The X-ray Telescope of CAST

The Cern Axion Solar Telescope (CAST) is in operation and taking data since 2003. The main objective of the CAST experiment is to search for a hypothetical pseudoscalar boson, the axion, which might be produced in the core of the sun. The basic physics process CAST is based on is the time inverted Primakoff effect, by which an axion can be converted into a detectable photon in an external electromagnetic field. The resulting X-ray photons are expected to be thermally distributed between 1 and 7 keV. The most sensitive detector system of CAST is a pn-CCD detector combined with a Wolter I type X-ray mirror system. With the X-ray telescope of CAST a background reduction of more than 2 orders off magnitude is achieved, such that for the first time the axion photon coupling constant g_agg can be probed beyond the best astrophysical constraints g_agg < 1 x 10^-10 GeV^-1.Comment: 19 pages, 25 figures and images, replaced by the revised version accepted for publication in New Journal of Physic

Quantum resource estimates for computing elliptic curve discrete logarithms

We give precise quantum resource estimates for Shor's algorithm to compute discrete logarithms on elliptic curves over prime fields. The estimates are derived from a simulation of a Toffoli gate network for controlled elliptic curve point addition, implemented within the framework of the quantum computing software tool suite LIQ$Ui|\rangle$. We determine circuit implementations for reversible modular arithmetic, including modular addition, multiplication and inversion, as well as reversible elliptic curve point addition. We conclude that elliptic curve discrete logarithms on an elliptic curve defined over an $n$-bit prime field can be computed on a quantum computer with at most $9n + 2\lceil\log_2(n)\rceil+10$ qubits using a quantum circuit of at most $448 n^3 \log_2(n) + 4090 n^3$ Toffoli gates. We are able to classically simulate the Toffoli networks corresponding to the controlled elliptic curve point addition as the core piece of Shor's algorithm for the NIST standard curves P-192, P-224, P-256, P-384 and P-521. Our approach allows gate-level comparisons to recent resource estimates for Shor's factoring algorithm. The results also support estimates given earlier by Proos and Zalka and indicate that, for current parameters at comparable classical security levels, the number of qubits required to tackle elliptic curves is less than for attacking RSA, suggesting that indeed ECC is an easier target than RSA.Comment: 24 pages, 2 tables, 11 figures. v2: typos fixed and reference added. ASIACRYPT 201

Breaking ‘128-bit Secure’ Supersingular Binary Curves

In late 2012 and early 2013 the discrete logarithm problem (DLP) in finite fields of small characteristic underwent a dramatic series of breakthroughs, culminating in a heuristic quasi-polynomial time algorithm, due to Barbulescu, Gaudry, Joux and Thomé. Using these developments, Adj, Menezes, Oliveira and Rodríguez-Henríquez analysed the concrete security of the DLP, as it arises from pairings on (the Jacobians of) various genus one and two supersingular curves in the literature, which were originally thought to be 128-bit secure. In particular, they suggested that the new algorithms have no impact on the security of a genus one curve over F21223 , and reduce the security of a genus two curve over F2367 to 94.6 bits. In this paper we propose a new field representation and efficient general descent principles which together make the new techniques far more practical. Indeed, at the ‘128-bit security level’ our analysis shows that the aforementioned genus one curve has approximately 59 bits of security, and we report a total break of the genus two curv

Square root algorithms for the number field sieve

The original publication is available at www.springerlink.comInternational audienceWe review several methods for the square root step of the Number Field Sieve, and present an original one, based on the Chinese Remainder Theorem

Slide reduction, revisited—filling the gaps in svp approximation

We show how to generalize Gama and Nguyen's slide reduction algorithm [STOC '08] for solving the approximate Shortest Vector Problem over lattices (SVP). As a result, we show the fastest provably correct algorithm for $\delta$-approximate SVP for all approximation factors $n^{1/2+\varepsilon} \leq \delta \leq n^{O(1)}$. This is the range of approximation factors most relevant for cryptography

