Hard isogeny problems over RSA moduli and groups with infeasible inversion

We initiate the study of computational problems on elliptic curve isogeny graphs defined over RSA moduli. We conjecture that several variants of the neighbor-search problem over these graphs are hard, and provide a comprehensive list of cryptanalytic attempts on these problems. Moreover, based on the hardness of these problems, we provide a construction of groups with infeasible inversion, where the underlying groups are the ideal class groups of imaginary quadratic orders. Recall that in a group with infeasible inversion, computing the inverse of a group element is required to be hard, while performing the group operation is easy. Motivated by the potential cryptographic application of building a directed transitive signature scheme, the search for a group with infeasible inversion was initiated in the theses of Hohenberger and Molnar (2003). Later it was also shown to provide a broadcast encryption scheme by Irrer et al. (2004). However, to date the only case of a group with infeasible inversion is implied by the much stronger primitive of self-bilinear map constructed by Yamakawa et al. (2014) based on the hardness of factoring and indistinguishability obfuscation (iO). Our construction gives a candidate without using iO.Comment: Significant revision of the article previously titled "A Candidate Group with Infeasible Inversion" (arXiv:1810.00022v1). Cleared up the constructions by giving toy examples, added "The Parallelogram Attack" (Sec 5.3.2). 54 pages, 8 figure

Collective symplectic integrators

We construct symplectic integrators for Lie-Poisson systems. The integrators are standard symplectic (partitioned) Runge--Kutta methods. Their phase space is a symplectic vector space with a Hamiltonian action with momentum map $J$ whose range is the target Lie--Poisson manifold, and their Hamiltonian is collective, that is, it is the target Hamiltonian pulled back by $J$. The method yields, for example, a symplectic midpoint rule expressed in 4 variables for arbitrary Hamiltonians on $\mathfrak{so}(3)^*$. The method specializes in the case that a sufficiently large symmetry group acts on the fibres of $J$, and generalizes to the case that the vector space carries a bifoliation. Examples involving many classical groups are presented

Towards secure end-to-end data aggregation in AMI through delayed-integrity-verification

The integrity and authenticity of the energy usage data in Advanced Metering Infrastructure (AMI) is crucial to ensure the correct energy load to facilitate generation, distribution and customer billing. Any malicious tampering to the data must be detected immediately. This paper introduces secure end-to-end data aggregation for AMI, a security protocol that allows the concentrators to securely aggregate the data collected from the smart meters, while enabling the utility back-end that receives the aggregated data to verify the integrity and data originality. Compromise of concentrators can be detected. The aggregated data is protected using Chameleon Signatures and then forwarded to the utility back-end for verification, accounting, and analysis. Using the Trapdoor Chameleon Hash Function, the smart meters can periodically send an evidence to the utility back-end, by computing an alternative message and a random value (m', r) such that m' consists of all previous energy usage measurements of the smart meter in a specified period of time. By verifying that the Chameleon Hash Value of (m', r) and that the energy usage matches those aggregated by the concentrators, the utility back-end is convinced of the integrity and authenticity of the data from the smart meters. Any data anomaly between smart meters and concentrators can be detected, thus indicating potential compromise of concentrators

Isometric actions of simple Lie groups on pseudoRiemannian manifolds

Let M be a connected compact pseudoRiemannian manifold acted upon topologically transitively and isometrically by a connected noncompact simple Lie group G. If m_0, n_0 are the dimensions of the maximal lightlike subspaces tangent to M and G, respectively, where G carries any bi-invariant metric, then we have n_0 \leq m_0. We study G-actions that satisfy the condition n_0 = m_0. With no rank restrictions on G, we prove that M has a finite covering \hat{M} to which the G-action lifts so that \hat{M} is G-equivariantly diffeomorphic to an action on a double coset K\backslash L/\Gamma, as considered in Zimmer's program, with G normal in L (Theorem A). If G has finite center and \rank_\R(G)\geq 2, then we prove that we can choose \hat{M} for which L is semisimple and \Gamma is an irreducible lattice (Theorem B). We also prove that our condition n_0 = m_0 completely characterizes, up to a finite covering, such double coset G-actions (Theorem C). This describes a large family of double coset G-actions and provides a partial positive answer to the conjecture proposed in Zimmer's program.Comment: 29 pages, published versio

