Two attacks on rank metric code-based schemes: RankSign and an Identity-Based-Encryption scheme

RankSign [GRSZ14a] is a code-based signature scheme proposed to the NIST competition for quantum-safe cryptography [AGHRZ17] and, moreover, is a fundamental building block of a new Identity-Based-Encryption (IBE) [GHPT17a]. This signature scheme is based on the rank metric and enjoys remarkably small key sizes, about 10KBytes for an intended level of security of 128 bits. Unfortunately we will show that all the parameters proposed for this scheme in [AGHRZ17] can be broken by an algebraic attack that exploits the fact that the augmented LRPC codes used in this scheme have very low weight codewords. Therefore, without RankSign the IBE cannot be instantiated at this time. As a second contribution we will show that the problem is deeper than finding a new signature in rank-based cryptography, we also found an attack on the generic problem upon which its security reduction relies. However, contrarily to the RankSign scheme, it seems that the parameters of the IBE scheme could be chosen in order to avoid our attack. Finally, we have also shown that if one replaces the rank metric in the [GHPT17a] IBE scheme by the Hamming metric, then a devastating attack can be found

Two attacks on rank metric code-based schemes: RankSign and an IBE scheme

International audienceRankSign [29] is a code-based signature scheme proposed to the NIST competition for quantum-safe cryptography [5] and, moreover , is a fundamental building block of a new Identity-Based-Encryption (IBE) [25]. This signature scheme is based on the rank metric and enjoys remarkably small key sizes, about 10KBytes for an intended level of security of 128 bits. Unfortunately we will show that all the parameters proposed for this scheme in [5] can be broken by an algebraic attack that exploits the fact that the augmented LRPC codes used in this scheme have very low weight codewords. Therefore, without RankSign the IBE cannot be instantiated at this time. As a second contribution we will show that the problem is deeper than finding a new signature in rank-based cryptography, we also found an attack on the generic problem upon which its security reduction relies. However, contrarily to the RankSign scheme, it seems that the parameters of the IBE scheme could be chosen in order to avoid our attack. Finally, we have also shown that if one replaces the rank metric in the [25] IBE scheme by the Hamming metric, then a devastating attack can be found

Wave: A New Family of Trapdoor One-Way Preimage Sampleable Functions Based on Codes

We present here a new family of trapdoor one-way Preimage Sampleable Functions (PSF) based on codes, the Wave-PSF family. The trapdoor function is one-way under two computational assumptions: the hardness of generic decoding for high weights and the indistinguishability of generalized $(U,U+V)$-codes. Our proof follows the GPV strategy [GPV08]. By including rejection sampling, we ensure the proper distribution for the trapdoor inverse output. The domain sampling property of our family is ensured by using and proving a variant of the left-over hash lemma. We instantiate the new Wave-PSF family with ternary generalized $(U,U+V)$-codes to design a "hash-and-sign" signature scheme which achieves existential unforgeability under adaptive chosen message attacks (EUF-CMA) in the random oracle model. For 128 bits of classical security, signature sizes are in the order of 15 thousand bits, the public key size in the order of 4 megabytes, and the rejection rate is limited to one rejection every 10 to 12 signatures.Comment: arXiv admin note: text overlap with arXiv:1706.0806

Cellular bases for human atrial fibrillation

Atrial fibrillation (AF) causes substantial morbidity and mortality. It may be triggered and sustained by either reentrant or nonreentrant electrical activity. Human atrial cellular refractory period is shortened in chronic AF, likely aiding reentry. The ionic and molecular mechanisms are not fully understood and may include increased inward rectifier K<sup>+</sup> current and altered Ca<sup>2+</sup> handling. Heart failure, a major cause of AF, may involve arrhythmogenic atrial electrical remodeling, but the pattern is unclear in humans. Beta-blocker therapy prolongs atrial cell refractory period; a potentially antiarrhythmic influence, but the ionic and molecular mechanisms are unclear. The search for drugs to suppress AF without causing ventricular arrhythmias has been aided by basic studies of cellular mechanisms of AF. It remains to be seen whether such drugs will improve patient treatment

Clinical Practice Guidelines for Childbearing Female Candidates for Bariatric Surgery, Pregnancy, and Post-partum Management After Bariatric Surgery

Emerging evidence suggests that bariatric surgery improves pregnancy outcomes of women with obesity by reducing the rates of gestational diabetes, pregnancy-induced hypertension, and macrosomia. However, it is associated with an increased risk of a small-for-gestational-age fetus and prematurity. Based on the work of a multidisciplinary task force, we propose clinical practice recommendations for pregnancy management following bariatric surgery. They are derived from a comprehensive review of the literature, existing guidelines, and expert opinion covering the preferred type of surgery for women of childbearing age, timing between surgery and pregnancy, contraception, systematic nutritional support and management of nutritional deficiencies, screening and management of gestational diabetes, weight gain during pregnancy, gastric banding management, surgical emergencies, obstetrical management, and specific care in the postpartum period and for newborns

