60 research outputs found

    Analysis of Bernstein's factorization circuit

    Get PDF
    D.J. Bernstein has proposed a circuit-based implementation of the matrix step of the number field sieve factorization algorithm (see "Circuits for integer factorization: a proposal", http://cr.yp.to/papers.html#nfscircuit, 2001). These circuits offer an asymptotic cost reduction under the measure "construction cost × run time". We evaluate the cost of these circuits, in agreement with Bernstein, but argue that, compared to previously known methods, these circuits can factor integers that are 1.17 times larger, rather than 3.01 as claimed (and even this is only under the non-standard cost measure). We also propose an improved circuit design based on a new mesh routing algorithm, and show that, for factorization of 1024-bit integers, the matrix step can, under an optimistic assumption about the matrix size, be completed within a day by a device that costs a few thousand dollars. We conclude that from a practical standpoint, the security of RSA relies exclusively on the hardness of the relation collection step of the number field siev

    Cache-Attacks on the ARM TrustZone implementations of AES-256 and AES-256-GCM via GPU-based analysis

    Get PDF
    The ARM TrustZone is a security extension which is used in recent Samsung flagship smartphones to create a Trusted Execution Environment (TEE) called a Secure World, which runs secure processes (Trustlets). The Samsung TEE includes cryptographic key storage and functions inside the Keymaster trustlet. The secret key used by the Keymaster trustlet is derived by a hardware device and is inaccessible to the Android OS. However, the ARM32 AES implementation used by the Keymaster is vulnerable to side channel cache-attacks. The Keymaster trustlet uses AES-256 in GCM mode, which makes mounting a cache attack against this target much harder. In this paper we show that it is possible to perform a successful cache attack against this AES implementation, in AES-256/GCM mode, using widely available hardware. Using a laptop\u27s GPU to parallelize the analysis, we are able to extract a raw AES-256 key with 7 minutes of measurements and under a minute of analysis time and an AES-256/GCM key with 40 minutes of measurements and 30 minutes of analysis

    Kinetoplastid kinetochore proteins KKT14–KKT15 are divergent Bub1/BubR1–Bub3 proteins

    Get PDF
    Faithful transmission of genetic material is crucial for the survival of all organisms. In many eukaryotes, a feedback control mechanism called the spindle checkpoint ensures chromosome segregation fidelity by delaying cell cycle progression until all chromosomes achieve proper attachment to the mitotic spindle. Kinetochores are the macromolecular complexes that act as the interface between chromosomes and spindle microtubules. While most eukaryotes have canonical kinetochore proteins that are widely conserved, kinetoplastids such as Trypanosoma brucei have a seemingly unique set of kinetochore proteins including KKT1–25. It remains poorly understood how kinetoplastids regulate cell cycle progression or ensure chromosome segregation fidelity. Here, we report a crystal structure of the C-terminal domain of KKT14 from Apiculatamorpha spiralis and uncover that it is a pseudokinase. Its structure is most similar to the kinase domain of a spindle checkpoint protein Bub1. In addition, KKT14 has a putative ABBA motif that is present in Bub1 and its paralogue BubR1. We also find that the N-terminal part of KKT14 interacts with KKT15, whose WD40 repeat beta-propeller is phylogenetically closely related to a direct interactor of Bub1/BubR1 called Bub3. Our findings indicate that KKT14–KKT15 are divergent orthologues of Bub1/BubR1–Bub3, which promote accurate chromosome segregation in trypanosomes

    Plumo: An Ultralight Blockchain Client

    Get PDF
    Syncing the latest state of a blockchain can be a resource-intensive task, driving (especially mobile) end users towards centralized services offering instant access. To expand full decentralized access to anyone with a mobile phone, we introduce a consensus-agnostic compiler for constructing ultralight clients, providing secure and highly efficient blockchain syncing via a sequence of SNARK-based state transition proofs, and prove its security formally. Instantiating this, we present Plumo, an ultralight client for the Celo blockchain capable of syncing the latest network state summary in just a few seconds even on a low-end mobile phone. In Plumo, each transition proof covers four months of blockchain history and can be produced for just $25 USD of compute. Plumo achieves this level of efficiency thanks to two new SNARK-friendly constructions, which may also be of independent interest: a new BLS-based offline aggregate multisignature scheme in which signers do not have to know the members of their multisignature group in advance, and a new composite algebraic-symmetric cryptographic hash function

    Factoring estimates for a 1024-bit RSA modulus

    Get PDF
    We estimate the yield of the number field sieve factoring algorithm when applied to the 1024-bit composite integer RSA-1024 and the parameters as proposed in the draft version [17] of the TWIRL hardware factoring device [18]. We present the details behind the resulting improved parameter choices from [18]

