Study program to develop and evaluate die and container materials for the growth of silicon ribbons

The development and evaluation of proprietary coatings of pure silicon carbide, silicon nitride, and aluminum nitride on less pure hot pressed substrates of the respective ceramic materials, is described. Silicon sessile drop experiments were performed on coated test specimens under controlled oxygen partial pressure. Prior to testing, X-ray diffraction and SEM characterization was performed. The reaction interfaces were characterized after testing with optical and scanning electron microscopy and Auger electron spectroscopy. Increasing the oxygen partial pressure was found to increase the molten silicon contact angle, apparently because adsorbed oxygen lowers the solid-vapor interfacial free energy. It was also found that adsorbed oxygen increased the degree of attack of molten silicon upon the chemical vapor deposited coatings. Cost projections show that reasonably priced, coated, molten silicon resistant refractory material shapes are obtainable

Links between Division Property and Other Cube Attack Variants

A theoretically reliable key-recovery attack should evaluate not only the non-randomness for the correct key guess but also the randomness for the wrong ones as well. The former has always been the main focus but the absence of the latter can also cause self-contradicted results. In fact, the theoretic discussion of wrong key guesses is overlooked in quite some existing key-recovery attacks, especially the previous cube attack variants based on pure experiments. In this paper, we draw links between the division property and several variants of the cube attack. In addition to the zero-sum property, we further prove that the bias phenomenon, the non-randomness widely utilized in dynamic cube attacks and cube testers, can also be reflected by the division property. Based on such links, we are able to provide several results: Firstly, we give a dynamic cube key-recovery attack on full Grain-128. Compared with Dinur et al.’s original one, this attack is supported by a theoretical analysis of the bias based on a more elaborate assumption. Our attack can recover 3 key bits with a complexity 297.86 and evaluated success probability 99.83%. Thus, the overall complexity for recovering full 128 key bits is 2125. Secondly, now that the bias phenomenon can be efficiently and elaborately evaluated, we further derive new secure bounds for Grain-like primitives (namely Grain-128, Grain-128a, Grain-V1, Plantlet) against both the zero-sum and bias cube testers. Our secure bounds indicate that 256 initialization rounds are not able to guarantee Grain-128 to resist bias-based cube testers. This is an efficient tool for newly designed stream ciphers for determining the number of initialization rounds. Thirdly, we improve Wang et al.’s relaxed term enumeration technique proposed in CRYPTO 2018 and extend their results on Kreyvium and ACORN by 1 and 13 rounds (reaching 892 and 763 rounds) with complexities 2121.19 and 2125.54 respectively. To our knowledge, our results are the current best key-recovery attacks on these two primitives

Systematic first-principles study of impurity hybridization in NiAl

We have performed a systematic first-principles computational study of the effects of impurity atoms (boron, carbon, nitrogen, oxygen, silicon, phosporus, and sulfur) on the orbital hybridization and bonding properties in the intermetallic alloy NiAl using a full-potential linear muffin-tin orbital method. The matrix elements in momentum space were used to calculate real-space properties: onsite parameters, partial densities of states, and local charges. In impurity atoms that are empirically known to be embrittler (N and O) we found that the 2s orbital is bound to the impurity and therefore does not participate in the covalent bonding. In contrast, the corresponding 2s orbital is found to be delocalized in the cohesion enhancers (B and C). Each of these impurity atoms is found to acquire a net negative local charge in NiAl irrespective of whether they sit in the Ni or Al site. The embrittler therefore reduces the total number of electrons available for covalent bonding by removing some of the electrons from the neighboring Ni or Al atoms and localizing them at the impurity site. We show that these correlations also hold for silicon, phosporus, and sulfur.Comment: Revtex, 8 pages, 7 eps figures, to appear in Phys. Rev.

A New Version of Grain-128 with Authentication

A new version of the stream cipher Grain-128 is proposed. The new version, Grain-128a, is strengthened against all known attacks and observations on the original Grain-128, and has built-in support for authentication. The changes are modest, keeping the basic structure of Grain-128. This gives a high confidence in Grain-128a and allows for easy updating of existing implementations

Ten years of cube attacks

In 2009, Dinur and Shamir proposed the cube attack, an algebraic cryptanalysis technique that only requires black box access to a target cipher. Since then, this attack has received both many criticisms and endorsements from crypto community; this work aims at revising and collecting the many attacks that have been proposed starting from it. We categorise all of these attacks in five classes; for each class, we provide a brief summary description along with the state-of-the-art references and the most recent cryptanalysis results. Furthermore, we extend and refine the new notation we proposed in 2021 and we use it to provide a consistent definition for each attack family. Finally, in the appendix, we provide an in-depth description of the kite attack framework, a cipher independent tool we firstly proposed in 2018 that implements the kite attack on GPUs. To prove its effectiveness, we use Mickey2.0 as a use case, showing how to embed it in the framework

A Practical Key-Recovery Attack on 805-Round Trivium

The cube attack is one of the most important cryptanalytic techniques against Trivium. Many improvements have been proposed and lots of key-recovery attacks based on cube attacks have been established. However, among these key-recovery attacks, few attacks can recover the 80-bit full key practically. In particular, the previous best practical key-recovery attack was on 784-round Trivium proposed by Fouque and Vannet at FSE 2013 with on-line complexity about $2^{39}$. To mount a practical key-recovery attack against Trivium on a PC, a sufficient number of low-degree superpolies should be recovered, which is around 40. This is a difficult task both for experimental cube attacks and division property based cube attacks with randomly selected cubes due to lack of efficiency. In this paper, we give a new algorithm to construct candidate cubes targeting at linear superpolies in cube attacks. It is shown by our experiments that the new algorithm is very effective. In our experiments, the success probability is $100\%$ for finding linear superpolies using the constructed cubes. As a result, we mount a practical key-recovery attack on 805-round Trivium, which increases the number of attacked initialisation rounds by 21. We obtain over 1000 cubes with linear superpolies for 805-round Trivium, where 42 linearly independent ones could be selected. With these superpolies, for 805-round Trivium, the 80-bit key could be recovered within on-line complexity $2^{41.40}$, which could be carried out on a single PC equipped with a GTX-1080 GPU in several hours. Furthermore, the new algorithm is applied to 810-round Trivium, a cube of size 43 is constructed and two subcubes of size 42 with linear superpolies for 810-round Trivium are found

Security Evaluation of Stream Cipher Enocoro-128v2

Abstract in Undetermined This report presents a security evaluation of the Enocoro-128v2 stream cipher. Enocoro-128v2 was proposed in 2010 and is a member of the Enocoro family of stream ciphers. This evaluation examines several different attacks applied to the Enocoro-128v2 design. No attack better than exhaustive key search has been found