Shrinking the keys of discrete-log-type lossy trapdoor functions

To this day, realizations in the standard-model of (lossy) trapdoor functions from discrete-log-type assumptions require large public key sizes, e.g., about Θ(λ 2) group elements for a reduction from the decisional Diffie-Hellman assumption (where λ is a security parameter). We propose two realizations of lossy trapdoor functions that achieve public key size of only Θ(λ) group elements in bilinear groups, with a reduction from the decisional Bilinear Diffie-Hellman assumption. Our first construction achieves this result at the expense of a long common reference string of Θ(λ 2) elements, albeit reusable in multiple LTDF instantiations. Our second scheme also achieves public keys of size Θ(λ), entirely in the standard model and in particular without any reference string, at the cost of a slightly more involved construction. The main technical novelty, developed for the second scheme, is a compact encoding technique for generating compressed representations of certain sequences of group elements for the public parameters.

Expression and in vitro functions of the ghrelin axis in endometrial cancer

Ghrelin is a peptide hormone produced in the stomach and a range of other tissues, where it has endocrine, paracrine and autocrine roles in both normal and disease states. Ghrelin has been shown to be an important growth factor for a number of tumours, including prostate and breast cancers. In this study, we examined the expression of the ghrelin axis (ghrelin and its receptor, the growth hormone secretagogue receptor, GHSR) in endometrial cancer. Ghrelin is expressed in a range of endometrial cancer tissues, while its cognate receptor, GHSR1a, is expressed in a small subset of normal and cancer tissues. Low to moderately invasive endometrial cancer cell lines were examined by RT-PCR and immunoblotting, demonstrating that ghrelin axis mRNA and protein expression correlate with differentiation status of Ishikawa, HEC1B and KLE endometrial cancer cell lines. Moreover, treatment with ghrelin potently stimulated cell proliferation and inhibited cell death. Taken together, these data indicate that ghrelin promotes the progression of endometrial cancer cells in vitro, and may contribute to endometrial cancer pathogenesis and represent a novel treatment target.

An algebraic approach for determination of DG parameters to support voltage profiles in radial distribution networks

Rapidly increasing electricity demands and capacity shortage of transmission and distribution facilities are the main driving forces for the growth of Distributed Generation (DG) integration in power grids. One of the reasons for choosing a DG is its ability to support voltage in a distribution system. Selection of effective DG characteristics and DG parameters is a significant concern of distribution system planners to obtain maximum potential benefits from the DG unit. This paper addresses the issue of improving the network voltage profile in distribution systems by installing a DG of the most suitable size, at a suitable location. An analytical approach is developed based on algebraic equations for uniformly distributed loads to determine the optimal operation, size and location of the DG in order to achieve required levels of network voltage. The developed method is simple to use for conceptual design and analysis of distribution system expansion with a DG and suitable for a quick estimation of DG parameters (such as optimal operating angle, size and location of a DG system) in a radial network. A practical network is used to verify the proposed technique and test results are presented.

Extensions of the cube attack based on low degree annihilators

At Crypto 2008, Shamir introduced a new algebraic attack called the cube attack, which allows us to solve black-box polynomials if we are able to tweak the inputs by varying an initialization vector. In a stream cipher setting where the filter function is known, we can extend it to the cube attack with annihilators: By applying the cube attack to Boolean functions for which we can find low-degree multiples (equivalently annihilators), the attack complexity can be improved. When the size of the filter function is smaller than the LFSR, we can improve the attack complexity further by considering a sliding window version of the cube attack with annihilators. Finally, we extend the cube attack to vectorial Boolean functions by finding implicit relations with low-degree polynomials.

MöBIUS-α commutative functions and partially coincident functions

The M¨obius transform of Boolean functions is often involved in cryptographic design and analysis. As studied previously, a Boolean function f is said to be coincident if it is identical with its M¨obius transform fμ, i.e., f = fμ...

Calibration functions for estimating soil moisture from GPR dielectric constant measurements

Ground-penetrating radar (GPR) is widely used for assessment of soil moisture variability in field soils. Because GPR does not measure soil water content directly, it is common practice to use calibration functions that describe its relationship with the soil dielectric properties and textural parameters. However, the large variety of models complicates the selection of the appropriate function. In this article an overview is presented of the different functions available, including volumetric models, empirical functions, effective medium theories, and frequency-specific functions. Using detailed information presented in summary tables, the choice for which calibration function to use can be guided by the soil variables available to the user, the frequency of the GPR equipment, and the desired level of detail of the output. This article can thus serve as a guide for GPR practitioners to obtain soil moisture values and to estimate soil dielectric properties.

Colour by numbers in Excel 2007 : solving algebraic equations without algebra

This is an update of an earlier paper, and is written for Excel 2007. A series of Excel 2007 models is described. The more advanced versions allow solution of f(x)=0 by examining change of sign of function values. The function is graphed and change of sign easily detected by a change of colour. Relevant features of Excel 2007 used are Names, Scatter Chart and Conditional Formatting. Several sample Excel 2007 models are available for download, and the paper is intended to be used as a lesson plan for students having some familiarity with derivatives. For comparison and reference purposes, the paper also presents a brief outline of several common equation-solving strategies as an Appendix.

The Number Crunch game : a simple vehicle for building algebraic reasoning skills

A newspaper numbers game based on simple arithmetic relationships is discussed. Its potential to give students of elementary algebra practice in semi-ad hoc reasoning and to build general arithmetic reasoning skills is explored.

