Space--Time Tradeoffs for Subset Sum: An Improved Worst Case Algorithm

The technique of Schroeppel and Shamir (SICOMP, 1981) has long been the most efficient way to trade space against time for the SUBSET SUM problem. In the random-instance setting, however, improved tradeoffs exist. In particular, the recently discovered dissection method of Dinur et al. (CRYPTO 2012) yields a significantly improved space--time tradeoff curve for instances with strong randomness properties. Our main result is that these strong randomness assumptions can be removed, obtaining the same space--time tradeoffs in the worst case. We also show that for small space usage the dissection algorithm can be almost fully parallelized. Our strategy for dealing with arbitrary instances is to instead inject the randomness into the dissection process itself by working over a carefully selected but random composite modulus, and to introduce explicit space--time controls into the algorithm by means of a "bailout mechanism"

Asymptotic Properties of Difference Equations for Isotropic Loop Quantum Cosmology

In loop quantum cosmology, a difference equation for the wave function describes the evolution of a universe model. This is different from the differential equations that arise in Wheeler-DeWitt quantizations, and some aspects of general properties of solutions can appear differently. Properties of particular interest are boundedness and the presence of small-scale oscillations. Continued fraction techniques are used to show in different matter models the presence of special initial conditions leading to bounded solutions, and an explicit expression for these initial values is derived.Comment: 27 pages, 2 figure

An Improved Exact Algorithm for the Exact Satisfiability Problem

The Exact Satisfiability problem, XSAT, is defined as the problem of finding a satisfying assignment to a formula $\varphi$ in CNF such that exactly one literal in each clause is assigned to be "1" and the other literals in the same clause are set to "0". Since it is an important variant of the satisfiability problem, XSAT has also been studied heavily and has seen numerous improvements to the development of its exact algorithms over the years. The fastest known exact algorithm to solve XSAT runs in $O(1.1730^n)$ time, where $n$ is the number of variables in the formula. In this paper, we propose a faster exact algorithm that solves the problem in $O(1.1674^n)$ time. Like many of the authors working on this problem, we give a DPLL algorithm to solve it. The novelty of this paper lies on the design of the nonstandard measure, to help us to tighten the analysis of the algorithm further

Low-Power Elliptic Curve Cryptography Using Scaled Modular Arithmetic

We introduce new modulus scaling techniques for transforming a class of primes into special forms which enables efficient arithmetic. The scaling technique may be used to improve multiplication and inversion in finite fields. We present an efficient inversion algorithm that utilizes the structure of scaled modulus. Our inversion algorithm exhibits superior performance to the Euclidean algorithm and lends itself to efficient hardware implementation due to its simplicity. Using the scaled modulus technique and our specialized inversion algorithm we develop an elliptic curve processor architecture. The resulting architecture successfully utilizes redundant representation of elements in GF(p) and provides a low-power, high speed, and small footprint specialized elliptic curve implementation

Efficient algorithms for pairing-based cryptosystems

We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable to that of RSA in larger characteristics.We also propose faster algorithms for scalar multiplication in characteristic 3 and square root extraction over Fpm, the latter technique being also useful in contexts other than that of pairing-based cryptography

Deducing in Vivo Toxicity of Combustion-Derived Nanoparticles from a Cell-Free Oxidative Potency Assay and Metabolic Activation of Organic Compounds

BACKGROUND: The inhalation of combustion-derived nanoparticles (CDNPs) is believed to cause an oxidative stress response, which in turn may lead to pulmonary or even systemic inflammation. OBJECTIVE AND METHODS: In this study we assessed whether the in vivo inflammatory response-which is generally referred to as particle toxicity-of mice to CDNPs can be predicted in vitro by a cell-free ascorbate test for the surface reactivity or, more precisely, oxidative potency (Ox(Pot),) of particles. RESULTS: For six types of CDNPs with widely varying particle diameter (10-50 nm), organic content (OC; 1-20%), and specific Brunauer, Emmett, and Teller (BET) surface area (43-800 m(2)/g), Ox(Pot) correlated strongly with the in vivo inflammatory response (pulmonary polymorphonuclear neutrophil influx 24 hr after intratracheal particle instillation). However, for CDNPs with high organic content, Ox(Pot) could not explain the observed inflammatory response, possibly due to shielding of the Ox(Pot) of the carbon core of CDNPs by an organic coating. On the other hand, a pathway-specific gene expression screen indicated that, for particles rich in polycyclic aromatic hydrocarbon (PAHs), cytochrome P450 1A1 (CYP1A1) enzyme-mediated biotransformation of bioavailable organics may generate oxidative stress and thus enhance the in vivo inflammatory response. CONCLUSION: The compensatory nature of both effects (shielding of carbon core and biotransformation of PAHs) results in a good correlation between inflammatory response and BET surface area for all CDNPs. Hence, the in vivo inflammatory response can either be predicted by BET surface area or by a simple quantitative model, based on in vitro Ox(Pot) and Cyp1a1 induction

