34 research outputs found
The Early Archaic Record in the Gunnison Basin, Colorado: An Investigation of Projectile Point Technology and Settlement Patterns
In comparison to the Late Paleoindian Period (11,500β8,400 B.P.), the Early
Archaic (8,400β6,400 B.P.) in the Gunnison Basin, Colorado is a poorly understood
time because of its relatively light archaeological signature. Not only is the
archaeological record more ephemeral, but we also see a change in technologies, such
as projectile points types, in this transitional period. Some archaeologists explain these
observations as a result of changing environments caused by the Altithermal and
shifting settlement processes as people adjusted to these changes. Adding to the
muddled picture of the Early Archaic is the sometimes inappropriate application of
projectile point typologies to diagnostic bifaces found in the Gunnison basin. No
comprehensive typology exists for Archaic projectile points in the Southern Rocky
Mountains and, as a result, archeologists often apply the typology they are most familiar
with on projects in the Gunnison Basin. Using established typologies from regions
adjacent to, and from, the Southern Rocky Mountains, I examine projectile points from
the Gunnison Basin to determine what Early Archaic projectile points are present in the
area. Then, using ArcGIS, I investigate the settlement patterns of the people who lived
in the Gunnison Basin during the Early Archaic period. Based on the results of my
study, I argue that during the Early Archaic a link exists between the Great Basin and
the Gunnison Basin in the form of a movement of people or the movement of
knowledge and ideas, or possibly both. More investigation is required to make a
definitive statement, but this thesis can serve as a basis for more research into the Early
Archaic record of the Gunnison Basin
Cryptanalysis of SKINNY in the Framework of the SKINNY 2018--2019 Cryptanalysis Competition
In April 2018, Beierle et al. launched the 3rd SKINNY cryptanalysis competition, a contest that aimed at motivating the analysis of their recent tweakable block cipher SKINNY . In contrary to the previous editions, the focus was made on practical attacks: contestants were asked to recover a 128-bit secret key from a given set of 2^20 plaintext blocks. The suggested SKINNY instances are 4- to 20-round reduced variants of SKINNY-64-128 and SKINNY-128-128. In this paper, we explain how to solve the challenges for 10-round SKINNY-128-128 and for 12-round SKINNY-64-128 in time equivalent to roughly 2^52 simple operations. Both techniques benefit from the highly biased sets of messages that are provided and that actually correspond to the encryption of various books in ECB mode
Single Tweakey Cryptanalysis of Reduced-Round SKINNY-64
Skinny is a lightweight tweakable block cipher which received a great deal of
cryptanalytic attention following its elegant structure and efficiency. Inspired
by the Skinny competitions, multiple attacks on it were reported in different
settings (e.g. single vs. related-tweakey) using different techniques
(impossible differentials, meet-in-the-middle, etc.). In this paper we revisit
some of these attacks, identify issues with several of them, and offer a series
of improved attacks which were experimentally verified. Our best attack can
attack up to 18 rounds using chosen ciphertexts data, time, and
memory
Mind the Gap - A Closer Look at the Security of Block Ciphers against Differential Cryptanalysis
Resistance against differential cryptanalysis is an important design criteria for any modern block cipher and most designs rely on finding some upper bound on probability of single differential characteristics. However, already at EUROCRYPT'91, Lai et al. comprehended that differential cryptanalysis rather uses differentials instead of single characteristics.
In this paper, we consider exactly the gap between these two approaches and investigate this gap in the context of recent lightweight cryptographic primitives. This shows that for many recent designs like Midori, Skinny or Sparx one has to be careful as bounds from counting the number of active S-boxes only give an inaccurate evaluation of the best differential distinguishers. For several designs we found new differential distinguishers and show how this gap evolves. We found an 8-round differential distinguisher for Skinny-64 with a probability of 2β56.932β56.93, while the best single characteristic only suggests a probability of 2β722β72. Our approach is integrated into publicly available tools and can easily be used when developing new cryptographic primitives.
Moreover, as differential cryptanalysis is critically dependent on the distribution over the keys for the probability of differentials, we provide experiments for some of these new differentials found, in order to confirm that our estimates for the probability are correct. While for Skinny-64 the distribution over the keys follows a Poisson distribution, as one would expect, we noticed that Speck-64 follows a bimodal distribution, and the distribution of Midori-64 suggests a large class of weak keys
Forkcipher: A New Primitive for Authenticated Encryption of Very Short Messages
This is an extended version of the article with the same title accepted at Asiacrypt 2019.International audienceHighly efficient encryption and authentication of short messages is an essential requirement for enabling security in constrained scenarios such as the CAN FD in automotive systems (max. message size 64 bytes), massive IoT, critical communication domains of 5G, and Narrowband IoT, to mention a few. In addition, one of the NIST lightweight cryptography project requirements is that AEAD schemes shall be βoptimized to be efficient for short messages (e.g., as short as 8 bytes)β. In this work we introduce and formalize a novel primitive in symmetric cryptography called a forkcipher. A forkcipher is a keyed function expanding a fixed-length input to a fixed-length output. We define its security as indistinguishability under chosen ciphertext attack. We give a generic construction validation via the new iterate-fork-iterate design paradigm. We then propose ForkSkinny as a concrete forkcipher instance with a public tweak and based on SKINNY: a tweakable lightweight block cipher constructed using the TWEAKEY framework. We conduct extensive cryptanalysis of ForkSkinny against classical and structure-specific attacks. We demonstrate the applicability of forkciphers by designing three new provably-secure, nonce-based AEAD modes which offer performance and security tradeoffs and are optimized for efficiency of very short messages. Considering a reference block size of 16 bytes, and ignoring possible hardware optimizations, our new AEAD schemes beat the best SKINNY-based AEAD modes. More generally, we show forkciphers are suited for lightweight applications dealing with predominantly short messages, while at the same time allowing handling arbitrary messages sizes. Furthermore, our hardware implementation results show that when we exploit the inherent parallelism of ForkSkinny we achieve the best performance when directly compared with the most efficient mode instantiated with the SKINNY block cipher
Universal Forgery and Multiple Forgeries of MergeMAC and Generalized Constructions
This article presents universal forgery and multiple forgeries against MergeMAC that has been recently proposed to fit scenarios where bandwidth is limited and where strict time constraints apply. MergeMAC divides an input message into two parts, , and its tag is computed by , where and are PRFs and is a public function. The tag size is 64 bits. The designers claim -bit security and imply a risk of accepting beyond-birthday-bound queries.
