Faster Correlation Attack on Bluetooth Keystream Generator E0

Abstract. We study both distinguishing and key-recovery attacks against E0, the keystream generator used in Bluetooth by means of correlation. First, a powerful computation method of correlations is formulated by a recursive expression, which makes it easier to calculate correlations of the finite state machine output sequences up to 26 bits for E0 and allows us to verify the two known correlations to be the largest for the first time. Second, we apply the concept of convolution to the analysis of the distinguisher based on all correlations, and propose an efficient distinguisher due to the linear dependency of the largest correlations. Last, we propose a novel maximum likelihood decoding algorithm based on fast Walsh transform to recover the closest codeword for any linear code of dimension L and length n. It requires time O(n + L · 2 L) and memory min(n, 2 L). This can speed up many attacks such as fast correlation attacks. We apply it to E0, and our best key-recovery attack works in 2 39 time given 2 39 consecutive bits after O(2 37) precomputation. This is the best known attack against E0 so far.

Attacking the Knudsen-Preneel Compression Functions

Abstract. Knudsen and Preneel (Asiacrypt’96 and Crypto’97) introduced a hash function design in which a linear error-correcting code is used to build a wide-pipe compression function from underlying blockciphers operating in Davies-Meyer mode. Their main design goal was to deliver compression functions with collision resistance up to, and even beyond, the block size of the underlying blockciphers. In this paper, we (re)analyse the preimage resistance of the Knudsen-Preneel compression functions in the setting of public random func-tions. We give a new preimage attack that is based on two observations. First, by using the right kind of queries it is possible to mount a non-adaptive preimage attack that is optimal in terms of query complexity. Second, by exploiting the dual code the subsequent problem of reconstructing a preimage from the queries can be rephrased as a problem related to the generalized birthday problem. As a consequence, the time complexity of our attack is intimately tied to the minimum distance of the dual code. Our new attack consistently beats the one given by Knudsen and Preneel (in one case our preimage attack even beats their collision attack) and demonstrates that the gap between their claimed collision resistance and the actual preimage resistance is surprisingly small. Moreover, our new attack falsifies their (conjectured) preimage resistance security bound and shows that intuitive bounds based on the number of ‘active ’ components can be treacherous. Complementing our attack is a formal analysis of the query complexity (both lower and upper bounds) of preimage-finding attacks. This analysis shows that for many concrete codes the time complexity of our attack is optimal.

The Conditional Correlation Attack: A Practical Attack on Bluetooth Encryption

Abstract. Motivated by the security of the nonlinear filter generator, the concept of correlation was previously extended to the conditional correlation, that studied the linear correlation of the inputs conditioned on a given (short) output pattern of some specific nonlinear function. Based on the conditional correlations, conditional correlation attacks were shown to be successful and efficient against the nonlinear filter generator. In this paper, we further generalize the concept of conditional correlations by assigning it with a different meaning, i.e. the correlation of the output of an arbitrary function conditioned on the unknown (partial) input which is uniformly distributed. Based on this generalized conditional correlation, a general statistical model is studied for dedicated key-recovery distinguishers. It is shown that the generalized conditional correlation is no smaller than the unconditional correlation. Consequently, our distinguisher improves on the traditional one (in the worst case it degrades into the traditional one). In particular, the distinguisher may be successful even if no ordinary correlation exists. As an application, a conditional correlation attack is developed and optimized against Bluetooth two-level E0. The attack is based on a recently detected flaw in the resynchronization of E0, as well as the investigation of conditional correlations in the Finite State Machine (FSM) governing the keystream output of E0. Our best attack finds the original encryption key for two-level E0 using the first 24 bits of 2 23.8 frames and with 2 38 computations. This is clearly the fastest and only practical known-plaintext attack on Bluetooth encryption compared with all existing attacks. Current experiments confirm our analysis

Evolution of apoptosis-like programmed cell death in unicellular protozoan parasites

Apoptosis-like programmed cell death (PCD) has recently been described in multiple taxa of unicellular protists, including the protozoan parasites Plasmodium, Trypanosoma and Leishmania. Apoptosis-like PCD in protozoan parasites shares a number of morphological features with programmed cell death in multicellular organisms. However, both the evolutionary explanations and mechanisms involved in parasite PCD are poorly understood. Explaining why unicellular organisms appear to undergo 'suicide' is a challenge for evolutionary biology and uncovering death executors and pathways is a challenge for molecular and cell biology. Bioinformatics has the potential to integrate these approaches by revealing homologies in the PCD machinery of diverse taxa and evaluating their evolutionary trajectories. As the molecular mechanisms of apoptosis in model organisms are well characterised, and recent data suggest similar mechanisms operate in protozoan parasites, key questions can now be addressed. These questions include: which elements of apoptosis machinery appear to be shared between protozoan parasites and multicellular taxa and, have these mechanisms arisen through convergent or divergent evolution? We use bioinformatics to address these questions and our analyses suggest that apoptosis mechanisms in protozoan parasites and other taxa have diverged during their evolution, that some apoptosis factors are shared across taxa whilst others have been replaced by proteins with similar biochemical activities

