Systematic Construction of Nonlinear Product Attacks on Block Ciphers

A major open problem in block cipher cryptanalysis is discovery of new invariant properties of complex type. Recent papers show that this can be achieved for SCREAM, Midori64, MANTIS-4, T-310 or for DES with modified S-boxes. Until now such attacks are hard to find and seem to happen by some sort of incredible coincidence. In this paper we abstract the attack from any particular block cipher. We study these attacks in terms of transformations on multivariate polynomials. We shall demonstrate how numerous variables including key variables may sometimes be eliminated and at the end two very complex Boolean polynomials will become equal. We present a general construction of an attack where multiply all the polynomials lying on one or several cycles. Then under suitable conditions the non-linear functions involved will be eliminated totally. We obtain a periodic invariant property holding for any number of rounds. A major difficulty with invariant attacks is that they typically work only for some keys. In T-310 our attack works for any key and also in spite of the presence of round constants

The Inverse S-Box, Non-linear Polynomial Relations and Cryptanalysis of Block Ciphers

Abstract. This paper is motivated by the design of AES. We consider a broader question of cryptanalysis of block ciphers having very good non-linearity and diffusion. Can we expect anyway, to attacks such ciphers, clearly designed to render hopeless the main classical attacks? Recently a lot of attention have been drawn to the existence of multivariate algebraic relations for AES (and other) S-boxes. Then, if the XSL-type algebraic attacks on block ciphers [11] are shown to work well, the answer would be positive. In this paper we show that the answer is certainly positive for many other constructions of ciphers. This is not due to an algebraic attack, but to new types of generalised linear cryptanalysis, highly-nonlinear in flavour. We present several constructions of somewhat special practical block ciphers, seemingly satisfying all the design criteria of AES and using similar S-boxes, and yet being extremely weak. They can be generalised, and evolve into general attacks that can be applied- potentially- to any block cipher. Key Words: block ciphers, AES, Rijndael, interpolation attack on block ciphers, fractional transformations, homographic functions, multivariate equations

Bestimmung der Nachweiswahrscheinlichkeit von Neutronenzaehlern

SIGLEAvailable from TIB Hannover: RN 4852(91-50) / FIZ - Fachinformationszzentrum Karlsruhe / TIB - Technische InformationsbibliothekDEGerman

Reference curves of symphysis-fundus height in twin pregnancies

OBJECTIVE: To generate reliable new reference ranges for symphysis-fundus height (SFH) in twin pregnancies using modern statistical methods and to evaluate whether small-for-gestational age (SGA) babies of women who had a SFH measurement after the 25th gestational week could be predicted by the SFH measurement in the reference curves and other maternal data. STUDY DESIGN: In a retrospective cross-sectional study at the obstetric outpatient clinic, Zurich University Hospital, SFH was determined in 257 twin-pregnant women with accurately dateable twin pregnancies (Caucasians: N=217, Asians: N=15, Blacks: N=10, and 15 others). Exclusion criteria were intrauterine fetal death, and known fetal and maternal diseases, which influence SFH. Pregnant women with twins were divided in three groups according to the birth weight of the babies. Group I: both babies were appropriate for gestational age (AGA), group II: one baby was AGA and one SGA, and group III: both babies were SGA. RESULTS: SFH measurements increased linearly with gestational age (GA). The following rule of thumb is suggested for the 50th centile of SFH (cm)=gestational week+10% of gestational week. Age, height, weight and body mass index (BMI) before pregnancy, parity and ethnic group were insignificant determinants in SFH measurement. A prognostic score for identification of group III was created for a GA> or =25 weeks and BMI<30 kg/m2. CONCLUSIONS: Measuring SFH is simple, inexpensive and non-invasive and may be of some use for identifying twin mothers with SGA twin pairs

