Gordon Procter scite author profile

2015

Abstract. The simplicity and widespread use of blockciphers based on the iterated Even-Mansour (EM) construction has sparked recent interest in the theoretical study of their security. Previous work has established their strong pseudorandom permutation and indifferentiability properties, with some matching lower bounds presented to demonstrate tightness. In this work we initiate the study of the EM ciphers under related-key attacks which, despite extensive prior work, has received little attention. We show that the simplest one-round EM cipher is strong enough to achieve non-trivial levels of RKA security even under chosen-ciphertext attacks. This class, however, does not include the practically relevant case of offsetting keys by constants. We show that two rounds suffice to reach this level under chosen-plaintext attacks and that three rounds can boost security to resist chosen-ciphertext attacks. We also formalize how indifferentiability relates to RKA security, showing strong positive results despite counterexamples presented for indifferentiability in multi-stage games.

On Weak Keys and Forgery Attacks Against Polynomial-Based MAC Schemes

Cid

2014

Abstract. Universal hash functions are commonly used primitives for fast and secure message authentication in the form of Message Authentication Codes (MACs) or Authenticated Encryption with Associated Data (AEAD) schemes. These schemes are widely used and standardised, the most well known being McGrew and Viega's Galois/Counter Mode (GCM). In this paper we identify some properties of hash functions based on polynomial evaluation that arise from the underlying algebraic structure. As a result we are able to describe a general forgery attack, of which Saarinen's cycling attack from FSE 2012 is a special case. Our attack removes the requirement for long messages and applies regardless of the field in which the hash function is evaluated. Furthermore we provide a common description of all published attacks against GCM, by showing that the existing attacks are the result of these algebraic properties of the polynomial-based hash function. Finally, we greatly expand the number of known weak GCM keys and show that almost every subset of the keyspace is a weak key class.

On Weak Keys and Forgery Attacks Against Polynomial-Based MAC Schemes

Cid

2014

J Cryptol

Neutron Flux Measurements for the PBMR DPP

Artaud

2008

For the Pebble Bed Modular Reactor (PBMR) Demonstration Power Plant (DPP) several neutron flux measurements are made, both within the Reactor Pressure Vessel (RPV) and outside the RPV. The measurements within the RPV are performed by the Core Structures Instrumentation (CSI) system. While those outside the RPV are performed by the Nuclear Instrumentation System (NIS). The PBMR has a long annular core with a relative low power density, requiring flux monitoring over the full 11 M of the active core region. The core structures instrumentation measures the neutron flux in the graphite reflector. Two measurement techniques are used; Fission Chamber based channels with high sensitivity for initial fuel load and low power testing and SPND channels for measurements at full and near full power operation. The CSI flux monitoring supports data acquisition for design Verification and Validation (V&V), and the data will also be used for the characterization of the NIS for normal reactor start-ups and low power operation. The CSI flux measurement channels are only required for the first few years of operation; the sensors are not replaceable. The Nuclear Instrumentation System is an ex core system that includes the Post Event Instrumentation. Due to the long length of the PBMR core, the flux is measured at several axial positions. This is a fission chamber based system; full advantage is taken of all the operating modes for fission chambers (pulse counting, mean square voltage (MSV), and linear current). The CSI flux monitoring channels have many technical and integration challenges. The environment where the sensors and their associated signal cables are required to operate is extremely harsh; temperature and radiation levels are very high. The selection and protection of the fission chambers warranted special attention. The selection criteria for sensors and cables takes cognizance of the fact that the assemblies are built in during the assembly of the reactor internal structures, and that they are not replaceable. This paper describes the challenges in the development of the monitoring systems for the measurement of neutron flux both within the RPV and the ex core region. The selection of detector configuration and the associated signal processing will be discussed. The use of only analogue signal processing techniques will also be elaborated on.

Algebraic Cryptanalysis and RFID Authentication

Cid

Ferreira

et al. 2015