Quantum Distinguishing Attacks against Type-1 Generalized Feistel Ciphers

A generalized Feistel cipher is one of the methods to construct block ciphers, and it has several variants. Dong, Li, and Wang showed quantum distinguishing attacks against the $(2d-1)$-round Type-1 generalized Feistel cipher with quantum chosen-plaintext attacks, where $d\ge 3$, and they also showed key recovery attacks [Dong, Li, Wang. Sci China Inf Sci, 2019, 62(2): 022501]. In this paper, we show a polynomial time quantum distinguishing attack against the $(3d-3)$-round version, i.e., we improve the number of rounds by $(d-2)$. We also show a quantum distinguishing attack against the $(d^2-d+1)$-round version in the quantum chosen-ciphertext setting. We apply these quantum distinguishing attacks to obtain key recovery attacks against Type-1 generalized Feistel ciphers

zTrap: zebrafish gene trap and enhancer trap database

<p>Abstract</p> <p>Background</p> <p>We have developed genetic methods in zebrafish by using the <it>Tol2 </it>transposable element; namely, transgenesis, gene trapping, enhancer trapping and the Gal4FF-UAS system. Gene trap constructs contain a splice acceptor and the GFP or Gal4FF (a modified version of the yeast Gal4 transcription activator) gene, and enhancer trap constructs contain the zebrafish <it>hsp70l </it>promoter and the GFP or Gal4FF gene. By performing genetic screens using these constructs, we have generated transgenic zebrafish that express GFP and Gal4FF in specific cells, tissues and organs. Gal4FF expression is visualized by creating double transgenic fish carrying a Gal4FF transgene and the GFP reporter gene placed downstream of the Gal4-recognition sequence (UAS). Further, the Gal4FF-expressing cells can be manipulated by mating with UAS effector fish. For instance, when fish expressing Gal4FF in specific neurons are crossed with the UAS:TeTxLC fish carrying the tetanus neurotoxin gene downstream of UAS, the neuronal activities are inhibited in the double transgenic fish. Thus, these transgenic fish are useful to study developmental biology and neurobiology.</p> <p>Description</p> <p>To increase the usefulness of the transgenic fish resource, we developed a web-based database named <it>z</it>Trap <url>http://kawakami.lab.nig.ac.jp/ztrap/</url>. The <it>z</it>Trap database contains images of GFP and Gal4FF expression patterns, and genomic DNA sequences surrounding the integration sites of the gene trap and enhancer trap constructs. The integration sites are mapped onto the <it>Ensembl </it>zebrafish genome by in-house Blat analysis and can be viewed on the <it>z</it>Trap and <it>Ensembl </it>genome browsers. Furthermore, <it>z</it>Trap is equipped with the functionality to search these data for expression patterns and genomic loci of interest. <it>z</it>Trap contains the information about transgenic fish including UAS reporter and effector fish.</p> <p>Conclusion</p> <p><it>z</it>Trap is a useful resource to find gene trap and enhancer trap fish lines that express GFP and Gal4FF in desired patterns, and to find insertions of the gene trap and enhancer trap constructs that are located within or near genes of interest. These transgenic fish can be utilized to observe specific cell types during embryogenesis, to manipulate their functions, and to discover novel genes and <it>cis</it>-regulatory elements. Therefore, <it>z</it>Trap should facilitate studies on genomics, developmental biology and neurobiology utilizing the transgenic zebrafish resource.</p

Quantum Chosen-Ciphertext Attacks Against Feistel Ciphers

Seminal results by Luby and Rackoff show that the 3-round Feistel cipher is secure against chosen-plaintext attacks (CPAs), and the 4-round version is secure against chosen-ciphertext attacks (CCAs). However, the security significantly changes when we consider attacks in the quantum setting, where the adversary can make superposition queries. By using Simon\u27s algorithm that detects a secret cycle-period in polynomial-time, Kuwakado and Morii showed that the 3-round version is insecure against quantum CPA by presenting a polynomial-time distinguisher. Since then, Simon\u27s algorithm has been heavily used against various symmetric-key constructions. However, its applications are still not fully explored. In this paper, based on Simon\u27s algorithm, we first formalize a sufficient condition of a quantum distinguisher against block ciphers so that it works even if there are multiple collisions other than the real period. This distinguisher is similar to the one proposed by Santoli and Schaffner, and it does not recover the period. Instead, we focus on the dimension of the space obtained from Simon\u27s quantum circuit. This eliminates the need to evaluate the probability of collisions, which was needed in the work by Kaplan et al. at CRYPTO 2016. Based on this, we continue the investigation of the security of Feistel ciphers in the quantum setting. We show a quantum CCA distinguisher against the 4-round Feistel cipher. This extends the result of Kuwakado and Morii by one round, and follows the intuition of the result by Luby and Rackoff where the CCA setting can extend the number of rounds by one. We also consider more practical cases where the round functions are composed of a public function and XORing the subkeys. We show the results of both distinguishing and key recovery attacks against these constructions