|
Hyperelliptic Curve Cryptography
Hyperelliptic curve cryptography is similar to elliptic curve cryptography (ECC) insofar as the Jacobian of a hyperelliptic curve is an abelian group in which to do arithmetic, just as we use the group of points on an elliptic curve in ECC. Definition An (imaginary) hyperelliptic curve of genus g over a field K is given by the equation C : y^2 + h(x) y = f(x) \in K ,y/math> where h(x) \in K /math> is a polynomial of degree not larger than g and f(x) \in K /math> is a monic polynomial of degree 2g + 1. From this definition it follows that elliptic curves are hyperelliptic curves of genus 1. In hyperelliptic curve cryptography K is often a finite field. The Jacobian of C, denoted J(C), is a quotient group, thus the elements of the Jacobian are not points, they are equivalence classes of divisors of degree 0 under the relation of linear equivalence. This agrees with the elliptic curve case, because it can be shown that the Jacobian of an elliptic curve is isomorphic with the group o ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Elliptic Curve Cryptography
Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography (based on plain Galois fields) to provide equivalent security.Commercial National Security Algorithm Suite and Quantum Computing FAQ U.S. National Security Agency, January 2016. Elliptic curves are applicable for , s, [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Discrete Logarithm Problem
In mathematics, for given real numbers ''a'' and ''b'', the logarithm log''b'' ''a'' is a number ''x'' such that . Analogously, in any group ''G'', powers ''b''''k'' can be defined for all integers ''k'', and the discrete logarithm log''b'' ''a'' is an integer ''k'' such that . In number theory, the more commonly used term is index: we can write ''x'' = ind''r'' ''a'' (mod ''m'') (read "the index of ''a'' to the base ''r'' modulo ''m''") for ''r''''x'' ≡ ''a'' (mod ''m'') if ''r'' is a primitive root of ''m'' and gcd(''a'',''m'') = 1. Discrete logarithms are quickly computable in a few special cases. However, no efficient method is known for computing them in general. Several important algorithms in public-key cryptography, such as ElGamal base their security on the assumption that the discrete logarithm problem over carefully chosen groups has no efficient solution. Definition Let ''G'' be any group. Denote its group operation by mult ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Complex Conjugate
In mathematics, the complex conjugate of a complex number is the number with an equal real part and an imaginary part equal in magnitude but opposite in sign. That is, (if a and b are real, then) the complex conjugate of a + bi is equal to a - bi. The complex conjugate of z is often denoted as \overline or z^*. In polar form, the conjugate of r e^ is r e^. This can be shown using Euler's formula. The product of a complex number and its conjugate is a real number: a^2 + b^2 (or r^2 in polar coordinates). If a root of a univariate polynomial with real coefficients is complex, then its complex conjugate is also a root. Notation The complex conjugate of a complex number z is written as \overline z or z^*. The first notation, a vinculum, avoids confusion with the notation for the conjugate transpose of a matrix, which can be thought of as a generalization of the complex conjugate. The second is preferred in physics, where dagger (†) is used for the conjugate tra ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Torus Based Cryptography
Torus-based cryptography involves using algebraic tori to construct a group for use in ciphers based on the discrete logarithm problem. This idea was first introduced by Alice Silverberg and Karl Rubin in 2003 in the form of a public key algorithm by the name of CEILIDH. It improves on conventional cryptosystems by representing some elements of large finite fields compactly and therefore transmitting fewer bits. See also * Torus In geometry, a torus (plural tori, colloquially donut or doughnut) is a surface of revolution generated by revolving a circle in three-dimensional space about an axis that is coplanar with the circle. If the axis of revolution does not tou ... References * Karl Rubin, Alice Silverberg: Torus-Based Cryptography. CRYPTO 2003: 349–365 External links Torus-Based Cryptography— the paper introducing the concept (in PDF). Public-key cryptography {{Crypto-stub ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Torus
In geometry, a torus (plural tori, colloquially donut or doughnut) is a surface of revolution generated by revolving a circle in three-dimensional space about an axis that is coplanar with the circle. If the axis of revolution does not touch the circle, the surface has a ring shape and is called a torus of revolution. If the axis of revolution is tangent to the circle, the surface is a horn torus. If the axis of revolution passes twice through the circle, the surface is a spindle torus. If the axis of revolution passes through the center of the circle, the surface is a degenerate torus, a double-covered sphere. If the revolved curve is not a circle, the surface is called a ''toroid'', as in a square toroid. Real-world objects that approximate a torus of revolution include swim rings, inner tubes and ringette rings. Eyeglass lenses that combine spherical and cylindrical correction are toric lenses. A torus should not be confused with a '' solid torus'', which is formed by r ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Security Level
In cryptography, security level is a measure of the strength that a cryptographic primitive — such as a cipher or hash function — achieves. Security level is usually expressed as a number of "bits of security" (also security strength), where ''n''-bit security means that the attacker would have to perform 2''n'' operations to break it, but other methods have been proposed that more closely model the costs for an attacker. This allows for convenient comparison between algorithms and is useful when combining multiple primitives in a hybrid cryptosystem, so there is no clear weakest link. For example, AES-128 (key size 128 bits) is designed to offer a 128-bit security level, which is considered roughly equivalent to a RSA using 3072-bit key. In this context, security claim or target security level is the security level that a primitive was initially designed to achieve, although "security level" is also sometimes used in those contexts. When attacks are found that hav ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Pairing
