AES Cipher Keys Suitable for Efficient Side-Channel Vulnerability Evaluation

This paper investigates pairs of AES-128 cipher keys and plaintexts which result in being ``quiet\u27\u27 in the final round, i.e., whose 128-bit State holds the same bit pattern before and after Round 10. We show that the number of such quiet plaintexts (resulting in Hamming distance 0) for any cipher key is at most 5,914,624, and that there exist exactly 729 cipher keys having such a maximum number. The same holds if ``quiet\u27\u27 is replaced by ``noisy\u27\u27 (which means to have Hamming distance 128). Because such quiet and noisy plaintexts make extreme actions in the final round of the AES encryption, these AES-128 cipher keys are quite useful for AES hardware designers to efficiently evaluate the vulnerabilities of their products, for instance, the performance of their side-channel attack countermeasures

Information Leakage Threats for Cryptographic Devices Using IEMI and EM Emission

In this paper, we present a new information leakage threat combining intentional electromagnetic interference (IEMI) and observations of EM leakage. In previous studies, the analysis of secret key information in cryptographic modules using fault injection has led to methods whereby faults can be injected via low-voltage IEMI. However, the timing of fault injections cannot be controlled with this approach, and it is difficult to obtain faulty ciphertexts for use in secret key analysis by differential fault analysis (DFA). To overcome this problem, we propose a method for estimating the fault-injection timing by detecting characteristic fluctuations in the EM leakage from the device. As a result, it may be possible to implement a realistic secret information analysis method applicable to a wide range of devices. First, to show the feasibility of the proposed method, we describe an experiment using an on-chip fault-injection circuit that can control the injection timing. Furthermore, we apply a fault analysis method that combines the injection timing estimation method and fault injection by IEMI in a practical experimental environment. We select useful faulty ciphertexts using the proposed method, and then perform secret key analysis by DFA. Experimental results demonstrate that the secret key can be successfully analyzed

Card-Based Protocols Using Unequal Division Shuffles

Card-based cryptographic protocols can perform secure computation of Boolean functions. In 2013, Cheung et al. presented a protocol that securely produces a hidden AND value using five cards; however, it fails with a probability of 1/2. The protocol uses an unconventional shuffle operation called an unequal division shuffle; after a sequence of five cards is divided into a two-card portion and a three-card portion, these two portions are randomly switched so that nobody knows which is which. In this paper, we first show that the protocol proposed by Cheung et al. securely produces not only a hidden AND value but also a hidden OR value (with a probability of 1/2). We then modify their protocol such that, even when it fails, we can still evaluate the AND value in the clear. Furthermore, we present two five-card copy protocols (which can duplicate a hidden value) using unequal division shuffle. Because the most efficient copy protocol currently known requires six cards, our new protocols improve upon the existing results. We also design a general copy protocol that produces multiple copies using an unequal division shuffle. Furthermore, we show feasible implementations of unequal division shuffles by the use of card cases

EM Attack Is Non-Invasive? - Design Methodology and Validity Verification of EM Attack Sensor

This paper presents a standard-cell-based semi-automatic design methodology of a new conceptual countermeasure against electromagnetic (EM) analysis and fault-injection attacks. The countermeasure namely EM attack sensor utilizes LC oscillators which detect variations in the EM field around a cryptographic LSI caused by a micro probe brought near the LSI. A dual-coil sensor architecture with an LUT-programming-based digital calibration can prevent a variety of microprobe-based EM attacks that cannot be thwarted by conventional countermeasures. All components of the sensor core are semi-automatically designed by standard EDA tools with a fully-digital standard cell library and hence minimum design cost. This sensor can be therefore scaled together with the cryptographic LSI to be protected. The sensor prototype is designed based on the proposed methodology together with a 128bit-key composite AES processor in 0.18um CMOS with overheads of only 1.9% in area, 7.6% in power, and 0.2% in performance, respectively. The validity against a variety of EM attack scenarios has been verified successfully

The innate immune system in host mice targets cells with allogenic mitochondrial DNA

Tumors or embryonic stem cells bearing foreign mitochondrial DNA are rejected by the innate immune system via a mechanism that depends on MyD88

The Plant Organelles Database 2 (PODB2): An Updated Resource Containing Movie Data of Plant Organelle Dynamics

