Mathematics of Public Key Cryptography

Public key cryptography is a major interdisciplinary subject with many real-world applications, such as digital signatures. A strong background in the mathematics underlying public key cryptography is essential for a deep understanding of the subject, and this book provides exactly that for students...

Full description

Saved in:
Bibliographic Details
Main Author Galbraith, Steven D.
Format eBook Book
LanguageEnglish
Published Cambridge Cambridge University Press 2012
Edition1
Subjects
Coding theory
Cryptography > Mathematics
MATHEMATICS / Discrete Mathematics. bisacsh
Public key cryptography
Public key cryptography > Mathematics
Online AccessGet full text
ISBN9781107013926
1107013925
DOI10.1017/CBO9781139012843

Cover

Table of Contents:
  • 13.3 Baby-step-giant-step (BSGS) method -- 13.4 Lower bound on complexity of generic algorithms for the DLP -- 13.4.1 Shoup's model for generic algorithms -- 13.4.2 Maurer's model for generic algorithms -- 13.4.3 The lower bound -- 13.5 Generalised discrete logarithm problems -- 13.6 Low Hamming weight DLP -- 13.7 Low Hamming weight product exponents -- 14: Factoring and discrete logarithms using pseudorandom walks -- 14.1 Birthday paradox -- 14.2 The Pollard rho method -- 14.2.1 The pseudorandom walk -- 14.2.2 Pollard rho using Floyd cycle finding -- 14.2.3 Other cycle finding methods -- 14.2.4 Distinguished points and Pollard rho -- 14.2.5 Towards a rigorous analysis of Pollard rho -- 14.3 Distributed Pollard rho -- 14.3.1 The algorithm and its heuristic analysis -- 14.4 Speeding up the rho algorithm using equivalence classes -- 14.4.1 Examples of equivalence classes -- 14.4.2 Dealing with cycles -- 14.4.3 Practical experience with the distributed rho algorithm -- 14.5 The kangaroo method -- 14.5.1 The pseudorandom walk -- 14.5.2 The kangaroo algorithm -- 14.5.3 Heuristic analysis of the kangaroo method -- 14.5.4 Comparison with the rho algorithm -- 14.5.5 Using inversion -- 14.5.6 Towards a rigorous analysis of the kangaroo method -- 14.6 Distributed kangaroo algorithm -- 14.6.1 Van Oorschot and Wiener version -- 14.6.2 Pollard version -- 14.6.3 Comparison of the two versions -- 14.7 The Gaudry-Schost algorithm -- 14.7.1 Two-dimensional discrete logarithm problem -- 14.7.2 Discrete logarithm problem in an interval using equivalence classes -- 14.8 Parallel collision search in other contexts -- 14.8.1 The low Hamming weight DLP -- 14.9 Pollard rho factoring method -- 15: Factoring and discrete logarithms in subexponential time -- 15.1 Smooth integers -- 15.2 Factoring using random squares -- 15.2.1 Complexity of the random squares algorithm
  • 4.3 Algebraic group quotients -- 4.4 Algebraic groups over rings -- 5: Varieties -- 5.1 Affine algebraic sets -- 5.2 Projective algebraic sets -- 5.3 Irreducibility -- 5.4 Function fields -- 5.5 Rational maps and morphisms -- 5.6 Dimension -- 5.7 Weil restriction of scalars -- 6: Tori, LUC and XTR -- 6.1 Cyclotomic subgroups of finite fields -- 6.2 Algebraic tori -- 6.3 The group Gq,2 -- 6.3.1 The torus T2 -- 6.3.2 Lucas sequences -- 6.4 The group Gq,6 -- 6.4.1 The torus T6 -- 6.4.2 XTR -- 6.5 Further remarks -- 6.6 Algebraic tori over rings -- 7: Curves and divisor class groups -- 7.1 Non-singular varieties -- 7.2 Weierstrass equations -- 7.3 Uniformisers on curves -- 7.4 Valuation at a point on a curve -- 