下载文档原格式
数据分析英语试题及答案一、选择题(每题2分,共10分)1. Which of the following is not a common data type in data analysis?A. NumericalB. CategoricalC. TextualD. Binary2. What is the process of transforming raw data into an understandable format called?A. Data cleaningB. Data transformationC. Data miningD. Data visualization3. In data analysis, what does the term "variance" refer to?A. The average of the data pointsB. The spread of the data points around the meanC. The sum of the data pointsD. The highest value in the data set4. Which statistical measure is used to determine the central tendency of a data set?A. ModeB. MedianC. MeanD. All of the above5. What is the purpose of using a correlation coefficient in data analysis?A. To measure the strength and direction of a linear relationship between two variablesB. To calculate the mean of the data pointsC. To identify outliers in the data setD. To predict future data points二、填空题(每题2分,共10分)6. The process of identifying and correcting (or removing) errors and inconsistencies in data is known as ________.7. A type of data that can be ordered or ranked is called________ data.8. The ________ is a statistical measure that shows the average of a data set.9. A ________ is a graphical representation of data that uses bars to show comparisons among categories.10. When two variables move in opposite directions, the correlation between them is ________.三、简答题(每题5分,共20分)11. Explain the difference between descriptive andinferential statistics.12. What is the significance of a p-value in hypothesis testing?13. Describe the concept of data normalization and its importance in data analysis.14. How can data visualization help in understanding complex data sets?四、计算题(每题10分,共20分)15. Given a data set with the following values: 10, 12, 15, 18, 20, calculate the mean and standard deviation.16. If a data analyst wants to compare the performance of two different marketing campaigns, what type of statistical test might they use and why?五、案例分析题(每题15分,共30分)17. A company wants to analyze the sales data of its products over the last year. What steps should the data analyst take to prepare the data for analysis?18. Discuss the ethical considerations a data analyst should keep in mind when handling sensitive customer data.答案:一、选择题1. D2. B3. B4. D5. A二、填空题6. Data cleaning7. Ordinal8. Mean9. Bar chart10. Negative三、简答题11. Descriptive statistics summarize and describe thefeatures of a data set, while inferential statistics make predictions or inferences about a population based on a sample.12. A p-value indicates the probability of observing the data, or something more extreme, if the null hypothesis is true. A small p-value suggests that the observed data is unlikely under the null hypothesis, leading to its rejection.13. Data normalization is the process of scaling data to a common scale. It is important because it allows formeaningful comparisons between variables and can improve the performance of certain algorithms.14. Data visualization can help in understanding complex data sets by providing a visual representation of the data, making it easier to identify patterns, trends, and outliers.四、计算题15. Mean = (10 + 12 + 15 + 18 + 20) / 5 = 14, Standard Deviation = √[(Σ(xi - mean)^2) / N] = √[(10 + 4 + 1 + 16 + 36) / 5] = √52 / 5 ≈ 3.816. A t-test or ANOVA might be used to compare the means ofthe two campaigns, as these tests can determine if there is a statistically significant difference between the groups.五、案例分析题17. The data analyst should first clean the data by removing any errors or inconsistencies. Then, they should transformthe data into a suitable format for analysis, such ascreating a time series for monthly sales. They might also normalize the data if necessary and perform exploratory data analysis to identify any patterns or trends.18. A data analyst should ensure the confidentiality andprivacy of customer data, comply with relevant data protection laws, and obtain consent where required. They should also be transparent about how the data will be used and take steps to prevent any potential misuse of the data.。
八年级科技前沿英语阅读理解25题1<背景文章>Artificial intelligence (AI) has been making remarkable strides in the medical field in recent years. AI - powered systems are being increasingly utilized in various aspects of healthcare, bringing about significant improvements and new possibilities.One of the most prominent applications of AI in medicine is in disease diagnosis. AI algorithms can analyze vast amounts of medical data, such as patient symptoms, medical histories, and test results. For example, deep - learning algorithms can scan X - rays, CT scans, and MRIs to detect early signs of diseases like cancer, pneumonia, or heart diseases. These algorithms can often spot minute details that might be overlooked by human doctors, thus enabling earlier and more accurate diagnoses.In the realm of drug development, AI also plays a crucial role. It can accelerate the process by predicting how different molecules will interact with the human body. AI - based models can sift through thousands of potential drug candidates in a short time, identifying those with the highest probability of success. This not only saves time but also reduces the cost associated with traditional trial - and - error methods in drug research.Medical robots are another area where AI is making an impact.Surgical robots, for instance, can be guided by AI systems to perform complex surgeries with greater precision. These robots can filter out the natural tremors of a surgeon's hand, allowing for more delicate and accurate incisions. Additionally, there are robots designed to assist in patient care, such as those that can help patients with limited mobility to move around or perform simple tasks.However, the application of AI in medicine also faces some challenges. Issues like data privacy, algorithmic bias, and the need for regulatory approval are important considerations. But overall, the potential of AI to transform the medical field is vast and holds great promise for the future of healthcare.1. What is one of the main applications of AI in the medical field according to the article?A. Designing hospital buildings.B. Disease diagnosis.C. Training medical students.D. Managing hospital finances.答案:B。
高中英语学术调研单选题50题1. In academic research, it is essential to be precise and ______ in data collection.A. accurateB. approximateC. roughD. casual答案:A。
本题考查形容词词义辨析。
“accurate”意为“精确的,准确的”,在学术研究中,数据收集需要精确准确,A 选项符合语境。
“approximate”表示“大约的,近似的”;“rough”指“粗糙的,粗略的”;“casual”意思是“随便的,偶然的”,这三个选项都不符合学术研究中对数据收集的要求。
2. The scholar spent years conducting ______ studies to prove his theory.A. extensiveB. intensiveC. expensiveD. expansive答案:B。
“intensive”有“集中的,深入的”之意,在学术研究中,进行深入的研究才能证明理论,B 选项符合。
“extensive”侧重于“广泛的”;“expensive”是“昂贵的”;“expansive”意为“广阔的,扩张的”,均不符合本题学术研究的语境。
3. The ______ of this academic paper was highly praised by the experts.A. formatB. contentC. styleD. structure答案:D。
本题考查名词词义。
“structure”表示“结构”,学术论文的结构受到高度赞扬,D 选项恰当。
“format”指“格式”;“content”是“内容”;“style”为“风格”,相比之下,结构更能被整体评价和赞扬。
4. To make the academic research more ______, a large sample size was needed.A. reliableB. unstableC. questionableD. doubtful答案:A。
