The Digital Signature Scheme MQQ-SIG

This document contains the Intellectual Property Statement and the technical description of the MQQ-SIG - a new public key digital signature scheme. The complete scientific publication covering the design rationale and the security analysis will be given in a separate publication. MQQ-SIG consists of $n - \frac{n}{4}$ quadratic polynomials with $n$ Boolean variables where n=160, 196, 224 or 256

MPC-based and COLREGs-aware Trajectory Planning and Collision Avoidance for both Low-Speed and High-Speed ASVs

Denne masteroppgaven presenterer to fremgangsmåter for mellom-nivå baneplanlegging for maritime autonome fartøy som unngår kollisjon med dynamiske og statiske hindringer, på en måte som delvis følger trafikkreglene til sjøs gitt av Convention on the International Regulations for Preventing Collision at Sea (COLREG). En av fremgangsmåtene er rettet mot fullt aktuerte, autonome passasjerferger, hvor fartøyene har lav fart. Den andre fremgangsmåten er rettet mot underaktuerte fartøy med høyere fart, hvor manøvrerbarheten til fartøyet er begrenset sammenlignet med fullt aktuerte passasjerferger, en faktor som må tas hensyn til når fartøyets bane planlegges. Begge baneplanleggerne er basert på Model Predictive Control (MPC), og bruker forskjellige modeller internt i MPC-algoritmen, samt forskjellige objektivfunksjoner som skal minimeres av planleggeren. En del av COLREG-reglene er ansett som relevant når det skal planlegges bane, og begrensningene lagt til i MPC-algoritmen er formulert på en slik måte at den optimale banen følger de valgte reglene. Som en del av dette arbeid er to verktøy introdusert for å insentivere forskjellige typer adferd underveis i planleggingshorisonten til baneplanleggerne. Det første verktøyet er vinduer med redusert kostnad i planleggingshorisonten til MPCen, og ideen presentert og implementert i dette arbeidet generaliserer til andre MPC-baserte baneplanleggings-applikasjoner, samt andre MPC-applikasjoner hvor det kan være nyttig å ha forskjellige typer adferd i forskjellige deler av planleggingshorisonten. Det andre verktøyet er et sett med begrensninger som kan brukes til å forbedre COLREGs-kompitabiliteten til baneplanleggerene, og begrensningen som er introdusert i dette arbeidet er en spesifikk begrensning plassert på babord side av målfartøyet, som forbedrer ytelsen til baneplanleggerene sammenlignet med tidligere arbeid. Begge verktøyene er ment å insentivere baneplanleggerne til å planlegge tidlige og tydelige manøvre for å unngå kollisjon med andre fartøy på en måte som følger Regel 8 i COLREG-reglene. De foreslåtte baneplanleggerne og verktøyene er testet gjennom simuleringer, hvor en modell av passasjerfergen milliAmpere1 er brukt for lav-hastighets simuleringer, samt en skalert modell av Otter USVen for høy-hastighets simuleringer. Gjennom en omfattende simuleringsstudie og bruk av relevante metrikker er baneplanleggerne vist å planlegge baner som i stor grad følger det valgte settet med regler fra COLREG, mens man også unngår kollisjoner med alle statiske og dynamiske hindringer. Simuleringsresultater viser også at bruk av kostreduksjonsvinduer effektivt fører til at baneplanleggerne planlegger tidligere og tydeligere manøvre for å unngå kollisjon. Begrensningen plassert på babord side av målfartøyet er også vist å føre til at tydeligere manøvre blir planlagt av baneplanleggerne i én-til-én møter, samtidig som den også fører til at riktig manøvreringsside for eget fartøy blir valgt på en mer robust måte. Denne begrensningen er derimot også vist å trenge mer jobb hvis verktøyet skal kunne brukes mer generelt med både statiske og flere dynamiske hindringer. Begge verktøyene er også gjennom bruk av relevante metrikker vist å føre til høyere reguleringsfeil i reguleringssystemet, høyere energiforbruk av fartøyet, økt bruk av aktuatorer samt høyere akselerasjon.This masters thesis presents two approaches for mid-level trajectory planning for maritime autonomous vessels that avoids collision with dynamic and static obstacles, in a way that complies with a subset of the Convention on the International Regulations for Preventing Collisions at Sea (COLREG). One of the approaches is intended for fully actuated autonomous passenger ferries, where the transit is performed at low speeds. The other approach is intended for underactuated high-speed vessels, where the maneuverability of the vessel is limited compared to the fully actuated passenger ferry, which needs to be considered when planning a trajectory. Both trajectory planners are based on Model Predictive Control (MPC), and differ in the models used internally by the MPC algorithm and the objective function to be minimized. A subset of the COLREGs is considered relevant for the task of trajectory planning, and the constraints of the MPC algorithm are formulated such that the optimal trajectory complies with the chosen subset of the COLREGs. As part of this work, two tools are introduced in order to incentivize different types of behaviour during the planning horizon of the trajectory planners. The first tool is windows of reduced cost in the planning horizon of the MPC, and the idea presented and implemented in this work generalizes to other MPC-based trajectory-planning applications, as well as other MPC-applications where different types of behaviour is deemed useful in different parts of the planning horizon. The second tool is a set of constraints that enforce the relevant subset of the COLREGs, where the tool proposed in this work is a specific linear constraint placed on the port side of target ships, in order to improve the compliance with some of the COLREGs compared to previous work. Both tools are intended to incentivize the trajectory planner to plan early and readily apparent maneuvers to avoid collision with other vessels, in compliance with Rule 8 of the COLREGs. The trajectory planners and the proposed tools are tested through simulations, where a model of the milliAmpere1 passenger ferry is used for low-speed transit simulations, and a scaled model of the Otter USV is used for high-speed transit simulations. Through an extensive simulation study using relevant performance metrics, the trajectory planners are shown to plan trajectories that to a large degree complies with the chosen subset of the COLREGs, while also avoiding collision with all static and dynamic obstacles. Results from the simulations also shows that introducing windows of reduced cost in the planning horizon of the MPC-based trajectory planners effectively makes the trajectory planners plan earlier and more apparent action to avoid collision. The port-side constraint is also seen to incentivize the planners to plan more apparent action in single-vessel encounters and to more robustly enforce the vessel to maneuver to the correct side in compliance with the COLREGs. This constraint is however shown to need more work if the tool is to be used in the general sense including static obstacles and multiple target ships. While these tools are shown to effectively enforce the relevant set of rules, it is also shown through a set of metrics that the increased COLREGs-compliance comes at the cost of increased control error, power consumption, actuator usage and acceleration

