Security Analysis of Randomize-Hash-then-Sign Digital Signatures

At CRYPTO 2006, Halevi and Krawczyk proposed two randomized hash function modes and analyzed the security of digital signature algorithms based on these constructions. They showed that the security of signature schemes based on the two randomized hash function modes relies on properties similar to the second preimage resistance rather than on the collision resistance property of the hash functions. One of the randomized hash function modes was named the RMX hash function mode and was recommended for practical purposes. The National Institute of Standards and Technology (NIST), USA standardized a variant of the RMX hash function mode and published this standard in the Special Publication (SP) 800-106. In this article, we first discuss a generic online birthday existential forgery attack of Dang and Perlner on the RMX-hash-then-sign schemes. We show that a variant of this attack can be applied to forge the other randomize-hash-then-sign schemes. We point out practical limitations of the generic forgery attack on the RMX-hash-then-sign schemes. We then show that these limitations can be overcome for the RMX-hash-then-sign schemes if it is easy to find fixed points for the underlying compression functions, such as for the Davies-Meyer construction used in the popular hash functions such as MD5 designed by Rivest and the SHA family of hash functions designed by the National Security Agency (NSA), USA and published by NIST in the Federal Information Processing Standards (FIPS). We show an online birthday forgery attack on this class of signatures by using a variant of Dean’s method of finding fixed point expandable messages for hash functions based on the Davies-Meyer construction. This forgery attack is also applicable to signature schemes based on the variant of RMX standardized by NIST in SP 800-106. We discuss some important applications of our attacks and discuss their applicability on signature schemes based on hash functions with ‘built-in’ randomization. Finally, we compare our attacks on randomize-hash-then-sign schemes with the generic forgery attacks on the standard hash-based message authentication code (HMAC).

On the Collision and Preimage Resistance of Certain Two-Call Hash Functions

In this paper we present concrete collision and preimage attacks on a large class of compression function constructions making two calls to the underlying ideal primitives. The complexity of the collision attack is above the theoretical lower bound for constructions of this type, but below the birthday complexity; the complexity of the preimage attack, however, is equal to the theoretical lower bound. We also present undesirable properties of some of Stam’s compression functions proposed at CRYPTO ’08. We show that when one of the n-bit to n-bit components of the proposed 2n-bit to n-bit compression function is replaced by a fixed-key cipher in the Davies-Meyer mode, the complexity of finding a preimage would be 2 n/3. We also show that the complexity of finding a collision in a variant of the 3n-bits to 2n-bits scheme with its output truncated to 3n/2 bits is 2 n/2. The complexity of our preimage attack on this hash function is about 2 n . Finally, we present a collision attack on a variant of the proposed m + s-bit to s-bit scheme, truncated to s − 1 bits, with a complexity of O(1). However, none of our results compromise Stam’s security claims.

On Randomizing Hash Functions to Strengthen the Security of Digital Signatures

Halevi and Krawczyk proposed a message randomization algorithm called RMX as a front-end tool to the hash-then-sign digital signature schemes such as DSS and RSA in order to free their reliance on the collision resistance property of the hash functions. They have shown that to forge a RMX-hash-then-sign signature scheme, one has to solve a cryptanalytical task which is related to finding second preimages for the hash function. In this article, we will show how to use Dean’s method of finding expandable messages for finding a second preimage in the Merkle-Damgård hash function to existentially forge a signature scheme based on a t-bit RMX-hash function which uses the Davies-Meyer compression functions (e.g., MD4, MD5, SHA family) in 2 t/2 chosen messages plus 2 t/2 + 1 off-line operations of the compression function and similar amount of memory. This forgery attack also works on the signature schemes that use Davies-Meyer schemes and a variant of RMX published by NIST in its Draft Special Publication (SP) 800-106. We discuss some important applications of our attack.

