The Experts below are selected from a list of 108 Experts worldwide ranked by ideXlab platform
Jeanpierre Tillich - One of the best experts on this subject based on the ideXlab platform.
-
algebraic Attacks for solving the rank decoding and minrank problems without grobner basis
arXiv: Cryptography and Security, 2020Co-Authors: Magali Bardet, Jeanpierre Tillich, Maxime Bros, Daniel Cabarcas, Philippe Gaborit, Ray A Perlner, Daniel Smithtone, Javier A VerbelAbstract:Rank Decoding is the main underlying problem in rank-based cryptography. Based on this problem and quasi-cyclic versions of it, very efficient schemes have been proposed recently, such as those in the ROLLO and RQC submissions, which have reached the second round of the NIST Post-Quantum Cryptography Standardization Process. Two main approaches have been studied to solve the Rank Decoding problem: combinatorial ones and algebraic ones. While the former has been studied extensively, a better understanding of the latter was recently obtained by Bardet \emph{et al.} (EUROCRYPT 2020) where it appeared that algebraic Attacks can often be more efficient than combinatorial ones for cryptographic parameters. In particular, these results were based on Gr\"obner basis computations which led to complexity bounds slightly smaller than the claimed security of ROLLO and RQC cryptosystems. This paper gives substantial improvements upon this Attack in terms both of complexity and of the assumptions required by the cryptanalysis. We present Attacks for ROLLO-I-128, ROLLO-I-192, and ROLLO-I-256 with bit complexity respectively in 70, 86, and 158, to be compared to 117, 144, and 197 for the aforementionned Previous Attack. Moreover, unlike that Previous Attack, the new one does not rely on Gr\"obner basis computations and thus does not require any assumption concerning the behavior of the so-called solving degree. This improvement relies upon a modeling slightly different from the one used in Bardet \emph{et al.} (EUROCRYPT 2020). For a case called ``overdetermined'', this modeling allows us to avoid Gr\"obner basis computations by going directly to solving a linear system. For the other case, called ``underdetermined'', we also improve the results from the Previous Attack by combining the Ourivski-Johansson modeling together with a new modeling for a generic MinRank instance; the latter modeling allows us to refine the analysis of MinRank's complexity given in the paper by Verbel \emph{et al.} (PQCrypto 2019). MinRank is a problem of great interest for all multivariate-based cryptosystems, including GeMSS and Rainbow, which are at the second round of the aforementionned NIST competition. Finally, since the proposed parameters of ROLLO and RQC are completely broken by our new Attack, we give examples of new parameters for ROLLO and RQC that make them resistant to our Attacks. These new parameters show that these systems remain attractive, with a loss of only about 50\% in terms of key size for ROLLO-I.
-
the decoding failure probability of mdpc codes
International Symposium on Information Theory, 2018Co-Authors: Jeanpierre TillichAbstract:Moderate Density Parity Check (MDPC) codes are defined here as codes which have a parity-check matrix whose row weight is $O(\sqrt{n})$ where $n$ is the length $n$ of the code. They can be decoded like LDPC codes but they decode much less errors than LDPC codes: the number of errors they can decode in this case is of order $\Theta(\sqrt{n})$ . Despite this fact they have been proved very useful in cryptography for devising key exchange mechanisms. They have also been proposed in McEliece type cryptosystems. However in this case, the parameters that have been proposed in [11] were broken in [9]. This Attack exploits the fact that the decoding failure probability is non-negligible. We show here that this Attack can be thwarted by choosing the parameters in a more conservative way. We first show that such codes can decode with a simple bit-flipping decoder any pattern of $O(\frac{\sqrt{n}\log\log n}{\log n})$ errors. This avoids the Previous Attack at the cost of significantly increasing the key size of the scheme. We then show that under a very reasonable assumption the decoding failure probability decays almost exponentially with the codelength with just two iterations of bit-flipping. With an additional assumption it has even been proved that it decays exponentially with an unbounded number of iterations and we show that in this case the increase of the key size which is required for resisting to the [9] Attack is only moderate.
Hajar A Hajar - One of the best experts on this subject based on the ideXlab platform.
