16 research outputs found
Integer Linear Programming Modeling of Addition Sequences With Additional Constraints for Evaluation of Power Terms
In this work, an integer linear programming (ILP) based model is proposed for
the computation of a minimal cost addition sequence for a given set of
integers. Since exponents are additive under multiplication, the minimal length
addition sequence will provide an economical solution for the evaluation of a
requested set of power terms. This is turn, finds application in, e.g.,
window-based exponentiation for cryptography and polynomial evaluation. Not
only is an optimal model proposed, the model is extended to consider different
costs for multipliers and squarers as well as controlling the depth of the
resulting addition sequence.Comment: This manuscript was written in 2012, and, hence, lacks more recent
reference
Fast hashing to G2 on pairing friendly curves
When using pairing-friendly ordinary elliptic curves over prime fields to implement identity-based protocols, there is often a need to hash identities to points on one or both of the two elliptic curve groups of prime order involved in the pairing. Of these is a group of points on the base field E(\F_p) and is instantiated as a group of points with coordinates on some extension field, over a twisted curve E\u27(\F_{p^d}), where divides the embedding degree . While hashing to is relatively easy, hashing to has been less considered, and is regarded as likely to be more expensive as it appears to require a multiplication by a large cofactor. In this paper we introduce a fast method for this cofactor multiplication on which exploits an efficiently computable homomorphism
On the final exponentiation for calculating pairings on ordinary elliptic curves
When using pairing-friendly ordinary elliptic curves to compute the Tate and related pairings, the computation consists of two main components, the Miller loop and the so-called final exponentiation. As a result of good progress being made to reduce the Miller loop component of the algorithm (particularly with the discovery of
``truncated loop\u27\u27 pairings like the R-ate pairing), the final exponentiation has become a more significant component of the overall calculation. Here we exploit the structure of pairing friendly elliptic curves to reduce the computation required for the final exponentiation to a minimum
Memory-saving computation of the pairing final exponentiation on BN curves
In this paper, we describe and improve efficient methods for computing
the hard part of the final exponentiation of pairings on Barreto-Naehrig
curves.
Thanks to the variants of pairings which decrease the length of the Miller
loop, the final exponentiation has become a significant component of the
overall calculation. Here we exploit the structure of BN curves to improve
this computation.
We will first present the most famous methods in the literature that en-
sure the computing of the hard part of the final exponentiation. We are
particularly interested in the memory resources necessary for the implementation of these methods. Indeed, this is an important constraint in
restricted environments.
More precisely, we are studying Devegili et al. method, Scott et al. addition chain method and Fuentes et al. method. After recalling these methods and their complexities, we determine the number of required registers
to compute the final result, because this is not always given in the literature. Then, we will present new versions of these methods which require
less memory resources (up to 37%). Moreover, some of these variants are
providing algorithms which are also more efficient than the original ones
Constructing suitable ordinary pairing-friendly curves: A case of elliptic curves and genus two hyperelliptic curves
One of the challenges in the designing of pairing-based cryptographic protocols is to construct suitable pairing-friendly curves: Curves which would provide eοΏ½cient implementation without compromising the security of the protocols. These curves have small embedding degree and large prime order subgroup. Random curves are likely to have large embedding degree and hence are not practical for implementation of pairing-based protocols.
In this thesis we review some mathematical background on elliptic and hyperelliptic curves in relation to the construction of pairing-friendly hyper-elliptic curves. We also present the notion of pairing-friendly curves. Furthermore, we construct new pairing-friendly elliptic curves and Jacobians of genus two hyperelliptic curves which would facilitate an efficient implementation in pairing-based protocols. We aim for curves that have smaller values than ever before reported for diοΏ½erent embedding degrees. We also discuss optimisation of computing pairing in Tate pairing and its variants. Here we show how to eοΏ½ciently multiply a point in a subgroup deοΏ½ned on a twist curve by a large cofactor. Our approach uses the theory of addition chains. We also show a new method for implementation of the computation of the hard part of the οΏ½nal exponentiation in the calculation of the Tate pairing and its varian
μμ μ»΄ν¨ν°μ λν μνΈνμ μκ³ λ¦¬μ¦
νμλ
Όλ¬Έ(λ°μ¬) -- μμΈλνκ΅λνμ : μμ°κ³Όνλν μ리과νλΆ, 2022. 8. μ΄νν¬.The advent of a quantum mechanical computer presents a clear threat to existing cryptography. On the other hand, the quantum computer also suggests the possibility of a new cryptographic protocol through the properties of quantum mechanics. These two perspectives, respectively, gave rise to a new field called post-quantum cryptography as a countermeasure against quantum attacks and quantum cryptography as a new cryptographic technology using quantum mechanics, which are the subject of this thesis.
