Related Randomness Attacks for Public Key Encryption

Abstract. Several recent and high-profile incidents give cause to believe that randomness failures of various kinds are endemic in deployed cryptographic systems. In the face of this, it behoves cryptographic researchers to develop methods to immunise – to the extent that it is possible – cryptographic schemes against such failures. This paper considers the practically-motivated situation where an adversary is able to force a public key encryption scheme to reuse random values, and functions of those values, in encryption computations involving adversarially chosen public keys and messages. It presents a security model appropriate to this situation, along with variants of this model. It also provides necessary conditions on the set of functions used in order to attain this security notation, and demonstrates that these conditions are also sufficient in the Random Oracle Model. Further standard model constructions achieving weaker security notions are also given, with these constructions having interesting connections to other primitives including: pseudo-random functions that are secure in the related key attack setting; Correlated Input Secure hash functions; and public key encryption schemes that are secure in the auxiliary input setting (this being a special type of leakage resilience)

Improving Data-Driven Infrastructure Degradation Forecast Skill with Stepwise Asset Condition Prediction Models

Organizations with large facility and infrastructure portfolios have used asset management databases for over ten years to collect and standardize asset condition data. Decision makers use these data to predict asset degradation and expected service life, enabling prioritized maintenance, repair, and renovation actions that reduce asset life-cycle costs and achieve organizational objectives. However, these asset condition forecasts are calculated using standardized, self-correcting distribution models that rely on poorly-fit, continuous functions. This research presents four stepwise asset condition forecast models that utilize historical asset inspection data to improve prediction accuracy: (1) Slope, (2) Weighted Slope, (3) Condition-Intelligent Weighted Slope, and (4) Nearest Neighbor. Model performance was evaluated against BUILDER SMS, the industry-standard asset management database, using data for five roof types on 8549 facilities across 61 U.S. military bases within the United States. The stepwise Weighted Slope model more accurately predicted asset degradation 92% of the time, as compared to the industry standard’s continuous self-correcting prediction model. These results suggest that using historical condition data, alongside or in-place of manufacturer expected service life, may increase the accuracy of degradation and failure prediction models. Additionally, as data quantity increases over time, the models presented are expected to improve prediction skills. The resulting improvements in forecasting enable decision makers to manage facility assets more proactively and achieve better returns on facility investments. © 2022 by the authors

Related Randomness Security for Public Key Encryption, Revisited

Motivated by the history of randomness failures in practical systems, Paterson, Schuldt, and Sibborn (PKC 2014) introduced the notion of related randomness security for public key encryption. In this paper, we firstly show an inherent limitation of this notion: if the family of related randomness functions is sufficiently rich to express the encryption function of the considered scheme, then security cannot be achieved. This suggests that achieving security for function families capable of expressing more complex operations, such as those used in random number generation, might be difficult. The current constructions of related randomness secure encryption in the standard model furthermore reflect this; full security is only achieved for function families with a convenient algebraic structure. We additionally revisit the seemingly optimal random oracle model construction by Paterson et al. and highlight its limitations. To overcome this difficulty, we propose a new notion which we denote related refreshable randomness security. This notion captures a scenario in which an adversary has limited time to attack a system before new entropy is added. More specifically, the number of encryption queries with related randomness the adversary can make before the randomness is refreshed, is bounded, but the adversary is allowed to make an unbounded total number of queries. Furthermore, the adversary is allowed to influence how entropy is added to the system. In this setting, we construct an encryption scheme which remains secure in the standard model for arbitrary function families of size $2^p$ (where $p$ is polynomial in the security parameter) that satisfy certain collision-resistant and output-unpredictability properties. This captures a rich class of functions, which includes, as a special case, circuits of polynomial size. Our scheme makes use of a new construction of a (bounded) related-key attack secure pseudorandom function, which in turn is based on a new flavor of the leftover hash lemma. These technical results might be of independent interest

An Efficient Convertible Undeniable Signature Scheme with Delegatable Verification

Undeniable signatures, introduced by Chaum and van Antwerpen, require a verifier to interact with the signer to verify a signature, and hence allow the signer to control the verifiability of his signatures. Convertible undeniable signatures, introduced by Boyar, Chaum, Damg\aa{}rd, and Pedersen, furthermore allow the signer to convert signatures to publicly verifiable ones by publicizing a verification token, either for individual signatures or for all signatures universally. In addition, the signer is able to delegate the ability to prove validity and convert signatures to a semi-trusted third party by providing a verification key. While the latter functionality is implemented by the early convertible undeniable signature schemes, most recent schemes do not consider this despite its practical appeal. In this paper we present an updated definition and security model for schemes allowing delegation, and highlight a new essential security property, token soundness, which is not formally treated in the previous security models for convertible undeniable signatures. We then propose a new convertible undeniable signature scheme. The scheme allows delegation of verification and is provably secure in the standard model assuming the computational co-Diffie-Hellman problem, a closely related problem, and the decisional linear problem are hard. Our scheme is, to the best of our knowledge, the currently most efficient convertible undeniable signature scheme which provably fulfills all security requirements in the standard model

