On oracle factoring of integers

We present an oracle factorisation algorithm which finds a nontrivial factor of almost all squarefree positive integers $n$ based on the knowledge of the number of points on certain elliptic curves in residue rings modulo $n$

Hard isogeny problems over RSA moduli and groups with infeasible inversion

We initiate the study of computational problems on elliptic curve isogeny graphs defined over RSA moduli. We conjecture that several variants of the neighbor-search problem over these graphs are hard, and provide a comprehensive list of cryptanalytic attempts on these problems. Moreover, based on the hardness of these problems, we provide a construction of groups with infeasible inversion, where the underlying groups are the ideal class groups of imaginary quadratic orders. Recall that in a group with infeasible inversion, computing the inverse of a group element is required to be hard, while performing the group operation is easy. Motivated by the potential cryptographic application of building a directed transitive signature scheme, the search for a group with infeasible inversion was initiated in the theses of Hohenberger and Molnar (2003). Later it was also shown to provide a broadcast encryption scheme by Irrer et al. (2004). However, to date the only case of a group with infeasible inversion is implied by the much stronger primitive of self-bilinear map constructed by Yamakawa et al. (2014) based on the hardness of factoring and indistinguishability obfuscation (iO). Our construction gives a candidate without using iO.Comment: Significant revision of the article previously titled "A Candidate Group with Infeasible Inversion" (arXiv:1810.00022v1). Cleared up the constructions by giving toy examples, added "The Parallelogram Attack" (Sec 5.3.2). 54 pages, 8 figure

Discrete logarithms in curves over finite fields

A survey on algorithms for computing discrete logarithms in Jacobians of curves over finite fields

Factorization and Malleability of RSA Moduli, and Counting Points on Elliptic Curves Modulo N

In this paper we address two different problems related with the factorization of an RSA (Rivest-Shamir-Adleman cryptosystem) modulus N. First we show that factoring is equivalent, in deterministic polynomial time, to counting points on a pair of twisted Elliptic curves modulo N. The second problem is related with malleability. This notion was introduced in 2006 by Pailler and Villar, and deals with the question of whether or not the factorization of a given number N becomes substantially easier when knowing the factorization of another one N′ relatively prime to N. Despite the efforts done up to now, a complete answer to this question was unknown. Here we settle the problem affirmatively. To construct a particular N′ that helps the factorization of N, we use the number of points of a single elliptic curve modulo N. Coppersmith's algorithm allows us to go from the factors of N′ to the factors of N in polynomial time

Computing heights on weighted projective spaces

In this note we extend the concept height on projective spaces to that of weighted height on weighted projective spaces and show how such a height can be computed. We prove some of the basic properties of the weighted height and show how it can be used to study hyperelliptic curves over Q. Some examples are provided from the weighted moduli space of binary sextics and octavics

On the post-quantum future of Elliptic Curve Cryptography

This thesis is a literature study on current published quantum-resistant isogeny-based key exchange protocols. Here we cover the topic from foundations. Chapters 1 and 2 discuss classical computation models, algorithm complexity, and how these concepts support the security of modern elliptic curve cryptography methods, such as ECDH and ECDSA. Next, in Chapters 3 to 5, we present quantum computation models, and how Shor's algorithm on quantum computers presents a threat to the future security of classical asymmetric cryptography. We explore the foundations of isogeny-based cryptography, and two key exchange protocols of this kind: SIDH and CSIDH. Appendices A and B are provided for readers wanting more in-depth background explanations on the algebraic geometry of elliptic curves, and quantum mechanics respectively

Diophantine Sets over Polynomial Rings and Hilbert's Tenth Problem for Function Fields

In 1900, the German mathematician David Hilbert proposed a list of 23 unsolved mathematical problems. In his Tenth Problem, he asked to find an algorithm to decide whether or not a given diophantine equation has a solution (in integers). Hilbert's Tenth Problem has a negative solution, in the sense that such an algorithm does not exist. This was proven in 1970 by Y. Matiyasevich, building on earlier work by M. Davis, H. Putnam and J. Robinson. Actually, this result was the consequence of something much stronger: the equivalence of recursively enumerable and diophantine sets (we will refer to this result as "DPRM"). The first new result in the thesis is about Hilbert's Tenth Problem for function fields of curves over valued fields in characteristic zero. Under some conditions on the curve and the valuation, we have undecidability for diophantine equations over the function field of the curve. One interesting new case are function fields of curves over formal Laurent series. The proof relies on the method with two elliptic curves as developed by K. H. Kim and F. Roush and generalised by K. Eisenträger. Additionally, the proof uses the theory quadratic forms and valuations. And especially for non-rational function fields there is some algebraic geometry coming in. The second type of results establishes the equivalence of recursively enumerable and diophantine sets in certain polynomial rings. The most important is the one-variable polynomial ring over a finite field. This is the first generalisation of DPRM in positive characteristic. My proof uses the structure of finite fields and in particular the properties of cyclotomic polynomials. In the last chapter, this result for polynomials over finite fields is generalised to polynomials over recursive algebraic extensions of a finite field. For these rings we don't have a good definition of "recursively enumerable" set, therefore we consider sets which are recursively enumerable for every recursive presentation. We show that these are exactly the diophantine sets. In addition to infinite extensions of finite fields, we also show the analogous result for polynomials over a ring of integers in a recursive totally real algebraic extension of the rationals. This generalises results by J. Denef and K. Zahidi