Breaking ‘128-bit Secure’ Supersingular Binary Curves

In late 2012 and early 2013 the discrete logarithm problem (DLP) in finite fields of small characteristic underwent a dramatic series of breakthroughs, culminating in a heuristic quasi-polynomial time algorithm, due to Barbulescu, Gaudry, Joux and Thomé. Using these developments, Adj, Menezes, Oliveira and Rodríguez-Henríquez analysed the concrete security of the DLP, as it arises from pairings on (the Jacobians of) various genus one and two supersingular curves in the literature, which were originally thought to be 128-bit secure. In particular, they suggested that the new algorithms have no impact on the security of a genus one curve over F21223 , and reduce the security of a genus two curve over F2367 to 94.6 bits. In this paper we propose a new field representation and efficient general descent principles which together make the new techniques far more practical. Indeed, at the ‘128-bit security level’ our analysis shows that the aforementioned genus one curve has approximately 59 bits of security, and we report a total break of the genus two curv

On the Triple-Error-Correcting Cyclic Codes with Zero Set {1,2 i + 1,2 j + 1}

Abstract. Weconsideraclassof3-error-correctingcycliccodesoflength 2 m −1 over the two-element field F2. The generator polynomial of a code of this class has zeroes α,α 2i +1 and α 2 j +1, where α is a primitive element of the field F2 m. In short, {1,2i +1,2 j +1} refers to the zero set of these codes. Kasami in 1971 and Bracken and Helleseth in 2009, showed that cyclic codes with zeroes {1,2 ℓ +1,2 3ℓ +1} and {1,2 ℓ +1,2 2ℓ +1} respectively are 3-error correcting, where gcd(ℓ,m) = 1. We present a sufficient condition so that the zero set {1,2 ℓ +1,2 pℓ +1}, gcd(ℓ,m) = 1 gives a 3-error-correcting cyclic code. The question for p> 3 is open. In addition, we determine all the 3-error-correcting cyclic codes in the class {1,2 i + 1,2 j + 1} for m < 20. We investigate their weight distribution via their duals and observe that they have the same weight distribution as 3-error-correcting BCH codes for m < 14. Further our experiment shows that these codes are not equivalent to the 3-error-correcting BCH code in general. We also study the Schaub algorithm which determines a lower bound of the minimum distance of a cyclic code. We introduce a pruning strategy to improve the Schaub algorithm. Finally we study the cryptographic property of a Boolean function, called spectral immunity which is directly related to the minimum distance of cyclic codes over F2m. We apply the improved Schaub algorithm in order to find a lower bound of the spectral immunity of a Boolean function related to the zero set {1,2 i +1,2 j +1}

Rare and low-frequency coding variants alter human adult height

Pathophysiology, epidemiology and therapy of agein