In this thesis, we reconsider the security of the current post-quantum cryptography through a new quantum attack, model, and security proof. We present the fine-grained quantum security of hash functions as cryptographic primitives against preprocessing adversaries. We also bring recent quantum information theoretic research into cryptography, creating new quantum public key encryption and quantum commitment. Along the way, we resolve various open problems such as limitations of quantum algorithms with preprocessing computation, oracle separation problems in quantum complexity theory, and public key encryption using group action.μμμνμ μ΄μ©ν μ»΄ν¨ν°μ λ±μ₯μ μΌμ΄μ μκ³ λ¦¬μ¦ λ±μ ν΅ν΄ κΈ°μ‘΄ μνΈνμ λͺ
λ°±ν μνμ μ μνλ©°, μμμνμ μ±μ§μ ν΅ν μλ‘μ΄ μνΈνλ‘ν μ½μ κ°λ₯μ± λν μ μνλ€. μ΄λ¬ν λ κ°μ§ κ΄μ μ κ°κ° μ΄ νμ λ
Όλ¬Έμ μ£Όμ κ° λλ μμ곡격μ λν λμμ±
μΌλ‘μ¨μ λμμμνΈμ μμμνμ μ΄μ©ν μνΈκΈ°μ μΈ μμμνΈλΌκ³ λΆλ¦¬λ μλ‘μ΄ λΆμΌλ₯Ό λ°μμμΌ°λ€.
μ΄ νμ λ
Όλ¬Έμμλ νμ¬ λμμμνΈμ μμ μ±μ μλ‘μ΄ μμμνΈ κ³΅κ²© μκ³ λ¦¬μ¦κ³Ό λͺ¨λΈ, μμ μ± μ¦λͺ
μ ν΅ν΄ μ¬κ³ νλ€. νΉν μνΈνμ ν΄μ¬ν¨μμ μΌλ°©ν₯ν¨μ, μνΈνμ μμ¬λμμμ±κΈ°λ‘μμ λμμ μνΈ μμ μ±μ ꡬ체μ μΈ νκ°λ₯Ό μ μνλ€. λν μ΅κ·Ό μμμνμ μ°κ΅¬λ₯Ό μμμνΈμ λμ
ν¨μΌλ‘μ¨ μλ‘μ΄ μμ 곡κ°ν€μνΈμ μμ 컀λ°λ¨ΌνΈ λ±μ μλ‘μ΄ λ°κ²¬μ μ μνλ€. μ΄ κ³Όμ μμ μ μ²λ¦¬ κ³μ°μ ν¬ν¨ν μμμκ³ λ¦¬μ¦μ νκ³, μμ 볡μ‘κ³λ€μ μ€λΌν΄λΆλ¦¬ λ¬Έμ , κ΅°μ μμ©μ μ΄μ©ν 곡κ°ν€ μνΈ λ±μ μ¬λ¬ μ΄λ¦°λ¬Έμ λ€μ ν΄κ²°μ μ μνλ€.1 Introduction 1
1.1 Contributions 3
1.2 Related Works 11
1.3 Research Papers 13
2 Preliminaries 14
2.1 Quantum Computations 15
2.2 Quantum Algorithms 20
2.3 Cryptographic Primitives 21
I Post-Quantum Cryptography: Attacks, New Models, and Proofs 24
3 Quantum Cryptanalysis 25
3.1 Introduction 25
3.2 QROM-AI Algorithm for Function Inversion 26
3.3 Quantum Multiple Discrete Logarithm Problem 34
3.4 Discussion and Open problems 39
4 Quantum Random Oracle Model with Classical Advice 42
4.1 Quantum ROM with Auxiliary Input 44
4.2 Function Inversion 46
4.3 Pseudorandom Generators 56
4.4 Post-quantum Primitives 58
4.5 Discussion and Open Problems 59
5 Quantum Random Permutations with Quantum Advice 62
5.1 Bound for Inverting Random Permutations 64
5.2 Preparation 64
5.3 Proof of Theorem 68
5.4 Implication in Complexity Theory 74
5.5 Discussion and Open Problems 77
II Quantum Cryptography: Public-key Encryptions and Bit Commitments 79
6 Equivalence Theorem 80
6.1 Equivalence Theorem 81
6.2 Non-uniform Equivalence Theorem 83
6.3 Proof of Equivalence Theorem 86
7 Quantum Public Key Encryption 89
7.1 Swap-trapdoor Function Pairs 90
7.2 Quantum-Ciphertext Public Key Encryption 94
7.3 Group Action based Construction 99
7.4 Lattice based Construction 107
7.5 Discussion and Open Problems 113
7.6 Deferred Proof 114
8 Quantum Bit Commitment 119
8.1 Quantum Commitments 120
8.2 Efficient Conversion 123
8.3 Applications of Conversion 126
8.4 Discussion and Open Problems 137λ°