Resolution of Linear Algebra for the Discrete Logarithm Problem Using GPU and Multi-core Architectures

In cryptanalysis, solving the discrete logarithm problem (DLP) is key to assessing the security of many public-key cryptosystems. The index-calculus methods, that attack the DLP in multiplicative subgroups of finite fields, require solving large sparse systems of linear equations modulo large primes. This article deals with how we can run this computation on GPU- and multi-core-based clusters, featuring InfiniBand networking. More specifically, we present the sparse linear algebra algorithms that are proposed in the literature, in particular the block Wiedemann algorithm. We discuss the parallelization of the central matrix--vector product operation from both algorithmic and practical points of view, and illustrate how our approach has contributed to the recent record-sized DLP computation in GF($2^{809}$).Comment: Euro-Par 2014 Parallel Processing, Aug 2014, Porto, Portugal. \<http://europar2014.dcc.fc.up.pt/\&gt

Solving discrete logarithms on a 170-bit MNT curve by pairing reduction

Pairing based cryptography is in a dangerous position following the breakthroughs on discrete logarithms computations in finite fields of small characteristic. Remaining instances are built over finite fields of large characteristic and their security relies on the fact that the embedding field of the underlying curve is relatively large. How large is debatable. The aim of our work is to sustain the claim that the combination of degree 3 embedding and too small finite fields obviously does not provide enough security. As a computational example, we solve the DLP on a 170-bit MNT curve, by exploiting the pairing embedding to a 508-bit, degree-3 extension of the base field.Comment: to appear in the Lecture Notes in Computer Science (LNCS

cDNA Cloning of Biologically Active Chicken Interleukin-18

By searching a chicken EST database, we identified a cDNA clone that appeared to contain the entire open reading frame (ORF) of chicken interleukin-18 (ChIL-18). The encoded protein consists of 198 amino acids and exhibits approximately 30% sequence identity to IL-18 of humans and various others mammals. Sequence comparisons reveals a putative caspase-1 cleavage site at aspartic acid 29 of the primary translation product, indicating that mature ChIL-18 might consist of 169 amino acids. Bacterially expressed ChIL-18 in which the N-terminal 29 amino acids of the putative precursor molecule were replaced by a histidine tag induced the synthesis of interferon-γ (IFN-γ) in cultured primary chicken spleen cells, indicating that the recombinant protein is biologically active

Extended Tower Number Field Sieve with Application to Finite Fields of Arbitrary Composite Extension Degree

We propose a generalization of exTNFS algorithm recently introduced by Kim and Barbulescu (CRYPTO 2016). The algorithm, exTNFS, is a state-of-the-art algorithm for discrete logarithm in $\mathbb{F}_{p^n}$ in the medium prime case, but it only applies when $n=\eta\kappa$ is a composite with nontrivial factors $\eta$ and $\kappa$ such that $\gcd(\eta,\kappa)=1$. Our generalization, however, shows that exTNFS algorithm can be also adapted to the setting with an arbitrary composite $n$ maintaining its best asymptotic complexity. We show that one can solve discrete logarithm in medium case in the running time of $L_{p^n}(1/3, \sqrt[3]{48/9})$ (resp. $L_{p^n}(1/3, 1.71)$ if multiple number fields are used), where $n$ is an \textit{arbitrary composite}. This should be compared with a recent variant by Sarkar and Singh (Asiacrypt 2016) that has the fastest running time of $L_{p^n}(1/3, \sqrt[3]{64/9})$ (resp. $L_{p^n}(1/3, 1.88)$) when $n$ is a power of prime 2. When $p$ is of special form, the complexity is further reduced to $L_{p^n}(1/3, \sqrt[3]{32/9})$. On the practical side, we emphasize that the keysize of pairing-based cryptosystems should be updated following to our algorithm if the embedding degree $n$ remains composite

Improving NFS for the Discrete Logarithm Problem in Non-prime Finite Fields

International audienceThe aim of this work is to investigate the hardness of the discrete logarithm problem in fields GF$(p^n)$ where $n$ is a small integer greater than 1. Though less studied than the small characteristic case or the prime field case, the difficulty of this problem is at the heart of security evaluations for torus-based and pairing-based cryptography. The best known method for solving this problem is the Number Field Sieve (NFS). A key ingredient in this algorithm is the ability to find good polynomials that define the extension fields used in NFS. We design two new methods for this task, modifying the asymptotic complexity and paving the way for record-breaking computations. We exemplify these results with the computation of discrete logarithms over a field GF$(p^2)$ whose cardinality is 180 digits (595 bits) long

Computing Individual Discrete Logarithms Faster in GF(pn)(p^n) with the NFS-DL Algorithm

