On the Relations Between Diffie-Hellman and ID-Based Key Agreement from Pairings

This paper studies the relationships between the traditional Diffie-Hellman key agreement protocol and the identity-based (ID-based) key agreement protocol from pairings. For the Sakai-Ohgishi-Kasahara (SOK) ID-based key construction, we show that identical to the Diffie-Hellman protocol, the SOK key agreement protocol also has three variants, namely \emph{ephemeral}, \emph{semi-static} and \emph{static} versions. Upon this, we build solid relations between authenticated Diffie-Hellman (Auth-DH) protocols and ID-based authenticated key agreement (IB-AK) protocols, whereby we present two \emph{substitution rules} for this two types of protocols. The rules enable a conversion between the two types of protocols. In particular, we obtain the \emph{real} ID-based version of the well-known MQV (and HMQV) protocol. Similarly, for the Sakai-Kasahara (SK) key construction, we show that the key transport protocol underlining the SK ID-based encryption scheme (which we call the "SK protocol") has its non-ID counterpart, namely the Hughes protocol. Based on this observation, we establish relations between corresponding ID-based and non-ID-based protocols. In particular, we propose a highly enhanced version of the McCullagh-Barreto protocol

Automatic Search of Truncated Impossible Differentials for Word-Oriented Block Ciphers (Full Version)

Impossible differential cryptanalysis is a powerful technique to recover the secret key of block ciphers by exploiting the fact that in block ciphers specific input and output differences are not compatible. This paper introduces a novel tool to search truncated impossible differentials for word-oriented block ciphers with bijective Sboxes. Our tool generalizes the earlier $\mathcal{U}$-method and the UID-method. It allows to reduce the gap between the best impossible differentials found by these methods and the best known differentials found by ad hoc methods that rely on cryptanalytic insights. The time and space complexities of our tool in judging an $r$-round truncated impossible differential are about $O(c\cdot l^4\cdot r^4)$ and $O(c\u27\cdot l^2\cdot r^2)$ respectively, where $l$ is the number of words in the plaintext and $c$, $c\u27$ are constants depending on the machine and the block cipher. In order to demonstrate the strength of our tool, we show that it does not only allow to automatically rediscover the longest truncated impossible differentials of many word-oriented block ciphers, but also finds new results. It independently rediscovers all 72 known truncated impossible differentials on 9-round CLEFIA. In addition, finds new truncated impossible differentials for AES, ARIA, Camellia without FL and FL$^{-1}$ layers, E2, LBlock, MIBS and Piccolo. Although our tool does not improve the lengths of impossible differentials for existing block ciphers, it helps to close the gap between the best known results of previous tools and those of manual cryptanalysis

Security Evaluation against Differential Cryptanalysis for Block Cipher Structures

Estimating immunity against differential and linear cryptanalysis is essential in designing secure block ciphers. A practical measure to achieve it is to find the minimal number of active S-boxes, or a lower bound for this minimal number. In this paper, we provide a general algorithm using integer programming, which not only can estimate a good lower bound of the minimal differential active S-boxes for various block cipher structures, but also provides an efficient way to select new structures with good properties against differential cryptanalysis. Experimental results for the Feistel, CAST256, SMS4, CLEFIA and Generalized Feistel structures indicate that bounds obtained by our algorithm are the tightest except for a few rounds of the SMS4 structure. Then, for the first time, bounds of the differential active S-boxes number for the MISTY1, Skipjack, MARS and Four-cell structures are illustrated with the application of our algorithm. Finally, our algorithm is used to find four new structures with good properties against differential cryptanalysis. Security evaluation against liner cryptanalysis can be processed with our algorithm similarly by considering dual structures

A Flaw in The Internal State Recovery Attack on ALPHA-MAC

An distinguisher was constructed by utilizing a 2-round collision differential path of ALPHA-MAC, with about $2^{65.5}$ chosen messages and $2^{65.5}$ queries. Then, this distinguisher was used to recover the internal state(\cite{Yuan1},\cite{Yuan2}). However, a flaw is found in the internal state recovery attack. The complexity of recovering the internal state is up to $2^{81}$ exhaustive search. And the complexity of the whole attack will be up to $2^{67}$ chosen messages and $2^{81}$ exhaustive search. To repair the flaw, a modified 2-round differential path of ALPHA-MAC is present and a new distinguisher based on this path is proposed. Finally, an attack with about $2^{65.5}$ chosen messages and $2^{65.5}$ queries is obtained under the new distinguisher

Security Proof for the Improved Ryu-Yoon-Yoo Identity-Based Key Agreement Protocol

