Assessment of the different sources of uncertainty in a SWAT model of the River Senne (Belgium)

Although rainfall input uncertainties are widely identified as being a key factor in hydrological models, the rainfall uncertainty is typically not included in the parameter identification and model output uncertainty analysis of complex distributed models such as SWAT and in maritime climate zones. This paper presents a methodology to assess the uncertainty of semi-distributed hydrological models by including, in addition to a list of model parameters, additional unknown factors in the calibration algorithm to account for the rainfall uncertainty (using multiplication factors for each separately identified rainfall event) and for the heteroscedastic nature of the errors of the stream flow. We used the Differential Evolution Adaptive Metropolis algorithm (DREAM_(zs)) to infer the parameter posterior distributions and the output uncertainties of a SWAT model of the River Senne (Belgium). Explicitly considering heteroscedasticity and rainfall uncertainty leads to more realistic parameter values, better representation of water balance components and prediction uncertainty intervals.     

Key-dependent side-channel cube attack on CRAFT

CRAFT is a tweakable block cipher introduced in 2019 that aims to provide strong protection against differential fault analysis. In this paper, we show that CRAFT is vulnerable to side-channel cube attacks. We apply side-channel cube attacks to CRAFT with the Hamming weight leakage assumption. We found that the first half of the secret key can be recovered from the Hamming weight leakage after the first round. Next, using the recovered key bits, we continue our attack to recover the second half of the secret key. We show that the set of equations that are solvable varies depending on the value of the key bits. Our result shows that 99.90% of the key space can be fully recovered within a practical time.     

Design of Feedback Shift Register of Against Power Analysis Attack

Stream ciphers based on linear feedback shift register (LFSR) are suitable for constrained environments, such as satellite communications, radio frequency identification devices tag, sensor networks and Internet of Things, due to its simple hardware structures, high speed encryption and lower power consumption. LFSR, as a cryptographic primitive, has been used to generate a maximum period sequence. Because the switching of the status bits is regular, the power consumption of the LFSR is correlated in a linear way. As a result, the power consumption characteristics of stream cipher based on LFSR are vulnerable to leaking initialization vectors under the power attacks. In this paper, a new design of LFSR against power attacks is proposed. The power consumption characteristics of LFSR can be masked by using an additional LFSR and confused by adding a new filter Boolean function and a flip-flop. The design method has been implemented easily by circuits in this new design in comparison with the others.     

Low-cost and two-cycle hardware structures of PRINCE lightweight block cipher

In this paper, low-cost and two-cycle hardware structures of the PRINCE lightweight block cipher are presented. In the first structure, we proposed an area-constrained structure, and in the second structure, a high-speed implementation of the PRINCE cipher is presented. The substitution box (S-box) and the inverse of S-box (S-box⁻¹) blocks are the most complex blocks in the PRINCE cipher. These blocks are designed by an efficient structure with low critical path delay. In the low-cost structure, the S-boxes and S-boxes⁻¹ are shared between the round computations and the intermediate step of PRINCE cipher. Therefore, the proposed architecture is implemented based on the lowest number of computation resources. The two-cycle implementation of PRINCE cipher is designed by a processing element (PE), which is a general and reconfigurable element. This structure has a regular form with the minimum number of the control signal. Implementation results of the proposed structures in 180-nm CMOS technology and Virtex-4 and Virtex-6 FPGA families are achieved. The proposed structures, based on the results, have better critical path delay and throughput compared with other's related works.     

Effect of sampling density on the measurement of stream condition indicators in two lowland Australian streams

There is widespread application of indicators to the assessment of environmental condition of streams. These indicators are intended for use by managers in making various comparative and absolute assessments and often have a role in resource allocation and performance assessment. Therefore, the problem of formally defining confidence in the results is important but difficult because the sampling strategies used are commonly based on a compromise between the requirements of statistical rigour and the pragmatic issues of access and resources. It is rare to see this compromise explicitly considered and consequently there is seldom quantification of the uncertainty that could affect the confidence a manager has in an indicator. In this paper, we present a method for quantitatively assessing the tradeoffs between sampling density and uncertainty in meeting various monitoring objectives. Assessments using judgement‐based representative reaches are shown to be unreliable; instead a sampling approach is recommended based on the random selection of measuring sites. A detailed dataset was collected along two streams in Victoria, Australia, and the effect of sampling density was assessed by subsampling from this dataset with precision related to the number of sites assessed per reach length and the intensity of the sampling at each site. The sampling scheme to achieve a given precision is shown to depend on the monitoring objective. In particular, three objectives were considered: (1) making a baseline assessment of current condition; (2) change detection; and (3) detection of a critical threshold in condition. Change detection is shown to be more demanding than assessing baseline condition with additional sampling effort required to achieve the same precision. Sampling to detect a critical threshold depends on nominating acceptable values of Type I and II error and the size of the effect to be detected. Copyright © 2006 John Wiley & Sons, Ltd.     

Concurrent error detection of fault-based side-channel cryptanalysis of 128-bit RC6 block cipher

Fault-based side channel cryptanalysis is very effective against symmetric and asymmetric encryption algorithms. Although straightforward hardware and time redundancy based concurrent error detection (CED) architectures can be used to thwart such attacks, they entail significant overhead (either area or performance). In this paper we investigate two systematic approaches to low-cost, low-latency CED for symmetric encryption algorithm RC6. The proposed techniques have been validated on FPGA implementations of RC6, one of the advanced encryption standard finalists.     

256比特的混沌分组密码

由于密码分析研究的进展及DES自身的弱点,原64比特的DES将不能作为数据加密的标准算法而长期存在。在原来工作的基础上,本文提出了256比特的分组密码方案。密码算法由基于混沌映射的数字滤波器构造。     

Cryptanalysis of an involutional block cipher using cellular automata

In 2006, an involutional block cipher using cellular automata was proposed. A self-invertible CA-based structure allows for an efficient hardware implementation. This paper analyzes the insecurity of the cipher due to its conjugate property. The results of this study will make it possible to construct a decryption process without knowledge of the secret key.     

基于Java点对点通信技术的DES密钥交换

介绍了使用Java的点对点通信技术,基于Diffie-Hellman规则,给出了IBM DES密钥交换的总体方案、算法和应用程序,详细说明了其中涉及的主要技术和方法,同时给出了在PC机上用二进制指数分解法实现大数模运算的算法分析和实现方案。     

Correlation properties of combiners with memory in stream ciphers

For pseudo-random generators where one or several LFSRs are combined by a memoryless function, it is known that the output sequences are correlated to certain LFSR-sequences whose correlation coefficients c _t satisfy the equation _i c ₂ ⁱ = 1. In this paper it is proved that a corresponding result also holds for generators whose LFSRs are connected to a combiner with memory.If correlation probabilities are conditioned on side information, e.g., on known output digits, it is shown that new or stronger correlations may occur. This is exemplified for the summation cipher with only two LFSRs where such correlations can be exploited in a known plaintext attack. A cryptanalytic algorithm is given which is shown to be successful for LFSRs of considerable length and with arbitrary feedback connection.A preliminary version of this paper was presented at Eurocrypt '90, May 21–24, Århus, Denmark, and has appeared in the proceedings, pp. 204–213.