"]},{"id":"paper-8-result","kind":"result","parent_id":"paper-8-evidence","order":1,"epistemic_status":"simulation_supported","title":"Clustering makes aggregation effective","summary":"The reported benefits are strongest when malicious addresses cluster in the IP space; sparse or weakly clustered blacklists require more filters or greater collateral damage.","source_anchor_ids":["anchor-paper-8-evaluation"]},{"id":"paper-8-boundaries","kind":"limitation_group","parent_id":"paper-8","order":8,"epistemic_status":"material","title":"Operational boundaries","summary":"Blacklist construction and accuracy are assumed, weights are policy inputs, spoofing and evasion are not modeled, and evaluation uses distribution models rather than a deployed filtering system or released longitudinal blacklist.","source_anchor_ids":["anchor-paper-8-problem","anchor-paper-8-model","anchor-paper-8-evaluation","anchor-paper-8-conclusion"]},{"id":"paper-8-artifacts","kind":"artifact","parent_id":"paper-8","order":9,"epistemic_status":"paper_available_no_code","title":"Artifacts","summary":"A fixed author copy is available locally; implementation, simulation code, generated blacklists, and result data were not located.","source_anchor_ids":["anchor-paper-8-evaluation","anchor-paper-8-provenance"]},{"id":"paper-8-scrutiny","kind":"scrutiny","parent_id":"paper-8","order":10,"epistemic_status":"peer_reviewed","title":"Scrutiny","summary":"The work appeared at ITA 2008 with explicit optimality arguments and a public author copy; review reports or independent reproduction were not located.","source_anchor_ids":["anchor-paper-8-p0","anchor-paper-8-p1","anchor-paper-8-publication"]}],"relations":[{"id":"paper-8-relation-model-formalizes-question","type":"formalizes","from_id":"paper-8-model","to_id":"paper-8-question"},{"id":"paper-8-relation-p0-realizes-answer","type":"realizes","from_id":"paper-8-p0","to_id":"paper-8-answer"},{"id":"paper-8-relation-p1-realizes-answer","type":"realizes","from_id":"paper-8-p1","to_id":"paper-8-answer"},{"id":"paper-8-relation-dynamic-extends-answer","type":"extends","from_id":"paper-8-dynamic","to_id":"paper-8-answer"},{"id":"paper-8-relation-evidence-evaluates-answer","type":"evaluates","from_id":"paper-8-evidence","to_id":"paper-8-answer"},{"id":"paper-8-relation-boundaries-qualify-answer","type":"qualifies","from_id":"paper-8-boundaries","to_id":"paper-8-answer"}],"assessment":{"id":"paper-8-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"high","rationale":"The paper formally defines objectives, supplies algorithms and optimality arguments, analyzes complexity, and evaluates clustering effects; operational blacklist accuracy and deployment remain outside scope.","basis_source_anchor_ids":["anchor-paper-8-model","anchor-paper-8-p0","anchor-paper-8-p1","anchor-paper-8-evaluation"]},{"id":"auditability","level":"high","rationale":"A fixed author-hosted full text is checked in with page count and hash, making algorithms, proofs, assumptions, and simulations inspectable.","basis_source_anchor_ids":["anchor-paper-8-provenance","anchor-paper-8-p0","anchor-paper-8-p1","anchor-paper-8-evaluation"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, author-copy provenance, and official metadata are documented; author roles, revision history, and simulation lineage are not.","basis_source_anchor_ids":["anchor-paper-8-provenance","anchor-paper-8-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"The work has a workshop publication record and explicit proofs, but no public reviews, mechanized verification, or independent reproduction was located.","basis_source_anchor_ids":["anchor-paper-8-publication"]},{"id":"reception","level":"low","rationale":"No citations were verifiably located in the constrained dated search. Under the author's 0-8 rule this is low, but it is not a claim that the paper has no citations.","basis_source_anchor_ids":["anchor-paper-8-citation-search"]},{"id":"contribution_significance","level":"high","rationale":"The work turns blacklist compression into a precise optimization family with efficient exact algorithms, dynamic updates, and an explicit false-positive/false-negative control.","basis_source_anchor_ids":["anchor-paper-8-problem","anchor-paper-8-p0","anchor-paper-8-p1","anchor-paper-8-dynamic"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"Exact-title scholarly-web search; transparent index count unavailable","source":"Google Scholar query route plus general scholarly-web search","citation_count":0,"signals":[],"limitation":"Zero means no citations were verifiably located during this constrained search, not a total bibliometric count; author should replace it with a confirmed index snapshot."