Arithmetic using compression on elliptic curves in Huff's form and its applications

In this paper for elliptic curves provided by Huff's equation $H_{a,b}: ax(y^2-1) = by(x^2-1)$ and general Huff's equation $G_{\overline{a},\overline{b}}\ :\ {\overline{x}}(\overline{a}{\overline{y}}^2-1)={\overline{y}}(\overline{b}{\overline{x}}^2-1)$ and degree 2 compression function $f(x,y) = xy$ on these curves, herein we provide formulas for doubling and differential addition after compression, which for Huff's curves are as efficient as Montgomery's formulas for Montgomery's curves $By^2 = x^3 + Ax^2 + x$. For these curves we also provided point recovery formulas after compression, which for a point $P$ on these curves allows to compute $[n]f(P)$ after compression using the Montgomery ladder algorithm, and then recover $[n]P$. Using formulas of Moody and Shumow for computing odd degree isogenies on general Huff's curves, we have also provide formulas for computing odd degree isogenies after compression for these curves.Moreover, it is shown herein how to apply obtained formulas using compression to the ECM algorithm. In the appendix, we present examples of Huff's curves convenient for the isogeny-based cryptography, where compression can be used

Simple verification of completeness of two addition formulas on twisted Edwards curves

Daniel Bernstein and Tanja Lange  proved thattwo given addition formulas on twisted Edwards elliptic curvesax^2 + y^2 = 1 + dxy are complete (i.e. the sum of any two pointson a curve can be computed using one of these formulas). Inthis paper we give other simple verification of completenessof these formulas using for example Groebner bases and an ¨algorithm implemented in Magma, which is based on the fact thatcompleteness means that some systems of polynomial equationshave no solutions. This method may be also applied to verifycompleteness  of additions formulas on other models of ellipticcurves

Efficient Montgomery-like formulas for general Huff\u27s and Huff\u27s elliptic curves and their applications to the isogeny-based cryptography

In this paper for elliptic curves provided by Huff\u27s equation $H_{a,b}: ax(y^2-1) = by(x^2-1)$ and general Huff\u27s equation $G_{\overline{a},\overline{b}}\ :\ {\overline{x}}(\overline{a}{\overline{y}}^2-1)={\overline{y}}(\overline{b}{\overline{x}}^2-1)$ and degree 2 compression function $f(x,y) = xy$ on these curves, herein we provide formulas for doubling and differential addition after compression, which for Huff\u27s curves are as efficient as Montgomery\u27s formulas for Montgomery\u27s curves $By^2 = x^3 + Ax^2 + x$. For these curves we also provided point recovery formulas after compression, which for a point $P$ on these curves allows to compute $[n]f(P)$ after compression using the Montgomery ladder algorithm, and then recover $[n]P$. Using formulas of Moody and Shumow for computing odd degree isogenies on general Huff\u27s curves, we have also provide formulas for computing odd degree isogenies after compression for these curves. Moreover, it is shown herein how to apply obtained formulas using compression to the ECM algorithm. In the appendix, we present examples of Huff\u27s curves convenient for the isogeny-based cryptography, where compression can be used

High-accuracy phase-field models for brittle fracture based on a new family of degradation functions

Phase-field approaches to fracture based on energy minimization principles have been rapidly gaining popularity in recent years, and are particularly well-suited for simulating crack initiation and growth in complex fracture networks. In the phase-field framework, the surface energy associated with crack formation is calculated by evaluating a functional defined in terms of a scalar order parameter and its gradients, which in turn describe the fractures in a diffuse sense following a prescribed regularization length scale. Imposing stationarity of the total energy leads to a coupled system of partial differential equations, one enforcing stress equilibrium and another governing phase-field evolution. The two equations are coupled through an energy degradation function that models the loss of stiffness in the bulk material as it undergoes damage. In the present work, we introduce a new parametric family of degradation functions aimed at increasing the accuracy of phase-field models in predicting critical loads associated with crack nucleation as well as the propagation of existing fractures. An additional goal is the preservation of linear elastic response in the bulk material prior to fracture. Through the analysis of several numerical examples, we demonstrate the superiority of the proposed family of functions to the classical quadratic degradation function that is used most often in the literature.Comment: 33 pages, 30 figure

