Differential and invertibility properties of BLAKE (full version)

BLAKE is a hash function selected by NIST as one of the 14 second round candidates for the SHA-3 Competition. In this paper, we follow a bottom-up approach to exhibit properties of BLAKE and of its building blocks: based on differential properties of the internal function G, we show that a round of BLAKE is a permutation on the message space, and present an efficient inversion algorithm. For 1.5 rounds we present an algorithm that finds preimages faster than in previous attacks. Discovered properties lead us to describe large classes of impossible differentials for two rounds of BLAKE’s internal permutation, and particular impossible differentials for five and six rounds, respectively for BLAKE- 32 and BLAKE-64. Then, using a linear and rotation-free model, we describe near-collisions for four rounds of the compression function. Finally, we discuss the problem of establishing upper bounds on the probability of differential characteristics for BLAKE

Analysis of BLAKE2

We present a thorough security analysis of the hash function family BLAKE2, a recently proposed and already in use tweaked version of the SHA-3 finalist BLAKE. We study how existing attacks on BLAKE apply to BLAKE2 and to what extent the modifications impact the attacks. We design and run two improved searches for (impossible) differential attacks — the outcomes suggest higher number of attacked rounds in the case of impossible differentials (in fact we improve the best results for BLAKE as well), and slightly higher for the differential attacks on the hash/compression function (which gives an insight into the quality of the tweaks). We emphasize the importance of each of the modifications, in particular we show that an improper initialization could lead to collisions and near-collisions for the full-round compression function. We analyze the permutation of the new hash function and give rotational attacks and internal differentials for the whole design. We conclude that the tweaks in BLAKE2 were chosen properly and, despite having weaknesses in the theoretical attack frameworks of permutations and of fully-chosen state input compression functions, the hash function of BLAKE2 has only slightly lower security margin than BLAKE

Near-Collisions on the Reduced-Round Compression Functions of Skein and BLAKE

The SHA-3 competition organized by NIST aims to find a new hash standard as a replacement of SHA-2. Till now, 14 submissions have been selected as the second round candidates, including Skein and BLAKE, both of which have components based on modular addition, rotation and bitwise XOR (ARX). In this paper, we propose improved near-collision attacks on the reduced-round compression functions of Skein and a variant of BLAKE. The attacks are based on linear differentials of the modular additions. The computational complexity of near-collision attacks on a 4-round compression function of BLAKE-32, 4-round and 5-round compression functions of BLAKE-64 are 2^{21}, 2^{16} and 2^{216} respectively, and the attacks on a 24-round compression functions of Skein-256, Skein-512 and Skein-1024 have a complexity of 2^{60}, 2^{230} and 2^{395} respectively

Nonlinear software sensor for monitoring genetic regulation processes with noise and modeling errors

Nonlinear control techniques by means of a software sensor that are commonly used in chemical engineering could be also applied to genetic regulation processes. We provide here a realistic formulation of this procedure by introducing an additive white Gaussian noise, which is usually found in experimental data. Besides, we include model errors, meaning that we assume we do not know the nonlinear regulation function of the process. In order to illustrate this procedure, we employ the Goodwin dynamics of the concentrations [B.C. Goodwin, Temporal Oscillations in Cells, (Academic Press, New York, 1963)] in the simple form recently applied to single gene systems and some operon cases [H. De Jong, J. Comp. Biol. 9, 67 (2002)], which involves the dynamics of the mRNA, given protein, and metabolite concentrations. Further, we present results for a three gene case in co-regulated sets of transcription units as they occur in prokaryotes. However, instead of considering their full dynamics, we use only the data of the metabolites and a designed software sensor. We also show, more generally, that it is possible to rebuild the complete set of nonmeasured concentrations despite the uncertainties in the regulation function or, even more, in the case of not knowing the mRNA dynamics. In addition, the rebuilding of concentrations is not affected by the perturbation due to the additive white Gaussian noise and also we managed to filter the noisy output of the biological systemComment: 21 pages, 7 figures; also selected in vjbio of August 2005; this version corrects a misorder in the last three references of the published versio

The Boomerang Attacks on BLAKE and BLAKE2

n this paper, we study the security margins of hash functions BLAKE and BLAKE2 against the boomerang attack. We launch boomerang attacks on all four members of BLAKE and BLAKE2, and compare their complexities. We propose 8.5-round boomerang attacks on both BLAKE-512 and BLAKE2b with complexities $2^{464}$ and $2^{474}$ respectively. We also propose 8-round attacks on BLAKE-256 with complexity $2^{198}$ and 7.5-round attacks on BLAKE2s with complexity $2^{184}$. We verify the correctness of our analysis by giving practical 6.5-round Type I boomerang quartets for each member of BLAKE and BLAKE2. According to our analysis, some tweaks introduced by BLAKE2 have increased its resistance against boomerang attacks to a certain extent. But on the whole, BLAKE still has higher a secure margin than BLAKE2

Observability/Identifiability of Rigid Motion under Perspective Projection

The "visual motion" problem consists of estimating the motion of an object viewed under projection. In this paper we address the feasibility of such a problem. We will show that the model which defines the visual motion problem for feature points in the euclidean 3D space lacks of both linear and local (weak) observability. The locally observable manifold is covered with three levels of lie differentiations. Indeed, by imposing metric constraints on the state-space, it is possible to reduce the set of indistinguishable states. We will then analyze a model for visual motion estimation in terms of identification of an Exterior Differential System, with the parameters living on a topological manifold, called the "essential manifold", which includes explicitly in its definition the forementioned metric constraints. We will show that rigid motion is globally observable/identifiable under perspective projection with zero level of lie differentiation under some general position conditions. Such conditions hold when the viewer does not move on a quadric surface containing all the visible points

Whitham's equations for modulated roll-waves in shallow flows

This paper is concerned with the detailed behaviour of roll-waves undergoing a low-frequency perturbation. We rst derive the so-called Whitham's averaged modulation equations and relate the well-posedness of this set of equations to the spectral stability problem in the small Floquet-number limit. We then fully validate such a system and in particular, we are able to construct solutions to the shallow water equations in the neighbourhood of modulated roll-waves proles that exist for asymptotically large time

The significance of the integrated Sachs-Wolfe effect revisited

We revisit the state of the integrated Sachs-Wolfe (ISW) effect measurements in light of newly available data and address criticisms about the measurements which have recently been raised. We update the data set previously assembled by Giannantonio et al. to include new data releases for both the cosmic microwave background (CMB) and the large-scale structure (LSS) of the Universe. We find that our updated results are consistent with previous measurements. By fitting a single template amplitude, we now obtain a combined significance of the ISW detection at the 4.4 sigma level, which fluctuates by 0.4 sigma when alternative data cuts and analysis assumptions are considered. We also make new tests for systematic contaminations of the data, focusing in particular on the issues raised by Sawangwit et al. Amongst them, we address the rotation test, which aims at checking for possible systematics by correlating pairs of randomly rotated maps. We find results consistent with the expected data covariance, no evidence for enhanced correlation on any preferred axis of rotation, and therefore no indication of any additional systematic contamination. We publicly release the results, the covariance matrix, and the sky maps used to obtain them.Comment: 19 pages, 10 figures. MNRAS in pres