15 research outputs found
Primality tests, linear recurrent sequences and the Pell equation
4We study new primality tests based on linear recurrent sequences of degree two exploiting a matrix approach. The classical Lucas test arises as a particular case and we see
how it can be easily improved. Moreover, this approach shows clearly how the Lucas
pseudoprimes are connected to the Pell equation and the Brahamagupta product. We
also introduce two new specific primality tests, which we will call generalized Lucas
test and generalized Pell test. We perform some numerical computations on the new
primality tests and we do not find any pseudoprime up to 238. Moreover, we combined
the generalized Lucas test with the Fermat test up to 264 and we did not find any
composite number that passes the test. We get the same result using the generalized
Pell test.partially_openembargoed_20220207Bazzanella, Danilo; Di Scala, Antonio; Dutto, Simone; Murru, NadirBazzanella, Danilo; Di Scala, Antonio; Dutto, Simone; Murru, Nadi
Pairings in Cryptology: efficiency, security and applications
Abstract
The study of pairings can be considered in so many di�erent ways that it
may not be useless to state in a few words the plan which has been adopted,
and the chief objects at which it has aimed. This is not an attempt to write
the whole history of the pairings in cryptology, or to detail every discovery,
but rather a general presentation motivated by the two main requirements
in cryptology; e�ciency and security.
Starting from the basic underlying mathematics, pairing maps are con-
structed and a major security issue related to the question of the minimal
embedding �eld [12]1 is resolved. This is followed by an exposition on how
to compute e�ciently the �nal exponentiation occurring in the calculation
of a pairing [124]2 and a thorough survey on the security of the discrete log-
arithm problem from both theoretical and implementational perspectives.
These two crucial cryptologic requirements being ful�lled an identity based
encryption scheme taking advantage of pairings [24]3 is introduced. Then,
perceiving the need to hash identities to points on a pairing-friendly elliptic
curve in the more general context of identity based cryptography, a new
technique to efficiently solve this practical issue is exhibited.
Unveiling pairings in cryptology involves a good understanding of both
mathematical and cryptologic principles. Therefore, although �rst pre-
sented from an abstract mathematical viewpoint, pairings are then studied
from a more practical perspective, slowly drifting away toward cryptologic
applications
Elliptic Curve Arithmetic for Cryptography
The advantages of using public key cryptography over secret key
cryptography include the convenience of better key management and
increased security. However, due to the complexity of the
underlying number theoretic algorithms, public key cryptography
is slower than conventional secret key cryptography, thus
motivating the need to speed up public key cryptosystems.
A mathematical object called an elliptic curve can be used in the
construction of public key cryptosystems. This thesis focuses on
speeding up elliptic curve cryptography which is an attractive
alternative to traditional public key cryptosystems such as RSA.
Speeding up elliptic curve cryptography can be done by speeding
up point arithmetic algorithms and by improving scalar
multiplication algorithms. This thesis provides a speed up of
some point arithmetic algorithms. The study of addition chains
has been shown to be useful in improving scalar multiplication
algorithms, when the scalar is fixed. A special form of an
addition chain called a Lucas chain or a differential addition
chain is useful to compute scalar multiplication on some elliptic
curves, such as Montgomery curves for which differential addition
formulae are available. While single scalar multiplication may
suffice in some systems, there are others where a double or a
triple scalar multiplication algorithm may be desired. This
thesis provides triple scalar multiplication algorithms in the
context of differential addition chains. Precomputations are
useful in speeding up scalar multiplication algorithms, when the
elliptic curve point is fixed. This thesis focuses on both
speeding up point arithmetic and improving scalar multiplication
in the context of precomputations toward double scalar
multiplication. Further, this thesis revisits pairing
computations which use elliptic curve groups to compute pairings
such as the Tate pairing. More specifically, the thesis looks at
Stange's algorithm to compute pairings and also pairings on
Selmer curves. The thesis also looks at some aspects of the
underlying finite field arithmetic
Normalizer Circuits and Quantum Computation
(Abridged abstract.) In this thesis we introduce new models of quantum
computation to study the emergence of quantum speed-up in quantum computer
algorithms.
