A kilobit hidden SNFS discrete logarithm computation

We perform a special number field sieve discrete logarithm computation in a 1024-bit prime field. To our knowledge, this is the first kilobit-sized discrete logarithm computation ever reported for prime fields. This computation took a little over two months of calendar time on an academic cluster using the open-source CADO-NFS software. Our chosen prime $p$ looks random, and $p--1$ has a 160-bit prime factor, in line with recommended parameters for the Digital Signature Algorithm. However, our p has been trapdoored in such a way that the special number field sieve can be used to compute discrete logarithms in $\mathbb{F}\_p^*$ , yet detecting that p has this trapdoor seems out of reach. Twenty-five years ago, there was considerable controversy around the possibility of back-doored parameters for DSA. Our computations show that trapdoored primes are entirely feasible with current computing technology. We also describe special number field sieve discrete log computations carried out for multiple weak primes found in use in the wild. As can be expected from a trapdoor mechanism which we say is hard to detect, our research did not reveal any trapdoored prime in wide use. The only way for a user to defend against a hypothetical trapdoor of this kind is to require verifiably random primes

Elements of Design for Containers and Solutions in the LinBox Library

We describe in this paper new design techniques used in the \cpp exact linear algebra library \linbox, intended to make the library safer and easier to use, while keeping it generic and efficient. First, we review the new simplified structure for containers, based on our \emph{founding scope allocation} model. We explain design choices and their impact on coding: unification of our matrix classes, clearer model for matrices and submatrices, \etc Then we present a variation of the \emph{strategy} design pattern that is comprised of a controller--plugin system: the controller (solution) chooses among plug-ins (algorithms) that always call back the controllers for subtasks. We give examples using the solution \mul. Finally we present a benchmark architecture that serves two purposes: Providing the user with easier ways to produce graphs; Creating a framework for automatically tuning the library and supporting regression testing.Comment: 8 pages, 4th International Congress on Mathematical Software, Seoul : Korea, Republic Of (2014

Solution of Large Sparse System of Linear Equations over GF(2) on a Multi Node Multi GPU Platform

We provide an efficient multi-node, multi-GPU implementation of the Block Wiedemann Algorithm (BWA)to find the solution of a large sparse system of linear equations over GF(2). One of the important applications ofsolving such systems arises in most integer factorization algorithms like Number Field Sieve. In this paper, wedescribe how hybrid parallelization can be adapted to speed up the most time-consuming sequence generation stage of BWA. This stage involves generating a sequence of matrix-matrix products and matrix transpose-matrix products where the matrices are very large, highly sparse, and have entries over GF(2). We describe a GPU-accelerated parallel method for the computation of these matrix-matrix products using techniques like row-wise parallel distribution of the first matrix over multi-node multi-GPU platform using MPI and CUDA and word-wise XORing of rows of the second matrix. We also describe the hybrid parallelization of matrix transpose-matrix product computation, where we divide both the matrices row-wise into equal-sized blocks using MPI. Then after a GPU-accelerated matrix transpose-matrix product generation, we combine all those blocks using MPI_BXOR operation in MPI_Reduce to obtain the result. The performance of hybrid parallelization of the sequence generation step on a hybrid cluster using multiple GPUs has been compared with parallelization on only multiple MPI processors. We have used this hybrid parallel sequence generation tool for the benchmarking of an HPC cluster. Detailed timings of the complete solution of number field sieve matrices of RSA-130, RSA-140, and RSA-170 are also compared in this paper using up to 4 NVidia V100 GPUs of a DGX station. We got a speedup of 2.8 after parallelization on 4 V100 GPUs compared to that over 1 GPU

Parallel cryptanalysis

Most of today’s cryptographic primitives are based on computations that are hard to perform for a potential attacker but easy to perform for somebody who is in possession of some secret information, the key, that opens a back door in these hard computations and allows them to be solved in a small amount of time. To estimate the strength of a cryptographic primitive it is important to know how hard it is to perform the computation without knowledge of the secret back door and to get an understanding of how much money or time the attacker has to spend. Usually a cryptographic primitive allows the cryptographer to choose parameters that make an attack harder at the cost of making the computations using the secret key harder as well. Therefore designing a cryptographic primitive imposes the dilemma of choosing the parameters strong enough to resist an attack up to a certain cost while choosing them small enough to allow usage of the primitive in the real world, e.g. on small computing devices like smart phones. This thesis investigates three different attacks on particular cryptographic systems: Wagner’s generalized birthday attack is applied to the compression function of the hash function FSB. Pollard’s rho algorithm is used for attacking Certicom’s ECC Challenge ECC2K-130. The implementation of the XL algorithm has not been specialized for an attack on a specific cryptographic primitive but can be used for attacking some cryptographic primitives by solving multivariate quadratic systems. All three attacks are general attacks, i.e. they apply to various cryptographic systems; the implementations of Wagner’s generalized birthday attack and Pollard’s rho algorithm can be adapted for attacking other primitives than those given in this thesis. The three attacks have been implemented on different parallel architectures. XL has been parallelized using the Block Wiedemann algorithm on a NUMA system using OpenMP and on an Infiniband cluster using MPI. Wagner’s attack was performed on a distributed system of 8 multi-core nodes connected by an Ethernet network. The work on Pollard’s Rho algorithm is part of a large research collaboration with several research groups; the computations are embarrassingly parallel and are executed in a distributed fashion in several facilities with almost negligible communication cost. This dissertation presents implementations of the iteration function of Pollard’s Rho algorithm on Graphics Processing Units and on the Cell Broadband Engine

