Boomerang Connectivity Table:A New Cryptanalysis Tool

A boomerang attack is a cryptanalysis framework that regards a block cipher $E$ as the composition of two sub-ciphers $E_1\circ E_0$ and builds a particular characteristic for $E$ with probability $p^2q^2$ by combining differential characteristics for $E_0$ and $E_1$ with probability $p$ and $q$, respectively. Crucially the validity of this figure is under the assumption that the characteristics for $E_0$ and $E_1$ can be chosen independently. Indeed, Murphy has shown that independently chosen characteristics may turn out to be incompatible. On the other hand, several researchers observed that the probability can be improved to $p$ or $q$ around the boundary between $E_0$ and $E_1$ by considering a positive dependency of the two characteristics, e.g.~the ladder switch and S-box switch by Biryukov and Khovratovich. This phenomenon was later formalised by Dunkelman et al.~as a sandwich attack that regards $E$ as $E_1\circ E_m \circ E_0$, where $E_m$ satisfies some differential propagation among four texts with probability $r$, and the entire probability is $p^2q^2r$. In this paper, we revisit the issue of dependency of two characteristics in $E_m$, and propose a new tool called Boomerang Connectivity Table (BCT), which evaluates $r$ in a systematic and easy-to-understand way when $E_m$ is composed of a single S-box layer. With the BCT, previous observations on the S-box including the incompatibility, the ladder switch and the S-box switch are represented in a unified manner. Moreover, the BCT can detect a new switching effect, which shows that the probability around the boundary may be even higher than $p$ or $q$. To illustrate the power of the BCT-based analysis, we improve boomerang attacks against Deoxys-BC, and disclose the mechanism behind an unsolved probability amplification for generating a quartet in SKINNY. Lastly, we discuss the issue of searching for S-boxes having good BCT and extending the analysis to modular addition

Hippocampal-Dependent Spatial Memory in the Water Maze is Preserved in an Experimental Model of Temporal Lobe Epilepsy in Rats

Cognitive impairment is a major concern in temporal lobe epilepsy (TLE). While different experimental models have been used to characterize TLE-related cognitive deficits, little is known on whether a particular deficit is more associated with the underlying brain injuries than with the epileptic condition per se. Here, we look at the relationship between the pattern of brain damage and spatial memory deficits in two chronic models of TLE (lithium-pilocarpine, LIP and kainic acid, KA) from two different rat strains (Wistar and Sprague-Dawley) using the Morris water maze and the elevated plus maze in combination with MRI imaging and post-morten neuronal immunostaining. We found fundamental differences between LIP- and KA-treated epileptic rats regarding spatial memory deficits and anxiety. LIP-treated animals from both strains showed significant impairment in the acquisition and retention of spatial memory, and were unable to learn a cued version of the task. In contrast, KA-treated rats were differently affected. Sprague-Dawley KA-treated rats learned less efficiently than Wistar KA-treated animals, which performed similar to control rats in the acquisition and in a probe trial testing for spatial memory. Different anxiety levels and the extension of brain lesions affecting the hippocampus and the amydgala concur with spatial memory deficits observed in epileptic rats. Hence, our results suggest that hippocampal-dependent spatial memory is not necessarily affected in TLE and that comorbidity between spatial deficits and anxiety is more related with the underlying brain lesions than with the epileptic condition per se

Simpira v2: A Family of Efficient Permutations Using the AES Round Function

International audienceThis paper introduces Simpira, a family of cryptographic permutations that supports inputs of 128*b bits, where b is a positive integer. Its design goal is to achieve high throughput on virtually all modern 64-bit processors, that nowadays already have native instructions for AES. To achieve this goal, Simpira uses only one building block: the AES round function. For b=1, Simpira corresponds to 12-round AES with fixed round keys, whereas for b>=2, Simpira is a Generalized Feistel Structure (GFS) with an F-function that consists of two rounds of AES. We claim that there are no structural distinguishers for Simpira with a complexity below 2^128, and analyze its security against a variety of attacks in this setting. The throughput of Simpira is close to the theoretical optimum, namely, the number of AES rounds in the construction. For example, on the Intel Skylake processor, Simpira has throughput below 1 cycle per byte for b≤4 and b=6. For larger permutations, where moving data in memory has a more pronounced effect, Simpira with b=32 (512 byte inputs) evaluates 732 AES rounds, and performs at 824 cycles (1.61 cycles per byte), which is less than 13% off the theoretical optimum. If the data is stored in interleaved buffers, this overhead is reduced to less than 1%. The Simpira family offers an efficient solution when processing wide blocks, larger than 128 bits, is desired

