39 research outputs found
Firmware Insider: Bluetooth Randomness is Mostly Random
Bluetooth chips must include a Random Number Generator (RNG). This RNG is
used internally within cryptographic primitives but also exposed to the
operating system for chip-external applications. In general, it is a black box
with security-critical authentication and encryption mechanisms depending on
it. In this paper, we evaluate the quality of RNGs in various Broadcom and
Cypress Bluetooth chips. We find that the RNG implementation significantly
changed over the last decade. Moreover, most devices implement an insecure
Pseudo-Random Number Generator (PRNG) fallback. Multiple popular devices, such
as the Samsung Galaxy S8 and its variants as well as an iPhone, rely on the
weak fallback due to missing a Hardware Random Number Generator (HRNG). We
statistically evaluate the output of various HRNGs in chips used by hundreds of
millions of devices. While the Broadcom and Cypress HRNGs pass advanced tests,
it remains indistinguishable for users if a Bluetooth chip implements a secure
RNG without an extensive analysis as in this paper. We describe our measurement
methods and publish our tools to enable further public testing.Comment: WOOT'2
Searching for ELFs in the Cryptographic Forest
Extremely Lossy Functions (ELFs) are families of functions that, depending on the choice during key generation, either operate in injective mode or instead have only a polynomial image size. The choice of the mode is indistinguishable to an outsider. ELFs were introduced by Zhandry (Crypto 2016) and have been shown to be very useful in replacing random oracles in a number of applications.
One open question is to determine the minimal assumption needed to instantiate ELFs. While all constructions of ELFs depend on some form of exponentially-secure public-key primitive, it was conjectured that exponentially-secure secret-key primitives, such as one-way functions, hash functions or one-way product functions, might be sufficient to build ELFs. In this work we answer this conjecture mostly negative: We show that no primitive, which can be derived from a random oracle (which includes all secret-key primitives mentioned above), is enough to construct even moderately lossy functions in a black-box manner. However, we also show that (extremely) lossy functions themselves do not imply public-key cryptography, leaving open the option to build ELFs from some intermediate primitive between the classical categories of secret-key and public-key cryptography
Recommended from our members
Heterogeneity in the projections and excitability of tyraminergic/octopaminergic neurons that innervate the Drosophila reproductive tract.
Aminergic nuclei in mammals are generally composed of relatively small numbers of cells with broad projection patterns. Despite the gross similarity of many individual neurons, recent transcriptomic, anatomic and behavioral studies suggest previously unsuspected diversity. Smaller clusters of aminergic neurons in the model organism Drosophila melanogaster provide an opportunity to explore the ramifications of neuronal diversity at the level of individual cells. A group of approximately 10 tyraminergic/octopaminergic neurons innervates the female reproductive tract in flies and has been proposed to regulate multiple activities required for fertility. The projection patterns of individual neurons within the cluster are not known and it remains unclear whether they are functionally heterogenous. Using a single cell labeling technique, we show that each region of the reproductive tract is innervated by a distinct subset of tyraminergic/octopaminergic cells. Optogenetic activation of one subset stimulates oviduct contractions, indicating that the cluster as a whole is not required for this activity, and underscoring the potential for functional diversity across individual cells. Using whole cell patch clamp, we show that two adjacent and morphologically similar cells are tonically inhibited, but each responds differently to injection of current or activation of the inhibitory GluCl receptor. GluCl appears to be expressed at relatively low levels in tyraminergic/octopaminergic neurons within the cluster, suggesting that it may regulate their excitability via indirect pathways. Together, our data indicate that specific tyraminergic/octopaminergic cells within a relatively homogenous cluster have heterogenous properties and provide a platform for further studies to determine the function of each cell
Forschung über Evaluation in der Schweiz: Stand und Aussichten
Seit einiger Zeit hat sich die Forschung, die sich mit Evaluation befasst, klar intensiviert. Dieser Beitrag soll einen Überblick zur Forschung über Evaluation in der Schweiz geben, wobei das Was und Wie der Forschung und nicht die Befunde im Zentrum stehen. Dazu werden die Forschungstätigkeiten in ausgewählten Evaluationsfeldern und zu feldübergreifenden Fragen (wie Nachfrage oder Nutzung) beschrieben. Der Überblick verdeutlicht die zentrale Bedeutung der Evaluationsfachlichkeit: Wird anerkannt, dass Evaluationen neben einer thematischen auch eine eigenständige evaluationsfachliche Expertise erfordern, erhält die Forschung über Evaluation einen höheren Stellenwert
Zimbabwe’s land reform: challenging the myths
Most commentary on Zimbabwe’s land reform insists that agricultural production has almost totally collapsed, that food insecurity is rife, that rural economies are in precipitous decline, that political ‘cronies’ have taken over the land and that farm labour has all been displaced. This paper however argues that the story is not simply one of collapse and catastrophe; it is much more nuanced and complex, with successes as well as failures. The paper provides a summary of some of the key findings from a ten-year study in Masvingo province and the book Zimbabwe’s Land Reform: Myths and Realities. The paper documents the nature of the radical transformation of agrarian structure that has occurred both nationally and within the province, and the implications for agricultural production and livelihoods. A discussion of who got the land shows the diversity of new settlers, many of whom have invested substantially in their new farms. An emergent group ‘middle farmers’ is identified who are producing, investing and accumulating. This has important implications – both economically and politically – for the future, as the final section on policy challenges discusses.ESR
