共找到 20 条结果
We present Bodega, the first consensus protocol that serves linearizable reads locally from any desired node, regardless of interfering writes. Bodega achieves this via a novel roster leases algorithm that safeguards the roster, a new notion of cluster metadata. The roster is a generalization of leadership; it tracks arbitrary subsets of replicas as responder nodes for local reads. A consistent agreement on the roster is established through roster leases, an all-to-all leasing mechanism that generalizes existing all-to-one leasing approaches (Leader Leases, Quorum Leases), unlocking a new point in the protocol design space. Bodega further employs optimistic holding and early accept notifications to minimize interruption from interfering writes, and incorporates smart roster coverage and lightweight heartbeats to maximize practicality. Bodega is a non-intrusive extension to classic consensus; it imposes no special requirements on writes other than a responder-covering quorum. We implement Bodega and related works in Vineyard, a protocol-generic replicated key-value store written in async Rust. We compare it to previous protocols (Leader Leases, EPaxos, PQR, and Quorum Leases) and tw
Raft is a leading consensus algorithm for replicating writes in distributed databases. However, distributed databases also require consistent reads. To guarantee read consistency, a Raft-based system must either accept the high communication overhead of a safety check for each read, or implement leader leases. Prior lease protocols are vaguely specified and hurt availability, so most Raft systems implement them incorrectly or not at all. We introduce LeaseGuard, a novel lease algorithm that relies on guarantees specific to Raft elections. LeaseGuard is simple, rigorously specified in TLA+, and includes two novel optimizations that maximize availability during leader failover. The first optimization restores write throughput quickly, and the second improves read availability. We evaluate LeaseGuard with a simulation in Python and an implementation in LogCabin, the C++ reference implementation of Raft. By replacing LogCabin's default consistency mechanism (quorum checks), LeaseGuard reduces the overhead of consistent reads from one to zero network roundtrips. It also improves write throughput from ~1000 to ~10,000 writes per second, by eliminating contention between writes and quorum
With AI-as-a-Service (AIaaS) now deployed across multiple providers and model tiers, selecting the appropriate model instance at run time is increasingly outside the end user's knowledge and operational control. Accordingly, the 6G service providers are envisioned to play a crucial role in exposing AIaaS in a setting where users submit only an intent while the network helps in the intent-to-model matching (resolution) and execution placement under policy, trust, and Quality of Service (QoS) constraints. The network role becomes to discover candidate execution endpoints and selects a suitable model/anchor under policy and QoS constraints in a process referred here to as AI-paging (by analogy to cellular call paging). In the proposed architecture, AI-paging is a control-plane transaction that resolves an intent into an AI service identity (AISI), a scoped session token (AIST), and an expiring admission lease (COMMIT) that authorizes user-plane steering to a selected AI execution anchor (AEXF) under a QoS binding. AI-Paging enforces two invariants: (i) lease-gated steering (without COMMIT, no steering state is installed) and (ii) make-before-break anchoring to support continuity and r
Offline preference-based reinforcement learning (PbRL) provides an effective way to overcome the challenges of designing reward and the high costs of online interaction. However, since labeling preference needs real-time human feedback, acquiring sufficient preference labels is challenging. To solve this, this paper proposes a offLine prEference-bAsed RL with high Sample Efficiency (LEASE) algorithm, where a learned transition model is leveraged to generate unlabeled preference data. Considering the pretrained reward model may generate incorrect labels for unlabeled data, we design an uncertainty-aware mechanism to ensure the performance of reward model, where only high confidence and low variance data are selected. Moreover, we provide the generalization bound of reward model to analyze the factors influencing reward accuracy, and demonstrate that the policy learned by LEASE has theoretical improvement guarantee. The developed theory is based on state-action pair, which can be easily combined with other offline algorithms. The experimental results show that LEASE can achieve comparable performance to baseline under fewer preference data without online interaction.
