Technische Universitat Darmstadt

Broken cryptographic algorithms and hardness assumptions are a constant
threat to real-world protocols. Prominent examples are
hash functions for which collisions become known, or number-theoretic
assumptions which are threatened by advances in quantum computing.
Especially when it comes to key exchange protocols, the switch to
quantum-resistant primitives has begun and aims to protect today’s
secrets against future developments, moving from common Diffie–Hellman
based solutions to Learning-With-Errors-based approaches. Remarkably,
the authentication step in such protocols is usually still carried out
with quantum-vulnerable signature schemes. The intuition here is that
the adversary would need to break this protocol primitive today, without
having quantum power yet. The question we address here is if this
intuition is justified, and if so, if we can show this rigorously. We
particularly consider the authenticated variant of the recently
introduced post-quantum secure key exchange protocol NewHope (Alkim et
al., USENIX Security 2016), as well as by TLS 1.3, which is currently
being developed by the Internet Engineering Task Force.

Reinhard Farwig and Chenyin Qian

Consider the autonomous quasi-geostrophic equation with fractional dissipation in $\mathbb{R}^2$
  \begin{equation} \label{a}
 \theta_t+u\cdot\nabla\theta+(-\Delta)^{\alpha}\theta=f(x,\theta)
 \end{equation}
in the subcritical case $1/2<\alpha\leq1$, with initial condition $\theta(x, 0)= \theta^{0}$ and given external force $f(x,\theta)$. Here the real scalar function $\theta$ is the so-called potential temperature, and the incompressible velocity field $u=(u_1,u_2)=(-\mathcal {R}_2\theta,\mathcal {R}_1\theta)$ is determined from $\theta$ via Riesz operators.  Our aim is to prove the existence of the compact global attractor $\mathcal{A}$ in the Bessel potential space $H^s(\mathbb{R}^2)$ when $s>2(1-\alpha)$.

The  construction of the attractor is based on the existence of an absorbing set in $L^2(\mathbb{R}^2)$ and $H^s(\mathbb{R}^2)$ where $s>2(1-\alpha)$. A second major step is usually based on compact Sobolev embeddings which unfortunately do not hold for unbounded domains. To circumvent this problem we exploit compact Sobolev embeddings on  balls $B_R \subset \mathbb{R}^2$ and uniform smallness estimates of solutions on $\mathbb{R}^2 \setminus B_R$. In the literature the latter estimates are obtained by a damping term $\lambda\theta$, $\lambda<0$, as part of the right hand side $f$ to guarantee exponential decay estimates. In our approach we exploit a much weaker nonlocal damping term of convolution type $\rho*\theta$ where $\widehat \rho<0$. 

The amount of digital data that requires long-term protection 
of integrity, authenticity, and confidentiality protection is steadily 
increasing. Examples are health records and genomic data which may have 
to be kept and protected for 100 years and more. However, current 
security technology does not provide such protection which I consider a 
major challenge. In this talk I report about a storage system that 
achieves the above protection goals in the long-term. It is based on 
information theoretic secure cryptography (both classical and quantum) 
as well as on chains of committments. I discuss its security and present 
a proof-of-concept implementation including an experimental analysis.

The problem of optimal stopping with finite horizon in discrete time
is considered in view of maximizing the expected gain. The algorithm
presented in this talk is completely nonparametric in the sense that it
uses observed data from the past of the process up to time -n+1 (n being
a natural number), not relying on any specific model assumption. Kernel
regression estimation of conditional expectations and prediction theory
of individual sequences are used as tools.
The main result is that the algorithm is universally consistent: the
achieved expected gain converges to the optimal value for n tending to
infinity, whenever the underlying process is stationary and ergodic.
An application to exercising American options is given.

We study randomized (i.e. Monte Carlo) algorithms to compute expectations of Lipschitz functionals w.r.t. measures on infinite-dimensional spaces, e.g., Gaussian measures or distribution of diffusion processes. We determine the order of minimal errors and corresponding almost optimal algorithms for three different sampling regimes: fixed-subspace-sampling, variable-subspace-sampling, and full-space sampling. It turns out that these minimal errors are closely related to quantization numbers and Kolmogorov widths for the underlying measure. For variable-subspace-sampling suitable multi-level Monte Carlo methods, which have recently been introduced by Giles, turn out to be almost optimal.

Joint work with Jakob Creutzig (Darmstadt), Steffen Dereich (Bath), Thomas Müller-Gronbach (Magdeburg)