Security Analysis of salt||password Hashes

Protection of passwords used to authenticate computer systems and networks is one of the most important application of cryptographic hash functions. Due to the application of precomputed memory look up attacks such as birthday and dictionary attacks on the hash values of passwords to find passwords, it is usually recommended to apply hash function to the combination of both the salt and password, denoted salt||password, to prevent these attacks. In this paper, we present the first security analysis of salt||password hashing application. We show that when hash functions based on the compression functions with easily found fixed points are used to compute the salt||password hashes, these hashes are susceptible to precomputed offline birthday attacks. For example, this attack is applicable to the salt||password hashes computed using the standard hash functions such as MD5, SHA-1, SHA-256 and SHA-512 that are based on the popular Davies-Meyer compression function. This attack exposes a subtle property of this application that although the provision of salt prevents an attacker from finding passwords, salts prefixed to the passwords do not prevent an attacker from doing a precomputed birthday attack to forge an unknown password. In this forgery attack, we demonstrate the possibility of building multiple passwords for an unknown password for the same hash value and salt. Interestingly, password||salt (i.e. salts suffixed to the passwords) hashes computed using Davies-Meyer hash functions are not susceptible to this attack, showing the first security gap between the prefix-salt and suffix-salt methods of hashing passwords.

Age-related changes to adenosine in rat coronary resistance vessels

1. The vasodilator effects of adenosine receptor agonists, isoprenaline and histamine were examined in perfused heart preparations from young (4–6 weeks) and mature (12–20 weeks) rats. 2. Adenosine induced a biphasic concentration-dependent decrease in KCl (35 mM) raised coronary perfusion pressure in hearts from young and mature rats, suggesting the presence of both high- and low-affinity sites for adenosine receptors in the two age groups tested. In heart preparations from mature rats, vasodilator responses to adenosine were significantly reduced compared with responses observed in young rats. 3. Responses to 5′-N-ethylcarboxamidoadenosine (NECA) and 2-p-(2-carboxyethyl)phenethylamino-5′-N-ethylcarboxamidoadenosine hydrochloride (CGS-21680) were reduced in preparations from mature rats, whereas the vasodilator actions of N6-cyclopentyladenosine (CPA) and N6-2-(4-aminophenyl)ethyladenosine (APNEA) did not change with age. 4. The results presented in this study suggest that several adenosine receptor subtypes mediate vasodilator responses in the coronary circulation of the rat and that a reduction in response to adenosine with age may be due to changes in the high-affinity receptor site.

Common genetic variants influence human subcortical brain structures

The highly complex structure of the human brain is strongly shaped by genetic influences. Subcortical brain regions form circuits with cortical areas to coordinate movement, learning, memory and motivation, and altered circuits can lead to abnormal behaviour and disease. To investigate how common genetic variants affect the structure of these brain regions, here we conduct genome-wide association studies of the volumes of seven subcortical regions and the intracranial volume derived from magnetic resonance images of 30,717 individuals from 50 cohorts. We identify five novel genetic variants influencing the volumes of the putamen and caudate nucleus. We also find stronger evidence for three loci with previously established influences on hippocampal volume and intracranial volume. These variants show specific volumetric effects on brain structures rather than global effects across structures. The strongest effects were found for the putamen, where a novel intergenic locus with replicable influence on volume (rs945270; P = 1.08×10 -33; 0.52% variance explained) showed evidence of altering the expression of the KTN1 gene in both brain and blood tissue. Variants influencing putamen volume clustered near developmental genes that regulate apoptosis, axon guidance and vesicle transport. Identification of these genetic variants provides insight into the causes of variability in human brain development, and may help to determine mechanisms of neuropsychiatric dysfunction.

