(De-)Constructing TLS 1.3

SSL/TLS is one of the most widely deployed cryptographic protocols on the Internet. It is used to protect the confidentiality and integrity of transmitted data in various client-server applications. The currently specified version is TLS 1.2, and its security has been analyzed extensively in the cryptographic literature. The IETF working group is actively developing a new version, TLS 1.3, which is designed to address several flaws inherent to previous versions. In this paper, we analyze the security of a slightly modified version of the current TLS 1.3 draft. (We do not encrypt the server’s certificate.) Our security analysis is performed in the constructive cryptography framework. This ensures that the resulting security guarantees are composable and can readily be used in subsequent protocol steps, such as password-based user authentication over a TLS-based communication channel in which only the server is authenticated. Most steps of our proof hold in the standard model, with the sole exception that the key derivation function HKDF is used in a way that has a proof only in the random-oracle model. Beyond the technical results on TLS 1.3, this work also exemplifies a novel approach towards proving the security of complex protocols by a modular, step-by-step decomposition, in which smaller sub-steps are proved in isolation and then the security of the protocol follows by the composition theorem

Year 2010 Issues on Cryptographic Algorithms

In the financial sector, cryptographic algorithms are used as fundamental techniques for assuring confidentiality and integrity of data used in financial transactions and for authenticating entities involved in the transactions. Currently, the most widely used algorithms appear to be two-key triple DES and RC4 for symmetric ciphers, RSA with a 1024-bit key for an asymmetric cipher and a digital signature, and SHA-1 for a hash function according to international standards and guidelines related to the financial transactions. However, according to academic papers and reports regarding the security evaluation for such algorithms, it is difficult to ensure enough security by using the algorithms for a long time period, such as 10 or 15 years, due to advances in cryptanalysis techniques, improvement of computing power, and so on. To enhance the transition to more secure ones, National Institute of Standards and Technology (NIST) of the United States describes in various guidelines that NIST will no longer approve two-key triple DES, RSA with a 1024-bit key, and SHA-1 as the algorithms suitable for IT systems of the U.S. Federal Government after 2010. It is an important issue how to advance the transition of the algorithms in the financial sector. This paper refers to issues regarding the transition as Year 2010 issues in cryptographic algorithms. To successfully complete the transition by 2010, the deadline set by NIST, it is necessary for financial institutions to begin discussing the issues at the earliest possible date. This paper summarizes security evaluation results of the current algorithms, and describes Year 2010 issues, their impact on the financial industry, and the transition plan announced by NIST. This paper also shows several points to be discussed when dealing with Year 2010 issues.Cryptographic algorithm; Symmetric cipher; Asymmetric cipher; Security; Year 2010 issues; Hash function

Contemporary geomorphological activity throughout the proglacial area of an alpine catchment

Quantification of contemporary geomorphological activity is a fundamental prerequisite for predicting the effects of future earth surface process and landscape development changes. However, there is a lack of high-resolution spatial and temporal data on geomorphological activity within alpine catchments, which are especially sensitive to climate change, human impacts and which are amongst the most dynamic landscapes on Earth. This study used data from repeated laser scanning to identify and quantify the distribution of contemporary sediment sources and the intensity of geomorphological activity within the lower part of a glaciated alpine catchment; Ödenwinkelkees, central Austria. Spatially, geomorphological activity was discriminated by substrate class. Activity decreased in both areal extent and intensity with distance from the glacier, becoming progressively more restricted to the fluvially-dominated valley floor. Temporally, geomorphological activity was identified on annual, seasonal, weekly and daily timescales. Activity became more extensive with increasing study duration but more intense over shorter timescales, thereby demonstrating the importance of temporary storage of sediment within the catchment. The mean volume of material moved within the proglacial zone was 4400m.yr, which suggests a net surface lowering of 34mm.yr in this part of the catchment. We extrapolate a minimum of 4.8mm.yr net surface lowering across the whole catchment. These surface lowering values are approximately twice those calculated elsewhere from contemporary measurements of suspended sediment flux, and of rates calculated from the geological record, perhaps because we measure total geomorphological activity within the catchment rather than overall efflux of material. Repeated geomorphological surveying therefore appears to mitigate the problems of hydrological studies underestimating sediment fluxes on decadal-annual time-scales. Further development of the approach outlined in this study will enable the quantification of geomorphological activity, alpine terrain stability and persistence of landforms

A kilobit hidden SNFS discrete logarithm computation

We perform a special number field sieve discrete logarithm computation in a 1024-bit prime field. To our knowledge, this is the first kilobit-sized discrete logarithm computation ever reported for prime fields. This computation took a little over two months of calendar time on an academic cluster using the open-source CADO-NFS software. Our chosen prime $p$ looks random, and $p--1$ has a 160-bit prime factor, in line with recommended parameters for the Digital Signature Algorithm. However, our p has been trapdoored in such a way that the special number field sieve can be used to compute discrete logarithms in $\mathbb{F}\_p^*$ , yet detecting that p has this trapdoor seems out of reach. Twenty-five years ago, there was considerable controversy around the possibility of back-doored parameters for DSA. Our computations show that trapdoored primes are entirely feasible with current computing technology. We also describe special number field sieve discrete log computations carried out for multiple weak primes found in use in the wild. As can be expected from a trapdoor mechanism which we say is hard to detect, our research did not reveal any trapdoored prime in wide use. The only way for a user to defend against a hypothetical trapdoor of this kind is to require verifiably random primes

