complexity news also somewhat related discrete logarithms
play

Complexity news: Also somewhat related: discrete logarithms in Im - PowerPoint PPT Presentation

Jun 11, 2023 •97 likes •912 views

Complexity news: Also somewhat related: discrete logarithms in Im starting to analyze multiplicative groups of cost of NFS + CVP small-characteristic finite fields for class groups, unit groups, the algorithm of Barbulescu, short

  1. Complexity news: Also somewhat related: discrete logarithms in I’m starting to analyze multiplicative groups of cost of NFS + CVP small-characteristic finite fields— for class groups, unit groups, the algorithm of Barbulescu, short generators of ideals, etc.; Gaudry, Joux, Thom´ e exploiting subfields D. J. Bernstein (find short norms first), University of Illinois at Chicago & small Galois groups, etc. Technische Universiteit Eindhoven Anyone else working on this? Cryptanalytic applications: Advertisement, maybe related: attack NTRU, Ring-LWE, FHE. iml.univ-mrs.fr/ati/ I think NTRU should switch to geocrypt2013/ random prime-degree extensions 2013.10.07–11, Tahiti. with big Galois groups. Submit talks this month!

  2. Complexity news: Also somewhat related: Discrete discrete logarithms in I’m starting to analyze Goal: Compute multiplicative groups of cost of NFS + CVP group isomo small-characteristic finite fields— F ✄ for class groups, unit groups, q ✦ Z ❂ q � algorithm of Barbulescu, short generators of ideals, etc.; represented Gaudry, Joux, Thom´ e exploiting subfields Algorithm Bernstein (find short norms first), ✄ ❤ 1 ❀ ❤ 2 ❀ ✿ ✿ ✿ ✷ q University of Illinois at Chicago & small Galois groups, etc. Algorithm echnische Universiteit Eindhoven Anyone else working on this? log ❣ ❤ 1 ❀ log ❣ ❤ ❀ ✿ ✿ ✿ ✷ ❂ q � Cryptanalytic applications: for some ❣ Advertisement, maybe related: attack NTRU, Ring-LWE, FHE. iml.univ-mrs.fr/ati/ “log ❣ ” means I think NTRU should switch to geocrypt2013/ ❣ ✼✦ 1, if random prime-degree extensions 2013.10.07–11, Tahiti. with big Galois groups. Submit talks this month!

  3. news: Also somewhat related: Discrete logarithms rithms in I’m starting to analyze Goal: Compute some groups of cost of NFS + CVP group isomorphism racteristic finite fields— F ✄ for class groups, unit groups, q ✦ Z ❂ ( q � 1), Barbulescu, short generators of ideals, etc.; represented in the Thom´ e exploiting subfields Algorithm input: (find short norms first), ❤ 1 ❀ ❤ 2 ❀ ✿ ✿ ✿ ✷ F ✄ q . Illinois at Chicago & small Galois groups, etc. Algorithm output: Universiteit Eindhoven Anyone else working on this? log ❣ ❤ 1 ❀ log ❣ ❤ 2 ❀ ✿ ✿ ✿ ✷ ❂ q � Cryptanalytic applications: for some ❣ . maybe related: attack NTRU, Ring-LWE, FHE. iml.univ-mrs.fr/ati/ “log ❣ ” means the I think NTRU should switch to ❣ ✼✦ 1, if it exists. random prime-degree extensions Tahiti. with big Galois groups. this month!

  4. Also somewhat related: Discrete logarithms I’m starting to analyze Goal: Compute some cost of NFS + CVP group isomorphism fields— F ✄ for class groups, unit groups, q ✦ Z ❂ ( q � 1), rbulescu, short generators of ideals, etc.; represented in the usual way. exploiting subfields Algorithm input: (find short norms first), ❤ 1 ❀ ❤ 2 ❀ ✿ ✿ ✿ ✷ F ✄ q . Chicago & small Galois groups, etc. Algorithm output: Eindhoven Anyone else working on this? log ❣ ❤ 1 ❀ log ❣ ❤ 2 ❀ ✿ ✿ ✿ ✷ Z ❂ ( q � Cryptanalytic applications: for some ❣ . related: attack NTRU, Ring-LWE, FHE. “log ❣ ” means the isomorphism I think NTRU should switch to ❣ ✼✦ 1, if it exists. random prime-degree extensions with big Galois groups.