Aggregators of distributed energy resources are increasingly encouraged to participate in wholesale market bidding. However, the delivery of the power they are awarded can result in over-voltage or congestion issues within the distribution network (DN). The opportunity to lease energy storage from the utility that manages the DN provides the aggregator with a means to mitigate these issues, while also benefiting the utility in terms of additional lease revenue. Nevertheless, this leasing opportunity considerably complicates the aggregator's offer-making process, as it requires the consideration of market uncertainties, uncertain power injection at DN buses, and the strategic interactions between the aggregator and the utility. This paper presents a stochastic Stackelberg game model that effectively captures the interactions between the aggregator and the utility, ensuring DN security across all potential uncertainty scenarios. Furthermore, in light of the privacy concerns of both the aggregator and the utility, two distributed solution methods are proposed. The first method follows a traditional predict-then-optimize framework and has been validated to achieve the game equilibrium.
A lease is an important primitive for building distributed protocols, and it is ubiquitously employed in distributed systems. However, the scope of the classic lease abstraction is restricted to the trusted computing infrastructure. Unfortunately, this important primitive cannot be employed in the untrusted computing infrastructure because the trusted execution environments (TEEs) do not provide a trusted time source. In the untrusted environment, an adversary can easily manipulate the system clock to violate the correctness properties of lease-based systems. We tackle this problem by introducing trusted lease -- a lease that maintains its correctness properties even in the presence of a clock-manipulating attacker. To achieve these properties, we follow a "trust but verify" approach for an untrusted timer, and transform it into a trusted timing primitive by leveraging two hardware-assisted ISA extensions (Intel TSX and SGX) available in commodity CPUs. We provide a design and implementation of trusted lease in a system called T-Lease -- the first trusted lease system that achieves high security, performance, and precision. For the application developers, T-Lease exposes an easy-to
We investigate identity lease, a new type of service in which users lease their identities to third parties by providing them with full or restricted access to their online accounts or credentials. We discuss how identity lease could be abused to subvert the digital society, facilitating the spread of fake news and subverting electronic voting by enabling the sale of votes. We show that the emergence of Trusted Execution Environments and anonymous cryptocurrencies, for the first time, allows the implementation of such a lease service while guaranteeing fairness, plausible deniability and anonymity, therefore shielding the users and account renters from prosecution. To show that such a service can be practically implemented, we build an example service that we call TEEvil leveraging Intel SGX and ZCash. Finally, we discuss defense mechanisms and challenges in the mitigation of identity lease services.
Extracting entities and other useful information from legal contracts is an important task whose automation can help legal professionals perform contract reviews more efficiently and reduce relevant risks. In this paper, we tackle the problem of detecting two different types of elements that play an important role in a contract review, namely entities and red flags. The latter are terms or sentences that indicate that there is some danger or other potentially problematic situation for one or more of the signing parties. We focus on supporting the review of lease agreements, a contract type that has received little attention in the legal information extraction literature, and we define the types of entities and red flags needed for that task. We release a new benchmark dataset of 179 lease agreement documents that we have manually annotated with the entities and red flags they contain, and which can be used to train and test relevant extraction algorithms. Finally, we release a new language model, called ALeaseBERT, pre-trained on this dataset and fine-tuned for the detection of the aforementioned elements, providing a baseline for further research
This paper addresses the following question which is of interest in designing efficient exclusive-use spectrum licenses sold through spectrum auctions. Given a system model in which customer demand, revenue, and bids of wireless operators are characterized by stochastic processes and an operator is interested in joining the market only if its expected revenue is above a threshold and the lease duration is below a threshold, what is the optimal lease duration which maximizes the net customer demand served by the wireless operators? Increasing or decreasing lease duration has many competing effects; while shorter lease duration may increase the efficiency of spectrum allocation, longer lease duration may increase market competition by incentivizing more operators to enter the market. We formulate this problem as a two-stage Stackelberg game consisting of the regulator and the wireless operators and design efficient algorithms to find the Stackelberg equilibrium of the entire game. These algorithms can also be used to find the Stackelberg equilibrium under some generalizations of our model. Using these algorithms, we obtain important numerical results and insights that characterize ho
This paper describes PaxosLease, a distributed algorithm for lease negotiation. PaxosLease is based on Paxos, but does not require disk writes or clock synchrony. PaxosLease is used for master lease negotation in the open-source Keyspace and ScalienDB replicated key-value stores.
