Improved Meet-in-the-Middle Attacks on Reduced-Round Camellia-192/256

Camellia is one of the widely used block ciphers, which has been selected as an international standard by ISO/IEC. In this paper, we focus on the key-recovery attacks on reduced-round Camellia-192/256 with meet-in-the-middle methods. We utilize multiset and the differential enumeration methods which are popular to analyse AES in the recent to attack Camellia-192/256. We propose a 7-round property for Camellia-192, and achieve a 12-round attack with $2^{180}$ encryptions, $2^{113}$ chosen plaintexts and $2^{130}$ 128-bit memories. Furthermore, we present an 8-round property for Camellia-256, and apply it to break the 13-round Camellia-256 with $2^{232.7}$ encryptions, $2^{113}$ chosen ciphertexts and $2^{227}$ 128-bit memories

New Impossible Differential Attacks on Camellia

Camellia is one of the most worldwide used block ciphers, which has been selected as a standard by ISO/IEC. In this paper, we propose several new 7-round impossible differentials of Camellia with 2 $FL/FL^{-1}$ layers, which turn out to be the first 7-round impossible differentials with 2 $FL/FL^{-1}$ layers. Combined with some basic techniques including the early abort approach and the key schedule consideration, we achieve the impossible differential attacks on 11-round Camellia-128, 11-round Camellia-192, 12-round Camellia-192, and 14-round Camellia-256, and the time complexity are $2^{123.6}$, $2^{121.7}$, $2^{171.4}$ and $2^{238.2}$ respectively. As far as we know, these are the best results against the reduced-round variants of Camellia. Especially, we give the first attack on 11-round Camellia-128 reduced version with $FL/FL^{-1}$ layers

A Meet-in-the-Middle Attack on Round-Reduced mCrypton Using the Differential Enumeration Technique

This paper describes a meet-in-the-middle (MITM) attack against the round reduced versions of the block cipher mCrypton-64/96/128. We construct a 4-round distinguisher and lower the memory requirement from $2^{100}$ to $2^{44}$ using the differential enumeration technique. Based on the distinguisher, we launch a MITM attack on 7-round mCrypton-64/96/128 with complexities of $2^{44}$ 64-bit blocks and $2^{57}$ encryptions. Then we extend the basic attack to 8 rounds for mCrypton-128 by adding some key-bridging techniques. The 8-round attack on mCrypton-128 requires a time complexity $2^{100}$ and a memory complexity $2^{44}$. Furthermore, we construct a 5-round distinguisher and propose a MITM attack on 9-round mCrypton-128 with a time complexity of $2^{115}$ encryptions and a memory complexity of $2^{113}$ 64-bit blocks

Improved Meet-in-the-Middle Attacks on AES-192 and PRINCE

This paper studies key-recovery attacks on AES-192 and PRINCE under single-key model by methodology of meet-in-the-middle attack. A new technique named key-dependent sieve is proposed to further reduce the memory complexity of Demirci et al.\u27s attack at EUROCRYPT 2013, which helps us to achieve 9-round attack on AES-192 by using a 5-round distinguisher; the data, time and memory complexities are 2^{121} chosen plaintexts, 2^{185} encryptions and 2^{185} 128- bit memories, respectively. The new technique is also applied to attack block cipher PRINCE. Instead of 6-round results in the previous cryptanalysis, we rst present attacks on 8-round (out of 12) PRINCEcore and PRINCE with about 2^{53} and 2^{60} encryptions, respectively. Furthermore, we construct an interesting 7-round distinguisher and extend the attack to 9-round PRINCE; the attack needs about 2^{57} chosen plaintexts, 2^{64} encryptions and 2^{57.3} 64-bit memories

New Addition Operation and Its Application for Scalar Multiplication on Hessian Curves over Prime Fields

In this paper, we present a new addition operation on Hessian curves with low cost. It can be applied to resist the side channel attacks for scalar multiplication, and also can be used to compute precomputation points for window-based scalar multiplication on Hessian curves over prime fields. We propose two new precomputation schemes that are shown to achieve the lowest cost among all known methods. By using the fractional $w$NAF and fractional $wmb$NAF, if $n=192$ bits and $1I\approx30M$, scheme 1 can save up to $31M$, scheme 2 can save up to $28M$ with $w\geq 6$, where $I$, $M$ represent the inversion and the multiplication, respectively

