Finding Significant Fourier Coefficients: Clarifications, Simplifications, Applications and Limitations

Ideas from Fourier analysis have been used in cryptography for the last three decades. Akavia, Goldwasser and Safra unified some of these ideas to give a complete algorithm that finds significant Fourier coefficients of functions on any finite abelian group. Their algorithm stimulated a lot of interest in the cryptography community, especially in the context of `bit security'. This manuscript attempts to be a friendly and comprehensive guide to the tools and results in this field. The intended readership is cryptographers who have heard about these tools and seek an understanding of their mechanics and their usefulness and limitations. A compact overview of the algorithm is presented with emphasis on the ideas behind it. We show how these ideas can be extended to a `modulus-switching' variant of the algorithm. We survey some applications of this algorithm, and explain that several results should be taken in the right context. In particular, we point out that some of the most important bit security problems are still open. Our original contributions include: a discussion of the limitations on the usefulness of these tools; an answer to an open question about the modular inversion hidden number problem

Distortion maps for genus two curves

Distortion maps are a useful tool for pairing based cryptography. Compared with elliptic curves, the case of hyperelliptic curves of genus g > 1 is more complicated since the full torsion subgroup has rank 2g. In this paper we prove that distortion maps always exist for supersingular curves of genus g>1 and we construct distortion maps in genus 2 (for embedding degrees 4,5,6 and 12).Comment: 16 page

Constructing supersingular elliptic curves with a given endomorphism ring

Let O be a maximal order in the quaternion algebra B_p over Q ramified at p and infinity. The paper is about the computational problem: Construct a supersingular elliptic curve E over F_p such that End(E) = O. We present an algorithm that solves this problem by taking gcds of the reductions modulo p of Hilbert class polynomials. New theoretical results are required to determine the complexity of our algorithm. Our main result is that, under certain conditions on a rank three sublattice O^T of O, the order O is effectively characterized by the three successive minima and two other short vectors of O^T. The desired conditions turn out to hold whenever the j-invariant j(E), of the elliptic curve with End(E) = O, lies in F_p. We can then prove that our algorithm terminates with running time O(p^{1+\epsilon}) under the aforementioned conditions. As a further application we present an algorithm to simultaneously match all maximal order types with their associated j-invariants. Our algorithm has running time O(p^{2.5+\epsilon}) operations and is more efficient than Cervino's algorithm for the same problem.Comment: Full version of paper published by the LMS Journal of Computation and Mathematic

The Weil pairing on elliptic curves over C

To help motivate the Weil pairing, we discuss it in the context of elliptic curves over the field of complex numbers

Authenticated key exchange for SIDH

We survey authenticated key exchange (AKE) in the context of supersingular isogeny Diffie-Hellman key exchange (SIDH). We discuss different approaches to achieve authenticated key exchange, and survey the literature. We explain some challenges that arise in the SIDH setting if one wants to do a ``Diffie-Hellman-like\u27\u27 AKE, and present several candidate authenticated key exchange protocols suitable for SIDH. We also discuss some open problems

On the Degree-Insensitive SI-GDH problem and assumption

Fujioka, Takashima, Terada and Yoneyama, in their 2018 work on an authenticated key exchange protocol using supersingular isogenies, use new assumptions in their security proof of the scheme. In particular, they define the degree-sensitive and degree-insensitive SI-GDH assumptions and problems. These assumptions include a decision oracle that is used in the security proofs. We give evidence that those assumptions are not well defined. Hence, the security proofs in their paper do not seem to be correct

Obfuscating Finite Automata

We construct a VBB and perfect circuit-hiding obfuscator for evasive deterministic finite automata using a matrix encoding scheme with a limited zero-testing algorithm. We construct the matrix encoding scheme by extending an existing matrix FHE scheme. Using obfuscated DFAs we can for example evaluate secret regular expressions or disjunctive normal forms on public inputs. In particular, the possibility of evaluating regular expressions solves the open problem of obfuscated substring matching

Lattice Decoding Attacks on Binary LWE

We consider the binary-LWE problem, which is the learning with errors problem when the entries of the secret vector are chosen from $\{ 0, 1\}$ or $\{ -1, 0, 1 \}$ (and the error vector is sampled from a discrete Gaussian distribution). Our main result is an improved lattice decoding algorithm for binary-LWE which first translates the problem to the inhomogeneous short integer solution (ISIS) problem, and then solves the closest vector problem using a re-scaling of the lattice. We also discuss modulus switching as an approach to the problem. Our conclusion is that binary-LWE is easier than general LWE. We give experimental results and theoretical estimates that can be used to choose parameters for binary-LWE to achieve certain security levels

Auditable Obfuscation

We introduce a new variant of malicious obfuscation. Our formalism is incomparable to the existing definitions by Canetti and Varia (TCC 2010), Canetti et al. (EUROCRYPT 2022) and Badrinarayanan et al. (ASIACRYPT 2016). We show that this concept is natural and applicable to obfuscation-as-a-service platforms. We next define a new notion called auditable obfuscation which provides security against malicious obfuscation. Finally, we construct a proof of concept of the developed notions based on well-studied theoretical obfuscation proposals