  5. Also somewhat related: Discrete logarithms I’m starting to analyze Goal: Compute some cost of NFS + CVP group isomorphism F ✄ for class groups, unit groups, q ✦ Z ❂ ( q � 1), short generators of ideals, etc.; represented in the usual way. exploiting subfields Algorithm input: (find short norms first), ❤ 1 ❀ ❤ 2 ❀ ✿ ✿ ✿ ✷ F ✄ q . small Galois groups, etc. Algorithm output: Anyone else working on this? log ❣ ❤ 1 ❀ log ❣ ❤ 2 ❀ ✿ ✿ ✿ ✷ Z ❂ ( q � 1) Cryptanalytic applications: for some ❣ . attack NTRU, Ring-LWE, FHE. “log ❣ ” means the isomorphism I think NTRU should switch to ❣ ✼✦ 1, if it exists. random prime-degree extensions with big Galois groups.

  6. somewhat related: Discrete logarithms “Generic” ❣ on average q ❂ ♦ rting to analyze Goal: Compute some uniform, q ❂ ♦ of NFS + CVP group isomorphism Want som F ✄ ss groups, unit groups, q ✦ Z ❂ ( q � 1), generators of ideals, etc.; represented in the usual way. exploiting subfields Algorithm input: short norms first), ❤ 1 ❀ ❤ 2 ❀ ✿ ✿ ✿ ✷ F ✄ q . Galois groups, etc. Algorithm output: one else working on this? log ❣ ❤ 1 ❀ log ❣ ❤ 2 ❀ ✿ ✿ ✿ ✷ Z ❂ ( q � 1) Cryptanalytic applications: for some ❣ . NTRU, Ring-LWE, FHE. “log ❣ ” means the isomorphism NTRU should switch to ❣ ✼✦ 1, if it exists. prime-degree extensions big Galois groups.

  7. related: Discrete logarithms “Generic” log ❣ algo on average q 1 ❂ 2+ ♦ (1) analyze Goal: Compute some uniform, q 1 ❂ 3+ ♦ (1) CVP group isomorphism Want something faster. F ✄ unit groups, q ✦ Z ❂ ( q � 1), of ideals, etc.; represented in the usual way. subfields Algorithm input: rms first), ❤ 1 ❀ ❤ 2 ❀ ✿ ✿ ✿ ✷ F ✄ q . groups, etc. Algorithm output: rking on this? log ❣ ❤ 1 ❀ log ❣ ❤ 2 ❀ ✿ ✿ ✿ ✷ Z ❂ ( q � 1) applications: for some ❣ . Ring-LWE, FHE. “log ❣ ” means the isomorphism should switch to ❣ ✼✦ 1, if it exists. degree extensions groups.

  8. Discrete logarithms “Generic” log ❣ algorithms: on average q 1 ❂ 2+ ♦ (1) operations Goal: Compute some uniform, q 1 ❂ 3+ ♦ (1) non-unifo group isomorphism Want something faster. F ✄ groups, q ✦ Z ❂ ( q � 1), etc.; represented in the usual way. Algorithm input: ❤ 1 ❀ ❤ 2 ❀ ✿ ✿ ✿ ✷ F ✄ q . Algorithm output: this? log ❣ ❤ 1 ❀ log ❣ ❤ 2 ❀ ✿ ✿ ✿ ✷ Z ❂ ( q � 1) applications: for some ❣ . FHE. “log ❣ ” means the isomorphism switch to ❣ ✼✦ 1, if it exists. extensions

  9. Discrete logarithms “Generic” log ❣ algorithms: on average q 1 ❂ 2+ ♦ (1) operations Goal: Compute some uniform, q 1 ❂ 3+ ♦ (1) non-uniform. group isomorphism Want something faster. F ✄ q ✦ Z ❂ ( q � 1), represented in the usual way. Algorithm input: ❤ 1 ❀ ❤ 2 ❀ ✿ ✿ ✿ ✷ F ✄ q . Algorithm output: log ❣ ❤ 1 ❀ log ❣ ❤ 2 ❀ ✿ ✿ ✿ ✷ Z ❂ ( q � 1) for some ❣ . “log ❣ ” means the isomorphism ❣ ✼✦ 1, if it exists.