A controversy erupted in the scientific community in early 1998 over the use of DNA (deoxyribonucleic acid ) fingerprinting in criminal investigations. DNA fingerprinting was introduced in 1987 as a method to identify individuals based on a pattern seen in their DNA, the molecule of which genes are made. DNA is present in every cell of the body except red blood cells. DNA fingerprinting has been used successfully in various ways, such as to determine paternity where it is not clear who the father of a particular child is. However, it is in the area of criminal investigations that DNA fingerprinting has potentially powerful and controversial uses.DNA fingerprinting and other DNA analysis techniques have revolutionized criminal investigations by giving investigators powerful new tools in the attempt to trove guilt, not just establish innocence. When used in criminal investigations, a DNA fingerprint pattern from a suspect is compared with a DNA fingerprint pattern obtained from such material as hairs or blood found at the scene of a crime. A match between the two DNA samples can be used as evidence to convict a suspect.The controversy in 1998 stemmed form a report published in December 1991 by population geneticists Richard C. Lewontin of Harvard University in Cambridge, Mass., and Daniel L. Hartl called into question the methods to calculate how likely it is that a match between two DNA fingerprints might occur by chance alone. In particular, they argued that the current method cannot properly determine the likelihood that two DNA samples will match because they came from the same individual rather than simply from two different individuals who are members of the same ethnic group. Lewontin and Hartl called for better surveys of DNA patterns methods are adequate.In response to their criticisms, population geneticists Ranajit Chakraborty of the University of Texas in Dallas and Kenneth K.Kidd of Yale University in New Haven, Conn., argued that enough data are already available to show that the methods currently being used are adequate. In January 1998, however, the federal Bureau of Investigation and laboratories that conduct DNA tests announced that they would collect additional DNA samples form various ethnic groups in an attempt to resolve some of these questions. And, in April, a National Academy of Sciences called for strict standards and system of accreditation for DNA testing laboratories.1.Before DNA fingerprinting is used, suspects____.A.would have to leave their fingerprints for further investigationsB.would have to submit evidence for their innocenceC.could easily escape conviction of guiltD.cold be convicted of guilt as well2.DNA fingerprinting can be unreliable when ____.A.the methods used for blood- cell calculation are not accurateB.two different individuals of the same ethnic group may have the same DNA fingerprinting patternC.a match is by chance left with fingerprints that happen to belong to two different individualsD.two different individuals leave two DNA samples.3.To geneticists like Lewontin and Hartl, the current method ____.A.is not so convincing as to exclude the likelihood that two DNA samples can never come from two individualsB.is arguable because two individuals of the same ethnic group are likely to have the same DNA pattern.C.Is not based on adequate scientific theory of geneticsD.Is theoretically contradictory to what they have been studying4.The attitude of the Federal Bereau of Investigation shows that ____.A.enough data are yet to be collected form various ethnic groups to confirm the unlikelihood of two DNA samples coming from two individual membersB.enough data of DNA samples should be collected to confirm that only DNA samples form the same person can matchC.enough data are yet to be collected from various ethnic groups to determine the likelihood of two different DNA samples coming form the same personD.additional samples from various ethnic groups should be collected to determine that two DNA samples are unlikely tocome from the same person5.National Academy of Sciences holds the stance that ____.A.DNA testing should be systematized。
S C I论文写作中一些常用的句型总结(一)很多文献已经讨论过了一、在Introduction里面经常会使用到的一个句子:很多文献已经讨论过了。
它的可能的说法有很多很多,这里列举几种我很久以前搜集的:A.??Solar energy conversion by photoelectrochemical cells?has been intensively investigated.?(Nature 1991, 353, 737 - 740?)B.?This was demonstrated in a number of studies that?showed that composite plasmonic-metal/semiconductor photocatalysts achieved significantly higher rates in various photocatalytic reactions compared with their pure semiconductor counterparts.C.?Several excellent reviews describing?these applications are available, and we do not discuss these topicsD.?Much work so far has focused on?wide band gap semiconductors for water splitting for the sake of chemical stability.(DOI:10.1038/NMAT3151)E.?Recent developments of?Lewis acids and water-soluble organometalliccatalysts?have attracted much attention.(Chem. Rev. 2002, 102, 3641?3666)F.?An interesting approach?in the use of zeolite as a water-tolerant solid acid?was described by?Ogawa et al(Chem.Rev. 2002, 102, 3641?3666)G.?Considerable research efforts have been devoted to?the direct transition metal-catalyzed conversion of aryl halides toaryl nitriles. (J. Org. Chem. 2000, 65, 7984-7989) H.?There are many excellent reviews in the literature dealing with the basic concepts of?the photocatalytic processand the reader is referred in particular to those by Hoffmann and coworkers,Mills and coworkers, and Kamat.(Metal oxide catalysis,19,P755)I. Nishimiya and Tsutsumi?have reported on(proposed)the influence of the Si/Al ratio of various zeolites on the acid strength, which were estimated by calorimetry using ammonia. (Chem.Rev. 2002, 102, 3641?3666)二、在results and discussion中经常会用到的:如图所示A. GIXRD patterns in?Figure 1A show?the bulk structural information on as-deposited films.?B.?As shown in Figure 7B,?the steady-state current density decreases after cycling between 0.35 and 0.7 V, which is probably due to the dissolution of FeOx.?C.?As can be seen from?parts a and b of Figure 7, the reaction cycles start with the thermodynamically most favorable VOx structures(J. Phys. Chem. C 2014, 118, 24950?24958)这与XX能够相互印证:A.?This is supported by?the appearance in the Ni-doped compounds of an ultraviolet–visible absorption band at 420–520nm (see Fig. 3 inset), corresponding to an energy range of about 2.9 to 2.3 eV.B. ?This?is consistent with the observation from?SEM–EDS. (Z.Zou et al. / Chemical Physics Letters 332 (2000) 271–277)C.?This indicates a good agreement between?the observed and calculated intensities in monoclinic with space groupP2/c when the O atoms are included in the model.D. The results?are in good consistent with?the observed photocatalytic activity...E. Identical conclusions were obtained in studies?where the SPR intensity and wavelength were modulated by manipulating the composition, shape,or size of plasmonic nanostructures.?F.??It was also found that areas of persistent divergent surfaceflow?coincide?with?regions where convection appears to be consistently suppressed even when SSTs are above 27.5°C.(二)1. 值得注意的是...A.?It must also be mentioned that?the recycling of aqueous organic solvent is less desirable than that of pure organic liquid.B.?Another interesting finding is that?zeolites with 10-membered ring pores showed high selectivities (>99%) to cyclohexanol, whereas those with 12-membered ring pores, such as mordenite, produced large amounts of dicyclohexyl ether. (Chem. Rev. 2002, 102,3641?3666)C.?It should be pointed out that?the nanometer-scale distribution of electrocatalyst centers on the electrode surface is also a predominant factor for high ORR electrocatalytic activity.D.?Notably,?the Ru II and Rh I complexes possessing the same BINAP chirality form antipodal amino acids as the predominant products.?(Angew. Chem. Int. Ed., 2002, 41: 2008–2022)E. Given the multitude of various transformations published,?it is noteworthy that?only very few distinct?activation?methods have been identified.?(Chem. Soc. Rev., 2009,?38, 2178-2189)F.?It is important to highlight that?these two directing effects will lead to different enantiomers of the products even if both the “H-bond-catalyst” and the?catalyst?acting by steric shielding have the same absolute stereochemistry. (Chem. Soc. Rev.,?2009,?38, 2178-2189)G.?It is worthwhile mentioning that?these PPNDs can be very stable for several months without the observations of any floating or precipitated dots, which is attributed to the electrostatic repulsions between the positively charge PPNDs resulting in electrosteric stabilization.(Adv. Mater., 2012, 24: 2037–2041)2.?...