Batching CSIDH Group Actions using AVX-512

Commutative Supersingular Isogeny Diffie-Hellman (or CSIDH for short) is a recently-proposed post-quantum key establishment scheme that belongs to the family of isogeny-based cryptosystems. The CSIDH protocol is based on the action of an ideal class group on a set of supersingular elliptic curves and comes with some very attractive features, e.g. the ability to serve as a “drop-in” replacement for the standard elliptic curve Diffie-Hellman protocol. Unfortunately, the execution time of CSIDH is prohibitively high for many real-world applications, mainly due to the enormous computational cost of the underlying group action. Consequently, there is a strong demand for optimizations that increase the efficiency of the class group action evaluation, which is not only important for CSIDH, but also for related cryptosystems like the signature schemes CSI-FiSh and SeaSign. In this paper, we explore how the AVX-512 vector extensions (incl. AVX-512F and AVX-512IFMA) can be utilized to optimize constant-time evaluation of the CSIDH-512 class group action with the goal of, respectively, maximizing throughput and minimizing latency. We introduce different approaches for batching group actions and computing them in SIMD fashion on modern Intel processors. In particular, we present a hybrid batching technique that, when combined with optimized (8 × 1)-way prime-field arithmetic, increases the throughput by a factor of 3.64 compared to a state-of-the-art (non-vectorized) x64 implementation. On the other hand, vectorization in a 2-way fashion aimed to reduce latency makes our AVX-512 implementation of the group action evaluation about 1.54 times faster than the state-of-the-art. To the best of our knowledge, this paper is the first to demonstrate the high potential of using vector instructions to increase the throughput (resp. decrease the latency) of constant-time CSIDH.

Download Full-text

Breaking the Decisional Diffie-Hellman Problem for Class Group Actions Using Genus Theory

Advances in Cryptology – CRYPTO 2020 - Lecture Notes in Computer Science ◽

10.1007/978-3-030-56880-1_4 ◽

2020 ◽

pp. 92-120 ◽

Cited By ~ 2

Author(s):

Wouter Castryck ◽

Jana Sotáková ◽

Frederik Vercauteren

Keyword(s):

Class Group ◽

Group Actions ◽

Genus Theory ◽

Diffie Hellman

Download Full-text

On the family of Riemann surfaces with tetrahedral group action

Kodai Mathematical Journal ◽

10.2996/kmj/1572487229 ◽

2019 ◽

Vol 42 (3) ◽

pp. 476-495

Author(s):

Ryota Hirakawa

Keyword(s):

Group Action ◽

Riemann Surfaces ◽

The Family

Download Full-text

Optimized CSIDH Implementation Using a 2-Torsion Point

Cryptography ◽

10.3390/cryptography4030020 ◽

2020 ◽

Vol 4 (3) ◽

pp. 20 ◽

Cited By ~ 1

Author(s):

Donghoe Heo ◽

Suhri Kim ◽

Kisoon Yoon ◽

Young-Ho Park ◽

Seokhie Hong

Keyword(s):

Elliptic Curve ◽

Group Action ◽

Large Degree ◽

Transitive Group ◽

Optimization Method ◽

Torsion Point ◽

Torsion Points ◽

Diffie Hellman ◽

Odd Degree ◽

Montgomery Curve

The implementation of isogeny-based cryptography mainly use Montgomery curves, as they offer fast elliptic curve arithmetic and isogeny computation. However, although Montgomery curves have efficient 3- and 4-isogeny formula, it becomes inefficient when recovering the coefficient of the image curve for large degree isogenies. Because the Commutative Supersingular Isogeny Diffie-Hellman (CSIDH) requires odd-degree isogenies up to at least 587, this inefficiency is the main bottleneck of using a Montgomery curve for CSIDH. In this paper, we present a new optimization method for faster CSIDH protocols entirely on Montgomery curves. To this end, we present a new parameter for CSIDH, in which the three rational two-torsion points exist. By using the proposed parameters, the CSIDH moves around the surface. The curve coefficient of the image curve can be recovered by a two-torsion point. We also proved that the CSIDH while using the proposed parameter guarantees a free and transitive group action. Additionally, we present the implementation result using our method. We demonstrated that our method is 6.4% faster than the original CSIDH. Our works show that quite higher performance of CSIDH is achieved while only using Montgomery curves.