Our first contribution is a formalism of restricted quantum operations, named
normalizer circuit formalism, based on algebraic extensions of the qubit
Clifford gates (CNOT, Hadamard and -phase gates): a normalizer circuit
consists of quantum Fourier transforms (QFTs), automorphism gates and quadratic
phase gates associated to a set , which is either an abelian group or
abelian hypergroup. Though Clifford circuits are efficiently classically
simulable, we show that normalizer circuit models encompass Shor's celebrated
factoring algorithm and the quantum algorithms for abelian Hidden Subgroup
Problems. We develop classical-simulation techniques to characterize under
which scenarios normalizer circuits provide quantum speed-ups. Finally, we
devise new quantum algorithms for finding hidden hyperstructures. The results
offer new insights into the source of quantum speed-ups for several algebraic
problems.
Our second contribution is an algebraic (group- and hypergroup-theoretic)
framework for describing quantum many-body states and classically simulating
quantum circuits. Our framework extends Gottesman's Pauli Stabilizer Formalism
(PSF), wherein quantum states are written as joint eigenspaces of stabilizer
groups of commuting Pauli operators: while the PSF is valid for qubit/qudit
systems, our formalism can be applied to discrete- and continuous-variable
systems, hybrid settings, and anyonic systems. These results enlarge the known
families of quantum processes that can be efficiently classically simulated.
This thesis also establishes a precise connection between Shor's quantum
algorithm and the stabilizer formalism, revealing a common mathematical
structure in several quantum speed-ups and error-correcting codes.Comment: PhD thesis, Technical University of Munich (2016). Please cite
original papers if possible. Appendix E contains unpublished work on Gaussian
unitaries. If you spot typos/omissions please email me at JLastNames at
posteo dot net. Source: http://bit.ly/2gMdHn3. Related video talk:
https://www.perimeterinstitute.ca/videos/toy-theory-quantum-speed-ups-based-stabilizer-formalism
Posted on my birthda
Design and Analysis of Opaque Signatures
Digital signatures were introduced to guarantee the authenticity and integrity of the underlying messages. A digital signature scheme comprises the key generation, the signature, and the verification algorithms. The key generation algorithm creates the signing and the verifying keys, called also the signer’s private and public keys respectively. The signature algorithm, which is run by the signer, produces a signature on the input message. Finally, the verification algorithm, run by anyone who knows the signer’s public key, checks whether a purported signature on some message is valid or not. The last property, namely the universal verification of digital signatures is undesirable in situations where the signed data is commercially or personally sensitive. Therefore, mechanisms which share most properties with digital signatures except for the universal verification were invented to respond to the aforementioned need; we call such mechanisms “opaque signatures”. In this thesis, we study the signatures where the verification cannot be achieved without the cooperation of a specific entity, namely the signer in case of undeniable signatures, or the confirmer in case of confirmer signatures; we make three main contributions. We first study the relationship between two security properties important for public key encryption, namely data privacy and key privacy. Our study is motivated by the fact that opaque signatures involve always an encryption layer that ensures their opacity. The properties required for this encryption vary according to whether we want to protect the identity (i.e. the key) of the signer or hide the validity of the signature. Therefore, it would be convenient to use existing work about the encryption scheme in order to derive one notion from the other. Next, we delve into the generic constructions of confirmer signatures from basic cryptographic primitives, e.g. digital signatures, encryption, or commitment schemes. In fact, generic constructions give easy-to-understand and easy-to-prove schemes, however, this convenience is often achieved at the expense of efficiency. In this contribution, which constitutes the core of this thesis, we first analyze the already existing constructions; our study concludes that the popular generic constructions of confirmer signatures necessitate strong security assumptions on the building blocks, which impacts negatively the efficiency of the resulting signatures. Next, we show that a small change in these constructionsmakes these assumptions drop drastically, allowing as a result constructions with instantiations that compete with the dedicated realizations of these signatures. Finally, we revisit two early undeniable signatures which were proposed with a conjectural security. We disprove the claimed security of the first scheme, and we provide a fix to it in order to achieve strong security properties. Next, we upgrade the second scheme so that it supports a iii desirable feature, and we provide a formal security treatment of the new scheme: we prove that it is secure assuming new reasonable assumptions on the underlying constituents