Kabasilas’s Rule of Theology and the Distinction between the Light and Warmth of Fire in Neilos Kabasilas and Gregory Palamas

Kabasilas’s Rule of Theology and the Distinction between the Light and Warmth of Fire in Neilos Kabasilas and Gregory Palama

Temperature Effects in the Photoluminescence of Semiconductor Quantum Dots

Temperature effects in the exciton photoluminescence specific to semiconductor quantum dots (QDs) are reviewed using Si QDs as an example. The processes of direct and indirect optical excitation of spatially confined excitons in quantum dots embedded in dielectric matrix are analyzed. The temperature behavior of the quantum dots photoluminescence (PL) excited by various methods was described in detail by a generalized electronic transitions scheme using different exciton relaxation models. The different types of temperature dependences were analyzed. The analytical expressions were obtained for their description, which allow one to determine the energy and kinetic characteristics of QD photoluminescence. It was found that the shape of the temperature dependence makes it possible to understand whether the process of exciton relaxation contains several different thermally activated stages or this is a simple one-stage process. The applicability of the obtained expressions for the analysis of the luminescence properties of quantum dots is demonstrated by the example of crystalline and amorphous silicon nanoclusters in silica matrix. It has been established that the quantum confinement effect of excitons in quantum dots leads to a decrease in the frequency characteristics and thermal activation barriers for nonradiative transitions

Tradeoff Cryptanalysis of Memory-Hard Functions

We explore time-memory and other tradeoffs for memory-hard functions, which are supposed to impose significant computational and time penalties if less memory is used than intended. We analyze three finalists of the Password Hashing Competition: Catena, which was presented at Asiacrypt 2014, \textsf{yescrypt} and Lyra2. We demonstrate that Catena\u27s proof of tradeoff resilience is flawed, and attack it with a novel \emph{precomputation tradeoff}. We show that using $M^{4/5}$ memory instead of $M$ we have no time penalties and reduce the AT cost by the factor of 25. We further generalize our method for a wide class of schemes with predictable memory access. For a wide class of data-dependent schemes, which addresses memory unpredictably, we develop a novel \emph{ranking tradeoff} and show how to decrease the time-memory and the time-area product by significant factors. We then apply our method to yescrypt and Lyra2 also exploiting the iterative structure of their internal compression functions. The designers confirmed our attacks and responded by adding a new mode for Catena and tweaking Lyra2

Decomposition attack on SASASASAS

We demonstrate the first attacks on the SPN ciphers with 6, 7, 8, and 9 secret layers. In particular, we show a decomposition attack on the SASASASAS scheme when the S-box size M and the block length N satisfy the condition M^2 < N (for example, 8-bit S-box and 128-bit block)

Feasible Attack on the 13-round AES-256

In this note we present the first attack with feasible complexity on the 13-round AES-256. The attack runs in the related-subkey scenario with four related keys, in 2^{76} time, data, and memory

Fast and Tradeoff-Resilient Memory-Hard Functions for Cryptocurrencies and Password Hashing

Memory-hard functions are becoming an important tool in the design of password hashing schemes, cryptocurrencies, and more generic proof-of-work primitives that are x86-oriented and can not be computed on dedicated hardware more efficiently. We develop a simple and cryptographically secure approach to the design of such functions and show how to exploit the architecture of modern CPUs and memory chips to make faster and more secure schemes compared to existing alternatives such as scrypt. We also propose cryptographic criteria for the components, that prevent cost reductions using time-memory tradeoffs and side-channel leaks. The concrete proof-of-work instantiation, which we call Argon2, can fill GBytes of RAM within a second, is resilient to various tradeoffs, and is suitable for a wide range of applications, which aim to bind a computation to a certain architecture. Concerning potential DoS attacks, our scheme is lightweight enough to offset the bottleneck from the CPU to the memory bus thus leaving sufficient computing power for other tasks. We also propose parameters for which our scheme is botnet resistant. As an application, we suggest a cryptocurrency design with fast and memory-hard proof-of-work, which allows memoryless verification

Distinguisher and Related-Key Attack on the Full AES-256 (Extended Version)

In this paper we construct a chosen-key distinguisher and a related-key attack on the full 256-bit key AES. We define a notion of {\em differential $q$-multicollision} and show that for AES-256 $q$-multicollisions can be constructed in time $q\cdot 2^{67}$ and with negligible memory, while we prove that the same task for an ideal cipher of the same block size would require at least $O(q\cdot 2^{\frac{q-1}{q+1}128})$ time. Using similar approach and with the same complexity we can also construct $q$-pseudo collisions for AES-256 in Davies-Meyer hashing mode, a scheme which is provably secure in the ideal-cipher model. We have also computed partial $q$-multicollisions in time $q\cdot 2^{37}$ on a PC to verify our results. These results show that AES-256 can not model an ideal cipher in theoretical constructions. Finally, we extend our results to find the first publicly known attack on the full 14-round AES-256: a related-key distinguisher which works for one out of every $2^{35}$ keys with $2^{120}$ data and time complexity and negligible memory. This distinguisher is translated into a key-recovery attack with total complexity of $2^{131}$ time and $2^{65}$ memory

Examples of differential multicollisions for 13 and 14 rounds of AES-256

Here we present practical differential $q$-multicollisions for AES-256, which can be tested on any implementation of AES-256. In our paper Distinguisher and Related-Key Attack on the Full AES-256 $q$-multicollisions are found with complexity $q\cdot 2^{67}$. We relax conditions on the plaintext difference $\Delta_P$ allowing some bytes to vary and find multicollisions for 13 and 14 round AES with complexity $q\cdot 2^{37}$. Even with the relaxation there is still a large complexity gap between our algorithm and the lower bound that we have proved in Lemma 1. Moreover we believe that in practice finding even two fixed-difference collisions for a good cipher would be very challenging