仍然是个挑战A.?There is thereby an urgent need but it is still a significant challenge to?rationally design and delicately tail or the electroactive MTMOs for advanced LIBs, ECs, MOBs, and FCs.?(Angew. Chem. Int. Ed.2 014, 53, 1488 – 1504)B.?However, systems that are?sufficiently stable and efficient for practical use?have not yet been realized.C.??It?remains?challenging?to?develop highly active HER catalysts based on materials that are more abundant at lower costs. (J. Am. Chem.Soc.,?2011,?133, ?7296–7299)D.?One of the?great?challenges?in the twenty-first century?is?unquestionably energy storage. (Nature Materials?2005, 4, 366 - 377?)众所周知A.?It is well established (accepted) / It is known to all / It is commonlyknown?that?many characteristics of functional materials, such as composition, crystalline phase, structural and morphological features, and the sur-/interface properties between the electrode and electrolyte, would greatly influence the performance of these unique MTMOs in electrochemical energy storage/conversion applications.(Angew. Chem. Int. Ed.2014,53, 1488 – 1504)B.?It is generally accepted (believed) that?for a-Fe2O3-based sensors the change in resistance is mainly caused by the adsorption and desorption of gases on the surface of the sensor structure. (Adv. Mater. 2005, 17, 582)C.?As we all know,?soybean abounds with carbon,?nitrogen?and oxygen elements owing to the existence of sugar,?proteins?and?lipids. (Chem. Commun., 2012,?48, 9367-9369)D.?There is no denying that?their presence may mediate spin moments to align parallel without acting alone to show d0-FM. (Nanoscale, 2013,?5, 3918-3930)(三)1. 正如下文将提到的...A.?As will be described below(也可以是As we shall see below),?as the Si/Al ratio increases, the surface of the zeolite becomes more hydrophobic and possesses stronger affinity for ethyl acetate and the number of acid sites decreases.(Chem. Rev. 2002, 102, 3641?3666)B. This behavior is to be expected and?will?be?further?discussed?below. (J. Am. Chem. Soc.,?1955,?77, 3701–3707)C.?There are also some small deviations with respect to the flow direction,?whichwe?will?discuss?below.(Science, 2001, 291, 630-633)D.?Below,?we?will?see?what this implies.E.?Complete details of this case?will?be provided at a?later?time.E.?很多论文中,也经常直接用see below来表示,比如:The observation of nanocluster spheres at the ends of the nanowires is suggestive of a VLS growth process (see?below). (Science, 1998, ?279, 208-211)2. 这与XX能够相互印证...A.?This is supported by?the appearance in the Ni-doped compounds of an ultraviolet–visible absorption band at 420–520 nm (see Fig. 3 inset), corresponding to an energy range of about 2.9 to 2.3 eVB.This is consistent with the observation from?SEM–EDS. (Chem. Phys. Lett. 2000, 332, 271–277)C.?Identical conclusions were obtained?in studies where the SPR intensity and wavelength were modulated by manipulating the composition, shape, or size of plasmonic nanostructures.?(Nat. Mater. 2011, DOI: 10.1038/NMAT3151)D. In addition, the shape of the titration curve versus the PPi/1 ratio,?coinciding withthat?obtained by fluorescent titration studies, suggested that both 2:1 and 1:1 host-to-guest complexes are formed. (J. Am. Chem. Soc. 1999, 121, 9463-9464)E.?This unusual luminescence behavior is?in accord with?a recent theoretical prediction; MoS2, an indirect bandgap material in its bulk form, becomes a direct bandgapsemiconductor when thinned to a monolayer.?(Nano Lett.,?2010,?10, 1271–1275)3.?我们的研究可能在哪些方面得到应用A.?Our ?ndings suggest that?the use of solar energy for photocatalytic watersplitting?might provide a viable source for?‘clean’ hydrogen fuel, once the catalyticef?ciency of the semiconductor system has been improved by increasing its surface area and suitable modi?cations of the surface sites.B. Along with this green and cost-effective protocol of synthesis,?we expect that?these novel carbon nanodots?have potential applications in?bioimaging andelectrocatalysis.(Chem. Commun., 2012,?48, 9367-9369)C.?This system could potentially be applied as?the gain medium of solid-state organic-based lasers or as a component of high value photovoltaic (PV) materials, where destructive high energy UV radiation would be converted to useful low energy NIR radiation. (Chem. Soc. Rev., 2013,?42, 29-43)D.?Since the use of?graphene?may enhance the photocatalytic properties of TiO2?under UV and visible-light irradiation,?graphene–TiO2?composites?may potentially be usedto?enhance the bactericidal activity.?(Chem. Soc. Rev., 2012,?41, 782-796)E.??It is the first report that CQDs are both amino-functionalized and highly fluorescent,?which suggests their promising applications in?chemical sensing.(Carbon, 2012,?50,?2810–2815)(四)1. 什么东西还尚未发现/系统研究A. However,systems that are sufficiently stable and efficient for practical use?have not yet been realized.B. Nevertheless,for conventional nanostructured MTMOs as mentioned above,?some problematic disadvantages cannot be overlooked.(Angew. Chem. Int. Ed.2014,53, 1488 – 1504)C.?There are relatively few studies devoted to?determination of cmc values for block copolymer micelles. (Macromolecules 1991, 24, 1033-1040)D. This might be the reason why, despite of the great influence of the preparation on the catalytic activity of gold catalysts,?no systematic study concerning?the synthesis conditions?has been published yet.?(Applied Catalysis A: General2002, 226, ?1–13)E.?These possibilities remain to be?explored.F.??Further effort is required to?understand and better control the parameters dominating the particle surface passivation and resulting properties for carbon dots of brighter photoluminescence. (J. Am. Chem. Soc.,?2006,?128?, 7756–7757)2.?由于/因为...A.?Liquid ammonia?is particularly attractive as?an alternative to water?due to?its stability in the presence of strong reducing agents such as alkali metals that are used to access lower oxidation states.B.?The unique nature of?the cyanide ligand?results from?its ability to act both as a σdonor and a π acceptor combined with its negativecharge and ambidentate nature.C.?Qdots are also excellent probes for two-photon confocalmicroscopy?because?they are characterized by a very large absorption cross section?(Science ?2005,?307, 538-544).D.?As a result of?the reductive strategy we used and of the strong bonding between the surface and the aryl groups, low residual currents (similar to those observed at a bare electrode) were obtained over a large window of potentials, the same as for the unmodified parent GC electrode. (J. Am. Chem. Soc. 1992, 114, 5883-5884)E.?The small Tafel slope of the defect-rich MoS2 ultrathin nanosheets is advantageous for practical?applications,?since?it will lead to a faster increment of HER rate with increasing overpotential.(Adv. Mater., 2013, 25: 5807–5813)F. Fluorescent carbon-based materials have drawn increasing attention in recent years?owing to?exceptional advantages such as high optical absorptivity, chemical stability, biocompatibility, and low toxicity.(Angew. Chem. Int. Ed., 2013, 52: 3953–3957)G.??On the basis of?measurements of the heat of immersion of water on zeolites, Tsutsumi etal. claimed that the surface consists of siloxane bondings and is hydrophobicin the region of low Al content. (Chem. Rev. 2002, 102, 3641?3666)H.?Nanoparticle spatial distributions might have a large significance for catalyst stability,?given that?metal particle growth is a relevant deactivation mechanism for commercial catalysts.?3. ...很重要A.?The inhibition of additional nucleation during growth, in other words, the complete separation?of nucleation and growth,?is?critical(essential, important)?for?the successful synthesis of monodisperse nanocrystals. (Nature Materials?3, 891 - 895 (2004))B.??In the current study,?Cys,?homocysteine?(Hcy) and?glutathione?(GSH) were chosen as model?thiol?compounds since they?play important (significant, vital, critical) roles?in many biological processes and monitoring of these?thiol?compounds?is of great importance for?diagnosis of diseases.