The Sum Can Be Weaker Than Each Part

International audienceIn this paper we study the security of summing the outputs of two independent hash functions, in an effort to increase the security of the resulting design, or to hedge against the failure of one of the hash functions. The exclusive-or (XOR) combiner H1(M)⊕H2(M) is one of the two most classical combiners, together with the concatenation combiner H1(M) H2(M). While the security of the concatenation of two hash functions is well understood since Joux's seminal work on multicollisions, the security of the sum of two hash functions has been much less studied. The XOR combiner is well known as a good PRF and MAC combiner, and is used in practice in TLS versions 1.0 and 1.1. In a hash function setting, Hoch and Shamir have shown that if the compression functions are modeled as random oracles, or even weak random oracles (i.e. they can easily be inverted – in particular H1 and H2 offer no security), H1 ⊕ H2 is indifferentiable from a random oracle up to the birthday bound. In this work, we focus on the preimage resistance of the sum of two narrow-pipe n-bit hash functions, following the Merkle-Damgård or HAIFA structure (the internal state size and the output size are both n bits). We show a rather surprising result: the sum of two such hash functions, e.g. SHA-512 ⊕ Whirlpool, can never provide n-bit security for preimage resistance. More precisely, we present a generic preimage attack with a complexity of O(2 5n/6). While it is already known that the XOR combiner is not preserving for preimage resistance (i.e. there might be some instantiations where the hash functions are secure but the sum is not), our result is much stronger: for any narrow-pipe functions, the sum is not preimage resistant. Besides, we also provide concrete preimage attacks on the XOR combiner (and the concatenation combiner) when one or both of the compression functions are weak; this complements Hoch and Shamir's proof by showing its tightness for preimage resistance. Of independent interests, one of our main technical contributions is a novel structure to control simultaneously the behavior of independent hash computations which share the same input message. We hope that breaking the pairwise relationship between their internal states will have applications in related settings

Best practice for motor imagery: a systematic literature review on motor imagery training elements in five different disciplines

<p>Abstract</p> <p>Background</p> <p>The literature suggests a beneficial effect of motor imagery (MI) if combined with physical practice, but detailed descriptions of MI training session (MITS) elements and temporal parameters are lacking. The aim of this review was to identify the characteristics of a successful MITS and compare these for different disciplines, MI session types, task focus, age, gender and MI modification during intervention.</p> <p>Methods</p> <p>An extended systematic literature search using 24 databases was performed for five disciplines: Education, Medicine, Music, Psychology and Sports. References that described an MI intervention that focused on motor skills, performance or strength improvement were included. Information describing 17 MITS elements was extracted based on the PETTLEP (physical, environment, timing, task, learning, emotion, perspective) approach. Seven elements describing the MITS temporal parameters were calculated: study duration, intervention duration, MITS duration, total MITS count, MITS per week, MI trials per MITS and total MI training time.</p> <p>Results</p> <p>Both independent reviewers found 96% congruity, which was tested on a random sample of 20% of all references. After selection, 133 studies reporting 141 MI interventions were included. The locations of the MITS and position of the participants during MI were task-specific. Participants received acoustic detailed MI instructions, which were mostly standardised and live. During MI practice, participants kept their eyes closed. MI training was performed from an internal perspective with a kinaesthetic mode. Changes in MI content, duration and dosage were reported in 31 MI interventions. Familiarisation sessions before the start of the MI intervention were mentioned in 17 reports. MI interventions focused with decreasing relevance on motor-, cognitive- and strength-focused tasks. Average study intervention lasted 34 days, with participants practicing MI on average three times per week for 17 minutes, with 34 MI trials. Average total MI time was 178 minutes including 13 MITS. Reporting rate varied between 25.5% and 95.5%.</p> <p>Conclusions</p> <p>MITS elements of successful interventions were individual, supervised and non-directed sessions, added after physical practice. Successful design characteristics were dominant in the Psychology literature, in interventions focusing on motor and strength-related tasks, in interventions with participants aged 20 to 29 years old, and in MI interventions including participants of both genders. Systematic searching of the MI literature was constrained by the lack of a defined MeSH term.</p

Recent developments in genetics and medically assisted reproduction : from research to clinical applications

Two leading European professional societies, the European Society of Human Genetics and the European Society for Human Reproduction and Embryology, have worked together since 2004 to evaluate the impact of fast research advances at the interface of assisted reproduction and genetics, including their application into clinical practice. In September 2016, the expert panel met for the third time. The topics discussed highlighted important issues covering the impacts of expanded carrier screening, direct-to-consumer genetic testing, voiding of the presumed anonymity of gamete donors by advanced genetic testing, advances in the research of genetic causes underlying male and female infertility, utilisation of massively parallel sequencing in preimplantation genetic testing and non-invasive prenatal screening, mitochondrial replacement in human oocytes, and additionally, issues related to cross-generational epigenetic inheritance following IVF and germline genome editing. The resulting paper represents a consensus of both professional societies involved.Peer reviewe

Trends in Activity and Dissolution on RuO₂ under Oxygen Evolution Conditions: Particles versus Well-Defined Extended Surfaces

Rutile RuO₂ catalysts are the most active pure metal oxides for oxygen evolution; however, they are also unstable toward dissolution. Herein, we study the catalytic activity and stability of oriented thin films of RuO₂ with (111), (101), and (001) orientations, in comparison to a (110) single crystal and commercial nanoparticles. These surfaces were all tested in aqueous solutions of 0.05 M H₂SO₄. The initial catalyst activity ranked as follows: (001) > (101) > (111) ≈ (110). We complemented our activity data with inductively coupled plasma mass spectroscopy, to measure Ru dissolution products occurring in parallel to oxygen evolution. In contrast to earlier reports, we find that, under our experimental conditions, there is no correlation between the activity and stability