1,109 research outputs found
On the minimum distance of elliptic curve codes
Computing the minimum distance of a linear code is one of the fundamental
problems in algorithmic coding theory. Vardy [14] showed that it is an \np-hard
problem for general linear codes. In practice, one often uses codes with
additional mathematical structure, such as AG codes. For AG codes of genus
(generalized Reed-Solomon codes), the minimum distance has a simple explicit
formula. An interesting result of Cheng [3] says that the minimum distance
problem is already \np-hard (under \rp-reduction) for general elliptic curve
codes (ECAG codes, or AG codes of genus ). In this paper, we show that the
minimum distance of ECAG codes also has a simple explicit formula if the
evaluation set is suitably large (at least of the group order). Our
method is purely combinatorial and based on a new sieving technique from the
first two authors [8]. This method also proves a significantly stronger version
of the MDS (maximum distance separable) conjecture for ECAG codes.Comment: 13 page
A kilobit hidden SNFS discrete logarithm computation
We perform a special number field sieve discrete logarithm computation in a
1024-bit prime field. To our knowledge, this is the first kilobit-sized
discrete logarithm computation ever reported for prime fields. This computation
took a little over two months of calendar time on an academic cluster using the
open-source CADO-NFS software. Our chosen prime looks random, and
has a 160-bit prime factor, in line with recommended parameters for the Digital
Signature Algorithm. However, our p has been trapdoored in such a way that the
special number field sieve can be used to compute discrete logarithms in
, yet detecting that p has this trapdoor seems out of reach.
Twenty-five years ago, there was considerable controversy around the
possibility of back-doored parameters for DSA. Our computations show that
trapdoored primes are entirely feasible with current computing technology. We
also describe special number field sieve discrete log computations carried out
for multiple weak primes found in use in the wild. As can be expected from a
trapdoor mechanism which we say is hard to detect, our research did not reveal
any trapdoored prime in wide use. The only way for a user to defend against a
hypothetical trapdoor of this kind is to require verifiably random primes
Solving discrete logarithms on a 170-bit MNT curve by pairing reduction
Pairing based cryptography is in a dangerous position following the
breakthroughs on discrete logarithms computations in finite fields of small
characteristic. Remaining instances are built over finite fields of large
characteristic and their security relies on the fact that the embedding field
of the underlying curve is relatively large. How large is debatable. The aim of
our work is to sustain the claim that the combination of degree 3 embedding and
too small finite fields obviously does not provide enough security. As a
computational example, we solve the DLP on a 170-bit MNT curve, by exploiting
the pairing embedding to a 508-bit, degree-3 extension of the base field.Comment: to appear in the Lecture Notes in Computer Science (LNCS
Deterministic elliptic curve primality proving for a special sequence of numbers
We give a deterministic algorithm that very quickly proves the primality or
compositeness of the integers N in a certain sequence, using an elliptic curve
E/Q with complex multiplication by the ring of integers of Q(sqrt(-7)). The
algorithm uses O(log N) arithmetic operations in the ring Z/NZ, implying a bit
complexity that is quasi-quadratic in log N. Notably, neither of the classical
"N-1" or "N+1" primality tests apply to the integers in our sequence. We
discuss how this algorithm may be applied, in combination with sieving
techniques, to efficiently search for very large primes. This has allowed us to
prove the primality of several integers with more than 100,000 decimal digits,
the largest of which has more than a million bits in its binary representation.
At the time it was found, it was the largest proven prime N for which no
significant partial factorization of N-1 or N+1 is known.Comment: 16 pages, corrected a minor sign error in 5.
Moment curves and cyclic symmetry for positive Grassmannians
We show that for each k and n, the cyclic shift map on the complex
Grassmannian Gr(k,n) has exactly fixed points. There is a unique
totally nonnegative fixed point, given by taking n equally spaced points on the
trigonometric moment curve (if k is odd) or the symmetric moment curve (if k is
even). We introduce a parameter q, and show that the fixed points of a
q-deformation of the cyclic shift map are precisely the critical points of the
mirror-symmetric superpotential on Gr(k,n). This follows from
results of Rietsch about the quantum cohomology ring of Gr(k,n). We survey many
other diverse contexts which feature moment curves and the cyclic shift map.Comment: 18 pages. v2: Minor change
Discrete logarithms in curves over finite fields
A survey on algorithms for computing discrete logarithms in Jacobians of
curves over finite fields
Implementing the asymptotically fast version of the elliptic curve primality proving algorithm
The elliptic curve primality proving (ECPP) algorithm is one of the current
fastest practical algorithms for proving the primality of large numbers. Its
running time cannot be proven rigorously, but heuristic arguments show that it
should run in time O ((log N)^5) to prove the primality of N. An asymptotically
fast version of it, attributed to J. O. Shallit, runs in time O ((log N)^4).
The aim of this article is to describe this version in more details, leading to
actual implementations able to handle numbers with several thousands of decimal
digits
- …