Improved Greedy Nonrandomness Detectors for Stream Ciphers

We consider the problem of designing distinguishers and nonrandomness detectors for stream ciphers using the maximum degree monomial test. We construct an improved algorithm to determine the subset of key and IV-bits used in the test. The algorithm is generic, and can be applied to any stream cipher. In addition to this, the algorithm is highly tweakable, and can be adapted depending on the desired computational complexity. We test the algorithm on the stream ciphers Grain-128a and Grain-128, and achieve significantly better results compared to an earlier greedy approach

An Efficient State Recovery Attack on the X-FCSR Family of Stream Ciphers

We describe a state recovery attack on the X-FCSR family of stream ciphers. In this attack we analyse each block of output keystream and try to solve for the state. The solver will succeed when a number of state conditions are satisfied. For X-FCSR-256, our best attack has a computational complexity of only 2^{4.7} table lookups per block of keystream, with an expected 2^{44.3} such blocks before the attack is successful. The precomputational storage requirement is 2^{33}. For X-FCSR-128, the computational complexity of our best attack is 2^{16.3} table lookups per block of keystream, where we expect 2^{55.2} output blocks before the attack comes through. The precomputational storage requirement for X-FCSR-128 is 2^{67}

The Efficiency of Optimal Sampling in the Random S-box Model

In this paper we show a closed caption formula for the efficiency of the optimal sampling technique in the random S-box model. This formula is derived by analyzing the given model and sampling technique using statistical techniques. We further generalize the original random S-box model in two ways; allowing multiple-bit entries, xor of several random S-box outputs. For all cases we show the corresponding closed caption efficiency formula. Using these new formulas, it is now possible to instantaneously give accurate analytical estimates of the output quality of random S-boxes. This can be of great practical importance in, for example, analysis and design of cryptographic primitives based on such building blocks

eavesROP: Listening for ROP Payloads in Data Streams (preliminary full version)

We consider the problem of detecting exploits based on return-oriented programming. In contrast to previous works we investigate to which extent we can detect ROP payloads by only analysing streaming data, i.e., we do not assume any modifications to the target machine, its kernel or its libraries. Neither do we attempt to execute any potentially malicious code in order to determine if it is an attack. While such a scenario has its limitations, we show that using a layered approach with a filtering mechanism together with the Fast Fourier Transform, it is possible to detect ROP payloads even in the presence of noise and assuming that the target system employs ASLR. Our approach, denoted eavesROP, thus provides a very lightweight and easily deployable mitigation against certain ROP attacks. It also provides the added merit of detecting the presence of a brute-force attack on ASLR since library base addresses are not assumed to be known by eavesROP

Laboratory instructions as a cause of student dissonance

Improving the quality of education is the goal of all pedagogical research. By using student surveys and course evaluations problem areas can be identified in most courses offered by universities. In this paper we perform a large-scale student survey in order to find the causes of, and remedies to, a widespread student dissonance in a mandatory course with over 100 students at Lund University. Our research shows that aiming for deeper learning, without providing time and a stimulating environment, can be worse than settling for expository learning. This problem has persisted for years despite attempts by the course administrators to solve the problem. We propose that major improvements can be achieved, both in learning and pass rates, primarily by improving the lab instructions but also by using a more intellectually stimulating lab equipment

Improved distinguishers for HC-128

HC-128 is an eSTREAM final portfolio stream cipher. Several authors have investigated its security and, in particular, distinguishing attacks have been considered. Still, no one has been able to provide a distinguisher stronger than the one presented by Wu in the original HC-128 paper. In this paper we first argue that the keystream requirement in Wu’s original attack is underestimated by a factor of almost 2^8. Our revised analysis shows that the keystream complexity of Wu’s original attack is 2^160.471 32-bit keystream blocks. We then go on to investigate two new types of distinguishers on HC-128. One of them, a distinguisher counting the number of zeros in created blocks of bits, gives a biased distribution that requires 2^143.537 such constructed block samples (2^152.537 32-bit keystream blocks). For fairness, the same metric is used to compare our attack to Wu’s, and our improvement is significant compared to Wu’s original result. Furthermore, the vector-based methodology used is general and can be applied to any cryptographic primitive that reveals a suitable probability distribution

