Gravity theory in SAP-geometry

The aim of the present paper is to construct a field theory in the context of absolute parallelism (Teleparallel) geometry under the assumption that the canonical connection is semi-symmetric. The field equations are formulated using a suitable Lagrangian first proposed by Mikhail and Wanas. The mathematical and physical consequences arising from the obtained field equations are investigated.Comment: 14 pages, References added and a reference updated, minor correction

Cryptanalysis of a quadratic knapsack cryptosystem

Wang and Hu [B. Wang and Y. Hu, Quadratic compact knapsack public-key cryptosystem, Comput. Math. Appl. 59 (1) (2010) 194–206] proposed a knapsack-type public-key cryptosystem by introducing an easy quadratic compact knapsack problem and then using the Chinese remainder theorem to disguise the easy knapsack instant. In this paper, we present a heuristic stereotyped message attack that allows the cryptanalyst to recover the plaintext message when partial information about the original message is known. In particular, as shown by our experiments, for the proposed system parameter n = 100 which corresponds to a block length of 400 bits, exposing 60% of the plaintext allows the cryptanalyst to recover the remaining 160 bits of the essage with a success probability of about 90% in about 2 hours

Linear Connections and Curvature Tensors in the Geometry of Parallelizable Manifolds

In this paper we discuss curvature tensors in the context of Absolute Parallelism geometry. Different curvature tensors are expressed in a compact form in terms of the torsion tensor of the canonical connection. Using the Bianchi identities some other identities are derived from the expressions obtained. These identities, in turn, are used to reveal some of the properties satisfied by an intriguing fourth order tensor which we refer to as Wanas tensor. A further condition on the canonical connection is imposed, assuming it is semi-symmetric. The formulae thus obtained, together with other formulae (Ricci tensors and scalar curvatures of the different connections admitted by the space) are calculated under this additional assumption. Considering a specific form of the semi-symmetric connection causes all nonvanishing curvature tensors to coincide, up to a constant, with the Wanas tensor. Physical aspects of some of the geometric objects considered are mentioned.Comment: 16 pages LaTeX file, Changed title, Changed content, Added references, Physical features stresse

A cautionary note on the use of Gurobi for cryptanalysis

Mixed Integer Linear Programming (MILP) is a powerful tool that helps to automate several cryptanalysis techniques for symmetric key primitives. $\textsf{Gurobi}$ is one of the most popular solvers used by researchers to obtain useful results from the MILP models corresponding to these cryptanalysis techniques. In this report, we provide a cautionary note on the use of $\textsf{Gurobi}$ in the context of bit-based division property integral attacks. In particular, we report four different examples in which $\textsf{Gurobi}$ gives contradictory results when solving the same MILP model by just changing the number of used threads or reordering some constraints

Integral Cryptanalysis of Reduced-Round Tweakable TWINE

textsf{Tweakable TWINE} is the first lightweight dedicated tweakable block cipher family built on Generalized Feistel Structure (GFS). \twine family is an extension of the conventional block cipher \textsf{TWINE} with minimal modification by adding a simple tweak based on the SKINNY\u27s tweakey schedule. Similar to \textsf{TWINE}, \twine has two variants, namely \twine[80] and \twine[128]. The two variants have the same block size of 64 bits and a variable key length of 80 and 128 bits. In this paper, we study the implications for adding the tweak on the security of \twine against the integral cryptanalysis. In particular, we first utilize the bit-based division property to search for the longest integral distinguisher. As a result, we are able to perform a distinguishing attack against 19 rounds using $2^{6} \times 2^{63} = 2^{69}$ chosen tweak-plaintext combinations. We then convert this attack to key recovery attacks against 26 and 27 rounds (out of 36) of \twine[80] and \twine[128], respectively. By prepending one round before the distinguisher and using dynamically chosen plaintexts, we manage to extend the attack one more round without using the full codebook of the plaintext. Therefore, we are able to attack 27 and 28 rounds of \twine[80] and \twine[128], respectively

Security Trade-offs in Cyber Physical Systems: A Case Study Survey on Implantable Medical Devices

