217 research outputs found
Some properties of an FSE 2005 Hash Proposal
We consider the hash function proposals by Mridul et al.\ presented
at FSE 2005. For the proposed -bit compression functions it is
proved that collision attacks require queries of
the functions in question. In this note it is shown that with queries one can distinguish the proposed compression
functions from a randomly chosen -bit function with very good
probability. Finally we note that our results do not seem to
contradict any statements made the designers of the compression functions
The suffix-free-prefix-free hash function construction and its indifferentiability security analysis
In this paper, we observe that in the seminal work on indifferentiability analysis of iterated hash functions by Coron et al. and in subsequent works, the initial value (IV) of hash functions is fixed. In addition, these indifferentiability results do not depend on the Merkle–Damgård (MD) strengthening in the padding functionality of the hash functions. We propose a generic n -bit-iterated hash function framework based on an n -bit compression function called suffix-free-prefix-free (SFPF) that works for arbitrary IV s and does not possess MD strengthening. We formally prove that SFPF is indifferentiable from a random oracle (RO) when the compression function is viewed as a fixed input-length random oracle (FIL-RO). We show that some hash function constructions proposed in the literature fit in the SFPF framework while others that do not fit in this framework are not indifferentiable from a RO. We also show that the SFPF hash function framework with the provision of MD strengthening generalizes any n -bit-iterated hash function based on an n -bit compression function and with an n -bit chaining value that is proven indifferentiable from a RO
On the Role of Key Schedules in Attacks on Iterated Ciphers
Abstract. This paper considers iterated ciphers and their resistance against linear and differential cryptanalysis. In the theory of these attacks one assumes independence of the round keys in the ciphers. Very often though, the round keys are computed in a key schedule algorithm from a short key in a nonrandom fashion. In this paper it is shown by experiments that ciphers with complex key schedules resist both attacks better than ciphers with more straightforward key schedules. It is well-known that by assuming independent round keys the probabilities of differentials and linear hulls can be modeled by Markov chains and that for most such ciphers the distribution of the probabilities of these converge to the uniform distribution after some number of rounds. The presented experiments illustrate that some iterated ciphers with very simple key schedules will never reach this uniform distribution. Also the experiments show that ciphers with well-designed, complex key schedules reach the uniform distribution faster (using fewer rounds) than ciphers with poorly designed key schedules. As a side result it was found that there exist ciphers for which the differential of the highest probability for one fixed key is also the differential of the highest probability for any other key. It is believed that this is the first such example provided in the literature
On hash functions using checksums
We analyse the security of iterated hash functions that compute an input dependent checksum which is processed as part of the hash computation. We show that a large class of such schemes, including those using non-linear or even one-way checksum functions, is not secure against the second preimage attack of Kelsey and Schneier, the herding attack of Kelsey and Kohno and the multicollision attack of Joux. Our attacks also apply to a large class of cascaded hash functions. Our second preimage attacks on the cascaded hash functions improve the results of Joux presented at Crypto’04. We also apply our attacks to the MD2 and GOST hash functions. Our second preimage attacks on the MD2 and GOST hash functions improve the previous best known short-cut second preimage attacks on these hash functions by factors of at least 226 and 254, respectively. Our herding and multicollision attacks on the hash functions based on generic checksum functions (e.g., one-way) are a special case of the attacks on the cascaded iterated hash functions previously analysed by Dunkelman and Preneel and are not better than their attacks. On hash functions with easily invertible checksums, our multicollision and herding attacks (if the hash value is short as in MD2) are more efficient than those of Dunkelman and Preneel
Security of the AES with a Secret S-box
How does the security of the AES change when the S-box is replaced
by a secret S-box, about which the adversary has no knowledge? Would it be safe to reduce the number of encryption rounds?
In this paper, we demonstrate attacks based on integral cryptanalysis
which allows to recover both the secret key and the secret S-box for respectively four, five,
and six rounds of the AES. Despite the significantly larger amount of secret information which an
adversary needs to recover, the attacks are very efficient with
time/data complexities of , and , respectively.
