Distributed Synthesis in Continuous Time

We introduce a formalism modelling communication of distributed agents strictly in continuous-time. Within this framework, we study the problem of synthesising local strategies for individual agents such that a specified set of goal states is reached, or reached with at least a given probability. The flow of time is modelled explicitly based on continuous-time randomness, with two natural implications: First, the non-determinism stemming from interleaving disappears. Second, when we restrict to a subclass of non-urgent models, the quantitative value problem for two players can be solved in EXPTIME. Indeed, the explicit continuous time enables players to communicate their states by delaying synchronisation (which is unrestricted for non-urgent models). In general, the problems are undecidable already for two players in the quantitative case and three players in the qualitative case. The qualitative undecidability is shown by a reduction to decentralized POMDPs for which we provide the strongest (and rather surprising) undecidability result so far

Quantum resource estimates for computing elliptic curve discrete logarithms

We give precise quantum resource estimates for Shor's algorithm to compute discrete logarithms on elliptic curves over prime fields. The estimates are derived from a simulation of a Toffoli gate network for controlled elliptic curve point addition, implemented within the framework of the quantum computing software tool suite LIQ$Ui|\rangle$. We determine circuit implementations for reversible modular arithmetic, including modular addition, multiplication and inversion, as well as reversible elliptic curve point addition. We conclude that elliptic curve discrete logarithms on an elliptic curve defined over an $n$-bit prime field can be computed on a quantum computer with at most $9n + 2\lceil\log_2(n)\rceil+10$ qubits using a quantum circuit of at most $448 n^3 \log_2(n) + 4090 n^3$ Toffoli gates. We are able to classically simulate the Toffoli networks corresponding to the controlled elliptic curve point addition as the core piece of Shor's algorithm for the NIST standard curves P-192, P-224, P-256, P-384 and P-521. Our approach allows gate-level comparisons to recent resource estimates for Shor's factoring algorithm. The results also support estimates given earlier by Proos and Zalka and indicate that, for current parameters at comparable classical security levels, the number of qubits required to tackle elliptic curves is less than for attacking RSA, suggesting that indeed ECC is an easier target than RSA.Comment: 24 pages, 2 tables, 11 figures. v2: typos fixed and reference added. ASIACRYPT 201

Heart Rhythm Monitoring Strategies for Cryptogenic Stroke: 2015 Diagnostics and Monitoring Stroke Focus Group Report.

No abstract available

A simple and compact algorithm for SIDH with arbitrary degree isogenies

We derive a new formula for computing arbitrary odd-degree isogenies between elliptic curves in Montgomery form. The formula lends itself to a simple and compact algorithm that can efficiently compute any low odd-degree isogenies inside the supersingular isogeny Diffie-Hellman (SIDH) key exchange protocol. Our implementation of this algorithm shows that, beyond the commonly used 3-isogenies, there is a moderate degradation in relative performance of $(2d+1)$-isogenies as $d$ grows, but that larger values of $d$ can now be used in practical SIDH implementations. We further show that the proposed algorithm can be used to both compute isogenies of curves and evaluate isogenies at points, unifying the two main types of functions needed for isogeny-based public-key cryptography. Together, these results open the door for practical SIDH on a much wider class of curves, and allow for simplified SIDH implementations that only need to call one general-purpose function inside the fundamental computation of the large degree secret isogenies. As an additional contribution, we also give new explicit formulas for 3- and 4-isogenies, and show that these give immediate speedups when substituted into pre-existing SIDH libraries

Evaluation of the influence of kyphosis and scoliosis on intervertebral disc extrusion in French bulldogs

Although thoracic vertebral malformations with kyphosis and scoliosis are often considered incidental findings on diagnostic imaging studies of screw-tailed brachycephalic breeds, they have been suggested to interfere with spinal biomechanics and intervertebral disc degeneration. It is however unknown if an abnormal spinal curvature also predisposes dogs to develop clinically relevant intervertebral disc herniations. The aim of this study was to evaluate if the occurrence of thoracic vertebral malformations, kyphosis or scoliosis would be associated with a higher prevalence of cervical or thoracolumbar intervertebral disc extrusion in French bulldogs

Abnormal expression of p27kip1 protein in levator ani muscle of aging women with pelvic floor disorders – a relationship to the cellular differentiation and degeneration