-
occurrence of valvar heart disease in acute rheumatic fever without evident carditis colour flow doppler identification
Heart, 1992Co-Authors: Gordon M Folger, R Hajar, Andrej Robida, Hajar A HajarAbstract:OBJECTIVE--To determine the frequency of occurrence of mitral and aortic valvar regurgitation in rheumatic children in whom there was no evidence of carditis acutely or at an earlier Attack. DESIGN--Colour flow Doppler imaging was used in a non-randomised study of sequentially admitted children who met the criteria for acute rheumatic fever without clinically evident carditis and patients in whom the disease was quiescent after a Previous Attack of rheumatic fever. Two separate control groups were used for comparison of the echocardiographic findings, and a group of patients with confirmed rheumatic carditis was included for comparison of acute phase and antistreptococcal reactants. SETTING--A general hospital with the only paediatric inpatient department in Qatar. PATIENTS--From November 1988 to October 1990, 11 children were studied during the acute rheumatic period. In seven additional children the disease was quiescent when they were studied 18 to 36 months after a documented episode of acute rheumatic fever in which there was no evidence of carditis. The control patients were all studied during the same period. MAIN OUTCOME MEASURE--Detection of mitral and aortic regurgitation in patients without clinical evidence of rheumatic carditis in the acute or quiescent stages of the disease. RESULTS--Mitral or mitral and aortic regurgitation was found in 10 of the 11 children studied in the acute rheumatic period. None had a murmur or other evidence of carditis. In all the cases studied the valvar insufficiency was mild. Four of the children studied late in the quiescent period had either aortic or mitral insufficiency by colour flow Doppler evaluation; two children who had Previously had valvar insufficiency no longer showed this, and one child without positive findings in the acute phase remained without insufficiency. None of the non-rheumatic control subjects showed mitral or aortic regurgitation. CONCLUSIONS--Colour flow Doppler imaging is a useful method of identifying subclinical mitral and aortic valvar disease at all stages of rheumatic fever when carditis cannot be otherwise detected and is a valuable addition to current diagnostic criteria.
Gordon M Folger - One of the best experts on this subject based on the ideXlab platform.
-
occurrence of valvar heart disease in acute rheumatic fever without evident carditis colour flow doppler identification
Heart, 1992Co-Authors: Gordon M Folger, R Hajar, Andrej Robida, Hajar A HajarAbstract:OBJECTIVE--To determine the frequency of occurrence of mitral and aortic valvar regurgitation in rheumatic children in whom there was no evidence of carditis acutely or at an earlier Attack. DESIGN--Colour flow Doppler imaging was used in a non-randomised study of sequentially admitted children who met the criteria for acute rheumatic fever without clinically evident carditis and patients in whom the disease was quiescent after a Previous Attack of rheumatic fever. Two separate control groups were used for comparison of the echocardiographic findings, and a group of patients with confirmed rheumatic carditis was included for comparison of acute phase and antistreptococcal reactants. SETTING--A general hospital with the only paediatric inpatient department in Qatar. PATIENTS--From November 1988 to October 1990, 11 children were studied during the acute rheumatic period. In seven additional children the disease was quiescent when they were studied 18 to 36 months after a documented episode of acute rheumatic fever in which there was no evidence of carditis. The control patients were all studied during the same period. MAIN OUTCOME MEASURE--Detection of mitral and aortic regurgitation in patients without clinical evidence of rheumatic carditis in the acute or quiescent stages of the disease. RESULTS--Mitral or mitral and aortic regurgitation was found in 10 of the 11 children studied in the acute rheumatic period. None had a murmur or other evidence of carditis. In all the cases studied the valvar insufficiency was mild. Four of the children studied late in the quiescent period had either aortic or mitral insufficiency by colour flow Doppler evaluation; two children who had Previously had valvar insufficiency no longer showed this, and one child without positive findings in the acute phase remained without insufficiency. None of the non-rheumatic control subjects showed mitral or aortic regurgitation. CONCLUSIONS--Colour flow Doppler imaging is a useful method of identifying subclinical mitral and aortic valvar disease at all stages of rheumatic fever when carditis cannot be otherwise detected and is a valuable addition to current diagnostic criteria.
Tillich Jean-pierre - One of the best experts on this subject based on the ideXlab platform.
