The scaling limit of the incipient infinite cluster in high-dimensional percolation. II. Integrated super-Brownian excursion

For independent nearest-neighbour bond percolation on Z^d with d >> 6, we prove that the incipient infinite cluster's two-point function and three-point function converge to those of integrated super-Brownian excursion (ISE) in the scaling limit. The proof is based on an extension of the new expansion for percolation derived in a previous paper, and involves treating the magnetic field as a complex variable. A special case of our result for the two-point function implies that the probability that the cluster of the origin consists of n sites, at the critical point, is given by a multiple of n^{-3/2}, plus an error term of order n^{-3/2-\epsilon} with \epsilon >0. This is a strong statement that the critical exponent delta is given by delta =2.Comment: 56 pages, 3 Postscript figures, in AMS-LaTeX, with graphicx, epic, and xr package

On three-manifolds dominated by circle bundles

We determine which three-manifolds are dominated by products. The result is that a closed, oriented, connected three-manifold is dominated by a product if and only if it is finitely covered either by a product or by a connected sum of copies of the product of the two-sphere and the circle. This characterization can also be formulated in terms of Thurston geometries, or in terms of purely algebraic properties of the fundamental group. We also determine which three-manifolds are dominated by non-trivial circle bundles, and which three-manifold groups are presentable by products.Comment: 12 pages; to appear in Math. Zeitschrift; ISSN 1103-467

Improved Key Recovery Attacks on Reduced-Round AES with Practical Data an d Memory Complexities

Determining the security of AES is a central problem in cryptanalysis, but progress in this area had been slow and only a handful of cryptanalytic techniques led to significant advancements. At Eurocrypt 2017 Grassi et al. presented a novel type of distinguisher for AES-like structures, but so far all the published attacks which were based on this distinguisher were inferior to previously known attacks in their complexity. In this paper we combine the technique of Grassi et al. with several other techniques in a novel way to obtain the best known key recovery attack on 5-round AES in the single-key model, reducing its overall complexity from about $2^{32}$ to less than $2^{22}$. Extending our techniques to 7-round AES, we obtain the best known attacks on AES-192 which use practical amounts of data and memory, breaking the record for such attacks which was obtained in 2000 by the classical Square attack

The Exchange Attack: How to Distinguish Six Rounds of AES with 288.22^{88.2} chosen plaintexts

In this paper we present exchange-equivalence attacks which is a new cryptanalytic attack technique suitable for SPN-like block cipher designs. Our new technique results in the first secret-key chosen plaintext distinguisher for 6-round AES. The complexity of the distinguisher is about $2^{88.2}$ in terms of data, memory and computational complexity. The distinguishing attack for AES reduced to six rounds is a straight-forward extension of an exchange attack for 5-round AES that requires $2^{30}$ in terms of chosen plaintexts and computation. This is also a new record for AES reduced to five rounds. The main result of this paper is that AES up to at least six rounds is biased when restricted to exchange-invariant sets of plaintexts

Quantum Demiric-Selçuk Meet-in-the-Middle Attacks: Applications to 6-Round Generic Feistel Constructions

This paper shows that quantum computers can significantly speed-up a type of meet-in-the-middle attacks initiated by Demiric and Selçuk (DS-MITM attacks), which is currently one of the most powerful cryptanalytic approaches in the classical setting against symmetric-key schemes. The quantum DS-MITM attacks are demonstrated against 6 rounds of the generic Feistel construction supporting an $n$-bit key and an $n$-bit block, which was attacked by Guo et al. in the classical setting with data, time, and memory complexities of $O(2^{3n/4})$. The complexities of our quantum attacks depend on the adversary\u27s model and the number of qubits available. When the adversary has an access to quantum computers for offline computations but online queries are made in a classical manner (so called Q1 model), the attack complexities are $O(2^{n/2})$ classical queries, $O(2^n/q)$ quantum computations by using about $q$ qubits. Those are balanced at $\tilde{O}(2^{n/2})$, which significantly improves the classical attack. Technically, we convert the quantum claw finding algorithm to be suitable in the Q1 model. The attack is then extended to the case that the adversary can make superposition queries (so called Q2 model). The attack approach is drastically changed from the one in the Q1 model; the attack is based on 3-round distinguishers with Simon\u27s algorithm and then appends 3 rounds for key recovery. This can be solved by applying the combination of Simon\u27s and Grover\u27s algorithms recently proposed by Leander and May

