Security Analysis of Randomize-Hash-then-Sign Digital Signatures

At CRYPTO 2006, Halevi and Krawczyk proposed two randomized hash function modes and analyzed the security of digital signature algorithms based on these constructions. They showed that the security of signature schemes based on the two randomized hash function modes relies on properties similar to the second preimage resistance rather than on the collision resistance property of the hash functions. One of the randomized hash function modes was named the RMX hash function mode and was recommended for practical purposes. The National Institute of Standards and Technology (NIST), USA standardized a variant of the RMX hash function mode and published this standard in the Special Publication (SP) 800-106. In this article, we first discuss a generic online birthday existential forgery attack of Dang and Perlner on the RMX-hash-then-sign schemes. We show that a variant of this attack can be applied to forge the other randomize-hash-then-sign schemes. We point out practical limitations of the generic forgery attack on the RMX-hash-then-sign schemes. We then show that these limitations can be overcome for the RMX-hash-then-sign schemes if it is easy to find fixed points for the underlying compression functions, such as for the Davies-Meyer construction used in the popular hash functions such as MD5 designed by Rivest and the SHA family of hash functions designed by the National Security Agency (NSA), USA and published by NIST in the Federal Information Processing Standards (FIPS). We show an online birthday forgery attack on this class of signatures by using a variant of Dean’s method of finding fixed point expandable messages for hash functions based on the Davies-Meyer construction. This forgery attack is also applicable to signature schemes based on the variant of RMX standardized by NIST in SP 800-106. We discuss some important applications of our attacks and discuss their applicability on signature schemes based on hash functions with ‘built-in’ randomization. Finally, we compare our attacks on randomize-hash-then-sign schemes with the generic forgery attacks on the standard hash-based message authentication code (HMAC).

On Randomizing Hash Functions to Strengthen the Security of Digital Signatures

Halevi and Krawczyk proposed a message randomization algorithm called RMX as a front-end tool to the hash-then-sign digital signature schemes such as DSS and RSA in order to free their reliance on the collision resistance property of the hash functions. They have shown that to forge a RMX-hash-then-sign signature scheme, one has to solve a cryptanalytical task which is related to finding second preimages for the hash function. In this article, we will show how to use Dean’s method of finding expandable messages for finding a second preimage in the Merkle-Damgård hash function to existentially forge a signature scheme based on a t-bit RMX-hash function which uses the Davies-Meyer compression functions (e.g., MD4, MD5, SHA family) in 2 t/2 chosen messages plus 2 t/2 + 1 off-line operations of the compression function and similar amount of memory. This forgery attack also works on the signature schemes that use Davies-Meyer schemes and a variant of RMX published by NIST in its Draft Special Publication (SP) 800-106. We discuss some important applications of our attack.

The origin of cyclical high- and low-Cr basalts with continental crust trace element signatures in the Kalkarindji Large Igneous Province

The 510 million year old Kalkarindji Large Igneous Province correlates in time with the first major extinction event after the Cambrian explosion of life. Large igneous provinces correlate with all major mass extinction events in the last 500 million years. The genetic link between large igneous provinces and mass extinction remains unclear. My work is a contribution towards understanding magmatic processes involved in the generation of Large Igneous Provinces. I concentrate on the origin of variation in Cr in magmas and have developed a model in which high temperature melts intrude into and assimilate large amounts of upper continental crust.

Sealing the leak on classical NTRU signatures

Initial attempts to obtain lattice based signatures were closely related to reducing a vector modulo the fundamental parallelepiped of a secret basis (like GGH [9], or NTRUSign [12]). This approach leaked some information on the secret, namely the shape of the parallelepiped, which has been exploited on practical attacks [24]. NTRUSign was an extremely efficient scheme, and thus there has been a noticeable interest on developing countermeasures to the attacks, but with little success [6]. In [8] Gentry, Peikert and Vaikuntanathan proposed a randomized version of Babai’s nearest plane algorithm such that the distribution of a reduced vector modulo a secret parallelepiped only depended on the size of the base used. Using this algorithm and generating large, close to uniform, public keys they managed to get provably secure GGH-like lattice-based signatures. Recently, Stehlé and Steinfeld obtained a provably secure scheme very close to NTRUSign [26] (from a theoretical point of view). In this paper we present an alternative approach to seal the leak of NTRUSign. Instead of modifying the lattices and algorithms used, we do a classic leaky NTRUSign signature and hide it with gaussian noise using techniques present in Lyubashevky’s signatures. Our main contributions are thus a set of strong NTRUSign parameters, obtained by taking into account latest known attacks against the scheme, a statistical way to hide the leaky NTRU signature so that this particular instantiation of CVP-based signature scheme becomes zero-knowledge and secure against forgeries, based on the worst-case hardness of the O~(N1.5)-Shortest Independent Vector Problem over NTRU lattices. Finally, we give a set of concrete parameters to gauge the efficiency of the obtained signature scheme.

