Practical free-start collision attacks on 76-step SHA-1

In this paper we analyze the security of the compression function of SHA-1 against collision attacks, or equivalently free-start collisions on the hash function. While a lot of work has been dedicated to the analysis of SHA-1 in the past decade, this is the first time that free-start collisions have been considered for this function. We exploit the additional freedom provided by this model by using a new start-from-the-middle approach in combination with improvements on the cryptanalysis tools that have been developed for SHA-1 in the recent years. This results in particular in better differential paths than the ones used for hash function collisions so far. Overall, our attack requires about $2^{50}$ evaluations of the compression function in order to compute a one-block free-start collision for a 76-step reduced version, which is so far the highest number of steps reached for a collision on the SHA-1 compression function. We have developed an efficient GPU framework for the highly branching code typical of a cryptanalytic collision attack and used it in an optimized implementation of our attack on recent GTX 970 GPUs. We report that a single cheap US\$ 350 GTX 970 is sufficient to find the collision in less than 5 days. This showcases how recent mainstream GPUs seem to be a good platform for expensive and even highly-branching cryptanalysis computations. Finally, our work should be taken as a reminder that cryptanalysis on SHA-1 continues to improve. This is yet another proof that the industry should quickly move away from using this function

Type-2 fuzzy linear systems

Fuzzy Linear Systems (FLSs) are used in practical situations where some of the systems parameters or variables are uncertain. To date, investigations conducted on FLSs are restricted to those in which the uncertainty is assumed to be modeled by Type-1 Fuzzy Sets (T1FSs). However, there are many situations where considering the uncertainty as T1FSs may not be possible due to different interpretations of experts about the uncertainty. Moreover, solutions of FLSs are T1FSs which do not provide any information about a measure of the dispersion of uncertainty around the T1FSs. Therefore, in this research a model of uncertain linear equations system called a type-2 fuzzy linear system is presented to overcome the shortcomings. The uncertainty is represented by a special class of type-2 fuzzy sets – triangular perfect quasi type-2 fuzzy numbers. Additionally, conditions for the existence of a unique type–2 fuzzy solution to the linear system are derived. A definition of a type-2 fuzzy solution is also given. The applicability of the proposed model is illustrated using examples in the pulp and paper industry, and electrical engineering

Developing and Pretesting a Text Messaging Program for Health Behavior Change

Background: A growing body of evidence demonstrates that text messaging-based programs (short message service [SMS]) on mobile phones can help people modify health behaviors. Most of these programs have consisted of automated and sometimes interactive text messages that guide a person through the process of behavior change. Objective: This paper provides guidance on how to develop text messaging programs aimed at changing health behaviors. Methods: Based on their collective experience in designing, developing, and evaluating text messaging programs and a review of the literature, the authors drafted the guide. One author initially drafted the guide and the others provided input and review. Results: Steps for developing a text messaging program include conducting formative research for insights into the target audience and health behavior, designing the text messaging program, pretesting the text messaging program concept and messages, and revising the text messaging program. Conclusions: The steps outlined in this guide may help in the development of SMS-based behavior change programs

Unaligned Rebound Attack: Application on Keccak

We analyze the internal permutations of Keccak, one of the NIST SHA-3 competition finalists, in regard to differential properties. By carefully studying the elements composing those permutations, we are able to derive most of the best known differential paths for up to 5 rounds. We use these differential paths in a rebound attack setting and adapt this powerful freedom degrees utilization in order to derive distinguishers for up to 8 rounds of the internal permutations of the submitted version of Keccak. The complexity of the 8 round distinguisher is $2^{491.47}$. Our results have been implemented and verified experimentally on a small version of Keccak. This is currently the best known differential attack against the internal permutations of Keccak

“My First Thought was Croutons”: Perceptions of Cigarettes and Cigarette Smoke Constituents Among Adult Smokers and Nonsmokers

Understanding what people think about harmful and potentially harmful constituents in cigarettes and cigarette smoke has new urgency given legislation requiring US Food and Drug Administration (FDA) to disclose constituent information. Our study sought to obtain qualitative information on what people think about these constituents and the language they use to talk about them

Nonlinear spectral calculus and super-expanders

Nonlinear spectral gaps with respect to uniformly convex normed spaces are shown to satisfy a spectral calculus inequality that establishes their decay along Cesaro averages. Nonlinear spectral gaps of graphs are also shown to behave sub-multiplicatively under zigzag products. These results yield a combinatorial construction of super-expanders, i.e., a sequence of 3-regular graphs that does not admit a coarse embedding into any uniformly convex normed space.Comment: Typos fixed based on referee comments. Some of the results of this paper were announced in arXiv:0910.2041. The corresponding parts of arXiv:0910.2041 are subsumed by the current pape

Quenched QCD at finite density

Simulations of quenched $QCD$ at relatively small but {\it nonzero} chemical potential $\mu$ on $32 \times 16^3$ lattices indicate that the nucleon screening mass decreases linearly as $\mu$ increases predicting a critical chemical potential of one third the nucleon mass, $m_N/3$, by extrapolation. The meson spectrum does not change as $\mu$ increases over the same range, from zero to $m_\pi/2$. Past studies of quenched lattice QCD have suggested that there is phase transition at $\mu = m_\pi/2$. We provide alternative explanations for these results, and find a number of technical reasons why standard lattice simulation techniques suffer from greatly enhanced fluctuations and finite size effects for $\mu$ ranging from $m_\pi/2$ to $m_N/3$. We find evidence for such problems in our simulations, and suggest that they can be surmounted by improved measurement techniques.Comment: 23 pages, Revte

Pathologies of Quenched Lattice QCD at non--zero Density and its Effective Potential

We simulate lattice QCD at non--zero baryon density and zero temperature in the quenched approximation, both in the scaling region and in the infinite coupling limit. We investigate the nature of the forbidden region -- the range of chemical potential where the simulations grow prohibitively expensive, and the results, when available, are puzzling if not unphysical. At weak coupling we have explored the sensitivity of these pathologies to the lattice size, and found that using a large lattice ($64 \times 16^3$) does not remove them. The effective potential sheds considerable light on the problems in the simulations, and gives a clear interpretation of the forbidden region. The strong coupling simulations were particularly illuminating on this point.Comment: 49 pages, uu-encoded expanding to postscript;also available at ftp://hlrz36.hlrz.kfa-juelich.de/pub/mpl/hlrz72_95.p