The Security of ChaCha20-Poly1305 in the Multi-user Setting

The ChaCha20-Poly1305 AEAD scheme is being increasingly widely deployed in practice. Practitioners need proven security bounds in order to set data limits and rekeying intervals for the scheme. But the formal security analysis of ChaCha20-Poly1305 currently lags behind that of AES-GCM. The only extant analysis (Procter, 2014) contains a flaw and is only for the single-user setting. We rectify this situation. We prove a multi-user security bound on the AEAD security of ChaCha20-Poly1305 and establish the tightness of each term in our bound through matching attacks. We show how our bound differs both qualitatively and quantitatively from the known bounds for AES-GCM, highlighting how subtle design choices lead to distinctive security properties. We translate our bound to the nonce-randomized setting employed in TLS 1.3 and elsewhere, and we additionally improve the corresponding security bounds for GCM. Finally, we provide a simple yet stronger variant of ChaCha20-Poly1305 that addresses the deficiencies highlighted by our analysis

Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation

In recent years, a number of standardized symmetric encryption schemes have fallen foul of attacks exploiting the fact that in some real world scenarios ciphertexts can be delivered in a fragmented fashion. We initiate the first general and formal study of the security of symmetric encryption against such attacks. We extend the SSH-specific work of Paterson and Watson (Eurocrypt 2010) to develop security models for the fragmented setting. We also develop security models to formalize the additional desirable properties of ciphertext boundary hiding and robustness against Denial-of-Service (DoS) attacks for schemes in this setting. We illustrate the utility of each of our models via efficient constructions for schemes using only standard cryptographic components, including constructions that simultaneously achieve confidentiality, ciphertext boundary hiding and DoS robustness

Subvert KEM to Break DEM: Practical Algorithm-Substitution Attacks on Public-Key Encryption

Motivated by the currently widespread concern about mass surveillance of encrypted communications, Bellare \emph{et al.} introduced at CRYPTO 2014 the notion of Algorithm-Substitution Attack (ASA) where the legitimate encryption algorithm is replaced by a subverted one that aims to undetectably exfiltrate the secret key via ciphertexts. Practically implementable ASAs on various cryptographic primitives (Bellare \emph{et al.}, CRYPTO\u2714 \& ACM CCS\u2715; Ateniese \emph{et al.}, ACM CCS\u2715; Berndt and Liśkiewicz, ACM CCS\u2717) have been constructed and analyzed, leaking the secret key successfully. Nevertheless, in spite of much progress, the practical impact of ASAs (formulated originally for symmetric key cryptography) on public-key (PKE) encryption operations remains unclear, primarily since the encryption operation of PKE does not involve the secret key, and also previously known ASAs become relatively inefficient for leaking the plaintext due to the logarithmic upper bound of exfiltration rate (Berndt and Liśkiewicz, ACM CCS\u2717). In this work, we formulate a practical ASA on PKE encryption algorithm which, perhaps surprisingly, turns out to be much more efficient and robust than existing ones, showing that ASAs on PKE schemes are far more effective and dangerous than previously believed. We mainly target PKE of hybrid encryption which is the most prevalent way to employ PKE in the literature and in practice. The main strategy of our ASA is to subvert the underlying key encapsulation mechanism (KEM) so that the session key encapsulated could be efficiently extracted, which, in turn, breaks the data encapsulation mechanism (DEM) enabling us to learn the plaintext itself. Concretely, our non-black-box yet quite general attack enables recovering the plaintext from only two successive ciphertexts and minimally depends on a short state of previous internal randomness. A widely used class of KEMs is shown to be subvertible by our powerful attack. Our attack relies on a novel identification and formalization of certain properties that yield practical ASAs on KEMs. More broadly, it points at and may shed some light on exploring structural weaknesses of other ``composed cryptographic primitives,\u27\u27 which may make them susceptible to more dangerous ASAs with effectiveness that surpasses the known logarithmic upper bound (i.e., reviewing composition as an attack enabler)

