A Practical Cryptanalysis of the Algebraic Eraser

Anshel, Anshel, Goldfeld and Lemieaux introduced the Colored Burau Key Agreement Protocol (CBKAP) as the concrete instantiation of their Algebraic Eraser scheme. This scheme, based on techniques from permutation groups, matrix groups and braid groups, is designed for lightweight environments such as RFID tags and other IoT applications. It is proposed as an underlying technology for ISO/IEC 29167-20. SecureRF, the company owning the trademark Algebraic Eraser, has presented the scheme to the IRTF with a view towards standardisation. We present a novel cryptanalysis of this scheme. For parameter sizes corresponding to claimed 128-bit security, our implementation recovers the shared key using less than 8 CPU hours, and less than 64MB of memory.Comment: 15 pages. Updated references, with brief comments added. Minor typos corrected. Final version, accepted for CRYPTO 201

Generation of eigenstates using the phase-estimation algorithm

The phase estimation algorithm is so named because it allows the estimation of the eigenvalues associated with an operator. However it has been proposed that the algorithm can also be used to generate eigenstates. Here we extend this proposal for small quantum systems, identifying the conditions under which the phase estimation algorithm can successfully generate eigenstates. We then propose an implementation scheme based on an ion trap quantum computer. This scheme allows us to illustrate two simple examples, one in which the algorithm effectively generates eigenstates, and one in which it does not.Comment: 5 pages, 3 Figures, RevTeX4 Introduction expanded, typos correcte

Quantum-noise--randomized data-encryption for WDM fiber-optic networks

We demonstrate high-rate randomized data-encryption through optical fibers using the inherent quantum-measurement noise of coherent states of light. Specifically, we demonstrate 650Mbps data encryption through a 10Gbps data-bearing, in-line amplified 200km-long line. In our protocol, legitimate users (who share a short secret-key) communicate using an M-ry signal set while an attacker (who does not share the secret key) is forced to contend with the fundamental and irreducible quantum-measurement noise of coherent states. Implementations of our protocol using both polarization-encoded signal sets as well as polarization-insensitive phase-keyed signal sets are experimentally and theoretically evaluated. Different from the performance criteria for the cryptographic objective of key generation (quantum key-generation), one possible set of performance criteria for the cryptographic objective of data encryption is established and carefully considered.Comment: Version 2: Some errors have been corrected and arguments refined. To appear in Physical Review A. Version 3: Minor corrections to version

Ocean change within shoreline communities: from biomechanics to behaviour and beyond

Humans are changing the physical properties of Earth. In marine systems, elevated carbon dioxide concentrations are driving notable shifts in temperature and seawater chemistry. Here, we consider consequences of such perturbations for organism biomechanics and linkages amongst species within communities.In particular,we examine case examples of altered morphologies and material properties, disrupted consumer–prey behaviours, and the potential for modulated positive (i.e. facilitative) interactions amongst taxa, as incurred through increasing ocean acidity and rising temperatures. We focus on intertidal rocky shores of temperate seas as model systems, acknowledging the longstanding role of these communities in deciphering ecological principles. Our survey illustrates the broad capacity for biomechanical and behavioural shifts in organisms to influence the ecology of a transforming worl

Allelopathy And Weed Competition

Currently, only two herbicides, Londax® (bensulfuron) and Taipan® (benzofenap) are available for the effective control of all four major broadleaf weeds infesting NSW rice paddocks. Prolonged and widespread use of these two herbicides in the rice growing regions increases the threat of herbicide resistance. The low likelihood of new herbicides in the foreseeable future increases the impact of herbicide resistance on the Australian rice industry. Allelopathy, chemical interactions between plants, is an alternative control option. Weeds could be controlled by using crops which have been developed to exert their own weed control by releasing chemicals into the soil. These naturally occurring compounds could play a valuable role in an integrated weed management system, potentially reducing the amount of synthetic herbicides required for weed control. In rice, the potential use of allelopathy in weed control has been explored by several researchers worldwide. Funding for work on allelopathic potential was provided by the Rice CRC as they recognised that the Australian weed community is very different and many of the weeds infesting rice paddocks are typically Australian problems not likely to be tackled by international research groups. Twenty-seven rice cultivars were examined in the laboratory for their allelopathic potential against several currently important and potentially important rice weeds in Australia, namely barnyard grass (Echinochloa crus-galli), dirty dora (Cyperus difformis), lance-leaved water plantain (Alisma lanceolatum), starfruit (Damasonium minus), arrowhead (Sagittaria montevidensis) and S. graminea. Weed root growth inhibition ranged from 0.3 % to 93.6 % of the control depending on the cultivar and the weed species being tested. One weed was actually stimulated by Langi. Several rice varieties significantly inhibited root growth of more than one weed. A field trial using starfruit as the test species was conducted to see if those cultivars which inhibited starfruit in the laboratory experiment also inhibited starfruit in the field and to determine whether allelopathy was an important factor in the resulting field performance. Twenty-four cultivars were used in a field trial based at the Yanco Agricultural Institute. Starfruit dry matter was measured as an indicator of weed inhibition. It was found that there was a correlation between laboratory and field results, and that allelopathy was an important contributor to field performance of a rice variety

Public Evidence from Secret Ballots

Elections seem simple---aren't they just counting? But they have a unique, challenging combination of security and privacy requirements. The stakes are high; the context is adversarial; the electorate needs to be convinced that the results are correct; and the secrecy of the ballot must be ensured. And they have practical constraints: time is of the essence, and voting systems need to be affordable and maintainable, and usable by voters, election officials, and pollworkers. It is thus not surprising that voting is a rich research area spanning theory, applied cryptography, practical systems analysis, usable security, and statistics. Election integrity involves two key concepts: convincing evidence that outcomes are correct and privacy, which amounts to convincing assurance that there is no evidence about how any given person voted. These are obviously in tension. We examine how current systems walk this tightrope.Comment: To appear in E-Vote-Id '1

A kilobit hidden SNFS discrete logarithm computation

We perform a special number field sieve discrete logarithm computation in a 1024-bit prime field. To our knowledge, this is the first kilobit-sized discrete logarithm computation ever reported for prime fields. This computation took a little over two months of calendar time on an academic cluster using the open-source CADO-NFS software. Our chosen prime $p$ looks random, and $p--1$ has a 160-bit prime factor, in line with recommended parameters for the Digital Signature Algorithm. However, our p has been trapdoored in such a way that the special number field sieve can be used to compute discrete logarithms in $\mathbb{F}\_p^*$ , yet detecting that p has this trapdoor seems out of reach. Twenty-five years ago, there was considerable controversy around the possibility of back-doored parameters for DSA. Our computations show that trapdoored primes are entirely feasible with current computing technology. We also describe special number field sieve discrete log computations carried out for multiple weak primes found in use in the wild. As can be expected from a trapdoor mechanism which we say is hard to detect, our research did not reveal any trapdoored prime in wide use. The only way for a user to defend against a hypothetical trapdoor of this kind is to require verifiably random primes

Basic concepts in quantum computation

Section headings: 1 Qubits, gates and networks 2 Quantum arithmetic and function evaluations 3 Algorithms and their complexity 4 From interferometers to computers 5 The first quantum algorithms 6 Quantum search 7 Optimal phase estimation 8 Periodicity and quantum factoring 9 Cryptography 10 Conditional quantum dynamics 11 Decoherence and recoherence 12 Concluding remarksComment: 37 pages, lectures given at les Houches Summer School on "Coherent Matter Waves", July-August 199