The new culture of networked systems that offer everywhere accessible services has given rise to various types of security trade-offs. In fact, with the evolution of physical systems that keep getting integrated with cyber frameworks, cyber threats have far more critical effects as they get reflected on the physical environment. As a result, the issue of security of cyber physical systems requires a special holistic treatment. In this paper, we study the trade-off between security, safety and availability in such systems and demonstrate these concepts on implantable medical devices as a case study. We discuss the challenges and constraints associated with securing such systems and focus on the trade-off between security measures required for blocking unauthorized access to the device, and the safety of the patient in emergency situations where such measures must be dropped to allow access. We analyze the up to date proposed solutions and discuss their strengths and limitations

Boomerang and Slide-Rotational Analysis of the SM3 Hash Function

SM3 is a hash function designed by Xiaoyun Wang et al., and published by the Chinese Commercial Cryptography Administration Office for the use of electronic authentication service system. The design of SM3 builds upon the design of the SHA-2 hash function, but introduces additional strengthening features. In this paper, using a higher order differential cryptanalysis approach, we present a practical 4-sum distinguisher against the compression function of SM3 reduced to 32 rounds. In addition, we point out a slide-rotational property of SM3-XOR, which exists due to the fact that constants used in the rounds are not independent

Watch your Constants: Malicious Streebog

In August 2012, the Streebog hash function was selected as the new Russian cryptographic hash standard (GOST R 34.11-2012). In this paper, we investigate the new standard in the context of malicious hashing and present a practical collision for a malicious version of the full hash function. In particular, we apply the rebound attack to find three solutions for three different differential paths for four rounds, and using the freedom of the round constants we connect them to obtain a collision for the twelve rounds of the compression function. Additionally, and due to the simple processing of the counter, we bypass the barrier of the checksum finalization step and transfer the compression function collision to the hash function output with no additional cost. The presented attack has a practical complexity and is verified by an example. While the results of this paper may not have a direct impact on the security of the current Streebog hash function, it presents an urge for the designers to publish the origin of the used parameters and the rational behind their choices in order for this function to gain enough confidence and wide spread adoption by the security community

On the sliding property of SNOW 3G and SNOW 2.0

SNOW 3G is a stream cipher chosen by the 3rd Generation Partnership Project (3GPP) as a crypto-primitive to substitute KASUMI in case its security is compromised. SNOW 2.0 is one of the stream ciphers chosen for the ISO/IEC standard IS 18033-4. In this study, the authors show that the initialisation procedure of the two ciphers admits a sliding property, resulting in several sets of related-key pairs. In case of SNOW 3G, a set of 232 related-key pairs is presented, whereas in the case of SNOW 2.0, several such sets are found, out of which the largest are of size 264 and 2192 for the 128-bit and 256-bit variant of the cipher, respectively. In addition to allowing related-key recovery attacks against SNOW 2.0 with 256-bit keys, the presented properties reveal non-random behaviour that yields related-key distinguishers and also questions the validity of the security proofs of protocols that are based on the assumption that SNOW 3G and SNOW 2.0 behave like perfect random functions of the key-IV

On MILP-based Automatic Search for Bit-Based Division Property for Ciphers with (large) Linear Layers

With the introduction of the division trail, the bit-based division property (BDP) has become the most efficient method to search for integral distinguishers. The notation of the division trail allows us to automate the search process by modelling the propagation of the DBP as a set of constraints that can be solved using generic Mixed-integer linear programming (MILP) and SMT/SAT solvers. The current models for the basic operations and Sboxes are efficient and accurate. In contrast, the two approaches to model the propagation of the BDP for the non-bit-permutation linear layer are either inaccurate or inefficient. The first approach relies on decomposing the matrix multiplication of the linear layer into COPY and XOR operations. The model obtained by this approach is efficient, in terms of the number of the constraints, but it is not accurate and might add invalid division trails to the search space, which might lead to missing the balanced property of some bits. The second approach employs a one-to-one map between the valid division trails through the primitive matrix represented the linear layer and its invertible sub-matrices. Despite the fact that the current model obtained by this approach is accurate, it is inefficient, i.e., it produces a large number of constraints for large linear layers like the one of Kuznyechik. In this paper, we address this problem by utilizing the one-to-one map to propose a new MILP model and a search procedure for large non-bit-permutation layers. As a proof of the effectiveness of our approach, we improve the previous 3- and 4-round integral distinguishers of Kuznyechik and the 4-round one of PHOTON\u27s internal permutation ($P_{288}$). We also report, for the fist time, a 4-round integral distinguisher for Kalyna block cipher and a 5-round integral distinguisher for PHOTON\u27s internal permutation ($P_{288}$)