Another interesting aspect of our attack is that it works both as chosen plaintext and as chosen ciphertext attack. Surprisingly, the chosen ciphertext variant has a significantly lower time complexity in the attacks on four and five round, compared to the respective chosen plaintext attacks
Classifying cGAS-STING Activity Links Chromosomal Instability with Immunotherapy Response in Metastatic Bladder Cancer
UNLABELLED: The cGAS-STING pathway serves a critical role in anticancer therapy. Particularly, response to immunotherapy is likely driven by both active cGAS-STING signaling that attracts immune cells, and by the presence of cancer neoantigens that presents as targets for cytotoxic T cells. Chromosomal instability (CIN) is a hallmark of cancer, but also leads to an accumulation of cytosolic DNA that in turn results in increased cGAS-STING signaling. To avoid triggering the cGAS-STING pathway, it is commonly disrupted by cancer cells, either through mutations in the pathway or through transcriptional silencing. Given its effect on the immune system, determining the cGAS-STING activation status prior to treatment initiation is likely of clinical relevance. Here, we used combined expression data from 2,307 tumors from five cancer types from The Cancer Genome Atlas to define a novel cGAS-STING activity score based on eight genes with a known role in the pathway. Using unsupervised clustering, four distinct categories of cGAS-STING activation were identified. In multivariate models, the cGAS-STING active tumors show improved prognosis. Importantly, in an independent bladder cancer immunotherapy-treated cohort, patients with low cGAS-STING expression showed limited response to treatment, while patients with high expression showed improved response and prognosis, particularly among patients with high CIN and more neoantigens. In a multivariate model, a significant interaction was observed between CIN, neoantigens, and cGAS-STING activation. Together, this suggests a potential role of cGAS-STING activity as a predictive biomarker for the application of immunotherapy. SIGNIFICANCE: The cGAS-STING pathway is induced by CIN, triggers inflammation and is often deficient in cancer. We provide a tool to evaluate cGAS-STING activity and demonstrate clinical significance in immunotherapy response
Effect of action-based cognitive remediation on cognition and neural activity in bipolar disorder:Study protocol for a randomized controlled trial
Abstract Background Cognitive impairment is present in bipolar disorder (BD) during the acute and remitted phases and hampers functional recovery. However, there is currently no clinically available treatment with direct and lasting effects on cognitive impairment in BD. We will examine the effect of a novel form of cognitive remediation, action-based cognitive remediation (ABCR), on cognitive impairment in patients with BD, and explore the neural substrates of potential treatment efficacy on cognition. Methods/design The trial has a randomized, controlled, parallel-group design. In total, 58 patients with BD in full or partial remission aged 18–55 years with objective cognitive impairment will be recruited. Participants are randomized to 10 weeks of ABCR or a control group. Assessments encompassing neuropsychological testing and mood ratings, and questionnaires on subjective cognitive complaints, psychosocial functioning, and quality of life are carried out at baseline, after 2 weeks of treatment, after the end of treatment, and at a six-month-follow-up after treatment completion. Functional magnetic resonance imaging scans are performed at baseline and 2 weeks into treatment. The primary outcome is a cognitive composite score spanning verbal memory, attention, and executive function. Two complete data sets for 52 patients will provide a power of 80% to detect a clinically relevant between-group difference on the primary outcome. Behavioral data will be analyzed using mixed models in SPSS while MRI data will be analyzed with the FMRIB Expert Analysis Tool (FEAT). Early treatment-related changes in neural activity from baseline to week 2 will be investigated for the dorsal prefrontal cortex and hippocampus as the regions of interest and with an exploratory whole-brain analysis. Discussion The results will provide insight into whether ABCR has beneficial effects on cognition and functioning in remitted patients with BD. The results will also provide insight into early changes in neural activity associated with improvement of cognition, which can aid future treatment development. Trial registration Clinicaltrials.gov, NCT03295305. Registered on 26 September 2017
- …