41 research outputs found
The 0 and the pi phase Josephson coupling through an insulating barrier with magnetic impurities
We have studied temperature and field dependencies of the critical current
in the Nb-FeSi-Nb Josephson junction with tunneling
barrier formed by paramagnetic insulator. We demonstrate that in these
junctions the co-existence of both the 0 and the states within one tunnel
junction takes place which leads to the appearance of a sharp cusp in the
temperature dependence similar to the cusp found for the
transition in metallic junctions. This cusp is not related to the
temperature induced transition itself, but is caused by the different
temperature dependencies of the opposing 0 and supercurrents through the
barrier.Comment: Accepted in Physical Review
Electrical and structural properties of MgB2 films prepared by sequential deposition of B and Mg on the NbN buffered Si(100) substrate
We introduce a simple method of an MgB2 film preparation using sequential
electron-beam evaporation of B-Mg two-layer (followed by in-situ annealing) on
the NbN buffered Si(100) substrate. The Transmission Electron Microscopy
analyses confirm a growth of homogeneous nanogranular MgB2 films without the
presence of crystalline MgO. A sensitive measurement of temperature dependence
of microwave losses shows a presence of intergranular weak links close the
superconducting transition only. The MgB2 films obtained, about 200 nm thick,
exhibit a maximum zero resistance critical temperature of 36 K and critical
current density of 3x10^7 A/cm^2 at 13.2 KComment: 11 pages, 6 figures, submitted to Appl. Phys. Let
Breaking Message Integrity of an End-to-End Encryption Scheme of LINE
In this paper, we analyze the security of an end-to-end encryption scheme (E2EE) of LINE, a.k.a Letter Sealing. LINE is one of the most widely-deployed instant messaging applications, especially in East Asia. By a close inspection of their protocols, we give several attacks against the message integrity of Letter Sealing. Specifically, we propose forgery and impersonation attacks on the one-to-one message encryption and the group message encryption.
All of our attacks are feasible with the help of an end-to-end adversary, who has access to the inside of the LINE server (e.g. service provider LINE themselves). We stress that the main purpose of E2EE is to provide a protection against the end-to-end adversary. In addition, we found some attacks that even do not need the help of E2E adversary, which shows a critical security flaw of the protocol. Our results reveal that the E2EE scheme of LINE do not sufficiently guarantee the integrity of messages compared to the state-of-the-art E2EE schemes such as Signal, which is used by WhatApp and Facebook Messenger. We also provide some countermeasures against our attacks.
We have shared our findings with LINE corporation in advance.
The LINE corporation has confirmed our attacks are valid as long as the E2E adversary is involved, and officially recognizes our results as a vulnerability of encryption break
Minimizing the Two-Round Even-Mansour Cipher
The -round (iterated) \emph{Even-Mansour cipher} (also known as \emph{key-alternating cipher}) defines a block cipher from fixed public -bit permutations as follows: given a sequence of -bit round keys , an -bit plaintext is encrypted by xoring round key , applying permutation , xoring round key , etc. The (strong) pseudorandomness of this construction in the random permutation model (i.e., when the permutations are public random permutation oracles that the adversary can query in a black-box way) was studied in a number of recent papers, culminating with the work of Chen and Steinberger (EUROCRYPT~2014), who proved that the -round Even-Mansour cipher is indistinguishable from a truly random permutation up to queries of any adaptive adversary (which is an optimal security bound since it matches a simple distinguishing attack). All results in this entire line of work share the common restriction that they only hold under the assumption that \emph{the round keys and the permutations are independent}. In particular, for two rounds, the current state of knowledge is that the block cipher is provably secure up to queries of the adversary, when , , and are three independent -bit keys, and and are two independent random -bit permutations. In this paper, we ask whether one can obtain a similar bound for the two-round Even-Mansour cipher \emph{from just one -bit key and one -bit permutation}. Our answer is positive: when the three -bit round keys , , and are adequately derived from an -bit master key , and the same permutation is used in place of and , we prove a qualitatively similar security bound (in the random permutation model). To the best of our knowledge, this is the first ``beyond the birthday bound\u27\u27 security result for AES-like ciphers that does not assume independent round keys