Identification of common variants associated with human hippocampal and intracranial volumes

Identifying genetic variants influencing human brain structures may reveal new biological mechanisms underlying cognition and neuropsychiatric illness. The volume of the hippocampus is a biomarker of incipient Alzheimer's disease and is reduced in schizophrenia, major depression and mesial temporal lobe epilepsy. Whereas many brain imaging phenotypes are highly heritable, identifying and replicating genetic influences has been difficult, as small effects and the high costs of magnetic resonance imaging (MRI) have led to underpowered studies. Here we report genome-wide association meta-analyses and replication for mean bilateral hippocampal, total brain and intracranial volumes from a large multinational consortium. The intergenic variant rs7294919 was associated with hippocampal volume (12q24.22; N = 21,151; P = 6.70 × 10 -16) and the expression levels of the positional candidate gene TESC in brain tissue. Additionally, rs10784502, located within HMGA2, was associated with intracranial volume (12q14.3; N = 15,782; P = 1.12 × 10 -12). We also identified a suggestive association with total brain volume at rs10494373 within DDR2 (1q23.3; N = 6,500; P = 5.81 × 10 -7).

The ENIGMA Consortium: Large-scale collaborative analyses of neuroimaging and genetic data

The Enhancing NeuroImaging Genetics through Meta-Analysis (ENIGMA) Consortium is a collaborative network of researchers working together on a range of large-scale studies that integrate data from 70 institutions worldwide. Organized into Working Groups that tackle questions in neuroscience, genetics, and medicine, ENIGMA studies have analyzed neuroimaging data from over 12,826 subjects. In addition, data from 12,171 individuals were provided by the CHARGE consortium for replication of findings, in a total of 24,997 subjects. By meta-analyzing results from many sites, ENIGMA has detected factors that affect the brain that no individual site could detect on its own, and that require larger numbers of subjects than any individual neuroimaging study has currently collected. ENIGMA's first project was a genome-wide association study identifying common variants in the genome associated with hippocampal volume or intracranial volume. Continuing work is exploring genetic associations with subcortical volumes (ENIGMA2) and white matter microstructure (ENIGMA-DTI). Working groups also focus on understanding how schizophrenia, bipolar illness, major depression and attention deficit/hyperactivity disorder (ADHD) affect the brain. We review the current progress of the ENIGMA Consortium, along with challenges and unexpected discoveries made on the way.

Service composition and binding

Service composition enables the creation of services previously unavailable through the aggregation of existing services. The result is called a service composition. Exposing a service composition as a service, the result is called a composed service. It can be distinguished from atomic services. Service composition approaches can be differentiated along two axes: point in time of composition and degree of automation. With design-time and run-time we can identify two different points in time for doing a composition. Additionally we can distinguish between three different degrees of automation: manual, assisted, and automated service composition. © 2008 Springer Berlin Heidelberg.

Blurred Lines may be the biggest music copyright case of 2015

The year is still young, but this week a judgement was handed down in what may well be the biggest music case of 2015. Marvin Gaye’s children have won a copyright law suit against Robin Thicke (no stranger to controversy) and Pharrell Williams for the song Blurred Lines. The 2013 hit was found to have infringed Gaye’s musical copyright in Got To Give It Up. A jury in the US awarded damages of nearly US$7.4 million – nearly half of the song’s US$16.6 million takings to date.

Genomic architecture of ecologically divergent body shape in a pair of sympatric crater lake cichlid fishes

Determining the genetic bases of adaptations and their roles in speciation is a prominent issue in evolutionary biology. Cichlid fish species flocks are a prime example of recent rapid radiations, often associated with adaptive phenotypic divergence from a common ancestor within a short period of time. In several radiations of freshwater fishes, divergence in ecomorphological traits - including body shape, colour, lips and jaws - is thought to underlie their ecological differentiation, specialization and, ultimately, speciation. The Midas cichlid species complex (Amphilophus spp.) of Nicaragua provides one of the few known examples of sympatric speciation where species have rapidly evolved different but parallel morphologies in young crater lakes. This study identified significant QTL for body shape using SNPs generated via ddRAD sequencing and geometric morphometric analyses of a cross between two ecologically and morphologically divergent, sympatric cichlid species endemic to crater Lake Apoyo: an elongated limnetic species (Amphilophus zaliosus) and a high-bodied benthic species (Amphilophus astorquii). A total of 453 genome-wide informative SNPs were identified in 240 F-2 hybrids. These markers were used to construct a genetic map in which 25 linkage groups were resolved. Seventy-two segregating SNPs were linked to 11 QTL. By annotating the two most highly supported QTL-linked genomic regions, genes that might contribute to divergence in body shape along the benthic-limnetic axis in Midas cichlid sympatric adaptive radiations were identified. These results suggest that few genomic regions of large effect contribute to early stage divergence in Midas cichlids.

