Still Wrong Use of Pairings in Cryptography

Several pairing-based cryptographic protocols are recently proposed with a wide variety of new novel applications including the ones in emerging technologies like cloud computing, internet of things (IoT), e-health systems and wearable technologies. There have been however a wide range of incorrect use of these primitives. The paper of Galbraith, Paterson, and Smart (2006) pointed out most of the issues related to the incorrect use of pairing-based cryptography. However, we noticed that some recently proposed applications still do not use these primitives correctly. This leads to unrealizable, insecure or too inefficient designs of pairing-based protocols. We observed that one reason is not being aware of the recent advancements on solving the discrete logarithm problems in some groups. The main purpose of this article is to give an understandable, informative, and the most up-to-date criteria for the correct use of pairing-based cryptography. We thereby deliberately avoid most of the technical details and rather give special emphasis on the importance of the correct use of bilinear maps by realizing secure cryptographic protocols. We list a collection of some recent papers having wrong security assumptions or realizability/efficiency issues. Finally, we give a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page

The Real and Complex Techniques in Harmonic Analysis from the Point of View of Covariant Transform

This note reviews complex and real techniques in harmonic analysis. We describe a common source of both approaches rooted in the covariant transform generated by the affine group. Keywords: wavelet, coherent state, covariant transform, reconstruction formula, the affine group, ax+b-group, square integrable representations, admissible vectors, Hardy space, fiducial operator, approximation of the identity, maximal functions, atom, nucleus, atomic decomposition, Cauchy integral, Poisson integral, Hardy--Littlewood maximal functions, grand maximal function, vertical maximal functions, non-tangential maximal functions, intertwining operator, Cauchy-Riemann operator, Laplace operator, singular integral operator, SIO, boundary behaviour, Carleson measure.Comment: 31 pages, AMS-LaTeX, no figures; v2: a major revision, sections on representations of the ax+b group and transported norms are added; v3: major revision: an outline section on complex and real variables techniques are added, numerous smaller improvements; v4: minor correction

On computing Belyi maps

We survey methods to compute three-point branched covers of the projective line, also known as Belyi maps. These methods include a direct approach, involving the solution of a system of polynomial equations, as well as complex analytic methods, modular forms methods, and p-adic methods. Along the way, we pose several questions and provide numerous examples.Comment: 57 pages, 3 figures, extensive bibliography; English and French abstract; revised according to referee's suggestion

Hard isogeny problems over RSA moduli and groups with infeasible inversion

We initiate the study of computational problems on elliptic curve isogeny graphs defined over RSA moduli. We conjecture that several variants of the neighbor-search problem over these graphs are hard, and provide a comprehensive list of cryptanalytic attempts on these problems. Moreover, based on the hardness of these problems, we provide a construction of groups with infeasible inversion, where the underlying groups are the ideal class groups of imaginary quadratic orders. Recall that in a group with infeasible inversion, computing the inverse of a group element is required to be hard, while performing the group operation is easy. Motivated by the potential cryptographic application of building a directed transitive signature scheme, the search for a group with infeasible inversion was initiated in the theses of Hohenberger and Molnar (2003). Later it was also shown to provide a broadcast encryption scheme by Irrer et al. (2004). However, to date the only case of a group with infeasible inversion is implied by the much stronger primitive of self-bilinear map constructed by Yamakawa et al. (2014) based on the hardness of factoring and indistinguishability obfuscation (iO). Our construction gives a candidate without using iO.Comment: Significant revision of the article previously titled "A Candidate Group with Infeasible Inversion" (arXiv:1810.00022v1). Cleared up the constructions by giving toy examples, added "The Parallelogram Attack" (Sec 5.3.2). 54 pages, 8 figure

Pairings in Cryptology: efficiency, security and applications

Abstract The study of pairings can be considered in so many di�erent ways that it may not be useless to state in a few words the plan which has been adopted, and the chief objects at which it has aimed. This is not an attempt to write the whole history of the pairings in cryptology, or to detail every discovery, but rather a general presentation motivated by the two main requirements in cryptology; e�ciency and security. Starting from the basic underlying mathematics, pairing maps are con- structed and a major security issue related to the question of the minimal embedding �eld [12]1 is resolved. This is followed by an exposition on how to compute e�ciently the �nal exponentiation occurring in the calculation of a pairing [124]2 and a thorough survey on the security of the discrete log- arithm problem from both theoretical and implementational perspectives. These two crucial cryptologic requirements being ful�lled an identity based encryption scheme taking advantage of pairings [24]3 is introduced. Then, perceiving the need to hash identities to points on a pairing-friendly elliptic curve in the more general context of identity based cryptography, a new technique to efficiently solve this practical issue is exhibited. Unveiling pairings in cryptology involves a good understanding of both mathematical and cryptologic principles. Therefore, although �rst pre- sented from an abstract mathematical viewpoint, pairings are then studied from a more practical perspective, slowly drifting away toward cryptologic applications

The Topology ToolKit

This system paper presents the Topology ToolKit (TTK), a software platform designed for topological data analysis in scientific visualization. TTK provides a unified, generic, efficient, and robust implementation of key algorithms for the topological analysis of scalar data, including: critical points, integral lines, persistence diagrams, persistence curves, merge trees, contour trees, Morse-Smale complexes, fiber surfaces, continuous scatterplots, Jacobi sets, Reeb spaces, and more. TTK is easily accessible to end users due to a tight integration with ParaView. It is also easily accessible to developers through a variety of bindings (Python, VTK/C++) for fast prototyping or through direct, dependence-free, C++, to ease integration into pre-existing complex systems. While developing TTK, we faced several algorithmic and software engineering challenges, which we document in this paper. In particular, we present an algorithm for the construction of a discrete gradient that complies to the critical points extracted in the piecewise-linear setting. This algorithm guarantees a combinatorial consistency across the topological abstractions supported by TTK, and importantly, a unified implementation of topological data simplification for multi-scale exploration and analysis. We also present a cached triangulation data structure, that supports time efficient and generic traversals, which self-adjusts its memory usage on demand for input simplicial meshes and which implicitly emulates a triangulation for regular grids with no memory overhead. Finally, we describe an original software architecture, which guarantees memory efficient and direct accesses to TTK features, while still allowing for researchers powerful and easy bindings and extensions. TTK is open source (BSD license) and its code, online documentation and video tutorials are available on TTK's website

Discontinuities without discontinuity: The Weakly-enforced Slip Method

Tectonic faults are commonly modelled as Volterra or Somigliana dislocations in an elastic medium. Various solution methods exist for this problem. However, the methods used in practice are often limiting, motivated by reasons of computational efficiency rather than geophysical accuracy. A typical geophysical application involves inverse problems for which many different fault configurations need to be examined, each adding to the computational load. In practice, this precludes conventional finite-element methods, which suffer a large computational overhead on account of geometric changes. This paper presents a new non-conforming finite-element method based on weak imposition of the displacement discontinuity. The weak imposition of the discontinuity enables the application of approximation spaces that are independent of the dislocation geometry, thus enabling optimal reuse of computational components. Such reuse of computational components renders finite-element modeling a viable option for inverse problems in geophysical applications. A detailed analysis of the approximation properties of the new formulation is provided. The analysis is supported by numerical experiments in 2D and 3D.Comment: Submitted for publication in CMAM