Faster Algorithms for the Sparse Random 3XOR Problem

We present two new algorithms for a variant of the 3XOR problem with lists consisting of N n-bit 10 vectors whose coefficients are drawn randomly according to a Bernoulli distribution of parameter 11 p 0.13. The analysis of these algorithms reveal a "phase change" for a 16 certain threshold p. 17 2012 ACM Subject Classification Theory of computation → Computational complexity and cryp-18 tography; Theory of computation 1

Brute-Force Cryptanalysis with Aging Hardware: Controlling Half the Output of SHA-256

This paper describes a "three-way collision" on SHA-256 truncated to 128 bits. More precisely, it gives three random-looking bit strings whose hashes by SHA-256 maintain a non-trivial relation: their XOR starts with 128 zero bits. They have been found by brute-force, without exploiting any cryptographic weakness in the hash function itself. This shows that birthday-like computations on 128 bits are becoming increasingly feasible, even for academic teams without substantial means. These bit strings have been obtained by solving a large instance of the three-list generalized birthday problem, a difficult case known as the 3XOR problem. The whole computation consisted of two equally challenging phases: assembling the 3XOR instance and solving it. It was made possible by the combination of: 1) recent progress on algorithms for the 3XOR problem, 2) creative use of "dedicated" hardware accelerators, 3) adapted implementations of 3XOR algorithms that could run on massively parallel machines. Building the three lists required 2 67.6 evaluations of the compression function of SHA-256. They were performed in 7 calendar months by two obsolete secondhand bitcoin mining devices, which can now be acquired on eBay for about 80e. The actual instance of the 3XOR problem was solved in 300 CPU years on a 7-year old IBM Bluegene/Q computer, a few weeks before it was scrapped. To the best of our knowledge, this is the first explicit 128-bit collision-like result for SHA-256. It is the first bitcoin-accelerated cryptanalytic computation and it is also one of the largest public ones

Sparse Gaussian Elimination modulo p: an Update

International audienceThis paper considers elimination algorithms for sparse matrices over finite fields. We mostly focus on computing the rank, because it raises the same challenges as solving linear systems, while being slightly simpler. We developed a new sparse elimination algorithm inspired by the Gilbert-Peierls sparse LU factorization, which is well-known in the numerical computation community. We benchmarked it against the usual right-looking sparse gaussian elimination and the Wiedemann algorithm using the Sparse Integer Matrix Collection of Jean-Guillaume Dumas. We obtain large speedups (1000× and more) on many cases. In particular , we are able to compute the rank of several large sparse matrices in seconds or minutes, compared to days with previous methods

A Simple Deterministic Algorithm for Systems of Quadratic Polynomials over F2\mathbb{F}_2

This article discusses a simple deterministic algorithm for solving quadratic Boolean systems which is essentially a special case of more sophisticated methods. The main idea fits in a single sentence: guess enough variables so that the remaining quadratic equations can be solved by linearization (i.e. by considering each remaining monomial as an independent variable and solving the resulting linear system) and restart until the solution is found. Under strong heuristic assumptions, this finds all the solutions of $m$ quadratic polynomials in $n$ variables with $\mathcal{\tilde O}({2^{n-\sqrt{2m}}})$ operations. Although the best known algorithms require exponentially less time, the present technique has the advantage of being simpler to describe and easy to implement. In strong contrast with the state-of-the-art, it is also quite efficient in practice

Computational Records with Aging Hardware: Controlling Half the Output of SHA-256

SHA-256 is a secure cryptographic hash function. As such, its output should not have any detectable property. This paper describes three bit strings whose hashes by SHA-256 are nevertheless correlated in a non-trivial way: the first half of their hashes XORs to zero. They were found by “brute-force”, without exploiting any cryptographic weakness in the hash function itself. This does not threaten the security of the hash function and does not have any cryptographic implication. This is an example of a large “combinatorial” computation in which at least 8.7 × 10 22 integer operations have been performed. This was made possible by the combination of: 1) recent progress on algorithms for the underlying problem, 2) creative use of dedicated hardware accelerators, 3) adapted implementations of the relevant algorithms that could run on massively parallel machines. The actual computation was done on aging hardware. It required seven calendar months using two obsolete second-hand bitcoin mining devices converted into useful computational devices. A second step required 570 CPU-years on an 8-year old IBM BlueGene/Q computer, a few weeks before it was scrapped. To the best of our knowledge, this is the first practical 128-bit collision-like result obtained by brute-force, and it is the first bitcoin miner-accelerated computation