High connectivity in rastrelliger kanagurta: Influence of historical signatures and migratory behaviour inferred from mtDNA Cytochrome b

Phylogeographic patterns and population structure of the pelagic Indian mackerel, Rastrelliger kanagurta were examined in 23 populations collected from the Indonesian-Malaysian Archipelago (IMA) and the West Indian Ocean (WIO). Despite the vast expanse of the IMA and neighbouring seas, no evidence for geographical structure was evident. An indication that R. kanagurta populations across this region are essentially panmictic. This study also revealed that historical isolation was insufficient for R. kanagurta to attain migration drift equilibrium. Two distinct subpopulations were detected between the WIO and the IMA (and adjacent populations); interpopulation genetic variation was high. A plausible explanation for the genetic differentiation observed between the IMA and WIO regions suggest historical isolation as a result of fluctuations in sea levels during the late Pleistocene. This occurrence resulted in the evolution of a phylogeographic break for this species to the north of the Andaman Sea.

Novel window coupler for the detection of partial discharge activity in GIS

This work investigates the feasibly in using a low noise “C” Band block down-converter as a Ultra High Frequency window coupler for the detection of partial discharge activity from free conducting practices and a protrusion on the high voltage conductor in Gas Insulated Switchgear. The investigated window coupler has a better sensitivity than the internal Ultra High Frequency couplers fitted to the system. The investigated window couplers however are sensitive to changes in the frequency content of the discharge signals and appear to be less sensitive to negative discharges signals produced by a protrusion than the positive discharge signals.

Preliminary work on the detection of partial discharges in SF6 under impulse voltages

This paper presents preliminary results of an investigation into the detection of partial discharges on the rise of impulse voltages from a point-to-plane gap in SF6. A parallel RC detection impedance is placed in the earth path of a point. Computer simulations are done to determine the values of R and C that will result in the smallest impulse voltage signal and the largest discharge signal across the detection impedance. These simulations and the experimental work show that the impulse voltage signal can not be sufficiently attenuated during the rise time of the applied voltage impulse using the RC detection impedance alone. An alternative discharge detection method is proposed in which a resonant partial discharge coupler is used. Elimination of noise and the impulse voltage signal can be achieved by shorting the coupler plate to the ground plane in the middle of the disk. However, due to the bandwidth of the measuring equipment and noise from the impulse generator it was not possible to detect discharges on the rising edge of a 1.5s voltage impulse using a coupler shorted in the middle. It was found that for this particular coupler, with no shorting points, and if the rising edge of the voltage impulse is longer than 5us, (10us) PD activity can be detected on the rising edge.

Robust iris recognition using decision fusion and degradation modelling

This thesis investigates the use of fusion techniques and mathematical modelling to increase the robustness of iris recognition systems against iris image quality degradation, pupil size changes and partial occlusion. The proposed techniques improve recognition accuracy and enhance security. They can be further developed for better iris recognition in less constrained environments that do not require user cooperation. A framework to analyse the consistency of different regions of the iris is also developed. This can be applied to improve recognition systems using partial iris images, and cancelable biometric signatures or biometric based cryptography for privacy protection.

Partial epilepsy syndrome in a Gypsy family linked to 5q31.3-q32

PURPOSE The restricted genetic diversity and homogeneous molecular basis of Mendelian disorders in isolated founder populations have rarely been explored in epilepsy research. Our long-term goal is to explore the genetic basis of epilepsies in one such population, the Gypsies. The aim of this report is the clinical and genetic characterization of a Gypsy family with a partial epilepsy syndrome. METHODS Clinical information was collected using semistructured interviews with affected subjects and informants. At least one interictal electroencephalography (EEG) recording was performed for each patient and previous data obtained from records. Neuroimaging included structural magnetic resonance imaging (MRI). Linkage and haplotype analysis was performed using the Illumina IVb Linkage Panel, supplemented with highly informative microsatellites in linked regions and Affymetrix SNP 5.0 array data. RESULTS We observed an early-onset partial epilepsy syndrome with seizure semiology strongly suggestive of temporal lobe epilepsy (TLE), with mild intellectual deficit co-occurring in a large proportion of the patients. Psychiatric morbidity was common in the extended pedigree but did not cosegregate with epilepsy. Linkage analysis definitively excluded previously reported loci, and identified a novel locus on 5q31.3-q32 with an logarithm of the odds (LOD) score of 3 corresponding to the expected maximum in this family. DISCUSSION The syndrome can be classified as familial temporal lobe epilepsy (FTLE) or possibly a new syndrome with mild intellectual deficit. The linked 5q region does not contain any ion channel-encoding genes and is thus likely to contribute new knowledge about epilepsy pathogenesis. Identification of the mutation in this family and in additional patients will define the full phenotypic spectrum.