Hash Functions and Gröbner Bases Cryptanalysis

Hash functions are being used as building blocks in such diverse primitives as commitment schemes, message authentication codes and digital signatures. These primitives have important applications by themselves, and they are also used in the construction of more complex protocols such as electronic voting systems, online auctions, public-key distribution, mutual authentication handshakes and more. Part of the work presented in this thesis has contributed to the \SHA-3 contest" for developing the new standard for hash functions organized by the National Institute of Standards and Technology. We constructed the candidate Edon-R, which is a hash function based on quasigroup string transformation. Edon-R was designed to be much more efficient than SHA-2 cryptographic hash functions, while at the same time offering same or better security. Most notably Edon-R was the most efficient hash function submitted to the contest. Another contribution to the contest was our cryptanalysis of the second round SHA-3 candidate Hamsi. In our work we studied Hamsi's resistance to differential and higher-order differential cryptanalysis, with focus on the 256-bit version of Hamsi. Our main results are efficient distinguishers and near-collisions for its full (3-round) compression function, and distinguishers for its full (6-round) finalization function, indicating that Hamsi's building blocks do not behave ideally. Another important part of this thesis is the application of Gröbner bases. In the last decade, Gröbner bases have shown to be a valuable tool for algebraic cryptanalysis. The idea is to set up a system of multivariate equations such that the solution of the system reveals some secret information of the cryptographic primitive. The system is then solved with Gröbner bases computation. Staying close to the topic of hash functions, we have applied this tool for cryptanalysis and construction of multivariate digital signature schemes, which is a major hash function application. The result of this is our cryptanalysis of the public-key cryptosystem MQQ, where we show exactly why the multivariate quadratic equation system is so easy to solve in practice. The knowledge we gained from finding the underlying weakness of the MQQ scheme was used to construct a digital signature scheme. The resulting scheme, MQQ-SIG, is a provably CMA resistant multivariate quadratic digital signature scheme based on multivariate quadratic quasigroups. The scheme is designed to be very fast both in hardware and in software. Compared to some other multivariate quadratic digital signature schemes, MQQ-SIG is much better in signing and private key size, while worse in key generation, verification and public key size. This means that MQQ-SIG is a good alternative for protocols where the constrained environment is on the side of the signer.PhD i telematikkPhD in Telematic

