Resolution of Linear Algebra for the Discrete Logarithm Problem Using GPU and Multi-core Architectures

In cryptanalysis, solving the discrete logarithm problem (DLP) is key to assessing the security of many public-key cryptosystems. The index-calculus methods, that attack the DLP in multiplicative subgroups of finite fields, require solving large sparse systems of linear equations modulo large primes. This article deals with how we can run this computation on GPU- and multi-core-based clusters, featuring InfiniBand networking. More specifically, we present the sparse linear algebra algorithms that are proposed in the literature, in particular the block Wiedemann algorithm. We discuss the parallelization of the central matrix--vector product operation from both algorithmic and practical points of view, and illustrate how our approach has contributed to the recent record-sized DLP computation in GF($2^{809}$).Comment: Euro-Par 2014 Parallel Processing, Aug 2014, Porto, Portugal. \<http://europar2014.dcc.fc.up.pt/\&gt

Solving discrete logarithms on a 170-bit MNT curve by pairing reduction

Pairing based cryptography is in a dangerous position following the breakthroughs on discrete logarithms computations in finite fields of small characteristic. Remaining instances are built over finite fields of large characteristic and their security relies on the fact that the embedding field of the underlying curve is relatively large. How large is debatable. The aim of our work is to sustain the claim that the combination of degree 3 embedding and too small finite fields obviously does not provide enough security. As a computational example, we solve the DLP on a 170-bit MNT curve, by exploiting the pairing embedding to a 508-bit, degree-3 extension of the base field.Comment: to appear in the Lecture Notes in Computer Science (LNCS

On sets of irreducible polynomials closed by composition

Let $\mathcal S$ be a set of monic degree $2$ polynomials over a finite field and let $C$ be the compositional semigroup generated by $\mathcal S$. In this paper we establish a necessary and sufficient condition for $C$ to be consisting entirely of irreducible polynomials. The condition we deduce depends on the finite data encoded in a certain graph uniquely determined by the generating set $\mathcal S$. Using this machinery we are able both to show examples of semigroups of irreducible polynomials generated by two degree $2$ polynomials and to give some non-existence results for some of these sets in infinitely many prime fields satisfying certain arithmetic conditions

Magnetoacoustic waves and the Kelvin-Helmholtz instability in a steady asymmetric slab

Recent observations have shown that bulk flow motions in structured solar plasmas, most evidently in coronal mass ejections (CMEs), may lead to the formation of Kelvin–Helmholtz instabilities (KHIs). Analytical models are thus essential in understanding both how the flows affect the propagation of magnetohydrodynamic (MHD) waves, and what the critical flow speed is for the formation of the KHI. We investigate both these aspects in a novel way: in a steady magnetic slab embedded in an asymmetric environment. The exterior of the slab is defined as having different equilibrium values of the background density, pressure, and temperature on either side. A steady flow and constant magnetic field are present in the slab interior. Approximate solutions to the dispersion relation are obtained analytically and classified with respect to mode and speed. General solutions and the KHI thresholds are obtained numerically. It is shown that, generally, both the KHI critical value and the cut-off speeds for magnetoacoustic waves are lowered by the external asymmetry

Commentary: A Citizenship without Social Rights? EU Freedom of Movement and Changing Access to Welfare Rights

Despite not being grounded in the classic nation‐building dynamic of citizenship identified by T.H.Marshall, EU citizenship offers social rights and welfare protection to non‐nationals on a principle of non‐discrimination. We narrate a creeping process of retrenchment by which European member states have used policy strategies to undermine this principle, by transforming the unique idea of free movement of persons in the EU to just another form of “immigration” which can be subject to selectivity and exclusion. As Europe’s multiple recent crises have unfolded, political resources were found to effect this transformation tangibly via reshaping access to welfare for EU citizens. Focusing on the cases of the UK and Germany, we discuss how, despite their distinctive welfare regimes and labour market systems, these two countries have led the way toward a dismantling of non‐discrimination for EU citizens and effectively the end of the anomalous ‘post‐national’ dimension of European citizenship

Extended Tower Number Field Sieve with Application to Finite Fields of Arbitrary Composite Extension Degree

We propose a generalization of exTNFS algorithm recently introduced by Kim and Barbulescu (CRYPTO 2016). The algorithm, exTNFS, is a state-of-the-art algorithm for discrete logarithm in $\mathbb{F}_{p^n}$ in the medium prime case, but it only applies when $n=\eta\kappa$ is a composite with nontrivial factors $\eta$ and $\kappa$ such that $\gcd(\eta,\kappa)=1$. Our generalization, however, shows that exTNFS algorithm can be also adapted to the setting with an arbitrary composite $n$ maintaining its best asymptotic complexity. We show that one can solve discrete logarithm in medium case in the running time of $L_{p^n}(1/3, \sqrt[3]{48/9})$ (resp. $L_{p^n}(1/3, 1.71)$ if multiple number fields are used), where $n$ is an \textit{arbitrary composite}. This should be compared with a recent variant by Sarkar and Singh (Asiacrypt 2016) that has the fastest running time of $L_{p^n}(1/3, \sqrt[3]{64/9})$ (resp. $L_{p^n}(1/3, 1.88)$) when $n$ is a power of prime 2. When $p$ is of special form, the complexity is further reduced to $L_{p^n}(1/3, \sqrt[3]{32/9})$. On the practical side, we emphasize that the keysize of pairing-based cryptosystems should be updated following to our algorithm if the embedding degree $n$ remains composite