We present Lilac-TM, the first locality-aware Distributed Software Transactional Memory (DSTM) implementation. Lilac-TM is a fully decentralized lease-based replicated DSTM. It employs a novel self- optimizing lease circulation scheme based on the idea of dynamically determining whether to migrate transactions to the nodes that own the leases required for their validation, or to demand the acquisition of these leases by the node that originated the transaction. Our experimental evaluation establishes that Lilac-TM provides significant performance gains for distributed workloads exhibiting data locality, while typically incurring no overhead for non-data local workloads.
We propose and analyze a dynamic implementation of the property-rights model of cognitive radio. A primary link has the possibility to lease the owned spectrum to a MAC network of secondary nodes, in exchange for cooperation in the form of distributed space-time coding (DSTC). The cooperation and competition between the primary and secondary network are cast in the framework of sequential game. On one hand, the primary link attempts to maximize its quality of service in terms of signal-to-interference-plus-noise ratio (SINR); on the other hand, nodes in the secondary network compete for transmission within the leased time-slot following a power control mechanism. We consider both a baseline model with complete information and a more practical version with incomplete information, using the backward induction approach for the former and providing approximate algorithm for the latter. Analysis and numerical results show that our models and algorithms provide a promising framework for fair and effective spectrum sharing, both between primary and secondary networks and among secondary nodes.
We consider an agent, who would like to execute a given quantum circuit using resources leased from a set of quantum computers (QCs) connected by a quantum network. For this purpose, the agent needs to make the following four key decisions: (i) how many qubits to lease from each QC, (ii) at which QCs to store different circuit qubits in different time slots, (iii) at which QC to execute each gate in the circuit, and (iv) how to move qubits between QCs, choosing between migration and teleportation. We refer to this problem facing the agent as the joint qubit leasing and quantum circuit distribution (JQLQCD) problem, and provide a comprehensive integer linear programming (ILP) formulation for it. We show that the JQLQCD problem is NP-complete. Next, we identify several special cases in which the problem can be optimally solved in closed form or via polynomial-time algorithms. Also, we propose a greedy algorithm with local search refinement to solve large instances of the general JQLQCD problem. Finally, we evaluate the performance of the proposed greedy algorithm using extensive numerical computations.
Secure key leasing (SKL) enables the holder of a secret key for a cryptographic function to temporarily lease the key using quantum information. Later, the recipient can produce a deletion certificate, which proves that they no longer have access to the secret key. The security guarantee ensures that even a malicious recipient cannot continue to evaluate the function, after producing a valid deletion certificate. Most prior work considers an adversarial recipient that obtains a single leased key, which is insufficient for many applications. In the more realistic collusion-resistant setting, security must hold even when polynomially many keys are leased (and subsequently deleted). However, achieving collusion-resistant SKL from standard assumptions remains poorly understood, especially for functionalities beyond decryption. We improve upon this situation by introducing new pathways for constructing collusion-resistant SKL. Our main contributions are as follows: - A generalization of quantum-secure collusion-resistant traitor tracing called multi-level traitor tracing (MLTT), and a compiler that transforms an MLTT scheme for a primitive X into a collusion-resistant SKL scheme for pri
Intent-Driven Communication (IDC) is emerging as a key paradigm for autonomous 6G networks, where AI and Large Language Models (LLMs) translate high-level user intents into actionable network policies. Meanwhile, Reconfigurable Intelligent Surfaces (RIS) and dynamic spectrum leasing are becoming essential for improving coverage and capacity in resource-constrained environments. This paper extends the IDC framework by integrating RIS and spectrum leasing into AIassisted intent translation, policy mapping, and orchestration. A leasing-aware architecture is presented, and a Lyapunov-based Decision Support Framework is implemented as an illustrative mechanism for intelligent resource acquisition under timevarying prices and availability. Simulation results validate that the DSF achieves cost-efficient, delay-aware orchestration while exhibiting the expected Lyapunov stability properties. These findings highlight the feasibility of combining IDC with intelligent resource leasing in future 6G systems.