In mathematics, a pairing is an ''R''-bilinear map from the Cartesian product of two ''R''-modules, where the underlying ring ''R'' is commutative. Definition Let ''R'' be a commutative ring with unit, and let ''M'', ''N'' and ''L'' be ''R''-modules. A pairing is any ''R''-bilinear map e:M \times N \to L. That is, it satisfies :e(r\cdot m,n)=e(m,r \cdot n)=r\cdot e(m,n), :e(m_1+m_2,n)=e(m_1,n)+e(m_2,n) and e(m,n_1+n_2)=e(m,n_1)+e(m,n_2) for any r \in R and any m,m_1,m_2 \in M and any n,n_1,n_2 \in N . Equivalently, a pairing is an ''R''-linear map :M \otimes_R N \to L where M \otimes_R N denotes the tensor product of ''M'' and ''N''. A pairing can also be considered as an ''R''-linear map \Phi : M \to \operatorname_ (N, L) , which matches the first definition by setting \Phi (m) (n) := e(m,n) . A pairing is called perfect if the above map \Phi is an isomorphism of ''R''-modules. A pairing is called non-degenerate on the right if for the above map we have that e(m,n) = ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Group Homomorphism
In mathematics, given two groups, (''G'', ∗) and (''H'', ·), a group homomorphism from (''G'', ∗) to (''H'', ·) is a function ''h'' : ''G'' → ''H'' such that for all ''u'' and ''v'' in ''G'' it holds that : h(u*v) = h(u) \cdot h(v) where the group operation on the left side of the equation is that of ''G'' and on the right side that of ''H''. From this property, one can deduce that ''h'' maps the identity element ''eG'' of ''G'' to the identity element ''eH'' of ''H'', : h(e_G) = e_H and it also maps inverses to inverses in the sense that : h\left(u^\right) = h(u)^. \, Hence one can say that ''h'' "is compatible with the group structure". Older notations for the homomorphism ''h''(''x'') may be ''x''''h'' or ''x''''h'', though this may be confused as an index or a general subscript. In automata theory, sometimes homomorphisms are written to the right of their arguments without parentheses, so that ''h''(''x'') becomes simply xh. In areas of mathematics where one ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Injective Function
In mathematics, an injective function (also known as injection, or one-to-one function) is a function that maps distinct elements of its domain to distinct elements; that is, implies . (Equivalently, implies in the equivalent contrapositive statement.) In other words, every element of the function's codomain is the image of one element of its domain. The term must not be confused with that refers to bijective functions, which are functions such that each element in the codomain is an image of exactly one element in the domain. A homomorphism between algebraic structures is a function that is compatible with the operations of the structures. For all common algebraic structures, and, in particular for vector spaces, an is also called a . However, in the more general context of category theory, the definition of a monomorphism differs from that of an injective homomorphism. This is thus a theorem that they are equivalent for algebraic structures; see for more details. ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Index Calculus Algorithm
In computational number theory, the index calculus algorithm is a probabilistic algorithm for computing discrete logarithms. Dedicated to the discrete logarithm in (\mathbb/q\mathbb)^* where q is a prime, index calculus leads to a family of algorithms adapted to finite fields and to some families of elliptic curves. The algorithm collects relations among the discrete logarithms of small primes, computes them by a linear algebra procedure and finally expresses the desired discrete logarithm with respect to the discrete logarithms of small primes. Description Roughly speaking, the discrete log problem asks us to find an ''x'' such that g^x \equiv h \pmod, where ''g'', ''h'', and the modulus ''n'' are given. The algorithm (described in detail below) applies to the group (\mathbb/q\mathbb)^* where ''q'' is prime. It requires a ''factor base'' as input. This ''factor base'' is usually chosen to be the number −1 and the first ''r'' primes starting with 2. From the point of view of ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Pollard's Rho Algorithm For Logarithms
Pollard's rho algorithm for logarithms is an algorithm introduced by John Pollard in 1978 to solve the discrete logarithm problem, analogous to Pollard's rho algorithm to solve the integer factorization problem. The goal is to compute \gamma such that \alpha ^ \gamma = \beta, where \beta belongs to a cyclic group G generated by \alpha. The algorithm computes integers a, b, A, and B such that \alpha^a \beta^b = \alpha^A \beta^B. If the underlying group is cyclic of order n, by substituting \beta as a^ and noting that two powers are equal if and only if the exponents are equivalent modulo the order of the base, in this case modulo n, we get that \gamma is one of the solutions of the equation (B-b) \gamma = (a-A) \pmod n. Solutions to this equation are easily obtained using the extended Euclidean algorithm. To find the needed a, b, A, and B the algorithm uses Floyd's cycle-finding algorithm to find a cycle in the sequence x_i = \alpha^ \beta^, where the function f: x_i \mapst ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Pohlig–Hellman Algorithm
In group theory, the Pohlig–Hellman algorithm, sometimes credited as the Silver–Pohlig–Hellman algorithm, Mollin 2006, pg. 344 is a special-purpose algorithm for computing discrete logarithms in a finite abelian group whose order is a smooth integer. The algorithm was introduced by Roland Silver, but first published by Stephen Pohlig and Martin Hellman (independent of Silver). Groups of prime-power order As an important special case, which is used as a subroutine in the general algorithm (see below), the Pohlig–Hellman algorithm applies to groups whose order is a prime power. The basic idea of this algorithm is to iteratively compute the p-adic digits of the logarithm by repeatedly "shifting out" all but one unknown digit in the exponent, and computing that digit by elementary methods. (Note that for readability, the algorithm is stated for cyclic groups — in general, G must be replaced by the subgroup \langle g\rangle generated by g, which is always cyclic.) :Input. ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