-
Improvements of Algebraic Attacks for solving the Rank Decoding and MinRank problems
HAL CCSD, 2020Co-Authors: Bardet Magali, Tillich Jean-pierre, Bros Maxime, Cabarcas Daniel, Gaborit Philippe, Perlner Ray, Smith-tone Daniel, Verbel JavierAbstract:Rank Decoding (RD) is the main underlying problem in rank-based cryptography. Based on this problem and quasi-cyclic versions of it, very efficient schemes have been proposed recently, such as those in the ROLLO and RQC submissions, which have reached the second round of the NIST Post-Quantum competition. Two main approaches have been studied to solve RD: combinatorial ones and algebraic ones. While the former has been studied extensively, a better understanding of the latter was recently obtained by Bardet et al. (EUROCRYPT20) where it appeared that algebraic Attacks can often be more efficient than combinatorial ones for cryptographic parameters. This paper gives substantial improvements upon this Attack in terms both of complexity and of the assumptions required by the cryptanalysis. We present Attacks for ROLLO-I-128, 192, and 256 with bit complexity respectively in 70, 86, and 158, to be compared to 117, 144, and 197 for the aforementionned Previous Attack. Moreover, unlike this Previous Attack, ours does not need generic Gr\"obner basis algorithms since it only requires to solve a linear system. For a case called overdetermined, this modeling allows us to avoid Gr\"obner basis computations by going directly to solving a linear system. For the other case, called underdetermined, we also improve the results from the Previous Attack by combining the Ourivski-Johansson modeling together with a new modeling for a generic MinRank instance; the latter modeling allows us to refine the analysis of MinRank's complexity given in the paper by Verbel et al. (PQC19). Finally, since the proposed parameters of ROLLO and RQC are completely broken by our new Attack, we give examples of new parameters for ROLLO and RQC that make them resistant to our Attacks. These new parameters show that these systems remain attractive, with a loss of only about 50\% in terms of key size for ROLLO-I
-
The decoding failure probability of MDPC codes
2018Co-Authors: Tillich Jean-pierreAbstract:Moderate Density Parity Check (MDPC) codes are defined here as codes which have a parity-check matrix whose row weight is $O(\sqrt{n})$ where $n$ is the length $n$ of the code. They can be decoded like LDPC codes but they decode much less errors than LDPC codes: the number of errors they can decode in this case is of order $\Theta(\sqrt{n})$. Despite this fact they have been proved very useful in cryptography for devising key exchange mechanisms. They have also been proposed in McEliece type cryptosystems. However in this case, the parameters that have been proposed in \cite{MTSB13} were broken in \cite{GJS16}. This Attack exploits the fact that the decoding failure probability is non-negligible. We show here that this Attack can be thwarted by choosing the parameters in a more conservative way. We first show that such codes can decode with a simple bit-flipping decoder any pattern of $O\left(\frac{\sqrt{n} \log \log n}{\log n}\right)$ errors. This avoids the Previous Attack at the cost of significantly increasing the key size of the scheme. We then show that under a very reasonable assumption the decoding failure probability decays almost exponentially with the codelength with just two iterations of bit-flipping. With an additional assumption it has even been proved that it decays exponentially with an unbounded number of iterations and we show that in this case the increase of the key size which is required for resisting to the Attack of \cite{GJS16} is only moderate
Raffaele Pezzilli - One of the best experts on this subject based on the ideXlab platform.
-
relapses of biliary acute pancreatitis in patients with Previous Attack of biliary pancreatitis and gallbladder in situ
Digestive and Liver Disease, 2003Co-Authors: P Billi, B Barakat, N Dimperio, Raffaele PezzilliAbstract:Abstract Aim. To evaluate relapse of acute pancreatitis in patients with biliary pancreatitis in whom coexisting diseases or patient refusal have excluded cholecystectomy. Patients and methods. Forty-seven patients presenting a first episode of biliary acute pancreatitis underwent urgent endoscopic retrograde cholangiopancreatography (ERCP) with endoscopic sphincterotomy (ES). Results. ERCP with ES was successful in all but one patient (97.8%) who was then cholecystectomised. Complications related to the endoscopic procedure were reported in five patients (10.6%). During the follow-up period (median time 12 months; range 1–84 months), 10 patients (21%) suffered from biliary complications. Three patients (6.4%), all with lithiasis of the gallbladder, had relapses of acute pancreatitis, two of them within 2 months of the Previous episode, and one about a year later after ingestion of a rich meal and alcoholic beverages. The first two were cholecystectomised. Two patients died during the follow-up period from unrelated diseases. Conclusions. In subjects who are at high risk for anaesthesia, endoscopic procedures may be utilised.
