Of Ecosystems and Economies: Re-connecting Economics with Reality

This discussion paper looks at the connections between economies and ecosystems, or more generally biophysical reality. The term "economies" is used, rather than "the economy", because of the prevalent false claim that there is only one type of economic system that is possible. We outline how the ecological crises is linked to the dominant drive for economic growth and the tendency to equate growth with progress and development; common even amongst those apparently critical of the need for continued growth in the materially rich countries. The unreality of mainstream economics is epitomised by the accolades given to those justifying mild reformist policy in response to human induced climate change in order to continue the pursuit of economic growth. We emphasise the structural aspects of economies as emergent from and dependent upon the structure and functioning of both society and ecology (energy and material flows). Finally, that the structure of the global economy must change to avoid social ecological collapse, poses the questions of how that can be achieved and what sort of economics is necessary? We explain the need for: (i) a structural change that addresses the currently dysfunctional relationships between economic, social and ecological systems, and (ii) an economics that is interdisciplinary and realist about its social and natural science relations.Series: SRE - Discussion Paper

A Measure of Dependence for Cryptographic Primitives Relative to Ideal Functions

In this work we present a modification of a well-established measure of dependence appropriate for the analysis of stopping times for adversarial processes on cryptographic primitives. We apply this measure to construct generic criteria for the ideal behavior of fixed functions in both the random oracle and ideal permutation setting. More significantly, we provide a nontrivial extension of the notion of hash function indifferentiability, transporting the theory from the status of providing security arguments for protocols utilizing ideal primitives into the more realistic setting of protocol assurance with fixed functions. The methodology this measure introduces to indifferentiability analysis connects the security of a hash function with an indifferentiable mode to the security of the underlying compression function in a quantitative way; thus, we prove that dependence results on cryptographic primitives provide a direct means of determining the practical resistance or vulnerability of protocols employing such primitives

A Nonlinear Multivariate Cryptosystem Based on a Random Linear Code

We introduce a new technique for building multivariate encryption schemes based on random linear codes. The construction is versatile, naturally admitting multiple modifications. Among these modifications is an interesting embedding modifier--- any efficiently invertible multivariate system can be embedded and used as part of the inversion process. In particular, even small scale secure multivariate signature schemes can be embedded producing reasonably efficient encryption schemes. Thus this technique offers a bridge between multivariate signatures, many of which have remained stable and functional for many years, and multivariate encryption, a historically more troubling area

Utvikling av arealstatistikk for tettstedsnære områder : Muligheter og begrensninger

Formålet med dette prosjektet har vært å se på hvilke muligheter og begrensninger som ligger i å produsere en egen arealstatistikk for tettstedsnære områder. Ved hjelp av enkle metoder i geografiske informasjonssystemer (GIS) er det forsøksvis produsert statistikk for de tettstedsnære områdene til tettstedet Fredrikstad/Sarpsborg, med fokus på endring i perioden 1994-98. Statistikken belyser flere aktuelle problemstillinger og målsettinger innen det arealpolitiske feltet, spesielt i forhold til arealbruk og utbyggingsmønster, men også i forhold til jordvern, friluftsliv, naturvern og kulturminner. Erfaringene fra case-studien viser at man på en enkel måte kan oppnå en utfyllende arealbruksstatistikk. Knyttet sammen med tettstedsstatistikk, vil denne statistikken i neste omgang kunne gi et godt grunnlag for å analysere tettstedsutviklingen både på nasjonalt og på lokalt nivå

Practical Cryptanalysis of k-ary C*

Recently, an article by Felke appeared in Cryptography and Communications discussing the security of biquadratic C* and a further generalization, k-ary C*. The article derives lower bounds for the complexity of an algebraic attack, directly inverting the public key, under an assumption that the first-fall degree is a good approximation of the solving degree, an assumption that the paper notes requires ``greater justification and clarification. In this work, we provide a practical attack breaking all k-ary C* schemes. The attack is based on differential techniques and requires nothing but the ability to evaluate the public key and solve linear systems. In particular, the attack breaks the parameters provided in CryptoChallenge11 by constructing and solving linear systems of moderate size in a few minutes