Vertex corrections in localized and extended systems

Within many-body perturbation theory we apply vertex corrections to various closed-shell atoms and to jellium, using a local approximation for the vertex consistent with starting the many-body perturbation theory from a DFT-LDA Green's function. The vertex appears in two places -- in the screened Coulomb interaction, W, and in the self-energy, \Sigma -- and we obtain a systematic discrimination of these two effects by turning the vertex in \Sigma on and off. We also make comparisons to standard GW results within the usual random-phase approximation (RPA), which omits the vertex from both. When a vertex is included for closed-shell atoms, both ground-state and excited-state properties demonstrate only limited improvements over standard GW. For jellium we observe marked improvement in the quasiparticle band width when the vertex is included only in W, whereas turning on the vertex in \Sigma leads to an unphysical quasiparticle dispersion and work function. A simple analysis suggests why implementation of the vertex only in W is a valid way to improve quasiparticle energy calculations, while the vertex in \Sigma is unphysical, and points the way to development of improved vertices for ab initio electronic structure calculations.Comment: 8 Pages, 6 Figures. Updated with quasiparticle neon results, extended conclusions and references section. Minor changes: Updated references, minor improvement

Band widths and gaps from the Tran-Blaha functional : Comparison with many-body perturbation theory

For a set of ten crystalline materials (oxides and semiconductors), we compute the electronic band structures using the Tran-Blaha [Phys. Rev. Lett. 102, 226401 (2009)] (TB09) functional. The band widths and gaps are compared with those from the local-density approximation (LDA) functional, many-body perturbation theory (MBPT), and experiments. At the density-functional theory (DFT) level, TB09 leads to band gaps in much better agreement with experiments than LDA. However, we observe that it globally underestimates, often strongly, the valence (and conduction) band widths (more than LDA). MBPT corrections are calculated starting from both LDA and TB09 eigenenergies and wavefunctions. They lead to a much better agreement with experimental data for band widths. The band gaps obtained starting from TB09 are close to those from quasi-particle self-consistent GW calculations, at a much reduced cost. Finally, we explore the possibility to tune one of the semi-empirical parameters of the TB09 functional in order to obtain simultaneously better band gaps and widths. We find that these requirements are conflicting.Comment: 18 pages, 16 figure

Laboratory Instructions as a Cause of Student Dissonance

Abstract-Improving the quality of education is the goal of all pedagogical research. By using student surveys and course evaluations problem areas can be identified in most courses offered by universities. In this paper we perform a large-scale student survey in order to find the causes of, and remedies to, a widespread student dissonance in a mandatory course with over 100 students at Lund University. Our research shows that aiming for deeper learning, without providing time and a stimulating environment, can be worse than settling for expository learning. This problem has persisted for years despite attempts by the course administrators to solve the problem. We propose that major improvements can be achieved, both in learning and pass rates, primarily by improving the lab instructions but also by using a more intellectually stimulating lab equipment

Developing and operating time critical applications in clouds: the state of the art and the SWITCH approach

Cloud environments can provide virtualized, elastic, controllable and high quality on-demand services for supporting complex distributed applications. However, the engineering methods and software tools used for developing, deploying and executing classical time critical applications do not, as yet, account for the programmability and controllability provided by clouds, and so time critical applications cannot yet benefit from the full potential of cloud technology. This paper reviews the state of the art of technologies involved in developing time critical cloud applications, and presents the approach of a recently funded EU H2020 project: the Software Workbench for Interactive, Time Critical and Highly self-adaptive cloud applications (SWITCH). SWITCH aims to improve the existing development and execution model of time critical applications by introducing a novel conceptual model—the application-infrastructure co-programming and control model—in which application QoS and QoE, together with the programmability and controllability of cloud environments, is included in the complete application lifecycle