Primality tests, linear recurrent sequences and the Pell equation

4We study new primality tests based on linear recurrent sequences of degree two exploiting a matrix approach. The classical Lucas test arises as a particular case and we see how it can be easily improved. Moreover, this approach shows clearly how the Lucas pseudoprimes are connected to the Pell equation and the Brahamagupta product. We also introduce two new specific primality tests, which we will call generalized Lucas test and generalized Pell test. We perform some numerical computations on the new primality tests and we do not find any pseudoprime up to 238. Moreover, we combined the generalized Lucas test with the Fermat test up to 264 and we did not find any composite number that passes the test. We get the same result using the generalized Pell test.partially_openembargoed_20220207Bazzanella, Danilo; Di Scala, Antonio; Dutto, Simone; Murru, NadirBazzanella, Danilo; Di Scala, Antonio; Dutto, Simone; Murru, Nadi

Pairings in Cryptology: efficiency, security and applications

Abstract The study of pairings can be considered in so many di�erent ways that it may not be useless to state in a few words the plan which has been adopted, and the chief objects at which it has aimed. This is not an attempt to write the whole history of the pairings in cryptology, or to detail every discovery, but rather a general presentation motivated by the two main requirements in cryptology; e�ciency and security. Starting from the basic underlying mathematics, pairing maps are con- structed and a major security issue related to the question of the minimal embedding �eld [12]1 is resolved. This is followed by an exposition on how to compute e�ciently the �nal exponentiation occurring in the calculation of a pairing [124]2 and a thorough survey on the security of the discrete log- arithm problem from both theoretical and implementational perspectives. These two crucial cryptologic requirements being ful�lled an identity based encryption scheme taking advantage of pairings [24]3 is introduced. Then, perceiving the need to hash identities to points on a pairing-friendly elliptic curve in the more general context of identity based cryptography, a new technique to efficiently solve this practical issue is exhibited. Unveiling pairings in cryptology involves a good understanding of both mathematical and cryptologic principles. Therefore, although �rst pre- sented from an abstract mathematical viewpoint, pairings are then studied from a more practical perspective, slowly drifting away toward cryptologic applications

Elliptic Curve Arithmetic for Cryptography

The advantages of using public key cryptography over secret key cryptography include the convenience of better key management and increased security. However, due to the complexity of the underlying number theoretic algorithms, public key cryptography is slower than conventional secret key cryptography, thus motivating the need to speed up public key cryptosystems. A mathematical object called an elliptic curve can be used in the construction of public key cryptosystems. This thesis focuses on speeding up elliptic curve cryptography which is an attractive alternative to traditional public key cryptosystems such as RSA. Speeding up elliptic curve cryptography can be done by speeding up point arithmetic algorithms and by improving scalar multiplication algorithms. This thesis provides a speed up of some point arithmetic algorithms. The study of addition chains has been shown to be useful in improving scalar multiplication algorithms, when the scalar is fixed. A special form of an addition chain called a Lucas chain or a differential addition chain is useful to compute scalar multiplication on some elliptic curves, such as Montgomery curves for which differential addition formulae are available. While single scalar multiplication may suffice in some systems, there are others where a double or a triple scalar multiplication algorithm may be desired. This thesis provides triple scalar multiplication algorithms in the context of differential addition chains. Precomputations are useful in speeding up scalar multiplication algorithms, when the elliptic curve point is fixed. This thesis focuses on both speeding up point arithmetic and improving scalar multiplication in the context of precomputations toward double scalar multiplication. Further, this thesis revisits pairing computations which use elliptic curve groups to compute pairings such as the Tate pairing. More specifically, the thesis looks at Stange's algorithm to compute pairings and also pairings on Selmer curves. The thesis also looks at some aspects of the underlying finite field arithmetic