Download Full-text

Plant Leaf Disease Recognition Using Depth-Wise Separable Convolution-Based Models

Symmetry ◽

10.3390/sym13030511 ◽

2021 ◽

Vol 13 (3) ◽

pp. 511

Author(s):

Syed Mohammad Minhaz Hossain ◽

Kaushik Deb ◽

Pranab Kumar Dhar ◽

Takeshi Koshiba

Keyword(s):

State Of The Art ◽

Computational Cost ◽

Region Of Interest ◽

Number Of Clusters ◽

Plant Leaf ◽

Leaf Disease ◽

Automatic Initialization ◽

Adequate Accuracy ◽

Model Size ◽

High Computational Cost

Proper plant leaf disease (PLD) detection is challenging in complex backgrounds and under different capture conditions. For this reason, initially, modified adaptive centroid-based segmentation (ACS) is used to trace the proper region of interest (ROI). Automatic initialization of the number of clusters (K) using modified ACS before recognition increases tracing ROI’s scalability even for symmetrical features in various plants. Besides, convolutional neural network (CNN)-based PLD recognition models achieve adequate accuracy to some extent. However, memory requirements (large-scaled parameters) and the high computational cost of CNN-based PLD models are burning issues for the memory restricted mobile and IoT-based devices. Therefore, after tracing ROIs, three proposed depth-wise separable convolutional PLD (DSCPLD) models, such as segmented modified DSCPLD (S-modified MobileNet), segmented reduced DSCPLD (S-reduced MobileNet), and segmented extended DSCPLD (S-extended MobileNet), are utilized to represent the constructive trade-off among accuracy, model size, and computational latency. Moreover, we have compared our proposed DSCPLD recognition models with state-of-the-art models, such as MobileNet, VGG16, VGG19, and AlexNet. Among segmented-based DSCPLD models, S-modified MobileNet achieves the best accuracy of 99.55% and F1-sore of 97.07%. Besides, we have simulated our DSCPLD models using both full plant leaf images and segmented plant leaf images and conclude that, after using modified ACS, all models increase their accuracy and F1-score. Furthermore, a new plant leaf dataset containing 6580 images of eight plants was used to experiment with several depth-wise separable convolution models.

Download Full-text

State of the Art — 1973

Canadian Psychiatric Association Journal ◽

10.1177/070674377301800301 ◽

1973 ◽

Vol 18 (3) ◽

pp. 175-183 ◽

Cited By ~ 10

Author(s):

Nathan B. Epstein ◽

Duane S. Bishop

Keyword(s):

State Of The Art ◽

Therapeutic Process ◽

Scientific Discipline ◽

Therapeutic Approaches ◽

Training And Education ◽

Rigorous Approach ◽

The Family ◽

Process And Outcome ◽

Scientific Approach ◽

Made In

In summary, it can be said that progress is being made in the field, but slowly. The ‘art’ is vigorous, vital and exciting. The ranks of family therapists are swelling and they are coming from backgrounds of different theoretical persuasions and with varying degrees of sophistication in their training and education. This mélange does lead to excitement and turbulence but often detracts from the necessary rigour that a scientific discipline must develop in order to reach maturity. Systems theory allows for easy conceptualization of one another's behaviour in the system, and permits a much clearer understanding of the therapeutic process based upon it, in contrast to therapeutic approaches based on other models. The authors found negotiation to be therapeutically effective when made explicit. In addition they place the focus on the ‘here and now’ and encourage the increased labeling by family members of interactions (affective and behavioural) and their effects (affective and behavioural), according to the Family Categories Schema previously referred to. Efforts are directed especially towards dealing with the current resistances to problem solutions. Epstein et al. have reported on an ongoing program of research which attempts to examine the process and outcome of family therapy (7,10,21,22,25,26). What is needed now is a more rigorous approach to research and the development of a necessary theoretical base in order that a more systematic and scientific approach can be developed for treating families.

Download Full-text

G-Hypergroups: Hypergroups with a Group-Isomorphic Heart

Mathematics ◽

10.3390/math10020240 ◽

2022 ◽

Vol 10 (2) ◽

pp. 240

Author(s):

Mario De Salvo ◽

Dario Fasino ◽

Domenico Freni ◽

Giovanni Lo Faro

Keyword(s):

Group Actions ◽

Torsion Group ◽

Large Classes ◽

Trivial Group ◽

The Family ◽

Nontrivial Group ◽

The Right

Hypergroups can be subdivided into two large classes: those whose heart coincide with the entire hypergroup and those in which the heart is a proper sub-hypergroup. The latter class includes the family of 1-hypergroups, whose heart reduces to a singleton, and therefore is the trivial group. However, very little is known about hypergroups that are neither 1-hypergroups nor belong to the first class. The goal of this work is to take a first step in classifying G-hypergroups, that is, hypergroups whose heart is a nontrivial group. We introduce their main properties, with an emphasis on G-hypergroups whose the heart is a torsion group. We analyze the main properties of the stabilizers of group actions of the heart, which play an important role in the construction of multiplicative tables of G-hypergroups. Based on these results, we characterize the G-hypergroups that are of type U on the right or cogroups on the right. Finally, we present the hyperproduct tables of all G-hypergroups of size not larger than 5, apart of isomorphisms.