Precision measurement of CP\it{CP} violation in the penguin-mediated decay Bs0→ϕϕB_s^{0}\rightarrow\phi\phi

A flavor-tagged time-dependent angular analysis of the decay $B_s^{0}\rightarrow\phi\phi$ is performed using $pp$ collision data collected by the LHCb experiment at % at $\sqrt{s}=13$ TeV, the center-of-mass energy of 13 TeV, corresponding to an integrated luminosity of 6 fb^{-1}. The $\it{CP}$-violating phase and direct $\it{CP}$-violation parameter are measured to be $\phi_{s\bar{s}s} = -0.042 \pm 0.075 \pm 0.009$ rad and $|\lambda|=1.004\pm 0.030 \pm 0.009$, respectively, assuming the same values for all polarization states of the $\phi\phi$ system. In these results, the first uncertainties are statistical and the second systematic. These parameters are also determined separately for each polarization state, showing no evidence for polarization dependence. The results are combined with previous LHCb measurements using $pp$ collisions at center-of-mass energies of 7 and 8 TeV, yielding $\phi_{s\bar{s}s} = -0.074 \pm 0.069$ rad and $|lambda|=1.009 \pm 0.030$. This is the most precise study of time-dependent $\it{CP}$ violation in a penguin-dominated $B$ meson decay. The results are consistent with $\it{CP}$ symmetry and with the Standard Model predictions.Comment: All figures and tables, along with any supplementary material and additional information, are available at https://cern.ch/lhcbproject/Publications/p/LHCb-PAPER-2023-001.html (LHCb public pages

Measurement of the Λb0→Λ(1520)μ+μ−\Lambda_{b}^{0}\to \Lambda(1520) \mu^{+}\mu^{-} differential branching fraction

The branching fraction of the rare decay $\Lambda_{b}^{0}\to \Lambda(1520) \mu^{+}\mu^{-}$ is measured for the first time, in the squared dimuon mass intervals, $q^2$, excluding the $J/\psi$ and $\psi(2S)$ regions. The data sample analyzed was collected by the LHCb experiment at center-of-mass energies of 7, 8, and 13 TeV, corresponding to a total integrated luminosity of $9\ \mathrm{fb}^{-1}$. The result in the highest$q^{2}$interval,$q^{2} >15.0\ \mathrm{GeV}^2/c^4$, where theoretical predictions have the smallest model dependence, agrees with the predictions.Comment: All figures and tables, along with any supplementary material and additional information, are available at https://cern.ch/lhcbproject/Publications/p/LHCb-PAPER-2022-050.html (LHCb public pages

A global analysis of terrestrial plant litter dynamics in non-perennial waterways

Perennial rivers and streams make a disproportionate contribution to global carbon (C) cycling. However, the contribution of intermittent rivers and ephemeral streams (IRES), which sometimes cease to flow and can dry completely, is largely ignored although they represent over half the global river network. Substantial amounts of terrestrial plant litter (TPL) accumulate in dry riverbeds and, upon rewetting, this material can undergo rapid microbial processing. We present the results of a global research collaboration that collected and analysed TPL from 212 dry riverbeds across major environmental gradients and climate zones. We assessed litter decomposability by quantifying the litter carbon-to-nitrogen ratio and oxygen (O2) consumption in standardized assays and estimated the potential short-term CO2 emissions during rewetting events. Aridity, cover of riparian vegetation, channel width and dry-phase duration explained most variability in the quantity and decomposability of plant litter in IRES. Our estimates indicate that a single pulse of CO2 emission upon litter rewetting contributes up to 10% of the daily CO2 emission from perennial rivers and stream, particularly in temperate climates. This indicates that the contributions of IRES should be included in global C-cycling assessments