Constructing TI-Friendly Substitution Boxes Using Shift-Invariant Permutations

The threat posed by side channels requires ciphers that can be efficiently protected in both software and hardware against such attacks. In this paper, we proposed a novel Sbox construction based on iterations of shift-invariant quadratic permutations and linear diffusions. Owing to the selected quadratic permutations, all of our Sboxes enable uniform 3-share threshold implementations, which provide first order SCA protections without any fresh randomness. More importantly, because of the shift-invariant property, there are ample implementation trade-offs available, in software as well as hardware. We provide implementation results (software and hardware) for a four-bit and an eight-bit Sbox, which confirm that our constructions are competitive and can be easily adapted to various platforms as claimed. We have successfully verified their resistance to first order attacks based on real acquisitions. Because there are very few studies focusing on software-based threshold implementations, our software implementations might be of independent interest in this regard

Actuación en zonas antiguas de pueblos y ciudades

Actuación en zonas antiguas de pueblos y ciudade

A First-Order SCA Resistant AES without Fresh Randomness

Since the advent of Differential Power Analysis (DPA) in the late 1990s protecting embedded devices against Side-Channel Analysis (SCA) attacks has been a major research effort. Even though many different first-order secure masking schemes are available today, when applied to the AES S-box they all require fresh random bits in every evaluation. As the quality criteria for generating random numbers on an embedded device are not well understood, an integrated Random Number Generator (RNG) can be the weak spot of any protected implementation and may invalidate an otherwise secure implementation. We present a new construction based on Threshold Implementations and Changing of the Guards to realize a first-order secure AES with zero per-round randomness. Hence, our design does not need a built-in RNG, thereby enhancing security and reducing the overhead

Tight informationally complete quantum measurements

We introduce a class of informationally complete positive-operator-valued measures which are, in analogy with a tight frame, "as close as possible" to orthonormal bases for the space of quantum states. These measures are distinguished by an exceptionally simple state-reconstruction formula which allows "painless" quantum state tomography. Complete sets of mutually unbiased bases and symmetric informationally complete positive-operator-valued measures are both members of this class, the latter being the unique minimal rank-one members. Recast as ensembles of pure quantum states, the rank-one members are in fact equivalent to weighted 2-designs in complex projective space. These measures are shown to be optimal for quantum cloning and linear quantum state tomography.Comment: 20 pages. Final versio

Single-Pair FRET Microscopy Reveals Mononucleosome Dynamics

We applied spFRET microscopy for direct observation of intranucleosomal DNA dynamics. Mononucleosomes, reconstituted with DNA containing a FRET pair at the dyad axis and exit of the nucleosome core particle, were immobilized through a 30 bp DNA tether on a polyethyleneglycol functionalized slide and visualized using Total Internal Reflection Fluorescence microscopy. FRET efficiency time-traces revealed two types of dynamics: acceptor blinking and intramolecular rearrangements. Both Cy5 and ATTO647N acceptor dyes showed severe blinking in a deoxygenated buffer in the presence of 2% βME. Replacing the triplet quencher βME with 1 mM Trolox eliminated most blinking effects. After suppression of blinking three subpopulations were observed: 90% appeared as dissociated complexes; the remaining 10% featured an average FRET efficiency in agreement with intact nucleosomes. In 97% of these intact nucleosomes no significant changes in FRET efficiency were observed in the experimentally accessible time window ranging from 10 ms to 10’s of seconds. However, 3% of the intact nucleosomes showed intervals with reduced FRET efficiency, clearly distinct from blinking, with a lifetime of 120 ms. These fluctuations can unambiguously be attributed to DNA breathing. Our findings illustrate not only the merits but also typical caveats encountered in single-molecule FRET studies on complex biological systems

Genes in S and T Subgenomes Are Responsible for Hybrid Lethality in Interspecific Hybrids between Nicotiana tabacum and Nicotiana occidentalis

