PAES is an authenticated encryption scheme designed by Ye et al., and submitted to the CAESAR competition. The designers claim that PAES-8, which is one of the designs of the PAES-family, provides 128-bit security in the nonce misuse model. In this note, we show our forgery attack against PAES-8. Our attack works in the nonce misuse model. The attack exploits the slow propagation of message dif...

128-EIA3 is an integrity algorithm considered for adoption as a third integrity algorithm by European Telecommunication Standard Institute (ETSI) for 4th generation of GSM networks.128-EIA3 is vulnerable to birthday forgery attack. Birthday forgery attack requires minimum 2 known message-MAC pairs for finding collision in 128-EIA3. 128-EIA3 is susceptible to internal collision of its universal ...

Some message authentication codes (MACs) are vulnerable to multiple forgery attacks, in which an attacker can gain information that allows her to succeed in forging multiple message/tag pairs. This property was first noted in MACs based on universal hashing, such as the Galois/Counter Mode (GCM) of operation for block ciphers. However, we show that CBC-MAC and HMAC also have this property, and ...

A message passing program composition methodology, called Ensemble, applied for Parix is presented. Ensemble overcomes the implementation problems and complexities in developing applications in message passing environments. Parallel applications are virtually specified by Process Communication Graphs (PCGs) annotated with communication information for Parix processes. Annotated PCGs are generat...

This paper introduces VMAC, a message authentication algorithm (MAC) optimized for high performance in software on 64-bit architectures. On the Athlon 64 processor, VMAC authenticates 2KB cache-resident messages at a cost of about 0.5 CPU cycles per message byte (cpb) — significantly faster than other recent MAC schemes such as UMAC (1.0 cpb) and Poly1305 (3.1 cpb). VMAC is a MAC in the Wegman-...

We show how to produce a forged (ciphertext,tag) pair for the scheme ALE with data and time complexity of 2 ALE encryptions of short messages and the same number of authentication attempts. We use a differential attack based on a local collision, which exploits the availability of extracted state bytes to the adversary. Our approach allows for a time-data complexity tradeoff, with an extreme ca...

In this study we consider rateless coding over discrete memoryless channels (DMC) with feedback. Unlike traditional fixed-rate codes, in rateless codes each codeword in infinitely long, and the decoding time depends on the confidence level of the decoder. Using rateless codes along with sequential decoding, and allowing a fixed probability of error at the decoder, we obtain results for several ...

Adam Smith, Charles Darwin, Rudolf Clausius, and Léon Brillouin considered certain “values” as key quantities in their descriptions of market competition, natural selection, thermodynamic processes, and information exchange, respectively. None of those values can be computed from elementary properties of the particular object they are attributed to, but rather values represent emergent, irreduc...

In this paper, we study unconditionally secure codes that provide authentication without secrecy. Our point of view is the univcrsal hashing approach pioneered by Wegman and Carter in 1981. We first compare several recent universal-hashing based constructions for mthenticatmion codes. Then we gencralize the theory of universal hashing in order t,o accommodate the situation where we would like t...

In its 2010 world health report, the World Health Organization noted that there is no single, best path for reforming health financing arrangements to move systems closer to universal health coverage, i.e. to improve access to needed, effective services while protecting users from financial ruin. However, this lack of a blueprint for health financing reforms was not meant to convey the message ...