j-lanes hashing is a tree mode that splits an input message to j slices, computes j independent digests of each slice, and outputs the hash value of their concatenation. We demonstrate the performance advantage of j-lanes hashing on SIMD architectures, by coding a 4-lanes-SHA-256 implementation and measuring its performance on the latest 3^{rd} Generation Intel^{R} Core^{TM}. For messages whose lengths range from 2KB to 132KB, we show that the 4-lanes SHA-256 is between 1.5 to 1.97 times faster than the fastest publicly available implementation that we are aware of, and between ~2 to ~2.5 times faster than the OpenSSL 1.0.1c implementation. For long messages, there is no significant performance difference between different choices of j. We show that the 4-lanes SHA-256 is faster than the two SHA3 finalists (BLAKE and Keccak) that have a published tree mode implementation. Finally, we explain why j-lanes hashing will be faster on the coming AVX2 architecture that facilitates using 256 bits registers. These results suggest that standardizing a tree mode for hash functions (SHA-256 in particular) could be useful for performance hungry applications.

j-lanes tree hashing is a tree mode
that splits an input message intojslices, computesjindependent digests of each slice, and
outputs the hash value of their concatenation.j-pointers tree hashing is a
similar tree mode that receives, as input,jpointers tojmessages (or slices of a single message),
computes their digests and outputs the hash value of their concatenation. Such
modes expose parallelization opportunities in a hashing process that is
otherwise serial by nature. As a result, they have a performance advantage on
modern processor architectures. This paper provides precise specifications for
these hashing modes, proposes appropriate IVs, and demonstrates their
performance on the latest processors. Our hope is that it would be useful for standardization
of these modes.

Abstract:
We describe a method for efficiently hashing multiple messages of different lengths. Such computations occur in various scenarios, and one of them is when an operating system checks the integrity of its components during boot time. These tasks can gain performance by parallelizing the computations and using SIMD architectures. For such scenarios, we compare the performance of a new 4-buffers SHA-256 S-HASH implementation, to that of the standard serial hashing. Our results are measured on the 2nd Generation Intel^{?} Core^{TM} Processor, and demonstrate SHA-256 processing at effectively ~5.2 Cycles per Byte, when hashing from any of the three cache levels, or from the system memory. This represents speedup by a factor of 3.42x compared to OpenSSL (1.0.1), and by 2.25x compared to the recent and faster n-SMS method. For hashing from a disk, we show an effective rate of ~6.73 Cycles/Byte, which is almost 3 times faster than OpenSSL (1.0.1) under the same conditions. These results indicate that for some usage models, SHA-256 is significantly faster than commonly perceived.

Abstract:
An oracle chooses a function $f$ from the set of $n$ bits strings to itself, which is either a randomly chosen permutation or a randomly chosen function. When queried by an $n$-bit string $w$, the oracle computes $f(w)$, truncates the $m$ last bits, and returns only the first $n-m$ bits of $f(w)$. How many queries does a querying adversary need to submit in order to distinguish the truncated permutation from a random function? In 1998, Hall et al. showed an algorithm for determining (with high probability) whether or not $f$ is a permutation, using $O(2^{\frac{m+n}{2}})$ queries. They also showed that if $m < n/7$, a smaller number of queries will not suffice. For $m > n/7$, their method gives a weaker bound. In this manuscript, we show how a modification of the method used by Hall et al. can solve the porblem completely. It extends the result to essentially every $m$, showing that $\Omega(2^{\frac{m+n}{2}})$ queries are needed to get a non-negligible distinguishing advantage. We recently became aware that a better bound for the distinguishing advantage, for every $m

Abstract:
An oracle chooses a function $f$ from the set of $n$ bits strings to itself, which is either a randomly chosen permutation or a randomly chosen function. When queried by an $n$-bit string $w$, the oracle computes $f(w)$, truncates the $m$ last bits, and returns only the first $n-m$ bits of $f(w)$. How many queries does a querying adversary need to submit in order to distinguish the truncated permutation from the (truncated) function? In 1998, Hall et al. showed an algorithm for determining (with high probability) whether or not $f$ is a permutation, using $O(2^{\frac{m+n}{2}})$ queries. They also showed that if $m < n/7$, a smaller number of queries will not suffice. For $m > n/7$, their method gives a weaker bound. In this note, we first show how a modification of the approximation method used by Hall et al. can solve the problem completely. It extends the result to practically any $m$, showing that $\Omega(2^{\frac{m+n}{2}})$ queries are needed to get a non-negligible distinguishing advantage. However, more surprisingly, a better bound for the distinguishing advantage can be obtained from a result of Stam published, in a different context, already in 1978. We also show that, at least in some cases, Stam's bound is tight.