Normalizer Circuits and Quantum Computation

(Abridged abstract.) In this thesis we introduce new models of quantum computation to study the emergence of quantum speed-up in quantum computer algorithms. Our first contribution is a formalism of restricted quantum operations, named normalizer circuit formalism, based on algebraic extensions of the qubit Clifford gates (CNOT, Hadamard and $\pi/4$-phase gates): a normalizer circuit consists of quantum Fourier transforms (QFTs), automorphism gates and quadratic phase gates associated to a set $G$, which is either an abelian group or abelian hypergroup. Though Clifford circuits are efficiently classically simulable, we show that normalizer circuit models encompass Shor's celebrated factoring algorithm and the quantum algorithms for abelian Hidden Subgroup Problems. We develop classical-simulation techniques to characterize under which scenarios normalizer circuits provide quantum speed-ups. Finally, we devise new quantum algorithms for finding hidden hyperstructures. The results offer new insights into the source of quantum speed-ups for several algebraic problems. Our second contribution is an algebraic (group- and hypergroup-theoretic) framework for describing quantum many-body states and classically simulating quantum circuits. Our framework extends Gottesman's Pauli Stabilizer Formalism (PSF), wherein quantum states are written as joint eigenspaces of stabilizer groups of commuting Pauli operators: while the PSF is valid for qubit/qudit systems, our formalism can be applied to discrete- and continuous-variable systems, hybrid settings, and anyonic systems. These results enlarge the known families of quantum processes that can be efficiently classically simulated. This thesis also establishes a precise connection between Shor's quantum algorithm and the stabilizer formalism, revealing a common mathematical structure in several quantum speed-ups and error-correcting codes.Comment: PhD thesis, Technical University of Munich (2016). Please cite original papers if possible. Appendix E contains unpublished work on Gaussian unitaries. If you spot typos/omissions please email me at JLastNames at posteo dot net. Source: http://bit.ly/2gMdHn3. Related video talk: https://www.perimeterinstitute.ca/videos/toy-theory-quantum-speed-ups-based-stabilizer-formalism Posted on my birthda

Design and Analysis of Opaque Signatures

Digital signatures were introduced to guarantee the authenticity and integrity of the underlying messages. A digital signature scheme comprises the key generation, the signature, and the verification algorithms. The key generation algorithm creates the signing and the verifying keys, called also the signer’s private and public keys respectively. The signature algorithm, which is run by the signer, produces a signature on the input message. Finally, the verification algorithm, run by anyone who knows the signer’s public key, checks whether a purported signature on some message is valid or not. The last property, namely the universal verification of digital signatures is undesirable in situations where the signed data is commercially or personally sensitive. Therefore, mechanisms which share most properties with digital signatures except for the universal verification were invented to respond to the aforementioned need; we call such mechanisms “opaque signatures”. In this thesis, we study the signatures where the verification cannot be achieved without the cooperation of a specific entity, namely the signer in case of undeniable signatures, or the confirmer in case of confirmer signatures; we make three main contributions. We first study the relationship between two security properties important for public key encryption, namely data privacy and key privacy. Our study is motivated by the fact that opaque signatures involve always an encryption layer that ensures their opacity. The properties required for this encryption vary according to whether we want to protect the identity (i.e. the key) of the signer or hide the validity of the signature. Therefore, it would be convenient to use existing work about the encryption scheme in order to derive one notion from the other. Next, we delve into the generic constructions of confirmer signatures from basic cryptographic primitives, e.g. digital signatures, encryption, or commitment schemes. In fact, generic constructions give easy-to-understand and easy-to-prove schemes, however, this convenience is often achieved at the expense of efficiency. In this contribution, which constitutes the core of this thesis, we first analyze the already existing constructions; our study concludes that the popular generic constructions of confirmer signatures necessitate strong security assumptions on the building blocks, which impacts negatively the efficiency of the resulting signatures. Next, we show that a small change in these constructionsmakes these assumptions drop drastically, allowing as a result constructions with instantiations that compete with the dedicated realizations of these signatures. Finally, we revisit two early undeniable signatures which were proposed with a conjectural security. We disprove the claimed security of the first scheme, and we provide a fix to it in order to achieve strong security properties. Next, we upgrade the second scheme so that it supports a iii desirable feature, and we provide a formal security treatment of the new scheme: we prove that it is secure assuming new reasonable assumptions on the underlying constituents