Attacks On a Double Length Blockcipher-based Hash Proposal

In this paper we attack a $2n$-bit double length hash function proposed by Lee et al. This proposal is a blockcipher-based hash function with hash rate $2/3$. The designers claimed that it could achieve ideal collision resistance and gave a security proof. However, we find a collision attack with complexity of $\Omega(2^{3n/4})$ and a preimage attack with complexity of $\Omega(2^{n})$. Our result shows this construction is much worse than an ideal $2n$-bit hash function

More Insights on Blockcipher-Based Hash Functions

In this paper we give more insights on the security of blockcipher-based hash functions. We give a very simple criterion to build a secure large class of Single-Block-Length (SBL) or double call Double-Block-Length (DBL) compression functions based on $(kn, n)$ blockciphers, where $kn$ is the key length and $n$ is the block length and $k$ is an integer. This criterion is simpler than previous works in the literature. Based on the criterion, we can get many results from this criterion, and we can get a conclusion on such class of blockcipher-based hash functions. We solved the open problem left by Hirose. Our results show that to build a secure double call DBL compression function, it is required $k >= m+1$ where $m$ is the number of message blocks. Thus, we can only build rate 1/2 secure double DBL blockcipher-based compression functions if $k==2$. At last, we pointed out flaws in Stam\u27s theorem about supercharged functions and gave a revision of this theorem and added another condition for the security of supercharged compression functions

Improvements for Finding Impossible Differentials of Block Cipher Structures

We improve Wu and Wang’s method for finding impossible differentials of block cipher structures. This improvement is more general than Wu and Wang’s method where it can find more impossible differentials with less time. We apply it on Gen-CAST256, Misty, Gen-Skipjack, Four-Cell, Gen-MARS, SMS4, MIBS, Camellia⁎, LBlock, E2, and SNAKE block ciphers. All impossible differentials discovered by the algorithm are the same as Wu’s method. Besides, for the 8-round MIBS block cipher, we find 4 new impossible differentials, which are not listed in Wu and Wang’s results. The experiment results show that the improved algorithm can not only find more impossible differentials, but also largely reduce the search time

Impossible Differential Cryptanalysis of FOX

Block ciphers are the very foundation of computer and information security. FOX, also known as IDEA NXT, is a family of block ciphers published in 2004 and is famous for its provable security to cryptanalysis. In this paper, we apply impossible differential cryptanalysis on FOX cipher. We find a 4-round impossible difference, by using which adversaries can attack 5, 6 and 7-round FOX64 with $2^{71}$, $2^{135}$ and $2^{199}$ one-round encryptions respectively. Compared to the previous best attack with $2^{109.4}$, $2^{173.4}$ and $2^{237.4}$ full-round encryptions to 5, 6 and 7-round FOX64, the method in this paper is the best attack to FOX cipher. This attack can also be applied to 5-round FOX128 with $2^{135}$ one-round encryptions

A Unified Method for Finding Impossible Differentials of Block Cipher Structures

In this paper, we propose a systematic method for finding impossible differentials for block cipher structures, better than the $\mathcal{U}$-method introduced by Kim \textit{et al}~\cite{Kim03}. It is referred as a unified impossible differential finding method (UID-method). We apply the UID-method to some popular block ciphers such as {\sf Gen-Skipjack}, {\sf Gen-CAST256}, {\sf Gen-MARS}, {\sf Gen-RC6}, {\sf Four-Cell}, {\sf SMS4} and give the detailed impossible differentials. By the UID-method, we find a 16-round impossible differential on {\sf Gen-Skipjack} and a 19-round impossible differential on {\sf Gen-CAST256}. Thus we disprove the \textsl{Conjecture 2} proposed in \textsl{Asiacrypt\u2700}~\cite{Sung00} and the theorem in \textsl{FSE\u2709} rump session presentation~\cite{Pudovkina09}. On {\sf Gen-MARS} and {\sf SMS4}, the impossible differentials find by the UID-method are much longer than that found by the $\mathcal{U}$-method. On the {\sf Four-Cell} block cipher, our result is the same as the best result previously obtained by case-by-case treatment

Pseudorandomness Analysis of the Lai-Massey Scheme

At Asiacrypt’99, Vaudenay modified the structure in the IDEA cipher to a new scheme, which they called as the Lai-Massey scheme. It is proved that 3-round Lai-Massey scheme is sufficient for pseudorandomness and 4-round Lai-Massey scheme is sufficient for strong pseudorandomness. But the author didn’t point out whether three rounds and four rounds are necessary for the pseudorandomness and strong pseudorandomness of the Lai-Massey Scheme. In this paper we find a two round pseudorandomness distinguisher and a three-round strong pseudorandomness distinguisher, thus prove that three rounds is necessary for the pseudorandomness and four rounds is necessary for the strong pseudorandomness

Genome-wide eQTLs and heritability for gene expression traits in unrelated individuals

BACKGROUND: While the possible sources underlying the so-called ‘missing heritability’ evident in current genome-wide association studies (GWAS) of complex traits have been actively pursued in recent years, resolving this mystery remains a challenging task. Studying heritability of genome-wide gene expression traits can shed light on the goal of understanding the relationship between phenotype and genotype. Here we used microarray gene expression measurements of lymphoblastoid cell lines and genome-wide SNP genotype data from 210 HapMap individuals to examine the heritability of gene expression traits. RESULTS: Heritability levels for expression of 10,720 genes were estimated by applying variance component model analyses and 1,043 expression quantitative loci (eQTLs) were detected. Our results indicate that gene expression traits display a bimodal distribution of heritability, one peak close to 0% and the other summit approaching 100%. Such a pattern of the within-population variability of gene expression heritability is common among different HapMap populations of unrelated individuals but different from that obtained in the CEU and YRI trio samples. Higher heritability levels are shown by housekeeping genes and genes associated with cis eQTLs. Both cis and trans eQTLs make comparable cumulative contributions to the heritability. Finally, we modelled gene-gene interactions (epistasis) for genes with multiple eQTLs and revealed that epistasis was not prevailing in all genes but made a substantial contribution in explaining total heritability for some genes analysed. CONCLUSIONS: We utilised a mixed effect model analysis for estimating genetic components from population based samples. On basis of analyses of genome-wide gene expression from four HapMap populations, we demonstrated detailed exploitation of the distribution of genetic heritabilities for expression traits from different populations, and highlighted the importance of studying interaction at the gene expression level as an important source of variation underlying missing heritability. ELECTRONIC SUPPLEMENTARY MATERIAL: The online version of this article (doi:10.1186/1471-2164-15-13) contains supplementary material, which is available to authorized users