}},"paper_9":{"schema_version":"0.1","map_id":"paper-9-map","publication_id":9,"publication_anchor":"paper-9","slug":"paper-9","canonical_path":"/knowledge/papers/paper-9/","machine_path":"/knowledge/papers/paper-9.json","root_node_id":"paper-9","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":["protocol"],"title":"PRISM: Privacy-Friendly Routing in Suspicious MANETs (and VANETs)","year":2008,"venue":"IEEE International Conference on Network Protocols (ICNP)","topic":"privacy-identity","labels":["Theory","Applied"],"authors":["Karim Eldefrawy","Gene Tsudik"],"keywords":["anonymous routing","location privacy","MANETs"],"research_question":"Can reactive routing in a suspicious MANET avoid persistent identities and global topology disclosure while still authenticating communicating nodes and supporting later accountability?","central_answer":"PRISM makes communication location-centric and adapts AODV: a group-signed route request names a destination area and temporary key; a responding node returns its exact location and a session key encrypted to the source. Hash-linked route state hides persistent identifiers, and an offline group manager can open logged signatures after misbehavior. Simulations compare routing overhead and topology exposure with ALARM.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"full-text extraction, evidence linking, and initial assessment"}],"method":"Full-source audit of the checked-in UCI author copy and official IEEE DOI record.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-drafted, source-linked map awaiting author verification before approval."}},"sources":[{"id":"source-paper-9-paper","type":"author_copy","title":"PRISM: Privacy-Friendly Routing in Suspicious MANETs (and VANETs)","url":"/pubs/2008/prism-icnp2008.pdf","media_type":"application/pdf","sha256":"76f3a07a26f332f2023818d47973351c7877f55d134b9863e6ca11617f831146","page_count":10,"provenance_category":"author","version_note":"UCI author-hosted conference paper; local copy checked 2026-07-11."},{"id":"source-paper-9-author","type":"author_copy_origin","title":"UCI author copy","url":"https://sprout.ics.uci.edu/pubs/04697044.pdf"},{"id":"source-paper-9-official","type":"official_publication_record","title":"IEEE DOI record","url":"https://doi.org/10.1109/ICNP.2008.4697044"},{"id":"source-paper-9-citations","type":"citation_search","title":"Dated scholarly-web citation search","url":"https://scholar.google.com/scholar?q=%22PRISM%3A+Privacy-Friendly+Routing+in+Suspicious+MANETs%22","version_note":"Search attempted 2026-07-11; no transparent citation count was retrievable in this environment."}],"source_anchors":[{"id":"anchor-paper-9-problem","source_id":"source-paper-9-paper","label":"Problem, goals, and contributions","locator":"Abstract and Sections I-II, PDF pages 1-3","url":"/pubs/2008/prism-icnp2008.pdf#page=1"},{"id":"anchor-paper-9-environment","source_id":"source-paper-9-paper","label":"Environment, adversary, and trust assumptions","locator":"Section III, PDF pages 3-4","url":"/pubs/2008/prism-icnp2008.pdf#page=3"},{"id":"anchor-paper-9-protocol","source_id":"source-paper-9-paper","label":"RREQ/RREP protocol","locator":"Section IV-A-C, PDF pages 4-6","url":"/pubs/2008/prism-icnp2008.pdf#page=4"},{"id":"anchor-paper-9-security","source_id":"source-paper-9-paper","label":"Security analysis and active-insider boundary","locator":"Section IV-D, PDF pages 6-7","url":"/pubs/2008/prism-icnp2008.pdf#page=6"},{"id":"anchor-paper-9-forensics","source_id":"source-paper-9-paper","label":"Offline audit of excessive probing","locator":"Section IV-D, PDF page 7","url":"/pubs/2008/prism-icnp2008.pdf#page=7"},{"id":"anchor-paper-9-evaluation","source_id":"source-paper-9-paper","label":"Simulation design and overhead results","locator":"Section VI and Figures 1-3, PDF pages 8-9","url":"/pubs/2008/prism-icnp2008.pdf#page=8"},{"id":"anchor-paper-9-privacy","source_id":"source-paper-9-paper","label":"Topology-exposure results","locator":"Section VI.3 and Figure 4, PDF page 9","url":"/pubs/2008/prism-icnp2008.pdf#page=9"},{"id":"anchor-paper-9-conclusion","source_id":"source-paper-9-paper","label":"Conclusions and future work","locator":"Section VII, PDF page 9","url":"/pubs/2008/prism-icnp2008.pdf#page=9"},{"id":"anchor-paper-9-provenance","source_id":"source-paper-9-author","label":"Author-copy provenance","locator":"Public UCI author-hosted PDF","url":"https://sprout.ics.uci.edu/pubs/04697044.pdf"},{"id":"anchor-paper-9-publication","source_id":"source-paper-9-official","label":"Official publication metadata","locator":"DOI 