A Key-recovery Attack on 855-round Trivium

In this paper, we propose a key-recovery attack on Trivium reduced to 855 rounds. As the output is a complex Boolean polynomial over secret key and IV bits and it is hard to find the solution of the secret keys, we propose a novel nullification technique of the Boolean polynomial to reduce the output Boolean polynomial of 855-round Trivium. Then we determine the degree upper bound of the reduced nonlinear boolean polynomial and detect the right keys. These techniques can be applicable to most stream ciphers based on nonlinear feedback shift registers (NFSR). Our attack on $855$-round Trivium costs time complexity $2^{77}$. As far as we know, this is the best key-recovery attack on round-reduced Trivium. To verify our attack, we also give some experimental data on 721-round reduced Trivium

Correlation Cube Attacks: From Weak-Key Distinguisher to Key Recovery

In this paper, we describe a new variant of cube attacks called correlation cube attack. The new attack recovers the secret key of a cryptosystem by exploiting conditional correlation properties between the superpoly of a cube and a specific set of low-degree polynomials that we call a basis, which satisfies that the superpoly is a zero constant when all the polynomials in the basis are zeros. We present a detailed procedure of correlation cube attack for the general case, including how to find a basis of the superpoly of a given cube. One of the most significant advantages of this new analysis technique over other variants of cube attacks is that it converts from a weak-key distinguisher to a key recovery attack. As an illustration, we apply the attack to round-reduced variants of the stream cipher Trivium. Based on the tool of numeric mapping introduced by Liu at CRYPTO 2017, we develop a specific technique to efficiently find a basis of the superpoly of a given cube as well as a large set of potentially good cubes used in the attack on Trivium variants, and further set up deterministic or probabilistic equations on the key bits according to the conditional correlation properties between the superpolys of the cubes and their bases. For a variant when the number of initialization rounds is reduced from 1152 to 805, we can recover about 7-bit key information on average with time complexity $2^{44}$, using $2^{45}$ keystream bits and preprocessing time $2^{51}$. For a variant of Trivium reduced to 835 rounds, we can recover about 5-bit key information on average with the same complexity. All the attacks are practical and fully verified by experiments. To the best of our knowledge, they are thus far the best known key recovery attacks for these variants of Trivium, and this is the first time that a weak-key distinguisher on Trivium stream cipher can be converted to a key recovery attack

Legislative History: An Act Concerning the Operation of Emergency Medical Vehicles (SP482)(LD 1303)

https://digitalmaine.com/legishist114/2302/thumbnail.jp

An Experimentally Verified Attack on Full Grain-128 Using Dedicated Reconfigurable Hardware

In this paper we describe the first single-key attack which can recover the full key of the full version of Grain-128 for arbitrary keys by an algorithm which is significantly faster than exhaustive search (by a factor of about 238). It is based on a new version of a cube tester, which uses an improved choice of dynamic variables to eliminate the previously made assumption that ten particular key bits are zero. In addition, the new attack is much faster than the previous weak-key attack, and has a simpler key recovery process. Since it is extremely difficult to mathemat-ically analyze the expected behavior of such attacks, we implemented it on RIVYERA, which is a new massively parallel reconfigurable hardware, and tested its main components for dozens of random keys. These tests experimentally verified the correctness and expected complexity of the attack, by finding a very significant bias in our new cube tester for about 7.5 % of the keys we tested. This is the first time that the main compo-nents of a complex analytical attack are successfully realized against a full-size cipher with a special-purpose machine. Moreover, it is also the first attack that truly exploits the configurable nature of an FPGA-based cryptanalytical hardware

Fast Near Collision Attack on the Grain v1 Stream Cipher

Modern stream ciphers often adopt a large internal state to resist various attacks, where the cryptanalysts have to deal with a large number of variables when mounting state recovery attacks. In this paper, we propose a general new cryptanalytic method on stream ciphers, called fast near collision attack, to address this situation. It combines a near collision property with the divide-and-conquer strategy so that only subsets of the internal state, associated with different keystream vectors, are recovered first and merged carefully later to retrieve the full large internal state. A self-contained method is introduced and improved to derive the target subset of the internal state from the partial state difference efficiently. As an application, we propose a new key recovery attack on Grain v1, one of the $7$ finalists selected by the eSTREAM project, in the single-key setting. Both the pre-computation and the online phases are tailored according to its internal structure, to provide an attack for any fixed IV in $2^{75.7}$ cipher ticks after the pre-computation of $2^{8.1}$ cipher ticks, given $2^{28}$-bit memory and about $2^{19}$ keystream bits. Practical experiments on Grain v1 itself whenever possible and on a 80-bit reduced version confirmed our results

