483 research outputs found

    Hard isogeny problems over RSA moduli and groups with infeasible inversion

    Get PDF
    We initiate the study of computational problems on elliptic curve isogeny graphs defined over RSA moduli. We conjecture that several variants of the neighbor-search problem over these graphs are hard, and provide a comprehensive list of cryptanalytic attempts on these problems. Moreover, based on the hardness of these problems, we provide a construction of groups with infeasible inversion, where the underlying groups are the ideal class groups of imaginary quadratic orders. Recall that in a group with infeasible inversion, computing the inverse of a group element is required to be hard, while performing the group operation is easy. Motivated by the potential cryptographic application of building a directed transitive signature scheme, the search for a group with infeasible inversion was initiated in the theses of Hohenberger and Molnar (2003). Later it was also shown to provide a broadcast encryption scheme by Irrer et al. (2004). However, to date the only case of a group with infeasible inversion is implied by the much stronger primitive of self-bilinear map constructed by Yamakawa et al. (2014) based on the hardness of factoring and indistinguishability obfuscation (iO). Our construction gives a candidate without using iO.Comment: Significant revision of the article previously titled "A Candidate Group with Infeasible Inversion" (arXiv:1810.00022v1). Cleared up the constructions by giving toy examples, added "The Parallelogram Attack" (Sec 5.3.2). 54 pages, 8 figure

    Collective symplectic integrators

    Full text link
    We construct symplectic integrators for Lie-Poisson systems. The integrators are standard symplectic (partitioned) Runge--Kutta methods. Their phase space is a symplectic vector space with a Hamiltonian action with momentum map JJ whose range is the target Lie--Poisson manifold, and their Hamiltonian is collective, that is, it is the target Hamiltonian pulled back by JJ. The method yields, for example, a symplectic midpoint rule expressed in 4 variables for arbitrary Hamiltonians on so(3)\mathfrak{so}(3)^*. The method specializes in the case that a sufficiently large symmetry group acts on the fibres of JJ, and generalizes to the case that the vector space carries a bifoliation. Examples involving many classical groups are presented

    Towards secure end-to-end data aggregation in AMI through delayed-integrity-verification

    Get PDF
    The integrity and authenticity of the energy usage data in Advanced Metering Infrastructure (AMI) is crucial to ensure the correct energy load to facilitate generation, distribution and customer billing. Any malicious tampering to the data must be detected immediately. This paper introduces secure end-to-end data aggregation for AMI, a security protocol that allows the concentrators to securely aggregate the data collected from the smart meters, while enabling the utility back-end that receives the aggregated data to verify the integrity and data originality. Compromise of concentrators can be detected. The aggregated data is protected using Chameleon Signatures and then forwarded to the utility back-end for verification, accounting, and analysis. Using the Trapdoor Chameleon Hash Function, the smart meters can periodically send an evidence to the utility back-end, by computing an alternative message and a random value (m', r) such that m' consists of all previous energy usage measurements of the smart meter in a specified period of time. By verifying that the Chameleon Hash Value of (m', r) and that the energy usage matches those aggregated by the concentrators, the utility back-end is convinced of the integrity and authenticity of the data from the smart meters. Any data anomaly between smart meters and concentrators can be detected, thus indicating potential compromise of concentrators

    Isometric actions of simple Lie groups on pseudoRiemannian manifolds

    Full text link
    Let M be a connected compact pseudoRiemannian manifold acted upon topologically transitively and isometrically by a connected noncompact simple Lie group G. If m_0, n_0 are the dimensions of the maximal lightlike subspaces tangent to M and G, respectively, where G carries any bi-invariant metric, then we have n_0 \leq m_0. We study G-actions that satisfy the condition n_0 = m_0. With no rank restrictions on G, we prove that M has a finite covering \hat{M} to which the G-action lifts so that \hat{M} is G-equivariantly diffeomorphic to an action on a double coset K\backslash L/\Gamma, as considered in Zimmer's program, with G normal in L (Theorem A). If G has finite center and \rank_\R(G)\geq 2, then we prove that we can choose \hat{M} for which L is semisimple and \Gamma is an irreducible lattice (Theorem B). We also prove that our condition n_0 = m_0 completely characterizes, up to a finite covering, such double coset G-actions (Theorem C). This describes a large family of double coset G-actions and provides a partial positive answer to the conjecture proposed in Zimmer's program.Comment: 29 pages, published versio