10.1109/ICNP.2008.4697044","url":"https://doi.org/10.1109/ICNP.2008.4697044"},{"id":"anchor-paper-9-citation-search","source_id":"source-paper-9-citations","label":"Citation search attempted","locator":"Exact-title search, 2026-07-11; no verified count retrieved","url":"https://scholar.google.com/scholar?q=%22PRISM%3A+Privacy-Friendly+Routing+in+Suspicious+MANETs%22"}],"nodes":[{"id":"paper-9","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published","title":"PRISM","summary":"A privacy-oriented, location-centric reactive MANET routing protocol using group-signed requests and replies, temporary keys, and offline accountability.","source_anchor_ids":["anchor-paper-9-problem","anchor-paper-9-publication"]},{"id":"paper-9-question","kind":"question","parent_id":"paper-9","order":1,"epistemic_status":"research_question","title":"Research question","summary":"Can on-demand routing protect movement privacy without preshared source-destination secrets, online identity servers, or full topology advertisement?","source_anchor_ids":["anchor-paper-9-problem"]},{"id":"paper-9-answer","kind":"contribution","parent_id":"paper-9","order":2,"epistemic_status":"proposed_and_simulated","title":"Central answer","summary":"Address a geographic area, authenticate only the source and responding destination with unlinkable group signatures, and keep intermediate state under hashes of one-time route messages.","source_anchor_ids":["anchor-paper-9-protocol","anchor-paper-9-evaluation","anchor-paper-9-privacy"]},{"id":"paper-9-scope","kind":"scope","parent_id":"paper-9","order":3,"epistemic_status":"explicitly_scoped","title":"Location-centric environment","summary":"Communication decisions are assumed to depend on current areas rather than persistent identities; nodes have GPS-like location, uniform range, public-key capability, and predeployment credentials from an offline TTP.","source_anchor_ids":["anchor-paper-9-environment"]},{"id":"paper-9-threat","kind":"threat_model","parent_id":"paper-9-scope","order":1,"epistemic_status":"explicitly_scoped","title":"Adversary model","summary":"Outsiders may be active or passive, but insiders in the primary privacy analysis are honest-but-curious. DoS, topology attacks, false location claims, and other active-insider behavior are excluded from the core guarantee.","source_anchor_ids":["anchor-paper-9-environment","anchor-paper-9-security"]},{"id":"paper-9-protocol","kind":"protocol","parent_id":"paper-9","order":4,"epistemic_status":"specified","title":"PRISM route discovery","summary":"A RREQ contains a destination area, temporary public key, timestamp, and source group signature. A destination returns the RREQ hash, exact location, session key encrypted to the temporary key, and its group signature.","source_anchor_ids":["anchor-paper-9-protocol"]},{"id":"paper-9-route-state","kind":"component","parent_id":"paper-9-protocol","order":1,"epistemic_status":"specified","title":"Hash-linked route state","summary":"Intermediate nodes cache request and reply hashes and forward unchanged messages; the two hashes identify the established bidirectional route without exposing stable source or destination names.","source_anchor_ids":["anchor-paper-9-protocol"]},{"id":"paper-9-security","kind":"claim_group","parent_id":"paper-9","order":5,"epistemic_status":"informally_argued","title":"Privacy and authentication claims","summary":"Fresh group signatures and keys resist cross-route linkage, the MANET-wide key hides routing from outsiders, and source/destination logs let the TTP de-anonymize disputed messages later.","source_anchor_ids":["anchor-paper-9-security","anchor-paper-9-forensics"]},{"id":"paper-9-insider","kind":"limitation","parent_id":"paper-9-security","order":1,"epistemic_status":"explicitly_vulnerable","title":"Active-insider attacks","summary":"A member can lie about location, suppress or drop messages, create Sybil replies, or probe many areas. Some probing can be detected only after logs are submitted; real-time prevention is not provided.","source_anchor_ids":["anchor-paper-9-security","anchor-paper-9-forensics"]},{"id":"paper-9-evidence","kind":"evidence_group","parent_id":"paper-9","order":6,"epistemic_status":"simulation","title":"PRISM versus ALARM","summary":"Simulations use 100 nodes under random-waypoint and reference-point group mobility, varying the number of destination areas to compare routing messages and topology exposure.","source_anchor_ids":["anchor-paper-9-evaluation","anchor-paper-9-privacy"]},{"id":"paper-9-result","kind":"result","parent_id":"paper-9-evidence","order":1,"epistemic_status":"simulation_supported","title":"Workload-dependent efficiency and exposure","summary":"PRISM has lower total routing traffic than ALARM when each