Key agreement protocols are essential for secure communications in open and distributed environments. The protocol design is, however, extremely error-prone as evidenced by the iterative process of fixing discovered attacks on published protocols. We revisit an efficient identity-based (ID-based) key agreement protocol due to Ryu, Yoon and Yoo. The protocol is highly efficient and suitable for real-world applications despite offering no resilience against key-compromise impersonation (K-CI). We then show that the protocol is, in fact, insecure against reflection attacks. A slight modification to the protocol is proposed, which results in significant benefits for the security of the protocol without compromising on its efficiency. Finally, we prove the improved protocol secure in a widely accepted model

Leaked-State-Forgery Attack Against The Authenticated Encryption Algorithm ALE

ALE is a new authenticated encryption algorithm published at FSE 2013. The authentication component of ALE is based on the strong Pelican MAC, and the authentication security of ALE is claimed to be 128-bit. In this paper, we propose the leaked-state-forgery attack (LSFA) against ALE by exploiting the state information leaked from the encryption of ALE. The LSFA is a new type of differential cryptanalysis in which part of the state information is known and exploited to improve the differential probability. Our attack shows that the authentication security of ALE is only 97-bit. And the results may be further improved to around 93-bit if the whitening key layer is removed. We implemented our attacks against a small version of ALE (using 64-bit block size instead of 128-bit block size). The experimental results match well with the theoretical results

Auxin efflux controls orderly nucellar degeneration and expansion of the female gametophyte in Arabidopsis

The nucellus tissue in flowering plants provides nutrition for the development of the female gametophyte (FG) and young embryo. The nucellus degenerates as the FG develops, but the mechanism controlling the coupled process of nucellar degeneration and FG expansion remains largely unknown. The degeneration process of the nucellus and spatiotemporal auxin distribution in the developing ovule before fertilization were investigated in Arabidopsis thaliana. Nucellar degeneration before fertilization occurs through vacuolar cell death and in an ordered degeneration fashion. This sequential nucellar degeneration is controlled by the signalling molecule auxin. Auxin efflux plays the core role in precisely controlling the spatiotemporal pattern of auxin distribution in the nucellus surrounding the FG. The auxin efflux carrier PIN1 transports maternal auxin into the nucellus while PIN3/PIN4/PIN7 further delivers auxin to degenerating nucellar cells and concurrently controls FG central vacuole expansion. Notably, auxin concentration and auxin efflux are controlled by the maternal tissues, acting as a key communication from maternal to filial tissue

A novel enzyme-linked immunostaining technique based on silk membrane for the prenatal detection of fetomaternal haemorrhage

Objective: Developing a simple, rapid, reliable, sensitive, and cost-effective method for prenatal detection of fetomaternal haemorrhage by combining multi-aperture silk membrane with enzyme-linked immunosorbent assay (ELISA), which does not require any complicated instruments and can be visually colored, so as to provide a new method for clinical detection of fetomaternal haemorrhage.Methods: As a carrier, a chemically treated silk membrane was used to immobilize anti-A/anti-B antibody reagent. PBS washed slowly after vertically dropping red blood cells. After adding biotin-labeled anti-A/anti-B antibody reagent, PBS is slowly washed, enzyme-labeled avidin is added, and TMB is used for color development after washing.Results: When there were both anti-A and anti-B fetal erythrocytes in pregnant women’s peripheral blood, the final color was dark brown. When there are no anti-A and anti-B fetal red blood cells in pregnant women’s peripheral blood, the final color development results do not change, which corresponds to the color of chemically treated silk membrane.Conclusion: The new enzyme-linked immunosorbent assay (ELISA) based on a silk membrane can distinguish fetal red blood cells from maternal red blood cells prenatally and can be used for prenatal detection of fetomaternal haemorrhage

Effectiveness of Inactivated SARS-CoV-2 Vaccines During a Delta Variant Outbreak in Hunan Province, China: A Retrospective Cohort Study

This study was aimed at investigating the effectiveness of inactivated COVID-19 vaccines against the Delta variant. We performed a retrospective cohort study of close contacts of people with laboratory-confirmed SARS-CoV-2 infections in Hunan province, China, from July to August 2021. Mixed-effect logistic regression was used to estimate vaccine effectiveness (VE), and analyze the effects of the vaccination status of index cases and the exposure risk level on VE estimation. A total of 1,685 close contacts of 126 index cases were included; 835 (49.6%) had received two doses of inactivated vaccines, and the median interval between the 2nd dose and exposure was 48 days (IQR: 41 to 56 days). Full vaccination was defined as two doses at least 14 days before exposure. Adjusted VE estimates for full vaccination were 54.8% (95% CI: 7.7 to 77.9) and 68.4% (95% CI: 8.5 to 89.1) against symptomatic and moderate-to-severe COVID-19, respectively. VE for inactivated vaccines was difficult to observe if index cases had been fully vaccinated. The estimated VE with respect to infection protection was lower among household than non-household contacts. Complete primary immunization of two-dose inactivated COVID-19 vaccines protected against SARS-CoV-2 Delta variant infection. Infection risk was higher among vaccinated household contacts than vaccinated non-household contacts