Efficient arithmetic on elliptic curves in characteristic 2

International audienceWe present normal forms for elliptic curves over a field of characteristic 2 analogous to Edwards normal form, and determine bases of addition laws, which provide strikingly simple expressions for the group law. We deduce efficient algorithms for point addition and scalar multiplication on these forms. The resulting algorithms apply to any elliptic curve over a field of characteristic 2 with a 4-torsion point, via an isomorphism with one of the normal forms. We deduce algorithms for duplication in time $2M + 5S + 2m_c$ and for addition of points in time $7M + 2S$, where $M$ is the cost of multiplication, $S$ the cost of squaring , and $m_c$ the cost of multiplication by a constant. By a study of the Kummer curves $\mathcal{K} = E/\{\pm1]\}$, we develop an algorithm for scalar multiplication with point recovery which computes the multiple of a point P with $4M + 4S + 2m_c + m_t$ per bit where $m_t$ is multiplication by a constant that depends on $P$

Financial diversification before modern portfolio theory: UK financial advice documents in the late nineteenth and the beginning of the twentieth century

The paper offers textual evidence from a series of financial advice documents in the late nineteenth century and the early twentieth century of how UK investors perceived of and managed risk. In the world’s largest financial centre of the time, UK investors were familiar with the concept of correlation and financial advisers’ suggestions were consistent with the recommendations of modern portfolio theory in relation to portfolio selection strategies. From the 1870s, there was an increased awareness of the benefits of financial diversification - primarily putting equal amounts into a number of different securities - with much of the emphasis being on geographical rather than sectoral diversification and some discussion of avoiding highly correlated investments. Investors in the past were not so naïve as mainstream financial discussions suggest today

Cofactorization on Graphics Processing Units

We show how the cofactorization step, a compute-intensive part of the relation collection phase of the number field sieve (NFS), can be farmed out to a graphics processing unit. Our implementation on a GTX 580 GPU, which is integrated with a state-of-the-art NFS implementation, can serve as a cryptanalytic co-processor for several Intel i7-3770K quad-core CPUs simultaneously. This allows those processors to focus on the memory-intensive sieving and results in more useful NFS-relations found in less time

MoTE-ECC: Energy-Scalable Elliptic Curve Cryptography for Wireless Sensor Networks

Wireless Sensor Networks (WSNs) are susceptible to a wide range of malicious attacks, which has stimulated a body of research on "light-weight" security protocols and cryptographic primitives that are suitable for resource-restricted sensor nodes. In this paper we introduce MoTE-ECC, a highly optimized yet scalable ECC library for Memsic's MICAz motes and other sensor nodes equipped with an 8-bit AVR processor. MoTE-ECC supports scalar multiplication on Montgomery and twisted Edwards curves over Optimal Prime Fields (OPFs) of variable size, e.g. 160, 192, 224, and 256 bits, which allows for various trade-offs between security and execution time (resp. energy consumption). OPFs are a special family of "low-weight" prime fields that, in contrast to the NIST-specified fields, facilitate a parameterized implementation of the modular arithmetic so that one and the same software function can be used for operands of different length. To demonstrate the performance of MoTE-ECC, we take (ephemeral) ECDH key exchange between two nodes as example, which requires each node to execute two scalar multiplications. The first scalar multiplication is performed on a fixed base point (to generate a key pair), whereas the second scalar multiplication gets an arbitrary point as input. Our implementation uses a fixed-base comb method on a twisted Edwards curve for the former and a simple ladder approach on a birationally-equivalent Montgomery curve for the latter. Both scalar multiplications require about 9*10^6 clock cycles in total and occupy only 380 bytes in RAM when the underlying OPF has a length of 160 bits. We also describe our efforts to harden MoTE-ECC against side-channel attacks (e.g. simple power analysis) and introduce a highly regular implementation of the comb method

Dynamical stability of infinite homogeneous self-gravitating systems: application of the Nyquist method

We complete classical investigations concerning the dynamical stability of an infinite homogeneous gaseous medium described by the Euler-Poisson system or an infinite homogeneous stellar system described by the Vlasov-Poisson system (Jeans problem). To determine the stability of an infinite homogeneous stellar system with respect to a perturbation of wavenumber k, we apply the Nyquist method. We first consider the case of single-humped distributions and show that, for infinite homogeneous systems, the onset of instability is the same in a stellar system and in the corresponding barotropic gas, contrary to the case of inhomogeneous systems. We show that this result is true for any symmetric single-humped velocity distribution, not only for the Maxwellian. If we specialize on isothermal and polytropic distributions, analytical expressions for the growth rate, damping rate and pulsation period of the perturbation can be given. Then, we consider the Vlasov stability of symmetric and asymmetric double-humped distributions (two-stream stellar systems) and determine the stability diagrams depending on the degree of asymmetry. We compare these results with the Euler stability of two self-gravitating gaseous streams. Finally, we determine the corresponding stability diagrams in the case of plasmas and compare the results with self-gravitating systems

