Exploiting Weak Diffusion of Gimli: Improved Distinguishers and Preimage Attacks

The Gimli permutation proposed in CHES 2017 was designed for cross-platform performance. One main strategy to achieve such a goal is to utilize a sparse linear layer (Small-Swap and Big-Swap), which occurs every two rounds. In addition, the round constant addition occurs every four rounds and only one 32-bit word is affected by it. The above two facts have been recently exploited to construct a distinguisher for the full Gimli permutation with time complexity 264. By utilizing a new property of the SP-box, we demonstrate that the time complexity of the full-round distinguisher can be further reduced to 252 while a significant bias still remains. Moreover, for the 18-round Gimli permutation, we could construct a distinguisher even with only 2 queries. Apart from the permutation itself, the weak diffusion can also be utilized to accelerate the preimage attacks on reduced Gimli-Hash and Gimli-XOF-128 with a divide-and-conquer method. As a consequence, the preimage attacks on reduced Gimli-Hash and Gimli-XOF-128 can reach up to 5 rounds and 9 rounds, respectively. Since Gimli is included in the second round candidates in NIST’s Lightweight Cryptography Standardization process, we expect that our analysis can further advance the understanding of Gimli. To the best of our knowledge, the distinguishing attacks and preimage attacks are the best so far.

Cryptanalysis of Forkciphers

The forkcipher framework was designed in 2018 by Andreeva et al. for authenticated encryption of short messages. Two dedicated ciphers were proposed in this framework: ForkAES based on the AES (and its tweakable variant Kiasu-BC), and ForkSkinny based on Skinny. The main motivation is that the forked ciphers should keep the same security as the underlying ciphers, but offer better performances thanks to the larger output. Recent cryptanalysis results at ACNS ’19 have shown that ForkAES actually offers a reduced security margin compared to the AES with an 8-round attack, and this was taken into account in the design of ForkSkinny.In this paper, we present new cryptanalysis results on forkciphers. First we improve the previous attack on ForkAES in order to attack the full 10 rounds. This is the first attack challenging the security of full ForkAES. Then we present the first analysis of ForkSkinny, showing that the best attacks on Skinny can be extended to one round for most ForkSkinny variants, and up to three rounds for ForkSkinny-128-256. This allows to evaluate the security degradation between ForkSkinny and the underlying block cipher.Our analysis shows that all components of a forkcipher must be carefully designed: the attack against ForkAES uses the weak diffusion of the middle rounds in reconstruction queries (going from one ciphertext to the other), but the attack against ForkSkinny uses a weakness of the tweakey schedule in encryption queries (when one branch of the tweakey schedule is skipped).

Расчет влияния плотности ионного тока и температуры на кинетику накопления точечных дефектов при облучении кремния легкими ионами

Numerical calculations of the accumulation kinetics of point defects—vacancies and divacancies—under the irradiation of Si with ions having masses of M _1 ≤ 31 amu and energies of E ≤ 100 keV under various irradiation conditions are performed. The previously proposed diffusion-coagulation model is used without application of the “weak diffusion” approximation, which was performed during its analytical implementation. The main peculiarities of the dependences of the concentrations of vacancies and divacancies on the dose, ion-current density, and temperature under irradiation are analyzed. A physical interpretation of these results is given. The developed computing complex is rather flexible and makes it possible to analyze the influence of model input parameters by means of their variation and include additional processes into consideration if necessary.

WEAK DIFFUSION LIMITS OF DYNAMIC CONDITIONAL CORRELATION MODELS

The properties of dynamic conditional correlation (DCC) models, introduced more than a decade ago, are still not entirely known. This paper fills one of the gaps by deriving weak diffusion limits of a modified version of the classical DCC model. The limiting system of stochastic differential equations is characterized by a diffusion matrix of reduced rank. The degeneracy is due to perfect collinearity between the innovations of the volatility and correlation dynamics. For the special case of constant conditional correlations, a nondegenerate diffusion limit can be obtained. Alternative sets of conditions are considered for the rate of convergence of the parameters, obtaining time-varying but deterministic variances and/or correlations. A Monte Carlo experiment confirms that the often used quasi-approximate maximum likelihood (QAML) method to estimate the diffusion parameters is inconsistent for any fixed frequency, but that it may provide reasonable approximations for sufficiently large frequencies and sample sizes.

Vertical Flow in the Southern Ocean Estimated from Individual Moorings

This study demonstrates that oceanic vertical velocities can be estimated from individual mooring measurements, even for nonstationary flow. This result is obtained under three assumptions: (i) weak diffusion (Péclet number ≫ 1), (ii) weak friction (Reynolds number ≫ 1), and (iii) small inertial terms (Rossby number ≪ 1). The theoretical framework is applied to a set of four moorings located in the Southern Ocean. For this site, the diagnosed vertical velocities are highly variable in time, their standard deviation being one to two orders of magnitude greater than their mean. The time-averaged vertical velocities are demonstrated to be largely induced by geostrophic flow and can be estimated from the time-averaged density and horizontal velocities. This suggests that local time-mean vertical velocities are primarily forced by the time-mean ocean dynamics, rather than by, for example, transient eddies or internal waves. It is also shown that, in the context of these four moorings, the time-mean vertical flow is consistent with stratified Taylor column dynamics in the presence of a topographic obstacle.

Travelling waves in the Holling–Tanner model with weak diffusion

For a wide range of parameters, we study travelling waves in a diffusive version of the Holling–Tanner predator–prey model from population dynamics. Fronts are constructed using geometric singular perturbation theory and the theory of rotated vector fields. We focus on the appearance of the fronts in various singular limits. In addition, periodic travelling waves of relaxation oscillation type are constructed using a recent generalization of the entry–exit function.