Curves, codes, and cryptography

This thesis deals with two topics: elliptic-curve cryptography and code-based cryptography. In 2007 elliptic-curve cryptography received a boost from the introduction of a new way of representing elliptic curves. Edwards, generalizing an example from Euler and Gauss, presented an addition law for the curves x2 + y2 = c2(1 + x2y2) over non-binary fields. Edwards showed that every elliptic curve can be expressed in this form as long as the underlying field is algebraically closed. Bernstein and Lange found fast explicit formulas for addition and doubling in coordinates (X : Y : Z) representing (x, y) = (X/Z, Y/Z) on these curves, and showed that these explicit formulas save time in elliptic-curve cryptography. It is easy to see that all of these curves are isomorphic to curves x2 + y2 = 1 + dx2y2 which now are called "Edwards curves" and whose shape covers considerably more elliptic curves over a finite field than x2 + y2 = c2(1 + x2y2). In this thesis the Edwards addition law is generalized to cover all curves ax2 +y2 = 1+dx2y2 which now are called "twisted Edwards curves." The fast explicit formulas for addition and doubling presented here are almost as fast in the general case as they are for the special case a = 1. This generalization brings the speed of the Edwards addition law to every Montgomery curve. Tripling formulas for Edwards curves can be used for double-base scalar multiplication where a multiple of a point is computed using a series of additions, doublings, and triplings. The use of double-base chains for elliptic-curve scalar multiplication for elliptic curves in various shapes is investigated in this thesis. It turns out that not only are Edwards curves among the fastest curve shapes, but also that the speed of doublings on Edwards curves renders double bases obsolete for this curve shape. Elliptic curves in Edwards form and twisted Edwards form can be used to speed up the Elliptic-Curve Method for integer factorization (ECM). We show how to construct elliptic curves in Edwards form and twisted Edwards form with large torsion groups which are used by the EECM-MPFQ implementation of ECM. Code-based cryptography was invented by McEliece in 1978. The McEliece public-key cryptosystem uses as public key a hidden Goppa code over a finite field. Encryption in McEliece’s system is remarkably fast (a matrix-vector multiplication). This system is rarely used in implementations. The main complaint is that the public key is too large. The McEliece cryptosystem recently regained attention with the advent of post-quantum cryptography, a new field in cryptography which deals with public-key systems without (known) vulnerabilities to attacks by quantum computers. The McEliece cryptosystem is one of them. In this thesis we underline the strength of the McEliece cryptosystem by improving attacks against it and by coming up with smaller-key variants. McEliece proposed to use binary Goppa codes. For these codes the most effective attacks rely on information-set decoding. In this thesis we present an attack developed together with Daniel J. Bernstein and Tanja Lange which uses and improves Stern’s idea of collision decoding. This attack is faster by a factor of more than 150 than previous attacks, bringing it within reach of a moderate computer cluster. We were able to extract a plaintext from a ciphertext by decoding 50 errors in a [1024, 524] binary code. The attack should not be interpreted as destroying the McEliece cryptosystem. However, the attack demonstrates that the original parameters were chosen too small. Building on this work the collision-decoding algorithm is generalized in two directions. First, we generalize the improved collision-decoding algorithm for codes over arbitrary fields and give a precise analysis of the running time. We use the analysis to propose parameters for the McEliece cryptosystem with Goppa codes over fields such as F31. Second, collision decoding is generalized to ball-collision decoding in the case of binary linear codes. Ball-collision decoding is asymptotically faster than any previous attack against the McEliece cryptosystem. Another way to strengthen the system is to use codes with a larger error-correction capability. This thesis presents "wild Goppa codes" which contain the classical binary Goppa codes as a special case. We explain how to encrypt and decrypt messages in the McEliece cryptosystem when using wild Goppa codes. The size of the public key can be reduced by using wild Goppa codes over moderate fields which is explained by evaluating the security of the "Wild McEliece" cryptosystem against our generalized collision attack for codes over finite fields. Code-based cryptography not only deals with public-key cryptography: a code-based hash function "FSB"was submitted to NIST’s SHA-3 competition, a competition to establish a new standard for cryptographic hashing. Wagner’s generalized birthday attack is a generic attack which can be used to find collisions in the compression function of FSB. However, applying Wagner’s algorithm is a challenge in storage-restricted environments. The FSBday project showed how to successfully mount the generalized birthday attack on 8 nodes of the Coding and Cryptography Computer Cluster (CCCC) at Technische Universiteit Eindhoven to find collisions in the toy version FSB48 which is contained in the submission to NIST