source contacts relatively few areas and exposes a smaller topology fraction; its advantage shrinks as destination probing grows, and discovery can take longer.","source_anchor_ids":["anchor-paper-9-evaluation","anchor-paper-9-privacy"]},{"id":"paper-9-boundaries","kind":"limitation_group","parent_id":"paper-9","order":7,"epistemic_status":"material","title":"Applicability limits","summary":"Empty destination areas cause timeout or expansion, destination interests are visible in RREQs, hop count is not verified, evaluation simplifies to at most one receiver per area, and no implementation or formal proof is supplied.","source_anchor_ids":["anchor-paper-9-environment","anchor-paper-9-protocol","anchor-paper-9-security","anchor-paper-9-conclusion"]},{"id":"paper-9-artifacts","kind":"artifact","parent_id":"paper-9","order":8,"epistemic_status":"paper_available_no_code","title":"Artifacts","summary":"A fixed author copy is available locally; protocol implementation, simulator code/configuration, and result data were not located.","source_anchor_ids":["anchor-paper-9-evaluation","anchor-paper-9-provenance"]},{"id":"paper-9-scrutiny","kind":"scrutiny","parent_id":"paper-9","order":9,"epistemic_status":"peer_reviewed","title":"Scrutiny","summary":"PRISM appeared at IEEE ICNP 2008 and explicitly compares itself with ALARM and other anonymous routing designs; independent reproduction was not located.","source_anchor_ids":["anchor-paper-9-evaluation","anchor-paper-9-publication"]}],"relations":[{"id":"paper-9-relation-threat-qualifies-scope","type":"qualifies","from_id":"paper-9-threat","to_id":"paper-9-scope"},{"id":"paper-9-relation-protocol-realizes-answer","type":"realizes","from_id":"paper-9-protocol","to_id":"paper-9-answer"},{"id":"paper-9-relation-route-component","type":"component_of","from_id":"paper-9-route-state","to_id":"paper-9-protocol"},{"id":"paper-9-relation-security-supports-answer","type":"supports","from_id":"paper-9-security","to_id":"paper-9-answer"},{"id":"paper-9-relation-insider-qualifies-security","type":"qualifies","from_id":"paper-9-insider","to_id":"paper-9-security"},{"id":"paper-9-relation-evidence-supports-answer","type":"supports","from_id":"paper-9-evidence","to_id":"paper-9-answer"},{"id":"paper-9-relation-boundaries-qualify-answer","type":"qualifies","from_id":"paper-9-boundaries","to_id":"paper-9-answer"}],"assessment":{"id":"paper-9-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"medium","rationale":"The protocol and threat boundaries are detailed and overhead/topology exposure are simulated, but security is informal and no implementation, formal proof, or independent reproduction is supplied.","basis_source_anchor_ids":["anchor-paper-9-protocol","anchor-paper-9-security","anchor-paper-9-evaluation","anchor-paper-9-privacy"]},{"id":"auditability","level":"high","rationale":"A fixed author-hosted full text is checked in with page count and hash, making protocol details, caveats, and simulation claims directly inspectable.","basis_source_anchor_ids":["anchor-paper-9-provenance","anchor-paper-9-protocol","anchor-paper-9-privacy"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, author-copy provenance, and official metadata are documented; roles, revisions, tool use, and simulation lineage are not.","basis_source_anchor_ids":["anchor-paper-9-provenance","anchor-paper-9-publication"]},{"id":"external_scrutiny","level":"medium","rationale":"The paper has an official full-conference publication record; review reports, formal verification, and independent reproduction were not located.","basis_source_anchor_ids":["anchor-paper-9-publication"]},{"id":"reception","level":"low","rationale":"No citations were verifiably located in the constrained dated search. Under the author's 0-8 rule this is low, but it is not a claim that the paper has no citations.","basis_source_anchor_ids":["anchor-paper-9-citation-search"]},{"id":"contribution_significance","level":"high","rationale":"PRISM articulates a location-centric alternative to identity-centric reactive routing, integrates privacy with accountability, and quantifies the topology/overhead tradeoff.","basis_source_anchor_ids":["anchor-paper-9-problem","anchor-paper-9-protocol","anchor-paper-9-privacy","anchor-paper-9-conclusion"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"Exact-title scholarly-web search; transparent index count unavailable","source":"Google Scholar query route plus general scholarly-web search","citation_count":0,"signals":[],"limitation":"Zero means no citations were verifiably located during this constrained search, not a total bibliometric count; author should replace it with a confirmed index snapshot."}}}