  10. Discrete logarithms “Generic” log ❣ algorithms: on average q 1 ❂ 2+ ♦ (1) operations Goal: Compute some uniform, q 1 ❂ 3+ ♦ (1) non-uniform. group isomorphism Want something faster. F ✄ q ✦ Z ❂ ( q � 1), represented in the usual way. “Basic index calculus”: 1968 Western–Miller, 1979 Merkle, Algorithm input: 1979 Adleman, 1983 Hellman– ❤ 1 ❀ ❤ 2 ❀ ✿ ✿ ✿ ✷ F ✄ q . Reyneri, 1984 Blake–Fuji-Hara– Algorithm output: Mullin–Vanstone, 1985 ElGamal, log ❣ ❤ 1 ❀ log ❣ ❤ 2 ❀ ✿ ✿ ✿ ✷ Z ❂ ( q � 1) 1986 Coppersmith–Odlyzko– for some ❣ . Schroeppel, 1991 LaMacchia– Odlyzko, 1993 Adleman– “log ❣ ” means the isomorphism DeMarrais, 1995 Semaev, ❣ ✼✦ 1, if it exists. 1998 Bender–Pomerance.

  11. Discrete logarithms “Generic” log ❣ algorithms: “NFS”: 1991 on average q 1 ❂ 2+ ♦ (1) operations Gordon, Compute some uniform, q 1 ❂ 3+ ♦ (1) non-uniform. Odlyzko, isomorphism Want something faster. Weber–Denny ✄ q ✦ Z ❂ ( q � 1), 1998 Web resented in the usual way. “Basic index calculus”: 1968 Lercier, 2006 Western–Miller, 1979 Merkle, rithm input: Smart–V 1979 Adleman, 1983 Hellman– ❤ ❀ ❤ ❀ ✿ ✿ ✿ ✷ F ✄ q . Reyneri, 1984 Blake–Fuji-Hara– “FFS”: 1984 rithm output: Mullin–Vanstone, 1985 ElGamal, Coppersmith–Davenp ❣ ❤ ❀ log ❣ ❤ 2 ❀ ✿ ✿ ✿ ✷ Z ❂ ( q � 1) 1986 Coppersmith–Odlyzko– Odlyzko, ome ❣ . Schroeppel, 1991 LaMacchia– Gordon–McCurley Odlyzko, 1993 Adleman– 1999 Adleman–Huang, means the isomorphism ❣ DeMarrais, 1995 Semaev, Joux–Lercier, ❣ ✼✦ 1, if it exists. 1998 Bender–Pomerance. 2010/2012 Wang–Matsuo–Shirase–T

  12. rithms “Generic” log ❣ algorithms: “NFS”: 1991 Schirok on average q 1 ❂ 2+ ♦ (1) operations Gordon, 1993 Schirok some uniform, q 1 ❂ 3+ ♦ (1) non-uniform. Odlyzko, 1996 Schirok hism Want something faster. Weber–Denny, 1996 ✄ q ✦ ❂ q � 1), 1998 Weber–Denny the usual way. “Basic index calculus”: 1968 Lercier, 2006 Joux–Lercier– Western–Miller, 1979 Merkle, put: Smart–Vercauteren. 1979 Adleman, 1983 Hellman– ✄ ❤ ❀ ❤ ❀ ✿ ✿ ✿ ✷ q Reyneri, 1984 Blake–Fuji-Hara– “FFS”: 1984 Copp ut: Mullin–Vanstone, 1985 ElGamal, Coppersmith–Davenp ❣ ❤ ❀ ❣ ❤ ❀ ✿ ✿ ✿ ✷ Z ❂ ( q � 1) 1986 Coppersmith–Odlyzko– Odlyzko, 1990 McCurley ❣ Schroeppel, 1991 LaMacchia– Gordon–McCurley, Odlyzko, 1993 Adleman– 1999 Adleman–Huang, the isomorphism ❣ DeMarrais, 1995 Semaev, Joux–Lercier, 2006 ❣ ✼✦ exists. 1998 Bender–Pomerance. 2010/2012 Hayashi–Shinoha Wang–Matsuo–Shirase–T