Download Full-text

A Provably Secure ID-Based Signcryption Protocol for Secure and Authentic Energy Efficient Communication

10.21203/rs.3.rs-399509/v1 ◽

2021 ◽

Author(s):

Sunil Kumar ◽

Pratik Gupta ◽

Dharminder Dharminder

Keyword(s):

Computational Cost ◽

Single Step ◽

Step Method ◽

Performance Review ◽

Diffie Hellman ◽

Cryptographic Primitive ◽

Energy Efficient Communication ◽

Efficient Communication ◽

Identity Based ◽

Provably Secure

Abstract Singcryption was first proposed by Yuliang Zheng [1] in 1997, based on the construction of a shortened ElGamal-based signature scheme in parallel to authenticated encryption in a symmetric environment. Signcryption is a cryptographic primitive that enables the conventional two-step method of secure and authenticated message transmission or storage (sign-then-encrypt or encrypt-then-sign) to be done in a single step at a much lower computational cost than the traditional two-step approach. This article concentrates on designing a provably secure identity-based signcryption (IBSC) scheme. The user performs pairing-free computation during encryption in the proposed scheme, making it user-side effective. In addition, the IBSC structure is shown to be secure when dealing with modified bilinear Diffie-Hellman inversion (MBDHI) and modified bilinear strong Diffie-Hellman (MBSDH) problems. The proposed framework supports efficient communication, protection against chosen cipher attack, and existential unforgeability against chosen message attack, according to the performance review of IBSC with related schemes.

Download Full-text

The SQALE of CSIDH: sublinear Vélu quantum-resistant isogeny action with low exponents

Journal of Cryptographic Engineering ◽

10.1007/s13389-021-00271-w ◽

2021 ◽

Author(s):

Jorge Chávez-Saab ◽

Jesús-Javier Chi-Domínguez ◽

Samuel Jaques ◽

Francisco Rodríguez-Henríquez

Keyword(s):

Group Action ◽

Key Exchange ◽

Commutative Group ◽

Constant Time ◽

Square Root ◽

Resource Constrained ◽

Key Exchange Protocol ◽

Security Levels ◽

Commutative Group Action

AbstractRecent independent analyses by Bonnetain–Schrottenloher and Peikert in Eurocrypt 2020 significantly reduced the estimated quantum security of the isogeny-based commutative group action key-exchange protocol CSIDH. This paper refines the estimates of a resource-constrained quantum collimation sieve attack to give a precise quantum security to CSIDH. Furthermore, we optimize large CSIDH parameters for performance while still achieving the NIST security levels 1, 2, and 3. Finally, we provide a C-code constant-time implementation of those CSIDH large instantiations using the square-root-complexity Vélu’s formulas recently proposed by Bernstein, De Feo, Leroux and Smith.

Download Full-text

Literary socialization in the family: A state of the art

Poetics ◽

10.1016/0304-422x(91)90024-j ◽

1991 ◽

Vol 20 (5-6) ◽

pp. 539-558 ◽

Cited By ~ 8

Author(s):

W. van Peer

Keyword(s):

State Of The Art ◽

The Family

Download Full-text

Y-Net: Dual-branch Joint Network for Semantic Segmentation

ACM Transactions on Multimedia Computing Communications and Applications ◽

10.1145/3460940 ◽

2021 ◽

Vol 17 (4) ◽

pp. 1-22

Author(s):

Yizhen Chen ◽

Haifeng Hu

Keyword(s):

Feature Vector ◽

State Of The Art ◽

Computational Cost ◽

Receptive Fields ◽

Semantic Segmentation ◽

Global Context ◽

Multi Level ◽

The One ◽

Public Datasets ◽

High Level

Most existing segmentation networks are built upon a “ U -shaped” encoder–decoder structure, where the multi-level features extracted by the encoder are gradually aggregated by the decoder. Although this structure has been proven to be effective in improving segmentation performance, there are two main drawbacks. On the one hand, the introduction of low-level features brings a significant increase in calculations without an obvious performance gain. On the other hand, general strategies of feature aggregation such as addition and concatenation fuse features without considering the usefulness of each feature vector, which mixes the useful information with massive noises. In this article, we abandon the traditional “ U -shaped” architecture and propose Y-Net, a dual-branch joint network for accurate semantic segmentation. Specifically, it only aggregates the high-level features with low-resolution and utilizes the global context guidance generated by the first branch to refine the second branch. The dual branches are effectively connected through a Semantic Enhancing Module, which can be regarded as the combination of spatial attention and channel attention. We also design a novel Channel-Selective Decoder (CSD) to adaptively integrate features from different receptive fields by assigning specific channelwise weights, where the weights are input-dependent. Our Y-Net is capable of breaking through the limit of singe-branch network and attaining higher performance with less computational cost than “ U -shaped” structure. The proposed CSD can better integrate useful information and suppress interference noises. Comprehensive experiments are carried out on three public datasets to evaluate the effectiveness of our method. Eventually, our Y-Net achieves state-of-the-art performance on PASCAL VOC 2012, PASCAL Person-Part, and ADE20K dataset without pre-training on extra datasets.

Download Full-text