151 research outputs found
Extended Affine and CCZ Equivalence up to Dimension 4
For all vectorial boolean functions up to dimension 4, we present canonical representatives for all extended affine (EA) and CCZ equivalence classes. We include the size of each class, as well as its algebraic degree and extended Walsh spectrum. We also answer the following questions: How large are these classes? Which of these classes contain bijective functions? And how are these classes grouped into CCZ equivalence classes
Flucht/Migration und Local School Governance. Eine vergleichende Fallstudie in baden-württembergischen Kommunen
Flucht/Migration und Local School Governance. Eine vergleichende Fallstudie in baden-württembergischen Kommune
"I don't know why I check this…" Investigating Expert Users' Strategies to Detect Email Signature Spoofing Attacks
OpenPGP is one of the two major standards for end-to-end
email security. Several studies showed that serious usability
issues exist with tools implementing this standard. However,
a widespread assumption is that expert users can handle these
tools and detect signature spoofing attacks. We present a user
study investigating expert users’ strategies to detect signature
spoofing attacks in Thunderbird. We observed 25 expert users
while they classified eight emails as either having a legitimate
signature or not. Studying expert users explicitly gives us an
upper bound of attack detection rates of all users dealing with
PGP signatures. 52% of participants fell for at least one out
of four signature spoofing attacks. Overall, participants did\ud
not have an established strategy for evaluating email signature
legitimacy. We observed our participants apply 23 different
types of checks when inspecting signed emails, but only 8 of
these checks tended to be useful in identifying the spoofed or
invalid signatures. In performing their checks, participants
were frequently startled, confused, or annoyed with the user
interface, which they found supported them little. All these
results paint a clear picture: Even expert users struggle to
verify email signatures, usability issues in email security are
not limited to novice users, and developers may need proper
guidance on implementing email signature GUIs correctl
Finite Energy Solutions in Three-Dimensional Heterotic String Theory
We show that a large class of supersymmetric solutions to the low-energy
effective field theory of heterotic string theory compactified on a seven torus
can have finite energy, which we compute. The mechanism by which these
solutions are turned into finite energy solutions is similar to the one
occurring in the context of four-dimensional stringy cosmic string solutions.
We also describe the solutions in terms of intersecting eleven-dimensional
M-branes, M-waves and M-monopoles.Comment: 23 pages, LaTe
U-duality and M-Theory
This work is intended as a pedagogical introduction to M-theory and to its
maximally supersymmetric toroidal compactifications, in the frameworks of 11D
supergravity, type II string theory and M(atrix) theory. U-duality is used as
the main tool and guideline in uncovering the spectrum of BPS states. We review
the 11D supergravity algebra and elementary 1/2-BPS solutions, discuss
T-duality in the perturbative and non-perturbative sectors from an algebraic
point of view, and apply the same tools to the analysis of U-duality at the
level of the effective action and the BPS spectrum, with a particular emphasis
on Weyl and Borel generators. We derive the U-duality multiplets of BPS
particles and strings, U-duality invariant mass formulae for 1/2- and 1/4-BPS
states for general toroidal compactifications on skew tori with gauge
backgrounds, and U-duality multiplets of constraints for states to preserve a
given fraction of supersymmetry. A number of mysterious states are encountered
in D<=3, whose existence is implied by T-duality and 11D Lorentz invariance. We
then move to the M(atrix) theory point of view, give an introduction to
Discrete Light Cone Quantization (DLCQ) in general and DLCQ of M-theory in
particular. We discuss the realization of U-duality as electric-magnetic
dualities of the Matrix gauge theory, display the Matrix gauge theory BPS
spectrum in detail, and discuss the conjectured extended U-duality group in
this scheme.Comment: 132 pages, 37 tables, Latex2e; v3: minor corrections, text
reformatted, update of refs, note added about boundaries of M-theory moduli
space, final version to appear in Phys. Rep
Outcome after intracranial hemorrhage under dabigatran and reversal with idarucizumab versus under vitamin-K-antagonists – the RIC-ICH study
