|
Hyperelliptic Curve Cryptography
Hyperelliptic curve cryptography is similar to elliptic curve cryptography (ECC) insofar as the Jacobian of a hyperelliptic curve is an abelian group in which to do arithmetic, just as we use the group of points on an elliptic curve in ECC. Definition An (imaginary) hyperelliptic curve of genus g over a field K is given by the equation C : y^2 + h(x) y = f(x) \in K ,y/math> where h(x) \in K /math> is a polynomial of degree not larger than g and f(x) \in K /math> is a monic polynomial of degree 2g + 1. From this definition it follows that elliptic curves are hyperelliptic curves of genus 1. In hyperelliptic curve cryptography K is often a finite field. The Jacobian of C, denoted J(C), is a quotient group, thus the elements of the Jacobian are not points, they are equivalence classes of divisors of degree 0 under the relation of linear equivalence. This agrees with the elliptic curve case, because it can be shown that the Jacobian of an elliptic curve is isomorphic with the group ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Elliptic Curve Cryptography
Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys to provide equivalent security, compared to cryptosystems based on modular exponentiation in Galois fields, such as the RSA cryptosystem and ElGamal cryptosystem. Elliptic curves are applicable for key agreement, digital signatures, pseudo-random generators and other tasks. Indirectly, they can be used for encryption by combining the key agreement with a symmetric encryption scheme. They are also used in several integer factorization algorithms that have applications in cryptography, such as Lenstra elliptic-curve factorization. History The use of elliptic curves in cryptography was suggested independently by Neal Koblitz and Victor S. Miller in 1985. Elliptic curve cryptography algorithms entered wide use in 2004 to 2005. In 1999, NIST recommended fifteen elliptic curves. Specifically, FIPS 186 ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Discrete Logarithm Problem
In mathematics, for given real numbers a and b, the logarithm \log_b(a) is a number x such that b^x=a. Analogously, in any group G, powers b^k can be defined for all integers k, and the discrete logarithm \log_b(a) is an integer k such that b^k=a. In arithmetic modulo an integer m, the more commonly used term is index: One can write k=\mathbb_b a \pmod (read "the index of a to the base b modulo m") for b^k \equiv a \pmod if b is a primitive root of m and \gcd(a,m)=1. Discrete logarithms are quickly computable in a few special cases. However, no efficient method is known for computing them in general. In cryptography, the computational complexity of the discrete logarithm problem, along with its application, was first proposed in the Diffie–Hellman problem. Several important algorithms in public-key cryptography, such as ElGamal, base their security on the hardness assumption that the discrete logarithm problem (DLP) over carefully chosen groups has no efficient solution. ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Complex Conjugate
In mathematics, the complex conjugate of a complex number is the number with an equal real part and an imaginary part equal in magnitude but opposite in sign. That is, if a and b are real numbers, then the complex conjugate of a + bi is a - bi. The complex conjugate of z is often denoted as \overline or z^*. In polar form, if r and \varphi are real numbers then the conjugate of r e^ is r e^. This can be shown using Euler's formula. The product of a complex number and its conjugate is a real number: a^2 + b^2 (or r^2 in polar coordinates). If a root of a univariate polynomial with real coefficients is complex, then its complex conjugate is also a root. Notation The complex conjugate of a complex number z is written as \overline z or z^*. The first notation, a vinculum, avoids confusion with the notation for the conjugate transpose of a matrix, which can be thought of as a generalization of the complex conjugate. The second is preferred in physics, where ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Torus Based Cryptography
Torus-based cryptography involves using algebraic tori to construct a group for use in ciphers based on the discrete logarithm problem. This idea was first introduced by Alice Silverberg and Karl Rubin in 2003 in the form of a public key algorithm by the name of CEILIDH. It improves on conventional cryptosystems by representing some elements of large finite fields compactly and therefore transmitting fewer bits. See also * Torus In geometry, a torus (: tori or toruses) is a surface of revolution generated by revolving a circle in three-dimensional space one full revolution about an axis that is coplanarity, coplanar with the circle. The main types of toruses inclu ... References * Karl Rubin, Alice Silverberg: Torus-Based Cryptography. CRYPTO 2003: 349–365 External links Torus-Based Cryptography— the paper introducing the concept (in PDF). Public-key cryptography {{Crypto-stub ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Torus
In geometry, a torus (: tori or toruses) is a surface of revolution generated by revolving a circle in three-dimensional space one full revolution about an axis that is coplanarity, coplanar with the circle. The main types of toruses include ring toruses, horn toruses, and spindle toruses. A ring torus is sometimes colloquially referred to as a donut or doughnut. If the axis of revolution does not touch the circle, the surface has a ring shape and is called a torus of revolution, also known as a ring torus. If the axis of revolution is tangent to the circle, the surface is a horn torus. If the axis of revolution passes twice through the circle, the surface is a Lemon (geometry), spindle torus (or ''self-crossing torus'' or ''self-intersecting torus''). If the axis of revolution passes through the center of the circle, the surface is a degenerate torus, a double-covered sphere. If the revolved curve is not a circle, the surface is called a ''toroid'', as in a square toroid. ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Security Level
In cryptography, security level is a measure of the strength that a cryptographic primitive — such as a cipher or hash function — achieves. Security level is usually expressed as a number of " bits of security" (also security strength), where ''n''-bit security means that the attacker would have to perform 2''n'' operations to break it, but other methods have been proposed that more closely model the costs for an attacker. This allows for convenient comparison between algorithms and is useful when combining multiple primitives in a hybrid cryptosystem, so there is no clear weakest link. For example, AES-128 (key size 128 bits) is designed to offer a 128-bit security level, which is considered roughly equivalent to a RSA using 3072-bit key. In this context, security claim or target security level is the security level that a primitive was initially designed to achieve, although "security level" is also sometimes used in those contexts. When attacks are found that have ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Pairing
