Quantum Algorithms for Attacking Hardness Assumptions in Classical and Post‐Quantum Cryptography

In this survey, the authors review the main quantum algorithms for solving the computational problems that serve as hardness assumptions for cryptosystem. To this end, the authors consider both the currently most widely used classically secure cryptosystems, and the most promising candidates for post-quantum secure cryptosystems. The authors provide details on the cost of the quantum algorithms presented in this survey. The authors furthermore discuss ongoing research directions that can impact quantum cryptanalysis in the future

STRATEGIC-1: A multiple-lines, randomized, open-label GERCOR phase III study in patients with unresectable wild-type RAS metastatic colorectal cancer.

BACKGROUND: The management of unresectable metastatic colorectal cancer (mCRC) is a comprehensive treatment strategy involving several lines of therapy, maintenance, salvage surgery, and treatment-free intervals. Besides chemotherapy (fluoropyrimidine, oxaliplatin, irinotecan), molecular-targeted agents such as anti-angiogenic agents (bevacizumab, aflibercept, regorafenib) and anti-epidermal growth factor receptor agents (cetuximab, panitumumab) have become available. Ultimately, given the increasing cost of new active compounds, new strategy trials are needed to define the optimal use and the best sequencing of these agents. Such new clinical trials require alternative endpoints that can capture the effect of several treatment lines and be measured earlier than overall survival to help shorten the duration and reduce the size and cost of trials. METHODS/DESIGN: STRATEGIC-1 is an international, open-label, randomized, multicenter phase III trial designed to determine an optimally personalized treatment sequence of the available treatment modalities in patients with unresectable RAS wild-type mCRC. Two standard treatment strategies are compared: first-line FOLFIRI-cetuximab, followed by oxaliplatin-based second-line chemotherapy with bevacizumab (Arm A) vs. first-line OPTIMOX-bevacizumab, followed by irinotecan-based second-line chemotherapy with bevacizumab, and by an anti-epidermal growth factor receptor monoclonal antibody with or without irinotecan as third-line treatment (Arm B). The primary endpoint is duration of disease control. A total of 500 patients will be randomized in a 1:1 ratio to one of the two treatment strategies. DISCUSSION: The STRATEGIC-1 trial is designed to give global information on the therapeutic sequences in patients with unresectable RAS wild-type mCRC that in turn is likely to have a significant impact on the management of this patient population. The trial is open for inclusion since August 2013. TRIAL REGISTRATION: STRATEGIC-1 is registered at Clinicaltrials.gov: NCT01910610, 23 July, 2013. STRATEGIC-1 is registered at EudraCT-No.: 2013-001928-19, 25 April, 2013

Open versus laparoscopically-assisted oesophagectomy for cancer: a multicentre randomised controlled phase III trial - the MIRO trial

<p>Abstract</p> <p>Background</p> <p>Open transthoracic oesophagectomy is the standard treatment for infracarinal resectable oesophageal carcinomas, although it is associated with high mortality and morbidity rates of 2 to 10% and 30 to 50%, respectively, for both the abdominal and thoracic approaches. The worldwide popularity of laparoscopic techniques is based on promising results, including lower postoperative morbidity rates, which are related to the reduced postoperative trauma. We hypothesise that the laparoscopic abdominal approach (laparoscopic gastric mobilisation) in oesophageal cancer surgery will decrease the major postoperative complication rate due to the reduced surgical trauma.</p> <p>Methods/Design</p> <p>The MIRO trial is an open, controlled, prospective, randomised multicentre phase III trial. Patients in study arm A will receive laparoscopic-assisted oesophagectomy, i.e., a transthoracic oesophagectomy with two-field lymphadenectomy and laparoscopic gastric mobilisation. Patients in study arm B will receive the same procedure, but with the conventional open abdominal approach. The primary objective of the study is to evaluate the major postoperative 30-day morbidity. Secondary objectives are to assess the overall 30-day morbidity, 30-day mortality, 30-day pulmonary morbidity, disease-free survival, overall survival as well as quality of life and to perform medico-economic analysis. A total of 200 patients will be enrolled, and two safety analyses will be performed using 25 and 50 patients included in arm A.</p> <p>Discussion</p> <p>Postoperative morbidity remains high after oesophageal cancer surgery, especially due to major pulmonary complications, which are responsible for 50% of the postoperative deaths. This study represents the first randomised controlled phase III trial to evaluate the benefits of the minimally invasive approach with respect to the postoperative course and oncological outcomes in oesophageal cancer surgery.</p> <p>Trial Registration</p> <p><a href="http://www.clinicaltrials.gov/ct2/show/NCT00937456">NCT00937456</a> (ClinicalTrials.gov)</p

Finding Hash Collisions with Quantum Computers by Using Differential Trails with Smaller Probability than Birthday Bound

