Cryptanalysis of LASH

We show that the LASH-x hash function is vulnerable to attacks that trade time for memory, including collision attacks as fast as 2(4x/11) and preimage attacks as fast as 2(4x/7). Moreover, we briefly mention heuristic lattice based collision attacks that use small memory but require very long messages that are expected to find collisions much faster than 2 x/2. All of these attacks exploit the designers’ choice of an all zero IV. We then consider whether LASH can be patched simply by changing the IV. In this case, we show that LASH is vulnerable to a 2(7x/8) preimage attack. We also show that LASH is trivially not a PRF when any subset of input bytes is used as a secret key. None of our attacks depend upon the particular contents of the LASH matrix – we only assume that the distribution of elements is more or less uniform.

Cryptanalysis of RC4(n, m) stream cipher

RC4(n, m) is a stream cipher based on RC4 and is designed by G. Gong et al. It can be seen as a generalization of the famous RC4 stream cipher designed by Ron Rivest. The authors of RC4(n, m) claim that the cipher resists all the attacks that are successful against the original RC4. The paper reveals cryptographic weaknesses of the RC4(n, m) stream cipher. We develop two attacks. The first one is based on non-randomness of internal state and allows to distinguish it from a truly random cipher by an algorithm that has access to 24·n bits of the keystream. The second attack exploits low diffusion of bits in the KSA and PRGA algorithms and recovers all bytes of the secret key. This attack works only if the initial value of the cipher can be manipulated. Apart from the secret key, the cipher uses two other inputs, namely, initial value and initial vector. Although these inputs are fixed in the cipher specification, some applications may allow the inputs to be under the attacker control. Assuming that the attacker can control the initial value, we show a distinguisher for the cipher and a secret key recovery attack that for the L-bit secret key, is able to recover it with about (L/n) · 2n steps. The attack has been implemented on a standard PC and can reconstruct the secret key of RC(8, 32) in less than a second.

Does counting still count? Revisiting the security of counting based user authentication protocols against statistical attacks

At NDSS 2012, Yan et al. analyzed the security of several challenge-response type user authentication protocols against passive observers, and proposed a generic counting based statistical attack to recover the secret of some counting based protocols given a number of observed authentication sessions. Roughly speaking, the attack is based on the fact that secret (pass) objects appear in challenges with a different probability from non-secret (decoy) objects when the responses are taken into account. Although they mentioned that a protocol susceptible to this attack should minimize this difference, they did not give details as to how this can be achieved barring a few suggestions. In this paper, we attempt to fill this gap by generalizing the attack with a much more comprehensive theoretical analysis. Our treatment is more quantitative which enables us to describe a method to theoretically estimate a lower bound on the number of sessions a protocol can be safely used against the attack. Our results include 1) two proposed fixes to make counting protocols practically safe against the attack at the cost of usability, 2) the observation that the attack can be used on non-counting based protocols too as long as challenge generation is contrived, 3) and two main design principles for user authentication protocols which can be considered as extensions of the principles from Yan et al. This detailed theoretical treatment can be used as a guideline during the design of counting based protocols to determine their susceptibility to this attack. The Foxtail protocol, one of the protocols analyzed by Yan et al., is used as a representative to illustrate our theoretical and experimental results.

Security evaluation of Rakaposhi Stream Cipher

Rakaposhi is a synchronous stream cipher, which uses three main components: a non-linear feedback shift register (NLFSR), a dynamic linear feedback shift register (DLFSR) and a non-linear filtering function (NLF). NLFSR consists of 128 bits and is initialised by the secret key K. DLFSR holds 192 bits and is initialised by an initial vector (IV). NLF takes 8-bit inputs and returns a single output bit. The work identifies weaknesses and properties of the cipher. The main observation is that the initialisation procedure has the so-called sliding property. The property can be used to launch distinguishing and key recovery attacks. The distinguisher needs four observations of the related (K,IV) pairs. The key recovery algorithm allows to discover the secret key K after observing 29 pairs of (K,IV). Based on the proposed related-key attack, the number of related (K,IV) pairs is 2(128 + 192)/4 pairs. Further the cipher is studied when the registers enter short cycles. When NLFSR is set to all ones, then the cipher degenerates to a linear feedback shift register with a non-linear filter. Consequently, the initial state (and Secret Key and IV) can be recovered with complexity 263.87. If DLFSR is set to all zeros, then NLF reduces to a low non-linearity filter function. As the result, the cipher is insecure allowing the adversary to distinguish it from a random cipher after 217 observations of keystream bits. There is also the key recovery algorithm that allows to find the secret key with complexity 2 54.