A three-country comparison of psychotropic medication prevalence in youth

<p>Abstract</p> <p>Background</p> <p>The study aims to compare cross-national prevalence of psychotropic medication use in youth.</p> <p>Methods</p> <p>A population-based analysis of psychotropic medication use based on administrative claims data for the year 2000 was undertaken for insured enrollees from 3 countries in relation to age group (0–4, 5–9, 10–14, and 15–19), gender, drug subclass pattern and concomitant use. The data include insured youth aged 0–19 in the year 2000 from the Netherlands (n = 110,944), Germany (n = 356,520) and the United States (n = 127,157).</p> <p>Results</p> <p>The annual prevalence of any psychotropic medication in youth was significantly greater in the US (6.7%) than in the Netherlands (2.9%) and in Germany (2.0%). Antidepressant and stimulant prevalence were 3 or more times greater in the US than in the Netherlands and Germany, while antipsychotic prevalence was 1.5–2.2 times greater. The atypical antipsychotic subclass represented only 5% of antipsychotic use in Germany, but 48% in the Netherlands and 66% in the US. The less commonly used drugs e.g. alpha agonists, lithium and antiparkinsonian agents generally followed the ranking of US>Dutch>German youth with very rare (less than 0.05%) use in Dutch and German youth. Though rarely used, anxiolytics were twice as common in Dutch as in US and German youth. Prescription hypnotics were half as common as anxiolytics in Dutch and US youth and were very uncommon in German youth. Concomitant drug use applied to 19.2% of US youth which was more than double the Dutch use and three times that of German youth.</p> <p>Conclusion</p> <p>Prominent differences in psychotropic medication treatment patterns exist between youth in the US and Western Europe and within Western Europe. Differences in policies regarding direct to consumer drug advertising, government regulatory restrictions, reimbursement policies, diagnostic classification systems, and cultural beliefs regarding the role of medication for emotional and behavioral treatment are likely to account for these differences.</p

Pediatric drug safety signal detection: a new drug-event reference set for performance testing of data-mining methods and systems

BACKGROUND: Better evidence regarding drug safety in the pediatric population might be generated from existing data sources such as spontaneous reporting systems and electronic healthcare records. The Global Research in Paediatrics (GRiP)-Network of Excellence aims to develop pediatric-specific methods that can be applied to these data sources. A reference set of positive and negative drug-event associations is required. OBJECTIVE: The aim of this study was to develop a pediatric-specific reference set of positive and negative drug-event associations. METHODS: Considering user patterns and expert opinion, 16 drugs that are used in individuals aged 0-18 years were selected and evaluated against 16 events, regarded as important safety outcomes. A cross-table of unique drug-event pairs was created. Each pair was classified as potential positive or negative control based on information from the drug's Summary of Product Characteristics and Micromedex. If both information sources consistently listed the event as an adverse event, the combination was reviewed as potential positive control. If both did not, the combination was evaluated as potential negative control. Further evaluation was based on published literature. RESULTS: Selected drugs include ibuprofen, flucloxacillin, domperidone, methylphenidate, montelukast, quinine, and cyproterone/ethinylestradiol. Selected events include bullous eruption, aplastic anemia, ventricular arrhythmia, sudden death, acute kidney injury, psychosis, and seizure. Altogether, 256 unique combinations were reviewed, yielding 37 positive (17 with evidence from the pediatric population and 20 with evidence from adults only) and 90 negative control pairs, with the remainder being unclassifiable. CONCLUSION: We propose a drug-event reference set that can be used to compare different signal detection methods in the pediatric population

Numerical Analysis of the Thermo-mechanical Behavior of Energy Piles

A finite element model is developed to investigate the thermomechanical behavior of the energy pile in detail. In the model, soil is regarded as a kind of thermo-elastic-perfectly plastic material, and the interaction between the pile and soil is modeled by contact elements. In order to save the computing time, the U-tubes in the energy pile are simulated by line elements, which are proved to be suitable for calculating the temperature of the pile. To deal with the thermomechanical multi-field problem, the sequential coupling method is utilized. The simulation results show that the thermally induced stress and deformation in the pile can be significantly influenced by the properties of the soil, the applied mechanical load and the restraint condition at the pile head. Long-time simulations of the energy pile with cyclic heat injections and extractions indicate that the thermal cycles would induce an unrecoverable settlement of the pile, and the ultimate bearing capacity of the energy pile may need to be redefined in view of its longtime performance.Department of Building Services Engineerin