Quantum resource estimates for computing elliptic curve discrete logarithms

We give precise quantum resource estimates for Shor's algorithm to compute discrete logarithms on elliptic curves over prime fields. The estimates are derived from a simulation of a Toffoli gate network for controlled elliptic curve point addition, implemented within the framework of the quantum computing software tool suite LIQ$Ui|\rangle$. We determine circuit implementations for reversible modular arithmetic, including modular addition, multiplication and inversion, as well as reversible elliptic curve point addition. We conclude that elliptic curve discrete logarithms on an elliptic curve defined over an $n$-bit prime field can be computed on a quantum computer with at most $9n + 2\lceil\log_2(n)\rceil+10$ qubits using a quantum circuit of at most $448 n^3 \log_2(n) + 4090 n^3$ Toffoli gates. We are able to classically simulate the Toffoli networks corresponding to the controlled elliptic curve point addition as the core piece of Shor's algorithm for the NIST standard curves P-192, P-224, P-256, P-384 and P-521. Our approach allows gate-level comparisons to recent resource estimates for Shor's factoring algorithm. The results also support estimates given earlier by Proos and Zalka and indicate that, for current parameters at comparable classical security levels, the number of qubits required to tackle elliptic curves is less than for attacking RSA, suggesting that indeed ECC is an easier target than RSA.Comment: 24 pages, 2 tables, 11 figures. v2: typos fixed and reference added. ASIACRYPT 201

Smad4 promotes diabetic nephropathy by modulating glycolysis and OXPHOS

Diabetic nephropathy (DN) is the leading cause of end‐stage kidney disease. TGF‐β1/Smad3 signalling plays a major pathological role in DN; however, the contribution of Smad4 has not been examined. Smad4 depletion in the kidney using anti‐Smad4 locked nucleic acid halted progressive podocyte damage and glomerulosclerosis in mouse type 2 DN, suggesting a pathogenic role of Smad4 in podocytes. Smad4 is upregulated in human and mouse podocytes during DN. Conditional Smad4 deletion in podocytes protects mice from type 2 DN, independent of obesity. Mechanistically, hyperglycaemia induces Smad4 localization to mitochondria in podocytes, resulting in reduced glycolysis and oxidative phosphorylation and increased production of reactive oxygen species. This operates, in part, via direct binding of Smad4 to the glycolytic enzyme PKM2 and reducing the active tetrameric form of PKM2. In addition, Smad4 interacts with ATPIF1, causing a reduction in ATPIF1 degradation. In conclusion, we have discovered a mitochondrial mechanism by which Smad4 causes diabetic podocyte injury

Factoring Products of Braids via Garside Normal Form

Braid groups are infinite non-abelian groups naturally arising from geometric braids. For two decades they have been proposed for cryptographic use. In braid group cryptography public braids often contain secret braids as factors and it is hoped that rewriting the product of braid words hides individual factors. We provide experimental evidence that this is in general not the case and argue that under certain conditions parts of the Garside normal form of factors can be found in the Garside normal form of their product. This observation can be exploited to decompose products of braids of the form ABC when only B is known. Our decomposition algorithm yields a universal forgery attack on WalnutDSA™, which is one of the 20 proposed signature schemes that are being considered by NIST for standardization of quantum-resistant public-key cryptography. Our attack on WalnutDSA™ can universally forge signatures within seconds for both the 128-bit and 256-bit security level, given one random message-signature pair. The attack worked on 99.8% and 100% of signatures for the 128-bit and 256-bit security levels in our experiments. Furthermore, we show that the decomposition algorithm can be used to solve instances of the conjugacy search problem and decomposition search problem in braid groups. These problems are at the heart of other cryptographic schemes based on braid groups.SCOPUS: cp.kinfo:eu-repo/semantics/published22nd IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC 2019; Beijing; China; 14 April 2019 through 17 April 2019ISBN: 978-303017258-9Volume Editors: Sako K.Lin D.Publisher: Springer Verla

Prediction of Muscle Energy States at Low Metabolic Rates Requires Feedback Control of Mitochondrial Respiratory Chain Activity by Inorganic Phosphate

The regulation of the 100-fold dynamic range of mitochondrial ATP synthesis flux in skeletal muscle was investigated. Hypotheses of key control mechanisms were included in a biophysical model of oxidative phosphorylation and tested against metabolite dynamics recorded by 31P nuclear magnetic resonance spectroscopy (31P MRS). Simulations of the initial model featuring only ADP and Pi feedback control of flux failed in reproducing the experimentally sampled relation between myoplasmic free energy of ATP hydrolysis (ΔGp = ΔGpo′+RT ln ([ADP][Pi]/[ATP]) and the rate of mitochondrial ATP synthesis at low fluxes (<0.2 mM/s). Model analyses including Monte Carlo simulation approaches and metabolic control analysis (MCA) showed that this problem could not be amended by model re-parameterization, but instead required reformulation of ADP and Pi feedback control or introduction of additional control mechanisms (feed forward activation), specifically at respiratory Complex III. Both hypotheses were implemented and tested against time course data of phosphocreatine (PCr), Pi and ATP dynamics during post-exercise recovery and validation data obtained by 31P MRS of sedentary subjects and track athletes. The results rejected the hypothesis of regulation by feed forward activation. Instead, it was concluded that feedback control of respiratory chain complexes by inorganic phosphate is essential to explain the regulation of mitochondrial ATP synthesis flux in skeletal muscle throughout its full dynamic range