International audienceThe Number Field Sieve (NFS) algorithm is the best known method to compute discrete logarithms (DL) in finite fields $\mathbb{F}_{p^n}$, with $p$ medium to large and $n \geq 1$ small. This algorithm comprises four steps: polynomial selection, relation collection, linear algebra and finally, individual logarithm computation. The first step outputs two polynomials defining two number fields, and a map from the polynomial ring over the integers modulo each of these polynomials to $\mathbb{F}_{p^n}$. After the relation collection and linear algebra phases, the (virtual) logarithm of a subset of elements in each number field is known. Given the target element in $\mathbb{F}_{p^n}$, the fourth step computes a preimage in one number field. If one can write the target preimage as a product of elements of known (virtual) logarithm, then one can deduce the discrete logarithm of the target. As recently shown by the Logjam attack, this final step can be critical when it can be computed very quickly. But we realized that computing an individual DL is much slower in medium-and large-characteristic non-prime fields $\mathbb{F}_{p^n}$ with $n \geq 3$, compared to prime fields and quadratic fields $\mathbb{F}_{p^2}$. We optimize the first part of individual DL: the \emph{booting step}, by reducing dramatically the size of the preimage norm. Its smoothness probability is higher, hence the running-time of the booting step is much improved. Our method is very efficient for small extension fields with $2 \leq n \leq 6$ and applies to any $n > 1$, in medium and large characteristic

'A good death' during the Covid-19 pandemic in the UK: a report on key findings and recommendations

Dealing with death and bereavement in the context of the Covid-19 Pandemic will present significant challenges for at least the next three months. The current situation does not allow for families andbcommunities to be involved in the process of death in ways in which they would normally hope or expect to be. In addition, mortality rates will disproportionately affect vulnerable households. The government has identified the following communities as being at increased risk: single parent households; multi-generational Black and Minority Ethnic groups; men without degrees in lone households and/or in precarious work; small family business owners in their 50s; and elderlyhouseholds. Our study focused on these groups. This report presents a summary of findings and key recommendations by a team of anthropologists from the London School of Economics who conducted a public survey and 58 cross-community interviews between 3 and 9 April 2020. It explores ways to prepare these communities and households for impending deaths with communications and policy support. More information on the research methodology, data protection and ethical procedures is available in Appendix 1. A summary of relevant existing research can be found in Appendix 2. A list of key contacts across communities for consultation is available on request. Research was focused on “what a good death looks like” for people across all faiths and for vulnerable groups. It examined how communities were already adapting how they dealt with processes of dying, burials, funerals and bereavement during the pandemic, and responding to new government regulations. It specifically focused on five transitions in the process of death, and what consultation processes, policies and communications strategies could be mobilised to support communities through these phases

Good and ‘bad’ deaths during the COVID-19 pandemic: insights from a rapid qualitative study

Dealing with excess death in the context of the COVID-19 pandemic has thrown the question of a good or bad death' into sharp relief as countries across the globe have grappled with multiple peaks of cases and mortality; and communities mourn those lost. In the UK, these challenges have included the fact that mortality has adversely affected minority communities. Corpse disposal and social distancing guidelines do not allow a process of mourning in which families and communities can be involved in the dying process. This study aimed to examine the main concerns of faith and non-faith communities across the UK in relation to death in the context of the COVID-19 pandemic. The research team used rapid ethnographic methods to examine the adaptations to the dying process prior to hospital admission, during admission, during the disposal and release of the body, during funerals and mourning. The study revealed that communities were experiencing collective loss, were making necessary adaptations to rituals that surrounded death, dying and mourning and would benefit from clear and compassionate communication and consultation with authorities

A right to care: the social foundations of recovery from Covid-19

This report presents key findings from a 6-month ethnographic study on the impact of the Covid-19 pandemic on disadvantaged households and communities across the UK conducted by anthropologists from the London School of Economics, and associates. This research involved in-depth interviews and multiple surveys with people across communities in the UK, with particular focus on a number of case studies of intersecting disadvantage. Crucially, our research has found that Government policy can improve adherence to restrictions and reduce the negative impacts of the pandemic on disadvantaged communities by placing central importance on communities, social networks and households to the economy and social life. This would be the most effective way to increase public trust and adherence to Covid-19 measures, because it would recognise the suffering that communities have experienced and would build policy on the basis of what is most important to people - the thriving of their families and communities

Cross-Sectional Dating of Novel Haplotypes of HERV-K 113 and HERV-K 115 Indicate These Proviruses Originated in Africa before Homo sapiens

The human genome, human endogenous retroviruses (HERV), of which HERV-K113 and HERV-K115 are the only known full-length proviruses that are insertionally polymorphic. Although a handful of previously published papers have documented their prevalence in the global population; to date, there has been no report on their prevalence in the United States population. Here, we studied the geographic distribution of K113 and K115 among 156 HIV-1+ subjects from the United States, including African Americans, Hispanics, and Caucasians. In the individuals studied, we found higher insertion frequencies of K113 (21%) and K115 (35%) in African Americans compared with Caucasians (K113 9% and K115 6%) within the United States. We also report the presence of three single nucleotide polymorphism sites in the K113 5′ long terminal repeats (LTRs) and four in the K115 5′ LTR that together constituted four haplotypes for K113 and five haplotypes for K115. HERV insertion times can be estimated from the sequence differences between the 5′ and 3′ LTR of each insertion, but this dating method cannot be used with HERV-K115. We developed a method to estimate insertion times by applying coalescent inference to 5′ LTR sequences within our study population and validated this approach using an independent estimate derived from the genetic distance between K113 5′ and 3′ LTR sequences. Using our method, we estimated the insertion dates of K113 and K115 to be a minimum of 800,000 and 1.1 million years ago, respectively. Both these insertion dates predate the emergence of anatomically modern Homo sapiens