Effects of tilt on cerebral hemodynamics measured by NeoDoppler in healthy neonates

Background: Today, there are conflicting descriptions of how neonates respond to tilt. Examining physiologic responses of cerebral blood flow velocities (BFVs) in challenging situations like a tilt requires equipment that can cope with positional changes. We aimed to characterize how healthy term neonates respond to mild cerebral hemodynamic stress induced by a 90° tilt test using the recently developed NeoDoppler ultrasound system. Methods: A small ultrasound probe was fixated to the neonatal fontanel by a cap, and measured cerebral BFV in healthy neonates during and after a 90° head-up tilt test, five min in total, at their first and second day of life. Unsupervised k-means cluster analysis was used to characterize common responses. Results: Fifty-six ultrasound recordings from 36 healthy term neonates were analyzed. We identified five distinct, immediate responses that were related to specific outcomes in BFV, heart rate, and pulsatility index the next two min. Among 20 neonates with two recordings, 13 presented with different responses in the two tests. Conclusions: Instant changes in cerebral BFV were detected during the head-up tilt tests, and the cluster analysis identified five different hemodynamic responses. Continuous recordings revealed that the differences between groups persisted two min after tilt.publishedVersio

Live born recipient of twin-twin transfusion syndrome with anomalous mitral arcade

We present a case report of anomalous mitral arcade in a live born former recipient of twin-twin transfusion syndrome. At 33+0 week of gestation fetal ultrasound demonstrated that she had a large mitral insufficiency, decreased movement of the lateral cusp of the mitral valve and dilated left atrium. The twins were delivered by caesarean section at week 33+1 due to fetal distress. The former recipient twin developed decompensated heart failure during her first day of life and was transferred to a surgical paediatric heart centre. Her clinical condition rapidly deteriorated, and she died of congestive heart failure 3 days old. Prenatal signs of anomalous mitral arcade in a recipient of twin-twin transfusion syndrome should warrant preparation of a critically ill neonate, including parental counselling and in utero transfer to surgical paediatric heart centre. There is a surgical treatment option available for neonates, but the experience with this technique is still very limited with a high risk of morbidity and mortality.publishedVersion© BMJ Publishing Group Limited 2019. Re-use permitted under CC BY-NC. No commercial re-use. See rights and permissions. Published by BMJ

A validity study of the rapid emergency Triage and treatment system for children

Background: The Scandinavian Rapid Emergency Triage and Treatment System-pediatric (RETTS-p) is a reliable triage system that includes both assessment of vital parameters and a systematic approach to history and symptoms. In Scandinavia, the system is used in most pediatric emergency departments (PED). We aimed to study the validity of RETTS-p. Methods: We conducted a study based on triage priority ratings from all children assessed in 2013 and 2014 to the PED at St. Olavs University Hospital Trondheim, Norway. Patients were assigned one of four priority ratings, based on the RETTS-p systematic evaluation of individual disease manifestations and vital parameter measurements. In the absence of a gold-standard for true disease severity, we assessed whether priority ratings were associated with 3 proxy variables: 1) hospitalization to the wards (yes vs. no), 2) length of hospital stay (≤ mean vs. > mean, and 3) referral to pediatric intensive care (yes vs. no). We further compared priority ratings with selected diagnoses and procedure codes at discharge. Results: Six thousand three hundred sixty-eight children were included in the study. All analyses were performed in the entire population and separately in pediatric sub-disciplines, medicine (n = 4741) and surgery (general and neurosurgery) (n = 1306). In the entire population and the sub-disciplines, a high priority rate was significantly associated with hospitalization to wards, a longer hospital stay and referral to the pediatric intensive care unit compared to patients with low priority. We observed a dose-response relationship between increased triage code level and indicators of more severe disease (p-trend < 0.001). For the same three proxy variables, the sensitivity was 54, 61 and 83%, respectively, and the specificity 66, 62 and 57%, respectively. Subgroup analyzes within the most common complaints, demonstrated that more severe conditions were higher prioritized than less severe conditions for both medical and surgical patients. Overall, children with surgical diagnoses attained lower priority ratings than children with medical diagnoses. Conclusions: RETTS-p priority ratings varies among a broad spectrum of pediatric conditions and mirror medical urgency in both medical and surgical disciplines. RETTS-p is a valid triage system for children as used in a university hospital setting.publishedVersio

