Optimized Method for Computing Odd-Degree Isogenies on Edwards Curves

In this paper, we present an efficient method to compute arbitrary odd-degree isogenies on Edwards curves. By using the $w$-coordinate, we optimized the isogeny formula on Edwards curves by Moody and Shumow. We demonstrate that Edwards curves have an additional benefit when recovering the coefficient of the image curve during isogeny computation. For $\ell$-degree isogeny where $\ell=2s+1$, our isogeny formula on Edwards curves outperforms Montgomery curves when $s \geq 2$. To better represent the performance improvements when $w$-coordinate is used, we implement CSIDH using our isogeny formula. Our implementation is about 20\% faster than the previous implementation. The result of our work opens the door for the usage of Edwards curves in isogeny-based cryptography, especially for CSIDH which requires higher degree isogenies

New Hybrid Method for Isogeny-based Cryptosystems using Edwards Curves

Along with the resistance against quantum computers, isogeny-based cryptography offers attractive cryptosystems due to small key sizes and compatibility with the current elliptic curve primitives. While the state-of-the-art implementation uses Montgomery curves, which facilitates efficient elliptic curve arithmetic and isogeny computations, other forms of elliptic curves can be used to produce an efficient result. In this paper, we present the new hybrid method for isogeny-based cryptosystem using Edwards curves. Unlike the previous hybrid methods, we exploit Edwards curves for recovering the curve coefficients and Montgomery curves for other operations. To this end, we first carefully examine and compare the computational cost of Montgomery and Edwards isogenies. Then, we fine-tune and tailor Edwards isogenies in order to blend with Montgomery isogenies efficiently. Additionally, we present the implementation results of Supersingular Isogeny Diffie--Hellman (SIDH) key exchange using the proposed method. We demonstrate that our method outperforms the previously proposed hybrid method, and is as fast as Montgomery-only implementation. Our results show that proper use of Edwards curves for isogeny-based cryptosystem can be quite practical

A new method of choosing primitive elements for Brezing-Weng families of pairing friendly elliptic curves

In this paper we present a new method of choosing primitive elements for Brezing-Weng families of pairing friendly elliptic curves with small rho-value, and we improve on previously-known best rho-values of families for the cases k=16, 22, 28 and 46. Our construction uses fixed discriminants

Optimized CSIDH Implementation Using a 2-Torsion Point

The implementation of isogeny-based cryptography mainly use Montgomery curves as they offer fast elliptic curve arithmetic and isogeny compuation. However, although Montgomery curves have efficient 3- and 4-isogenies, it becomes inefficient when recovering the coefficient of the image curve for large degree isogenies. This is the main bottleneck of using a Montgomery curve for CSIDH as it requires odd-degree isogenies up to at least 587. In this paper, we present a new optimization method for faster CSIDH protocols entirely on Montgomery curves. To this end, we present a new parameter for CSIDH in which the rational 2-torsion points are defined over $\mathbb{F}_p$. By using the proposed parameters the CSIDH moves around the surface. The curve coefficient of the image curve can be recovered by a 2-torsion point. We also proved that the CSIDH using the proposed parameter guarantees a free and transitive group action. Additionally, we present the implementation result using our method. We demonstrated that our method is 6.1% faster than the original CSIDH. Our works show that quite higher performance of CSIDH is achieved using only Montgomery curves

Efficient Isogeny Computations on Twisted Edwards Curves

The isogeny-based cryptosystem is the most recent category in the field of postquantum cryptography. However, it is widely studied due to short key sizes and compatibility with the current elliptic curve primitives. The main building blocks when implementing the isogeny-based cryptosystem are isogeny computations and point operations. From isogeny construction perspective, since the cryptosystem moves along the isogeny graph, isogeny formula cannot be optimized for specific coefficients of elliptic curves. Therefore, Montgomery curves are used in the literature, due to the efficient point operation on an arbitrary elliptic curve. In this paper, we propose formulas for computing 3 and 4 isogenies on twisted Edwards curves. Additionally, we further optimize our isogeny formulas on Edwards curves and compare the computational cost of Montgomery curves. We also present the implementation results of our isogeny computations and demonstrate that isogenies on Edwards curves are as efficient as those on Montgomery curves

Author Correction: Characteristics of Adolescents and Young adults with HIV in the Republic of Korea from 2010 through 2015

An amendment to this paper has been published and can be accessed via a link at the top of the paper

Meta-analysis of gene expression profiles in long-term non-progressors infected with HIV-1

Abstract Background In the absence of antiretroviral treatments (ARTs), a small group of individuals infected with HIV, including long-term non-progressors (LTNPs) who maintain high levels of CD4+ T cells for more than 7–10 years in the absence of ART and in particular a subgroup of LTNPs, elite controllers (ECs), who have low levels of viremia, remain clinically and/or immunologically stable for years. However, the mechanism of stable disease progression in LTNPs and ECs needs to be elucidated to help those infected with HIV-1 remain healthy. In this study, to identify the characteristics of gene expression profiles and biomarkers in LTNPs, we performed a meta-analysis using multiple gene expression profiles among LTNPs, individuals infected with HIV-1 without ART, individuals infected with HIV-1 with ART, and healthy controls. Methods The gene expression profiles obtained from the Gene Expression Omnibus (GEO) microarray data repositories were classified into three groups: LTNPs versus healthy controls (first group, 3 studies), LTNPs versus patients infected with HIV-1 without ART (second group, 3 studies), and LTNPs versus patients infected with HIV-1 with ART (third group, 3 studies). In addition, we considered a fourth group, patients infected with HIV-1 without ART versus healthy controls (3 studies), to exclude genes associated with HIV-1 infection in the three groups. For each group, we performed a meta-analysis using the RankProd method to identify and compare the differentially expressed genes (DEGs) in the three groups. Results We identified the 14 common DEGs in the three groups when comparing them with each other. Most belonged to immune responses, antigen processing and presentation, the interferon-gamma-mediated signaling pathway, and T cell co-stimulation. Of these DEGs, PHLDA1 was up-regulated and ACTB and ACTG1 were down-regulated in all three groups. However, the rest of the up- or down-regulated genes were discordant in the three groups. Additionally, ACTB and ACTG1 are known to inhibit viral assembly and production, and THBS1 is known to inhibit HIV-1 infection. Conclusions These results suggest that significant genes identified in a meta-analysis provide clues to the cause of delayed disease progression and give a deeper understanding of HIV pathogenesis in LTNPs