First observation and branching fraction and decay parameter measurements of the weak radiative decay Xi0 --> Lambda e+e-

The weak radiative decay Xi0 --> Lambda e+e- has been detected for the first time. We find 412 candidates in the signal region, with an estimated background of 15 +/- 5 events. We determine the branching fraction B(Xi0 --> Lambda e+e-) = [7.6 +/- 0.4(stat) +/- 0.4(syst) +/- 0.2(norm)] x 10^{-6}, consistent with an internal bremsstrahlung process, and the decay asymmetry parameter alpha_{XiLambdaee} = -0.8 +/- 0.2, consistent with that of Xi0 --> Lambda gamma. The charge conjugate reaction Xi0_bar --> Lambda_bar e+e- has also been observed.Comment: 20 pages, 5 figures, 4 tables; revised: 19 pages, 4 figures, 4 tables, after reviewers' comments: 1 figure removed, 1 figure corrected, minor editorial changes; to be published in Phys. Lett.

‘Perceptions of non-accidental child deaths as preventable events: The impact of probability heuristics and biases on child protection work'

Anxiety about the possibility of non-accidental deaths of children has had a major influence on child care policy and practice over the last 40 years. The formal inquiry reports and media coverage of these rare events serve to maintain the perception that these are regular incidents that happen far too often and that they could have been prevented. This focus on individual events tends to distort a clear view of the actual probability of non-accidental deaths and serves to reinforce the notion that potentially all child care cases are risky and that any social work practitioner could be involved in such a case. As a result, work with children has become highly risk averse. However, in statistical terms, the probability of non-accidental child deaths is very low and recently has averaged about 55 deaths a year. Children are at considerably higher risk of being killed on the roads. This paper examines the way in which perceptions of the ‘high’ level of risk of possible child deaths are maintained despite the very low statistical probability of such incidents. It draws on thinking from behavioural psychology and, in particular the work of Kahneman and Tversky, to consider some of the biases in probability reasoning affecting people’s perception of risk and explores how inquiry reports into single past events reconfirm risk perceptions. It is suggested that recognition of the essentially unpredictable nature of future non-accidental child deaths would free up childcare professionals to work in a more positive and less risk-averse manner in the present

‘Perceptions of non-accidental child deaths as preventable events: The impact of probability heuristics and biases on child protection work'

Anxiety about the possibility of non-accidental deaths of children has had a major influence on child care policy and practice over the last 40 years. The formal inquiry reports and media coverage of these rare events serve to maintain the perception that these are regular incidents that happen far too often and that they could have been prevented. This focus on individual events tends to distort a clear view of the actual probability of non-accidental deaths and serves to reinforce the notion that potentially all child care cases are risky and that any social work practitioner could be involved in such a case. As a result, work with children has become highly risk averse. However, in statistical terms, the probability of non-accidental child deaths is very low and recently has averaged about 55 deaths a year. Children are at considerably higher risk of being killed on the roads. This paper examines the way in which perceptions of the ‘high’ level of risk of possible child deaths are maintained despite the very low statistical probability of such incidents. It draws on thinking from behavioural psychology and, in particular the work of Kahneman and Tversky, to consider some of the biases in probability reasoning affecting people’s perception of risk and explores how inquiry reports into single past events reconfirm risk perceptions. It is suggested that recognition of the essentially unpredictable nature of future non-accidental child deaths would free up childcare professionals to work in a more positive and less risk-averse manner in the present

Intrauterine devices and endometrial cancer risk : a pooled analysis of the Epidemiology of Endometrial Cancer Consortium

Intrauterine devices (IUDs), long-acting and reversible contraceptives, induce a number of immunological and biochemical changes in the uterine environment that could affect endometrial cancer (EC) risk. We addressed this relationship through a pooled analysis of data collected in the Epidemiology of Endometrial Cancer Consortium. We combined individual-level data from 4 cohort and 14 case-control studies, in total 8,801 EC cases and 15,357 controls. Using multivariable logistic regression, we estimated pooled odds ratios (pooled-ORs) and 95% confidence intervals (CIs) for EC risk associated with ever use, type of device, ages at first and last use, duration of use and time since last use, stratified by study and adjusted for confounders. Ever use of IUDs was inversely related to EC risk (pooled-OR = 0.81, 95% CI = 0.74-0.90). Compared with never use, reduced risk of EC was observed for inert IUDs (pooled-OR = 0.69, 95% CI = 0.58-0.82), older age at first use (≥35 years pooled-OR = 0.53, 95% CI = 0.43-0.67), older age at last use (≥45 years pooled-OR = 0.60, 95% CI = 0.50-0.72), longer duration of use (≥10 years pooled-OR = 0.61, 95% CI = 0.52-0.71) and recent use (within 1 year of study entry pooled-OR = 0.39, 95% CI = 0.30-0.49). Future studies are needed to assess the respective roles of detection biases and biologic effects related to foreign body responses in the endometrium, heavier bleeding (and increased clearance of carcinogenic cells) and localized hormonal changes