1,432 research outputs found
Algorithms in algebraic number theory
In this paper we discuss the basic problems of algorithmic algebraic number
theory. The emphasis is on aspects that are of interest from a purely
mathematical point of view, and practical issues are largely disregarded. We
describe what has been done and, more importantly, what remains to be done in
the area. We hope to show that the study of algorithms not only increases our
understanding of algebraic number fields but also stimulates our curiosity
about them. The discussion is concentrated of three topics: the determination
of Galois groups, the determination of the ring of integers of an algebraic
number field, and the computation of the group of units and the class group of
that ring of integers.Comment: 34 page
Hard isogeny problems over RSA moduli and groups with infeasible inversion
We initiate the study of computational problems on elliptic curve isogeny
graphs defined over RSA moduli. We conjecture that several variants of the
neighbor-search problem over these graphs are hard, and provide a comprehensive
list of cryptanalytic attempts on these problems. Moreover, based on the
hardness of these problems, we provide a construction of groups with infeasible
inversion, where the underlying groups are the ideal class groups of imaginary
quadratic orders.
Recall that in a group with infeasible inversion, computing the inverse of a
group element is required to be hard, while performing the group operation is
easy. Motivated by the potential cryptographic application of building a
directed transitive signature scheme, the search for a group with infeasible
inversion was initiated in the theses of Hohenberger and Molnar (2003). Later
it was also shown to provide a broadcast encryption scheme by Irrer et al.
(2004). However, to date the only case of a group with infeasible inversion is
implied by the much stronger primitive of self-bilinear map constructed by
Yamakawa et al. (2014) based on the hardness of factoring and
indistinguishability obfuscation (iO). Our construction gives a candidate
without using iO.Comment: Significant revision of the article previously titled "A Candidate
Group with Infeasible Inversion" (arXiv:1810.00022v1). Cleared up the
constructions by giving toy examples, added "The Parallelogram Attack" (Sec
5.3.2). 54 pages, 8 figure
- …