Weak key-IV pairs in the A5/1 stream cipher

A5/1 is a shift register based stream cipher which provides privacy for the GSM system. In this paper, we analyse the loading of the secret key and IV during the initialisation process of A5/1. We demonstrate the existence of weak key-IV pairs in the A5/1 cipher due to this loading process; these weak key-IV pairs may generate one, two or three registers containing all-zero values, which may lead in turn to weak keystream sequences. In the case where two or three registers contain only zeros, we describe a distinguisher which leads to a complete decryption of the affected messages.

Cryptanalysis of WG-7 : a lightweight stream cipher

WG-7 is a stream cipher based on WG stream cipher and has been designed by Luo et al. (2010). This cipher is designed for low cost and lightweight applications (RFID tags and mobile phones, for instance). This paper addresses cryptographic weaknesses of WG-7 stream cipher. We show that the key stream generated by WG-7 can be distinguished from a random sequence after knowing 213.5 keystream bits and with a negligible error probability. Also, we investigate the security of WG-7 against algebraic attacks. An algebraic key recovery attack on this cipher is proposed. The attack allows to recover both the internal state and the secret key with the time complexity about 2/27.

Cryptanalysis of RC4(n, m) stream cipher

RC4(n, m) is a stream cipher based on RC4 and is designed by G. Gong et al. It can be seen as a generalization of the famous RC4 stream cipher designed by Ron Rivest. The authors of RC4(n, m) claim that the cipher resists all the attacks that are successful against the original RC4. The paper reveals cryptographic weaknesses of the RC4(n, m) stream cipher. We develop two attacks. The first one is based on non-randomness of internal state and allows to distinguish it from a truly random cipher by an algorithm that has access to 24·n bits of the keystream. The second attack exploits low diffusion of bits in the KSA and PRGA algorithms and recovers all bytes of the secret key. This attack works only if the initial value of the cipher can be manipulated. Apart from the secret key, the cipher uses two other inputs, namely, initial value and initial vector. Although these inputs are fixed in the cipher specification, some applications may allow the inputs to be under the attacker control. Assuming that the attacker can control the initial value, we show a distinguisher for the cipher and a secret key recovery attack that for the L-bit secret key, is able to recover it with about (L/n) · 2n steps. The attack has been implemented on a standard PC and can reconstruct the secret key of RC(8, 32) in less than a second.

Security evaluation of Rakaposhi Stream Cipher

Rakaposhi is a synchronous stream cipher, which uses three main components: a non-linear feedback shift register (NLFSR), a dynamic linear feedback shift register (DLFSR) and a non-linear filtering function (NLF). NLFSR consists of 128 bits and is initialised by the secret key K. DLFSR holds 192 bits and is initialised by an initial vector (IV). NLF takes 8-bit inputs and returns a single output bit. The work identifies weaknesses and properties of the cipher. The main observation is that the initialisation procedure has the so-called sliding property. The property can be used to launch distinguishing and key recovery attacks. The distinguisher needs four observations of the related (K,IV) pairs. The key recovery algorithm allows to discover the secret key K after observing 29 pairs of (K,IV). Based on the proposed related-key attack, the number of related (K,IV) pairs is 2(128 + 192)/4 pairs. Further the cipher is studied when the registers enter short cycles. When NLFSR is set to all ones, then the cipher degenerates to a linear feedback shift register with a non-linear filter. Consequently, the initial state (and Secret Key and IV) can be recovered with complexity 263.87. If DLFSR is set to all zeros, then NLF reduces to a low non-linearity filter function. As the result, the cipher is insecure allowing the adversary to distinguish it from a random cipher after 217 observations of keystream bits. There is also the key recovery algorithm that allows to find the secret key with complexity 2 54.

Random projections on manifolds of symmetric positive definite matrices for image classification

Recent advances suggest that encoding images through Symmetric Positive Definite (SPD) matrices and then interpreting such matrices as points on Riemannian manifolds can lead to increased classification performance. Taking into account manifold geometry is typically done via (1) embedding the manifolds in tangent spaces, or (2) embedding into Reproducing Kernel Hilbert Spaces (RKHS). While embedding into tangent spaces allows the use of existing Euclidean-based learning algorithms, manifold shape is only approximated which can cause loss of discriminatory information. The RKHS approach retains more of the manifold structure, but may require non-trivial effort to kernelise Euclidean-based learning algorithms. In contrast to the above approaches, in this paper we offer a novel solution that allows SPD matrices to be used with unmodified Euclidean-based learning algorithms, with the true manifold shape well-preserved. Specifically, we propose to project SPD matrices using a set of random projection hyperplanes over RKHS into a random projection space, which leads to representing each matrix as a vector of projection coefficients. Experiments on face recognition, person re-identification and texture classification show that the proposed approach outperforms several recent methods, such as Tensor Sparse Coding, Histogram Plus Epitome, Riemannian Locality Preserving Projection and Relational Divergence Classification.

Weaknesses in the initialisation process of the Common Scrambling Algorithm Stream Cipher

The Common Scrambling Algorithm Stream Cipher (CSASC) is a shift register based stream cipher designed to encrypt digital video broadcast. CSA-SC produces a pseudo-random binary sequence that is used to mask the contents of the transmission. In this paper, we analyse the initialisation process of the CSA-SC keystream generator and demonstrate weaknesses which lead to state convergence, slid pairs and shifted keystreams. As a result, the cipher may be vulnerable to distinguishing attacks, time-memory-data trade-off attacks or slide attacks.