Lightweight Authenticated Encryption Mode Suitable for Threshold Implementation

This paper proposes tweakable block cipher (TBC) based modes $\mathsf{PFB\_Plus}$ and $\mathsf{PFB}\omega$ that are efficient in threshold implementations (TI). Let $t$ be an algebraic degree of a target function, e.g.~$t=1$ (resp.~$t>1$) for linear (resp.~non-linear) function. The $d$-th order TI encodes the internal state into $d t + 1$ shares. Hence, the area size increases proportionally to the number of shares. This implies that TBC based modes can be smaller than block cipher (BC) based modes in TI because TBC requires $s$-bit block to ensure $s$-bit security, e.g. \textsf{PFB} and \textsf{Romulus}, while BC requires $2s$-bit block. However, even with those TBC based modes, the minimum we can reach is 3 shares of $s$-bit state with $t=2$ and the first-order TI ($d=1$). Our first design $\mathsf{PFB\_Plus}$ aims to break the barrier of the $3s$-bit state in TI. The block size of an underlying TBC is $s/2$ bits and the output of TBC is linearly expanded to $s$ bits. This expanded state requires only 2 shares in the first-order TI, which makes the total state size $2.5s$ bits. We also provide rigorous security proof of $\mathsf{PFB\_Plus}$. Our second design $\mathsf{PFB}\omega$ further increases a parameter $\omega$: a ratio of the security level $s$ to the block size of an underlying TBC. We prove security of $\mathsf{PFB}\omega$ for any $\omega$ under some assumptions for an underlying TBC and for parameters used to update a state. Next, we show a concrete instantiation of $\mathsf{PFB\_Plus}$ for 128-bit security. It requires a TBC with 64-bit block, 128-bit key and 128-bit tweak, while no existing TBC can support it. We design a new TBC by extending \textsf{SKINNY} and provide basic security evaluation. Finally, we give hardware benchmarks of $\mathsf{PFB\_Plus}$ in the first-order TI to show that TI of $\mathsf{PFB\_Plus}$ is smaller than that of \textsf{PFB} by more than one thousand gates and is the smallest within the schemes having 128-bit security

Kualitas Hidup Pasien Diabetes Melitus Tipe 2 di Puskesmas Se Kota Kupang

Diabetes Mellitus is well known as a chronic disease which can lead to a decrease in quality of life in all domains. The study aims to explore the diabetic type 2 patient\u27s quality of life and find out the factors affecting in type 2 diabetic mellitus patients. The cross-sectional study design is used that included 65 patient with type 2 diabetes mellitus, in 11 public health centers of Kupang City. Data were collected by using Short Form Survey (SF-36) that assessed 8-scale health profile. Independent sample t-test is used to analyze the correlation between the factors affecting and the quality of life. the study showed that the QoL of DM patients decreased in all 8- health profile including physical functioning, social functioning, mental health, general health, pain, change in the role due to physical problems and emotional problems. The Study also showed there was a relationship between gender, duration of suffering from Diabetes mellitus, and complications to the quality of life. Male perceived a better quality of life than female

Sunetti ta’ William Shakespeare

Ġabra ta’ poeżiji u proża li tinkludi: Grand Prix ta’ Carmel Azzopardi – Pizza marinara ta’ Carmel Azzopardi – Ħajku ta’ Kit Azzopardi – Ix-xemgħa qiegħda ta’ Charles Bezzina – U taħti ramel, ramel ta’ Charles Bezzina – Vażett ta’ Ġorġ Borg – Bniedem li mhux ta’ Ġorġ Borg – Il-ħajbu ta’ Antoine Cassar – Il-mistoħbija ta’ Manwel Cassar – Għasel ta’ Carmel G. Cauchi – Dgħajsa ta’ Carmel G. Cauchi – Ħitan ta’ Alfred Degabriele – Skeletru silwett...f’realtà moħbija ta’ Stefano Farrugia – Minjatura tal-enimmi ta’ Stefano Farrugia – Mnejn jgħaddi Kristu ta’ Joe Friggieri – Rebbiegħa ta’ Reno Fenech – Blogger ta’ Charles Flores – Veġeterjana ta’ Charles Flores – Mejju ta’ Joe P. Galea – Kien hemm lejla u tmien nisa ta’ Claudia Gauci – Ħobbni ta’ Sergio Grech – Mitlufin ta’ Maria Grech Ganado – Moħħi ta’ Maria Grech Ganado – Viżjoni ta’ Maria Grech Ganado – Inkontinenza ta’ Adrian Grima – Andrew jħebb in-nar ta’ Adrian Grima – It-Tlieta, 20 ta’ Lulju 2004 ta’ Alfred Massa – Fuq l-għolja tal- Verdala ta’ Jane Micallef – Imm’issa ta’ Jane Micallef – Baby blues ta’ Immanuel Mifsud – Ġo dar sawra ta’ Immanuel Mifsud – Lil Dun Karm ta’ Maurice Mifsud Bonnici – Il-fuklar ta’ Achille Mizzi – Ut videam ta’ Achille Mizzi – Karnival solitarju ta’ Patrick Sammut – Mill-baħħ etern ta’ Joe Zammit Tabona – ...fil-ħmieġ ta’ ftit blatiet... ta’ Paul P. Borg – Bħall-qasab ta’ Steve Borg – L-aħħar żjara ta’ Victor Fenech – Ħelwa.morra 18 ta’ Ann Marie Schembri – Jack & Jill ta’ Trevor Żahra – Għadbilura ta’ Russell Davis, traduzzjoni ta’ Toni Aquilina – Sunetti ta’ William Shakespeare, traduzzjoni ta’ Oliver Friggieri.peer-reviewe

Shared and Disorder-Specific Event-Related Brain Oscillatory Markers of Attentional Dysfunction in ADHD and Bipolar Disorder.

