285 research outputs found
Beam profiles measured with thermoluminescent dosimeters
Beam profilometer, using thermoluminescent dosimeters, gives a quantitative and qualitative representation of the focus of an external protron beam of a synchrotron. The total number of particles in the beam, particle distribution, and the shape of the beam are determined
New Second Preimage Attacks on Dithered Hash Functions with Low Memory Complexity
Dithered hash functions were proposed by Rivest as a method
to mitigate second preimage attacks on Merkle-Damgard hash functions.
Despite that, second preimage attacks against dithered hash functions
were proposed by Andreeva et al. One issue with these second preimage
attacks is their huge memory requirement in the precomputation and the
online phases. In this paper, we present new second preimage attacks on
the dithered Merkle-Damgard construction. These attacks consume significantly
less memory in the online phase (with a negligible increase in
the online time complexity) than previous attacks. For example, in the
case of MD5 with the Keranen sequence, we reduce the memory complexity
from about 2^51 blocks to about 2^26.7 blocks (about 545 MB). We also
present an essentially memoryless variant of Andreeva et al. attack. In
case of MD5-Keranen or SHA1-Keranen, the offline and online memory
complexity is 2^15.2 message blocks (about 188–235 KB), at the expense
of increasing the offline time complexity
The chaining lemma and its application
We present a new information-theoretic result which we call the Chaining Lemma. It considers a so-called “chain” of random variables, defined by a source distribution X(0)with high min-entropy and a number (say, t in total) of arbitrary functions (T1,…, Tt) which are applied in succession to that source to generate the chain (Formula presented). Intuitively, the Chaining Lemma guarantees that, if the chain is not too long, then either (i) the entire chain is “highly random”, in that every variable has high min-entropy; or (ii) it is possible to find a point j (1 ≤ j ≤ t) in the chain such that, conditioned on the end of the chain i.e. (Formula presented), the preceding part (Formula presented) remains highly random. We think this is an interesting information-theoretic result which is intuitive but nevertheless requires rigorous case-analysis to prove. We believe that the above lemma will find applications in cryptography. We give an example of this, namely we show an application of the lemma to protect essentially any cryptographic scheme against memory tampering attacks. We allow several tampering requests, the tampering functions can be arbitrary, however, they must be chosen from a bounded size set of functions that is fixed a prior
A mutate-and-map protocol for inferring base pairs in structured RNA
Chemical mapping is a widespread technique for structural analysis of nucleic
acids in which a molecule's reactivity to different probes is quantified at
single-nucleotide resolution and used to constrain structural modeling. This
experimental framework has been extensively revisited in the past decade with
new strategies for high-throughput read-outs, chemical modification, and rapid
data analysis. Recently, we have coupled the technique to high-throughput
mutagenesis. Point mutations of a base-paired nucleotide can lead to exposure
of not only that nucleotide but also its interaction partner. Carrying out the
mutation and mapping for the entire system gives an experimental approximation
of the molecules contact map. Here, we give our in-house protocol for this
mutate-and-map strategy, based on 96-well capillary electrophoresis, and we
provide practical tips on interpreting the data to infer nucleic acid
structure.Comment: 22 pages, 5 figure
Pause Point Spectra in DNA Constant-Force Unzipping
Under constant applied force, the separation of double-stranded DNA into two
single strands is known to proceed through a series of pauses and jumps. Given
experimental traces of constant-force unzipping, we present a method whereby
the locations of pause points can be extracted in the form of a pause point
spectrum. A simple theoretical model of DNA constant-force unzipping is
demonstrated to produce good agreement with the experimental pause point
spectrum of lambda phage DNA. The locations of peaks in the experimental and
theoretical pause point spectra are found to be nearly coincident below 6000
bp. The model only requires the sequence, temperature and a set of empirical
base pair binding and stacking energy parameters, and the good agreement with
experiment suggests that pause points are primarily determined by the DNA
sequence. The model is also used to predict pause point spectra for the
BacterioPhage PhiX174 genome. The algorithm for extracting the pause point
spectrum might also be useful for studying related systems which exhibit
pausing behavior such as molecular motors.Comment: 15 pages, 12 figure
Efficient public-key cryptography with bounded leakage and tamper resilience
We revisit the question of constructing public-key encryption and signature schemes with security in the presence of bounded leakage and tampering memory attacks. For signatures we obtain the first construction in the standard model; for public-key encryption we obtain the first construction free of pairing (avoiding non-interactive zero-knowledge proofs). Our constructions are based on generic building blocks, and, as we show, also admit efficient instantiations under fairly standard number-theoretic assumptions.