The Plant Organelles Database (PODB) was launched in 2006 and provides imaging data of plant organelles, protocols for plant organelle research and external links to relevant websites. To provide comprehensive information on plant organelle dynamics and accommodate movie files that contain time-lapse images and 3D structure rotations, PODB was updated to the next version, PODB2 (http://podb.nibb.ac.jp/Organellome). PODB2 contains movie data submitted directly by plant researchers and can be freely downloaded. Through this organelle movie database, users can examine the dynamics of organelles of interest, including their movement, division, subcellular positioning and behavior, in response to external stimuli. In addition, the user interface for access and submission has been enhanced. PODB2 contains all of the information included in PODB, and the volume of data and protocols deposited in the PODB2 continues to grow steadily. Moreover, a new website, Plant Organelles World (http://podb.nibb.ac.jp/Organellome/PODBworld/en/index.html), which is based on PODB2, was recently launched as an educational tool to engage members of the non-scientific community such as students and school teachers. Plant Organelles World is written in layman's terms, and technical terms were avoided where possible. We would appreciate contributions of data from all plant researchers to enhance the usefulness of PODB2 and Plant Organelles World

Neuropathological Similarities and Differences between Schizophrenia and Bipolar Disorder: A Flow Cytometric Postmortem Brain Study

Recent studies suggest that schizophrenia (SCH) and bipolar disorder (BPD) may share a similar etiopathology. However, their precise neuropathological natures have rarely been characterized in a comprehensive and quantitative fashion. We have recently developed a rapid, quantitative cell-counting method for frozen unfixed postmortem brains using a flow cytometer. In the present study, we not only counted stained nuclei, but also measured their sizes in the gray matter of frontopolar cortices (FPCs) and inferior temporal cortices (ITCs) from patients with SCH or BPD, as well as in that from normal controls. In terms of NeuN(+) neuronal nuclei size, particularly in the reduced densities of small NeuN(+) nuclei, we found abnormal distributions present in the ITC gray matter of both patient groups. These same abnormalities were also found in the FPCs of SCH patients, whereas in the FPCs of BPD patients, a reduction in oligodendrocyte lineage (olig2(+)) cells was much more common. Surprisingly, in the SCH FPC, normal left-greater-than-right asymmetry in neural nuclei densities was almost completely reversed. In the BPD FPC, this asymmetry, though not obvious, differed significantly from that in the SCH FPC. These findings indicate that while similar neuropathological abnormalities are shared by patients with SCH or BPD, differences also exist, mainly in the FPC, which may at least partially explain the differences observed in many aspects in these disorders

Porous In2O3 powders prepared by ultrasonic-spray pyrolysis as a NO2-sensing material: Utilization of polymethylmethacrylate microspheres synthesized by ultrasonic-assisted emulsion polymerization as a template

NO2-sensing properties of porous In2O3 (pr-In2O3) powders prepared by ultrasonic-spray pyrolysis employing polymethylmethacrylate (PMMA) microspheres as a template has been investigated in this study. The PMMA microspheres were synthesized in water by ultrasonic-assisted emulsion polymerization employing methyl methacrylate monomer, sodium lauryl sulfate as a surfactant and ammonium persulfate as an initiator. The PMMA microspheres synthesized was quite uniform and the particle size was ca. 60.2 nm (measured by dynamic light scattering). The microstructure of pr-In2O3 powders prepared was largely dependent on the kind of In2O3 sources. The pr-In2O3 which was prepared from In(NO3)3 as an In 2O3 source (pr-In2O3(N)) consisted of submicron-sized spherical particles with welldeveloped spherical mesopores (several tens of nanometers in pore diameter) and each oxide wall among pores was constructed with meso-sized In2O3 particles connected continuously. On the other hand, the pr-In2O3 which was prepared from InCl3 as an In2O3 source (pr-In2 O3(Cl)) was composed of a large number of dispersed meso-sized particles and a few submicron-sized dense spherical particles. In contrast, the morphology of conventional In2O3 powder (c-In 2O3) prepared by ultrasonic-spray pyrolysis of PMMAfree In(NO3)3 aqueous solution as a reference was relatively dense and roughly spherical with a diameter of ca. 100-700 nm. The responses to 1.0 and 10ppm NO2 of pr-In2O3 sensors in air were much larger than those of a c-In2O3(N) sensor in the temperature range of less than 250°C and 300°C, respectively. In addition, the response and recovery speeds of both the pr-In2O 3 sensors were much faster than those of the c-In2O 3(N) sensor, because of the well-developed porous structure of the pr-In2O3 sensors