Attention-deficit/hyperactivity disorder (ADHD) and bipolar disorder (BD) often present with overlapping symptoms and cognitive impairments, such as increased fluctuations in attentional performance measured by increased reaction-time variability (RTV). We previously provided initial evidence of shared and distinct event-related potential (ERP) impairments in ADHD and BD in a direct electrophysiological comparison, but no study to date has compared neural mechanisms underlying attentional impairments with finer-grained brain oscillatory markers. Here, we aimed to compare the neural underpinnings of impaired attentional processes in ADHD and BD, by examining event-related brain oscillations during a reaction-time task under slow-unrewarded baseline and fast-incentive conditions. We measured cognitive performance, ERPs and brain-oscillatory modulations of power and phase variability in 20 women with ADHD, 20 women with BD (currently euthymic) and 20 control women. Compared to controls, both ADHD and BD groups showed increased RTV in the baseline condition and increased RTV, theta phase variability and lower contingent negative variation in the fast-incentive condition. Unlike controls, neither clinical group showed an improvement from the slow-unrewarded baseline to the fast-incentive condition in attentional P3 amplitude or alpha power suppression. Most impairments did not differ between the disorders, as only an adjustment in beta suppression between conditions (lower in the ADHD group) distinguished between the clinical groups. These findings suggest shared impairments in women with ADHD and BD in cognitive and neural variability, preparatory activity and inability to adjust attention allocation and activation. These overlapping impairments may represent shared neurobiological mechanisms of attentional dysfunction in ADHD and BD, and potentially underlie common symptoms in both disorders.We thank all who made this research possible: The National Adult ADHD Clinic at the South London and Maudsley Hospital, Dr Helen Costello, Prof Sophia Frangou, Prof Anne Farmer, Jessica Deadman, Hannah Collyer, Sarah-Jane Gregori, and all participants who contributed their time to the study. Dr Giorgia Michelini was supported by a 1+3 PhD studentship awarded by the MRC Social, Genetic and Developmental Psychiatry Centre, Institute of Psychiatry, Psychology and Neuroscience, King’s College London (G9817803). This project was supported by an Economic and Social Research Council studentship to Dr Viryanaga Kitsune (ES/100971X/1). Dr Giorgia Michelini and Prof Philip Asherson are supported by generous grants from the National Institute for Health Research Biomedical Research Centre for Mental Health at King’s College London, Institute of Psychiatry, Psychology and Neuroscience and South London and Maudsley National Health Service (NHS) Foundation Trust. The funders had no role in the design and conduct of the study; collection, management, analysis, and interpretation of the data; preparation, review, or approval of the manuscript; and decision to submit the manuscript for publication

Practical guidelines for rigor and reproducibility in preclinical and clinical studies on cardioprotection

The potential for ischemic preconditioning to reduce infarct size was first recognized more than 30 years ago. Despite extension of the concept to ischemic postconditioning and remote ischemic conditioning and literally thousands of experimental studies in various species and models which identified a multitude of signaling steps, so far there is only a single and very recent study, which has unequivocally translated cardioprotection to improved clinical outcome as the primary endpoint in patients. Many potential reasons for this disappointing lack of clinical translation of cardioprotection have been proposed, including lack of rigor and reproducibility in preclinical studies, and poor design and conduct of clinical trials. There is, however, universal agreement that robust preclinical data are a mandatory prerequisite to initiate a meaningful clinical trial. In this context, it is disconcerting that the CAESAR consortium (Consortium for preclinicAl assESsment of cARdioprotective therapies) in a highly standardized multi-center approach of preclinical studies identified only ischemic preconditioning, but not nitrite or sildenafil, when given as adjunct to reperfusion, to reduce infarct size. However, ischemic preconditioning—due to its very nature—can only be used in elective interventions, and not in acute myocardial infarction. Therefore, better strategies to identify robust and reproducible strategies of cardioprotection, which can subsequently be tested in clinical trials must be developed. We refer to the recent guidelines for experimental models of myocardial ischemia and infarction, and aim to provide now practical guidelines to ensure rigor and reproducibility in preclinical and clinical studies on cardioprotection. In line with the above guideline, we define rigor as standardized state-of-the-art design, conduct and reporting of a study, which is then a prerequisite for reproducibility, i.e. replication of results by another laboratory when performing exactly the same experiment

Attacking the IPsec Standards in Encryption-only Configurations

Abstract. At Eurocrypt 2006, Paterson and Yau demonstrated how flaws in the Linux implementation of IPsec could be exploited to break encryption-only configurations of ESP, the IPsec encryption protocol. Their work highlighted the dangers of not using authenticated encryption in fielded systems, but did not constitute an attack on the actual IPsec standards themselves; in fact, the attacks of Paterson and Yau should be prevented by any standardscompliant IPsec implementation. In contrast, this paper describes new attacks which break any RFC-compliant implementation of IPsec making use of encryption-only ESP. The new attacks are both efficient and realistic: they are ciphertext-only and need only the capability to eavesdrop on ESP-encrypted traffic and to inject traffic into the network. The paper also reports our experiences in applying the attacks to a variety of implementations of IPsec, and reflects on what these experiences tell us about how security standards should be written so as to simplify the task of software developers