In this paper we spot light on dedicated quantum collision attacks on concrete hash functions, which has not received much attention so far. In the classical setting, the generic complexity to find collisions of an $n$-bit hash function is $O(2^{n/2})$, thus classical collision attacks based on differential cryptanalysis such as rebound attacks build differential trails with probability higher than $2^{-n/2}$. By the same analogy, generic quantum algorithms such as the BHT algorithm find collisions with complexity $O(2^{n/3})$. With quantum algorithms, a pair of messages satisfying a differential trail with probability $p$ can be generated with complexity $p^{-1/2}$. Hence, in the quantum setting, some differential trails with probability up to $2^{-2n/3}$ that cannot be exploited in the classical setting may be exploited to mount a collision attack in the quantum setting. In particular, the number of attacked rounds may increase. In this paper, we attack two international hash function standards: AES-MMO and Whirlpool. For AES-MMO, we present a $7$-round differential trail with probability $2^{-80}$ and use it to find collisions with a quantum version of the rebound attack, while only $6$ rounds can be attacked in the classical setting. For Whirlpool, we mount a collision attack based on a $6$-round differential trail from a classical rebound distinguisher with a complexity higher than the birthday bound. This improves the best classical attack on 5 rounds by 1. We also show that those trails are optimal in our approach. Our results have two important implications. First, there seems to exist a common belief that classically secure hash functions will remain secure against quantum adversaries. Indeed, several second-round candidates in the NIST post-quantum competition use existing hash functions, say SHA-3, as quantum secure ones. Our results disprove this common belief. Second, our observation suggests that differential trail search should not stop with probability $2^{-n/2}$ but should consider up to $2^{-2n/3}$. Hence it deserves to revisit the previous differential trail search activities

The influence of socio-economic and surveillance characteristics on breast cancer survival: a French population-based study

Survival data on female invasive breast cancer with 9-year follow-up from five French cancer registries were analysed by logistic regression for prognostic factors of cancer stage. The Kaplan–Meier method and log-rank test were used to estimate and compare the overall survival probability at 5 and 7 years, and at the endpoint. The Cox regression model was used for multivariate analysis. County of residence, age group, occupational status, mammographic surveillance, gynaecological prevention consultations and the diagnosis mammography, whether within a screening framework or not, were independent prognostic factors of survival. Moreover, for the same age group, and only for cancers T2 and/or N+ (whether 1, 2 or 3) and M0, the prognosis was significantly better when the diagnosis mammography was done within the framework of screening. Socio-economic and surveillance characteristics are independent prognostic factors of both breast cancer stage at diagnosis and of survival. Screening mammography is an independent prognostic factor of survival

Quantum Collision Attacks on AES-like Hashing with Low Quantum Random Access Memories

At EUROCRYPT 2020, Hosoyamada and Sasaki proposed the first dedicated quantum attack on hash functions --- a quantum version of the rebound attack exploiting differentials whose probabilities are too low to be useful in the classical setting. This work opens up a new perspective toward the security of hash functions against quantum attacks. In particular, it tells us that the search for differentials should not stop at the classical birthday bound. Despite these interesting and promising implications, the concrete attacks described by Hosoyamada and Sasaki make use of large quantum random access memories (qRAMs), a resource whose availability in the foreseeable future is controversial even in the quantum computation community. Without large qRAMs, these attacks incur significant increases in time complexities. In this work, we reduce or even avoid the use of qRAMs by performing a quantum rebound attack based on differentials with non-full-active super S-boxes. Along the way, an MILP-based method is proposed to systematically explore the search space of useful truncated differentials with respect to rebound attacks. As a result, we obtain improved attacks on AES-MMO, AES-MP, and the first classical collision attacks on 4- and 5-round Grostl-512. Interestingly, the use of non-full-active super S-box differentials in the analysis of AES-MMO gives rise to new difficulties in collecting enough starting points. To overcome this issue, we consider attacks involving two message blocks to gain more degrees of freedom, and we successfully compress the qRAM demand of the collision attacks on AES-MMO and AES-MP (EUROCRYPT 2020) from $2^{48}$ to a range from $2^{16}$ to $0$, while still maintaining a comparable time complexity. To the best of our knowledge, these are the first dedicated quantum attacks on hash functions that slightly outperform Chailloux, Naya-Plasencia, and Schrottenloher\u27s generic quantum collision attack (ASIACRYPT 2017) in a model where large qRAMs are not available. This work demonstrates again how a clever combination of classical cryptanalytic technique and quantum computation leads to improved attacks, and shows that the direction pointed out by Hosoyamada and Sasaki deserves further investigation

Hash-based Signatures Revisited: A Dynamic FORS with Adaptive Chosen Message Security

FORS is the underlying hash-based few-time signing scheme in SPHINCS+, one of the nine signature schemes which advanced to round 2 of the NIST Post-Quantum Cryptography standardization competition. In this paper, we analyze the security of FORS with respect to adaptive chosen message attacks. We show that in such a setting, the security of FORS decreases significantly with each signed message when compared to its security against non-adaptive chosen message attacks. We propose a chaining mechanism that with slightly more computation, dynamically binds the Obtain Random Subset (ORS) generation with signing, hence, eliminating the offline advantage of adaptive chosen message adversaries. We apply our chaining mechanism to FORS and present DFORS whose security against adaptive chosen message attacks is equal to the non-adaptive security of FORS. In a nutshell, using SPHINCS+-128s parameters, FORS provides 75-bit security and DFORS achieves 150-bit security with respect to adaptive chosen message attacks after signing one message. We note that our analysis does not affect the claimed security of SPHINCS+. Nevertheless, this work provides a better understanding of FORS and other HORS variants and furnishes a solution if new adaptive cryptanalytic techniques on SPHINCS+ emerge