Novel targets and future strategies for acute cardioprotection: Position Paper of the European Society of Cardiology Working Group on Cellular Biology of the Heart
Ischaemic heart disease and the heart failure that often results, remain the leading causes of death and disability in Europe and worldwide. As such, in order to prevent heart failure and improve clinical outcomes in patients presenting with an acute ST-segment elevation myocardial infarction and patients undergoing coronary artery bypass graft surgery, novel therapies are required to protect the heart against the detrimental effects of acute ischaemia/reperfusion injury. During the last three decades, a wide variety of ischaemic conditioning strategies and pharmacological treatments have been tested in the clinic - however, their translation from experimental to clinical studies for improving patient outcomes has been both challenging and disappointing. Therefore, in this Position Paper of the European Society of Cardiology Working Group on Cellular Biology of the Heart, we critically analyse the current state of ischaemic conditioning in both the experimental and clinical settings, provide recommendations for improving its translation into the clinical setting, and highlight novel therapeutic targets and new treatment strategies for reducing acute myocardial ischaemia/reperfusion injury
Single-to-Multi-Theorem Transformations for Non-Interactive Statistical Zero-Knowledge
Non-interactive zero-knowledge proofs or arguments allow a prover to show validity of a statement without further interaction. For non-trivial statements such protocols require a setup assumption in form of a common random or reference string (CRS). Generally, the CRS can only be used for one statement (single-theorem zero-knowledge) such that a fresh CRS would need to be generated for each proof. Fortunately, Feige, Lapidot and Shamir (FOCS 1990) presented a transformation for any non-interactive zero-knowledge proof system that allows the CRS to be reused any polynomial number of times (multi-theorem zero-knowledge). This FLS transformation, however, is only known to work for either computational zero-knowledge or requires a structured, non-uniform common reference string.
In this paper we present FLS-like transformations that work for non-interactive statistical zero-knowledge arguments in the common random string model. They allow to go from single-theorem to multi-theorem zero-knowledge and also preserve soundness, for both properties in the adaptive and non-adaptive case. Our first transformation is based on the general assumption that one-way permutations exist, while our second transformation uses lattice-based assumptions. Additionally, we define different possible soundness notions for non-interactive arguments and discuss their relationships
A Random Oracle for All of Us
We introduce the notion of a universal random oracle. Analogously to a classical random oracle it idealizes hash functions as random functions. However, as opposed to a classical random oracle which is created freshly and independently for each adversary, the universal random oracle should provide security of a cryptographic protocol against all adversaries simultaneously. This should even hold if the adversary now depends on the random function. This reflects better the idea that the strong hash functions like SHA-2 and SHA-3 are fixed before the adversary decides upon the attack strategy.
Besides formalizing the notion of the universal random oracle model we show that the model is asymptotically equivalent to Unruh’s auxiliary-input random oracle model (Crypto 2007). In Unruh’s model the adversary receives some inefficiently computed information about the random oracle as extra input. Noteworthy, while security in the universal random oracle model implies security in the auxiliary-input random oracle model tightly, the converse implication introduces an inevitable security loss. This implies that the universal random oracle model provides stronger guarantees in terms of concrete security. Validating the model we finally show, via a direct proof with concrete security, that a universal random oracle is one-way
On Derandomizing Yao’s Weak-to-Strong OWF Construction
International audienc
On Derandomizing Yao\u27s Weak-to-Strong OWF Construction
The celebrated result of Yao (FOCS\u2782) shows that concatenating copies of a weak one-way function (OWF) , which can be inverted with probability , yields a strong OWF , showing that weak and strong OWFs are black-box equivalent. Yao\u27s transformation is not security-preserving, i.e., the input to needs to be much larger than the input to . Understanding whether a larger input is inherent is a long-standing open question.
In this work, we explore necessary features of constructions which achieve short input length by proving the following: for any direct product construction of a strong OWF from a weak OWF , which can be inverted with probability , the input size of must grow as . Here, direct product refers to the following structure: the construction executes some arbitrary pre-processing function (independent of ) on its input , obtaining a vector , and outputs . When setting the pre-processing to be the identity, one recovers thus Yao\u27s construction.
Our result generalizes to functions with post-processing, as long as the post-processing function is not too lossy. Thus, in essence, any weak-to-strong OWF hardness amplification must either (1) be very far from security-preserving, (2) use adaptivity, or (3) must be very far from a direct-product structure (in the sense that post-processing of the outputs of is very lossy).
On a technical level, we use ideas from lower bounds for secret-sharing to prove the impossibility of derandomizing Yao in a black-box way. Our results are in line with Goldreich, Impagliazzo, Levin, Venkatesan, and Zuckerman (FOCS 1990) who derandomize Yao\u27s construction for regular weak OWFs by evaluating the OWF along a random walk on an expander graph – the construction is adaptive, since it alternates steps on the expander graph with evaluations of the weak OWF