On the Geometry of Flat Pseudo-Riemannian Homogeneous Spaces

Let $M$ be complete flat pseudo-Riemannian homogeneous manifold and \Gamma\subset\Iso(\RR^n_s) its fundamental group. We show that $M$ is a trivial fiber bundle G/\Gamma\to M\to\RR^{n-k}, where $G$ is the Zariski closure of $\Gamma$ in \Iso(\RR^n_s). Moreover, we show that the $G$-orbits in \RR^n_s are affinely diffeomorphic to $G$ endowed with the (0)-connection. If the induced metric on the $G$-orbits is non-degenerate, then $G$ (and hence $\Gamma$) has linear abelian holonomy. If additionally $G$ is not abelian, then $G$ contains a certain subgroup of dimension 6. In particular, for non-abelian $G$ orbits with non-degenerate metric can appear only if $\dim G\geq 6$.Comment: 20 pages, 1 figure, additional acknowledgmen

Cycle Spaces of Infinite Dimensional Flag Domains

Let $G$ be a complex simple direct limit group, specifically $SL(\infty;\mathbb{C})$, $SO(\infty;\mathbb{C})$ or $Sp(\infty;\mathbb{C})$. Let $\mathcal{F}$ be a (generalized) flag in $\mathbb{C}^\infty$. If $G$ is $SO(\infty;\mathbb{C})$ or $Sp(\infty;\mathbb{C})$ we suppose further that $\mathcal{F}$ is isotropic. Let $\mathcal{Z}$ denote the corresponding flag manifold; thus $\mathcal{Z} = G/Q$ where $Q$ is a parabolic subgroup of $G$. In a recent paper with Ignatyev and Penkov, we studied real forms $G_0$ of $G$ and properties of their orbits on $\mathcal{Z}$. Here we concentrate on open $G_0$--orbits $D \subset \mathcal{Z}$. When $G_0$ is of hermitian type we work out the complete $G_0$--orbit structure of flag manifolds dual to the bounded symmetric domain for $G_0$. Then we develop the structure of the corresponding cycle spaces $\mathcal{M}_D$. Finally we study the real and quaternionic analogs of these theories. All this extends an large body of results from the finite dimensional cases on the structure of hermitian symmetric spaces and related cycle spaces.Comment: This revision improves the exposition and corrects a number of typos. Earlier revisions had clarified the ordering of subspaces in a flag relative to a given ordered basis of the ambient $\mathbb{C}^\infty$ as well as the product structure of the base cycles for flag domains of $Sp(\infty;R)$ and $SO^*(\infty)$. These revisions had no effect on the results for the structure of the cycle space

A New Cryptosystem Based On Hidden Order Groups

Let $G_1$ be a cyclic multiplicative group of order $n$. It is known that the Diffie-Hellman problem is random self-reducible in $G_1$ with respect to a fixed generator $g$ if $\phi(n)$ is known. That is, given $g, g^x\in G_1$ and having oracle access to a `Diffie-Hellman Problem' solver with fixed generator $g$, it is possible to compute $g^{1/x} \in G_1$ in polynomial time (see theorem 3.2). On the other hand, it is not known if such a reduction exists when $\phi(n)$ is unknown (see conjuncture 3.1). We exploit this ``gap'' to construct a cryptosystem based on hidden order groups and present a practical implementation of a novel cryptographic primitive called an \emph{Oracle Strong Associative One-Way Function} (O-SAOWF). O-SAOWFs have applications in multiparty protocols. We demonstrate this by presenting a key agreement protocol for dynamic ad-hoc groups.Comment: removed examples for multiparty key agreement and join protocols, since they are redundan

Geometry applications of irreducible representations of Lie Groups

In this note we give proofs of the following three algebraic facts which have applications in the theory of holonomy groups and homogeneous spaces: Any irreducibly acting connected subgroup G \subset Gl(n,\rr) is closed. Moreover, if $G$ admits an invariant bilinear form of Lorentzian signature, $G$ is maximal, i.e. it is conjugated to $SO(1,n-1)_0$. We calculate the vector space of $G$-invariant symmetric bilinear forms, show that it is at most $3$-dimensional, and determine the maximal stabilizers for each dimension. Finally, we give some applications and present some open problem