13 research outputs found
Isogenies of Elliptic Curves: A Computational Approach
Isogenies, the mappings of elliptic curves, have become a useful tool in
cryptology. These mathematical objects have been proposed for use in computing
pairings, constructing hash functions and random number generators, and
analyzing the reducibility of the elliptic curve discrete logarithm problem.
With such diverse uses, understanding these objects is important for anyone
interested in the field of elliptic curve cryptography. This paper, targeted at
an audience with a knowledge of the basic theory of elliptic curves, provides
an introduction to the necessary theoretical background for understanding what
isogenies are and their basic properties. This theoretical background is used
to explain some of the basic computational tasks associated with isogenies.
Herein, algorithms for computing isogenies are collected and presented with
proofs of correctness and complexity analyses. As opposed to the complex
analytic approach provided in most texts on the subject, the proofs in this
paper are primarily algebraic in nature. This provides alternate explanations
that some with a more concrete or computational bias may find more clear.Comment: Submitted as a Masters Thesis in the Mathematics department of the
University of Washingto
Incorrectly Generated RSA Keys: How To Recover Lost Plaintexts
When generating primes and for an RSA key, the algorithm specifies that they should be checked to see that and are relatively prime to the public exponent , and regenerated if this is not the case.
If this is not done, then the calculation of the decrypt exponent will fail.
However, what if a software bug allows the generation of public parameters and of an RSA key with this property and then it is subsequently used for encryption?
Though this may seem like a purely academic question, a software bug in the RSA key generation implementation in the CNG API of a preview release of the Windows 10 operating system makes this question of more than purely hypothetical value.
Without a well defined decrypt exponent, plaintexts encrypted to such keys will be undecryptable thus potentially losing user data, a serious software defect.
Though the decrypt exponent is no longer well defined, it is in fact possible to recover the plaintext, or a small number of potential plaintexts if the prime factors and of the public modulus are known.
This paper presents an analysis of what steps fail in the RSA algorithm and use this to give a plaintext recovery algorithm.
The runtime of the algorithm scales linearly in the magnitude of the public exponent, in practice this is manageable as there are only a few small public exponents that are used.
This algorithm has been implemented in a publicly available python script.
We further discuss the software bug that lead to this and derive lessons that can be used while testing randomized functions in cryptographic software.
Specifically, we derive an explicit formula that describes the trade off between number of iterations of tests of a randomized cryptographic functions and the potential number of users affected by a bug dependent on the random values
Analogues of Velu\u27s Formulas for Isogenies on Alternate Models of Elliptic Curves
Isogenies are the morphisms between elliptic curves, and are accordingly a topic of interest in the subject. As such, they have been well-studied, and have been used in several cryptographic applications. Veluâs formulas show how to explicitly evaluate an isogeny, given a specification of the kernel as a list of points. However, Veluâs formulas only work for elliptic curves specified by a Weierstrass equation. This paper presents formulas similar to Veluâs that can be used to evaluate isogenies on Edwards curves and Huff curves, which are normal forms of elliptic curves that provide an alternative to the traditional Weierstrass form. Our formulas are not simply compositions of Veluâs formulas with mappings to and from Weierstrass form. Our alternate derivation yields efficient formulas for isogenies with lower algebraic complexity than such compositions. In fact, these formulas have lower algebraic complexity than Veluâs formulas on Weierstrass curves
Verified Correctness and Security of mbedTLS HMAC-DRBG
We have formalized the functional specification of HMAC-DRBG (NIST 800-90A),
and we have proved its cryptographic security--that its output is
pseudorandom--using a hybrid game-based proof. We have also proved that the
mbedTLS implementation (C program) correctly implements this functional
specification. That proof composes with an existing C compiler correctness
proof to guarantee, end-to-end, that the machine language program gives strong
pseudorandomness. All proofs (hybrid games, C program verification, compiler,
and their composition) are machine-checked in the Coq proof assistant. Our
proofs are modular: the hybrid game proof holds on any implementation of
HMAC-DRBG that satisfies our functional specification. Therefore, our
functional specification can serve as a high-assurance reference.Comment: Appearing in CCS '1
Specific Features of After-School Program Quality: Associations with Childrenâs Functioning in Middle Childhood
This longitudinal study examined associations between three after-school program quality features (positive staffâchild relations, available activities, programming flexibility) and child developmental outcomes (reading and math grades, work habits, and social skills with peers) in Grade 2 and then Grade 3. Participants (n = 120 in Grade 2, n = 91 in Grade 3) attended after-school programs more than 4 days per week, on average. Controlling for child and family background factors and childrenâs prior functioning on the developmental outcomes, positive staffâchild relations in the programs were positively associated with childrenâs reading grades in both Grades 2 and 3, and math grades in Grade 2. Positive staffâchild relations also were positively associated with social skills in Grade 2, for boys only. The availability of a diverse array of age-appropriate activities at the programs was positively associated with childrenâs math grades and classroom work habits in Grade 3. Programming flexibility (child choice of activities) was not associated with child outcomes
Affine Pairings on ARM
Abstract. We report on relative performance numbers for affine and projective pairings on a dual-core Cortex A9 ARM processor. Using a fast inversion in the base field and doing inversion in extension fields by using the norm map to reduce to inversions in smaller fields, we find a very low ratio of inversion-to-multiplication costs. In our implementation, this favors using affine coordinates, even for the current 128-bit minimum security level specified by NIST. We use Barreto-Naehrig (BN) curves and report on the performance of an optimal ate pairing for curves covering security levels between 128 and 192 bits. We compare with other reported performance numbers for pairing computation on ARM CPUs
On the Critical Behaviour, Crossover Point and Complexity of the Exact Cover Problem
Research into quantum algorithms for NP-complete problems has rekindled interest in the detailed study a broad class of combinatorial problems. A recent paper applied the quantum adiabatic evolution algorithm to the Exact Cover problem for 3-sets (EC3), and provided an empirical evidence that the algorithm was polynomial. In this paper we provide a detailed study of the characteristics of the exact cover problem. We present the annealing approximation applied to EC3, which gives an over-estimate of the phase transition point. We also identify empirically the phase transition point. We also study the complexity of two classical algorithms on this problem: Davis-Putnam and Simulated Annealing. For these algorithms, EC3 is significantly easier than 3-SAT