Two attacks on rank metric code-based schemes: RankSign and an Identity-Based-Encryption scheme

RankSign [GRSZ14a] is a code-based signature scheme proposed to the NIST competition for quantum-safe cryptography [AGHRZ17] and, moreover, is a fundamental building block of a new Identity-Based-Encryption (IBE) [GHPT17a]. This signature scheme is based on the rank metric and enjoys remarkably small key sizes, about 10KBytes for an intended level of security of 128 bits. Unfortunately we will show that all the parameters proposed for this scheme in [AGHRZ17] can be broken by an algebraic attack that exploits the fact that the augmented LRPC codes used in this scheme have very low weight codewords. Therefore, without RankSign the IBE cannot be instantiated at this time. As a second contribution we will show that the problem is deeper than finding a new signature in rank-based cryptography, we also found an attack on the generic problem upon which its security reduction relies. However, contrarily to the RankSign scheme, it seems that the parameters of the IBE scheme could be chosen in order to avoid our attack. Finally, we have also shown that if one replaces the rank metric in the [GHPT17a] IBE scheme by the Hamming metric, then a devastating attack can be found

Multipartite entanglement, quantum-error-correcting codes, and entangling power of quantum evolutions

We investigate the average bipartite entanglement, over all possible divisions of a multipartite system, as a useful measure of multipartite entanglement. We expose a connection between such measures and quantum-error-correcting codes by deriving a formula relating the weight distribution of the code to the average entanglement of encoded states. Multipartite entangling power of quantum evolutions is also investigated.Comment: 13 pages, 1 figur

Two attacks on rank metric code-based schemes: RankSign and an IBE scheme

International audienceRankSign [29] is a code-based signature scheme proposed to the NIST competition for quantum-safe cryptography [5] and, moreover , is a fundamental building block of a new Identity-Based-Encryption (IBE) [25]. This signature scheme is based on the rank metric and enjoys remarkably small key sizes, about 10KBytes for an intended level of security of 128 bits. Unfortunately we will show that all the parameters proposed for this scheme in [5] can be broken by an algebraic attack that exploits the fact that the augmented LRPC codes used in this scheme have very low weight codewords. Therefore, without RankSign the IBE cannot be instantiated at this time. As a second contribution we will show that the problem is deeper than finding a new signature in rank-based cryptography, we also found an attack on the generic problem upon which its security reduction relies. However, contrarily to the RankSign scheme, it seems that the parameters of the IBE scheme could be chosen in order to avoid our attack. Finally, we have also shown that if one replaces the rank metric in the [25] IBE scheme by the Hamming metric, then a devastating attack can be found

Wave: A New Family of Trapdoor One-Way Preimage Sampleable Functions Based on Codes

We present here a new family of trapdoor one-way Preimage Sampleable Functions (PSF) based on codes, the Wave-PSF family. The trapdoor function is one-way under two computational assumptions: the hardness of generic decoding for high weights and the indistinguishability of generalized $(U,U+V)$-codes. Our proof follows the GPV strategy [GPV08]. By including rejection sampling, we ensure the proper distribution for the trapdoor inverse output. The domain sampling property of our family is ensured by using and proving a variant of the left-over hash lemma. We instantiate the new Wave-PSF family with ternary generalized $(U,U+V)$-codes to design a "hash-and-sign" signature scheme which achieves existential unforgeability under adaptive chosen message attacks (EUF-CMA) in the random oracle model. For 128 bits of classical security, signature sizes are in the order of 15 thousand bits, the public key size in the order of 4 megabytes, and the rejection rate is limited to one rejection every 10 to 12 signatures.Comment: arXiv admin note: text overlap with arXiv:1706.0806

Microct and preparation of β-TCP granular material by polyurethane foam method

Commercial ß-tricalcium phosphate (ß-TCP) is commercialy available in granules manufactured by sintering of powders. We have evaluated the different steps of the manufacturing process of ß-TCP ceramics granules prepared from blocks obtained with the polyurethane foam technology. Three types of slurry were prepared with 10, 15 and 25 g of ß-TCP per gram of polyurethane foam. Analysis was done by scanning electron microscopy, EDX, Raman spectroscopy and microcomputed tomography combined with image analysis. A special algorithm was used to identify the internal microporosity (created by the calcination of the foam) from the internal macroporosity due to the spatial repartition of the material. The low ß-TCP dosages readily infiltrated the foam and the slurry was deposited along the polymer rods. On the contrary, the highest concentration produced inhomogeneous infiltrated blocks and foam cavities appeared completely filled in some areas. 2D microcomputed sections and reconstructed 3D models evidenced this phenomenon and the frequency distribution of the thickness and separation of material trabeculae confirmed the heterogeneity of the distribution. When crushed, blocks prepared with the 25 g slurry provided the largest and irregular granulates

Remodelling of human atrial K+ currents but not ion channel expression by chronic β-blockade