BackgroundIntracranial hemorrhage (ICH) is a rare but serious side effect associated with the use of oral anticoagulants, such as dabigatran. The specific reversal agent for dabigatran, idarucizumab, is available for the management of individuals with ICH. The aim of this study was to provide real-world evidence on patients with ICH and effective treatment with dabigatran and reversal with idarucizumab in clinical routine compared to those under effective treatment with vitamin-K-antagonist (VKA).MethodsRegistration of Idarucizumab for Patients with IntraCranial Hemorrhage (RIC-ICH) is a non-interventional study conducted in 22 German stroke units that prospectively enrolled dabigatran patients treated with idarucizumab. Retrospective data from VKA patients served as reference population. Main objective was in-hospital mortality. Further objectives included change in bleeding volume, stroke severity, and functional status.ResultIn-hospital mortality was 26.7% in 15 dabigatran and 27.3% in 88 VKA patients (hazard ratio 1.00, 95% CI 0.29–2.60). In patients with bleeding volume > 60 ml, mortality was lower in the dabigatran group (N = 6, 33%) compared to the VKA group (N = 15, 67%; HR 0.24, 95% CI 0.04–0.96). No differences were observed in secondary endpoints between dabigatran and VKA patients.ConclusionThese results, based on data from routine clinical practice, suggest that in-hospital mortality after idarucizumab treatment is comparable to that in patients pretreated with VKA. Due to the low precision of estimates, the results must be interpreted with caution
Leaky McEliece: Secret Key Recovery From Highly Erroneous Side-Channel Information
The McEliece cryptosystem is a strong contender for post-quantum schemes, including key encapsulation for confidentiality of key exchanges in network protocols.
A McEliece secret key is a structured parity check matrix that is transformed via Gaussian elimination into an unstructured public key. We show that this transformation is a highly critical operation with respect to side-channel leakage.
We assume leakage of the elementary row operations during Gaussian elimination, motivated by actual implementations of McEliece in real world cryptographic libraries (Classic McEliece and Botan).
We propose a novel algorithm to reconstruct a secret key from its public key with information from a Gaussian transformation leak. Even if the obtained side-channel leakage is extremely noisy, i.e., each bit can be flipped with probability as high as , our algorithm still succeeds to recover the secret key in a matter of minutes for all proposed (Classic) McEliece instantiations. Remarkably, for high-security McEliece parameters, our attack is more powerful in the sense that it can tolerate even larger .
Technically, we introduce a novel cryptanalytic decoding technique that exploits the high redundancy exhibited in the McEliece secret key. This allows our decoding routine to succeed in reconstructing each column of the secret key successively.
Our result stresses the necessity to well protect highly structured code-based schemes such as McEliece against side-channel leakage
Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)
Diffie-Hellman key exchange (DHKE) is a widely adopted method for exchanging cryptographic key material in realworld protocols like TLS-DH(E). Past attacks on TLS-DH(E) focused on weak parameter choices or missing parameter validation. The confidentiality of the computed DH share, the premaster secret, was never questioned; DHKE is used as a generic method to avoid the security pitfalls of TLS-RSA.
We show that due to a subtle issue in the key derivation of all TLS-DH(E) cipher suites in versions up to TLS 1.2, the premaster secret of a TLS-DH(E) session may, under certain circumstances, be leaked to an adversary. Our main result is a novel side-channel attack, named Raccoon attack, which exploits a timing vulnerability in TLS-DH(E), leaking the most significant bits of the shared Diffie-Hellman secret. The root cause for this side channel is that the TLS standard encourages non-constant-time processing of the DH secret. If the server reuses ephemeral keys, this side channel may allow an attacker to recover the premaster secret by solving an instance of the Hidden Number Problem. The Raccoon attack takes advantage of uncommon DH modulus sizes, which depend on the properties of the used hash functions. We describe a fully feasible remote attack against an otherwisesecure TLS configuration: OpenSSL with a 1032-bit DH modulus. Fortunately, such moduli are not commonly used on the Internet.
Furthermore, with our large-scale scans we have identified implementation-level issues in production-grade TLS implementations that allow for executing the same attack by directly observing the contents of server responses, without resorting to timing measurements
- …