Fast Lattice-Based Encryption: Stretching Spring

International audienceThe SPRING pseudo-random function (PRF) has been described by Banerjee, Brenner, Leurent, Peikert and Rosen at FSE 2014. It is quite fast, only 4.5 times slower than the AES (without hardware acceleration) when used in counter mode. SPRING is similar to the PRF of Banerjee, Peikert and Rosen from EUROCRYPT 2012, whose security relies on the hardness of the Learning With Rounding (LWR) problem, which can itself be reduced to hard lattice problems. However, there is no such chain of reductions relating SPRING to lattice problems, because it uses small parameters for efficiency reasons. Consequently, the heuristic security of SPRING is evaluated using known attacks and the complexity of the best known algorithms for breaking the underlying hard problem. In this paper, we revisit the efficiency and security of SPRING when used as a pseudo-random generator. We propose a new variant which is competitive with the AES in counter mode without hardware AES acceleration, and about four times slower than AES with hardware acceleration. In terms of security, we improve some previous analysis of SPRING and we estimate the security of our variant against classical algorithms and attacks. Finally, we implement our variant using AVX2 instructions, resulting in high performances on high-end desktop computers

Microstructure and chemical composition of camel and cow milk powders’ surface

This study aimed at investigating the chemical composition and microstructure of spray dried camel and cowmilk powders' surfaces with two different milk-fat contents (1 and 20g 100 g−1). The SEM (Scanning ElectronMicroscopy) micrographs showed that spherical particles with a ‘brain’-type surface for both milk powders wereproduced. The surface roughness (Ra) of whole (WDMP) and skimmed (SDMP) camel milk powders(Ra=7.6 ± 0.4 nm and 5.6 ± 0.7 nm, respectively) were significantly lower as compared with the partiallyskimmed (PSCMP) and skimmed (SCMP) cow milk powders. The XPS (X-ray Photoelectron Spectroscopy)analysis highlighted that the surface of skimmed camel milk powders contained twice the lactose amount(17.7 ± 0.8%) as compared to cow milk powders (8.7 ± 0.4%). Furthermore, both milk powders showed theoverexposure of proteins and fats at their surfaces regardless of the fat content. The CLSM (Confocal LaserScattering Microscopy) micrographs highlighted that most of the camel milk fat globules were encapsulated bythe proteins near the powder surface. Camel milk fat behavior during particle formation was attributed to theirlower size distribution and their higher crystallization temperature

Biodiversity of soils and farming innovations for improved resilience of European wheat agrosystems (BIOFAIR)

BIOFAIR holistically determines soil biodiversity under different farming practices and environmental stressors to anticipate negative impacts of climate change on belowground processes and provide adaptation strategies. The BIOFAIR project comprehensively addresses the diversity of soil organisms, from microbes to mites, and how they link to soil functioning in terms of disease suppression and carbon and nutrient cycling. On the crop site, a specific focus is given to grain quality parameters such as vitamin and mineral nutrient contents essential for many human body functions, and to technological bread making properties such as flour viscosity, to ensure the crops of the future have a high nutritious value and are suitable for food production.2. Zero hunger3. Good health and well-being12. Responsible consumption and production13. Climate action15. Life on land17. Partnerships for the goal

Biodiversity of soils and farming innovations for improved resilience of European wheat agrosystems (BIOFAIR)

IOFAIR holistically determines soil biodiversity under different farming practices and environmental stressors to anticipate negative impacts of climate change on belowground processes and provide adaptation strategies. The BIOFAIR project comprehensively addresses the diversity of soil organisms, from microbes to mites, and how they link to soil functioning in terms of disease suppression and carbon and nutrient cycling. On the crop site, a specific focus is given to grain quality parameters such as vitamin and mineral nutrient contents essential for many human body functions, and to technological bread making properties such as flour viscosity, to ensure the crops of the future have a high nutritious value and are suitable for food production

Time travelling with Triticum: An Ecotron experiment to study the wheat of the future

2. Zero hunger3. Good health and well-being12. Responsible consumption and production13. Climate action15. Life on land17. Partnerships for the goal