On the Use of the Negation Map in the Pollard Rho Method

The negation map can be used to speed up the Pollard rho method to compute discrete logarithms in groups of elliptic curves over finite fields. It is well known that the random walks used by Pollard rho when combined with the negation map get trapped in fruitless cycles. We show that previously published approaches to deal with this problem are plagued by recurring cycles, and we propose effective alternative countermeasures. As a result, fruitless cycles can be resolved, but the best speedup we managed to achieve is by a factor of only 1.29. Although this is less than the speedup factor of root 2 generally reported in the literature, it is supported by practical evidence

A Formal Library for Elliptic Curves in the Coq Proof Assistant

International audienceA preliminary step towards the verification of elliptic curve cryptographic algorithms is the development of formal libraries with the corresponding mathematical theory. In this paper we present a formaliza-tion of elliptic curves theory, in the SSReflect extension of the Coq proof assistant. Our central contribution is a library containing many of the objects and core properties related to elliptic curve theory. We demonstrate the applicability of our library by formally proving a non-trivial property of elliptic curves: the existence of an isomorphism between a curve and its Picard group of divisors

Nucleonic gamma-ray production in Pulsar Wind Nebulae

Observations of the inner radian of the Galactic disk at very high energy (VHE) gamma-rays have revealed at least 16 new sources. Besides shell type super-nova remnants, pulsar wind nebulae (PWN) appear to be a dominant source population in the catalogue of VHE gamma-ray sources. Except for the Crab nebula, the newly discovered PWN are resolved at VHE gamma-rays to be spatially extended (5-20 pc). Currently, at least 3 middle aged ($t>10$ kyrs) PWN (Vela X, G18.0-0.7, and G313.3+0.6 in the ``Kookaburra'' region) and 1 young PWN MSH 15-5{\it2} ($t=1.55$ kyrs) have been identified to be VHE emitting PWN (sometimes called ``TeV Plerions''). Two more candidate ``TeV Plerions'' have been identifed and have been reported at this conference [1]. In this contribution, the gamma-ray emission from Vela X is explained by a nucleonic component in the pulsar wind. The measured broad band spectral energy distribution is compared with the expected X-ray emission from primary and secondary electrons. The observed X-ray emission and TeV emission from the three middle aged PWN are compared with each other.Comment: 6 pages, 3 figures, to appear in proceedings "The Multi-Messenger Approach to High-Energy Gamma-Ray Sources", Barcelona July 200

Elliptic and Hyperelliptic Curves: A Practical Security Analysis

Motivated by the advantages of using elliptic curves for discrete logarithm-based public-key cryptography, there is an active research area investigating the potential of using hyperelliptic curves of genus 2. For both types of curves, the best known algorithms to solve the discrete logarithm problem are generic attacks such as Pollard rho, for which it is well-known that the algorithm can be sped up when the target curve comes equipped with an efficiently computable automorphism. In this paper we incorporate all of the known optimizations (including those relating to the automorphism group) in order to perform a systematic security assessment of two elliptic curves and two hyperelliptic curves of genus 2. We use our software framework to give concrete estimates on the number of core years required to solve the discrete logarithm problem on four curves that target the 128-bit security level: on the standardized NIST CurveP-256, on a popular curve from the Barreto-Naehrig family, and on their respective analogues in genus 2. © 2014 Springer-Verlag Berlin Heidelberg

Topical Issues for Particle Acceleration Mechanisms in Astrophysical Shocks

Particle acceleration at plasma shocks appears to be ubiquitous in the universe, spanning systems in the heliosphere, supernova remnants, and relativistic jets in distant active galaxies and gamma-ray bursts. This review addresses some of the key issues for shock acceleration theory that require resolution in order to propel our understanding of particle energization in astrophysical environments. These include magnetic field amplification in shock ramps, the non-linear hydrodynamic interplay between thermal ions and their extremely energetic counterparts possessing ultrarelativistic energies, and the ability to inject and accelerate electrons in both non-relativistic and relativistic shocks. Recent observational developments that impact these issues are summarized. While these topics are currently being probed by astrophysicists using numerical simulations, they are also ripe for investigation in laboratory experiments, which potentially can provide valuable insights into the physics of cosmic shocks.Comment: 13 pages, no figures. Invited review, accepted for publication in Astrophysics and Space Science, as part of the HEDLA 2006 conference proceeding

On the Static Diffie-Hellman Problem on Elliptic Curves over Extension Fields

We show that for any elliptic curve E(Fqn ), if an adversary has access to a Static Diffie-Hellman Problem (Static DHP) oracle, then by making O(q1− 1/n+1) Static DHP oracle queries during an initial learning phase, for fixed n > 1 and q → ∞ the adversary can solve any further instance of the Static DHP in heuristic time O˜(q1− 1/n+1). Our proposal also solves the Delayed Target DHP as defined by Freeman, and naturally extends to provide algorithms for solving the Delayed Target DLP, the One-More DHP and One-More DLP, as studied by Koblitz and Menezes in the context of Jacobians of hyperelliptic curves of small genus. We also argue that for any group in which index calculus can be effectively applied, the above problems have a natural relationship, and will always be easier than the DLP. While practical only for very small n, our algorithm reduces the security provided by the elliptic curves defined over Fp2 and Fp4 proposed by Galbraith, Lin and Scott at EUROCRYPT 2009, should they be used in any protocol where a user can be made to act as a proxy Static DHP oracle, or if used in protocols whose security is related to any of the above problems

On the correct use of the negation map in the Pollard rho method

Abstract. Bos, Kaihara, Kleinjung, Lenstra, and Montgomery recently showed that ECDLPs on the 112-bit secp112r1 curve can be solved in an expected time of 65 years on a PlayStation 3. This paper shows how to solve the same ECDLPs at almost twice the speed on the same hardware. The improvement comes primarily from a new variant of Pollard’s rho method that fully exploits the negation map without branching, and secondarily from improved techniques for modular arithmetic

NEON implementation of an attribute-based encryption scheme

Abstract. In 2011, Waters presented a ciphertext-policy attribute-based encryption protocol that uses bilinear pairings to provide control access mechanisms, where the set of user’s attributes is specified by means of a linear secret sharing scheme. Some of the applications foreseen for this protocol lie in the context of mobile devices such a smartphones and tablets, which in a majority of instances are powered by an ARM processor supporting the NEON vector set of instructions. In this paper we present the design of a software cryptographic library that implements a 127-bit security level attribute-based encryption scheme over mobile devices equipped with a 1.4GHz Exynos 4 Cortex-A9 processor and a developing board that hosts a 1.7 GHz Exynos 5 Cortex-A15 processor. For the latter platform and taking advantage of the inherent parallelism of the NEON vector instructions, our library computes a single optimal pairing over a Barreto-Naehrig curve approximately 2 times faster than the best timings previously reported on ARM platforms at this level of security. Further, using a 6-attribute access formula our library is able to encrypt/decrypt a text/ciphertext in less than 4.49mS and 15.67mS, respectively