(Chem. Commun., 2012,?48, 1147-1149)C.?This is because according to nucleation theory,?what really matters?in addition to the change in temperature ΔT?(or supersaturation) is the cooling rate.(Chem. Soc. Rev., 2014,?43, 2013-2026)(五)1. 相反/不同于A.?On the contrary,?mononuclear complexes, called single-ion magnets (SIM), have shown hysteresis loops of butterfly/phonon bottleneck type, with negligiblecoercivity, and therefore with much shorter relaxation times of magnetization. (Angew. Chem. Int. Ed., 2014, 53: 4413–4417)B.?In contrast,?the Dy compound has significantly larger value of the transversal magnetic moment already in the ground state (ca. 10?1?μB), therefore allowing a fast QTM. (Angew. Chem. Int. Ed., 2014, 53: 4413–4417)C.?In contrast to?the structural similarity of these complexes, their magnetic behavior exhibits strong divergence.?(Angew. Chem. Int. Ed., 2014, 53: 4413–4417)D.?Contrary to?other conducting polymer semiconductors, carbon nitride ischemically and thermally stable and does not rely on complicated device manufacturing. (Nature materials, 2009, 8(1): 76-80.)E.?Unlike?the spherical particles they are derived from that Rayleigh light-scatter in the blue, these nanoprisms exhibit scattering in the red, which could be useful in developing multicolor diagnostic labels on the basis not only of nanoparticle composition and size but also of shape. (Science 2001,? 294, 1901-1903)2. 发现,阐明,报道,证实可供选择的词包括:verify, confirm, elucidate, identify, define, characterize, clarify, establish, ascertain, explain, observe, illuminate, illustrate,demonstrate, show, indicate, exhibit, presented, reveal, display, manifest,suggest, propose, estimate, prove, imply, disclose,report, describe,facilitate the identification of?举例:A. These stacks appear as nanorods in the two-dimensional TEM images, but tilting experiments?confirm that they are nanoprisms.?(Science 2001,? 294, 1901-1903)B. Note that TEM?shows?that about 20% of the nanoprisms are truncated.?(Science 2001,? 294, 1901-1903)C. Therefore, these calculations not only allow us to?identify?the important features in the spectrum of the nanoprisms but also the subtle relation between particle shape and the frequency of the bands that make up their spectra.?(Science 2001,? 294, 1901-1903)D. We?observed?a decrease in intensity of the characteristic surface plasmon band in the ultraviolet-visible (UV-Vis) spectroscopy for the spherical particles at λmax?= 400 nm with a concomitant growth of three new bands of λmax?= 335 (weak), 470 (medium), and 670 nm (strong), respectively. (Science 2001,? 294, 1901-1903)E. In this article, we present data?demonstrating?that opiate and nonopiate analgesia systems can be selectively activated by different environmental manipulationsand?describe?the neural circuitry involved. (Science 1982, 216, 1185-1192)F. This?suggests?that the cobalt in CoP has a partial positive charge (δ+), while the phosphorus has a partial negative charge (δ?),?implying?a transfer of electron density from Co to P.?(Angew. Chem., 2014, 126: 6828–6832)3. 如何指出当前研究的不足A. Although these inorganic substructures can exhibit a high density of functional groups, such as bridging OH groups, and the substructures contribute significantly to the adsorption properties of the material,surprisingly little attention has been devoted to?the post-synthetic functionalization of the inorganic units within MOFs. (Chem. Eur. J., 2013, 19: 5533–5536.)B.?Little is known,?however, about the microstructure of this material. (Nature Materials 2013,12, 554–561)C.?So far, very little information is available, and only in?the absorber film, not in the whole operational devices. (Nano Lett.,?2014,?14?(2), pp 888–893)D.?In fact it should be noted that very little optimisation work has been carried out on?these devices. (Chem. Commun., 2013,?49, 7893-7895)E. By far the most architectures have been prepared using a solution processed perovskite material,?yet a few examples have been reported that?have used an evaporated perovskite layer. (Adv. Mater., 2014, 27: 1837–1841.)F. Water balance issues have been effectively addressed in PEMFC technology through a large body of work encompassing imaging, detailed water content and water balance measurements, materials optimization and modeling,?but very few of these activities have been undertaken for?anion exchange membrane fuel cells,? primarily due to limited materials availability and device lifetime. (J. Polym. Sci. Part B: Polym. Phys., 2013, 51: 1727–1735)G. However,?none of these studies?tested for Th17 memory, a recently identified T cell that specializes in controlling extracellular bacterial infections at mucosal surfaces. (PNAS, 2013,?111, 787–792)H. However,?uncertainty still remains as to?the mechanism by which Li salt addition results in an extension of the cathodic reduction limit. (Energy Environ. Sci., 2014,?7, 232-250)I.?There have been a number of high profile cases where failure to?identify the most stable crystal form of a drug has led to severe formulation problems in manufacture. (Chem. Soc. Rev., 2014,?43, 2080-2088)J. However,?these measurements systematically underestimate?the amount of ordered material. ( Nature Materials 2013, 12, 1038–1044)(六)1.?取决于a.?This is an important distinction, as the overall activity of a catalyst will?depend on?the material properties, synthesis method, and other possible species that can be formed during activation.?(Nat. Mater.?2017,16,225–229)b.?This quantitative partitioning?was determined by?growing crystals of the 1:1 host–guest complex between?ExBox4+?and corannulene. (Nat. Chem.?2014,?6177–178)c.?They suggested that the Au particle size may?be the decisive factor for?achieving highly active Au catalysts.(Acc. Chem. Res.,?2014,?47, 740–749)d.?Low-valent late transition-metal catalysis has?become indispensable to?chemical synthesis, but homogeneous high-valent transition-metal catalysis is underdeveloped, mainly owing to the reactivity of high-valent transition-metal complexes and the challenges associated with synthesizing them.?(Nature2015,?517,449–454)e.?The polar effect?is a remarkable property that enables?considerably endergonic C–H abstractions?that would not be possible otherwise.?(Nature?2015, 525, 87–90)f.?Advances in heterogeneous catalysis?must rely on?the rational design of new catalysts. (Nat. Nanotechnol.?2017, 12, 100–101)g.?Likely, the origin of the chemoselectivity may?be also closely related to?the H?bonding with the N or O?atom of the nitroso moiety, a similar H-bonding effect is known in enamine-based nitroso chemistry. (Angew. Chem. Int. Ed.?2014, 53: 4149–4153)2.?有很大潜力a.?The quest for new methodologies to assemble complex organic molecules?continues to be a great impetus to?research efforts to discover or to optimize new catalytic transformations. (Nat. Chem.?2015,?7, 477–482)b.?Nanosized faujasite (FAU) crystals?have great potential as?catalysts or adsorbents to more efficiently process present and forthcoming synthetic and renewablefeedstocks in oil refining, petrochemistry and fine chemistry. (Nat. Mater.?2015, 14, 447–451)c.?For this purpose, vibrational spectroscopy?has proved promising?and very useful.?(Acc Chem Res. 2015, 48, 407–413.)d.?While a detailed mechanism remains to be elucidated and?there is room for improvement?in the yields and selectivities, it should be remarked that chirality transfer upon trifluoromethylation of enantioenriched allylsilanes was shown. (Top Catal.?2014,?57: 967.?)e.?The future looks bright for?the use of PGMs as catalysts, both on laboratory and industrial scales, because the preparation of most kinds of single-atom metal catalyst is likely to be straightforward, and because characterization of such catalysts has become easier with the advent of techniques that readily discriminate single atoms from small clusters and nanoparticles. (Nature?2015, 525, 325–326)f.?The unique mesostructure of the 3D-dendritic MSNSs with mesopore channels of short length and large diameter?is supposed to be the key role in?immobilization of active and robust heterogeneous catalysts, and?it would have more hopeful prospects in?catalytic applications. (ACS Appl. Mater. Interfaces,?2015,?7, 17450–17459)g.?Visible-light photoredox catalysis?offers exciting opportunities to?achieve challenging carbon–carbon bond formations under mild and ecologically benign conditions. (Acc. Chem. Res.,?2016, 49, 1990–1996)3. 因此同义词:Therefore, thus, consequently, hence, accordingly, so, as a result这一条比较简单,这里主要讲一下这些词的副词词性和灵活运用。
