14,266 research outputs found
Root Extraction in Finite Abelian Groups
We formulate the Root Extraction problem in finite Abelian -groups and
then extend it to generic finite Abelian groups. We provide algorithms to solve
them. We also give the bounds on the number of group operations required for
these algorithms. We observe that once a basis is computed and the discrete
logarithm relative to the basis is solved, root extraction takes relatively
fewer "bookkeeping" steps. Thus, we conclude that root extraction in finite
Abelian groups is no harder than solving discrete logarithms and computing
basis
Structure computation and discrete logarithms in finite abelian p-groups
We present a generic algorithm for computing discrete logarithms in a finite
abelian p-group H, improving the Pohlig-Hellman algorithm and its
generalization to noncyclic groups by Teske. We then give a direct method to
compute a basis for H without using a relation matrix. The problem of computing
a basis for some or all of the Sylow p-subgroups of an arbitrary finite abelian
group G is addressed, yielding a Monte Carlo algorithm to compute the structure
of G using O(|G|^0.5) group operations. These results also improve generic
algorithms for extracting pth roots in G.Comment: 23 pages, minor edit
Discrete logarithms in curves over finite fields
A survey on algorithms for computing discrete logarithms in Jacobians of
curves over finite fields
Arithmetic and geometric structures in cryptography
We explore a few algebraic and geometric structures, through certain questions posed by modern cryptography. We focus on the cases of discrete logarithms in finite fields of small characteristic, the structure of isogeny graphs of ordinary abelian varieties, and the geometry of ideals in cyclotomic rings.
The presumed difficulty of computing discrete logarithms in certain groups is essential for the security of a number of communication protocols deployed today. One of the most classic choices for the underlying group is the multiplicative group of a finite field. Yet this choice is showing its age, and particularly when the characteristic of the field is small: recent algorithms allow to compute logarithms efficiently in these groups. However, these methods are only heuristic: they seem to always work, yet we do not know how to prove it. In the first part, we propose to study these methods in the hope to get a better understanding, notably by revealing the geometric structures at play.
A more modern choice is the group of rational points of an elliptic curve defined over a finite field. There, the difficulty of the discrete logarithm problem seems at its peak. More generally, the group of rational points of an abelian variety (notably the Jacobian of a curve of small genus) could be appropriate. One of the main tools for studying discrete logarithms on such objects is the notion of isogeny: a morphism from a variety to another one, which allows, among other things, to transfer the computation of a logarithm. Whereas the theory for elliptic curves is already mature, little is known about the structures formed by these isogenies (the isogeny graphs) for varieties of higher dimension. In the second part, we study the structure of isogeny graphs of absolutely simple, ordinary abelian varieties, with a few consequences regarding discrete logarithms on Jacobians of hyperelliptic curves of genus 2, the main object of concern of so-called hyperelliptic cryptography.
The security of quite a few protocols, notably those relying on discrete logarithms, would collapse in front of an adversary equipped with a large-scale quantum computer. This perspective motivates cryptographers to study problems that would resist this technological feat. One of the major directions is cryptography based on Euclidean lattices, relying on the difficulty to find short vectors in a given lattice. For efficiency, one benefits from considering lattices endowed with more structure, such as the ideals of a cyclotomic field. In the third part, we study the geometry of these ideals, and show that a quantum computer allows to efficiently find much shorter vectors in these ideals than is currently possible in generic lattices
Discrete Logarithms in Generalized Jacobians
D\'ech\`ene has proposed generalized Jacobians as a source of groups for
public-key cryptosystems based on the hardness of the Discrete Logarithm
Problem (DLP). Her specific proposal gives rise to a group isomorphic to the
semidirect product of an elliptic curve and a multiplicative group of a finite
field. We explain why her proposal has no advantages over simply taking the
direct product of groups. We then argue that generalized Jacobians offer poorer
security and efficiency than standard Jacobians
A kilobit hidden SNFS discrete logarithm computation
We perform a special number field sieve discrete logarithm computation in a
1024-bit prime field. To our knowledge, this is the first kilobit-sized
discrete logarithm computation ever reported for prime fields. This computation
took a little over two months of calendar time on an academic cluster using the
open-source CADO-NFS software. Our chosen prime looks random, and
has a 160-bit prime factor, in line with recommended parameters for the Digital
Signature Algorithm. However, our p has been trapdoored in such a way that the
special number field sieve can be used to compute discrete logarithms in
, yet detecting that p has this trapdoor seems out of reach.
Twenty-five years ago, there was considerable controversy around the
possibility of back-doored parameters for DSA. Our computations show that
trapdoored primes are entirely feasible with current computing technology. We
also describe special number field sieve discrete log computations carried out
for multiple weak primes found in use in the wild. As can be expected from a
trapdoor mechanism which we say is hard to detect, our research did not reveal
any trapdoored prime in wide use. The only way for a user to defend against a
hypothetical trapdoor of this kind is to require verifiably random primes
- …