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

I-Complexity and Discrete Towards Precise . . . Derivative of Logarithms: Our Result Proof A

I-Complexity and Discrete Towards Precise . . . Derivative of Logarithms: Our Result Proof A

Kolmogorov Complexity Need for Approximate . . . I-Complexity Good Properties of I- . . . I-Complexity and Discrete Towards Precise . . . Derivative of Logarithms: Our Result Proof A Group-Theoretic Acknowledgments References Explanation

481 views • 12 slides
Private key versus Public Key Reviews on PKC DH ElGamal Massey Omura Discrete Logarithms

Private key versus Public Key Reviews on PKC DH ElGamal Massey Omura Discrete Logarithms

Elliptic curves over F q Reviews on PKC DH ElGamal Massey Omura Discrete Logarithms DL Attacks BSGS PohlihHellmann DL records Square roots E LLIPTIC CURVES C RYPTOGRAPHY Reminder from Yesterday Points of finite order Important

664 views • 30 slides
Algorithms for integer factorization and discrete logarithms computation Algorithmes pour la

Algorithms for integer factorization and discrete logarithms computation Algorithmes pour la

Algorithms for integer factorization and discrete logarithms computation Algorithmes pour la factorisation dentiers et le calcul de logarithme discret Cyril Bouvier CARAMEL project-team, LORIA Universit de Lorraine / CNRS / Inria

470 views • 42 slides
Breaking 128 bit Secure Supersingular Binary Curves (or how to solve Discrete Logarithms in

Breaking 128 bit Secure Supersingular Binary Curves (or how to solve Discrete Logarithms in

Index Calculus Method Small char Finite Fields 9234 bits Impact on Pairings Breaking 128 bit Secure Supersingular Binary Curves (or how to solve Discrete Logarithms in F 2 4 1223 and F 2 12 367 ) Jens Zumbr agel Institute of

367 views • 32 slides
Logarithms 2-1 Definition of Logarithms

Logarithms 2-1 Definition of Logarithms

Logarithms 2-1 Definition of Logarithms If x = b y then y = log b x where x and b are positive numbers and b 1 log b x is read as logarithm of x to the base of b . 2 - 2

318 views • 9 slides
Solving Discrete Logarithms in Smooth-Order Groups with CUDA Ryan Henry Ian Goldberg Solving

Solving Discrete Logarithms in Smooth-Order Groups with CUDA Ryan Henry Ian Goldberg Solving

Solving Discrete Logarithms in Smooth-Order Groups with CUDA Ryan Henry Ian Goldberg Solving Discrete Logarithms in Smooth-Order Groups with CUDA Definition Let G be a cyclic group of order q and let g G be a generator. Given G , the

468 views • 44 slides
DISCRETE LOGARITHMS Elliptic Curve Cryptography December 2019 Bochum, Germany IN

DISCRETE LOGARITHMS Elliptic Curve Cryptography December 2019 Bochum, Germany IN

ECC 2019: 23rd Workshop on DISCRETE LOGARITHMS Elliptic Curve Cryptography December 2019 Bochum, Germany IN QUASI-POLYNOMIAL TIME Based on a joint work with Thorsten Kleinjung IN FINITE FIELDS OF SMALL CHARACTERISTIC Benjamin Wesolowski

