Kinetic Integrals in the Kinetic Theory of dissipative gases

The kinetic theory of gases, including Granular Gases, is based on the Boltzmann equation. Many properties of the gas, from the characteristics of the velocity distribution function to the transport coefficients may be expressed in terms of functions of the collision integral which we call kinetic integrals. Although the evaluation of these functions is conceptually straightforward, technically it is frequently rather cumbersome. We report here a method for the analytical evaluation of kinetic integrals using computer algebra. We apply this method for the computation of some properties of Granular Gases, ranging from the moments of the velocity distribution function to the transport coefficients. For their technical complexity most of these quantities cannot be computed manually.Comment: 32 page

Chosen-Prefix Collisions for MD5 and Applications

We present a novel, automated way to find differential paths for MD5. Its main application is in the construction of \emph{chosen-prefix collisions}. We have shown how, at an approximate expected cost of $2^{39}$ calls to the MD5 compression function, for any two chosen message prefixes $P$ and $P'$, suffixes $S$ and $S'$ can be constructed such that the concatenated values $P\|S$ and $P'\|S'$ collide under MD5. The practical attack potential of this construction of chosen-prefix collisions is of greater concern than the MD5-collisions that were published before. This is illustrated by a pair of MD5-based X.509 certificates one of which was signed by a commercial Certification Authority (CA) as a legitimate website certificate, while the other one is a certificate for a rogue CA that is entirely under our control (cf.\ \url{http://www.win.tue.nl/hashclash/rogue-ca/}). Other examples, such as MD5-colliding executables, are presented as well. More details can be found on \url{http://www.win.tue.nl/hashclash/ChosenPrefixCollisions/}

Cryptanalysis of ARMADILLO2

Abstract. ARMADILLO2 is the recommended variant of a multi-purpose cryptographic primitive dedicated to hardware which has been proposed by Badel et al. in [1]. In this paper, we describe a meet-in-themiddle technique relying on the parallel matching algorithm that allows us to invert the ARMADILLO2 function. This makes it possible to perform a key recovery attack when used as a FIL-MAC. A variant of this attack can also be applied to the stream cipher derived from the PRNG mode. Finally we propose a (second) preimage attack when used as a hash function. We have validated our attacks by implementing cryptanalysis on scaled variants. The experimental results match the theoretical complexities. In addition to these attacks, we present a generalization of the parallel matching algorithm, which can be applied in a broader context than attacking ARMADILLO2

Random Access in Massive MIMO by Exploiting Timing Offsets and Excess Antennas

Massive MIMO systems, where base stations are equipped with hundreds of antennas, are an attractive way to handle the rapid growth of data traffic. As the number of user equipments (UEs) increases, the initial access and handover in contemporary networks will be flooded by user collisions. In this paper, a random access protocol is proposed that resolves collisions and performs timing estimation by simply utilizing the large number of antennas envisioned in Massive MIMO networks. UEs entering the network perform spreading in both time and frequency domains, and their timing offsets are estimated at the base station in closed-form using a subspace decomposition approach. This information is used to compute channel estimates that are subsequently employed by the base station to communicate with the detected UEs. The favorable propagation conditions of Massive MIMO suppress interference among UEs whereas the inherent timing misalignments improve the detection capabilities of the protocol. Numerical results are used to validate the performance of the proposed procedure in cellular networks under uncorrelated and correlated fading channels. With $2.5\times10^3$ UEs that may simultaneously become active with probability 1\% and a total of $16$ frequency-time codes (in a given random access block), it turns out that, with $100$ antennas, the proposed procedure successfully detects a given UE with probability 75\% while providing reliable timing estimates.Comment: 30 pages, 6 figures, 1 table, submitted to Transactions on Communication