Shaping development through mechanical strain: The transcriptional basis of diet-induced phenotypic plasticity in a cichlid fish

Adaptive phenotypic plasticity, the ability of an organism to change its phenotype to match local environments, is increasingly recognized for its contribution to evolution. However, few empirical studies have explored the molecular basis of plastic traits. The East African cichlid fish Astatoreochromis alluaudi displays adaptive phenotypic plasticity in its pharyngeal jaw apparatus, a structure that is widely seen as an evolutionary key innovation that has contributed to the remarkable diversity of cichlid fishes. It has previously been shown that in response to different diets, the pharyngeal jaws change their size, shape and dentition: hard diets induce an adaptive robust molariform tooth phenotype with short jaws and strong internal bone structures, while soft diets induce a gracile papilliform tooth phenotype with elongated jaws and slender internal bone structures. To gain insight into the molecular underpinnings of these adaptations and enable future investigations of the role that phenotypic plasticity plays during the formation of adaptive radiations, the transcriptomes of the two divergent jaw phenotypes were examined. Our study identified a total of 187 genes whose expression differs in response to hard and soft diets, including immediate early genes, extracellular matrix genes and inflammatory factors. Transcriptome results are interpreted in light of expression of candidate genesmarkers for tooth size and shape, bone cells and mechanically sensitive pathways. This study opens up new avenues of research at new levels of biological organization into the roles of phenotypic plasticity during speciation and radiation of cichlid fishes.

Resampling-based approaches to study variation in morphological modularity

Modularity has been suggested to be connected to evolvability because a higher degree of independence among parts allows them to evolve as separate units. Recently, the Escoufier RV coefficient has been proposed as a measure of the degree of integration between modules in multivariate morphometric datasets. However, it has been shown, using randomly simulated datasets, that the value of the RV coefficient depends on sample size. Also, so far there is no statistical test for the difference in the RV coefficient between a priori defined groups of observations. Here, we (1), using a rarefaction analysis, show that the value of the RV coefficient depends on sample size also in real geometric morphometric datasets; (2) propose a permutation procedure to test for the difference in the RV coefficient between a priori defined groups of observations; (3) show, through simulations, that such a permutation procedure has an appropriate Type I error; (4) suggest that a rarefaction procedure could be used to obtain sample-size-corrected values of the RV coefficient; and (5) propose a nearest-neighbor procedure that could be used when studying the variation of modularity in geographic space. The approaches outlined here, readily extendable to non-morphometric datasets, allow study of the variation in the degree of integration between a priori defined modules. A Java application – that will allow performance of the proposed test using a software with graphical user interface – has also been developed and is available at the Morphometrics at Stony Brook Web page (http://life.bio.sunysb.edu/morph/).

The gut microbial community of midas cichlid fish in repeatedly evolved limnetic-benthic species pairs

Gut bacterial communities are now known to influence a range of fitness related aspects of organisms. But how different the microbial community is in closely related species, and if these differences can be interpreted as adaptive is still unclear. In this study we compared microbial communities in two sets of closely related sympatric crater lake cichlid fish species pairs that show similar adaptations along the limnetic-benthic axis. The gut microbial community composition differs in the species pair inhabiting the older of two crater lakes. One major difference, relative to other fish, is that in these cichlids that live in hypersaline crater lakes, the microbial community is largely made up of Oceanospirillales (52.28%) which are halotolerant or halophilic bacteria. This analysis opens up further avenues to identify candidate symbiotic or co-evolved bacteria playing a role in adaptation to similar diets and life-styles or even have a role in speciation. Future functional and phylosymbiotic analyses might help to address these issues.