Active security in multiparty computation over black-box groups

Most previous work on unconditionally secure multiparty computation has focused on computing over a finite field (or ring). Multiparty computation over other algebraic structures has not received much attention, but is an interesting topic whose study may provide new and improved tools for certain applications. At CRYPTO 2007, Desmedt et al introduced a construction for a passive-secure multiparty multiplication protocol for black-box groups, reducing it to a certain graph coloring problem, leaving as an open problem to achieve security against active attacks. We present the first n-party protocol for unconditionally secure multiparty computation over a black-box group which is secure under an active attack model, tolerating any adversary structure Δ satisfying the Q 3 property (in which no union of three subsets from Δ covers the whole player set), which is known to be necessary for achieving security in the active setting. Our protocol uses Maurer’s Verifiable Secret Sharing (VSS) but preserves the essential simplicity of the graph-based approach of Desmedt et al, which avoids each shareholder having to rerun the full VSS protocol after each local computation. A corollary of our result is a new active-secure protocol for general multiparty computation of an arbitrary Boolean circuit.

NTRUCCA : how to strengthen NTRUEncrypt to chosen-ciphertext security in the standard model

NTRUEncrypt is a fast and practical lattice-based public-key encryption scheme, which has been standardized by IEEE, but until recently, its security analysis relied only on heuristic arguments. Recently, Stehlé and Steinfeld showed that a slight variant (that we call pNE) could be proven to be secure under chosen-plaintext attack (IND-CPA), assuming the hardness of worst-case problems in ideal lattices. We present a variant of pNE called NTRUCCA, that is IND-CCA2 secure in the standard model assuming the hardness of worst-case problems in ideal lattices, and only incurs a constant factor overhead in ciphertext and key length over the pNE scheme. To our knowledge, our result gives the first IND-CCA2 secure variant of NTRUEncrypt in the standard model, based on standard cryptographic assumptions. As an intermediate step, we present a construction for an All-But-One (ABO) lossy trapdoor function from pNE, which may be of independent interest. Our scheme uses the lossy trapdoor function framework of Peikert and Waters, which we generalize to the case of (k − 1)-of-k-correlated input distributions.

Cryptanalysis of RC4-based hash function

RC4-Based Hash Function is a new proposed hash function based on RC4 stream cipher for ultra low power devices. In this paper, we analyse the security of the function against collision attack. It is shown that the attacker can find collision and multi-collision messages with complexity only 6 compress function operations and negligible memory with time complexity 2 13. In addition, we show the hashing algorithm can be distinguishable from a truly random sequence with probability close to one.

Known and chosen key differential distinguishers for block ciphers

In this paper we investigate the differential properties of block ciphers in hash function modes of operation. First we show the impact of differential trails for block ciphers on collision attacks for various hash function constructions based on block ciphers. Further, we prove the lower bound for finding a pair that follows some truncated differential in case of a random permutation. Then we present open-key differential distinguishers for some well known round-reduced block ciphers.

Efficient fuzzy matching and intersection on private datasets

At Eurocrypt’04, Freedman, Nissim and Pinkas introduced a fuzzy private matching problem. The problem is defined as follows. Given two parties, each of them having a set of vectors where each vector has T integer components, the fuzzy private matching is to securely test if each vector of one set matches any vector of another set for at least t components where t < T. In the conclusion of their paper, they asked whether it was possible to design a fuzzy private matching protocol without incurring a communication complexity with the factor (T t ) . We answer their question in the affirmative by presenting a protocol based on homomorphic encryption, combined with the novel notion of a share-hiding error-correcting secret sharing scheme, which we show how to implement with efficient decoding using interleaved Reed-Solomon codes. This scheme may be of independent interest. Our protocol is provably secure against passive adversaries, and has better efficiency than previous protocols for certain parameter values.

Lattice-based completely non-malleable PKE in the standard model

This paper presents ongoing work toward constructing efficient completely non-malleable public-key encryption scheme based on lattices in the standard (common reference string) model. An encryption scheme is completely non-malleable if it requires attackers to have negligible advantage, even if they are allowed to transform the public key under which the related message is encrypted. Ventre and Visconti proposed two inefficient constructions of completely non-malleable schemes, one in the common reference string model using non-interactive zero-knowledge proofs, and another using interactive encryption schemes. Recently, two efficient public-key encryption schemes have been proposed, both of them are based on pairing identity-based encryption.

A critical look at cryptographic hash function literature

The cryptographic hash function literature has numerous hash function definitions and hash function requirements, and many of them disagree. This survey talks about the various definitions, and takes steps towards cleaning up the literature by explaining how the field has evolved and accurately depicting the research aims people have today.

Calcitonin receptor plays a physiological role to protect against hypercalcemia in mice

It is well established that calcitonin is a potent inhibitor of bone resorption; however, a physiological role for calcitonin acting through its cognate receptor, the calcitonin receptor (CTR), has not been identified. Data from previous genetically modified animal models have recognized a possible role for calcitonin and the CTR in controlling bone formation; however, interpretation of these data are complicated, in part because of their mixed genetic background. Therefore, to elucidate the physiological role of the CTR in calcium and bone metabolism, we generated a viable global CTR knockout (KO) mouse model using the Cre/loxP system, in which the CTR is globally deleted by >94% but <100%. Global CTRKOs displayed normal serum ultrafiltrable calcium levels and a mild increase in bone formation in males, showing that the CTR plays a modest physiological role in the regulation of bone and calcium homeostasis in the basal state in mice. Furthermore, the peak in serum total calcium after calcitriol [1,25(OH)2D3]-induced hypercalcemia was substantially greater in global CTRKOs compared with controls. These data provide strong evidence for a biological role of the CTR in regulating calcium homeostasis in states of calcium stress.