This paper first shows that it is inevitable to limit the number of queries up to the birthday bound, because a generic universal forgery against CBC-like MAC can be adopted to MergeMAC.
Afterwards another attack is presented that works with a very few number of queries, 3 queries and computations of , by applying a preimage attack against weak , which breaks the claimed security.
The analysis is then generalized to a MergeMAC variant where is replaced with a one-way function .
Finally, multiple forgeries are discussed in which the attacker\u27s goal is to improve the ratio of the number of queries to the number of forged tags. It is shown that the attacker obtains tags of messages only by making queries in the sense of existential forgery, and this is tight when messages have a particular structure. For universal forgery, tags for arbitrary chosen messages can be obtained by making queries
Randomized stopping times and provably secure pseudorandom permutation generators
Conventionally, key-scheduling algorithm (KSA) of a cryptographic scheme runs for predefined number of steps. We suggest a different approach by utilization of randomized stopping rules to generate permutations which are indistinguishable from uniform ones. We explain that if the stopping time of such a shuffle is a Strong Stationary Time and bits of the secret key are not reused then these algorithms are immune against timing attacks.
We also revisit the well known paper of Mironov~\cite{Mironov2002} which analyses a card shuffle which models KSA of RC4. Mironov states that expected time till reaching uniform distribution is while we prove that steps are enough (by finding a new strong stationary time for the shuffle).
Nevertheless, both cases require bits of randomness while one can replace the shuffle used in RC4 (and in Spritz) with a better shuffle which is optimal and needs only bits
Lightweight Authenticated Encryption Mode Suitable for Threshold Implementation
This paper proposes tweakable block cipher (TBC) based modes and that are efficient in threshold implementations (TI). Let be an algebraic degree of a target function, e.g.~ (resp.~) for linear (resp.~non-linear) function. The -th order TI encodes the internal state into shares. Hence, the area size increases proportionally to the number of shares. This implies that TBC based modes can be smaller than block cipher (BC) based modes in TI because TBC requires -bit block to ensure -bit security, e.g. \textsf{PFB} and \textsf{Romulus}, while BC requires -bit block. However, even with those TBC based modes, the minimum we can reach is 3 shares of -bit state with and the first-order TI ().
Our first design aims to break the barrier of the -bit state in TI. The block size of an underlying TBC is bits and the output of TBC is linearly expanded to bits. This expanded state requires only 2 shares in the first-order TI, which makes the total state size bits. We also provide rigorous security proof of . Our second design further increases a parameter : a ratio of the security level to the block size of an underlying TBC. We prove security of for any under some assumptions for an underlying TBC and for parameters used to update a state. Next, we show a concrete instantiation of for 128-bit security. It requires a TBC with 64-bit block, 128-bit key and 128-bit tweak, while no existing TBC can support it. We design a new TBC by extending \textsf{SKINNY} and provide basic security evaluation. Finally, we give hardware benchmarks of in the first-order TI to show that TI of is smaller than that of \textsf{PFB} by more than one thousand gates and is the smallest within the schemes having 128-bit security
Downregulation of Chloroplast RPS1 Negatively Modulates Nuclear Heat-Responsive Expression of HsfA2 and Its Target Genes in Arabidopsis
Heat stress commonly leads to inhibition of photosynthesis in higher plants. The transcriptional induction of heat stress-responsive genes represents the first line of inducible defense against imbalances in cellular homeostasis. Although heat stress transcription factor HsfA2 and its downstream target genes are well studied, the regulatory mechanisms by which HsfA2 is activated in response to heat stress remain elusive. Here, we show that chloroplast ribosomal protein S1 (RPS1) is a heat-responsive protein and functions in protein biosynthesis in chloroplast. Knockdown of RPS1 expression in the rps1 mutant nearly eliminates the heat stress-activated expression of HsfA2 and its target genes, leading to a considerable loss of heat tolerance. We further confirm the relationship existed between the downregulation of RPS1 expression and the loss of heat tolerance by generating RNA interference-transgenic lines of RPS1. Consistent with the notion that the inhibited activation of HsfA2 in response to heat stress in the rps1 mutant causes heat-susceptibility, we further demonstrate that overexpression of HsfA2 with a viral promoter leads to constitutive expressions of its target genes in the rps1 mutant, which is sufficient to reestablish lost heat tolerance and recovers heat-susceptible thylakoid stability to wild-type levels. Our findings reveal a heat-responsive retrograde pathway in which chloroplast translation capacity is a critical factor in heat-responsive activation of HsfA2 and its target genes required for cellular homeostasis under heat stress. Thus, RPS1 is an essential yet previously unknown determinant involved in retrograde activation of heat stress responses in higher plants