On the Static Diffie-Hellman Problem on Elliptic Curves over Extension Fields

We show that for any elliptic curve E(Fqn ), if an adversary has access to a Static Diffie-Hellman Problem (Static DHP) oracle, then by making O(q1− 1/n+1) Static DHP oracle queries during an initial learning phase, for fixed n > 1 and q → ∞ the adversary can solve any further instance of the Static DHP in heuristic time O˜(q1− 1/n+1). Our proposal also solves the Delayed Target DHP as defined by Freeman, and naturally extends to provide algorithms for solving the Delayed Target DLP, the One-More DHP and One-More DLP, as studied by Koblitz and Menezes in the context of Jacobians of hyperelliptic curves of small genus. We also argue that for any group in which index calculus can be effectively applied, the above problems have a natural relationship, and will always be easier than the DLP. While practical only for very small n, our algorithm reduces the security provided by the elliptic curves defined over Fp2 and Fp4 proposed by Galbraith, Lin and Scott at EUROCRYPT 2009, should they be used in any protocol where a user can be made to act as a proxy Static DHP oracle, or if used in protocols whose security is related to any of the above problems

Challenges with Assessing the Impact of NFS Advances on the Security of Pairing-based Cryptography

In the past two years there have been several advances in Number Field Sieve (NFS) algorithms for computing discrete logarithms in finite fields $\mathbb{F}_{p^n}$ where $p$ is prime and $n > 1$ is a small integer. This article presents a concise overview of these algorithms and discusses some of the challenges with assessing their impact on keylengths for pairing-based cryptosystems

The Inverse S-Box, Non-linear Polynomial Relations and Cryptanalysis of Block Ciphers

Abstract. This paper is motivated by the design of AES. We consider a broader question of cryptanalysis of block ciphers having very good non-linearity and diffusion. Can we expect anyway, to attacks such ciphers, clearly designed to render hopeless the main classical attacks? Recently a lot of attention have been drawn to the existence of multivariate algebraic relations for AES (and other) S-boxes. Then, if the XSL-type algebraic attacks on block ciphers [11] are shown to work well, the answer would be positive. In this paper we show that the answer is certainly positive for many other constructions of ciphers. This is not due to an algebraic attack, but to new types of generalised linear cryptanalysis, highly-nonlinear in flavour. We present several constructions of somewhat special practical block ciphers, seemingly satisfying all the design criteria of AES and using similar S-boxes, and yet being extremely weak. They can be generalised, and evolve into general attacks that can be applied- potentially- to any block cipher. Key Words: block ciphers, AES, Rijndael, interpolation attack on block ciphers, fractional transformations, homographic functions, multivariate equations

Phenotypic Variation and Bistable Switching in Bacteria

Microbial research generally focuses on clonal populations. However, bacterial cells with identical genotypes frequently display different phenotypes under identical conditions. This microbial cell individuality is receiving increasing attention in the literature because of its impact on cellular differentiation, survival under selective conditions, and the interaction of pathogens with their hosts. It is becoming clear that stochasticity in gene expression in conjunction with the architecture of the gene network that underlies the cellular processes can generate phenotypic variation. An important regulatory mechanism is the so-called positive feedback, in which a system reinforces its own response, for instance by stimulating the production of an activator. Bistability is an interesting and relevant phenomenon, in which two distinct subpopulations of cells showing discrete levels of gene expression coexist in a single culture. In this chapter, we address techniques and approaches used to establish phenotypic variation, and relate three well-characterized examples of bistability to the molecular mechanisms that govern these processes, with a focus on positive feedback.

Go-stimuli proportion influences response strategy in a sustained attention to response task

The sustained attention to response task (SART) usefulness as a measure of sustained attention has been questioned. The SART may instead be a better measure of other psychological processes and could prove useful in understanding some real-world behaviours. Thirty participants completed four Go/No-Go response tasks much like the SART, with Go-stimuli proportions of .50, .65, .80 and .95. As Go-stimuli proportion increased, reaction times decreased while both commission errors and self-reported task-related thoughts increased. Performance measures were associated with task-related thoughts but not taskunrelated thoughts. Instead of faster reaction times and increased commission errors being due to absentmindedness or perceptual decoupling from the task, the results suggested participants made use of two competing response strategies, in line with a response strategy or response inhibition perspective of SART performance. Interestingly, performance measures changed in a nonlinear manner, despite the linear Go proportion increase. A threshold may exist where the prepotent motor response becomes more pronounced, leading to the disproportionate increase in response speed and commission errors. This research has implications for researchers looking to employ the SAR