New Complexity Trade-Offs for the (Multiple) Number Field Sieve Algorithm in Non-Prime Fields

The selection of polynomials to represent number fields crucially determines the efficiency of the Number Field Sieve (NFS) algorithm for solving the discrete logarithm in a finite field. An important recent work due to Barbulescu et al. builds upon existing works to propose two new methods for polynomial selection when the target field is a non-prime field. These methods are called the generalised Joux-Lercier (GJL) and the Conjugation methods. In this work, we propose a new method (which we denote as $\mathcal{A}$) for polynomial selection for the NFS algorithm in fields $\mathbb{F}_{Q}$, with $Q=p^n$ and $n>1$. The new method both subsumes and generalises the GJL and the Conjugation methods and provides new trade-offs for both $n$ composite and $n$ prime. Let us denote the variant of the (multiple) NFS algorithm using the polynomial selection method ``{X} by (M)NFS-{X}. Asymptotic analysis is performed for both the NFS-$\mathcal{A}$ and the MNFS-$\mathcal{A}$ algorithms. In particular, when $p=L_Q(2/3,c_p)$, for $c_p\in [3.39,20.91]$, the complexity of NFS-$\mathcal{A}$ is better than the complexities of all previous algorithms whether classical or MNFS. The MNFS-$\mathcal{A}$ algorithm provides lower complexity compared to NFS-$\mathcal{A}$ algorithm; for $c_p\in (0, 1.12] \cup [1.45,3.15]$, the complexity of MNFS-$\mathcal{A}$ is the same as that of the MNFS-Conjugation and for $c_p\notin (0, 1.12] \cup [1.45,3.15]$, the complexity of MNFS-$\mathcal{A}$ is lower than that of all previous methods

A General Polynomial Selection Method and New Asymptotic Complexities for the Tower Number Field Sieve Algorithm

In a recent work, Kim and Barbulescu had extended the tower number field sieve algorithm to obtain improved asymptotic complexities in the medium prime case for the discrete logarithm problem on $\mathbb{F}_{p^n}$ where $n$ is not a prime power. Their method does not work when $n$ is a composite prime power. For this case, we obtain new asymptotic complexities, e.g., $L_{p^n}(1/3,(64/9)^{1/3})$ (resp. $L_{p^n}(1/3,1.88)$ for the multiple number field variation) when $n$ is composite and a power of 2; the previously best known complexity for this case is $L_{p^n}(1/3,(96/9)^{1/3})$ (resp. $L_{p^n}(1/3,2.12)$). These complexities may have consequences to the selection of key sizes for pairing based cryptography. The new complexities are achieved through a general polynomial selection method. This method, which we call Algorithm-$\mathcal{C}$, extends a previous polynomial selection method proposed at Eurocrypt 2016 to the tower number field case. As special cases, it is possible to obtain the generalised Joux-Lercier and the Conjugation method of polynomial selection proposed at Eurocrypt 2015 and the extension of these methods to the tower number field scenario by Kim and Barbulescu. A thorough analysis of the new algorithm is carried out in both concrete and asymptotic terms

An analytical model of the Kelvin–Helmholtz instability of transverse coronal loop oscillations

Recent numerical simulations have demonstrated that transverse coronal loop oscillations are susceptible to the Kelvin–Helmholtz (KH) instability due to the counterstreaming motions at the loop boundary. We present the first analytical model of this phenomenon. The region at the loop boundary where the shearing motions are greatest is treated as a straight interface separating time-periodic counterstreaming flows. In order to consider a twisted tube, the magnetic field at one side of the interface is inclined. We show that the evolution of the displacement at the interface is governed by Mathieu's equation, and we use this equation to study the stability of the interface. We prove that the interface is always unstable and that, under certain conditions, the magnetic shear may reduce the instability growth rate. The result, that the magnetic shear cannot stabilize the interface, explains the numerically found fact that the magnetic twist does not prevent the onset of the KH instability at the boundary of an oscillating magnetic tube. We also introduce the notion of the loop σ-stability. We say that a transversally oscillating loop is σ-stable if the KH instability growth time is larger than the damping time of the kink oscillation. We show that even relatively weakly twisted loops are σ-stable

Triple valve infective endocarditis - a late diagnosis

Behcet\u27s disease is a systemic vasculitis of unknown aetiology with cardiac involvement as well as damage to other organs. Whether the sterile valvular inflammation which occurs in this autoimmune disease predisposes to bacterial adhesion and infective endocarditis is not yet established. We present the case of a patient with Behcet disease in which transthoracic echocardiography showed mobile masses on the aortic, tricuspid, and mitral valves, leading to multivalvular infective endocarditis diagnosis, possibly in the context of valvular inflammation. The case presented in this article confirms observation of other studies, namely that ultrasonography plays an important role in the diagnosis and evaluation of rheumatic diseases and permits optimal management in daily practice