Committing Wide Encryption Mode with Minimum Ciphertext Expansion

We propose a new wide encryption (WE) mode of operation that satisfies robust authenticated encryption (RAE) and committing security with minimum ciphertext expansion. In response to the recent call for proposal by NIST, WE and its tweakable variant, TWE, are attracting much attention in the last few years. Combined with the encode-then-encipher (EtE) construction, TWE offers an RAE that provides robustness against wide range of misuses. The list of desired properties for WE-based authenticated encryption in the NIST standardization includes committing security that considers an attacker who generates ciphertexts that can be decrypted with different decryption contexts, but TWE-based EtE does not provide good committing security, and there is a recent constant-time CMT-4 attack (Chen et al., ToSC 2023(4)). Improving CMT-4 security requires considerable ciphertext expansion, and the state-of-the-art scheme expands the ciphertext by srae + 2scmt bits from an original message to achieve srae-bit RAE and scmt-bit CMT-4 security. Our new WE mode, FFF, addresses the issue by achieving srae-bit RAE and scmt-bit CMT-4 security only with max{scmt, srae} bits of ciphertext expansion. Our design is based on the committing concealer proposed by Bellare et al., and its extension to WE (cf. tag-based AE) while satisfying RAE security is the main technical innovation

Observations on TETRA Encryption Algorithm TEA-3

We present a number of observations on TEA-3, a stream cipher used in TETRA radio networks that was kept secret until recently. While the same also holds for the six other TETRA encryption algorithms, we pick TEA-3 to start with, as (i) it is not obviously weakened as TEA-{1,4,7} but (ii) in contrast to TEA-2 it is approved for extra-European emergency service, and (iii) as already noted by [MBW23] the TEA-3 design surprisingly contains a non-bijective S-box. Most importantly, we show that the 80-bit non-linear feedback shift register operating on the key decomposes into a cascade of two 40-bit registers. Although this hints at an intentional weakness at first glance, we are not able to lift our results to a practical attack. Other than that, we show how the balanced non-linear feedback functions used in the state register of TEA-3 can be constructed

Narrative text analysis skills in relation to task support: A study with student teachers of German

Der Beitrag untersucht anhand des Kurzprosatextes Nacht von Sybille Berg, inwieweit fortgeschrittene Deutschstudierende (N = 105) die in den Ländergemeinsamen Anforderungen für die Lehrkräftebildung der KMK umrissenen Fähigkeiten zur Erzähltextanalyse zeigen. Besonders berücksichtigt wurde dabei die Fähigkeit zur Reflexion erzählerischer Vermittlung. Mittels eines vierstufigen Ratingverfahrens und anschließender nichtparametrischer Varianzanalysen wurde überprüft, (a) wie gut die Studierenden die erzählerische Vermittlung des Beispieltextes erfassen, wenn sie geringfügigen (N = 22), mittleren (N = 47) und hohen Support (N = 36) bei der Aufgabenbearbeitung erhalten, und (b) ob je nach Supportniveau relevante Unterschiede in der Analyseleistung auftreten. Die Ergebnisse zeigen signifkant bessere Analyseleistungen mit mittlerer bis hoher Effektstärke bei denjenigen Studierenden, die die Aufgaben mit mittlerem und hohem Support bearbeitet haben, gegenüber denjenigen, die nur geringen Support bekamen. Die Studie erfolgte im Rahmen eines größeren Projekts, in dem nach der Passgenauigkeit von literaturwissenschaftlichen und -didaktischen Lernangeboten zur Erzähltextanalyse gefragt wird.This article uses the short prose text Nacht by Sybille Berg to analyse the extent to which advanced student teachers of German (N = 105) demonstrate the skills for narrative text analysis outlined in the Ländergemeinsamen Anforderungen für die Lehrkräftebildung (Common Requirements for Teacher Training) of the KMK (Standing Conference of the Ministers of Education and Cultural Affairs). Particular attention was paid to the ability to reflect on narrative mediation. A four-stage rating procedure and subsequent non-parametric variance analyses were employed to address two research questions. Firstly, the extent to which students comprehend the narrative mediation of the sample text when provided with low (N = 22), medium (N = 47) or high task support (N = 36) was examined. Secondly, whether significant variations in analysis performance emerge contingent on the level of support provided was investigated. The results demonstrate a significant enhancement in analysis performance, characterised by medium to high effect sizes, among students who received medium and high support compared to those who only received low support. This study was conducted as part of a larger research project in which the appropriateness of learning opportunities for narrative text analysis is investigated

Rethinking Symbolic Violence on Social Media: Incels and Mentalisation

The aim of this article is to discuss the notion of symbolic violence and to foreground a psychoanalytic conceptualisation of the term. Having been popularised by Pierre Bourdieu and other thinkers, the term is routinely used to describe forms of violence that stop short of the physical. It remains under-theorised. Following a brief literature review, it is argued that psychoanalysis has much to add when it comes to conceptualising symbolic violence and how it plays out online. Peter Fonagy’s theory of mentalisation is brought in to conceptualise symbolic violence as a particular form of externalised, distorted mentalisation. I finally apply the term to contemporary discussions and user exchanges on social media that are so often characterised by intense forms of symbolic violence. The misogynist incel community is presented as a case study via exemplary quotes. Incels display forms of symbolic violence that are characterised by vivid fantasies about other men and women which reveal a distorted, yet highly coherent and organised, symbolic world.

