The chaining lemma and its application

We present a new information-theoretic result which we call the Chaining Lemma. It considers a so-called “chain” of random variables, defined by a source distribution X(0)with high min-entropy and a number (say, t in total) of arbitrary functions (T1,…, Tt) which are applied in succession to that source to generate the chain (Formula presented). Intuitively, the Chaining Lemma guarantees that, if the chain is not too long, then either (i) the entire chain is “highly random”, in that every variable has high min-entropy; or (ii) it is possible to find a point j (1 ≤ j ≤ t) in the chain such that, conditioned on the end of the chain i.e. (Formula presented), the preceding part (Formula presented) remains highly random. We think this is an interesting information-theoretic result which is intuitive but nevertheless requires rigorous case-analysis to prove. We believe that the above lemma will find applications in cryptography. We give an example of this, namely we show an application of the lemma to protect essentially any cryptographic scheme against memory tampering attacks. We allow several tampering requests, the tampering functions can be arbitrary, however, they must be chosen from a bounded size set of functions that is fixed a prior

Non-malleable codes for space-bounded tampering

Non-malleable codes—introduced by Dziembowski, Pietrzak and Wichs at ICS 2010—are key-less coding schemes in which mauling attempts to an encoding of a given message, w.r.t. some class of tampering adversaries, result in a decoded value that is either identical or unrelated to the original message. Such codes are very useful for protecting arbitrary cryptographic primitives against tampering attacks against the memory. Clearly, non-malleability is hopeless if the class of tampering adversaries includes the decoding and encoding algorithm. To circumvent this obstacle, the majority of past research focused on designing non-malleable codes for various tampering classes, albeit assuming that the adversary is unable to decode. Nonetheless, in many concrete settings, this assumption is not realistic

Proton affinities of candidates for positively charged ambient ions in boreal forests

The optimized structures and proton affinities of a total of 81 nitrogen-containing bases, chosen based on field measurements of ambient positive ions, were studied using the CBS-QB3 quantum chemical method. The results were compared to values given in the National Institute of Standards and Technology (NIST) Chemistry WebBook in cases where a value was listed. The computed values show good agreement with the values listed in NIST. Grouping the molecules based on their molecular formula, the largest calculated proton affinities for each group were also compared with experimentally observed ambient cation concentrations in a boreal forest. This comparison allows us to draw qualitative conclusions about the relative ambient concentrations of different nitrogen-containing organic base molecules

Efficient public-key cryptography with bounded leakage and tamper resilience

We revisit the question of constructing public-key encryption and signature schemes with security in the presence of bounded leakage and tampering memory attacks. For signatures we obtain the first construction in the standard model; for public-key encryption we obtain the first construction free of pairing (avoiding non-interactive zero-knowledge proofs). Our constructions are based on generic building blocks, and, as we show, also admit efficient instantiations under fairly standard number-theoretic assumptions. The model of bounded tamper resistance was recently put forward by Damgård et al. (Asiacrypt 2013) as an attractive path to achieve security against arbitrary memory tampering attacks without making hardware assumptions (such as the existence of a protected self-destruct or key-update mechanism), the only restriction being on the number of allowed tampering attempts (which is a parameter of the scheme). This allows to circumvent known impossibility results for unrestricted tampering (Gennaro et al., TCC 2010), while still being able to capture realistic tampering attack

Differential p38-dependent signalling in response to cellular stress and mitogenic stimulation in fibroblasts

p38 MAP kinase is known to be activated by cellular stress finally leading to cell cycle arrest or apoptosis. Furthermore, a tumour suppressor role of p38 MAPK has been proposed. In contrast, a requirement of p38 for proliferation has also been described. To clarify this paradox, we investigated stress- and mitogen-induced p38 signalling in the same cell type using fibroblasts. We demonstrate that - in the same cell line - p38 is activated by mitogens or cellular stress, but p38-dependent signalling is different. Exposure to cellular stress, such as anisomycin, leads to a strong and persistent p38 activation independent of GTPases. As a result, MK2 and downstream the transcription factor CREB are phosphorylated. In contrast, mitogenic stimulation results in a weaker and transient p38 activation, which upstream involves small GTPases and is required for cyclin D1 induction. Consequently, the retinoblastoma protein is phosphorylated and allows G1/S transition. Our data suggest a dual role of p38 and indicate that the level and/or duration of p38 activation determines the cellular response, i.e either proliferation or cell cycle arrest

Shape coexistence in the very neutron-rich odd-odd 96Rb^{96}Rb

Microsecond isomers of neutron-rich nuclei in the masses A=96 and 98 were reinvestigated at the ILL reactor (Grenoble). These nuclei were produced by thermal-neutron induced fission of $^{241}$Pu. The detection is based on time correlation between fission fragments selected by the Lohengrin mass spectrometer, and the $\gamma$ rays and conversion electrons from the isomers. A new level scheme of $^{96}$Rb is proposed. We have found that the ground state and low-lying levels of this nucleus are rather spherical, while a rotational band develops at 461 keV energy. This bans has properties consistent with a $\pi[431 3/2] x \nu[541 3/2]K = 3^-$ Nilsson assignment and a deformation $\beta_2 > 0.28$. It is fed by a $10^-$ microsecond isomer consistent with a $\pi(g_{9/2})\nu(h_{11/2})$ sperical configuration. It is interesting to note that the same unique-parity states $\pi(g_{9/2})$ and $\nu(h_{11/2})$ are present in the same nucleus in a deformed and in a spherical configuration. The neighbouring odd-odd nucleus $^{98}$Y presents a strong analogy with $^{96}$Rb and is also discussed

Efficient noninteractive certification of RSA moduli and beyond

In many applications, it is important to verify that an RSA public key (N; e) speci es a permutation over the entire space ZN, in order to prevent attacks due to adversarially-generated public keys. We design and implement a simple and e cient noninteractive zero-knowledge protocol (in the random oracle model) for this task. Applications concerned about adversarial key generation can just append our proof to the RSA public key without any other modi cations to existing code or cryptographic libraries. Users need only perform a one-time veri cation of the proof to ensure that raising to the power e is a permutation of the integers modulo N. For typical parameter settings, the proof consists of nine integers modulo N; generating the proof and verifying it both require about nine modular exponentiations. We extend our results beyond RSA keys and also provide e cient noninteractive zero- knowledge proofs for other properties of N, which can be used to certify that N is suitable for the Paillier cryptosystem, is a product of two primes, or is a Blum integer. As compared to the recent work of Auerbach and Poettering (PKC 2018), who provide two-message protocols for similar languages, our protocols are more e cient and do not require interaction, which enables a broader class of applications.https://eprint.iacr.org/2018/057First author draf