성긴 지수 이산대수 문제

학위논문 (박사)-- 서울대학교 대학원 : 수리과학부, 2012. 8. 천정희.이산대수 문제는 현대 공개키 암호에 있어 가장 중요한 수학적 기반 문제의 하나이다. 수많은 암호 시스템과 프로토콜들이 이산대수가 어렵다는 가정하게 설계 및 제안되고 있으며 이러한 연구는 활발하게 진행되고 있다. 이산대수 기반 암호 시스템의 효율성은 지수승 연산 속도에 직결된다. Hoffstein과 Silverman은 이산대수 문제가 정의된 군에서 빠른 지수승과 안전성을 보장하기 위해 해밍 웨이트가 작은 지수들의 곱(성긴 지수 곱)을 사용할 것을 제안하였다. 특히 GF(2^n)에서의 제곱연산 그리고 Koblitz 타운 곡선에서의 두 배 연산은 각각의 군 연산보다 훨씬 빠르기 때문에 성긴 지수 곱을 사용하면 연산을 매우 가속화시킬 수 있다. 본 학위 논문에서는 성긴 지수 곱 이산대수 문제의 안전성을 분석한다. 현재의 성긴 지수 곱 이산대수 문제의 안전성 분석은 성긴 지수 이산대수 문제의 분석 기법에 의존하고 있는데 이로부터는 본래 문제의 정확한 안전성을 측정할 수 없다. 본 논문에서는 성긴 지수 곱 이산대수 문제의 안전성을 분석하기 위해 매개화된 분할 시스템을 이용하여성긴 지수 곱 이산대수 문제를 공격하는 효율적인 알고리즘을 제안한다. 제안 알고리즘은 현재까지 알려진 알고리즘 중 가장 빠른 시간 안에 성긴 지수 곱 이산대수 문제의 해를 찾는다. 실증적인 예로써 Coron, Lefranc 그리고 Poupard가 CHES 2005에서 제안한 GPS 인증 스킴의 비밀키와 Hoffstein과 Silverman이 제안한 (2,2,11)-지수에 대해 제안 알고리즘을 적용하여 각각에 대해 2^{61.82} 그리고 2^{53.02} 번의 군 연산을 사용하여 비밀키를 복구할 수 있음을 보인다.The discrete logarithm problem is one of the most important underlying mathematical problems in contemporary public key cryptography. Under the assumption that the problem is infeasible, a great number of cryptosystems have been constructed and researches in this area are still underway actively. The efficiency of cryptosystems based on the discrete logarithm problem primarily relies on the speed at which exponentiation can be performed. On this line of research to address the issue Hoffstein and Silverman suggested the use of low Hamming weight product exponents to accelerate group exponentiation while maintaining the security level. Taking low Hamming weight product exponents, computation costs on GF(2^n) or Koblitz elliptic curves can be reduced significantly, where the cost of squaring and elliptic curve doubling is much lower than that of multiplication and elliptic curve addition, respectively. In the thesis we focus our concern on the security analysis of the discrete logarithm problem of low Hamming weight product exponents. The current estimate on the security of the problem mainly depends on the approaches for the case of low Hamming weight exponents, which does not fit into the product form well. We come up with parameterized splitting systems to resolve this problem. We show that it yields an efficient algorithm for the discrete logarithm problem of low Hamming weight exponents with lower complexity than that of any previously known algorithms. To demonstrate its application, we attack the GPS identification scheme modified by Coron, Lefranc, and Poupard in CHES 2005 and Hoffstein and Silverman's (2,2,11)-exponents. The time complexity of our key recovery attack against the GPS scheme is 2^{61.82}, which was expected to be 2^{78}. Hoffstein and Silverman's (2,2,11)-exponent can be recovered with a time complexity of 2^{53.02}, which is the lowest among the known attacks.1. Introduction 2. The Low Hamming Weight Discrete Logarithm Problem 3. The Low Hamming Weight Product DLP 4. Parameterized Splitting Systems 5. A New Algorithm from Parameterized Splitting Systems 6. Cryptanalysis 7. Conclusion and Open ProblemsDocto

Entropic equality for worst-case work at any protocol speed

We derive an equality for non-equilibrium statistical mechanics in finite-dimensional quantum systems. The equality concerns the worst-case work output of a time-dependent Hamiltonian protocol in the presence of a Markovian heat bath. It has has the form "worst-case work = penalty - optimum". The equality holds for all rates of changing the Hamiltonian and can be used to derive the optimum by setting the penalty to 0. The optimum term contains the max entropy of the initial state, rather than the von Neumann entropy, thus recovering recent results from single-shot statistical mechanics. Energy coherences can arise during the protocol but are assumed not to be present initially. We apply the equality to an electron box.Comment: 4 page + 14 page appendix; 8 figures; AA

The algebra of q-pseudodifferential symbols and the q-W_{KP}^n algebra

In this paper we continue with the program to explore the topography of the space of W-type algebras. In the present case, the starting point is the work of Khesin, Lyubashenko and Roger on the algebra of q-deformed pseudodifferential symbols and their associated integrable hierarchies. The analysis goes on by studying the associated hamiltonian structures for which compact expressions are found. The fundamental Poisson brackets yield q-deformations of W_{KP} and related W-type algebras which, in specific cases, coincide with the ones constructed by Frenkel and Reshetikhin. The construction underlies a continuous correspondence between the hamiltonian structures of the Toda lattice and the KP hierarchies.Comment: 28 pages. Section 5 revised. Misprints corrected. References adde

A theoretical study of thermal conductivity in single-walled boron nitride nanotubes

We perform a theoretical investigation on the thermal conductivity of single-walled boron nitride nanotubes (SWBNT) using the kinetic theory. By fitting to the phonon spectrum of boron nitride sheet, we develop an efficient and stable Tersoff-derived interatomic potential which is suitable for the study of heat transport in sp2 structures. We work out the selection rules for the three-phonon process with the help of the helical quantum numbers $(\kappa, n)$ attributed to the symmetry group (line group) of the SWBNT. Our calculation shows that the thermal conductivity $\kappa_{\rm ph}$ diverges with length as $\kappa_{\rm ph}\propto L^{\beta}$ with exponentially decaying $\beta(T)\propto e^{-T/T_{c}}$, which results from the competition between boundary scattering and three-phonon scattering for flexure modes. We find that the two flexure modes of the SWBNT make dominant contribution to the thermal conductivity, because their zero frequency locates at $\kappa=\pm\alpha$ where $\alpha$ is the rotational angle of the screw symmetry in SWBNT.Comment: accepted by PR