Yoyo Tricks with AES

In this paper we present new fundamental properties of SPNs. These properties turn out to be particularly useful in the adaptive chosen ciphertext/plaintext setting and we show this by introducing for the first time key-independent yoyo-distinguishers for 3- to 5-rounds of AES. All of our distinguishers beat previous records and require respectively $3, 4$ and $2^{25.8}$ data and essentially zero computation except for observing differences. In addition, we present the first key-independent distinguisher for 6-rounds AES based on yoyos that preserve impossible zero differences in plaintexts and ciphertexts. This distinguisher requires an impractical amount of $2^{122.83}$ plaintext/ciphertext pairs and essentially no computation apart from observing the corresponding differences. We then present a very favorable key-recovery attack on 5-rounds of AES that requires only $2^{11.3}$ data complexity and $2^{31}$ computational complexity, which as far as we know is also a new record. All our attacks are in the adaptively chosen plaintext/ciphertext scenario. Our distinguishers for AES stem from new and fundamental properties of generic SPNs, including generic SAS and SASAS, that can be used to preserve zero differences under the action of exchanging values between existing ciphertext and plaintext pairs. We provide a simple distinguisher for 2 generic SP-rounds that requires only 4 adaptively chosen ciphertexts and no computation on the adversaries side. We then describe a generic and deterministic yoyo-game for 3 generic SP-rounds which preserves zero differences in the middle but which we are not capable of exploiting in the generic setting

Prévention des maladies génétiques. Le retour du médecin de famille ?

International audienceBackground: Information to kin is one of the major ethical problems of the new genetics. In France, the revised bioethics law in 2011 created the possibility for patients to authorize professionals, under certain conditions, to directly contact their relatives at risk. Beyond this, other actors, such as GPs, could however play a role in this process.Methods: Our article is based on an ethnographic-type sociological study by observations and semi-structured interviews with patients (n=59) and genetic professionals (n=16) that took place from 2014 to 2016 in three genetic hospital wards in France and Canada. It focuses particularly on genetic predispositions to breast and ovarian cancers as well as genetic hemochromatosis.Results: Because of its position as a primary care specialist, the general practitioner can play a decisive role in the process of informing relatives about genetic disorders. Upstream of the genetic test, the generalist, thanks to his knowledge of the family context of his patients, can play a referral role towards a specialized consultation. Downstream, it can also ensure a more effective follow-up of the information procedures undertaken by its patients thanks to the medical follow-up that it carries out.Conclusion: The data collected during our study highlight the unprecedented place that could be that of the general practitioner in the field of prevention in genetics. At the articulation between primary care and highly specialized care, it is the figure of the "family" doctor who seems to be called here to be renewed by genetics

Prévention des maladies génétiques. Le retour du médecin de famille ?

International audienceBackground.-Information to kin is one of the major ethical problems of the new genetics. In France, the revised bioethics law in 2011 created the possibility for patients to authorize professionals, under certain conditions, to directly contact their relatives at risk. Beyond this, other actors, such as GPs, could however play a role in this process. Methods.-Our article is based on an ethnographic-type sociological study by observations and semi-structured interviews with patients (n = 59) and genetic professionals (n = 16) that took place from 2014 to 2016 in three genetic hospital wards in France and Canada. It focuses particularly on genetic predispositions to breast and ovarian cancers as well as genetic hemochromatosis. Results.-Because of its position as a primary care specialist, the general practitioner can play a decisive role in the process of informing relatives about genetic disorders. Upstream of the genetic test, the generalist, thanks to his knowledge of the family context of his patients, can play a referral role towards a specialized consultation. Downstream, it can also ensure a more effective follow-up of the information procedures undertaken by its patients thanks to the medical follow-up that it carries out. Conclusion.-The data collected during our study highlight the unprecedented place that could be that of the general practitioner in the field of prevention in genetics. At the articulation between primary care and highly specialized care, it is the figure of the ''family'' doctor who seems to be called here to be renewed by genetics