A low-memory algorithm for finding short product representations in finite groups

We describe a space-efficient algorithm for solving a generalization of the subset sum problem in a finite group G, using a Pollard-rho approach. Given an element z and a sequence of elements S, our algorithm attempts to find a subsequence of S whose product in G is equal to z. For a random sequence S of length d log_2 n, where n=#G and d >= 2 is a constant, we find that its expected running time is O(sqrt(n) log n) group operations (we give a rigorous proof for d > 4), and it only needs to store O(1) group elements. We consider applications to class groups of imaginary quadratic fields, and to finding isogenies between elliptic curves over a finite field.Comment: 12 page

The EGS Grading Scale For Skin And Soft Tissue Infections Is Predictive Of Poor Outcomes : A Multicenter Validation Study

Introduction: Over the last five years, the American Association for the Surgery of Trauma (AAST) has developed grading scales for Emergency General Surgery (EGS) diseases. In a prior validation study using diverticulitis, the grading scales were predictive of complications and length of stay. As EGS encompasses diverse diseases, the purpose of this study was to validate the grading scale concept against a different disease process with a higher associated mortality. We hypothesized that the grading scale would be predictive of complications, length of stay and mortality in skin and soft tissue infections (STI). Methods: This multi-institutional trial encompassed 12 centers. Data collected included demographic variables, disease characteristics and outcomes such as mortality, overall complications, hospital and ICU length of stay. The EGS scale for STI was used to grade each infection and two surgeons graded each case to evaluate inter-rater reliability. Results: 1170 patients were included in this study. Inter-rater reliability was moderate (kappa coefficient 0.472-0.642, with 64-76% agreement). Higher grades (IV and V) corresponded to significantly higher LRINEC scores when compared with lower EGS grades. Patients with grade IV and V STI had significantly increased odds of all complications, as well as ICU and overall length of stay. These associations remained significant in logistic regression controlling for age, gender, comorbidities, mental status and hospital-level volume. Grade V disease was significantly associated with mortality as well. Conclusion: This validation effort demonstrates that Grade IV and V STI are significantly predictive of complications, hospital length of stay and mortality. Though predictive ability does not improve linearly with STI grade, this is consistent with the clinical disease process, in which lower grades represent cellulitis and abscess and higher grades are invasive infections. This second validation study confirms the EGS grading scale as predictive, and easily used, in disparate disease processes

Attacking the Knudsen-Preneel Compression Functions

Abstract. Knudsen and Preneel (Asiacrypt’96 and Crypto’97) introduced a hash function design in which a linear error-correcting code is used to build a wide-pipe compression function from underlying blockciphers operating in Davies-Meyer mode. Their main design goal was to deliver compression functions with collision resistance up to, and even beyond, the block size of the underlying blockciphers. In this paper, we (re)analyse the preimage resistance of the Knudsen-Preneel compression functions in the setting of public random func-tions. We give a new preimage attack that is based on two observations. First, by using the right kind of queries it is possible to mount a non-adaptive preimage attack that is optimal in terms of query complexity. Second, by exploiting the dual code the subsequent problem of reconstructing a preimage from the queries can be rephrased as a problem related to the generalized birthday problem. As a consequence, the time complexity of our attack is intimately tied to the minimum distance of the dual code. Our new attack consistently beats the one given by Knudsen and Preneel (in one case our preimage attack even beats their collision attack) and demonstrates that the gap between their claimed collision resistance and the actual preimage resistance is surprisingly small. Moreover, our new attack falsifies their (conjectured) preimage resistance security bound and shows that intuitive bounds based on the number of ‘active ’ components can be treacherous. Complementing our attack is a formal analysis of the query complexity (both lower and upper bounds) of preimage-finding attacks. This analysis shows that for many concrete codes the time complexity of our attack is optimal.