Magnetic Modelling of Synchronous Reluctance and Internal Permanent Magnet Motors Using Radial Basis Function Networks

The general trend toward more intelligent energy-aware ac drives is driving the development of new motor topologies and advanced model-based control techniques. Among the candidates, pure reluctance and anisotropic permanent magnet motors are gaining popularity, despite their complex structure. The availability of accurate mathematical models that describe these motors is essential to the design of any model-based advanced control. This paper focuses on the relations between currents and flux linkages, which are obtained through innovative radial basis function neural networks. These special drive-oriented neural networks take as inputs the motor voltages and currents, returning as output the motor flux linkages, inclusive of any nonlinearity and cross-coupling effect. The theoretical foundations of the radial basis function networks, the design hints, and a commented series of experimental results on a real laboratory prototype are included in this paper. The simple structure of the neural network fits for implementation on standard drives. The online training and tracking will be the next steps in field programmable gate array based control systems

Simulating the Impact of Traffic Calming Strategies

This study assessed the impact of traffic calming measures to the speed, travel times and capacity of residential roadways. The study focused on two types of speed tables, speed humps and a raised crosswalk. A moving test vehicle equipped with GPS receivers that allowed calculation of speeds and determination of speed profiles at 1s intervals were used. Multi-regime model was used to provide the best fit using steady state equations; hence the corresponding speed-flow relationships were established for different calming scenarios. It was found that capacities of residential roadway segments due to presence of calming features ranged from 640 to 730 vph. However, the capacity varied with the spacing of the calming features in which spacing speed tables at 1050 ft apart caused a 23% reduction in capacity while 350-ft spacing reduced capacity by 32%. Analysis showed a linear decrease of capacity of approximately 20 vphpl, 37 vphpl and 34 vphpl when 17 ft wide speed tables were spaced at 350 ft, 700 ft, and 1050 ft apart respectively. For speed hump calming features, spacing humps at 350 ft reduced capacity by about 33% while a 700 ft spacing reduced capacity by 30%. The study concludes that speed tables are slightly better than speed humps in terms of preserving the roadway capacity. Also, traffic calming measures significantly reduce the speeds of vehicles, and it is best to keep spacing of 630 ft or less to achieve desirable crossing speeds of less or equal to 15 mph especially in a street with schools nearby. A microscopic simulation model was developed to replicate the driving behavior of traffic on urban road diets roads to analyze the influence of bus stops on traffic flow and safety. The impacts of safety were assessed using surrogate measures of safety (SSAM). The study found that presence of a bus stops for 10, 20 and 30 s dwell times have almost 9.5%, 12%, and 20% effect on traffic speed reductions when 300 veh/hr flow is considered. A comparison of reduction in speed of traffic on an 11 ft wide road lane of a road diet due to curbside stops and bus bays for a mean of 30s with a standard deviation of 5s dwell time case was conducted. Results showed that a bus stop bay with the stated bus dwell time causes an approximate 8% speed reduction to traffic at a flow level of about 1400 vph. Analysis of the trajectories from bust stop locations showed that at 0, 25, 50, 75, 100, 125, 150, and 175 feet from the intersection the number of conflicts is affected by the presence and location of a curbside stop on a segment with a road diet

The impact of inter-vehicle communication on vehicular traffic

The work addresses communication networks established over radio equipped vehicles in our everyday road traffic, so called Vehicular Ad Hoc Networks (VANETs), and discusses their impact on two major goals, namely traffic safety and traffic efficiency. For both objectives, the thesis proposes an appropriate modeling of the essential building blocks Traffic, Communication and Application and enables impact assessment studies by means of implemented simulation tools

Cryptanalysis of Elisabeth-4

Elisabeth-4 is a stream cipher tailored for usage in hybrid homomorphic encryption applications that has been introduced by Cosseron et al. at ASIACRYPT 2022. In this paper, we present several variants of a key-recovery attack on the full Elisabeth-4 that break the 128-bit security claim of that cipher. Our most optimized attack is a chosen-IV attack with a time complexity of $2^{88}$ elementary operations, a memory complexity of $2^{54}$ bits and a data complexity of $2^{41}$ bits. Our attack applies the linearization technique to a nonlinear system of equations relating some keystream bits to the key bits and exploits specificities of the cipher to solve the resulting linear system efficiently. First, due to the structure of the cipher, the system to solve happens to be very sparse, which enables to rely on sparse linear algebra and most notably on the Block Wiedemann algorithm. Secondly, the algebraic properties of the two nonlinear ingredients of the filtering function cause rank defects which can be leveraged to solve the linearized system more efficiently with a decreased data and time complexity. We have implemented our attack on a toy version of Elisabeth-4 to verify its correctness. It uses the efficient implementation of the Block Wiedemann algorithm of CADO-NFS for the sparse linear algebra