价格的利润生物公司正在吞噬可改变动物DNA序列的所有专利。
这是对阻碍医学研究发展的一种冲击。
木匠认为他们的贸易工具是理所当然的。
他们买木材和锤子后,他们可以使用木材和锤子去制作任何他们所选择的东西。
多年之后来自木材厂和工具储藏室的人并没有任何进展,也没有索要利润份额。
对于那些打造明日药物的科学家们来说,这种独立性是一种罕见的奢侈品。
发展或是发现这些生物技术贸易中的工具和稀有材料的公司,对那些其他也用这些工具和材料的人进行了严格的监控。
这些工具包括关键基因的DNA序列,人类、动物植物和一些病毒的基因的部分片段,例如,HIV,克隆细胞,酶,删除基因和用于快速扫描DNA样品的DNA 芯片。
为了将他们这些关键的资源得到手,医学研究人员进场不得不签署协议,这些协议可以制约他们如何使用这些资源或是保证发现这些的公司可以得到最终结果中的部分利益。
许多学者称这抑制了了解和治愈疾病的进程。
这些建议使Harold得到了警示,Harold是华盛顿附近的美国国家卫生研究院的院长,在同年早期,他建立了一个工作小组去调查此事。
由于他的提早的调查,下个月出就能发布初步的报告。
来自安阿伯密歇根大学的法律教授,该工作组的主席Rebecea Eisenberg说,她们的工作组已经听到了好多研究者的抱怨,在它们中有一份由美国联合大学技术管理组提交的重量级的卷宗。
为了帮助收集证据,NIH建立了一个网站,在这个网站上研究者们可以匿名举报一些案件,这些案件他们相信他们的工作已经被这些限制性许可证严重阻碍了。
迫使研究人员在出版之前需要将他们的手稿展示给公司的这一保密条款和协议是投诉中最常见的原因之一。
另一个问题是一些公司坚持保有自动许可证的权利,该许可证是有关利用他们物质所生产的任何未来将被发现的产品,并且这些赋予他们对任何利用他们的工具所赚取的利润的支配权利的条款也有保有的权利。
Eisenberg说:“如果你不得不签署了许多这样的条款的话,那真的是一个大麻烦”。
引文格式:蒲芝雨, 杨玉菊, 张安勉, 等. 7个候选内参基因在樟叶越橘不同组织中的表达及稳定性分析[J]. 云南农业大学学报(自然科学), 2023, 38(5): 868−877. DOI: 10.12101/j.issn.1004-390X(n).2022080367个候选内参基因在樟叶越橘不同组织中的表达及稳定性分析*蒲芝雨1, 杨玉菊1, 张安勉1, 李国泽2, 余进德1, 赵 平3, 丁 勇1 **(1. 西南林业大学,云南省高校林木生物技术重点实验室,云南 昆明 650224;2. 保山中医药高等专科学校基础医学院,云南 保山 678000;3. 西南林业大学,西南地区林业生物质资源高效利用国家林业与草原局重点实验室,云南 昆明 650224)摘要: 【目的】筛选樟叶越橘不同组织部位基因表达分析的最适内参基因。
【方法】基于樟叶越橘三代转录组测序数据,筛选出PP2A -1、PP2A -2、EIF -4A -1、EIF -4A -2、60S -1、60S -2和ARP -1共7个候选内参基因;利用qRT-PCR 技术对目标基因在樟叶越橘不同组织(嫩叶、成熟叶、花芽、花、绿色果实、红色果实、绿果果梗和红果果梗)的表达水平进行检测,应用geNorm 、NormFinder 和BestKeeper 3种方法分析评估基因表达的稳定性,通过RefFinder 方法综合评价以筛选出樟叶越橘不同组织的最适内参基因;以樟叶越橘绿原酸合成途径中苯丙氨酸解氨酶基因(PAL )的组织表达情况验证内参基因稳定性评价结果的可靠性。
【结果】樟叶越橘的不同组织中,60S-2基因表达的稳定性居于首位,其次是PP2A-2基因,ARP -1、60S -1和EIF -4A -2基因表达的稳定性居中,EIF-4A-1基因表达的稳定性最差。
应用60S -2内参基因分析获得的樟叶越橘不同组织中PAL 基因表达量与绿原酸含量的变化趋势一致,表明PAL 基因参与了樟叶越橘体内绿原酸的合成。
启明学院时间:2021.03.08 创作:欧阳与选拔考试温习指导适用于所有想要考入启明学院的亲注意事项:(所有历年的试题是保密的不过售,所以市面买的试卷都是假的,都是投机的“热心青年”的杰作,题目每年城市有修改。
本套试题是某一届师哥师姐根据回忆和后期加工制作的。
包管了权威性和真实性,并且出于公益绝不以盈利为目的希望各位亲尊重前人的劳动,不要用来挣小学弟学妹的money)总论启明学院的优惠政策,包含保研率60%左右,每人一个导师的制度,还有就是实验室的优先使用权,奖学金的评定优势(加权高,名额多)等。
并且师资配备也是很好的。
淘汰机制:除执行学校本科生学籍管理规定外,凡呈现以下情况之一者,应转出学院(一)学业评价不合格;(二)因各种原因受警告或警告以上处罚;(三)因身体状况不克不及坚持继续学习;(四)自愿申请退出。
入学须知(同济部分)鉴于以往招生的各种事端总结,特此公示几个注意事项。
1.进入这个班不是所有的人城市出国,每年交换生名额有6个,原则是三届中德班竞争名额,但主要是年夜二和年夜三这两届中德班分享,合同两年签一次,有停止续约的可能。
不过一般会有合同的。
2.出国虽然不收学费,可是生活费还是要自己出的,年夜约710万人民币,小城市可能会少一些。
3.这个班是本科六年制的。
4.在报考之前请确定自己会真心想加入这个班级,在这里解释一下,每年城市几个同学通过了口试却保持面试资格,这样自己可能无所谓,可是却占用了贵重的面试名额,对那些真心想进入的同学是个不公平的恶性竞争。
5.相信不是每个报考中德班的临床专业的人都是想要出国吧,所以要仔细考虑如果不出国的话,能不克不及接受6年本科,究竟其他专业的学生使用这个考试机会可以转专业,对已经是临床专业学生的意义要权衡一下。
(主校区院系注意事项)同样是进这个班的意义问题,有人说好,保研率高,实验班,有人却在里面被埋没,明明很努力却连奖学金都拿不到。
选拔考试分口试和面试。
Drug Discovery and Natural Products It may be argued that drug discovery is a recent concept that evolved from modern science during the 20th century, but this concept in reality dates back many centuries, and has its origins in nature. On many occasions, humans have turned to Mother Nature for cures, and discovered unique drug molecules. Thus, the term natural product has become almost synonymous with the concept of drug discovery. In modem drug discovery and development processes, natural products play an important role at the early stage of "lead" discovery, i.e. discovery of the active (determined by various bioassays) natural molecule, which itself or its structural analogues could be an ideal drug candidate.1.origin ['ɔridʒin] n.起点,端点; 来源;出身, 血统.2.Synonymous [sɪ'nɔnəməs]adj.同义的,类义的.3.i.e. [,aɪ'i:] <拉> abbr. (=id est) 即,换言之.4.candidate ['kændidit] n.申请求职者, 候选人;报考者;候选物.有人可能认为药物发现是一个20世纪才出现的、来源于现代科学的新概念,但是事实上这个概念是源于自然界的,可以追溯到许多个世纪以前。
A Synthetic Indifferentiability Analysis of SomeBlock-Cipher-based Hash Functions∗Zheng Gong,Xuejia Lai and Kefei ChenDepartment of Computer Science and EngineeringShanghai Jiaotong University,Chinaneoyan@,{lai-xj,chen-kf}@AbstractNowadays,investigating what construction is better to be a crypto-graphic hash function is red hot.In[13],Maurer et al.first introducedthe notion of indifferentiability as a generalization of the concept ofthe indistinguishability of two cryptosystems.At ASIACRYPT’06,Chang et al.[6]analyzed the indifferentiability security of some popu-lar block-cipher-based hash functions,such as PGV constructions andMDC-2.In this paper,we investigate Chang et al.’s analysis of PGVconstructions and the PBGV double block length constructions.Inparticular,we point out a more precise adversarial advantage of indif-ferentiability,by considering the two situations that whether the hashfunction is either keyed or not.Furthermore,Chang et al.[6]designedattacks on4PGV hash functions and PBGV hash function to provethey are differentiable from random oracle with prefix-free padding.Wefind a limitation in their differentiable attacks and construct oursimulations to obtain the controversy results that those schemes areindifferentiable from random oracle with prefix-free padding and someother popular constructions.1IntroductionBlock-Cipher-Based Hash Function Hash functions are a cryptographic primitive in the design of schemes to provide a unique”fingerprint”on a cer-tain information.If hash functions receive some additional properties,they ∗This paper is supported by NSFC under the grants60573032,90604036and National 863Projects2006AA01Z4221can make schemes more secure and efficient.In practice,one-wayness prop-erty and collision-resistance property are two fundamental conditions for a hash function can be implemented.The cryptoanalysis of a hash function construction is used to basing on the statistical analysis to check whether it preserves the secure conditions.Many articles have discussed those general aspects of how to construct hash functions.Instructive examples can be found in[8,14].Cryptoanalysis on hash functions has been focussed on the question: what conditions should be imposed on f to guarantee that h satisfies certain properties?It is obvious that weakness of f will affect the security of h,but the converse does not hold in general.An accomplished assessing standard is checking whether a CRHF or OWHF can be derived from an idealfixed size compression function or an ideal block cipher.In practice,most of hash functions are either explicitly based on block-cipher for[24,12]or implicitly as in SHA-1[16].Preneel et al.[19]proposed 64kinds of constructions to build up a hash function H:{0,1}∗→{0,1}n from a compression function f:{0,1}n×{0,1}k→{0,1}n by using a block cipher E:{0,1}k×{0,1}l→{0,1}l.They regards12out of64schemes(We denote these12schemes by PGV-Group1)as secure,besides the remaining 52schemes were shown to be not collision resistant or preimage resistant. Recently,Black,Rogaway and Shrimption[3]proved that in a black box model,the12schemes are really secure.Furthermore,they showed that an additional8of the52remaining schemes are collision resistant as thefirst12 schemes(We will call these8schemes as PGV-Group2),which are classified as backward-attackable(potential but not serious)in[19].Random Oracle Model Random oracle methodology was proposed by Bellare and Rogaway in[1],which is quickly wide-used because the schemes design under such model would be more efficient and practical while compare to the standard model ones.In most applications,random oracle is an oracle that anybody can query but no one has control over.This is according to a completely valid application of the random oracle(as explained in[1]). Then in some proofs,random oracle is considered to be under control of a simulator.The simulator can listen