Aide externe pour l’optimisation de la dose par coupe en TDM

Prix de l’Exposition Scientifiqueinfo:eu-repo/semantics/nonPublishe

4.2 Social Dynamics Metrics-Working Group Report

Individuals continually interact with security mechanisms when performing tasks in everyday life. These tasks may serve personal goals or work goals, be individual or shared. These interactions can be influenced by peers and superiors in the respective environments (workplace, home, public spaces), by personality traits of the users, as well as by contextual constraints such as available time, cognitive resources, and perceived available effort. All these influencing factors, we believe, should be considered in the design, implementation and maintenance of good socio-technical security mechanisms. Therefore, we need to observe reliable socio-technical data, and then transform them into meaningful and helpful metrics for user interactions and influencing factors. More precisely, there are three main questions that the group discussed: 1. What data do we need to observe and what of this data we actually can observe and measure? 2. How can we observe and measure? 3. What can we do with the results of the observations

The efficacy of ventricular pacing with device automaticity in paediatric patients

AIMS: To compare pacemaker reprogramming and re-intervention rates in children with AutoCapture (AC) and conventionally (Conv) programmed devices, and to assess reliability of device automaticity. METHODS AND RESULTS: Data of children with AC (group AC, n = 49) and conventionally programmed devices (group Conv, n = 41) were analysed. A total of 1106 outpatient visits and 147 Holter recordings were screened for device reprogramming and invasive re-intervention. At 2 and 5 years, freedom from reprogramming differed significantly between groups (AC: 63/35% vs. Conv: 13/4%; P < 0.0001), whereas freedom from re-intervention was not different (AC: 95/90% vs. Conv: 95/85%; P = 0.26). Mean yearly rate of reprogramming was lower in group AC (AC: 0.67 +/- 0.55 vs. Conv: 1.13 +/- 0.82; P = 0.005). Follow-up duration correlated with a decreasing number of reprogramming per year in group Conv (rho = -0.73, P < 0.001). No ventricular output reprogramming was required in group AC. Holter recordings required 0.07 +/- 0.13 reprogramming per year in group Conv, none in group AC (P < 0.001). Holter-detected lead dysfunction prompted re-intervention in one patient of each group. CONCLUSION: Estimated freedom from as well as total yearly rate of device reprogramming was favourable for AC-programmed devices. No difference was seen for the incidence of invasive re-interventions. AC ventricular output control was effective. Structured device follow-up and Holter recordings in specific patient groups remain mandatory for all devices in paediatric patients

Cryptanalysis of reduced-round SIMON32 and SIMON48

SIMON family is one of the recent lightweight block cipher designs introduced by NSA. So far there have been several cryptanalytic results on this cipher by means of differential, linear and impossible differential cryptanalysis. In this paper, we study the security of SIMON32, SIMON48/72 and SIMON48/96 by using integral, zero-correlation linear and impossible differential cryptanalysis. Firstly, we present a novel experimental approach to construct the best known integral distinguishers of SIMON32. The small block size, 32 bits, of SIMON32 enables us to experimentally find a 15-round integral distinguisher, based on which we present a key recovery attack on 21-round SIMON32, while previous best results only achieved 19 rounds. Moreover, we attack 20- round SIMON32, 20-round SIMON48/72 and 21-round SIMON48/96 based on 11 and 12-round zero-correlation linear hulls of SIMON32 and SIMON48 respectively. Finally, we propose new impossible differential attacks which improve the previous impossible differential attacks. Our analysis shows that SIMON maintains enough security margin

FOX: a New Family of Block Ciphers

Abstract. In this paper, we describe the design of a new family of block ciphers based on a Lai-Massey scheme, named FOX. The main features of this design, besides a very high security level, are a large implementation flexibility on various platforms as well as high performances. In addition, we propose a new design of strong and efficient key-schedule algorithms. We provide evidence that FOX is immune to linear and differential cryptanalysis, and we discuss its security towards integral cryptanalysis, algebraic attacks, and other attacks. Key words: Block ciphers, Lai-Massey scheme