Analyzing Multi-key Security Degradation
Contains fulltext :
179039.pdf (preprint version ) (Closed access)
Contains fulltext :
179039.pdf (Publisher’s version ) (Open Access)nul
MAC-in-the-Box: Verifying a Minimalistic Hardware Design for MAC Computation
We study the verification of security properties at the state machine level of a minimalistic device, called the MAC-in-the-Box (MITB). This device computes a message authentication code based on the SHA-3 hash function and a key that is stored on device, but never output directly. It is designed for secure password storage, but may also be used for secure key-exchange and second-factor authentication. We formally verify, in the HOL4 theorem prover, that no outside observer can distinguish this device from an ideal functionality that provides only access to a hashing oracle. Furthermore, we propose protocols for the MITB’s use in password storage, key-exchange and second-factor authentication, and formally show that it improves resistance against host-compromise in these three application scenarios
Generic Attack on Iterated Tweakable FX Constructions
International audienceTweakable block ciphers are increasingly becoming a common primitive to build new resilient modes as well as a concept for multiple dedicated designs. While regular block ciphers define a family of permutations indexed by a secret key, tweakable ones define a family of permutations indexed by both a secret key and a public tweak. In this work we formalize and study a generic framework for building such a tweakable block cipher based on regular block ciphers, the iterated tweakable FX construction, which includes many such previous constructions of tweakable block ciphers. Then we describe a cryptanal-ysis from which we can derive a provable security upper-bound for all constructions following this tweakable iterated FX strategy. Concretely, the cryptanalysis of r rounds of our generic construction based on n-bit block ciphers with κ-bit keys requires O(2 r r+1 (n+κ)) online and offline queries. For r = 2 rounds this interestingly matches the proof of the particular case of XHX2 by Lee and Lee (ASIACRYPT 2018) thus proving for the first time its tightness. In turn, the XHX and XHX2 proofs show that our generic cryptanalysis is information theoretically optimal for 1 and 2 rounds
LNCS
This paper studies the concrete security of PRFs and MACs obtained by keying hash functions based on the sponge paradigm. One such hash function is KECCAK, selected as NIST’s new SHA-3 standard. In contrast to other approaches like HMAC, the exact security of keyed sponges is not well understood. Indeed, recent security analyses delivered concrete security bounds which are far from existing attacks. This paper aims to close this gap. We prove (nearly) exact bounds on the concrete PRF security of keyed sponges using a random permutation. These bounds are tight for the most relevant ranges of parameters, i.e., for messages of length (roughly) l ≤ min{2n/4, 2r} blocks, where n is the state size and r is the desired output length; and for l ≤ q queries (to the construction or the underlying permutation). Moreover, we also improve standard-model bounds. As an intermediate step of independent interest, we prove tight bounds on the PRF security of the truncated CBC-MAC construction, which operates as plain CBC-MAC, but only returns a prefix of the output
Super-Linear Time-Memory Trade-Offs for Symmetric Encryption
We build symmetric encryption schemes from a pseudorandom
function/permutation with domain size which have very high
security -- in terms of the amount of messages they can securely
encrypt -- assuming the adversary has bits of memory. We aim
to minimize the number of calls we make to the underlying
primitive to achieve a certain , or equivalently, to maximize the
achievable for a given . We target in
particular , in contrast to recent works (Jaeger and
Tessaro, EUROCRYPT \u2719; Dinur, EUROCRYPT \u2720) which aim to beat the
birthday barrier with one call when .
Our first result gives new and explicit bounds for the
Sample-then-Extract paradigm by Tessaro and Thiruvengadam (TCC
\u2718). We show instantiations for which .
If , Thiruvengadam and Tessaro\u27s weaker bounds
only guarantee when . In contrast, here,
we show this is true already for .
We also consider a scheme by Bellare, Goldreich and Krawczyk (CRYPTO
\u2799) which evaluates the primitive on independent random
strings, and masks the message with the XOR of the outputs. Here, we
show , using new combinatorial bounds
on the list-decodability of XOR codes which are of independent
interest. We also study best-possible attacks against this
construction