New Results on the SymSum Distinguisher on Round-Reduced SHA3

In ToSC 2017 Saha et al. demonstrated an interesting property of SHA3 based on higher-order vectorial derivatives which led to self-symmetry based distinguishers referred to as SymSum and bettered the complexity w.r.t the well-studied ZeroSum distinguisher by a factor of 4. This work attempts to take a fresh look at this distinguisher in the light of the linearization technique developed by Guo et al. in Asiacrypt 2016. It is observed that the efficiency of SymSum against ZeroSum drops from 4 to 2 for any number of rounds linearized. This is supported by theoretical proofs. SymSum augmented with linearization can penetrate up to two more rounds as against the classical version. In addition to that, one more round is extended by inversion technique on the final hash values. The combined approach leads to distinguishers up to 9 rounds of SHA3 variants with a complexity of only 264 which is better than the equivalent ZeroSum distinguisher by the factor of 2. To the best of our knowledge this is the best distinguisher available on this many rounds of SHA3

The ventilation of buildings and other mitigating measures for COVID-19: a focus on wintertime.

The year 2020 has seen the emergence of a global pandemic as a result of the disease COVID-19. This report reviews knowledge of the transmission of COVID-19 indoors, examines the evidence for mitigating measures, and considers the implications for wintertime with a focus on ventilation.This work was undertaken as a contribution to the Rapid Assistance in Modelling the Pandemic (RAMP) initiative, coordinated by the Royal Society

Optimisation of Fluid Mixing in a Hydrosacc⃝ Growing Module

A mathematical model is sought for the flow of nutrients in the Hydrosac⃝c growing module being developed by Phytoponics. The basic operation involves long fluid-filled bags with periodic growing zones from which root systems emerge into the bulk fluid. The system is periodically perturbed via two main processes: partial drainage and refilling of each bag with nutrient infused water, with inlet and outlet at opposite ends of the bag; and a more violent oxygenation of the water through bubbles that rise from the pores of an aeration tube that runs underneath the central long axis of the bag. The aim of the modelling is to determine the key parameters and fluid regimes underlying the nutrient mixing process, to ensure that required nutrient levels are maintained through- out the root zones, and to enable optimal scheduling of the nutrient and bubble flow. Simple experiments were performed via the injection of dye into an operating Hydrosac⃝c that contained semi-mature plants. This enabled a basic understanding of the time and lengthscales of nutrient flow, and also the extent to which mixing occurs in different zones within the bag. Four different flow regimes are identified. At the scale of a single root, a Stokes-flow approximation may be used. At the scale of the individual plant, a so-called Brinkman flow regime may be employed which is describes a transition between slow porous- medium flow and fast channel flow. These equations may be homogenised into a 1D model that can be used to estimate the macro-scale flow of nutrients along the length of the bag. A shear flow model is used to predict the extent to which this flow permeates into regions dominated by plant roots. This leads to the requirement to model the bubble-driven flow within a bag cross-section containing a plant. Simplified two-phase flow equations are de- rived and solved within the software COMSOL. The results suggest that the bubble flow is sufficient to drive recirculating flow, which is also found to be consistent with previous literature. The overall conclusion is that both the periodic flow of nutrients and the aeration are re- quired in order to enable even nutrient spread in the Hydrosac⃝c . Wave effects can be ignored, as can the effect of stagnated nutrient diffusion. The longitudinal nutrient flow enables the whole sack to be reached on the time scale of several cycles of the main inlet flow, while the recirculation from the bubble flow enables enables nutrients to spread within the plant roots. Nevertheless, regions of stagnation can occur via this process near any sharp corners of the bag. It is recommend that the various analyses are combined into a a reduced-order mathemat- ical model that can be used to optimise the dynamic operation of the Hydrosac⃝c , which can also be adaptable to other geometries and growing conditions