Secure key leasing (SKL) is an advanced encryption functionality that allows a secret key holder to generate a quantum decryption key and securely lease it to a user. Once the user returns the quantum decryption key (or provides a classical certificate confirming its deletion), they lose their decryption capability. Previous works on public key encryption with SKL (PKE-SKL) have only considered the single-key security model, where the adversary receives at most one quantum decryption key. However, this model does not accurately reflect real-world applications of PKE-SKL. To address this limitation, we introduce collusion-resistant security for PKE-SKL (denoted as PKE-CR-SKL). In this model, the adversary can adaptively obtain multiple quantum decryption keys and access a verification oracle which validates the correctness of queried quantum decryption keys. Importantly, the size of the public key and ciphertexts must remain independent of the total number of generated quantum decryption keys. We present the following constructions: - A PKE-CR-SKL scheme based on the learning with errors (LWE) assumption. - An attribute-based encryption scheme with collusion-resistant SKL (ABE-CR-SK
We present the first construction of a computational Certified Deletion Property (CDP) achievable with classical communication, derived from the compilation of the non-local Magic Square Game (MSG). We leverage the KLVY compiler to transform the non-local MSG into a 2-round interactive protocol, rigorously demonstrating that this compilation preserves the game-specific CDP. Previously, the quantum value and rigidity of the compiled game were investigated. We emphasize that we are the first to investigate CDP (local randomness in [Fu and Miller, Phys. Rev. A 97, 032324 (2018)]) for the compiled game. Then, we combine this CDP with the framework [Kitagawa, Morimae, and Yamakawa, Eurocrypt 2025] to construct Secure Key Leasing with classical Lessor (cSKL). SKL enables the Lessor to lease the secret key to the Lessee and verify that a quantum Lessee has indeed deleted the key. In this paper, we realize cSKL for PKE, PRF, and digital signature. Compared to prior works for cSKL, we realize cSKL for PRF and digital signature for the first time. In addition, we succeed in weakening the assumption needed to construct cSKL.
We explore potential benefits of incorporating Rhetorical Design into the design of Explainable Artificial Intelligence (XAI) systems. While XAI is traditionally framed around explaining individual predictions or overall system behavior, explanations may also function as rhetorical arguments that shape how users evaluate a system's usefulness and credibility, and how they develop appropriate trust for adoption. In real-world, in-situ interactions, explanations can thus produce experiential and affective rhetorical effects that are not fully captured by traditional XAI design goals that focus primarily on how AI works. To address this gap, we propose Rhetorical XAI, which bridges two explanatory goals: how AI works and why AI merits use. Rhetorical XAI comprises three appeals in explanation design: logos, which aligns technical logic with human reasoning through visual and textual abstractions; ethos, which establishes contextual credibility based on the explanation source and its appropriateness to the decision task; and pathos, which engages user emotionally by framing explanations around their motivations, expectations, or situated needs during interaction. We conduct a narrative
Secure key leasing allows a cryptographic key to be leased as a quantum state in such a way that the key can later be revoked in a verifiable manner. In this work, we propose a modular framework for constructing secure key leasing with a classical-lessor, where the lessor is entirely classical and, in particular, the quantum secret key can be both leased and revoked using only classical communication. Based on this framework, we obtain classical-lessor secure key leasing schemes for public-key encryption (PKE), pseudorandom function (PRF), and digital signature. We adopt the strong security notion known as security against verification key revealing attacks (VRA security) proposed by Kitagawa et al. (Eurocrypt 2025) into the classical-lessor setting, and we prove that all three of our schemes satisfy this notion under the learning with errors assumption. Our PKE scheme improves upon the previous construction by Goyal et al. (Eurocrypt 2025), and our PRF and digital signature schemes are respectively the first PRF and digital signature with classical-lessor secure key leasing property.
Secure key leasing (a.k.a. key-revocable cryptography) enables us to lease a cryptographic key as a quantum state in such a way that the key can be later revoked in a verifiable manner. We propose a simple framework for constructing cryptographic primitives with secure key leasing via the certified deletion property of BB84 states. Based on our framework, we obtain the following schemes. - A public key encryption scheme with secure key leasing that has classical revocation based on any IND-CPA secure public key encryption scheme. Prior works rely on either quantum revocation or stronger assumptions such as the quantum hardness of the learning with errors (LWE) problem. - A pseudorandom function with secure key leasing that has classical revocation based on one-way functions. Prior works rely on stronger assumptions such as the quantum hardness of the LWE problem. - A digital signature scheme with secure key leasing that has classical revocation based on the quantum hardness of the short integer solution (SIS) problem. Our construction has static signing keys, i.e., the state of a signing key almost does not change before and after signing. Prior constructions either rely on non-sta