Homology between jacalin and artocarpin from jackfruit (Artocarpus integrifolia) seeds. Partial sequence and preliminary crystallographic studies of artocarpin

Jacalin and artocarpin, the two lectins from jackfruit (Artocarpus integrifolia) seeds, have different physicochemical properties and carbohydrate-binding specificities. However, comparison of the partial amino-acid sequence of artocarpin with the known sequence of jacalin indicates close to 50% sequence identity. Artocarpin crystallizes in two forms, both monoclinic P2(1), with one and two tetramic molecules, respectively, in the asymmetric units of form I (a = 69.9, b = 73.7, c = 60.6 Angstrom and beta = 95.1 degrees) and form II (a = 87.6, b = 72.2, c = 92.6 Angstrom and beta = 101.1 degrees). Both the crystal structures have been solved by the molecular replacement method using the known structure of jacalin as the search model and ope of them partially refined, confirming that the two lectins are indeed homologous.

Working group report: Dictionary of Large Hadron Collider signatures

We report on a plan to establish a `Dictionary of LHC Signatures', an initiative that started at the WHEPP-X workshop in Chennai, January 2008. This study aims at the strategy of distinguishing 3 classes of dark matter motivated scenarios such as R-parity conserved supersymmetry, little Higgs models with T-parity conservation and universal extra dimensions with KK-parity for generic cases of their realization in a wide range of the model space. Discriminating signatures are tabulated and will need a further detailed analysis.

Use of physicochemical signatures to assess the sources of metals in urban road dust

Road deposited dust is a complex mixture of pollutants derived from a wide range of sources. Accurate identification of these sources is seminal for effective source-oriented control measures. A range of techniques such as enrichment factor analysis (EF), principal component analysis (PCA) and hierarchical cluster analysis (HCA) are available for identifying sources of complex mixtures. However, they have multiple deficiencies when applied individually. This study presents an approach for the effective utilisation of EF, PCA and HCA for source identification, so that their specific deficiencies on an individual basis are eliminated. EF analysis confirmed the non-soil origin of metals such as Na, Cu, Cd, Zn, Sn, K, Ca, Sb, Ba, Ti, Ni and Mo providing guidance in the identification of anthropogenic sources. PCA and HCA identified four sources, with soil and asphalt wear in combination being the most prominent sources. Other sources were tyre wear, brake wear and sea salt.

Partial discharges at low pressures in a dielectric interface between uniform field electrodes

Partial discharges in a gaseous interface due to the presence of a dielectric between two uniform field electrodes in air at different pressures from 0.5 to 685 mm Hg have been studied and measurements of inception and extinction voltages, number of pulses and their charge magnitudes at inception are reported. It has been observed that the extinction voltage can be as low as 70% of the inception voltage suggesting that the working voltage in such cases should be about 30% lower than the observed inception voltage. Small magnitude pulses are found to be more in number than large magnitude pulses. The charge is found to be pressure dependent. The results have been explained on the basis of an equivalent circuit consisting of resistance and capacitance in which the discharge gap functions as a switch.

Partial Loss Of Support And Frame-Soil Interaction

An interaction analysis has been conducted to study the effects of a local loss of support beneath the beam footing of a two-bay plane frame. The results of the study indicate that the magnitude of increase in the bending moment and axial force in the structure due to the presence of a void are dependent, not only on the extent of support loss, but also on the relative stiffnesses between foundation beam and soil, and between superstructure and soil. The increase in bending moment even for a void span of 1/12 of the foundation beam length can become so significant as to exceed the safety provisions. The study shows that the effect of a void on the superstructure moments can be greatly minimized by a combination of rigid foundation and flexible superstructure.

Low PAPR Square STBCs from Complex Partial-Orthogonal Designs (CPODs)

Space-time codes from complex orthogonal designs (CODs) with no zero entries offer low Peak to Average Power Ratio (PAPR) and avoid the problem of switching off antennas. But square CODs for 2(a) antennas with a + 1. complex variables, with no zero entries were discovered only for a <= 3 and if a + 1 = 2(k), for k >= 4. In this paper, a method of obtaining no zero entry (NZE) square designs, called Complex Partial-Orthogonal Designs (CPODs), for 2(a+1) antennas whenever a certain type of NZE code exists for 2(a) antennas is presented. Then, starting from a so constructed NZE CPOD for n = 2(a+1) antennas, a construction procedure is given to obtain NZE CPODs for 2n antennas, successively. Compared to the CODs, CPODs have slightly more ML decoding complexity for rectangular QAM constellations and the same ML decoding complexity for other complex constellations. Using the recently constructed NZE CODs for 8 antennas our method leads to NZE CPODs for 16 antennas. The class of CPODs do not offer full-diversity for all complex constellations. For the NZE CPODs presented in the paper, conditions on the signal sets which will guarantee full-diversity are identified. Simulation results show that bit error performance of our codes is same as that of the CODs under average power constraint and superior to CODs under peak power constraint.