Basic finance made accessible in Excel 2007 : "the big 5, plus 2"

The basic principles and equations are developed for elementary finance, based on the concept of compound interest. The five quantities of interest in such problems are present value, future value, amount of periodic payment, number of periods and the rate of interest per period. We consider three distinct means of computing each of these five quantities in Excel 2007: (i) use of algebraic equations, (ii) by recursive schedule and the Goal Seek facility, and (iii) use of Excel's intrinsic financial functions. The paper is intended to be used as the basis for a lesson plan and contains many examples and solved problems. Comment is made regarding the relative difficulty of each approach, and a prominent theme is the systematic use of more than one method to increase student understanding and build confidence in the answer obtained. Full instructions to build each type of model are given and a complete set of examples and solutions may be downloaded (Examples.xlsx and Solutions.xlsx).

Algebraic attacks on SOBER-t32 and SOBER-t16 without stuttering

This paper presents algebraic attacks on SOBER-t32 and SOBER-t16 without stuttering. For unstuttered SOBER-t32, two different attacks are implemented. In the first attack, we obtain multivariate equations of degree 10. Then, an algebraic attack is developed using a collection of output bits whose relation to the initial state of the LFSR can be described by low-degree equations. The resulting system of equations contains 2^69 equations and monomials, which can be solved using the Gaussian elimination with the complexity of 2^196.5. For the second attack, we build a multivariate equation of degree 14. We focus on the property of the equation that the monomials which are combined with output bit are linear. By applying the Berlekamp-Massey algorithm, we can obtain a system of linear equations and the initial states of the LFSR can be recovered. The complexity of attack is around O(2^100) with 2^92 keystream observations. The second algebraic attack is applicable to SOBER-t16 without stuttering. The attack takes around O(2^85) CPU clocks with 2^78 keystream observations.

The SOS screen in Arabidopsis: a search for functions involved in DNA metabolism

The SOS screen, as originally described by Perkins et al. (1999), was setup with the aim of identifying Arabidopsis functions that might potentially be involved in the DNA metabolism. Such functions, when expressed in bacteria, are prone to disturb replication and thus trigger the SOS response. Consistently, expression of AtRAD51 and AtDMC1 induced the SOS response in bacteria, even affecting E. coli viability. 100 SOS-inducing cDNAs were isolated from a cDNA library constructed from an Arabidopsis cell suspension that was found to highly express meiotic genes. A large proportion of these SOS+ candidates are clearly related to the DNA metabolism, others could be involved in the RNA metabolism, while the remaining cDNAs encode either totally unknown proteins or proteins that were considered as irrelevant. Seven SOS+ candidate genes are induced following gamma irradiation. The in planta function of several of the SOS-inducing clones was investigated using T-DNA insertional mutants or RNA interference. Only one SOS+ candidate, among those examined, exhibited a defined phenotype: silenced plants for DUT1 were sensitive to 5-fluoro-uracil (5FU), as is the case of the leaky dut-1 mutant in E. coli that are affected in dUTPase activity. dUTPase is essential to prevent uracil incorporation in the course of DNA replication.

Characterisations of extended resiliency and extended immunity of S-boxes

New criteria of extended resiliency and extended immunity of vectorial Boolean functions, such as S-boxes for stream or block ciphers, were recently introduced. They are related to a divide-and-conquer approach to algebraic attacks by conditional or unconditional equations. Classical resiliency turns out to be a special case of extended resiliency and as such requires more conditions to be satisfied. In particular, the algebraic degrees of classically resilient S-boxes are restricted to lower values. In this paper, extended immunity and extended resiliency of S-boxes are studied and many characterisations and properties of such S-boxes are established. The new criteria are shown to be necessary and sufficient for resistance against the divide-and-conquer algebraic attacks by conditional or unconditional equations.

Higher order universal one-way hash functions from the subset sum assumption

Universal One-Way Hash Functions (UOWHFs) may be used in place of collision-resistant functions in many public-key cryptographic applications. At Asiacrypt 2004, Hong, Preneel and Lee introduced the stronger security notion of higher order UOWHFs to allow construction of long-input UOWHFs using the Merkle-Damgård domain extender. However, they did not provide any provably secure constructions for higher order UOWHFs. We show that the subset sum hash function is a kth order Universal One-Way Hash Function (hashing n bits to m < n bits) under the Subset Sum assumption for k = O(log m). Therefore we strengthen a previous result of Impagliazzo and Naor, who showed that the subset sum hash function is a UOWHF under the Subset Sum assumption. We believe our result is of theoretical interest; as far as we are aware, it is the first example of a natural and computationally efficient UOWHF which is also a provably secure higher order UOWHF under the same well-known cryptographic assumption, whereas this assumption does not seem sufficient to prove its collision-resistance. A consequence of our result is that one can apply the Merkle-Damgård extender to the subset sum compression function with ‘extension factor’ k+1, while losing (at most) about k bits of UOWHF security relative to the UOWHF security of the compression function. The method also leads to a saving of up to m log(k+1) bits in key length relative to the Shoup XOR-Mask domain extender applied to the subset sum compression function.

Homogeneous bent functions of degree n in 2n variables do not exist for n>3

We prove that homogeneous bent functions f:GF(2)^2n --> GF(2) of degree n do not exist for n>3. Consequently homogeneous bent functions must have degree 3.

The eight variable homogeneous degree three bent functions

We determine the affine equivalence classes of the eight variable degree three homogeneous bent functions using a new algorithm. Our algorithm applies to general bent functions and can systematically determine the automorphism groups. We provide a partial verification of the enumeration of eight variable degree three homogeneous bent functions obtained by Meng et al. We determine the affine equivalence classes of these functions.