Many species of Nicotiana section Suaveolentes produce inviable F(1) hybrids after crossing with Nicotiana tabacum (genome constitution SSTT), a phenomenon that is often called hybrid lethality. Through crosses with monosomic lines of N. tabacum lacking a Q chromosome, we previously determined that hybrid lethality is caused by interaction between gene(s) on the Q chromosome belonging to the S subgenome of N. tabacum and gene(s) in Suaveolentes species. Here, we examined if hybrid seedlings from the cross N. occidentalis (section Suaveolentes)×N. tabacum are inviable despite a lack of the Q chromosome.Hybrid lethality in the cross of N. occidentalis×N. tabacum was characterized by shoots with fading color. This symptom differed from what has been previously observed in lethal crosses between many species in section Suaveolentes and N. tabacum. In crosses of monosomic N. tabacum plants lacking the Q chromosome with N. occidentalis, hybrid lethality was observed in hybrid seedlings either lacking or possessing the Q chromosome. N. occidentalis was then crossed with two progenitors of N. tabacum, N. sylvestris (SS) and N. tomentosiformis (TT), to reveal which subgenome of N. tabacum contains gene(s) responsible for hybrid lethality. Hybrid seedlings from the crosses N. occidentalis×N. tomentosiformis and N. occidentalis×N. sylvestris were inviable.Although the specific symptoms of hybrid lethality in the cross N. occidentalis×N. tabacum were similar to those appearing in hybrids from the cross N. occidentalis×N. tomentosiformis, genes in both the S and T subgenomes of N. tabacum appear responsible for hybrid lethality in crosses with N. occidentalis

Does Coupling Affect the Security of Masked Implementations?

Masking schemes achieve provable security against side-channel analysis by using secret sharing to decorrelate key-dependent intermediate values of the cryptographic algorithm and side-channel information. Masking schemes make assumptions on how the underlying leakage mechanisms of hardware or software behave to account for various physical effects. In this paper, we investigate the effect of the physical placement on the security using leakage assessment on power measurements collected from an FPGA. In order to differentiate other masking failures, we use threshold implementations as masking scheme in conjunction with a high-entropy pseudorandom number generator. We show that we can observe differences in---possibly---exploitable leakage by placing functions corresponding to different shares of a cryptographic implementation in close proximity

Phase Behavior of Polyelectrolyte Block Copolymers in Mixed Solvents

We have studied the phase behavior of the poly(n-butyl acrylate)-b-poly(acrylic acid) block copolymer in a mixture of two miscible solvents, water and tetrahydrofuran (THF). The techniques used to examine the different polymers, structures and phases formed in mixed solvents were static and dynamic light scattering, small-angle neutron scattering, nuclear magnetic resonance and fluorescence microscopy. By lowering the water/THF mixing ratio X, the sequence unimers, micron-sized droplets, polymeric micelles was observed. The transition between unimers and the micron-sized droplets occurred at X = 0.75, whereas the microstructuration into core-shell polymeric micelles was effective below X = 0.4. At intermediate mixing ratios, a coexistence between the micron-sized droplets and the polymeric micelles was observed. Combining the different aforementioned techniques, it was concluded that the droplet dispersion resulted from a solvent partitioning that was induced by the hydrophobic blocks. Comparison of poly(n-butyl acrylate) homopolymers and poly(n-butyl acrylate)-b-poly(acrylic acid) block copolymers suggested that the droplets were rich in THF and concentrated in copolymers and that they were stabilized by the hydrophilic poly(acrylic acid) moieties.Comment: 11 pages, 12 figures, to appear in Macromolecule

A Comparison of Chi^2-Test and Mutual Information as Distinguisher for Side-Channel Analysis

Masking is known as the most widely studied countermeasure against side-channel analysis attacks. Since a masked implementation is based on a certain number of shares (referred to as the order of masking), it still exhibits leakages at higher orders. In order to exploit such leakages, higher-order statistical moments individually at each order need to be estimated reflecting the higher-order attacks. Instead, Mutual Information Analysis (MIA) known for more than 10 years avoids such a moment-based analysis by considering the entire distribution for the key recovery. Recently the $\chi^2$-test has been proposed for leakage detection and as a distinguisher where also the whole distribution of the leakages is analyzed. In this work, we compare these two schemes to examine their dependency. Indeed, one of the goals of this research is to conclude whether one can outperform the other. In addition to a theoretical comparison, we present two case studies and their corresponding practical evaluations. Both case studies are masked hardware implementations; one is an FPGA-based realization of a threshold implementation of PRESENT, and the other is an AES implementation as a coprocessor on a commercial smart card