Intermittent Fugu parathyroid hormone 1 (1–34) is an anabolic bone agent in young male rats and osteopenic ovariectomized rats

Human parathyroid hormone (hPTH) is currently the only treatment for osteoporosis that forms new bone. Previously we described a fish equivalent, Fugu parathyroid hormone 1 (fPth1) which has hPTH-like biological activity in vitro despite fPth1(1–34) sharing only 53% identity with hPTH(1–34). Here we demonstrate the in vivo actions of fPth1(1–34) on bone. In study 1, young male rats were injected intermittently for 30 days with fPth1 [30 μg–1000 μg/kg body weight (b.w.), (30fPth1–1000fPth1)] or hPTH [30 μg–100 μg/kg b.w. (30hPTH–100hPTH)]. In proximal tibiae at low doses, the fPth1 was positively correlated with trabecular bone volume/total volume (TbBV/TV) while hPTH increased TbBV/TV, trabecular thickness (TbTh) and trabecular number (TbN). 500fPth1 and 1000fPth1 increased TbBV/TV, TbTh, TbN, mineral apposition rate (MAR) and bone formation rate/bone surface (BFR/BS) with a concomitant decrease in osteoclast surface and number. In study 2 ovariectomized (OVX), osteopenic rats and sham operated (SHAM) rats were injected intermittently with 500 μg/kg b.w. of fPth1 (500fPth1) for 11 weeks. 500fPth1 treatment resulted in increased TbBV/TV (151%) and TbTh (96%) in the proximal tibiae due to increased bone formation as assessed by BFR/BS (490%) and MAR (131%). The effect was restoration of TbBV/TV to SHAM levels without any effect on bone resorption. 500fPth1 also increased TbBV/TV and TbTh in the vertebrae (L6) and cortical thickness in the mid-femora increasing bone strength at these sites. fPth1 was similarly effective in SHAM rats. Notwithstanding the low amino acid sequence homology with hPTH (1–34), we have clearly established the efficacy of fPth1 (1–34) as an anabolic bone agent.

Enzyme activities and biotechnological applications of cold-active microfungi

Fungi are eukaryotic organisms and considered to be less adaptable to extreme environments when compared to bacteria. While there are no thermophilic microfungi in a strict sense, some fungi have adapted to life in the cold. Cold-active microfungi have been isolated from the Antarctic and their enzyme activities explored with a view to finding new candidates for industrial use. On another front, environmental pollution by petroleum products in the Antarctic has led to a search for, and the subsequent discovery of, fungal isolates capable of degrading hydrocarbons. The work has paved the way to developing a bioremedial approach to containing this type of contamination in cold climates. Here we discuss our efforts to map the capability of Antarctic microfungi to degrade oil and also introduce a novel cold-active fungal lipase enzyme.

The impact of viral respiratory infection on the severity and recovery from an asthma exacerbation

Background Viral respiratory illness triggers asthma exacerbations, but the influence of respiratory illness on the acute severity and recovery of childhood asthma is unknown. Our objective was to evaluate the impact of a concurrent acute respiratory illness (based on a clinical definition and PCR detection of a panel of respiratory viruses, Mycoplasma pneumoniae and Chlamydia pneumoniae) on the severity and resolution of symptoms in children with a nonhospitalized exacerbation of asthma. Methods Subjects were children aged 2 to 15 years presenting to an emergency department for an acute asthma exacerbation and not hospitalized. Acute respiratory illness (ARI) was clinically defined. Nasopharyngeal aspirates (NPA) were examined for respiratory viruses, Chlamydia and Mycoplasma using PCR. The primary outcome was quality of life (QOL) on presentation, day 7 and day 14. Secondary outcomes were acute asthma severity score, asthma diary, and cough diary scores on days 5, 7,10, and 14. Results On multivariate regression, presence of ARI was statistically but not clinically significantly associated with QOL score on presentation (B = 0.36, P = 0.025). By day 7 and 14, there was no difference between groups. Asthma diary score was significantly higher in children with ARI (B = 0.41, P = 0.039) on day 5 but not on presentation or subsequent days. Respiratory viruses were detected in 54% of the 78 NPAs obtained. There was no difference in the any of the asthma outcomes of children grouped by positive or negative NPA. Conclusions The presence of a viral respiratory illness has a modest influence on asthma severity, and does not influence recovery from a nonhospitalized asthma exacerbation.