Faster Algorithms for Solving LPN

The LPN problem, lying at the core of many cryptographic constructions for lightweight and post-quantum cryptography, receives quite a lot attention recently. The best published algorithm for solving it at Asiacrypt 2014 improved the classical BKW algorithm by using covering codes, which claimed to marginally compromise the $80$-bit security of HB variants, LPN-C and Lapin. In this paper, we develop faster algorithms for solving LPN based on an optimal precise embedding of cascaded concrete perfect codes, in a similar framework but with many optimizations. Our algorithm outperforms the previous methods for the proposed parameter choices and distinctly break the 80-bit security bound of the instances suggested in cryptographic schemes like HB$^+$, HB$^\#$, LPN-C and Lapin

Quantum Algorithms for the k-xor Problem

International audienceThe k-xor (or generalized birthday) problem is a widely studied question with many applications in cryptography. It aims at finding k elements of n bits, drawn at random, such that the xor of all of them is 0. The algorithms proposed by Wagner more than fifteen years ago remain the best known classical algorithms for solving them, when disregarding logarithmic factors. In this paper we study these problems in the quantum setting, when considering that the elements are created by querying a random function (or k random functions) H : {0, 1} n → {0, 1} n. We consider two scenarios: in one we are able to use a limited amount of quantum memory (i.e. a number O(n) of qubits, the same as the one needed by Grover's search algorithm), and in the other we consider that the algorithm can use an exponential amount of qubits. Our newly proposed algorithms are of general interest. In both settings, they provide the best known quantum time complexities. In particular, we are able to considerately improve the 3-xor algorithm: with limited qubits, we reach a complexity considerably better than what is currently possible for quantum collision search. Furthermore, when having access to exponential amounts of quantum memory, we can take this complexity below O(2 n/3), the well-known lower bound of quantum collision search, clearly improving the best known quantum time complexity also in this setting. We illustrate the importance of these results with some cryptographic applications

Requirement of NOX2 and Reactive Oxygen Species for Efficient RIG-I-Mediated Antiviral Response through Regulation of MAVS Expression

The innate immune response is essential to the host defense against viruses, through restriction of virus replication and coordination of the adaptive immune response. Induction of antiviral genes is a tightly regulated process initiated mainly through sensing of invading virus nucleic acids in the cytoplasm by RIG-I like helicases, RIG-I or Mda5, which transmit the signal through a common mitochondria-associated adaptor, MAVS. Although major breakthroughs have recently been made, much remains unknown about the mechanisms that translate virus recognition into antiviral genes expression. Beside the reputed detrimental role, reactive oxygen species (ROS) act as modulators of cellular signaling and gene regulation. NADPH oxidase (NOX) enzymes are a main source of deliberate cellular ROS production. Here, we found that NOX2 and ROS are required for the host cell to trigger an efficient RIG-I-mediated IRF-3 activation and downstream antiviral IFNβ and IFIT1 gene expression. Additionally, we provide evidence that NOX2 is critical for the expression of the central mitochondria-associated adaptor MAVS. Taken together these data reveal a new facet to the regulation of the innate host defense against viruses through the identification of an unrecognized role of NOX2 and ROS

Resistance of a Rodent Malaria Parasite to a Thymidylate Synthase Inhibitor Induces an Apoptotic Parasite Death and Imposes a Huge Cost of Fitness

BACKGROUND: The greatest impediment to effective malaria control is drug resistance in Plasmodium falciparum, and thus understanding how resistance impacts on the parasite's fitness and pathogenicity may aid in malaria control strategy. METHODOLOGY/PRINCIPAL FINDINGS: To generate resistance, P. berghei NK65 was subjected to 5-fluoroorotate (FOA, an inhibitor of thymidylate synthase, TS) pressure in mice. After 15 generations of drug pressure, the 2% DT (the delay time for proliferation of parasites to 2% parasitaemia, relative to untreated wild-type controls) reduced from 8 days to 4, equalling the controls. Drug sensitivity studies confirmed that FOA-resistance was stable. During serial passaging in the absence of drug, resistant parasite maintained low growth rates (parasitaemia, 15.5%±2.9, 7 dpi) relative to the wild-type (45.6%±8.4), translating into resistance cost of fitness of 66.0%. The resistant parasite showed an apoptosis-like death, as confirmed by light and transmission electron microscopy and corroborated by oligonucleosomal DNA fragmentation. CONCLUSIONS/SIGNIFICANCE: The resistant parasite was less fit than the wild-type, which implies that in the absence of drug pressure in the field, the wild-type alleles may expand and allow drugs withdrawn due to resistance to be reintroduced. FOA resistance led to depleted dTTP pools, causing thymineless parasite death via apoptosis. This supports the tenet that unicellular eukaryotes, like metazoans, also undergo apoptosis. This is the first report where resistance to a chemical stimulus and not the stimulus itself is shown to induce apoptosis in a unicellular parasite. This finding is relevant in cancer therapy, since thymineless cell death induced by resistance to TS-inhibitors can further be optimized via inhibition of pyrimidine salvage enzymes, thus providing a synergistic impact. We conclude that since apoptosis is a process that can be pharmacologically modulated, the parasite's apoptotic machinery may be exploited as a novel drug target in malaria and other protozoan diseases of medical importance

Attaques Génériques sur des BBB MACs

International audienc