Normal Elliptic Bases and Torus-Based Cryptography

We consider representations of algebraic tori $T_n(F_q)$ over finite fields. We make use of normal elliptic bases to show that, for infinitely many squarefree integers $n$ and infinitely many values of $q$, we can encode $m$ torus elements, to a small fixed overhead and to $m$ $\phi(n)$-tuples of $F_q$ elements, in quasi-linear time in $\log q$. This improves upon previously known algorithms, which all have a quasi-quadratic complexity. As a result, the cost of the encoding phase is now negligible in Diffie-Hellman cryptographic schemes

On Modular Inverses of Cyclotomic Polynomials and the Magnitude of their Coefficients

Let p and r be two primes and n, m be two distinct divisors of pr. Consider the n-th and m-th cyclotomic polynomials. In this paper, we present lower and upper bounds for the coefficients of the inverse of one of them modulo the other one. We mention an application to torus-based cryptography.Comment: 21 page

On Small Degree Extension Fields in Cryptology

This thesis studies the implications of using public key cryptographic primitives that are based in, or map to, the multiplicative group of finite fields with small extension degree. A central observation is that the multiplicative group of extension fields essentially decomposes as a product of algebraic tori, whose properties allow for improved communication efficiency. Part I of this thesis is concerned with the constructive implications of this idea. Firstly, algorithms are developed for the efficient implementation of torus-based cryptosystems and their performance compared with previous work. It is then shown how to apply these methods to operations required in low characteristic pairing-based cryptography. Finally, practical schemes for high-dimensional tori are discussed. Highly optimised implementations and benchmark timings are provided for each of these systems. Part II addresses the security of the schemes presented in Part I, i.e., the hardness of the discrete logarithm problem. Firstly, an heuristic analysis of the effectiveness of the Function Field Sieve in small characteristic is given. Next presented is an implementation of this algorithm for characteristic three fields used in pairing-based cryptography. Finally, a new index calculus algorithm for solving the discrete logarithm problem on algebraic tori is described and analysed

Computing Igusa class polynomials

We bound the running time of an algorithm that computes the genus-two class polynomials of a primitive quartic CM-field K. This is in fact the first running time bound and even the first proof of correctness of any algorithm that computes these polynomials. Essential to bounding the running time is our bound on the height of the polynomials, which is a combination of denominator bounds of Goren and Lauter and our own absolute value bounds. The absolute value bounds are obtained by combining Dupont's estimates of theta constants with an analysis of the shape of CM period lattices. The algorithm is basically the complex analytic method of Spallek and van Wamelen, and we show that it finishes in time Otilde(Delta^(7/2)), where Delta is the discriminant of K. We give a complete running time analysis of all parts of the algorithm, and a proof of correctness including a rounding error analysis. We also provide various improvements along the way.Comment: 31 pages (Various improvements to the exposition suggested by the referee. For the most detailed exposition, see Chapter II of the author's thesis http://hdl.handle.net/1887/15572

Curves, Jacobians, and Cryptography

The main purpose of this paper is to give an overview over the theory of abelian varieties, with main focus on Jacobian varieties of curves reaching from well-known results till to latest developments and their usage in cryptography. In the first part we provide the necessary mathematical background on abelian varieties, their torsion points, Honda-Tate theory, Galois representations, with emphasis on Jacobian varieties and hyperelliptic Jacobians. In the second part we focus on applications of abelian varieties on cryptography and treating separately, elliptic curve cryptography, genus 2 and 3 cryptography, including Diffie-Hellman Key Exchange, index calculus in Picard groups, isogenies of Jacobians via correspondences and applications to discrete logarithms. Several open problems and new directions are suggested.Comment: 66 page

Identity based cryptography from bilinear pairings

This report contains an overview of two related areas of research in cryptography which have been prolific in significant advances in recent years. The first of these areas is pairing based cryptography. Bilinear pairings over elliptic curves were initially used as formal mathematical tools and later as cryptanalysis tools that rendered supersingular curves insecure. In recent years, bilinear pairings have been used to construct many cryptographic schemes. The second area covered by this report is identity based cryptography. Digital certificates are a fundamental part of public key cryptography, as one needs a secure way of associating an agent’s identity with a random (meaningless) public key. In identity based cryptography, public keys can be arbitrary bit strings, including readable representations of one’s identity.Fundação para a Ci~Encia e Tecnologia - SFRH/BPD/20528/2004

A Survey on Homomorphic Encryption Schemes: Theory and Implementation

Legacy encryption systems depend on sharing a key (public or private) among the peers involved in exchanging an encrypted message. However, this approach poses privacy concerns. Especially with popular cloud services, the control over the privacy of the sensitive data is lost. Even when the keys are not shared, the encrypted material is shared with a third party that does not necessarily need to access the content. Moreover, untrusted servers, providers, and cloud operators can keep identifying elements of users long after users end the relationship with the services. Indeed, Homomorphic Encryption (HE), a special kind of encryption scheme, can address these concerns as it allows any third party to operate on the encrypted data without decrypting it in advance. Although this extremely useful feature of the HE scheme has been known for over 30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE) scheme, which allows any computable function to perform on the encrypted data, was introduced by Craig Gentry in 2009. Even though this was a major achievement, different implementations so far demonstrated that FHE still needs to be improved significantly to be practical on every platform. First, we present the basics of HE and the details of the well-known Partially Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which are important pillars of achieving FHE. Then, the main FHE families, which have become the base for the other follow-up FHE schemes are presented. Furthermore, the implementations and recent improvements in Gentry-type FHE schemes are also surveyed. Finally, further research directions are discussed. This survey is intended to give a clear knowledge and foundation to researchers and practitioners interested in knowing, applying, as well as extending the state of the art HE, PHE, SWHE, and FHE systems.Comment: - Updated. (October 6, 2017) - This paper is an early draft of the survey that is being submitted to ACM CSUR and has been uploaded to arXiv for feedback from stakeholder

The Infrastructure of a Global Field of Arbitrary Unit Rank

In this paper, we show a general way to interpret the infrastructure of a global field of arbitrary unit rank. This interpretation generalizes the prior concepts of the giant step operation and f-representations, and makes it possible to relate the infrastructure to the (Arakelov) divisor class group of the global field. In the case of global function fields, we present results that establish that effective implementation of the presented methods is indeed possible, and we show how Shanks' baby-step giant-step method can be generalized to this situation.Comment: Revised version. Accepted for publication in Math. Com