Modeling of Channel Potential and Subthreshold Slope of Symmetric Double-Gate Transistor

A new physically based classical continuous potential distribution model, particularly considering the channel center, is proposed for a short-channel undoped body symmetrical double-gate transistor. It involves a novel technique for solving the 2-D nonlinear Poisson's equation in a rectangular coordinate system, which makes the model valid from weak to strong inversion regimes and from the channel center to the surface. We demonstrated, using the proposed model, that the channel potential versus gate voltage characteristics for the devices having equal channel lengths but different thicknesses pass through a single common point (termed ``crossover point''). Based on the potential model, a new compact model for the subthreshold swing is formulated. It is shown that for the devices having very high short-channel effects (SCE), the effective subthreshold slope factor is mainly dictated by the potential close to the channel center rather than the surface. SCEs and drain-induced barrier lowering are also assessed using the proposed model and validated against a professional numerical device simulator.

A Quasi-Newton Adaptive Algorithm for Generalized Symmetric Eigenvalue Problem

In this paper, we first recast the generalized symmetric eigenvalue problem, where the underlying matrix pencil consists of symmetric positive definite matrices, into an unconstrained minimization problem by constructing an appropriate cost function, We then extend it to the case of multiple eigenvectors using an inflation technique, Based on this asymptotic formulation, we derive a quasi-Newton-based adaptive algorithm for estimating the required generalized eigenvectors in the data case. The resulting algorithm is modular and parallel, and it is globally convergent with probability one, We also analyze the effect of inexact inflation on the convergence of this algorithm and that of inexact knowledge of one of the matrices (in the pencil) on the resulting eigenstructure. Simulation results demonstrate that the performance of this algorithm is almost identical to that of the rank-one updating algorithm of Karasalo. Further, the performance of the proposed algorithm has been found to remain stable even over 1 million updates without suffering from any error accumulation problems.

Characteristics of a typical lifting symmetric supercritical airfoil

The theoretical aerodynamic characteristics of a typical lifting symmetric supercritical airfoil demonstrating its superiority over thenaca 0012 airfoil from which it was derived are presented in this paper. Further, limited experimental results confirming the theoretical inference are also presented.

Learning with symmetric label noise: The importance of being unhinged

Convex potential minimisation is the de facto approach to binary classification. However, Long and Servedio [2008] proved that under symmetric label noise (SLN), minimisation of any convex potential over a linear function class can result in classification performance equivalent to random guessing. This ostensibly shows that convex losses are not SLN-robust. In this paper, we propose a convex, classification-calibrated loss and prove that it is SLN-robust. The loss avoids the Long and Servedio [2008] result by virtue of being negatively unbounded. The loss is a modification of the hinge loss, where one does not clamp at zero; hence, we call it the unhinged loss. We show that the optimal unhinged solution is equivalent to that of a strongly regularised SVM, and is the limiting solution for any convex potential; this implies that strong l2 regularisation makes most standard learners SLN-robust. Experiments confirm the unhinged loss’ SLN-robustness.

Comments on Identification of Totally Symmetric Boolean Functions

A modification in the algorithm for the detection of totally symmetric functions as expounded by the author in an earlier note1 is presented here. The modified algorithm takes care of a limited number of functions that escape detection by the previous method.

Forgery attacks on ++AE authenticated encryption mode

In this paper, we analyse a block cipher mode of operation submitted in 2014 to the cryptographic competition for authenticated encryption (CAESAR). This mode is designed by Recacha and called ++AE (plus-plus-ae). We propose a chosen plaintext forgery attack on ++AE that requires only a single chosen message query to allow an attacker to construct multiple forged messages. Our attack is deterministic and guaranteed to pass ++AE integrity check. We demonstrate the forgery attack using 128-bit AES as the underlying block cipher. Hence, ++AE is insecure as an authenticated encryption mode of operation.

Analysis of microstructure and texture evolution in pure magnesium during symmetric and asymmetric rolling

Asymmetric rolling of commercially pure magnesium was carried out at three different temperatures: room temperature, 200 degrees C and 350 degrees C. Systematic analysis of microstructures, grain size distributions, texture and misorientation distributions were performed using electron backscattered diffraction in a field emission gun scanning electron microscope. The results were compared with conventional (symmetric) rolling carried out under the same conditions of temperature and strain rate. Simulations of deformation texture evolution were performed using the viscoplastic self-consistent polycrystal plasticity model. The main trends of texture evolution are faithfully reproduced by the simulations for the tests at room temperature. The deviations that appear for the textures obtained at high temperature can be explained by the occurrence of dynamic recrystallization. Finally, the mechanisms of texture evolution in magnesium during asymmetric and symmetric rolling are explained with the help of ideal orientations, grain velocity fields and divergence maps displayed in orientation space.

Fabrication of symmetric supercapacitors based on MOF-derived nanoporous carbons

Nanoporous carbon (NPC) materials with high specific surface area have attracted considerable attention for electrochemical energy storage applications. In the present work, we have designed novel symmetric supercapacitors based on NPC by direct carbonization of Zn-based metal-organic frameworks (MOFs) without using an additional precursor. By controlling the reaction conditions in the present study, we synthesized NPC with two different particle sizes. The effects of particle size and mass loadings on supercapacitor performance have been carefully evaluated. Our NPC materials exhibit excellent electrochemical performance with a maximum specific capacitance of 251 F g-1 in 1 M H2SO4 electrolyte. The symmetric supercapacitor studies show that these efficient electrodes have good capacitance, high stability, and good rate capability.