On the Cryptanalysis of Public-Key Cryptography

Nowadays, the most popular public-key cryptosystems are based on either the integer factorization or the discrete logarithm problem. The feasibility of solving these mathematical problems in practice is studied and techniques are presented to speed-up the underlying arithmetic on parallel architectures. The fastest known approach to solve the discrete logarithm problem in groups of elliptic curves over finite fields is the Pollard rho method. The negation map can be used to speed up this calculation by a factor √2. It is well known that the random walks used by Pollard rho when combined with the negation map get trapped in fruitless cycles. We show that previously published approaches to deal with this problem are plagued by recurring cycles, and we propose effective alternative countermeasures. Furthermore, fast modular arithmetic is introduced which can take advantage of prime moduli of a special form using efficient "sloppy reduction." The effectiveness of these techniques is demonstrated by solving a 112-bit elliptic curve discrete logarithm problem using a cluster of PlayStation 3 game consoles: breaking a public-key standard and setting a new world record. The elliptic curve method (ECM) for integer factorization is the asymptotically fastest method to find relatively small factors of large integers. From a cryptanalytic point of view the performance of ECM gives information about secure parameter choices of some cryptographic protocols. We optimize ECM by proposing carry-free arithmetic modulo Mersenne numbers (numbers of the form 2M – 1) especially suitable for parallel architectures. Our implementation of these techniques on a cluster of PlayStation 3 game consoles set a new record by finding a 241-bit prime factor of 21181 – 1. A normal form for elliptic curves introduced by Edwards results in the fastest elliptic curve arithmetic in practice. Techniques to reduce the temporary storage and enhance the performance even further in the setting of ECM are presented. Our results enable one to run ECM efficiently on resource-constrained platforms such as graphics processing units

High-Performance Modular Multiplication on the Cell Processor

This paper presents software implementation speed records for modular multiplication arithmetic on the synergistic processing elements of the Cell broadband engine (Cell) architecture. The focus is on moduli which are of special interest in elliptic curve cryptography, that is, moduli of bit-lengths ranging from 192- to 521-bit. Finite field arithmetic using primes which allow particularly fast reduction is compared to Montgomery multiplication. The special primes considered are the five recommended NIST primes, as specified in the FIPS 186-3 standard, and the prime used in the elliptic curve curve25519. While presented and benchmarked on the Cell architecture, the proposed techniques to efficiently implement the modular multiplication algorithms are suited to run on any architecture which is able to compute multiple computations concurrently; e.g. graphics processing units

Efficient Hashing Using the AES Instruction Set

In this work, we provide a software benchmark for a large range of 256-bit blockcipher-based hash functions. We instantiate the underlying blockcipher with AES, which allows us to exploit the recent AES instruction set (AESNI). Since AES itself only outputs 128 bits, we consider double-block-length constructions, as well as (single-block-length) constructions based on RIJNDAEL-256. Although we primarily target architectures supporting AES-NI, our framework has much broader applications by estimating the performance of these hash functions on any (micro-)architecture given AES-benchmark results. As far as we are aware, this is the first comprehensive performance comparison of multiblock- length hash functions in software

Analysis and Optimization of Cryptographically Generated Addresses

The need for nodes to be able to generate their own address and verify those from others, without relying on a global trusted authority, is a well-known problem in networking. One popular technique for solving this problem is to use self-certifying addresses that are widely used and standardized; a prime example is cryptographically generated addresses (CGA). We re-investigate the attack models that can occur in practice and analyze the security of CGA-like schemes. As a result, an alternative protocol to CGA, called CGA++, is presented. This protocol eliminates several attacks applicable to CGA and increases the overall security. In many ways, CGA++ offers a nice alternative to CGA and can be used notably for future developments of the Internet Protocol version 6

Multi-Stream Hashing on the PlayStation 3

With process technology providing more and more transistors per chip, still following Moore's \law", processor designers have used a number of techniques to make those transistors useful. Lately they have started placing multiple processor cores on each chip; an example is the Cell Broadband Engine, which serves as the heart of Sony's PlayStation 3 game console. We present high-performance multi-stream versions of cryptographic hash functions from the MD/SHA-family. Our implementations require 1.74, 3.51 and 8.18 cycles per byte per SPE when using the cryptographic hash functions MD5, SHA-1 and SHA-256 respectively. To the best of our knowledge these are the fastest implementations of these hash functions for the Cell processor. These implementations can be useful for cryptanalytic use as well as for utilizing the SPEs as cryptographic accelerators

ECC2K-130 on Cell CPUs

This paper describes an implementation of Pollard's rho algorithm to compute the elliptic curve discrete logarithm for the Synergistic Processor Elements of the Cell Broadband Engine Architecture. Our implementation targets the elliptic curve discrete logarithm problem defined in the Certicom ECC2K-130 challenge. We compare a bitsliced implementation to a non-bitsliced implementation and describe several optimization techniques for both approaches. In particular, we address the question whether normal-basis or polynomial-basis representation of field elements leads to better performance. We show that using our software the ECC2K-130 challenge can be solved in one year using the Synergistic Processor Units of less than 2700 Sony Playstation 3 gaming consoles

CeRebrUm and CardIac Protection with ALlopurinol in Neonates with Critical Congenital Heart Disease Requiring Cardiac Surgery with Cardiopulmonary Bypass (CRUCIAL):study protocol of a phase III, randomized, quadruple-blinded, placebo-controlled, Dutch multicenter trial

