Discrete Logarithms in Generalized Jacobians

D\'ech\`ene has proposed generalized Jacobians as a source of groups for public-key cryptosystems based on the hardness of the Discrete Logarithm Problem (DLP). Her specific proposal gives rise to a group isomorphic to the semidirect product of an elliptic curve and a multiplicative group of a finite field. We explain why her proposal has no advantages over simply taking the direct product of groups. We then argue that generalized Jacobians offer poorer security and efficiency than standard Jacobians

A Generic Approach to Searching for Jacobians

We consider the problem of finding cryptographically suitable Jacobians. By applying a probabilistic generic algorithm to compute the zeta functions of low genus curves drawn from an arbitrary family, we can search for Jacobians containing a large subgroup of prime order. For a suitable distribution of curves, the complexity is subexponential in genus 2, and O(N^{1/12}) in genus 3. We give examples of genus 2 and genus 3 hyperelliptic curves over prime fields with group orders over 180 bits in size, improving previous results. Our approach is particularly effective over low-degree extension fields, where in genus 2 we find Jacobians over F_{p^2) and trace zero varieties over F_{p^3} with near-prime orders up to 372 bits in size. For p = 2^{61}-1, the average time to find a group with 244-bit near-prime order is under an hour on a PC.Comment: 22 pages, to appear in Mathematics of Computatio

Gradient Flows in Filtering and Fisher-Rao Geometry

Uncertainty propagation and filtering can be interpreted as gradient flows with respect to suitable metrics in the infinite dimensional manifold of probability density functions. Such a viewpoint has been put forth in recent literature, and a systematic way to formulate and solve the same for linear Gaussian systems has appeared in our previous work where the gradient flows were realized via proximal operators with respect to Wasserstein metric arising in optimal mass transport. In this paper, we derive the evolution equations as proximal operators with respect to Fisher-Rao metric arising in information geometry. We develop the linear Gaussian case in detail and show that a template two step optimization procedure proposed earlier by the authors still applies. Our objective is to provide new geometric interpretations of known equations in filtering, and to clarify the implication of different choices of metric

Galois invariant smoothness basis

This text answers a question raised by Joux and the second author about the computation of discrete logarithms in the multiplicative group of finite fields. Given a finite residue field \bK, one looks for a smoothness basis for \bK^* that is left invariant by automorphisms of \bK. For a broad class of finite fields, we manage to construct models that allow such a smoothness basis. This work aims at accelerating discrete logarithm computations in such fields. We treat the cases of codimension one (the linear sieve) and codimension two (the function field sieve)

A Computational Introduction to Elliptic and Hyperelliptic Curve Cryptography

At its core, cryptography relies on problems that are simple to construct but difficult to solve unless certain information (the “key”) is known. Many of these problems come from number theory and group theory. One method of obtaining groups from which to build cryptosystems is to define algebraic curves over finite fields and then derive a group structure from the set of points on those curves. This thesis serves as an exposition of Elliptic Curve Cryptography (ECC), preceded by a discussion of some basic cryptographic concepts and followed by a glance into one generalization of ECC: cryptosystems based on hyperelliptic curves

Lie Algebraic Unscented Kalman Filter for Pose Estimation

An unscented Kalman filter for matrix Lie groups is proposed where the time propagation of the state is formulated on the Lie algebra. This is done with the kinematic differential equation of the logarithm, where the inverse of the right Jacobian is used. The sigma points can then be expressed as logarithms in vector form, and time propagation of the sigma points and the computation of the mean and the covariance can be done on the Lie algebra. The resulting formulation is to a large extent based on logarithms in vector form, and is therefore closer to the UKF for systems in $\mathbb{R}^n$. This gives an elegant and well-structured formulation which provides additional insight into the problem, and which is computationally efficient. The proposed method is in particular formulated and investigated on the matrix Lie group $SE(3)$. A discussion on right and left Jacobians is included, and a novel closed form solution for the inverse of the right Jacobian on $SE(3)$ is derived, which gives a compact representation involving fewer matrix operations. The proposed method is validated in simulations