The model of bounded tamper resistance was recently put forward by DamgĂĄrd et al. (Asiacrypt 2013) as an attractive path to achieve security against arbitrary memory tampering attacks without making hardware assumptions (such as the existence of a protected self-destruct or key-update mechanism), the only restriction being on the number of allowed tampering attempts (which is a parameter of the scheme). This allows to circumvent known impossibility results for unrestricted tampering (Gennaro et al., TCC 2010), while still being able to capture realistic tampering attack
Cube Testers and Key Recovery Attacks On Reduced-Round MD6 and Trivium
CRYPTO 2008 saw the introduction of the hash function
MD6 and of cube attacks, a type of algebraic attack applicable to cryptographic
functions having a low-degree algebraic normal form over GF(2).
This paper applies cube attacks to reduced round MD6, finding the full
128-bit key of a 14-round MD6 with complexity 2^22 (which takes less
than a minute on a single PC). This is the best key recovery attack announced
so far for MD6. We then introduce a new class of attacks called
cube testers, based on efficient property-testing algorithms, and apply
them to MD6 and to the stream cipher Trivium. Unlike the standard
cube attacks, cube testers detect nonrandom behavior rather than performing
key extraction, but they can also attack cryptographic schemes
described by nonrandom polynomials of relatively high degree. Applied
to MD6, cube testers detect nonrandomness over 18 rounds in 2^17 complexity;
applied to a slightly modified version of the MD6 compression
function, they can distinguish 66 rounds from random in 2^24 complexity.
Cube testers give distinguishers on Trivium reduced to 790 rounds from
random with 2^30 complexity and detect nonrandomness over 885 rounds
in 2^27, improving on the original 767-round cube attack
Slide Attacks on a Class of Hash Functions
Abstract. This paper studies the application of slide attacks to hash functions. Slide attacks have mostly been used for block cipher cryptanalysis. But, as shown in the current paper, they also form a potential threat for hash functions, namely for sponge-function like structures. As it turns out, certain constructions for hash-function-based MACs can be vulnerable to forgery and even to key recovery attacks. In other cases, we can at least distinguish a given hash function from a random oracle. To illustrate our results, we describe attacks against the Grindahl-256 and Grindahl-512 hash functions. To the best of our knowledge, this is the first cryptanalytic result on Grindahl-512. Furthermore, we point out a slide-based distinguisher attack on a slightly modified version of RadioGatĂşn. We finally discuss simple countermeasures as a defense against slide attacks. Key words: slide attacks, hash function, Grindahl, RadioGatĂşn, MAC, sponge function.
Genome landscapes and bacteriophage codon usage
Across all kingdoms of biological life, protein-coding genes exhibit unequal
usage of synonmous codons. Although alternative theories abound, translational
selection has been accepted as an important mechanism that shapes the patterns
of codon usage in prokaryotes and simple eukaryotes. Here we analyze patterns
of codon usage across 74 diverse bacteriophages that infect E. coli, P.
aeruginosa and L. lactis as their primary host. We introduce the concept of a
`genome landscape,' which helps reveal non-trivial, long-range patterns in
codon usage across a genome. We develop a series of randomization tests that
allow us to interrogate the significance of one aspect of codon usage, such a
GC content, while controlling for another aspect, such as adaptation to
host-preferred codons. We find that 33 phage genomes exhibit highly non-random
patterns in their GC3-content, use of host-preferred codons, or both. We show
that the head and tail proteins of these phages exhibit significant bias
towards host-preferred codons, relative to the non-structural phage proteins.
Our results support the hypothesis of translational selection on viral genes
for host-preferred codons, over a broad range of bacteriophages.Comment: 9 Color Figures, 5 Tables, 53 Reference
A method for making password-based key exchange resilient to server compromise
Abstract. This paper considers the problem of password-authenticated key exchange (PAKE) in a client-server setting, where the server authenticates using a stored password file, and it is desirable to maintain some degree of security even if the server is compromised. A PAKE scheme is said to be resilient to server compromise if an adversary who compromises the server must at least perform an offline dictionary attack to gain any advantage in impersonating a client. (Of course, offline dictionary attacks should be infeasible in the absence of server compromise.) One can see that this is the best security possible, since by definition the password file has enough information to allow one to play the role of the server, and thus to verify passwords in an offline dictionary attack. While some previous PAKE schemes have been proven resilient to server compromise, there was no known general technique to take an arbitrary PAKE scheme and make it provably resilient to server compromise. This paper presents a practical technique for doing so which requires essentially one extra round of communication and one signature computation/verification. We prove security in the universal composability framework by (1) defining a new functionality for PAKE with resilience to server compromise, (2) specifying a protocol combining this technique with a (basic) PAKE functionality, and (3) proving (in the random oracle model) that this protocol securely realizes the new functionality.
- …