    Chromosomal instability by mutations in the novel minor spliceosome component CENATAC

    Get PDF
    Aneuploidy is the leading cause of miscarriage and congenital birth defects, and a hallmark of cancer. Despite this strong association with human disease, the genetic causes of aneuploidy remain largely unknown. Through exome sequencing of patients with constitutional mosaic aneuploidy, we identified biallelic truncating mutations in CENATAC (CCDC84). We show that CENATAC is a novel component of the minor (U12-dependent) spliceosome that promotes splicing of a specific, rare minor intron subtype. This subtype is characterized by AT-AN splice sites and relatively high basal levels of intron retention. CENATAC depletion or expression of disease mutants resulted in excessive retention of AT-AN minor introns in similar to 100 genes enriched for nucleocytoplasmic transport and cell cycle regulators, and caused chromosome segregation errors. Our findings reveal selectivity in minor intron splicing and suggest a link between minor spliceosome defects and constitutional aneuploidy in humans.Peer reviewe

    Molecular characterization of the conoid complex in Toxoplasma reveals its conservation in all apicomplexans, including Plasmodium species

    Get PDF
    The apical complex is the instrument of invasion used by apicomplexan parasites, and the conoid is a conspicuous feature of this apparatus found throughout this phylum. The conoid, however, is believed to be heavily reduced or missing from Plasmodium species and other members of the class Aconoidasida. Relatively few conoid proteins have previously been identified, making it difficult to address how conserved this feature is throughout the phylum, and whether it is genuinely missing from some major groups. Moreover, parasites such as Plasmodium species cycle through 3 invasive forms, and there is the possibility of differential presence of the conoid between these stages. We have applied spatial proteomics and high-resolution microscopy to develop a more complete molecular inventory and understanding of the organisation of conoid-associated proteins in the model apicomplexan Toxoplasma gondii. These data revealed molecular conservation of all conoid substructures throughout Apicomplexa, including Plasmodium, and even in allied Myzozoa such as Chromera and dinoflagellates. We reporter-tagged and observed the expression and location of several conoid complex proteins in the malaria model P. berghei and revealed equivalent structures in all of its zoite forms, as well as evidence of molecular differentiation between blood-stage merozoites and the ookinetes and sporozoites of the mosquito vector. Collectively, we show that the conoid is a conserved apicomplexan element at the heart of the invasion mechanisms of these highly successful and often devastating parasites

    Signatures of a globally optimal searching strategy in the three-dimensional foraging flights of bumblebees

    Get PDF
    Simulated annealing is a powerful stochastic search algorithm for locating a global maximum that is hidden among many poorer local maxima in a search space. It is frequently implemented in computers working on complex optimization problems but until now has not been directly observed in nature as a searching strategy adopted by foraging animals. We analysed high-speed video recordings of the three-dimensional searching flights of bumblebees (Bombus terrestris) made in the presence of large or small artificial flowers within a 0.5 m3 enclosed arena. Analyses of the three-dimensional flight patterns in both conditions reveal signatures of simulated annealing searches. After leaving a flower, bees tend to scan back-and forth past that flower before making prospecting flights (loops), whose length increases over time. The search pattern becomes gradually more expansive and culminates when another rewarding flower is found. Bees then scan back and forth in the vicinity of the newly discovered flower and the process repeats. This looping search pattern, in which flight step lengths are typically power-law distributed, provides a relatively simple yet highly efficient strategy for pollinators such as bees to find best quality resources in complex environments made of multiple ephemeral feeding sites with nutritionally variable rewards

    Drive-by Key-Extraction Cache Attacks from Portable Code

    Get PDF
    We show how malicious web content can extract cryptographic secret keys from the user\u27s computer. The attack uses portable scripting languages supported by modern browsers to induce contention for CPU cache resources, and thereby gleans information about the memory accesses of other programs running on the user\u27s computer. We show how this side-channel attack can be realized in both WebAssembly and PNaCl; how to attain very fine-grained measurements; and how to use these to extract ElGamal, ECDH and RSA decryption keys from various cryptographic libraries. The attack does not rely on bugs in the browser\u27s nominal sandboxing mechanisms, or on fooling users. It applies even to locked-down platforms with strong confinement mechanisms and browser-only functionality, such as Chromebook devices. Moreover, on browser-based platforms the attacked software too may be written in portable JavaScript; and we show that in this case even implementations of supposedly-secure constant-time algorithms, such as Curve25519\u27s, are vulnerable to our attack
    • …
    corecore