Remodelling of human atrial K+ currents but not ion channel expression by chronic β-blockade

Chronic β-adrenoceptor antagonist (β-blocker) treatment in patients is associated with a potentially anti-arrhythmic prolongation of the atrial action potential duration (APD), which may involve remodelling of repolarising K+ currents. The aim of this study was to investigate the effects of chronic β-blockade on transient outward, sustained and inward rectifier K+ currents (ITO, IKSUS and IK1) in human atrial myocytes and on the expression of underlying ion channel subunits. Ion currents were recorded from human right atrial isolated myocytes using the whole-cell-patch clamp technique. Tissue mRNA and protein levels were measured using real time RT-PCR and Western blotting. Chronic β-blockade was associated with a 41% reduction in ITO density: 9.3 ± 0.8 (30 myocytes, 15 patients) vs 15.7 ± 1.1 pA/pF (32, 14), p < 0.05; without affecting its voltage-, time- or rate dependence. IK1 was reduced by 34% at −120 mV (p < 0.05). Neither IKSUS, nor its increase by acute β-stimulation with isoprenaline, was affected by chronic β-blockade. Mathematical modelling suggested that the combination of ITO- and IK1-decrease could result in a 28% increase in APD90. Chronic β-blockade did not alter mRNA or protein expression of the ITO pore-forming subunit, Kv4.3, or mRNA expression of the accessory subunits KChIP2, KChAP, Kvβ1, Kvβ2 or frequenin. There was no reduction in mRNA expression of Kir2.1 or TWIK to account for the reduction in IK1. A reduction in atrial ITO and IK1 associated with chronic β-blocker treatment in patients may contribute to the associated action potential prolongation, and this cannot be explained by a reduction in expression of associated ion channel subunits

Sources and Sinks of Greenhouse Gases from European Grasslands and Mitigation Options: The ‘GreenGrass’ Project

Adapting the management of grasslands may be used to enhance carbon sequestration into soil, but could also increase N2O and CH4 emissions. In support of the European post-Kyoto policy, the European \u27GreenGrass\u27 project (EC FP5, EVK2-CT2001-00105) has three main objectives: i) to reduce the large uncertainties concerning the estimates of CO2, N2O and CH4 fluxes to and from grassland plots under different climatic conditions and assess their global warming potential, ii) to measure net greenhouse gas (GHG) fluxes for different management which reflect potential mitigation options, iii) to construct a model of the controlling processes to quantify the net fluxes and to evaluate mitigation scenarios by up-scaling to a European level

Monoidic Codes in Cryptography

International audienceAt SAC 2009, Misoczki and Barreto proposed a new class of codes, which have parity-check matrices that are quasi-dyadic. A special subclass of these codes were shown to coincide with Goppa codes and those were recommended for cryptosystems based on error-correcting codes. Quasi-dyadic codes have both very compact representations and allow for efficient processing, resulting in fast cryptosystems with small key sizes. In this paper, we generalize these results and introduce quasi-monoidic codes, which retain all desirable properties of quasi-dyadic codes. We show that, as before, a subclass of our codes contains only Goppa codes or, for a slightly bigger subclass, only Generalized Srivastava codes. Unlike before, we also capture codes over fields of odd characteristic. These include wild Goppa codes that were proposed at SAC 2010 by Bernstein, Lange, and Peters for their exceptional error-correction capabilities. We show how to instantiate standard code-based encryption and signature schemes with our codes and give some preliminary parameters

Transcription profiling of HCN-channel isotypes throughout mouse cardiac development

Hyperpolarization-activated ion channels, encoded by four mammalian genes (HCN1-4), contribute in an important way to the cardiac pacemaker current If. Here, we describe the transcription profiles of the four HCN genes, the NRSF, KCNE2 and Kir2.1 genes from embryonic stage E9.5 dpc to postnatal day 120 in the mouse. Embryonic atrium and ventricle revealed abundant HCN4 transcription but other HCN transcripts were almost absent. Towards birth, HCN4 was downregulated in the atrium and almost vanished from the ventricle. After birth, however, HCN isotype transcription changed remarkably, showing increased levels of HCN1, HCN2 and HCN4 in the atrium and of HCN2 and HCN4 in the ventricle. HCN3 showed highest transcription at early embryonic stages and was hardly detectable thereafter. At postnatal day 10, HCN4 was highest in the sinoatrial node, being twofold higher than HCN1 and fivefold higher than HCN2. In the atrium, HCN4 was similar to HCN1 and sevenfold higher than HCN2. In the ventricle, in contrast, HCN2 was sixfold higher than HCN4, while HCN1 was absent. Subsequently all HCN isotype transcripts declined to lower adult levels, while ratios of HCN isotypes remained stable. In conclusion, substantial changes of HCN isotype transcription throughout cardiac development suggest that a regulated pattern of HCN isotypes is required to establish and ensure a stable heart rhythm. Furthermore, constantly low HCN transcription in adult myocardium may be required to prevent atrial and ventricular arrhythmogenesis