The Existence of Cycles in the Supersingular Isogeny Graphs Used in SIKE

In this paper, we consider the structure of isogeny graphs in SIDH, that is an isogeny-based key-exchange protocol. SIDH is the underlying protocol of SIKE, which is one of the candidates for NIST post quantum cryptography standardization. Since the security of SIDH is based on the hardness of the path-finding problem in isogeny graphs, it is important to study those structure. The existence of cycles in isogeny graph is related to the path-finding problem, so we investigate cycles in the graphs used in SIKE. In particular, we focus on SIKEp434 and SIKEp503, which are the parameter sets of SIKE claimed to satisfy the NIST security level 1 and 2, respectively. We show that there are two cycles in the 3-isogeny graph in SIKEp434, and there is no cycles in the other graphs in SIKEp434 and SIKEp503

Lower bound of costs of formulas to compute image curves of 33-isogenies in the framework of generalized Montgomery coordinates

In 2022, Moriya, Onuki, Aikawa, and Takagi proposed a new framework named generalized Montgomery coordinates to treat one-coordinate type formulas to compute isogenies. This framework generalizes some already known one-coordinate type formulas of elliptic curves. Their result shows that a formula to compute image points under isogenies is unique in the framework of generalized Montogmery coordinates; however, a formula to compute image curves is not unique. Therefore, we have a question: What formula is the most efficient to compute image curves in the framework of generalized Montogmery coordinates? In this paper, we analyze the costs of formulas to compute image curves of $3$-isogenies in the framework of generalized Montgomery coordinates. From our result, the lower bound of the costs is $1\mathbf{M}+1\mathbf{S}$ as a formula whose output and input are in affine coordinates, $2\mathbf{S}$ as an affine formula whose output is projective, and $2\mathbf{M}+3\mathbf{S}$ as a projective formula

The Generalized Montgomery Coordinate: A New Computational Tool for Isogeny-based Cryptography

Recently, some studies have constructed one-coordinate arithmetics on elliptic curves. For example, formulas of the $x$-coordinate of Montgomery curves, $x$-coordinate of Montgomery$^-$ curves, $w$-coordinate of Edwards curves, $w$-coordinate of Huff\u27s curves, $\omega$-coordinates of twisted Jacobi intersections have been proposed. These formulas are useful for isogeny-based cryptography because of their compactness and efficiency. In this paper, we define a novel function on elliptic curves called the generalized Montgomery coordinate that has the five coordinates described above as special cases. For a generalized Montgomery coordinate, we construct an explicit formula of scalar multiplication that includes the division polynomial, and both a formula of an image point under an isogeny and that of a coefficient of the codomain curve. Finally, we present two applications of the theory of a generalized Montgomery coordinate. The first one is the construction of a new efficient formula to compute isogenies on Montgomery curves. This formula is more efficient than the previous one for high degree isogenies as the $\sqrt{\vphantom{2}}$\\u27{e}lu\u27s formula in our implementation. The second one is the construction of a new generalized Montgomery coordinate for Montgomery$^-$ curves used for CSURF

A Faster Constant-time Algorithm of CSIDH keeping Two Points

At ASIACRYPT 2018, Castryck, Lange, Martindale, Panny and Renes proposed CSIDH, which is a key-exchange protocol based on isogenies between elliptic curves, and a candidate for post-quantum cryptography. However, the implementation by Castryck et al. is not constant-time. Specifically, a part of the secret key could be recovered by the side-channel Attacks. Recently, Meyer, Campos and Reith proposed a constant-time implementation of CSIDH by introducing dummy isogenies and taking secret exponents only from intervals of non-negative integers. Their non-negative intervals make the calculation cost of their implementation of CSIDH twice that of the worst case of the standard (variable-time) implementation of CSIDH. In this paper, we propose a more efficient constant-time algorithm that takes secret exponents from intervals symmetric with respect to the zero. For using these intervals, we need to keep two torsion points in an elliptic curve and calculation for these points. We evaluate the costs of our implementation and that of Meyer et al. in terms of the number of operations on a finite prime field. Our evaluation shows that our constant-time implementation of CSIDH reduces the calculation cost by 28.23% compared with the implementation by Mayer et al. We also implemented our algorithm by extending the implementation in C of Meyer et al. (originally from Castryck et al.). Then our implementation achieved 152.8 million clock cycles, which is about 29.03% faster than that of Meyer et al. and confirms the above reduction ratio in our cost evaluation

Whole-genome analysis of human papillomavirus genotypes 52 and 58 isolated from Japanese women with cervical intraepithelial neoplasia and invasive cervical cancer