Nanopore SimulatION – a raw data simulator for Nanopore Sequencing

Nanopore DNA sequencing enables the sequence determination of single DNA molecules up to 10,000 times longer than currently permitted by second-generation sequencing platforms. Nanopore sequencing gives real-time access to sequencing data and enables the detection of epigenetic modifications. This unique feature set is poised to foster the development of novel biomedical applications previously deemed unfeasible. Nanopore sequencing is based on picoampere scale measurement of current modulated by DNA or RNA polymers traveling through a nanometer opening between two compartments. Each of the five canonical nucleobases (A, T, G, C, U) has a characteristic electrical resistance, which ultimately enables the determination of the precise base sequence. However, a substantial computational effort is required to resolve the underlying sequence from a time-warped and noisy stream of digitized current measurements. Recently, a wide range of digital signal analysis and machine learning methods have been developed for Nanopore sequencing applications. Clinically relevant questions, such as the quantification of short repetitive DNA sequences remain an unresolved challenge to current generic, state-of-the-art nanopore data analysis methods. We believe realistic simulation of the signal stream can be instrumental in the development of tailored algorithms for such novel biomedical applications. Based on our work with the Oxford Nanopore Technologies MinION and PromethION platform, we have developed Nanopore SimulatION, a software package for the in silico generation of realistic, raw-signal-level data. Nanopore SimulatION starts from a reference genome in conjunction with a configuration and model file derived from real-world nanopore sequencing experiments as input. To validate our algorithm, we have sequenced custom synthetic DNA, and in so doing have generated a “ground-truth” data set potentially useful for downstream algorithm development. Additionally, we demonstrate Nanopore SimulatION` s utility for method development in typical clinical use cases

Statistical Attacks on Cookie Masking for RC4

Levillain et al. (AsiaCCS 2015) proposed two cookie masking methods, TLS Scramble and MCookies, to counter a class of attacks on SSL/TLS in which the attacker is able to exploit its ability to obtain many encryptions of a target HTTP cookie. In particular, the masking methods potentially make it viable to continue to use the RC4 algorithm in SSL/TLS. In this paper, we provide a detailed analysis of TLS Scramble and MCookies when used in conjunction with RC4 in SSL/TLS. We show that, in fact, both are vulnerable to variants of the known attacks against RC4 in SSL/TLS exploiting the Mantin biases (Mantin, EUROCRYPT 2005): * For the TLS Scramble mechanism, we provide a detailed statistical analysis coupled with extensive simulations that show that about $2^{37}$ encryptions of the cookie are sufficient to enable its recovery. * For the MCookies mechanism, our analysis is made more complex by the presence of a Base64 encoding step in the mechanism, which (unintentionally) acts like a classical block cipher S-box in the masking process. Despite this, we are able to develop a maximum likelihood analysis which provides a rigorous statistical procedure for estimating the unknown cookie. Based on simulations, we estimate that $2^{45}$ encryptions of the cookie are sufficient to enable its recovery. Taken together, our analyses show that the cookie masking mechanisms as proposed by Levillain et al. only moderately increase the security of RC4 in SSL/TLS

Ready Student One: Exploring the predictors of student learning in virtual reality

Immersive virtual reality (VR) has enormous potential for education, but classroom resources are limited. Thus, it is important to identify whether and when VR provides sufficient advantages over other modes of learning to justify its deployment. In a between-subjects experiment, we compared three methods of teaching Moon phases (a hands-on activity, VR, and a desktop simulation) and measured student improvement on existing learning and attitudinal measures. While a substantial majority of students preferred the VR experience, we found no significant differences in learning between conditions. However, we found differences between conditions based on gender, which was highly correlated with experience with video games. These differences may indicate certain groups have an advantage in the VR setting.Comment: 28 pages, 7 figures, 4 tables. Published in PLOS ONE March 25, 202

Spritz---a spongy RC4-like stream cipher and hash function.

This paper reconsiders the design of the stream cipher RC4, and proposes an improved variant, which we call ``Spritz\u27\u27 (since the output comes in fine drops rather than big blocks.) Our work leverages the considerable cryptanalytic work done on the original RC4 and its proposed variants. It also uses simulations extensively to search for biases and to guide the selection of intermediate expressions. We estimate that Spritz can produce output with about 24 cycles/byte of computation. Furthermore, our statistical tests suggest that about $2^{81}$ bytes of output are needed before one can reasonably distinguish Spritz output from random output; this is a marked improvement over RC4. [Footnote: However, see Appendix F for references to more recent work that suggest that our estimates of the work required to break Spritz may be optimistic.] In addition, we formulate Spritz as a ``sponge (or sponge-like) function,\u27\u27 (see Bertoni et al.), which can ``Absorb\u27\u27 new data at any time, and from which one can ``Squeeze\u27\u27 pseudorandom output sequences of arbitrary length. Spritz can thus be easily adapted for use as a cryptographic hash function, an encryption algorithm, or a message-authentication code generator. (However, in hash-function mode, Spritz is rather slow.

A Sustainable Prototype for Renewable Energy: Optimized Prime-Power Generator Solar Array Replacement

Remote locations such as disaster relief camps, isolated arctic communities, and military forward operating bases are disconnected from traditional power grids forcing them to rely on diesel generators with a total installed capacity of 10,000 MW worldwide. The generators require a constant resupply of fuel, resulting in increased operating costs, negative environmental impacts, and challenging fuel logistics. To enhance remote site sustainability, planners can develop stand-alone photovoltaic-battery systems to replace existing prime power generators. This paper presents the development of a novel cost-performance model capable of optimizing solar array and Li-ion battery storage size by generating tradeoffs between minimizing initial system cost and maximizing power reliability. A case study for the replacement of an 800 kW generator, the US Air Force’s standard for prime power at deployed locations, was analyzed to demonstrate the model and its capabilities. A MATLAB model, simulating one year of solar data, was used to generate an optimized solution to minimize initial cost while providing over 99% reliability. Replacing a single diesel generator would result in a savings of 1.9 million liters of fuel, eliminating 100 fuel tanker truck deliveries annually. The distinctive capabilities of this model enable designers to enhance environmental, economic, and operational sustainability of remote locations by creating energy self-sufficient sites, which can operate indefinitely without the need for resupply