7.5 Valuations and points on curves -- 7.6 Divisors -- 7.7 Principal divisors -- 7.8 Divisor class group -- 7.9 Elliptic curves -- 8: Rational maps on curves and divisors -- 8.1 Rational maps of curves and the degree -- 8.2 Extensions of valuations -- 8.3 Maps on divisor classes -- 8.4 Riemann-Roch spaces -- 8.5 Derivations and differentials -- 8.6 Genus zero curves -- 8.7 Riemann-Roch theorem and Hurwitz genus formula -- 9: Elliptic curves -- 9.1 Group law -- 9.2 Morphisms between elliptic curves -- 9.3 Isomorphisms of elliptic curves -- 9.4 Automorphisms -- 9.5 Twists -- 9.6 Isogenies -- 9.7 The invariant differential -- 9.8 Multiplication by n and division polynomials -- 9.9 Endomorphism structure -- 9.10 Frobenius map -- 9.10.1 Complex multiplication -- 9.10.2 Counting points on elliptic curves -- 9.11 Supersingular elliptic curves -- 9.12 Alternative models for elliptic curves -- 9.12.1 Montgomery model -- 9.12.2 Edwards model -- 9.13 Statistical properties of elliptic curves over finite fields -- 9.14 Elliptic curves over rings -- 10: Hyperelliptic curves -- 10.1 Non-singular models for hyperelliptic curves
  • 19: Coppersmith's method and related applications
  • Cover -- MATHEMATICS OF PUBLIC KEY CRYPTOGRAPHY -- Title -- Copyright -- Contents -- Preface -- Acknowledgements -- 1: Introduction -- 1.1 Public key cryptography -- 1.2 The textbook RSA cryptosystem -- 1.3 Formal definition of public key cryptography -- 1.3.1 Security of encryption -- 1.3.2 Security of signatures -- PART I: BACKGROUND -- 2: Basic algorithmic number theory -- 2.1 Algorithms and complexity -- 2.1.1 Randomised algorithms -- 2.1.2 Success probability of a randomised algorithm -- 2.1.3 Reductions -- 2.1.4 Random self-reducibility -- 2.2 Integer operations -- 2.2.1 Faster integer multiplication -- 2.3 Euclid's algorithm -- 2.4 Computing Legendre and Jacobi symbols -- 2.5 Modular arithmetic -- 2.6 Chinese remainder theorem -- 2.7 Linear algebra -- 2.8 Modular exponentiation -- 2.9 Square roots modulo p -- 2.10 Polynomial arithmetic -- 2.11 Arithmetic in finite fields -- 2.12 Factoring polynomials over finite fields -- 2.13 Hensel lifting -- 2.14 Algorithms in finite fields -- 2.14.1 Constructing finite fields -- 2.14.2 Solving quadratic equations in finite fields -- 2.14.3 Isomorphisms between finite fields -- 2.15 Computing orders of elements and primitive roots -- 2.15.1 Sets of exponentials of products -- 2.15.2 Computing the order of a group element -- 2.15.3 Computing primitive roots -- 2.16 Fast evaluation of polynomials at multiple points -- 2.17 Pseudorandom generation -- 2.18 Summary -- 3: Hash functions and MACs -- 3.1 Security properties of hash functions -- 3.2 Birthday attack -- 3.3 Message authentication codes -- 3.4 Constructions of hash functions -- 3.5 Number-theoretic hash functions -- 3.6 Full domain hash -- 3.7 Random oracle model -- PART II: ALGEBRAIC GROUPS -- 4: Preliminary remarks on algebraic groups -- 4.1 Informal definition of an algebraic group -- 4.2 Examples of algebraic groups