Extracting Linearization Equations from Noisy Sources

This note was originally written under the name ``On the Security of HMFEv\u27\u27 and was submitted to PQCrypto 2018. The author was informed by the referees of his oversight of an eprint work of the same name by Hashimoto, see eprint article /2017/689/, that completely breaks HMFEv, rendering the result on HMFEv obsolete. Still, the author feels that the technique used here is interesting and that, at least in principal, this method could contribute to future cryptanalysis. Thus, with a change of title indicating the direction in which this work is leading, we present the original work with all of its oversights intact and with minimal correction (only references fixed). At PQCRYPTO 2017, a new multivariate digital signature based on Multi-HFE and utilizing the vinegar modifier was proposed. The vinegar modifier increases the Q-rank of the central map, preventing a direct application of the MinRank attack that defeated Multi-HFE. The authors were, therefore, confident enough to choose aggressive parameters for the Multi-HFE component of the central map (with vinegar variables fixed). Their analysis indicated that the security of the scheme depends on the sum of the number of variables $k$ over the extension field and the number $v$ of vinegar variables with the individual values being unimportant as long as they are not ``too small.\u27\u27 We analyze the consequences of this choice of parameters and derive some new attacks showing that the parameter $v$ must be chosen with care

A Total Break of the Scrap Digital Signature Scheme

Recently a completely new post-quantum digital signature scheme was proposed using the so called ``scrap automorphisms\u27\u27. The structure is inherently multivariate, but differs significantly from most of the multivariate literature in that it relies on sparsity and rings containing zero divisors. In this article, we derive a complete and total break of Scrap, performing a key recovery in not much more time than verifying a signature. We also generalize the result, breaking unrealistic instances of the scheme for which there is no particularly efficient signing algorithm and key sizes are unmanageable

Properties of the Discrete Differential with Cryptographic Applications

Recently, the $C^{*-}$ signature scheme has been completely broken by Dubois et al. (Dubois et al., CRYPTO and EUROCRYPT 2007). As a consequence, the security of SFLASH and other multivariate public key systems have been impaired. The attacks presented in (Dubois et al., CRYPTO and EUROCRYPT 2007) rely on a symmetry of the differential of the encryption mapping. In (Ding et al., 2007), Ding et al. experimentally justify the use projection as a method of avoiding the new attack. In this paper, we derive some properties of the discrete differential, give a theoretical justification for the reparation in (Ding et al., 2007), and establish the exact context in which this attack is applicable

A Total Break of the 3WISE Digital Signature Scheme

A new batch of ``complete and proper\u27\u27 digital signature scheme submissions has recently been published by NIST as part of its process for establishing post-quantum cryptographic standards. This note communicates an attack on the 3WISE digital signature scheme that the submitters did not wish to withdraw after NIST communicated it to them. While the 3WISE digital signature scheme is based on a collection of cubic maps which are naturally modeled as symmetric 3-tensors and 3-tensor rank is a difficult problem, the multivariate signature scheme is still vulnerable to MinRank attacks upon projection. We are able to break the NIST security level I parameters within a few seconds. Since the attack is polynomial time, there is no reparametrization resulting in a secure scheme

New Practical Multivariate Signatures from a Nonlinear Modifier

Multivariate cryptography is dominated by schemes supporting various tweaks, or ``modifiers,\u27\u27 designed to patch certain algebraic weaknesses they would otherwise exhibit. Typically these modifiers are linear in nature--- either requiring an extra composition with an affine map, or being evaluated by a legitimate user via an affine projection. This description applies to the minus, plus, vinegar and internal perturbation modifiers, to name a few. Though it is well-known that combinations of various modifiers can offer security against certain classes of attacks, cryptanalysts have produced ever more sophisticated attacks against various combinations of these linear modifiers. In this article, we introduce a more fundamentally nonlinear modifier, called Q, that is inspired from relinearization. The effect of the Q modifier on multivariate digital signature schemes is to maintain inversion efficiency at the cost of slightly slower verification and larger public keys, while altering the algebraic properties of the public key. Thus the Q modifier is ideal for applications of digital signature schemes requiring very fast signing and verification without key transport. As an application of this modifier, we propose new multivariate digital signature schemes with fast signing and verification that are resistant to all known attacks