Improved Conditional Cube Attacks on Keccak Keyed Modes with MILP Method

Conditional cube attack is an efficient key-recovery attack on Keccak keyed modes proposed by Huang et al. at EUROCRYPT 2017. By assigning bit conditions, the diffusion of a conditional cube variable is reduced. Then, using a greedy algorithm (Algorithm 4 in Huang et al.\u27s paper), Huang et al. find some ordinary cube variables, that do not multiply together in the 1st round and do not multiply with the conditional cube variable in the 2nd round. Then the key-recovery attack is launched. The key part of conditional cube attack is to find enough ordinary cube variables. Note that, the greedy algorithm given by Huang et al. adds ordinary cube variable without considering its bad effect, i.e. the new ordinary cube variable may result in that many other variables could not be selected as ordinary cube variable (they multiply with the new ordinary cube variable in the first round). In this paper, we bring out a new MILP model to solve the above problem. We show how to model the CP-like-kernel and model the way that the ordinary cube variables do not multiply together in the 1st round as well as do not multiply with the conditional cube variable in the 2nd round. Based on these modeling strategies, a series of linear inequalities are given to restrict the way to add an ordinary cube variable. Then, by choosing the objective function of the maximal number of ordinary cube variables, we convert Huang et al.\u27s greedy algorithm into an MILP problem and the maximal ordinary cube variables are found. Using this new MILP tool, we improve Huang et al.\u27s key-recovery attacks on reduced-round Keccak-MAC-384 and Keccak-MAC-512 by 1 round, get the first 7-round and 6-round key-recovery attacks, respectively. For Ketje Major, we conclude that when the nonce is no less than 11 lanes, a 7-round key-recovery attack could be achieved. In addition, for Ketje Minor, we use conditional cube variable with 6-6-6 pattern to launch 7-round key-recovery attack

The ventilation of buildings and other mitigating measures for COVID-19: a focus on wintertime.

The year 2020 has seen the emergence of a global pandemic as a result of the disease COVID-19. This report reviews knowledge of the transmission of COVID-19 indoors, examines the evidence for mitigating measures, and considers the implications for wintertime with a focus on ventilation

DLCT: A New Tool for Differential-Linear Cryptanalysis

Differential cryptanalysis and linear cryptanalysis are the two best-known techniques for cryptanalysis of block ciphers. In 1994, Langford and Hellman introduced the differential-linear (DL) attack based on dividing the attacked cipher $E$ into two subciphers $E_0$ and $E_1$ and combining a differential characteristic for $E_0$ with a linear approximation for $E_1$ into an attack on the entire cipher $E$. The DL technique was used to mount the best known attacks against numerous ciphers, including the AES finalist Serpent, ICEPOLE, COCONUT98, Chaskey, CTC2, and 8-round DES. Several papers aimed at formalizing the DL attack, and formulating assumptions under which its complexity can be estimated accurately. These culminated in a recent work of Blondeau, Leander, and Nyberg (Journal of Cryptology, 2017) which obtained an accurate expression under the sole assumption that the two subciphers $E_0$ and $E_1$ are independent. In this paper we show that in many cases, dependency between the two subcipher s significantly affects the complexity of the DL attack, and in particular, can be exploited by the adversary to make the attack more efficient. We present the Differential-Linear Connectivity Table (DLCT) which allows us to take into account the dependency between the two subciphers, and to choose the differential characteristic in $E_0$ and the linear approximation in $E_1$ in a way that takes advantage of this dependency. We then show that the DLCT can be constructed efficiently using the Fast Fourier Transform. Finally, we demonstrate the strength of the DLCT by using it to improve differential-linear attacks on ICEPOLE and on 8-round DES, and to explain published experimental results on Serpent and on the CAESAR finalist Ascon which did not comply with the standard differential-linear framework

Serum leptin concentration, obesity, and insulin resistance in Western Samoans: cross sectional study.

OBJECTIVE: To measure serum leptin concentrations in the Polynesian population of Western Samoa and to examine epidemiological associations of leptin with anthropometric, demographic, behavioural, and metabolic factors in this population with a high prevalence of obesity and non-insulin dependent diabetes mellitus. DESIGN: Cross sectional study, leptin concentration being measured in a subgroup of a population based sample. SUBJECTS: 240 Polynesian men and women aged 28-74 years were selected to cover the full range of age, body mass index, and glucose tolerance. MAIN OUTCOME MEASUREMENTS: Serum leptin, insulin, and glucose concentrations; anthropometric measures; physical activity; and area of residence. RESULTS: Leptin concentrations were correlated with body mass index (r = 0.80 in men, 0.79 in women) and waist circumference (r = 0.82 in men, 0.78 in women) but less so with waist to hip ratio. At any body mass index, leptin concentration was higher in women than men (geometric mean adjusted for body mass index 15.3 v 3.6 pg/l, P < 0.001). Leptin concentration also correlated with fasting insulin concentration (r = 0.63 in men, 0.64 in women) and insulin concentration 2 hours after a glucose load (r = 0.58 in men, 0.52 in women). These associations remained significant after controlling for body mass index; effects of physical activity and of rural or urban living on leptin concentration were eliminated after adjusting for obesity, except values remained high in urban men. 78% of variance in leptin was explained by a model including fasting insulin concentration, sex, body mass index, and a body mass index by sex interaction term. Similar results were obtained if waist circumference replaced body mass index. CONCLUSIONS: The strong relation of leptin with obesity is consistent with leptin production being proportional of mass to adipose tissue. The relation with insulin independent of body mass index suggests a possible role for leptin in insulin resistance or hyperinsulinaemia