to any query made to the oracle,so he knows what queries were asked.Yet he has no control over the output,so the oracle still remains a truly random oracle[10].Finally in some proofs, random oracle is considered to be under complete control of a simulator. The simulator can actually manipulate the answers the oracle gives,as long as the result is indistinguishable from a random oracle[4].Since random oracle performs quite like hash function,people is sug-2gested to replace random oracle in their schemes with a”secure”dedicated hash function,such as SHA-1,SHA-256,etc.In variant applications,the re-quirements impose on the hash function are also different.E.g.,in authority implementations,hash functions are always used to store manipulation de-tective code(MDC)corresponding to the password,instead of the password itself,which implies that one-wayness is sufficient.But in digital signa-ture schemes,hash functions must be collision-resistance,since two distinct messages have the same hash value allows forgery and repudiation.Formal construction of hash functions totally focus on the statistical cryptanalysis to make the proof of the security.One has to be careful with the selection of the hash function,because a specific vulnerability will be found in between the digital signature scheme and the hash function[5,17].Since we can prove such scheme is secure in random oracle model,this back to the efforts that how can we design an ideal hash function same as random oracle.Indifferentiability Methodology Research on how to instantiate the ran-dom oracle with a certain hash function has been a hot argumentation in recent years.Many valuable references on this problem could not be indi-cated at a specific location:[9,11,15].The problem has been focussed on the question:what conditions should be imposed on the round function F to make sure that the transform C F satisfies the certain conditions of the random oracle.This approach is based on the fact that one of the problems in assessing the security of a hash function is caused by the arbitrary size of input.It is clear that the weakness of F will generally result in weakness of C F,but the converse does not hold in general.The main problem is to derive such that sufficient conditions.In[13],Maurer et al.first provide a term ”indifferentiability”and a formal model to”distinguish”whether a given construction has any different from a heuristic random rmally, indifferentiability methodology is a white-box analysis that be restrictive to investigate all of the internal interfaces in the construction,while indis-tinguishability methodology is just a black-box analysis which ignores the internal.Recently,Coron et al.[7]first implemented the notion of indifferentia-bility for analysis of some classical hash constructions.They proved that plain Merkle-Damgard hash function is differentiable with random oracle, and show MD hash functions will be indifferentiable under the prefix-free, HMAC/NMAC and Chop constructions.Following Coron et al.’s initial work,Chang et al.[6]continued this suggestion and analyzed the indifferen-tiability in some block-cipher-based hash functions with prefix-free padding, especially in PGV hash functions.They claimed that there are16out of320collision-resistant PGV hash functions are indifferentiable from random oracle in the ideal cipher model,while the remains4schemes are not.And they also gave an differentiable attack on the PBGV double block length hash function[18].Some Missing Results The authors of[6]only focused on collision-free event,not all of the security events on hash function,e.g.,preimage attack, second preimage attack,etc.Sepcifically,they only analyzed the situation in unkeyed mode of hash functions.Since keyed hash functions are receiving more and more attention,after the genius attacks were found by Wang et al.in dedicated-key hash functions,such as MD4,MD5and SHA-1[22,23]. The indifferentiability security analysis of keyed hash function becomes both practically and theoretically significant.Prior to the current work,we are unaware of any indifferentiability advantage analysis for the keyed hash func-tions based on any block-cipher.We begin by giving a more suitable defini-tion of adversary in block-cipher-based hash functions and then proposing the advantage of differentiable attackers in either keyed or unkeyed mode to strengthen the result.Moreover,Chang et al.[6]also showed a differentiable attack on4out of20PGV hash functions and PBGV hash function.They said the attacks is not only valid in one-block padded message,but also similar to multi-block message.But wefind aflaw in their attacks,which limits their attacks only works in the one-block mode.As the main contri-bution of this paper,we give our simulations to prove that those schemes are indifferentiable from random oracle with prefix-free padding and some other popular constructions.Organization The remainder of this paper is organized as follows.In Sec-tion2,we provide some necessary definitions on block-cipher-based hash functions and indifferentiability methodology for our security analysis.Then in Section3,first we propose an more exact analysis of adversary’s advan-tage in indifferentiability.After that,we present our security analysis on the four PGV hash functions and PBGV double block length hash function. Section4give a conclusion.2PreliminaryHere we provide those main notions and definitions that will be used through-out the paper.The same terminology and abbreviations in different defini-tions are the same meaning,except there are special claims in the context.42.1Ideal Cipher ModelIdeal cipher model is the formal model for the security analysis of block-cipher-based hash functions,which is dating back to Shannon[21]and widely used,e.g.,in[12,19].Let Bloc(K,X)=E:K×X→X be a family of trapdoor permutation,where E(k i,·),k i∈K(E ki(·)for short)denotes an instance of the family.An adversary can query two oracles:E and its inversion E−1.Thus,we define the i-th query-response q i is a four-tupleq i=(σi,k i,x i,y i).Ifσi=1then adversary inputs(k i,x i)and gets response y i=E ki(x i),otherwise inputs(k i,y i)and gets answer x i=E−1k i(y i).In generally,E k(·)is a trapdoor permutation that P r[E k(x)=y]=1/|X|and for different k,e.g.,E k1(·),···,E ki(·)have independently uniform distributions.See[3]formore details about ideal cipher model.2.2Definitions for Indifferentiability Security AnalysisWe now recall the definitions for indifferentiability security analysis[13]. Definition2.1A Turing machine C with oracle access to an ideal primitive F is said to be(t D,t S,q, )indifferentiable from an ideal primitive Rand if there exists a simulator S,such that for any distinguisher D it holds the advantage of indifferentiability that:Adv(D)=|P r[D C,F=1]−P r[D Rand,S=1]|< ,where S has oracle access to Rand and runs in polynomial time at most t S, and D runs in polynomial time at most t D and makes at most q queries.C F is said to be(computationally)indifferentiable from Rand if is a negligible function of the security parameter k(in polynomial time t D and t S).It is showed in[13]that if C F is indifferentiable from Rand,then C F can replace Rand in any cryptosystem,and the resulting cryptosystem is at least as secure in the F model as in the Rand model.For example,if a block-cipher based iterative hash function C F is indifferentiable from a random oracle Rand in the ideal cipher model,then C F can replace Rand5in any cryptosystem,while keep the resulting system(with C F)remaining secure in the ideal cipher model if the original system(with Rand)is secure in the random oracle model.In the rest of the paper,the Turing Machine C will denote the construc-tion of an iterative hash function.The ideal primitive F will represent the underlying iterative function.E denotes the block cipher used in the iter-ative function and E−1denotes the corresponding inverse operation.Since we focus on block-cipher-based hash functions in case of the ideal cipher model,S has to simulate both E and E−1.Therefore,every distinguisher D obtain the following rules:either the block-cipher E,E−1is chosen at random and the hash function H is con-structed from it,or the hash function H is chosen at random and the block-cipher E,E−1is implemented by a simulator S with oracle access to H. Those two ways to build up a hash function should be indistinguishable. 