  • 10.1.1 Projective models for hyperelliptic curves -- 10.1.2 Uniformisers on hyperelliptic curves -- 10.1.3 The genus of a hyperelliptic curve -- 10.2 Isomorphisms, automorphisms and twists -- 10.3 Effective affine divisors on hyperelliptic curves -- 10.3.1 Mumford representation of semi-reduced divisors -- 10.3.2 Addition and semi-reduction of divisors in Mumford representation -- 10.3.3 Reduction of divisors in Mumford representation -- 10.4 Addition in the divisor class group -- 10.4.1 Addition of divisor classes on ramified models -- 10.4.2 Addition of divisor classes on split models -- 10.5 Jacobians, Abelian varieties and isogenies -- 10.6 Elements of order n -- 10.7 Hyperelliptic curves over finite fields -- 10.8 Supersingular curves -- PART III: EXPONENTIATION, FACTORING AND DISCRETE LOGARITHMS -- 11: Basic algorithms for algebraic groups -- 11.1 Efficient exponentiation using signed exponents -- 11.1.1 Non-adjacent form -- 11.2 Multi-exponentiation -- 11.3 Efficient exponentiation in specific algebraic groups -- 11.3.1 Alternative basic operations -- 11.3.2 Frobenius expansions -- 11.3.3 GLV method -- 11.4 Sampling from algebraic groups -- 11.4.1 Sampling from tori -- 11.4.2 Sampling from elliptic curves -- 11.4.3 Hashing to algebraic groups -- 11.4.4 Hashing from algebraic groups -- 11.5 Determining group structure and computing generators for elliptic curves -- 11.6 Testing subgroup membership -- 12: Primality testing and integer factorisation using algebraic groups -- 12.1 Primality testing -- 12.1.1 Fermat test -- 12.1.2 The Miller-Rabin test -- 12.1.3 Primality proving -- 12.2 Generating random primes -- 12.2.1 Primality certificates -- 12.3 The p − 1 factoring method -- 12.4 Elliptic curve method -- 12.5 Pollard-Strassen method -- 13: Basic discrete logarithm algorithms -- 13.1 Exhaustive search -- 13.2 The Pohlig-Hellman method
  • 15.2.2 The quadratic sieve -- 15.2.3 Summary -- 15.3 Elliptic curve method revisited -- 15.4 The number field sieve -- 15.5 Index calculus in finite fields -- 15.5.1 Rigorous subexponential discrete logarithms modulo p -- 15.5.2 Heuristic algorithms for discrete logarithms modulo p -- 15.5.3 Discrete logarithms in small characteristic -- 15.5.4 Coppersmith's algorithm for the DLP in F2n* -- 15.5.5 The Joux-Lercier algorithm -- 15.5.6 Number field sieve for the DLP -- 15.5.7 Discrete logarithms for all finite fields -- 15.6 Discrete logarithms on hyperelliptic curves -- 15.6.1 Index calculus on hyperelliptic curves -- 15.6.2 The algorithm of Adleman, De Marrais and Huang -- 15.6.3 Gaudry's algorithm -- 15.7 Weil descent -- 15.8 Discrete logarithms on elliptic curves over extension fields -- 15.8.1 Semaev's summation polynomials -- 15.8.2 Gaudry's variant of Semaev's method -- 15.8.3 Diem's algorithm for the ECDLP -- 15.9 Further results -- 15.9.1 Diem's algorithm for plane curves of low degree -- 15.9.2 The algorithm of Enge-Gaudry-Thomé and Diem -- 15.9.3 Index calculus for general elliptic curves -- PART IV: LATTICES -- 16: Lattices -- 16.1 Basic notions on lattices -- 16.2 The Hermite and Minkowski bounds -- 16.3 Computational problems in lattices -- 17: Lattice basis reduction -- 17.1 Lattice basis reduction in two dimensions -- 17.1.1 Connection between Lagrange-Gauss reduction and Euclid's algorithm -- 17.2 LLL-reduced lattice bases -- 17.3 The Gram-Schmidt algorithm -- 17.4 The LLL algorithm -- 17.5 Complexity of LLL -- 17.6 Variants of the LLL algorithm -- 18: Algorithms for the closest and shortest vector problems -- 18.1 Babai's nearest plane method -- 18.2 Babai's rounding technique -- 18.3 The embedding technique -- 18.4 Enumerating all short vectors -- 18.4.1 Enumeration of closest vectors -- 18.5 Korkine-Zolotarev bases