View-tolerant face recognition and Hebbian learning imply mirror-symmetric neural tuning to head orientation

The primate brain contains a hierarchy of visual areas, dubbed the ventral stream, which rapidly computes object representations that are both specific for object identity and relatively robust against identity-preserving transformations like depth-rotations. Current computational models of object recognition, including recent deep learning networks, generate these properties through a hierarchy of alternating selectivity-increasing filtering and tolerance-increasing pooling operations, similar to simple-complex cells operations. While simulations of these models recapitulate the ventral stream's progression from early view-specific to late view-tolerant representations, they fail to generate the most salient property of the intermediate representation for faces found in the brain: mirror-symmetric tuning of the neural population to head orientation. Here we prove that a class of hierarchical architectures and a broad set of biologically plausible learning rules can provide approximate invariance at the top level of the network. While most of the learning rules do not yield mirror-symmetry in the mid-level representations, we characterize a specific biologically-plausible Hebb-type learning rule that is guaranteed to generate mirror-symmetric tuning to faces tuning at intermediate levels of the architecture

Compact GF(2) systemizer and optimized constant-time hardware sorters for Key Generation in Classic McEliece

Classic McEliece is a code-based quantum-resistant public-key scheme characterized with relative high encapsulation/decapsulation speed and small cipher- texts, with an in-depth analysis on its security. However, slow key generation with large public key size make it hard for wider applications. Based on this observation, a high-throughput key generator in hardware, is proposed to accelerate the key generation in Classic McEliece based on algorithm-hardware co-design. Meanwhile the storage overhead caused by large-size keys is also minimized. First, compact large-size GF(2) Gauss elimination is presented by adopting naive processing array, singular matrix detection-based early abort, and memory-friendly scheduling strategy. Second, an optimized constant-time hardware sorter is proposed to support regular memory accesses with less comparators and storage. Third, algorithm-level pipeline is enabled for high-throughput processing, allowing for concurrent key generation based on decoupling between data access and computation

Case report: Page kidney with multiple serosal effusions caused by bilateral spontaneous renal subcapsular hemorrhage

Page kidney is caused by the perirenal or subcapsular accumulation of blood or fluid pressing on the renal parenchyma and is a rare cause of secondary hypertension. In this study, we report a case of Page caused by bilateral spontaneous subcapsular renal hematoma, the main manifestations of which were secondary hypertension, multiple serous effusions, and renal insufficiency. After admission, drug blood pressure control was ineffective. After bilateral perirenal effusion puncture and drainage were performed to relieve bilateral perirenal compression, blood pressure gradually dropped to normal, multi-serous cavity effusion (pericardial, thoracic, and abdominal effusion) gradually disappeared, and kidney function returned to normal. Secondary hypertension caused by Page kidney can be treated. When Page kidney is complicated with multiple serous effusions, the effect of antihypertensive drugs alone is poor, and early perineal puncture drainage can achieve better clinical efficacy

LnCompare: gene set feature analysis for human long non-coding RNAs.

Interest in the biological roles of long noncoding RNAs (lncRNAs) has resulted in growing numbers of studies that produce large sets of candidate genes, for example, differentially expressed between two conditions. For sets of protein-coding genes, ontology and pathway analyses are powerful tools for generating new insights from statistical enrichment of gene features. Here we present the LnCompare web server, an equivalent resource for studying the properties of lncRNA gene sets. The Gene Set Feature Comparison mode tests for enrichment amongst a panel of quantitative and categorical features, spanning gene structure, evolutionary conservation, expression, subcellular localization, repetitive sequences and disease association. Moreover, in Similar Gene Identification mode, users may identify other lncRNAs by similarity across a defined range of features. Comprehensive results may be downloaded in tabular and graphical formats, in addition to the entire feature resource. LnCompare will empower researchers to extract useful hypotheses and candidates from lncRNA gene sets