8,941 research outputs found
Elliptic curves with j = 0, 1728 and low embedding degree
Elliptic curves over a finite field Fq with j-invariant 0 or 1728, both supersingular and ordinary, whose embedding degree k is low are studied. In the ordinary case we give conditions characterizing such elliptic curves with fixed embedding degree with respect to a subgroup of prime order . For k = 1, 2, these conditions give parameterizations of q in terms of and two integers m, n. We show several examples of families with infinitely many curves. Similar parameterizations for k ? 3 need a fixed kth root of the unity in the underlying field. Moreover, when the elliptic curve admits distortion maps, an example is provided
Solving discrete logarithms on a 170-bit MNT curve by pairing reduction
Pairing based cryptography is in a dangerous position following the
breakthroughs on discrete logarithms computations in finite fields of small
characteristic. Remaining instances are built over finite fields of large
characteristic and their security relies on the fact that the embedding field
of the underlying curve is relatively large. How large is debatable. The aim of
our work is to sustain the claim that the combination of degree 3 embedding and
too small finite fields obviously does not provide enough security. As a
computational example, we solve the DLP on a 170-bit MNT curve, by exploiting
the pairing embedding to a 508-bit, degree-3 extension of the base field.Comment: to appear in the Lecture Notes in Computer Science (LNCS
Refinements of Miller's Algorithm over Weierstrass Curves Revisited
In 1986 Victor Miller described an algorithm for computing the Weil pairing
in his unpublished manuscript. This algorithm has then become the core of all
pairing-based cryptosystems. Many improvements of the algorithm have been
presented. Most of them involve a choice of elliptic curves of a \emph{special}
forms to exploit a possible twist during Tate pairing computation. Other
improvements involve a reduction of the number of iterations in the Miller's
algorithm. For the generic case, Blake, Murty and Xu proposed three refinements
to Miller's algorithm over Weierstrass curves. Though their refinements which
only reduce the total number of vertical lines in Miller's algorithm, did not
give an efficient computation as other optimizations, but they can be applied
for computing \emph{both} of Weil and Tate pairings on \emph{all}
pairing-friendly elliptic curves. In this paper we extend the Blake-Murty-Xu's
method and show how to perform an elimination of all vertical lines in Miller's
algorithm during Weil/Tate pairings computation on \emph{general} elliptic
curves. Experimental results show that our algorithm is faster about 25% in
comparison with the original Miller's algorithm.Comment: 17 page
Non-vanishing Heterotic Superpotentials on Elliptic Fibrations
We present models of heterotic compactification on Calabi-Yau threefolds and
compute the non-perturbative superpotential for vector bundle moduli. The key
feature of these models is that the threefolds, which are elliptically fibered
over del Pezzo surfaces, have homology classes with a unique holomorphic,
isolated genus-zero curve. Using the spectral cover construction, we present
vector bundles for which we can explicitly calculate the Pfaffians associated
with string instantons on these curves. These are shown to be non-zero, thus
leading to a non-vanishing superpotential in the 4D effective action. We
discuss, in detail, why such compactifications avoid the Beasley-Witten residue
theorem.Comment: 1 + 23 page
Complete Intersection Fibers in F-Theory
Global F-theory compactifications whose fibers are realized as complete
intersections form a richer set of models than just hypersurfaces. The detailed
study of the physics associated with such geometries depends crucially on being
able to put the elliptic fiber into Weierstrass form. While such a
transformation is always guaranteed to exist, its explicit form is only known
in a few special cases. We present a general algorithm for computing the
Weierstrass form of elliptic curves defined as complete intersections of
different codimensions and use it to solve all cases of complete intersections
of two equations in an ambient toric variety. Using this result, we determine
the toric Mordell-Weil groups of all 3134 nef partitions obtained from the 4319
three-dimensional reflexive polytopes and find new groups that do not exist for
toric hypersurfaces. As an application, we construct several models that cannot
be realized as toric hypersurfaces, such as the first toric SU(5) GUT model in
the literature with distinctly charged 10 representations and an F-theory model
with discrete gauge group Z_4 whose dual fiber has a Mordell-Weil group with
Z_4 torsion.Comment: 41 pages, 4 figures and 18 tables; added references in v
Still Wrong Use of Pairings in Cryptography
Several pairing-based cryptographic protocols are recently proposed with a
wide variety of new novel applications including the ones in emerging
technologies like cloud computing, internet of things (IoT), e-health systems
and wearable technologies. There have been however a wide range of incorrect
use of these primitives. The paper of Galbraith, Paterson, and Smart (2006)
pointed out most of the issues related to the incorrect use of pairing-based
cryptography. However, we noticed that some recently proposed applications
still do not use these primitives correctly. This leads to unrealizable,
insecure or too inefficient designs of pairing-based protocols. We observed
that one reason is not being aware of the recent advancements on solving the
discrete logarithm problems in some groups. The main purpose of this article is
to give an understandable, informative, and the most up-to-date criteria for
the correct use of pairing-based cryptography. We thereby deliberately avoid
most of the technical details and rather give special emphasis on the
importance of the correct use of bilinear maps by realizing secure
cryptographic protocols. We list a collection of some recent papers having
wrong security assumptions or realizability/efficiency issues. Finally, we give
a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page
- …