Précis of Neuroethics

The main message of Neuroethics is that neuroscience forces us to reconceptualize human agency as marvelously diverse and flexible. Free will can arise from unconscious brain processes. Individuals with mental disorders, including addiction and psychopathy, exhibit more agency than is often recognized. Brain interventions should be embraced with cautious optimism. Our moral intuitions, which arise from entangled reason and emotion, can generally be trusted. Nevertheless, we can and should safely enhance our brain chemistry, partly because motivated reasoning crops up in everyday life and in the practice of neuroscience itself. Despite serious limitations, brain science can be useful in the courtroom and marketplace. Recognizing all this nuance leaves little room for anxious alarmism or overhype and urges an emphasis on neurodiversity. The result is a highly opinionated tour of neuroethics as an exciting field full of implications for philosophy, science, medicine, law, and public policy

«Phraseologisches Wörterbuch Katalanisch-Deutsch»: presentació del projecte

This paper presents the main characteristics of the Phraseologisches Wörterbuch Katalanisch-Deutsch (Phraseological Catalan-German Dictionary): it is a passive semasio­logical work for decoding aimed at a German-speaking audience that, if everything goes as planned, is expected to be published around 2027 and will include about 11,000 entries. This introductory study focuses on aspects particularly related to the micro­structure of the dictionary. Our working method is primarily based on pragmatic lin­guistics.This paper presents the main characteristics of the Phraseologisches Wörterbuch Katalanisch-Deutsch (Phraseological Catalan-German Dictionary): it is a passive semasio­logical work for decoding aimed at a German-speaking audience that, if everything goes as planned, is expected to be published around 2027 and will include about 11,000 entries. This introductory study focuses on aspects particularly related to the micro­structure of the dictionary. Our working method is primarily based on pragmatic lin­guistics

MDS Diffusion Layers for Arithmetization-Oriented Symmetric Ciphers: The Rotational-Add Construction

We introduce the rotational-add diffusion layers aimed for applications in the design of arithmetization-oriented (AO) symmetric ciphers, such as fully homomorphic encryption (FHE)-friendly symmetric ciphers. This generalizes the rotational-XOR diffusion layers which have been utilized in the design of many important conventional symmetric ciphers like SHA-256, SM4, ZUC and Ascon. A rotational-add diffusion layer is defined over the finite field Fp for arbitrary prime p, enabling implementations using only rotations and modular additions/subtractions. The advantage of using such diffusion layers in AO ciphers is that, the costs of scalar multiplications can be reduced since the appearing scalars include only ±1, thus the total costs depend on sizes of the rotation offsets. In this paper, we investigate characterizations and constructions of lightest rotational-add diffusion layers over (Fmp)n that are maximum distance separable (MDS) with a focus on the case n = 4. It turns out that the minimum achievable size of the rotation offsets is 5 subject to the MDS property constraint. We specify a large class of rotational-add diffusion layers with 5 rotations and traverse all possible patterns of appearance of the scalars ±1. In four cases we can derive computationally tractable necessary and sufficient conditions for the rotational-add diffusion layers to attain the MDS property. These conditions enable explicit characterization of suitable primes p for given parameters. Leveraging these results, we construct three distinct families of rotational-add MDS diffusion layers applicable to AO ciphers. Although a rotational-add diffusion layer with 7 rotations and only additions has already been used in the design of the FHEfriendly block cipher YuX recently, to our knowledge, our work presents the first systematic theoretical characterization of rotational-add MDS diffusion layers and provides explicit constructions of them

SoK: On Shallow Weak PRFs: A Common Symmetric Building Block for MPC Protocols

A growing number of advanced cryptographic protocols and constructions rely on symmetric primitives known as weak pseudo-random functions (wPRFs). These functions differ significantly from traditional PRFs: they operate in constrained models where inputs are sampled uniformly at random and are not chosen by the adversary. In practice, many of these functions are implemented as shallow, non-iterated constructions with simple circuit representations.This Systematization of Knowledge (SoK) provides a unified view of shallow wPRFs (swPRFs), which we define as wPRFs computable by low-depth circuits and primarily used in different secure computation protocols. We identify and classify four main families of swPRFs—alternating moduli wPRFs, Goldreich’s PRG family, and the VDLPN and EALPN constructions—presenting formal definitions, algorithmic descriptions, known variants, cryptanalytic results, and concrete parameter sets for each.In addition to surveying the literature, our goal is to shift the focus from asymptotic analyses to concrete cryptanalysis. To this end, we provide a set of cryptanalytic challenges along with reference SAGE implementations for all the primitives discussed. We aim to encourage the symmetric cryptography community—particularly cryptanalysts— to rigorously evaluate the practical security levels offered by swPRFs, as concrete analyses are currently lacking. Given their growing use in high-level protocols and constructions, any cryptanalytic breakthrough on these primitives could directly affect the security of the broader cryptographic systems that rely on them