BACKGROUND: Neonates with critical congenital heart disease (CCHD) undergoing cardiac surgery with cardiopulmonary bypass (CPB) are at risk of brain injury that may result in adverse neurodevelopment. To date, no therapy is available to improve long-term neurodevelopmental outcomes of CCHD neonates. Allopurinol, a xanthine oxidase inhibitor, prevents the formation of reactive oxygen and nitrogen species, thereby limiting cell damage during reperfusion and reoxygenation to the brain and heart. Animal and neonatal studies suggest that allopurinol reduces hypoxic-ischemic brain injury and is cardioprotective and safe. This trial aims to test the hypothesis that allopurinol administration in CCHD neonates will result in a 20% reduction in moderate to severe ischemic and hemorrhagic brain injury. METHODS: This is a phase III, randomized, quadruple-blinded, placebo-controlled, multicenter trial. Neonates with a prenatal or postnatal CCHD diagnosis requiring cardiac surgery with CPB in the first 4 weeks after birth are eligible to participate. Allopurinol or mannitol-placebo will be administered intravenously in 2 doses early postnatally in neonates diagnosed antenatally and 3 doses perioperatively of 20 mg/kg each in all neonates. The primary outcome is a composite endpoint of moderate/severe ischemic or hemorrhagic brain injury on early postoperative MRI, being too unstable for postoperative MRI, or mortality within 1 month following CPB. A total of 236 patients (n = 188 with prenatal diagnosis) is required to demonstrate a reduction of the primary outcome incidence by 20% in the prenatal group and by 9% in the postnatal group (power 80%; overall type 1 error controlled at 5%, two-sided), including 1 interim analysis at n = 118 (n = 94 with prenatal diagnosis) with the option to stop early for efficacy. Secondary outcomes include preoperative and postoperative brain injury severity, white matter injury volume (MRI), and cardiac function (echocardiography); postnatal and postoperative seizure activity (aEEG) and regional cerebral oxygen saturation (NIRS); neurodevelopment at 3 months (general movements); motor, cognitive, and language development and quality of life at 24 months; and safety and cost-effectiveness of allopurinol. DISCUSSION: This trial will investigate whether allopurinol administered directly after birth and around cardiac surgery reduces moderate/severe ischemic and hemorrhagic brain injury and improves cardiac function and neurodevelopmental outcome in CCHD neonates. TRIAL REGISTRATION: EudraCT 2017-004596-31. Registered on November 14, 2017. ClinicalTrials.gov NCT04217421. Registered on January 3, 2020 SUPPLEMENTARY INFORMATION: The online version contains supplementary material available at 10.1186/s13063-022-06098-y

Ron was wrong, Whit is right

Abstract. We performed a sanity check of public keys collected on the web. Our main goal was to test the validity of the assumption that different random choices are made each time keys are generated. We found that the vast majority of public keys work as intended. A more disconcerting finding is that two out of every one thousand RSA moduli that we collected offer no security. Our conclusion is that the validity of the assumption is questionable and that generating keys in the real world for “multiple-secrets ” cryptosystems such as RSA is significantly riskier than for “single-secret ” ones such as ElGamal or (EC)DSA which are based on Diffie-Hellman

Indoleamine 2,3-dioxygenase (IDO)-1 and IDO-2 activity and severe course of COVID-19

COVID-19 is a pandemic with high morbidity and mortality. In an autopsy cohort of COVID-19 patients, we found extensive accumulation of the tryptophan degradation products 3-hydroxy-anthranilic acid and quinolinic acid in the lungs, heart, and brain. This was not related to the expression of the tryptophan-catabolizing indoleamine 2,3-dioxygenase (IDO)-1, but rather to that of its isoform IDO-2, which otherwise is expressed rarely. Bioavailability of tryptophan is an absolute requirement for proper cell functioning and synthesis of hormones, whereas its degradation products can cause cell death. Markers of apoptosis and severe cellular stress were associated with IDO-2 expression in large areas of lung and heart tissue, whereas affected areas in brain were more restricted. Analyses of tissue, cerebrospinal fluid, and sequential plasma samples indicate early initiation of the kynurenine/aryl-hydrocarbon receptor/IDO-2 axis as a positive feedback loop, potentially leading to severe COVID-19 pathology

Neurofilament light increases over time in severe COVID-19 and is associated with delirium

Neurological monitoring in sedated Intensive Care Unit patients is constrained by the lack of reliable blood-based biomarkers. Neurofilament light is a cross-disease biomarker for neuronal damage with potential clinical applicability for monitoring Intensive Care Unit patients. We studied the trajectory of neurofilament light over a month in Intensive Care Unit patients diagnosed with severe COVID-19 and explored its relation to clinical outcomes and pathophysiological predictors. Data were collected over a month in 31 Intensive Care Unit patients (166 plasma samples) diagnosed with severe COVID-19 at Amsterdam University Medical Centre, and in the first week after emergency department admission in 297 patients with COVID-19 (635 plasma samples) admitted to Massachusetts General hospital. We observed that Neurofilament light increased in a non-linear fashion in the first month of Intensive Care Unit admission and increases faster in the first week of Intensive Care Unit admission when compared with mild-moderate COVID-19 cases. We observed that baseline Neurofilament light did not predict mortality when corrected for age and renal function. Peak neurofilament light levels were associated with a longer duration of delirium after extubation in Intensive Care Unit patients. Disease severity, as measured by the sequential organ failure score, was associated to higher neurofilament light values, and tumour necrosis factor alpha levels at baseline were associated with higher levels of neurofilament light at baseline and a faster increase during admission. These data illustrate the dynamics of Neurofilament light in a critical care setting and show associations to delirium, disease severity and markers for inflammation. Our study contributes to determine the clinical utility and interpretation of neurofilament light levels in Intensive Care Unit patients