A New Algorithm for the Unbalanced Meet-in-the-Middle Problem

A collision search for a pair of $n$-bit unbalanced functions (one is $R$ times more expensive than the other) is an instance of the meet-in-the-middle problem, solved with the familiar standard algorithm that follows the tradeoff $TM=N$, where $T$ and $M$ are time and memory complexities and $N=2^n$. By combining two ideas, unbalanced interleaving and Oorschot-Wiener parallel collision search, we construct an alternative algorithm that follows $T^2 M = R^2 N$, where $M\le R$. Among others, the algorithm solves the well-known open problem: how to reduce the memory of unbalanced collision search

M-SIDH and MD-SIDH: countering SIDH attacks by masking information

The SIDH protocol is an isogeny-based key exchange protocol using supersingular isogenies, designed by Jao and De Feo in 2011. The protocol underlies the SIKE algorithm which advanced to the fourth round of NIST\u27s post-quantum standardization project in May 2022. The algorithm was considered very promising: indeed the most significant attacks against SIDH were meet-in-the-middle variants with exponential complexity, and torsion point attacks which only applied to unbalanced parameters (and in particular, not to SIKE). This security picture dramatically changed in August 2022 with new attacks by Castryck-Decru, Maino-Martindale and Robert. Like prior attacks on unbalanced versions, these new attacks exploit torsion point information provided in the SIDH protocol. Crucially however, the new attacks embed the isogeny problem into a similar isogeny problem in a higher dimension to also affect the balanced parameters. As a result of these works, the SIKE algorithm is now fully broken both in theory and in practice. Given the considerable interest attracted by SIKE and related protocols in recent years, it is natural to seek countermeasures to the new attacks. In this paper, we introduce two such countermeasures based on partially hiding the isogeny degrees and torsion point information in the SIDH protocol. We present a preliminary analysis of the resulting schemes including non-trivial generalizations of prior attacks. Based on this analysis we suggest parameters for our M-SIDH variant with public key sizes of 4434, 7037 and 9750 bytes respectively for NIST security levels 1, 3, 5

PI-based controller for low-power distributed inverters to maximise reactive current injection while avoiding over voltage during voltage sags

This paper is a postprint of a paper submitted to and accepted for publication in IET Power Electronics and is subject to Institution of Engineering and Technology Copyright. The copy of record is available at the IET Digital Library.In the recently deregulated power system scenario, the growing number of distributed generation sources should be considered as an opportunity to improve stability and power quality along the grid. To make progress in this direction, this work proposes a reactive current injection control scheme for distributed inverters under voltage sags. During the sag, the inverter injects, at least, the minimum amount of reactive current required by the grid code. The flexible reactive power injection ensures that one phase current is maintained at its maximum rated value, providing maximum support to the most faulted phase voltage. In addition, active power curtailment occurs only to satisfy the grid code reactive current requirements. As well as, a voltage control loop is implemented to avoid overvoltage in non-faulty phases, which otherwise would probably occur due to the injection of reactive current into an inductive grid. The controller is proposed for low-power rating distributed inverters where conventional voltage support provided by large power plants is not available. The implementation of the controller provides a low computational burden because conventional PI-based control loops may apply. Selected experimental results are reported in order to validate the effectiveness of the proposed control scheme.Peer ReviewedPostprint (updated version

Equal-Subset-Sum Faster Than the Meet-in-the-Middle

In the Equal-Subset-Sum problem, we are given a set S of n integers and the problem is to decide if there exist two disjoint nonempty subsets A,B subseteq S, whose elements sum up to the same value. The problem is NP-complete. The state-of-the-art algorithm runs in O^*(3^(n/2)) <= O^*(1.7321^n) time and is based on the meet-in-the-middle technique. In this paper, we improve upon this algorithm and give O^*(1.7088^n) worst case Monte Carlo algorithm. This answers a question suggested by Woeginger in his inspirational survey. Additionally, we analyse the polynomial space algorithm for Equal-Subset-Sum. A naive polynomial space algorithm for Equal-Subset-Sum runs in O^*(3^n) time. With read-only access to the exponentially many random bits, we show a randomized algorithm running in O^*(2.6817^n) time and polynomial space

P-class phasor measurement unit algorithms using adaptive filtering to enhance accuracy at off-nominal frequencies

While the present standard C.37.118-2005 for Phasor Measurement Units (PMUs) requires testing only at steady-state conditions, proposed new versions of the standard require much more stringent testing, involving frequency ramps and off-nominal frequency testing. This paper presents two new algorithms for “P Class” PMUs which enable performance at off-nominal frequencies to be retained at levels comparable to the performance for nominal frequency input. The performances of the algorithms are compared to the “Basic” Synchrophasor Estimation Model described in the new standard. The proposed algorithms show a much better performance than the “Basic” algorithm, particularly in the measurements of frequency and rate-of-change-of-frequency at off-nominal frequencies and in the presence of unbalance and harmonics

The pp-Center Problem in Tree Networks Revisited

We present two improved algorithms for weighted discrete $p$-center problem for tree networks with $n$ vertices. One of our proposed algorithms runs in $O(n \log n + p \log^2 n \log(n/p))$ time. For all values of $p$, our algorithm thus runs as fast as or faster than the most efficient $O(n\log^2 n)$ time algorithm obtained by applying Cole's speed-up technique [cole1987] to the algorithm due to Megiddo and Tamir [megiddo1983], which has remained unchallenged for nearly 30 years. Our other algorithm, which is more practical, runs in $O(n \log n + p^2 \log^2(n/p))$ time, and when $p=O(\sqrt{n})$ it is faster than Megiddo and Tamir's $O(n \log^2n \log\log n)$ time algorithm [megiddo1983]

Directed Hamiltonicity and Out-Branchings via Generalized Laplacians

We are motivated by a tantalizing open question in exact algorithms: can we detect whether an $n$-vertex directed graph $G$ has a Hamiltonian cycle in time significantly less than $2^n$? We present new randomized algorithms that improve upon several previous works: 1. We show that for any constant $0<\lambda<1$ and prime $p$ we can count the Hamiltonian cycles modulo $p^{\lfloor (1-\lambda)\frac{n}{3p}\rfloor}$ in expected time less than $c^n$ for a constant $c<2$ that depends only on $p$ and $\lambda$. Such an algorithm was previously known only for the case of counting modulo two [Bj\"orklund and Husfeldt, FOCS 2013]. 2. We show that we can detect a Hamiltonian cycle in $O^*(3^{n-\alpha(G)})$ time and polynomial space, where $\alpha(G)$ is the size of the maximum independent set in $G$. In particular, this yields an $O^*(3^{n/2})$ time algorithm for bipartite directed graphs, which is faster than the exponential-space algorithm in [Cygan et al., STOC 2013]. Our algorithms are based on the algebraic combinatorics of "incidence assignments" that we can capture through evaluation of determinants of Laplacian-like matrices, inspired by the Matrix--Tree Theorem for directed graphs. In addition to the novel algorithms for directed Hamiltonicity, we use the Matrix--Tree Theorem to derive simple algebraic algorithms for detecting out-branchings. Specifically, we give an $O^*(2^k)$-time randomized algorithm for detecting out-branchings with at least $k$ internal vertices, improving upon the algorithms of [Zehavi, ESA 2015] and [Bj\"orklund et al., ICALP 2015]. We also present an algebraic algorithm for the directed $k$-Leaf problem, based on a non-standard monomial detection problem