In mathematics, a pairing is an ''R''- bilinear map from the Cartesian product of two ''R''- modules, where the underlying ring ''R'' is commutative. Definition Let ''R'' be a commutative ring with unit, and let ''M'', ''N'' and ''L'' be ''R''-modules. A pairing is any ''R''-bilinear map e:M \times N \to L. That is, it satisfies :e(r\cdot m,n)=e(m,r \cdot n)=r\cdot e(m,n), :e(m_1+m_2,n)=e(m_1,n)+e(m_2,n) and e(m,n_1+n_2)=e(m,n_1)+e(m,n_2) for any r \in R and any m,m_1,m_2 \in M and any n,n_1,n_2 \in N . Equivalently, a pairing is an ''R''-linear map :M \otimes_R N \to L where M \otimes_R N denotes the tensor product of ''M'' and ''N''. A pairing can also be considered as an ''R''-linear map \Phi : M \to \operatorname_ (N, L) , which matches the first definition by setting \Phi (m) (n) := e(m,n) . A pairing is called perfect if the above map \Phi is an isomorphism of ''R''-modules and the other evaluation map \Phi'\colon N\to \operatorname_(M,L) is an isomorphism ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Group Homomorphism
In mathematics, given two groups, (''G'',∗) and (''H'', ·), a group homomorphism from (''G'',∗) to (''H'', ·) is a function ''h'' : ''G'' → ''H'' such that for all ''u'' and ''v'' in ''G'' it holds that : h(u*v) = h(u) \cdot h(v) where the group operation on the left side of the equation is that of ''G'' and on the right side that of ''H''. From this property, one can deduce that ''h'' maps the identity element ''eG'' of ''G'' to the identity element ''eH'' of ''H'', : h(e_G) = e_H and it also maps inverses to inverses in the sense that : h\left(u^\right) = h(u)^. \, Hence one can say that ''h'' "is compatible with the group structure". In areas of mathematics where one considers groups endowed with additional structure, a ''homomorphism'' sometimes means a map which respects not only the group structure (as above) but also the extra structure. For example, a homomorphism of topological groups is often required to be continuous. Properties Let e_ be the ident ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Injective Function
In mathematics, an injective function (also known as injection, or one-to-one function ) is a function that maps distinct elements of its domain to distinct elements of its codomain; that is, implies (equivalently by contraposition, implies ). In other words, every element of the function's codomain is the image of one element of its domain. The term must not be confused with that refers to bijective functions, which are functions such that each element in the codomain is an image of exactly one element in the domain. A homomorphism between algebraic structures is a function that is compatible with the operations of the structures. For all common algebraic structures, and, in particular for vector spaces, an is also called a . However, in the more general context of category theory, the definition of a monomorphism differs from that of an injective homomorphism. This is thus a theorem that they are equivalent for algebraic structures; see for more details. A func ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Index Calculus Algorithm
In computational number theory, the index calculus algorithm is a probabilistic algorithm for computing discrete logarithms. Dedicated to the discrete logarithm in (\mathbb/q\mathbb)^* where q is a prime, index calculus leads to a family of algorithms adapted to finite fields and to some families of elliptic curves. The algorithm collects relations among the discrete logarithms of small primes, computes them by a linear algebra procedure and finally expresses the desired discrete logarithm with respect to the discrete logarithms of small primes. Description Roughly speaking, the discrete log problem asks us to find an ''x'' such that g^x \equiv h \pmod, where ''g'', ''h'', and the modulus ''n'' are given. The algorithm (described in detail below) applies to the group (\mathbb/q\mathbb)^* where ''q'' is prime. It requires a ''factor base'' as input. This ''factor base'' is usually chosen to be the number −1 and the first ''r'' primes starting with 2. From the point of view of ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Pollard's Rho Algorithm For Logarithms
Pollard's rho algorithm for logarithms is an algorithm introduced by John Pollard in 1978 to solve the discrete logarithm problem, analogous to Pollard's rho algorithm to solve the integer factorization problem. The goal is to compute \gamma such that \alpha ^ \gamma = \beta, where \beta belongs to a cyclic group G generated by \alpha. The algorithm computes integers a, b, A, and B such that \alpha^a \beta^b = \alpha^A \beta^B. If the underlying group is cyclic of order n, by substituting \beta as ^ and noting that two powers are equal if and only if the exponents are equivalent modulo the order of the base, in this case modulo n, we get that \gamma is one of the solutions of the equation (B-b) \gamma = (a-A) \pmod n. Solutions to this equation are easily obtained using the extended Euclidean algorithm. To find the needed a, b, A, and B the algorithm uses Floyd's cycle-finding algorithm to find a cycle in the sequence x_i = \alpha^ \beta^, where the function f: x_i \mapsto ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Pohlig–Hellman Algorithm
In group theory, the Pohlig–Hellman algorithm, sometimes credited as the Silver–Pohlig–Hellman algorithm,#Mollin06, Mollin 2006, pg. 344 is a special-purpose algorithm for computing discrete logarithms in a finite abelian group whose order is a smooth integer. The algorithm was introduced by Roland Silver, but first published by Stephen Pohlig and Martin Hellman, who credit Silver with its earlier independent but unpublished discovery. Pohlig and Hellman also list Richard Schroeppel and H. Block as having found the same algorithm, later than Silver, but again without publishing it. Groups of prime-power order As an important special case, which is used as a subroutine in the general algorithm (see below), the Pohlig–Hellman algorithm applies to Group (mathematics), groups whose order is a prime power. The basic idea of this algorithm is to iteratively compute the p-adic digits of the logarithm by repeatedly "shifting out" all but one unknown digit in the exponent, and co ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
