Lower Bounds on the Degree of Block Ciphers

Only the method to estimate the upper bound of the algebraic degree on block ciphers is known so far, but it is not useful for the designer to guarantee the security. In this paper we provide meaningful lower bounds on the algebraic degree of modern block ciphers

Vitamin A Deficiency after Gastric Bypass Surgery: An Underreported Postoperative Complication

Introduction. Few data are available on vitamin A deficiency in the gastric bypass population. Methods. We performed a retrospective chart review of gastric bypass patients (n = 69, 74% female). The relationship between serum vitamin A concentration and markers of protein metabolism at 6-weeks and 1-year post-operative were assessed. Results. The average weight loss at 6-weeks and 1-year following surgery was 20.1 ± 9.1 kg and 44.1 ± 17.1 kg, respectively. At 6 weeks and 1 year after surgery, 35% and 18% of patients were vitamin A deficient, (<325 mcg/L). Similarly, 34% and 19% had low pre-albumin levels (<18 mg/dL), at these time intervals. Vitamin A directly correlated with pre-albumin levels at 6 weeks (r = 0.67, P < 0.001) and 1-year (r = 0.67,  P < 0.0001). There was no correlation between the roux limb length measurement and pre-albumin or vitamin A serum concentrations at these post-operative follow-ups. Vitamin A levels and markers of liver function testing were also unrelated. Conclusion. Vitamin A deficiency is common after bariatric surgery and is associated with a low serum concentration of pre-albumin. This fat-soluble vitamin should be measured in patients who have undergone gastric bypass surgery and deficiency should be suspected in those with evidence of protein-calorie malnutrition

Unaligned Rebound Attack: Application on Keccak

We analyze the internal permutations of Keccak, one of the NIST SHA-3 competition finalists, in regard to differential properties. By carefully studying the elements composing those permutations, we are able to derive most of the best known differential paths for up to 5 rounds. We use these differential paths in a rebound attack setting and adapt this powerful freedom degrees utilization in order to derive distinguishers for up to 8 rounds of the internal permutations of the submitted version of Keccak. The complexity of the 8 round distinguisher is $2^{491.47}$. Our results have been implemented and verified experimentally on a small version of Keccak. This is currently the best known differential attack against the internal permutations of Keccak

New Results on the SymSum Distinguisher on Round-Reduced SHA3

In ToSC 2017 Saha et al. demonstrated an interesting property of SHA3 based on higher-order vectorial derivatives which led to self-symmetry based distinguishers referred to as SymSum and bettered the complexity w.r.t the well-studied ZeroSum distinguisher by a factor of 4. This work attempts to take a fresh look at this distinguisher in the light of the linearization technique developed by Guo et al. in Asiacrypt 2016. It is observed that the efficiency of SymSum against ZeroSum drops from 4 to 2 for any number of rounds linearized. This is supported by theoretical proofs. SymSum augmented with linearization can penetrate up to two more rounds as against the classical version. In addition to that, one more round is extended by inversion technique on the final hash values. The combined approach leads to distinguishers up to 9 rounds of SHA3 variants with a complexity of only 264 which is better than the equivalent ZeroSum distinguisher by the factor of 2. To the best of our knowledge this is the best distinguisher available on this many rounds of SHA3

Drug-Eluting Stents in Patients with Chronic Kidney Disease: A Prospective Registry Study

