Simple Vs Vectorial: Exploiting Structural Symmetry to Beat the ZeroSum Distinguisher Applications to SHA3, Xoodyak and Bash

Higher order differential properties constitute a very insightful tool at the hands of a cryptanalyst allowing for probing a cryptographic primitive from an algebraic perspective. In FSE 2017, Saha et al. reported SymSum (referred to as SymSum_Vec in this paper), a new distinguisher based on higher order vectorial Boolean derivatives of SHA-3, constituting one of the best distinguishers on the latest cryptographic hash standard. SymSum_Vec exploits the difference in the algebraic degree of highest degree monomials in the algebraic normal form of SHA-3 with regards to their dependence on round constants. Later in Africacrypt 2020, Suryawanshi et al. extended SymSum_Vec using linearization techniques and in SSS 2023 also applied it to NIST-LWC finalist Xoodyak. However, a major limitation of SymSum_Vec is the maximum attainable derivative (MAD) which is less than half of the widely studied ZeroSum distinguisher. This is attributed to SymSum_Vec being dependent on m−fold vectorial derivatives while ZeroSum relies on m−fold simple derivatives. In this work we overcome this limitation of SymSum_Vec by developing and validating the theory of computing SymSum_Vec with simple derivatives. This gives us a close to 100% improvement in the MAD that can be computed. The new distinguisher reported in this work can also be combined with one/two-round linearization to penetrate more rounds. Moreover, we identify an issue with the two-round linearization claim made by Suryawanshi et al. which renders it invalid and also furnish an algebraic fix at the cost of some additional constraints. Combining all results we report SymSum_Sim , a new variant of the SymSum_Vec distinguisher based on m−fold simple derivatives that outperforms ZeroSum by a factor of $2^{257}$, $2^{129}$ for 10-round SHA-3-384 and 9-round SHA-3-512 respectively while enjoying the same MAD as ZeroSum. For every other SHA-3 variant, SymSum_Sim maintains an advantage of factor 2. Combined with one/two-round linearization, SymSum_Sim improves upon all existing ZeroSum and SymSum_Vec distinguishers on both SHA-3 and Xoodyak. As regards Keccak-p, the internal permutation of SHA-3, we report the best 15-round distinguisher with a complexity of $2^{256}$ and the first better than birthday-bound 16-round distinguisher with a complexity of $2^{512}$ (improving upon the 15/16-round results by Guo et al. in Asiacrypt 2016). We also devise the best full-round distinguisher on the Xoodoo internal permutation of Xoodyak with a practically verifiable complexity of $2^{32}$ and furnish the first third-party distinguishers on the Belarushian hash function Bash. All distinguishers furnished in this work have been verified through implementations whenever practically viable. Overall, with the MAD barrier broken, SymSum_Sim emerges as a better distinguisher than ZeroSum on all fronts and adds to the state-of-the-art of cryptanalytic tools investigating non-randomness of crypto primitives

Sleep oscillation-specific associations with Alzheimer’s disease CSF biomarkers : novel roles for sleep spindles and tau

Background: Based on associations between sleep spindles, cognition, and sleep-dependent memory processing, here we evaluated potential relationships between levels of CSF Aβ42, P-tau, and T-tau with sleep spindle density and other biophysical properties of sleep spindles in a sample of cognitively normal elderly individuals. Methods: One-night in-lab nocturnal polysomnography (NPSG) and morning to early afternoon CSF collection were performed to measure CSF Aβ42, P-tau and T-tau. Seven days of actigraphy were collected to assess habitual total sleep time. Results: Spindle density during NREM stage 2 (N2) sleep was negatively correlated with CSF Aβ42, P-tau and T-tau. From the three, CSF T-tau was the most significantly associated with spindle density, after adjusting for age, sex and ApoE4. Spindle duration, count and fast spindle density were also negatively correlated with T-tau levels. Sleep duration and other measures of sleep quality were not correlated with spindle characteristics and did not modify the associations between sleep spindle characteristics and the CSF biomarkers of AD. Conclusions: Reduced spindles during N2 sleep may represent an early dysfunction related to tau, possibly reflecting axonal damage or altered neuronal tau secretion, rendering it a potentially novel biomarker for early neuronal dysfunction. Given their putative role in memory consolidation and neuroplasticity, sleep spindles may represent a mechanism by which tau impairs memory consolidation, as well as a possible target for therapeutic interventions in cognitive decline