Low frequency cerebral arterial and venous flow oscillations in healthy neonates measured by NeoDoppler

Background: A cerebroprotective effect of low frequency oscillations (LFO) in cerebral blood flow (CBF) has been suggested in adults, but its significance in neonates is not known. This observational study evaluates normal arterial and venous cerebral blood flow in healthy neonates using NeoDoppler, a novel Doppler ultrasound system which can measure cerebral hemodynamics continuously. Method: Ultrasound Doppler data was collected for 2 h on the first and second day of life in 36 healthy term born neonates. LFO (0.04–0.15 Hz) were extracted from the velocity curve by a bandpass filter. An angle independent LFO index was calculated as the coefficient of variation of the filtered curve. Separate analyses were done for arterial and venous signals, and results were related to postnatal age and behavioral state (asleep or awake). Results: The paper describes normal physiologic variations of arterial and venous cerebral hemodynamics. Mean (SD) arterial and venous LFO indices (%) were 6.52 (2.55) and 3.91 (2.54) on day one, and 5.60 (1.86) and 3.32 (2.03) on day two. After adjusting for possible confounding factors, the arterial LFO index was estimated to decrease by 0.92 percent points per postnatal day (p < 0.001). The venous LFO index did not change significantly with postnatal age (p = 0.539). Arterial and venous LFO were not notably influenced by behavioral state. Conclusion: The results indicate that arterial LFO decrease during the first 2 days of life in healthy neonates. This decrease most likely represents normal physiological changes related to the transitional period. A similar decrease for venous LFO was not found.publishedVersio

OBSERVATION: An explicit form for a class of second preimages for any message M for the SHA-3 candidate Keccak

In this short note we give an observation about the SHA- 3 candidate Keccak[r,c,d], where the parameters r,c and d receive values from the formal proposal for the Keccak hash function (with the hash output of n = c bits). We show how an attacker that will spend a one-time effort to find a second preimage for the value z0 = Keccak[r, c, d](0^r) will actually get infinite number of second preimages for free, for any message M. Our observation is an adaptation of similar attacks that have been reported by Aumasson et.al and Ferguson et.al for the SHA-3 candidate CubeHash. By this observation we do not contradict security claims present in the official Keccak submission, but we allocate a property in the design of the function: we get an explicit form for a class of second preimages for any message M. As far as we know, this kind of property is not known neither for MD5, SHA-1, SHA-2 nor the other SHA-3 candidates

Dr. Digi - Utvikling av et brukersentrert design for helsebooking

Denne bacheloroppgaven går ut på utviklingen av helsebookingtjenesten Dr. Digi i form av innsiktsarbeid og prosessen med prototyping. Denne bacheloroppgaver tar for seg problemstillingen «Hvordan kan designet til Dr. Digi anvendes for å oppnå en enkel og god brukeropplevelse i en digital helsebookingtjeneste?». Denne problemstillingen er et resultat av innsikten til prosjektet som ble gjort gjennom to kvalitative primære metoder som var intervju og workshop. Hovedresultatene som kom fra dette var, enkel steg for steg booking, god informasjonsflyt og en god søk- og filterfunksjon for å enkelt finne riktig spesialist etter variabler som pris, sted, type spesialist og kjønn. Dette prosjektet resulterte i en fullstendig prototype, både for mobilapp og nettside for desktop. Denne løsningen er utviklet for en bred målgruppe, med et stort fokus på universell utforming og WCAG regler, i tillegg til at brukernes behov er tatt med i utviklingen av det ferdige produktet. Det ferdige produktet er en prototype for både mobil og desktop basert på brukerinnsikt.This bachelor thesis sets the spotlight on the development of the health-booking software Dr.Digi, that includes research and prototyping. The thesis addresses the problem-statement “How can the design of Dr. Digi be utilized to achieve a simple and good user experience in a digital health-booking software?”. This problem statement is a result of user insight to the project that was done through two quantitative methods: interview and workshop. The main results gathered from this, was an easy step-by-step booking, great information-flow, as well as a good search- and filter function to easy find the right specialist trough variables like price, location, specialist type and gender of the specialist. This project resulted in a fully working prototype, both for mobile- and desktop platforms. The solution is developed for a wide target-audience, with universal design and WCAG-rules centralized, as well as user-needs are taken into consideration in the final product. The final product is a digital prototype for mobile and desktop, customized for the user