Abstract:
The $r$-rounds Even-Mansour block cipher is a generalization of the well known Even-Mansour block cipher to $r$ iterations. Attacks on this construction were described by Nikoli\'c et al. and Dinur et al., for $r = 2, 3$. These attacks are only marginally better than brute force, but are based on an interesting observation (due to Nikoli\'c et al.): for a "typical" permutation $P$, the distribution of $P(x) \oplus x$ is not uniform. This naturally raises the following question. Call permutations for which the distribution of $P(x) \oplus x$ is uniform "balanced." Is there a sufficiently large family of balanced permutations, and what is the security of the resulting Even-Mansour block cipher? We show how to generate families of balanced permutations from the Luby-Rackoff construction, and use them to define a $2n$-bit block cipher from the $2$-rounds Even-Mansour scheme. We prove that this cipher is indistinguishable from a random permutation of $\{0, 1\}^{2n}$, for any adversary who has oracle access to the public permutations and to an encryption/decryption oracle, as long as the number of queries is $o (2^{n/2})$. As a practical example, we discuss the properties and the performance of a $256$-bit block cipher that is based on our construction, and uses AES as the public permutation.

Abstract:
A Hamiltonian that approaches the study of the three-body problem in general relativity is obtained. We use it to study the relativistic version of the circular restricted three-body problem in which the first body is the heaviest and the third body is a test-particle. We focus on the orbits around the 3:2 resonance. We show that, in spite of the notable difference between the relativistic and Newtonian orbits, most of the resonant region is preserved. Nevertheless, differently from the Newtonian case, the frequencies between the second and the third body are no longer commensurable.

Abstract:
During the '70, several relativistic quantum field theory models in $D=1+1$ and also in $D=2+1$ have been constructed in a non-perturbative way. That was done in the so-called {\it constructive quantum field theory} approach, whose main results have been obtained by a clever use of Euclidean functional methods. Although in the construction of a single model there are several technical steps, some of them involving long proofs, the constructive quantum field theory approach contains conceptual insights about relativistic quantum field theory that deserved to be known and which are accessible without entering in technical details. The purpose of this note is to illustrate such insights by providing an oversimplified schematic exposition of the simple case of $\lambda\Phi^4$ (with $m>0$) in $D=1+1$. Because of the absence of ultraviolet divergences in its perturbative version, this simple example -although does not capture all the difficulties in the constructive quantum field theory approach- allows to stress those difficulties inherent to the non-perturbative definition. We have made an effort in order to avoid several of the long technical intermediate steps without missing the main ideas and making contact with the usual language of the perturbative approach.

Abstract:
‘In the midst of life, we are in death’from The Book of Common PrayerThe Palliative Care, or comfort care, movement in the USA is on the rise. Currently, palliative services are not integrated in an organized way throughout healthcare. If we accept the argument that palliative care is ethically desirable and that all patients are entitled to palliative services regardless of a terminal diagnosis, it follows that it needs to be integrated across a wide range of healthcare services. Ethical questions regarding palliative care and well-known ethical frameworks are discussed and an argument is made for integrating palliative healthcare services throughout the healthcare system and not simply at the end of life. Complementary and alternative medicine (CAM) therapies are discussed as useful and necessary components of palliative care. If we as a society look beyond separating cures and palliation, we will come closer to incorporating compassionate care throughout the disease process.

Abstract:
Trata-se deum ensaio sobre os dois circuitos da economia urbana (especificamente o mercado informal) em Kinshasa, capital da República Democrática do Congo. Este ensaio está baseado em dados e experiências da realidade desta cidade, onde buscou-se iluminar, com nova luz, um importante aspecto dos países do Terceiro Mundo: a constru o social do trabalho. O estudo dos dois circuitos da economia urbana, proposto por Milton Santos (1979), valoriza os fen menos da pobreza e do mercado informal como express es simultaneas da domina o e da luta pela sobrevivência.O trabalho apresenta uma interpreta o inovadora e polêmica das causas do predomínio do mercado informal na economia da cidade. A coloniza o e as ditaduras s o as causas do predomínio da pobreza e do mercado informal em Kinshasa, incorporando grande parte da popula o, situa o essa, agravada pelas características atuais do cenário mundial. A seguir, associa-se o conceito de circuito inferior à dinamica do mercado informal em Kinshasa.Como as atividades deste circuito interessam principalmente aos pobres na afirma o de Milton Santos, a pobreza e o mercado informal surgem, simultaneamente, como causa e efeito inegáveis. Palavras-chave: Mercado informal; pobreza; impacto da globaliza o, Kinshasa e República Democrática do Congo.