The Neurotoxicity of DOPAL: Behavioral and Stereological Evidence for Its Role in Parkinson Disease Pathogenesis

BACKGROUND: The etiology of Parkinson disease (PD) has yet to be fully elucidated. We examined the consequences of injections of 3,4-dihydroxyphenylacetaldehyde (DOPAL), a toxic metabolite of dopamine, into the substantia nigra of rats on motor behavior and neuronal survival. METHODS/PRINCIPAL FINDINGS: A total of 800 nl/rat of DOPAL (1 µg/200 nl) was injected stereotaxically into the substantia nigra over three sites while control animals received similar injections of phosphate buffered saline. Rotational behavior of these rats was analyzed, optical density of striatal tyrosine hydroxylase was calculated, and unbiased stereological counts of the substantia nigra were made. The rats showed significant rotational asymmetry ipsilateral to the lesion, supporting disruption of dopaminergic nigrostriatal projections. Such disruption was verified since the density of striatal tyrosine hydroxylase decreased significantly (p<0.001) on the side ipsilateral to the DOPAL injections when compared to the non-injected side. Stereological counts of neurons stained for Nissl in pars compacta of the substantia nigra significantly decreased (p<0.001) from control values, while counts of those in pars reticulata were unchanged after DOPAL injections. Counts of neurons immunostained for tyrosine hydroxylase also showed a significant (p=0.032) loss of dopaminergic neurons. In spite of significant loss of dopaminergic neurons, DOPAL injections did not induce significant glial reaction in the substantia nigra. CONCLUSIONS: The present study provides the first in vivo quantification of substantia nigra pars compacta neuronal loss after injection of the endogenous toxin DOPAL. The results demonstrate that injections of DOPAL selectively kills SN DA neurons, suggests loss of striatal DA terminals, spares non-dopaminergic neurons of the pars reticulata, and triggers a behavioral phenotype (rotational asymmetry) consistent with other PD animal models. This study supports the "catecholaldehyde hypothesis" as an important link for the etiology of sporadic PD

The Impact of Social Support Networks on Maternal Employment: A Comparison of West German, East German and Migrant Mothers of Pre-School Children

Given shortages in public child care in Germany, this paper asks whether social support with child care and domestic work by spouses, kin and friends can facilitate mothers' return to full-time or part-time positions within the first six years after birth. Using SOEP data from 1993-2009 and event history analyses for competing risks, the author compares the employment transitions of West German, East German and migrant mothers of pre-school children. The results indicate that West German and migrant mothers return to work sooner if they have access to kin, and that kinship support is particularly important when public child care is unavailable. Furthermore, West German and migrant mothers are more likely to work full-time if their spouses partipate in domestic work. In contrast, social support does not affect employment transitions in East Germany where public child care is more easily accessible and continuous female employment is a prevalent social norm

B-SIDH: supersingular isogeny Diffie-Hellman using twisted torsion

This paper explores a new way of instantiating isogeny-based cryptography in which parties can work in both the (p+1)-torsion of a set of supersingular curves and in the (p-1)-torsion corresponding to the set of their quadratic twists. Although the isomorphism between a given supersingular curve and its quadratic twist is not defined over GF(p^2) in general, restricting operations to the x-lines of both sets of twists allows all arithmetic to be carried out over GF(p^2) as usual. Furthermore, since supersingular twists always have the same GF(p^2)-rational j-invariant, the SIDH protocol remains unchanged when Alice and Bob are free to work in both sets of twists. This framework lifts the restrictions on the shapes of the underlying prime fields originally imposed by Jao and De Feo, and allows a range of new options for instantiating isogeny-based public key cryptography. These include alternatives that exploit Mersenne and Montgomery-friendly primes, as well as the possibility of significantly reducing the size of the primes in the Jao-De Feo construction at no known loss of asymptotic security. For a given target security level, the resulting public keys are smaller than the public keys of all of the key encapsulation schemes currently under consideration in the NIST post-quantum standardisation effort. The best known attacks against the instantiations proposed in this paper are the classical path finding algorithm due to Delfs and Galbraith and its quantum adapation due to Biasse, Jao and Sankar; these run in respective time O(p^(1/2)) and O(p^(1/4)), and are essentially memory-free. The upshot is that removing the big-O\u27s and obtaining concrete security estimates is a matter of costing the circuits needed to implement the corresponding isogeny. In contrast to other post-quantum proposals, this makes the security analysis of B-SIDH rather straightforward. Searches for friendly parameters are used to find several primes that range from 237 to 256 bits, the conjectured security of which are comparable to the 434-bit prime used to target NIST level 1 security in the SIKE proposal. One noteworthy example is a 247-bit prime for which Alice\u27s secret isogeny is 7901-smooth and Bob\u27s secret isogeny is 7621-smooth