Chronic β-adrenoceptor antagonist (β-blocker) treatment in patients is associated with a potentially anti-arrhythmic prolongation of the atrial action potential duration (APD), which may involve remodelling of repolarising K+ currents. The aim of this study was to investigate the effects of chronic β-blockade on transient outward, sustained and inward rectifier K+ currents (ITO, IKSUS and IK1) in human atrial myocytes and on the expression of underlying ion channel subunits. Ion currents were recorded from human right atrial isolated myocytes using the whole-cell-patch clamp technique. Tissue mRNA and protein levels were measured using real time RT-PCR and Western blotting. Chronic β-blockade was associated with a 41% reduction in ITO density: 9.3 ± 0.8 (30 myocytes, 15 patients) vs 15.7 ± 1.1 pA/pF (32, 14), p < 0.05; without affecting its voltage-, time- or rate dependence. IK1 was reduced by 34% at −120 mV (p < 0.05). Neither IKSUS, nor its increase by acute β-stimulation with isoprenaline, was affected by chronic β-blockade. Mathematical modelling suggested that the combination of ITO- and IK1-decrease could result in a 28% increase in APD90. Chronic β-blockade did not alter mRNA or protein expression of the ITO pore-forming subunit, Kv4.3, or mRNA expression of the accessory subunits KChIP2, KChAP, Kvβ1, Kvβ2 or frequenin. There was no reduction in mRNA expression of Kir2.1 or TWIK to account for the reduction in IK1. A reduction in atrial ITO and IK1 associated with chronic β-blocker treatment in patients may contribute to the associated action potential prolongation, and this cannot be explained by a reduction in expression of associated ion channel subunits

Clinical Practice Guidelines for Childbearing Female Candidates for Bariatric Surgery, Pregnancy, and Post-partum Management After Bariatric Surgery

Emerging evidence suggests that bariatric surgery improves pregnancy outcomes of women with obesity by reducing the rates of gestational diabetes, pregnancy-induced hypertension, and macrosomia. However, it is associated with an increased risk of a small-for-gestational-age fetus and prematurity. Based on the work of a multidisciplinary task force, we propose clinical practice recommendations for pregnancy management following bariatric surgery. They are derived from a comprehensive review of the literature, existing guidelines, and expert opinion covering the preferred type of surgery for women of childbearing age, timing between surgery and pregnancy, contraception, systematic nutritional support and management of nutritional deficiencies, screening and management of gestational diabetes, weight gain during pregnancy, gastric banding management, surgical emergencies, obstetrical management, and specific care in the postpartum period and for newborns

In situ probing of the present-day zircon-bearing magma chamber at Krafla, Northeastern Iceland

Active felsic magmatism has been rarely probed in situ by drilling but one recent exception is quenched rhyolite sampled during the 2009 Iceland Deep Drilling Project (IDDP). We report finding of rare zircons of up to ∼100 µm in size in rhyolite glasses from the IDDP-1 well products and the host 1724 AD Viti granophyres. The applied SHRIMP U-Th dating for both the IDDP and the Viti granophyre zircons gives zero-age (±2 kyr), and therefore suggests that the IDDP-1 zircons have crystallized from an active magma intrusion rather than due to the 20–80 ka post-caldera magmatic episodes recorded by nearby domes and ridges. Ti-in-zircon geothermometer for Viti granophyre reveals zircon crystallization temperatures ∼800°C–900°C, whereas IDDP-1 rhyolite zircon cores show Ti content higher than 100 ppm, corresponding to temperatures up to ∼1,100°C according to the Ti-in-zircon thermometer. According to our thermochemical model at such elevated temperatures as 1,100°C, rhyolitic magma cannot be saturated with zircon and zircon crystallization is not possible. We explain this controversy by either kinetic effects or non-ideal Ti incorporation into growing zircons at low pressures that start to grow from nucleus at temperatures ∼930°C. High temperatures recorded by IDDP-1 zircon together with an occurrence of baddeleyite require that the rhyolite magma formed by partial melting of the host granophyre due to basaltic magma intrusion. Zr concentration profiles in glass around zircons are flat, suggesting residence in rhyolitic melt for >4 years. In our thermochemical modeling, three scenarios are considered. The host felsite rocks are intruded by: 1) a basaltic sill, 2) rhyolite magma 3) rhyolite sill connected to a deeper magmatic system. Based on the solution of the heat conduction equation accounting for the release of latent heat and effective thermal conductivity, these data confirm that the rhyolite magma could be produced by felsic crust melting as a result of injection of a basaltic or rhyolite sill during the Krafla Fires eruption (1975 AD)

Sources and Sinks of Greenhouse Gases from European Grasslands and Mitigation Options: The ‘GreenGrass’ Project

Adapting the management of grasslands may be used to enhance carbon sequestration into soil, but could also increase N2O and CH4 emissions. In support of the European post-Kyoto policy, the European \u27GreenGrass\u27 project (EC FP5, EVK2-CT2001-00105) has three main objectives: i) to reduce the large uncertainties concerning the estimates of CO2, N2O and CH4 fluxes to and from grassland plots under different climatic conditions and assess their global warming potential, ii) to measure net greenhouse gas (GHG) fluxes for different management which reflect potential mitigation options, iii) to construct a model of the controlling processes to quantify the net fluxes and to evaluate mitigation scenarios by up-scaling to a European level

Monoidic Codes in Cryptography

International audienceAt SAC 2009, Misoczki and Barreto proposed a new class of codes, which have parity-check matrices that are quasi-dyadic. A special subclass of these codes were shown to coincide with Goppa codes and those were recommended for cryptosystems based on error-correcting codes. Quasi-dyadic codes have both very compact representations and allow for efficient processing, resulting in fast cryptosystems with small key sizes. In this paper, we generalize these results and introduce quasi-monoidic codes, which retain all desirable properties of quasi-dyadic codes. We show that, as before, a subclass of our codes contains only Goppa codes or, for a slightly bigger subclass, only Generalized Srivastava codes. Unlike before, we also capture codes over fields of odd characteristic. These include wild Goppa codes that were proposed at SAC 2010 by Bernstein, Lange, and Peters for their exceptional error-correction capabilities. We show how to instantiate standard code-based encryption and signature schemes with our codes and give some preliminary parameters