Privacy-Preserving Trust Management Mechanisms from Private Matching Schemes

Cryptographic primitives are essential for constructing privacy-preserving communication mechanisms. There are situations in which two parties that do not know each other need to exchange sensitive information on the Internet. Trust management mechanisms make use of digital credentials and certificates in order to establish trust among these strangers. We address the problem of choosing which credentials are exchanged. During this process, each party should learn no information about the preferences of the other party other than strictly required for trust establishment. We present a method to reach an agreement on the credentials to be exchanged that preserves the privacy of the parties. Our method is based on secure two-party computation protocols for set intersection. Namely, it is constructed from private matching schemes.Comment: The material in this paper will be presented in part at the 8th DPM International Workshop on Data Privacy Management (DPM 2013

Aspects of the tectonics of the Greater Caucasus and Western South Caspian Basin

The main objectives of this project are to (a) understand the relationship between climate, topography and the tectonics in the Greater Caucasus belt, (b) construct regional geological cross-sections showing major stratigraphic sequences and structures along the belt using the focal mechanisms of the earthquakes events, (c) evaluate the evolution and development of a single fold structure (Yasamal anticline) and (d) investigate strain accommodation mechanisms using 3D Move to unfold the Yasamal structure. Topographic variations were investigated to understand the interplay between topography, climate and the tectonics of the Greater Caucasus range and compare the findings with other active and inactive belts (Pyrenees, Northern Tibetan Plateau and Himalayas). There is a correlation between elevation changes and climate along the Greater Caucasus belt, where the gradual reduction of the mean altitude, has a close relationship with a wetter climate, and the sharper altitude decrease with a drier climate. And the elevation changes are strongly correlated with the Moho depths underneath the region. The relief along the belt is extremely high, with a strong correlation between the high relief and the large thrusts in the region. And the relief of the eastern part is slightly low compared with the western part of the belt, even though the eastern part is more active than the western part. The structural study undertaken at regional scale for the Caucasus belt and the western side of the South Caspian Basin gave insights on the style of deformation in the basin and the evolution of the Greater Caucasus belt and the preferred distribution, geometry and formation mechanism of the structural elements. The regional cross-sections along the Greater Caucasus were constructed and constrained by using focal mechanisms show that the belt is deformed by active thrust faults that dip inwards from the margins of the range where the northern thrusts are dipping south, and the southern thrusts are dipping to the north, these results have contrary to some previous models that emphasise only south-directed thrusting. The spatial arrangement, geometry and temporal evolution of spectacular kilometre-amplitude fold structures actively forming in Cenozoic sediments on the uplifted western margin of the South Caspian Basin are described and strain accommodation mechanisms established using 3D Move to unfold the Yasamal structure enabled a reconstruction of pre-folding templates and predictively model the fold-related deformation at small-scale. The 3D model of the Yasamal anticline shows that the anticline hinge has about 30° south-directed plunging. The area was characterized by a low rate of sedimentation and high rate of uplift in the Upper Pliocene. The minor structures (accommodating the overall strain in the anticline) are developed throughout the entire anticline. Compressional strain is present at the anticline hinge line, and the extensional strain dominates the anticline limbs. Suggesting potential extensional structures development in the anticline flanks, which correspond with the field observations in the Yasamal valley confirming that; the small normal faults are concentrated within the anticline flanks, and the contractional deformation bands along the hinge area of the anticline

The M\"obius Domain Wall Fermion Algorithm

We present a review of the properties of generalized domain wall Fermions, based on a (real) M\"obius transformation on the Wilson overlap kernel, discussing their algorithmic efficiency, the degree of explicit chiral violations measured by the residual mass ($m_{res}$) and the Ward-Takahashi identities. The M\"obius class interpolates between Shamir's domain wall operator and Bori\c{c}i's domain wall implementation of Neuberger's overlap operator without increasing the number of Dirac applications per conjugate gradient iteration. A new scaling parameter ($\alpha$) reduces chiral violations at finite fifth dimension ($L_s$) but yields exactly the same overlap action in the limit $L_s \rightarrow \infty$. Through the use of 4d Red/Black preconditioning and optimal tuning for the scaling $\alpha(L_s)$, we show that chiral symmetry violations are typically reduced by an order of magnitude at fixed $L_s$. At large $L_s$ we argue that the observed scaling for $m_{res} = O(1/L_s)$ for Shamir is replaced by $m_{res} = O(1/L_s^2)$ for the properly tuned M\"obius algorithm with $\alpha = O(L_s)$Comment: 59 pages, 11 figure