Mind the Gap - A Closer Look at the Security of Block Ciphers against Differential Cryptanalysis

Resistance against differential cryptanalysis is an important design criteria for any modern block cipher and most designs rely on finding some upper bound on probability of single differential characteristics. However, already at EUROCRYPT'91, Lai et al. comprehended that differential cryptanalysis rather uses differentials instead of single characteristics. In this paper, we consider exactly the gap between these two approaches and investigate this gap in the context of recent lightweight cryptographic primitives. This shows that for many recent designs like Midori, Skinny or Sparx one has to be careful as bounds from counting the number of active S-boxes only give an inaccurate evaluation of the best differential distinguishers. For several designs we found new differential distinguishers and show how this gap evolves. We found an 8-round differential distinguisher for Skinny-64 with a probability of 2−56.932−56.93, while the best single characteristic only suggests a probability of 2−722−72. Our approach is integrated into publicly available tools and can easily be used when developing new cryptographic primitives. Moreover, as differential cryptanalysis is critically dependent on the distribution over the keys for the probability of differentials, we provide experiments for some of these new differentials found, in order to confirm that our estimates for the probability are correct. While for Skinny-64 the distribution over the keys follows a Poisson distribution, as one would expect, we noticed that Speck-64 follows a bimodal distribution, and the distribution of Midori-64 suggests a large class of weak keys

Understanding Attitudes Towards Native Wildlife and Biodiversity in the UK: The Role of Zoos

International audienc

Mutational patterns in chemotherapy resistant muscle-invasive bladder cancer

Despite continued widespread use, the genomic effects of cisplatin-based chemotherapy and implications for subsequent treatment are incompletely characterized. Here, we analyze whole exome sequencing of matched pre- and post-neoadjuvant cisplatin-based chemotherapy primary bladder tumor samples from 30 muscle-invasive bladder cancer patients. We observe no overall increase in tumor mutational burden post-chemotherapy, though a significant proportion of subclonal mutations are unique to the matched pre- or post-treatment tumor, suggesting chemotherapy-induced and/or spatial heterogeneity. We subsequently identify and validate a novel mutational signature in post-treatment tumors consistent with known characteristics of cisplatin damage and repair. We find that post-treatment tumor heterogeneity predicts worse overall survival, and further observe alterations in cell-cycle and immune checkpoint regulation genes in post-treatment tumors. These results provide insight into the clinical and genomic dynamics of tumor evolution with cisplatin-based chemotherapy, suggest mechanisms of clinical resistance, and inform development of clinically relevant biomarkers and trials of combination therapies

Bison: Instantiating the Whitened Swap-Or-Not Construction

International audienceWe give the first practical instance-bison-of the Whitened Swap-Or-Not construction. After clarifying inherent limitations of the construction, we point out that this way of building block ciphers allows easy and very strong arguments against differential attacks

Immunogenomic analyses associate immunological alterations with mismatch repair defects in prostate cancer.

Background Understanding the integrated immunogenomic landscape of advanced prostate cancer (APC) could impact stratified treatment selection.Methods Defective mismatch repair (dMMR) status was determined by either loss of mismatch repair protein expression on IHC or microsatellite instability (MSI) by PCR in 127 APC biopsies from 124 patients (Royal Marsden [RMH] cohort); MSI by targeted panel next-generation sequencing (MSINGS) was then evaluated in the same cohort and in 254 APC samples from the Stand Up To Cancer/Prostate Cancer Foundation (SU2C/PCF). Whole exome sequencing (WES) data from this latter cohort were analyzed for pathogenic MMR gene variants, mutational load, and mutational signatures. Transcriptomic data, available for 168 samples, was also performed.Results Overall, 8.1% of patients in the RMH cohort had some evidence of dMMR, which associated with decreased overall survival. Higher MSINGS scores associated with dMMR, and these APCs were enriched for higher T cell infiltration and PD-L1 protein expression. Exome MSINGS scores strongly correlated with targeted panel MSINGS scores (r = 0.73, P < 0.0001), and higher MSINGS scores associated with dMMR mutational signatures in APC exomes. dMMR mutational signatures also associated with MMR gene mutations and increased immune cell, immune checkpoint, and T cell-associated transcripts. APC with dMMR mutational signatures overexpressed a variety of immune transcripts, including CD200R1, BTLA, PD-L1, PD-L2, ADORA2A, PIK3CG, and TIGIT.Conclusion These data could impact immune target selection, combination therapeutic strategy selection, and selection of predictive biomarkers for immunotherapy in APC.Funding We acknowledge funding support from Movember, Prostate Cancer UK, The Prostate Cancer Foundation, SU2C, and Cancer Research UK

On the security of Rijndael-like structures against differential and linear cryptanalysis

Abstract. Rijndael-like structure is a special case of SPN structure. The linear transformation of Rijndael-like structures consists of linear transformations of two types, the one is byte permutation π and the other is linear transformation θ = (θ1, θ2, θ3, θ4), where each of θi separately operates on each of the four columns of a state. Furthermore, π and θ have some interesting properties. In this paper, we present a new method for upper bounding the maximum differential probability and the maximum linear hull probability for Rijndael-like structures. By applying our method to Rijndael, we obtain that the maximum differential probability and the maximum linear hull probability for 4 rounds of Rijndael are bounded by 1.06 × 2 −96.

Improving the Upper Bound on the Maximum Average Linear Hull Probability for Rijndael

In [15], Keliher et al. present a new method for upper bounding the maximum average linear hull probability (MALHP) for SPNs, a value which is required to make claims about provable security against linear cryptanalysis. Application of this method to Rijndael (AES) yields an upper bound of UB = 2 \Gamma75 when 7 or more rounds are approximated, corresponding to a lower bound on the data complexity of 32 UB = 2 80 (for a 96.7% success rate). In the current paper, we improve this upper bound for Rijndael by taking into consideration the distribution of linear probability values for the (unique) Rijndael 8 \Theta 8 s-box. Our new upper bound on the MALHP when 9 rounds are approximated is 2 \Gamma92 , corresponding to a lower bound on the data complexity of 2 97 (again for a 96.7% success rate). [This is after completing 43% of the computation; however, we believe that values have stabilized---see Section 7.] Keywords: linear cryptanalysis, maximum average linear hull probability, provable security, Rijndael, AES