2.3Adversary in Block-cipher-based Hash FunctionsFor indifferentiability security analysis of block-cipher-based hash functions, we need to formally define the adversary in the indifferentiability model. Chang et al.[6]proposed a definition of the adversary in the random oracle model(attack hash functions based on one-way compression function).We propose our modifications to make it more suitable for block-cipher-based hash functions.Let D be a distinguisher in the indifferentiable attack.D can access two oracles.One is O1=(H,E,E−1),the other is O2=(Rand,S,S−1).H−→denotes iterative hash function based on block-cipher E.Let r i←(IV M−→h j)be the h i)be the i-th query to O1,where M∈M.Let r j←(h i mj-th to O2.Let R i=(r1,···,r i)be the query-response set after i th query. P ad(·)denotes scheme’s padding rule.Let M=m0||m1||··· |m i,where||−→h i can be represented denotes the concatenation operation.In fact,IV M−→h i−→h1···m iby h0m0In[6],Chang et al.only defined one kind of distinguisher’s query.It is not sufficient for block-cipher-based hash functions since the query for H,Rand is quite different from the query for E,E−1,S,S−1.The H,Rand query inputs an arbitrary length message and the response is afixed length hash value,while the E,E−1,S,S−1query is a plain-text or cipher-text in6fixed block length and the output is the corresponding cipher-text or plain text,respectively.Here we give a complete definition for the both cases.•Query on(E,E−1,S,S−1):1.For i-th query on(E,S),distinguisher D inputs Q i=(1,h i−1,m i)and the response is h i=E h(m i)or S(h i−1,m i).Here m i∈Mi−1isfixed one block length,where M denotes message space.2.For j-th query on E−1,S−1,adversary’s query is Q i=(−1,h i−1,c i)and the response is m i=E−1(c i)or S−1(h i−1,c i).Let R i=h i−1−→h i).We denote R=(R1,R2,···,R q)be the R i−1∪(h i−1m icomplete view after the maximum q queries.According to thetransitive and substitute properties of Q i,the functional closureset R∗=(R∗1,···,R∗q)will be the complete view of distinguisherD.•Query on(H,Rand):For i-th query on H,Rand,distinguisher D can select an arbitrary length message Q i=M i∈M as input.Thus the query on keyed hash functions will be Q i=(k i,M i).The response of H,Rand is h i=H(M i)or S(M i)h i∈Y,where Y is the range of the oracles.Let Q i be the i-th query.For brevity,R i=R i−1∪−→h i)denotes the functional closure set after i-th query.Let (IV M iR =(R 1,R 2,···,R q)be the complete view after the maximum q queries.In a simulation game,we will ignore all the repetition query i.e.R i= R j or R i=R j for some j<i.For simplicity,we can assume there is no such trivial query since it does not help distinguisher as the view of indifferentiability.3Security analysis on some popular hash func-tionsIn this section,we point out our indifferentiability advantage analysis on block-cipher-based hash functions.And then we give our indifferentiability security analysis on4out of20PGV hash functions and PBGV double block length hash function.73.1Advantage of IndifferentiabilityThe original analysis given by Chang et al.[6]just covered the situation of collision event.By considering the high-level classification that whether thehash function is either keyed or not,we take all the differentiable events in consideration to achieve a more precise adversarial advantage of indifferen-tiability.First,we describe the situation in unkeyed hash functions.To give a ex-act probability analysis,we must carefully consider all the events that will af-fect the advantage of distinguisher D.Let Bad be the indifferentiable eventof the distinguisher D for iterative hash functions.We assume(H,E,E−1)and(Rand,S,S−1)are identically distributed conditioned on the past viewof the distinguisher and Bad does not occur.Since iterative hash functioncan easily resist extension attack by length padding technique,we will ignorethis event by implicitly using the padding in our discussion.If a hash con-struction already used a padding rule,then we will combine length padding technique with the given rule without special description.For brevity,wedenote the event D H,E,E−1=1by D1and the event D Rand,S,S−1=1by D2.Let Bad i,i∈{1,2}denotes the indifferentiable event for O1=(H,E,E−1)and O2=(Rand,S,S−1),respectively.The function Max(·,·)returns thebiggest value of inputs.If D is a distinguisher then we write Adv(D)as a measure of the maximal differentiable advantage overall distinguishers D.The advantage of the indifferentiability of(H,E,E−1)with(Rand,S,S−1)is as followsAdv(D)=|P r[D H,F,F−1=1]−P r[D Rand,S,S−1=1]|=|(P r[D1∩Bad1]+P r[D1∩¬Bad1])−(P r[D2∩Bad2]+P r[D2∩¬Bad2])|=|(P r[D1|Bad1]×P r[Bad1]−P r[D2|Bad2]×P r[Bad2])+(P r[D1|¬Bad1]×P r[¬Bad1]−P r[D2|¬Bad2]×P r[¬Bad2])|≤Max(P r[Bad1],P r[Bad2]])×|P r[D1|Bad1]−P r[D2|Bad2]|+|P r[D1|¬Bad1]×P r[¬Bad1]−P r[D2|¬Bad2]×P r[Bad2]|≤Max(P r[Bad1],P r[Bad2]])+P r[D1|¬Bad1]×Max(P r[Bad1],P r[Bad2]) =2×Max(P r[Bad1],P r[Bad2]]).Then we analyze the differentiable event Bad in hash functions.For un-keyed hash function,the security properties include collision resistance,sec-8ondary preimage and preimage.Because collision resistance(CR for short) implies second-preimage resistance(Sec for short),while separates from preim-age resistance(P re for short),then the differentiable eventBad={CR,P re}.For keyed hash functions,there are more security properties need to be considered.Besides the standard three of CR,Pre and Sec,there are four always and everywhere variants(aSec,eSec,aPre and ePre)for keyed hash functions.According to the conclusion of implications and separations for keyed hash functions,the differentiable event of keyed hash functions will beBad key={CR,eSec,aP re,eP re}.For brevity,We ignore the description of those security definitions and the proof of the implications and separations here,see[14,20]for more details.3.2Different Result on Chang et al.’s Attack on Some Block-Cipher-Based Hash FunctionsIn[6],Chang et al.showed a differentiable attack on four PGV hash func-tions and PBGV hash function.They said such attack is not only works with one-block padded message,but also more than one block.Wefind a limitation in their attack,which exposed their attack only works in the one-block mode.Then we construct our simulations to prove that those schemes are indifferentiable from random oracle with prefix-free padding and some other popular constructions.3.3The Four PGV Hash FunctionsTo prove their result,Chang et al.gave an indifferentiable attack on the four PGV hash functions.The four schemes are E hi−1(m i)⊕m i(P GV−17),E hi−1(m i⊕h i−1)⊕m i⊕h i−1(P GV−18),E hi−1(m i)⊕m i⊕h i−1(P GV−19),E hi−1(m i⊕h i−1)⊕m i(P GV−20).They claimed that the attack is based on one-block padded message,which is easily extended to more than one block.9We give our analysis that their attack is not feasible in the multi-block mode. And then we prove the four PGV hash functions are indifferentiable from random oracle with prefix-free padding.First we recall Chang et al.’s attack on P GV−17in Fig3.1.Distinguisher D can access to oracles(O1,O2)where O1=(H,E,E−1) and O2=(Rand,S,S−1).1.Select a message M such that g(M)=m and|m|=n,then makethe query M to H and receive z.2.make an inverse query(−1,h i−1,z⊕m)to S−1and receive m∗,where h i−1=h0=IV3.if m=m∗output1,otherwise output0.Fig3.1Chang et al.’s attack on P GV−17.Since any simulator S can return m∗=m only with probability2−n,it is obviously differentiable from random oracle.We see the attack can only works when h i−1=h0=IV,consequently the result is correct only in one block mode.The situation will be quite different while works with padding rules,such as prefix-free or NMAC,etc.In prefix-free mode,z⊕m will equal (m i)and there are no messages shorter than two block in(H,Rand)-to E hi−1query.Because distinguisher D only knows H(M)=z(interior value h i−1is unknown),D cannot make inverse query(−1,h i−1,z⊕m)if h i−1∈R∗.So the attack cannot work in multi-block message mode,which means Chang et al.’s differentiable attack is only feasible in one-block message mode.It is easily to verify the differentiable attack on PBGV hash function fails in multi-block message similarly.If D has asked the internal value h i−1before, then S can track it from the relation closure R.Now we will give our simulation to show the above4PGV hash functions are indifferentiable from random oracle in the prefix-free mode.Let P ad(·) denote the padding algorithm.We can assume distinguisher D never make a repetition query since it does not help anything.