BackgroundHuman papillomavirus genotypes 52 and 58 (HPV52/58) are frequently detected in patients with cervical intraepithelial neoplasia (CIN) and invasive cervical cancer (ICC) in East Asian countries including Japan. As with other HPV genotypes, HPV52/58 consist of multiple lineages of genetic variants harboring less than 10% differences between complete genome sequences of the same HPV genotype. However, site variations of nucleotide and amino acid sequences across the viral whole-genome have not been fully examined for HPV52/58. The aim of this study was to investigate genetic variations of HPV52/58 prevalent among Japanese women by analyzing the viral whole-genome sequences.MethodsThe entire genomic region of HPV52/58 was amplified by long-range PCR with total cellular DNA extracted from cervical exfoliated cells isolated from Japanese patients with CIN or ICC. The amplified DNA was subjected to next generation sequencing to determine the complete viral genome sequences. Phylogenetic analyses were performed with the whole-genome sequences to assign variant lineages/sublineages to the HPV52/58 isolates. The variability in amino acid sequences of viral proteins was assessed by calculating the Shannon entropy scores at individual amino acid positions of HPV proteins.ResultsAmong 52 isolates of HPV52 (CIN1, n = 20; CIN2/3, n = 21; ICC, n = 11), 50 isolates belonged to lineage B (sublineage B2) and two isolates belonged to lineage A (sublineage A1). Among 48 isolates of HPV58 (CIN1, n = 21; CIN2/3, n = 19; ICC, n = 8), 47 isolates belonged to lineage A (sublineages A1/A2/A3) and one isolate belonged to lineage C. Single nucleotide polymorphisms specific for individual variant lineages were determined throughout the viral genome based on multiple sequence alignments of the Japanese HPV52/58 isolates and reference HPV52/58 genomes. Entropy analyses revealed that the E1 protein was relatively variable among the HPV52 isolates, whereas the E7, E4, and L2 proteins showed some variations among the HPV58 isolates.ConclusionsAmong the HPV52/58-positive specimens from Japanese women with CIN/ICC, the variant distributions were strongly biased toward lineage B for HPV52 and lineage A for HPV58 across histological categories. Different patterns of amino acid variations were observed in HPV52 and HPV58 across the viral whole-genome

Epicardial Adipose Tissue in the Right Atrium Is Associated with Progression of Atrial Fibrillation and Recurrence after Pulmonary Vein Catheter Ablation in Patients with Atrial Fibrillation

An increase in epicardial adipose tissue（EAT）in the left atrium（LA）predicts the progression of atrial fibrillation（AF）and AF recurrence after pulmonary vein catheter ablation（CA）. We hypothesized that EAT in the right atrium（RA）is also associated with the progression of AF and post-CA AF recurrence. Using 128-slice multidetector computed tomography, EAT volume and atrial volume were measured 3-dimensionally before CA in 68 patients who had proven AF（paroxysmal AF, 42; persistent AF, 26; mean age, 65±11 years; 42.6％ female）with successful CA and 21 volunteers with sinus rhythm（age, 63±13 years; 52.3％ female）. In both atria, EAT and atrial volumes were largest in patients with persistent AF, followed, in order, by those with paroxysmal AF, and then healthy volunteers（P＜0.001）. Increased EAT and atrial volumes in both atria predicted persistent AF（P＜0.001）. Fifteen patients had AF recurrence（22.1％）during the 2-year period after CA. Increased EAT volume in both atria were independent predictors for AF recurrence, and a RA EAT volume≥6.2ml was an independent predictor, with a hazard ratio of 5.47（95％ confidence interval, 1.2-24.3; P=0.03）. The combination of EAT and atrial volume in both atria was a more powerful independent prognostic factor, with a hazard ratio of 4.8（95％ confidence interval, 1.7-3.7; P=0.003）, and a sensitivity of 60％ in 9 of 15 patients, and specificity of 81.1％ in 43 of 53 patients,（P=0.003）. RA EAT is associated with the progression of AF and post-CA AF recurrence

Research and Design of a Routing Protocol in Large-Scale Wireless Sensor Networks

无线传感器网络，作为全球未来十大技术之一，集成了传感器技术、嵌入式计算技术、分布式信息处理和自组织网技术，可实时感知、采集、处理、传输网络分布区域内的各种信息数据，在军事国防、生物医疗、环境监测、抢险救灾、防恐反恐、危险区域远程控制等领域具有十分广阔的应用前景。 本文研究分析了无线传感器网络的已有路由协议，并针对大规模的无线传感器网络设计了一种树状路由协议，它根据节点地址信息来形成路由，从而简化了复杂繁冗的路由表查找和维护，节省了不必要的开销，提高了路由效率，实现了快速有效的数据传输。 为支持此路由协议本文提出了一种自适应动态地址分配算——ADAR（AdaptiveDynamicAddre...As one of the ten high technologies in the future, wireless sensor network, which is the integration of micro-sensors, embedded computing, modern network and Ad Hoc technologies, can apperceive, collect, process and transmit various information data within the region. It can be used in military defense, biomedical, environmental monitoring, disaster relief, counter-terrorism, remote control of haz...学位：工学硕士院系专业：信息科学与技术学院通信工程系_通信与信息系统学号：2332007115216