A geometric view of cryptographic equation solving

This paper considers the geometric properties of the Relinearisation algorithm and of the XL algorithm used in cryptology for equation solving. We give a formal description of each algorithm in terms of projective geometry, making particular use of the Veronese variety. We establish the fundamental geometrical connection between the two algorithms and show how both algorithms can be viewed as being equivalent to the problem of finding a matrix of low rank in the linear span of a collection of matrices, a problem sometimes known as the MinRank problem. Furthermore, we generalise the XL algorithm to a geometrically invariant algorithm, which we term the GeometricXL algorithm. The GeometricXL algorithm is a technique which can solve certain equation systems that are not easily soluble by the XL algorithm or by Groebner basis methods

A very low temperature STM for the local spectroscopy of mesoscopic structures

We present the design and operation of a very-low temperature Scanning Tunneling Microscope (STM) working at $60 mK$ in a dilution refrigerator. The STM features both atomic resolution and micron-sized scanning range at low temperature. This work is the first experimental realization of a local spectroscopy of mesoscopic structures at very low temperature. We present high-resolution current-voltage characteristics of tunnel contacts and the deduced local density of states of hybrid Superconductor-Normal metal systems.Comment: 5 pages, 5 figures, slightly corrected versio

On multiple symmetric fixed points in GOST

In this article the author revisits the oldest attack on GOST known, the Kara Reflection attack, and another totally unrelated truncated differential attack by Courtois and Misztal. It is hard to imagine that there could be any relationship between two so remote attacks which have nothing in common. However, there is one: Very surprisingly, both properties can be combined and lead the fastest attack on GOST ever found, which is nearly feasible to execute in practice

Derivation of Distances with the Tully-Fisher Relation: The Antlia Cluster

The Tully-Fisher relation is a correlation between the luminosity and the HI 21cm line width in spiral galaxies (LLW relation). It is used to derive galaxy distances in the interval 7 to 100 Mpc. Closer, the Cepheids, TRGB and Surface Brightness Fluctuation methods give a better accuracy. Further, the SNIa are luminous objects still available for distance measurement purposes, though with a dramatically lower density grid of measurements on the sky. Galaxies in clusters are all at the same distance from the observer. Thus the distance of the cluster derived from a large number of galaxies (N) has an error reduced according to the square root of N. However, not all galaxies in a cluster are suitable for the LLW measurement. The selection criteria we use are explained hereafter; the important point being to avoid Malmquist bias and to not introduce any systematics in the distance measurement.Comment: Moriond0

An Improved Differential Attack on Full GOST

GOST 28147-89 is a well-known block cipher. Its large key size of 256 bits and incredibly low implementation cost make it a plausible alternative for AES-256 and triple DES. Until 2010 \despite considerable cryptanalytic efforts spent in the past 20 years", GOST was not broken see [30]. Accordingly, in 2010 GOST was submitted to ISO 18033 to become a worldwide industrial encryption standard. In paper we focus on the question of how far one can go in a dedicated Depth-First-Search approach with several stages of progressive guessing and filtering with successive distinguishers. We want to design and optimized guess-then-truncated differential attack on full 32-bit GOST and make as as efficient as we can. The main result of this paper is a single key attack against full 32-round 256-bit GOST with time complexity of 2^179 which is substantially faster than any other known single key attack on GOS

Hypothesis testing and advanced distinguishers in differential cryptanalysis of block ciphers

Distinguishing distributions is a major part during cryptanalysis of symmetric block ciphers. The goal of the cryptanalyst is to distinguish two distributions; one that characterizes the number of certain events which occur totally at random and another one that characterizes same type of events but due to propagation inside the cipher. This can be realized as a hypothesis testing problem, where a source is used to generate independent random samples in some given finite set with some distribution P, which is either R or W, corresponding to propagation inside the cipher or a random permutation respectively. Distinguisher’s goal is to determine which one is most likely the one which was used to generate the sample. In this paper, we study a general hypothesis-testing based approach to construct statistical distinguishers using truncated differential properties. The observable variable in our case is the expected number of pairs that follow a certain truncated differential property of the form ΔX → ΔY after a certain number of rounds. As a proof of concept, we apply this methodology to GOST and SIMON 64/128 block ciphers and present distinguishers on 20 and 22 rounds respectivel

Advanced truncated differential cryptanalysis of GOST block cipher

n this paper, we use the ideas presented by Courtois and Mourouzis to study the security of two variants of GOST, which are considered as the simpler and most secure variants [9]; the one with the S-boxes replaced by the Identity Map and the ISO version which is assumed to be the strongest one. The advanced differential attacks we present are of the form of Depth-First Key search, which uses a 20 round distinguisher in the middle (or equivalently 26-round distinguisher for the simpler version of GOST with Identity Map) [11]. The main idea is that we consider a partition of the 32 rounds by placing in the middle the constructed distinguisher. Then, based on the weak diffusion we can extend these very strong statistical distinguishers to efficiently good filters for some external rounds. Then, by guessing some key bits for external rounds and determining some plaintext and ciphertext pairs of specified input-output differences we can extend the construction to an attack against the full block cipher. Thus, the technique we apply is a generic cryptanalytic framework of First-Search key search type which involves several optimization tasks obtained from the specific structure of the given encryption algorithm

On Feasibility and Performance of Rowhammmer Attack

In this paper we study the Rowhammer sidechannel attack and evaluate its feasibility on practical exploitation scenarios in Linux. Currently, all the implementations released, capable of performing the Rowhammer attack, require elevated privileges. This is a very strong requirement which, in a sense, puts ths attack into the theoretical spectrum. The purpose of this report is to explore different techniques that would allow the execution of the Rowhammer attack in userspace. More specifically, we provide two implementations, each of them having different strength of requirements but with one characteristic in common: the capability of executing the Rowhammer attack without elevated privileges. At the end, we see that not only it was possible to reach similar levels of performance with the programs that required elevated privileges, but in some cases even outperform them, in both native and virtual environments

Local spectroscopy of a proximity superconductor at very low temperature

We performed the local spectroscopy of a Normal-metal--Superconductor (N-S) junction with the help of a very low temperature (60 mK) Scanning Tunneling Microscope (STM). The spatial dependence of the local density of states was probed locally in the vicinity of the N-S interface. We observed spectra with a fully-developed gap in the regions where a thin normal metal layer caps the superconductor dot. Close to the S metal edge, a clear pseudo-gap shows up, which is characteristic of the superconducting proximity effect in the case of a long normal metal. The experimental results are compared to the predictions of the quasiclassical theory.Comment: 7 pages, 3 figure

Systematic Construction of Nonlinear Product Attacks on Block Ciphers

A major open problem in block cipher cryptanalysis is discovery of new invariant properties of complex type. Recent papers show that this can be achieved for SCREAM, Midori64, MANTIS-4, T-310 or for DES with modified S-boxes. Until now such attacks are hard to find and seem to happen by some sort of incredible coincidence. In this paper we abstract the attack from any particular block cipher. We study these attacks in terms of transformations on multivariate polynomials. We shall demonstrate how numerous variables including key variables may sometimes be eliminated and at the end two very complex Boolean polynomials will become equal. We present a general construction of an attack where multiply all the polynomials lying on one or several cycles. Then under suitable conditions the non-linear functions involved will be eliminated totally. We obtain a periodic invariant property holding for any number of rounds. A major difficulty with invariant attacks is that they typically work only for some keys. In T-310 our attack works for any key and also in spite of the presence of round constants