BACKGROUND: Chronic kidney disease (CKD) is strongly associated with adverse outcomes after percutaneous coronary intervention (PCI). There are limited data on the effectiveness of drug-eluting stents (DES) in patients with CKD. METHODOLOGY/PRINCIPAL FINDINGS: Of 3,752 consecutive patients enrolled in the Guthrie PCI Registry between 2001 and 2006, 436 patients with CKD - defined as a creatinine clearance <60 mL/min - were included in this study. Patients who received DES were compared to those who received bare metal stents (BMS). Patients were followed for a mean duration of 3 years after the index PCI to determine the prognostic impact of stent type. Study end-points were all-cause death, myocardial infarction (MI), target vessel revascularization (TVR), stent thrombosis (ST) and the composite of major adverse cardiovascular events (MACE), defined as death, MI or TVR. Patients receiving DES in our study, by virtue of physician selection, had more stable coronary artery disease and had lower baseline risk of thrombotic or restenotic events. Kaplan-Meier estimates of proportions of patients reaching the end-points were significantly lower for DES vs. BMS for all-cause death (p = 0.0008), TVR (p = 0.029) and MACE (p = 0.0015), but not MI (p = 0.945) or ST (p = 0.88). Multivariable analysis with propensity adjustment demonstrated that DES implantation was an independent predictor of lower rates of all-cause death (hazard ratio [HR] 0.48, 95% confidence interval [CI] 0.25-0.92), TVR (HR 0.50, 95% CI 0.27-0.94) and MACE (HR 0.62, 95% CI 0.41-0.94). CONCLUSIONS: In a contemporary PCI registry, selective use of DES in patients with CKD was safe and effective in the long term, with lower risk of all-cause death, TVR and MACE and similar risk of MI and ST as compared with BMS. The mortality benefit may be a result of selection bias and residual confounding, or represent a true finding; a hypothesis that warrants clarification by randomized clinical trials

An Algebraic Formulation of the Division Property: Revisiting Degree Evaluations, Cube Attacks, and Key-Independent Sums

Since it was proposed in 2015 as a generalization of integral properties, the division property has evolved into a powerful tool for probing the structures of Boolean functions whose algebraic normal forms are not available. We capture the most essential elements for the detection of division properties from a pure algebraic perspective, proposing a technique named as monomial prediction, which can be employed to determine the presence or absence of a monomial in any product of the coordinate functions of a vectorial Boolean function $\boldsymbol f$ by counting the number of the so-called monomial trails across a sequence of simpler functions whose composition is $\boldsymbol f$. Under the framework of the monomial prediction, we formally prove that most algorithms for detecting division properties in literature raise no false alarms but may miss. We also establish the equivalence between the monomial prediction and the three-subset bit-based division property without unknown subset presented at EUROCRYPT 2020, and show that these two techniques are perfectly accurate. The monomial prediction technique can be regarded as a purification of the definitions of the division properties without resorting to external multisets. This algebraic formulation gives more insights into division properties and inspires new search strategies. With the monomial prediction, we obtain the exact algebraic degrees of TRIVIUM up to 834 rounds for the first time. In the context of cube attacks, we are able to explore a larger search space in limited time and recover the exact algebraic normal forms of complex superpolies with the help of a divide-and-conquer strategy. As a result, we identify more cubes with smaller dimensions, leading to improvements of some near-optimal attacks against 840-, 841- and 842-round TRIVIUM

Linear Structures: Applications to Cryptanalysis of Round-Reduced Keccak

In this paper, we analyze the security of round-reduced versions of the Keccak hash function family. Based on the work pioneered by Aumasson and Meier, and Dinur et al., we formalize and develop a technique named linear structure, which allows linearization of the underlying permutation of Keccak for up to 3 rounds with large number of variable spaces. As a direct application, it extends the best zero-sum distinguishers by 2 rounds without increasing the complexities. We also apply linear structures to preimage attacks against Keccak. By carefully studying the properties of the underlying Sbox, we show bilinear structures and find ways to convert the information on the output bits to linear functions on input bits. These findings, combined with linear structures, lead us to preimage attacks against up to 4-round Keccak with reduced complexities. An interesting feature of such preimage attacks is low complexities for small variants. As extreme examples, we can now find preimages of 3-round SHAKE128 with complexity 1, as well as the first practical solutions to two 3-round instances of Keccak challenge. Both zero-sum distinguishers and preimage attacks are verified by implementations. It is noted that the attacks here are still far from threatening the security of the full 24-round Keccak