BACKGROUND: Pelvic floor disorders affect almost 50% of aging women. An important role in the pelvic floor support belongs to the levator ani muscle. The p27/kip1 (p27) protein, multifunctional cyclin-dependent kinase inhibitor, shows changing expression in differentiating skeletal muscle cells during development, and relatively high levels of p27 RNA were detected in the normal human skeletal muscles. METHODS: Biopsy samples of levator ani muscle were obtained from 22 symptomatic patients with stress urinary incontinence, pelvic organ prolapse, and overlaps (age range 38–74), and nine asymptomatic women (age 31–49). Cryostat sections were investigated for p27 protein expression and type I (slow twitch) and type II (fast twitch) fibers. RESULTS: All fibers exhibited strong plasma membrane (and nuclear) p27 protein expression. cytoplasmic p27 expression was virtually absent in asymptomatic women. In perimenopausal symptomatic patients (ages 38–55), muscle fibers showed hypertrophy and moderate cytoplasmic p27 staining accompanied by diminution of type II fibers. Older symptomatic patients (ages 57–74) showed cytoplasmic p27 overexpression accompanied by shrinking, cytoplasmic vacuolization and fragmentation of muscle cells. The plasma membrane and cytoplasmic p27 expression was not unique to the muscle cells. Under certain circumstances, it was also detected in other cell types (epithelium of ectocervix and luteal cells). CONCLUSIONS: This is the first report on the unusual (plasma membrane and cytoplasmic) expression of p27 protein in normal and abnormal human striated muscle cells in vivo. Our data indicate that pelvic floor disorders are in perimenopausal patients associated with an appearance of moderate cytoplasmic p27 expression, accompanying hypertrophy and transition of type II into type I fibers. The patients in advanced postmenopause show shrinking and fragmentation of muscle fibers associated with strong cytoplasmic p27 expression

Fooling primality tests on smartcards

We analyse whether the smartcards of the JavaCard platform correctly validate primality of domain parameters. The work is inspired by the paper Prime and prejudice: primality testing under adversarial conditions, where the authors analysed many open-source libraries and constructed pseudoprimes fooling the primality testing functions. However, in the case of smartcards, often there is no way to invoke the primality test directly, so we trigger it by replacing (EC)DSA and (EC)DH prime domain parameters by adversarial composites. Such a replacement results in vulnerability to Pohlig-Hellman style attacks, leading to private key recovery. Out of nine smartcards (produced by five major manufacturers) we tested, all but one have no primality test in parameter validation. As the JavaCard platform provides no public primality testing API, the problem cannot be fixed by an extra parameter check, %an additional check before the parameters are passed to existing (EC)DSA and (EC)DH functions, making it difficult to mitigate in already deployed smartcards

An Optimal Distributed Discrete Log Protocol with Applications to Homomorphic Secret Sharing

The distributed discrete logarithm (DDL) problem was introduced by Boyle et al. at CRYPTO 2016. A protocol solving this problem was the main tool used in the share conversion procedure of their homomorphic secret sharing (HSS) scheme which allows non-interactive evaluation of branching programs among two parties over shares of secret inputs. Let $g$ be a generator of a multiplicative group $\mathbb{G}$. Given a random group element $g^{x}$ and an unknown integer $b \in [-M,M]$ for a small $M$, two parties $A$ and $B$ (that cannot communicate) successfully solve DDL if $A(g^{x}) - B(g^{x+b}) = b$. Otherwise, the parties err. In the DDL protocol of Boyle et al., $A$ and $B$ run in time $T$ and have error probability that is roughly linear in $M/T$. Since it has a significant impact on the HSS scheme\u27s performance, a major open problem raised by Boyle et al. was to reduce the error probability as a function of $T$. In this paper we devise a new DDL protocol that substantially reduces the error probability to $O(M \cdot T^{-2})$. Our new protocol improves the asymptotic evaluation time complexity of the HSS scheme by Boyle et al. on branching programs of size $S$ from $O(S^2)$ to $O(S^{3/2})$. We further show that our protocol is optimal up to a constant factor for all relevant cryptographic group families, unless one can solve the discrete logarithm problem in a \emph{short} interval of length $R$ in time $o(\sqrt{R})$. Our DDL protocol is based on a new type of random walk that is composed of several iterations in which the expected step length gradually increases. We believe that this random walk is of independent interest and will find additional applications