•Rand-Query.For Rand-query Q i,If Q i is a repetition query,thenretrieves h j where Q i∈R j.Else Rand returns h i=Rand(M i)and−→h i}.updates R i=R i−1∪{IV M i10•(S,S−1)-Query.Like the previous simulator,our simulator S also keeps the relations R=(R1,···,R i−1).Initially,R0=∅.To answer distinguisher D’s encrypt or decrypt query,the response of S is as follow:1.On S query(1,h i−1,m i),−→h i−1∈R i−1and P ad(M)=m i,then run(a)If∃IV MRand(M)and obtain the response h i,update R i=R i−1∪−→h i},then return h i⊕m i.{h i−1m i−→h i},(b)Else select a random value h i,R i=R i−1∪{h i−1m ithen return h i⊕m i.2.On S−1query(−1,h i−1,c i),−→h i−1∈R i−1,then run Rand(M)and obtain(a)If∃IV Mthe response h i.Check if c i=h i⊕P ad(M),then update−→h i}and return m i=P ad(M).R i=R i−1∪{h i−1P ad(M)(b)Else randomly select a message m i∈M,update R i=R i−1∪{h i−1m i−→c i⊕m i}and return m i.We notice that on S−1query,there is a probability that distinguisher D’s query c i is a valid cipher-text on the key h i−1while h i−1has been never queried.Because q is the maximum times of oracle access and l is the maximum length of a query made by D,the probability that the above event occurs is is equal to P r[P re2]=l·O(q).In the worst case,simulator2n−→h i−1.By convention, S has to track at most l×O(q)to check if∃IV Mthe running time is actual worst case running time of D.Lemma1In P GV−17hash functions with prefix-free padding,P r[Bad1]= 2−n+1·O(q2)and P r[Bad2]=2−n+1·l2·O(q2),where l is the maximum number of length in a hash query.Proof.Assume there are no repetition query.Thus,in case of O1,there are q queries and the probability isP r[Bad1]=2×max{P r[CR1],P r[P re1]}=2×P r[CR1]=2−n+1·O(q2).11Prefix-free MD(IV,M)NMAC Construction(IV,M)M=m1||···||m i,h0=IV M=m1||···||m i,h0=IVFor i=1to i do h i=F(P F P ad(m i),h i−1)For i=1to i do h i=F(m i,h i−1) Return h i Return g(h i)P ad(·)is a Prefix-free padding function g(·)is a random permutation HMAC Construction(IV,M)Chop Construction(IV,M)M=m1||···||m i,h0=IV M=m1||···||m i,h0=IVFor i=1to i do h i=F(m i,h i−1)For i=1to i do h i=F(m i,h i−1) Return h i+1=F(h i,IV)Return Chop(h i)Fig3.2Definitions of the four MD variants proposed in[7].We notice thatstring IV isfixed initialization vector.M is arbitrary message in the space M.P F P ad(m j)returns1||m j if m j is the last block,else returns0||m j.g(x),x∈{0,1}n isa random permutation in{0,1}n.In case of O2,the total number of choices is l×q,where l is the maximum number of length in a hash query.Similarly,the probability isP r[Bad2]=2×max{P r[CR2],P r[P re2]}=2×P r[CR2]=2−n+1·l2·O(q2).According to previous lemma,we have the following theorem of our result.Theorem1Prefix-free PGV-17hash functions in ideal cipher model is(t D,t S,q, )-indifferentiable form a random oracle.For any distinguisherD in polynomial time bound t d and t s=l·O(q),the advantage will be=2−n+1·l2·O(q2),where l is the maximum length of a query made by D. Proof.The results are obvious from the above analysis,so we skip the proof here.By using the similar method we canfind P GV−18,P GV−19,P GV−20are also indifferentiable from random oracle in prefix-free mode.It is easilyto extend the same results in NMAC,HMAC and Chop constructions. Theorem2Prefix-free Group-2hash functions in ideal cipher model is(t D,t S,q, )-indifferentiable form a random oracle.For any distinguisherD in polynomial time bound t D and t S=l·O(q),the advantage will be=2−n+1·l2·O(q2),where l is the maximum length of a query made by D.12Theorem3HMAC/NMAC Group-2hash functions in ideal cipher modelis(t D,t S,q, )-indifferentiable form a random oracle.For any distinguisherD in polynomial time bound t D and t S=l·O(q),the advantage will be=2−n+1·l2·O(q2),where l is the maximum length of a query made by D. Theorem4Chop Group-2hash functions in ideal cipher model is(t D,t S,q, )-indifferentiable form a random oracle.For any distinguisher D in polynomial time bound t D and t S=l·O(q),the advantage will be =2−n+1·l2·O(q2), where l is the maximum length of a query made by D.3.4The PBGV Hash FunctionSimilar to the(Group-2)PGV hash fucntions,Chang et al.’s differentiable attack on the PBGV hash fucntion is also infeasible in multi-block message mode.Here We give our indifferentiability analysis on the PBGV hash function.The PBGV scheme is a double block length hash function proposedin[18].Let IV=h0||g0be initialization vetors.E denotes a block cipher with{0,1}n×{0,1}k→{0,1}n.The PBGV hash function takes l·2k-bit message M=(m1,m2,···,m l)(where m i=m i,1||m i,2,|m i,1|=|m i,2|=k) and IV as inputs.For i=1to l,the PBGV hash fuction H:H(M)=h l||g lis defined as follows.h i=E m(h i−1⊕g i−1)⊕m i−1⊕h i−1⊕g i−1i,1⊕m i,2(h i−1⊕g i−1)⊕m i−1⊕h i−1⊕g i−1g i=E mi,1⊕m i,2Now we give our simulation to prove the PBGV hash function with prefix-free padding is also indifferentiable from random oracle.Let dis-tinguisher D can access to oracles(O1,O2)where O1=(H,E,E−1)andO2=(Rand,S,S−1)•Rand-Query.For Rand-query Q i,If Q i is a repetition query,thenRand retrieves h j where Q i∈R j.Else Rand returns(h i,g i)←−→(h i,g i)}.Rand(M i)and updates R i=R i−1∪{IV M i•(S,S−1)-Query.Like the previous simulator,our simulator S alsokeeps the relations R=(R1,···,R i−1).Initially,R0=∅.To answerdistinguisher D’s query,the response of S is as follow:131.On S query(1,x i,y i),−→(h i−1,g i−1)∈R i−1,first compute P ad(M)=(a)If∃IV Mm i=m i,1||m i,2,then:i.If x i=m i,1⊕m i,2and y i=h i−1⊕g i−1,then runRand(M)and obtain the response(h i,g i),update R i=−→(h i,g i)}and return h i⊕m i,1⊕y i.R i−1∪{(h i−1,g i−1)m iii.Else If x i=m i,1⊕h i−1and y i=m i,2⊕g i−1,then runRand(M)and obtain the response(h i,g i),update R i=−→(h i,g i)}and return g i⊕h i−1⊕y i.R i−1∪{(h i−1,g i−1)m i(b)Else select(h i,g i,h i−1,m i,1)uniformly and randomly,com-pute m i,2=x i⊕m i,1and g i−1=y i⊕h i−1,update R i=−→(h i,g i)}.Return h i⊕m i,1⊕y i.R i−1∪{(h i−1,g i−1)m i2.On S−1query(−1,x i,y i),(a)If∃IV M−→(h i−1,g i−1)∈R i−1,first compute P ad(M)= m i=m i,1||m i,2,then:i.If x i=m i,1⊕m i,2,then run Rand(M)and obtain theresponse(h i,g i).Check if y i=h i⊕m i,1⊕h i−1⊕g i−1,−→(h i,g i)}andthen update R i=R i−1∪{(h i−1,g i−1)m ireturn h i−1⊕g i−1.ii.If x i=m i,1⊕h i−1,then run Rand(M)and obtain theresponse(h i,g i).Check if y i=g i⊕m i,2⊕h i−1⊕g i−1,−→(h i,g i)}andthen update R i=R i−1∪{(h i−1,g i−1)m ireturn m i,2⊕g i−1.(b)Else choose(h i−1,g i−1,m i,1,g i)uniformly and randomly,com-pute h i=y i⊕m i,1⊕h i−1⊕g i−1and m i,2=x i⊕m i,1,up-−→(h i,g i)}.Then return date R i=R i−1∪{(h i−1,g i−1)m ih i−1⊕g i−1.Similarly,we can obtain the following results by implementing the sim-ulation.Lemma2In P BGV double block length hash functions with prefix-free padding,P r[Bad1]=2−2n+1·O(q2)and P r[Bad2]=2−2n+1·l2·O(q2), where l is the maximum number of length in a hash query.Theorem5Prefix-free PBGV double block length hash functions in ideal cipher model is(t D,t S,q, )-indifferentiable form a random oracle.For any14。
