Holes in the Infrastructure of Global Hyperelliptic Function Fields

We prove that the number of "hole elements" $H(K)$ in the infrastructure of a hyperelliptic function field $K$ of genus $g$ with finite constant field \F_q with $n + 1$ places at infinity, of whom $n' + 1$ are of degree one, satisfies |\frac{H(K)}{\abs{\Pic^0(K)}} - \frac{n'}{q}| = O(16^g n q^{-3/2}). We obtain an explicit formula for the number of holes using only information on the infinite places and the coefficients of the $L$-polynomial of the hyperelliptic function field. This proves a special case of a conjecture by E. Landquist and the author on the number of holes of an infrastructure of a global function field. Moreover, we investigate the size of a hole in case $n = n'$, and show that asymptotically for $n \to \infty$, the size of a hole next to a reduced divisor $D$ behaves like the function $\frac{n^{g - \deg D}}{(g - \deg D)!}$.Comment: 30 pages; corrected a problem in the first versio

The Infrastructure of a Global Field of Arbitrary Unit Rank

In this paper, we show a general way to interpret the infrastructure of a global field of arbitrary unit rank. This interpretation generalizes the prior concepts of the giant step operation and f-representations, and makes it possible to relate the infrastructure to the (Arakelov) divisor class group of the global field. In the case of global function fields, we present results that establish that effective implementation of the presented methods is indeed possible, and we show how Shanks' baby-step giant-step method can be generalized to this situation.Comment: Revised version. Accepted for publication in Math. Com

On the Probability of Generating a Lattice

We study the problem of determining the probability that m vectors selected uniformly at random from the intersection of the full-rank lattice L in R^n and the window [0,B)^n generate $\Lambda$ when B is chosen to be appropriately large. This problem plays an important role in the analysis of the success probability of quantum algorithms for solving the Discrete Logarithm Problem in infrastructures obtained from number fields and also for computing fundamental units of number fields. We provide the first complete and rigorous proof that 2n+1 vectors suffice to generate L with constant probability (provided that B is chosen to be sufficiently large in terms of n and the covering radius of L and the last n+1 vectors are sampled from a slightly larger window). Based on extensive computer simulations, we conjecture that only n+1 vectors sampled from one window suffice to generate L with constant success probability. If this conjecture is true, then a significantly better success probability of the above quantum algorithms can be guaranteed.Comment: 18 page

Quantum Algorithm for Computing the Period Lattice of an Infrastructure

We present a quantum algorithm for computing the period lattice of infrastructures of fixed dimension. The algorithm applies to infrastructures that satisfy certain conditions. The latter are always fulfilled for infrastructures obtained from global fields, i.e., algebraic number fields and function fields with finite constant fields. The first of our main contributions is an exponentially better method for sampling approximations of vectors of the dual lattice of the period lattice than the methods outlined in the works of Hallgren and Schmidt and Vollmer. This new method improves the success probability by a factor of at least 2^{n^2-1} where n is the dimension. The second main contribution is a rigorous and complete proof that the running time of the algorithm is polynomial in the logarithm of the determinant of the period lattice and exponential in n. The third contribution is the determination of an explicit lower bound on the success probability of our algorithm which greatly improves on the bounds given in the above works. The exponential scaling seems inevitable because the best currently known methods for carrying out fundamental arithmetic operations in infrastructures obtained from algebraic number fields take exponential time. In contrast, the problem of computing the period lattice of infrastructures arising from function fields can be solved without the exponential dependence on the dimension n since this problem reduces efficiently to the abelian hidden subgroup problem. This is also true for other important computational problems in algebraic geometry. The running time of the best classical algorithms for infrastructures arising from global fields increases subexponentially with the determinant of the period lattice.Comment: 52 pages, 4 figure

PotLLL: A Polynomial Time Version of LLL With Deep Insertions

Lattice reduction algorithms have numerous applications in number theory, algebra, as well as in cryptanalysis. The most famous algorithm for lattice reduction is the LLL algorithm. In polynomial time it computes a reduced basis with provable output quality. One early improvement of the LLL algorithm was LLL with deep insertions (DeepLLL). The output of this version of LLL has higher quality in practice but the running time seems to explode. Weaker variants of DeepLLL, where the insertions are restricted to blocks, behave nicely in practice concerning the running time. However no proof of polynomial running time is known. In this paper PotLLL, a new variant of DeepLLL with provably polynomial running time, is presented. We compare the practical behavior of the new algorithm to classical LLL, BKZ as well as blockwise variants of DeepLLL regarding both the output quality and running time.Comment: 17 pages, 8 figures; extended version of arXiv:1212.5100 [cs.CR

Groups from Cyclic Infrastructures and Pohlig-Hellman in Certain Infrastructures

In discrete logarithm based cryptography, a method by Pohlig and Hellman allows solving the discrete logarithm problem efficiently if the group order is known and has no large prime factors. The consequence is that such groups are avoided. In the past, there have been proposals for cryptography based on cyclic infrastructures. We will show that the Pohlig-Hellman method can be adapted to certain cyclic infrastructures, which similarly implies that certain infrastructures should not be used for cryptography. This generalizes a result by M\"uller, Vanstone and Zuccherato for infrastructures obtained from hyperelliptic function fields. We recall the Pohlig-Hellman method, define the concept of a cyclic infrastructure and briefly describe how to obtain such infrastructures from certain function fields of unit rank one. Then, we describe how to obtain cyclic groups from discrete cyclic infrastructures and how to apply the Pohlig-Hellman method to compute absolute distances, which is in general a computationally hard problem for cyclic infrastructures. Moreover, we give an algorithm which allows to test whether an infrastructure satisfies certain requirements needed for applying the Pohlig-Hellman method, and discuss whether the Pohlig-Hellman method is applicable in infrastructures obtained from number fields. Finally, we discuss how this influences cryptography based on cyclic infrastructures.Comment: 14 page

On Burst Error Correction and Storage Security of Noisy Data

Secure storage of noisy data for authentication purposes usually involves the use of error correcting codes. We propose a new model scenario involving burst errors and present for that several constructions.Comment: to be presented at MTNS 201