4,579 research outputs found
Cryptography: Mathematical Advancements on Cyber Security
The origin of cryptography, the study of encoding and decoding messages, dates back to ancient times around 1900 BC. The ancient Egyptians enlisted the use of basic encryption techniques to conceal personal information. Eventually, the realm of cryptography grew to include the concealment of more important information, and cryptography quickly became the backbone of cyber security. Many companies today use encryption to protect online data, and the government even uses encryption to conceal confidential information. Mathematics played a huge role in advancing the methods of cryptography. By looking at the math behind the most basic methods to the newest methods of cryptography, one can learn how cryptography has advanced and will continue to advance
Quantum resource estimates for computing elliptic curve discrete logarithms
We give precise quantum resource estimates for Shor's algorithm to compute
discrete logarithms on elliptic curves over prime fields. The estimates are
derived from a simulation of a Toffoli gate network for controlled elliptic
curve point addition, implemented within the framework of the quantum computing
software tool suite LIQ. We determine circuit implementations for
reversible modular arithmetic, including modular addition, multiplication and
inversion, as well as reversible elliptic curve point addition. We conclude
that elliptic curve discrete logarithms on an elliptic curve defined over an
-bit prime field can be computed on a quantum computer with at most qubits using a quantum circuit of at most Toffoli gates. We are able to classically simulate the
Toffoli networks corresponding to the controlled elliptic curve point addition
as the core piece of Shor's algorithm for the NIST standard curves P-192,
P-224, P-256, P-384 and P-521. Our approach allows gate-level comparisons to
recent resource estimates for Shor's factoring algorithm. The results also
support estimates given earlier by Proos and Zalka and indicate that, for
current parameters at comparable classical security levels, the number of
qubits required to tackle elliptic curves is less than for attacking RSA,
suggesting that indeed ECC is an easier target than RSA.Comment: 24 pages, 2 tables, 11 figures. v2: typos fixed and reference added.
ASIACRYPT 201
Elliptic Curves
Elliptic curves have found widespread use in number theory and applications thereof, such as cryptography. In this paper we will first examine the basic theory of elliptic curves and then look specifically at how they can be used to construct cryptographic systems more efficient than their counterparts, and how they can be used to generate proofs for or against primality
Discrete logarithms in curves over finite fields
A survey on algorithms for computing discrete logarithms in Jacobians of
curves over finite fields
Horizontal isogeny graphs of ordinary abelian varieties and the discrete logarithm problem
Fix an ordinary abelian variety defined over a finite field. The ideal class
group of its endomorphism ring acts freely on the set of isogenous varieties
with same endomorphism ring, by complex multiplication. Any subgroup of the
class group, and generating set thereof, induces an isogeny graph on the orbit
of the variety for this subgroup. We compute (under the Generalized Riemann
Hypothesis) some bounds on the norms of prime ideals generating it, such that
the associated graph has good expansion properties.
We use these graphs, together with a recent algorithm of Dudeanu, Jetchev and
Robert for computing explicit isogenies in genus 2, to prove random
self-reducibility of the discrete logarithm problem within the subclasses of
principally polarizable ordinary abelian surfaces with fixed endomorphism ring.
In addition, we remove the heuristics in the complexity analysis of an
algorithm of Galbraith for explicitly computing isogenies between two elliptic
curves in the same isogeny class, and extend it to a more general setting
including genus 2.Comment: 18 page
Still Wrong Use of Pairings in Cryptography
Several pairing-based cryptographic protocols are recently proposed with a
wide variety of new novel applications including the ones in emerging
technologies like cloud computing, internet of things (IoT), e-health systems
and wearable technologies. There have been however a wide range of incorrect
use of these primitives. The paper of Galbraith, Paterson, and Smart (2006)
pointed out most of the issues related to the incorrect use of pairing-based
cryptography. However, we noticed that some recently proposed applications
still do not use these primitives correctly. This leads to unrealizable,
insecure or too inefficient designs of pairing-based protocols. We observed
that one reason is not being aware of the recent advancements on solving the
discrete logarithm problems in some groups. The main purpose of this article is
to give an understandable, informative, and the most up-to-date criteria for
the correct use of pairing-based cryptography. We thereby deliberately avoid
most of the technical details and rather give special emphasis on the
importance of the correct use of bilinear maps by realizing secure
cryptographic protocols. We list a collection of some recent papers having
wrong security assumptions or realizability/efficiency issues. Finally, we give
a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page
Character sums with division polynomials
We obtain nontrivial estimates of quadratic character sums of division
polynomials , , evaluated at a given point on an
elliptic curve over a finite field of elements. Our bounds are nontrivial
if the order of is at least for some fixed . This work is motivated by an open question about statistical
indistinguishability of some cryptographically relevant sequences which has
recently been brought up by K. Lauter and the second author
Hard isogeny problems over RSA moduli and groups with infeasible inversion
We initiate the study of computational problems on elliptic curve isogeny
graphs defined over RSA moduli. We conjecture that several variants of the
neighbor-search problem over these graphs are hard, and provide a comprehensive
list of cryptanalytic attempts on these problems. Moreover, based on the
hardness of these problems, we provide a construction of groups with infeasible
inversion, where the underlying groups are the ideal class groups of imaginary
quadratic orders.
Recall that in a group with infeasible inversion, computing the inverse of a
group element is required to be hard, while performing the group operation is
easy. Motivated by the potential cryptographic application of building a
directed transitive signature scheme, the search for a group with infeasible
inversion was initiated in the theses of Hohenberger and Molnar (2003). Later
it was also shown to provide a broadcast encryption scheme by Irrer et al.
(2004). However, to date the only case of a group with infeasible inversion is
implied by the much stronger primitive of self-bilinear map constructed by
Yamakawa et al. (2014) based on the hardness of factoring and
indistinguishability obfuscation (iO). Our construction gives a candidate
without using iO.Comment: Significant revision of the article previously titled "A Candidate
Group with Infeasible Inversion" (arXiv:1810.00022v1). Cleared up the
constructions by giving toy examples, added "The Parallelogram Attack" (Sec
5.3.2). 54 pages, 8 figure
- …