    On the Geometry of Flat Pseudo-Riemannian Homogeneous Spaces

    Full text link
    Let MM be complete flat pseudo-Riemannian homogeneous manifold and \Gamma\subset\Iso(\RR^n_s) its fundamental group. We show that MM is a trivial fiber bundle G/\Gamma\to M\to\RR^{n-k}, where GG is the Zariski closure of Γ\Gamma in \Iso(\RR^n_s). Moreover, we show that the GG-orbits in \RR^n_s are affinely diffeomorphic to GG endowed with the (0)-connection. If the induced metric on the GG-orbits is non-degenerate, then GG (and hence Γ\Gamma) has linear abelian holonomy. If additionally GG is not abelian, then GG contains a certain subgroup of dimension 6. In particular, for non-abelian GG orbits with non-degenerate metric can appear only if dimG6\dim G\geq 6.Comment: 20 pages, 1 figure, additional acknowledgmen

    Cycle Spaces of Infinite Dimensional Flag Domains

    Full text link
    Let GG be a complex simple direct limit group, specifically SL(;C)SL(\infty;\mathbb{C}), SO(;C)SO(\infty;\mathbb{C}) or Sp(;C)Sp(\infty;\mathbb{C}). Let F\mathcal{F} be a (generalized) flag in C\mathbb{C}^\infty. If GG is SO(;C)SO(\infty;\mathbb{C}) or Sp(;C)Sp(\infty;\mathbb{C}) we suppose further that F\mathcal{F} is isotropic. Let Z\mathcal{Z} denote the corresponding flag manifold; thus Z=G/Q\mathcal{Z} = G/Q where QQ is a parabolic subgroup of GG. In a recent paper with Ignatyev and Penkov, we studied real forms G0G_0 of GG and properties of their orbits on Z\mathcal{Z}. Here we concentrate on open G0G_0--orbits DZD \subset \mathcal{Z}. When G0G_0 is of hermitian type we work out the complete G0G_0--orbit structure of flag manifolds dual to the bounded symmetric domain for G0G_0. Then we develop the structure of the corresponding cycle spaces MD\mathcal{M}_D. Finally we study the real and quaternionic analogs of these theories. All this extends an large body of results from the finite dimensional cases on the structure of hermitian symmetric spaces and related cycle spaces.Comment: This revision improves the exposition and corrects a number of typos. Earlier revisions had clarified the ordering of subspaces in a flag relative to a given ordered basis of the ambient C\mathbb{C}^\infty as well as the product structure of the base cycles for flag domains of Sp(;R)Sp(\infty;R) and SO()SO^*(\infty). These revisions had no effect on the results for the structure of the cycle space

    A New Cryptosystem Based On Hidden Order Groups

    Get PDF
    Let G1G_1 be a cyclic multiplicative group of order nn. It is known that the Diffie-Hellman problem is random self-reducible in G1G_1 with respect to a fixed generator gg if ϕ(n)\phi(n) is known. That is, given g,gxG1g, g^x\in G_1 and having oracle access to a `Diffie-Hellman Problem' solver with fixed generator gg, it is possible to compute g1/xG1g^{1/x} \in G_1 in polynomial time (see theorem 3.2). On the other hand, it is not known if such a reduction exists when ϕ(n)\phi(n) is unknown (see conjuncture 3.1). We exploit this ``gap'' to construct a cryptosystem based on hidden order groups and present a practical implementation of a novel cryptographic primitive called an \emph{Oracle Strong Associative One-Way Function} (O-SAOWF). O-SAOWFs have applications in multiparty protocols. We demonstrate this by presenting a key agreement protocol for dynamic ad-hoc groups.Comment: removed examples for multiparty key agreement and join protocols, since they are redundan

    Geometry applications of irreducible representations of Lie Groups

    Get PDF
    In this note we give proofs of the following three algebraic facts which have applications in the theory of holonomy groups and homogeneous spaces: Any irreducibly acting connected subgroup G \subset Gl(n,\rr) is closed. Moreover, if GG admits an invariant bilinear form of Lorentzian signature, GG is maximal, i.e. it is conjugated to SO(1,n1)0SO(1,n-1)_0. We calculate the vector space of GG-invariant symmetric bilinear forms, show that it is at most 33-dimensional, and determine the maximal stabilizers for each dimension. Finally, we give some applications and present some open problem
    corecore