Phenomenological Review on Quark-Gluon Plasma: Concepts vs. Observations

In this review, we present an up-to-date phenomenological summary of research developments in the physics of the Quark--Gluon Plasma (QGP). A short historical perspective and theoretical motivation for this rapidly developing field of contemporary particle physics is provided. In addition, we introduce and discuss the role of the quantum chromodynamics (QCD) ground state, non-perturbative and lattice QCD results on the QGP properties, as well as the transport models used to make a connection between theory and experiment. The experimental part presents the selected results on bulk observables, hard and penetrating probes obtained in the ultra-relativistic heavy-ion experiments carried out at the Brookhaven National Laboratory Relativistic Heavy Ion Collider (BNL RHIC) and CERN Super Proton Synchrotron (SPS) and Large Hadron Collider (LHC) accelerators. We also give a brief overview of new developments related to the ongoing searches of the QCD critical point and to the collectivity in small ($p+p$ and $p+A$) systems.Comment: 64 pages, 29 figures; a new subsection 4.4.2 and a few references have been added; minor changes; published versio

Grid generation for the solution of partial differential equations

A general survey of grid generators is presented with a concern for understanding why grids are necessary, how they are applied, and how they are generated. After an examination of the need for meshes, the overall applications setting is established with a categorization of the various connectivity patterns. This is split between structured grids and unstructured meshes. Altogether, the categorization establishes the foundation upon which grid generation techniques are developed. The two primary categories are algebraic techniques and partial differential equation techniques. These are each split into basic parts, and accordingly are individually examined in some detail. In the process, the interrelations between the various parts are accented. From the established background in the primary techniques, consideration is shifted to the topic of interactive grid generation and then to adaptive meshes. The setting for adaptivity is established with a suitable means to monitor severe solution behavior. Adaptive grids are considered first and are followed by adaptive triangular meshes. Then the consideration shifts to the temporal coupling between grid generators and PDE-solvers. To conclude, a reflection upon the discussion, herein, is given

Einstein equations in the null quasi-spherical gauge III: numerical algorithms

We describe numerical techniques used in the construction of our 4th order evolution for the full Einstein equations, and assess the accuracy of representative solutions. The code is based on a null gauge with a quasi-spherical radial coordinate, and simulates the interaction of a single black hole with gravitational radiation. Techniques used include spherical harmonic representations, convolution spline interpolation and filtering, and an RK4 "method of lines" evolution. For sample initial data of "intermediate" size (gravitational field with 19% of the black hole mass), the code is accurate to 1 part in 10^5, until null time z=55 when the coordinate condition breaks down.Comment: Latex, 38 pages, 29 figures (360Kb compressed

General critical states in type-II superconductors

The magnetic flux dynamics of type-II superconductors within the critical state regime is posed in a generalized framework, by using a variational theory supported by well established physical principles. The equivalence between the variational statement and more conventional treatments, based on the solution of the differential Maxwell equations together with appropriate conductivity laws is shown. Advantages of the variational method are emphasized, focusing on its numerical performance, that allows to explore new physical scenarios. In particular, we present the extension of the so-called double critical state model to three dimensional configurations in which only flux transport (T-states), cutting (C-states) or both mechanisms (CT-states) occur. The theory is applied to several problems. First, we show the features of the transition from T to CT states. Second, we give a generalized expression for the flux cutting threshold in 3-D and show its relevance in the slab geometry. In addition, several models that allow to treat flux depinning and cutting mechanisms are compared. Finally, the longitudinal transport problem (current is applied parallel to the external magnetic field) is analyzed both under T and CT conditions. The complex interaction between shielding and transport is solved.Comment: 21 figures, submitted for publicatio