700 views • 47 slides
Low Weight Discrete Logarithms and Subset Sum in 2 0 . 65 n with Polynomial Memory EUROCRYPT 2020 ,

Low Weight Discrete Logarithms and Subset Sum in 2 0 . 65 n with Polynomial Memory EUROCRYPT 2020 ,

Low Weight Discrete Logarithms and Subset Sum in 2 0 . 65 n with Polynomial Memory EUROCRYPT 2020 , May 11.-15. 2020 Andre Esser and Alexander May Horst Grtz Institute for IT Security Ruhr University Bochum Subset Sum Subset Sum Problem 0

464 views • 23 slides
Quantum algorithms for computing short discrete logarithms and factoring RSA integers PQCrypto

Quantum algorithms for computing short discrete logarithms and factoring RSA integers PQCrypto

Quantum algorithms for computing short discrete logarithms and factoring RSA integers PQCrypto 2017, 8th International Workshop, Utrecht, June 26-28, 2017 Martin Eker 1 , 2 Johan Hstad 1 1 KTH Royal Institute of Technology, SE-100 44

728 views • 31 slides
Fixed points for discrete logarithms Carl Pomerance , Dartmouth College Suppose that G is a group

Fixed points for discrete logarithms Carl Pomerance , Dartmouth College Suppose that G is a group

ANTS IX, Nancy, France Fixed points for discrete logarithms Carl Pomerance , Dartmouth College Suppose that G is a group and g G has finite order m . Then for each t g the integers n with g n = t form a residue class mod m . Denote

585 views • 40 slides
JUST THE MATHS SLIDES NUMBER 1.4 ALGEBRA 4 (Logarithms) by A.J.Hobson 1.4.1 Common

JUST THE MATHS SLIDES NUMBER 1.4 ALGEBRA 4 (Logarithms) by A.J.Hobson 1.4.1 Common

JUST THE MATHS SLIDES NUMBER 1.4 ALGEBRA 4 (Logarithms) by A.J.Hobson 1.4.1 Common logarithms 1.4.2 Logarithms in general 1.4.3 Useful Results 1.4.4 Properties of logarithms 1.4.5 Natural logarithms 1.4.6 Graphs of logarithmic and

397 views • 13 slides
Number Theory Arithmetic Fermats and Eulers Theorems Discrete Cryptography Logarithms

Number Theory Arithmetic Fermats and Eulers Theorems Discrete Cryptography Logarithms

Cryptography Number Theory Divisibility and Primes Modular Number Theory Arithmetic Fermats and Eulers Theorems Discrete Cryptography Logarithms Computationally Hard Problems School of Engineering and Technology CQUniversity

964 views • 67 slides
Asymmetric cryptography from discrete logarithms Benjamin Smith Summer school on real-world

Asymmetric cryptography from discrete logarithms Benjamin Smith Summer school on real-world

Asymmetric cryptography from discrete logarithms Benjamin Smith Summer school on real-world crypto and privacy Sibenik, Croatia // June 17 2019 Inria + Laboratoire dInformatique de lcole polytechnique (LIX) 1 Asymmetric crypto settings

1.17k views • 86 slides
Discrete Logarithms and Galois Invariant Smoothness Basis (with J.-M. Couveignes) R. Lercier

Discrete Logarithms and Galois Invariant Smoothness Basis (with J.-M. Couveignes) R. Lercier

Background Function Field Sieve Galois Invariant Smoothness Basis Conclusion Discrete Logarithms and Galois Invariant Smoothness Basis (with J.-M. Couveignes) R. Lercier DGA/CELAR & University of Rennes France Reynald.Lercier (at)

650 views • 38 slides
Logarithms Are Not Infinity: This Infinity Problem . . . A Rational Physics-Related In Reality,

Logarithms Are Not Infinity: This Infinity Problem . . . A Rational Physics-Related In Reality,

Physicists Use Intuition Can We Formalize . . . An Example of . . . Why Are Infinities . . . Logarithms Are Not Infinity: This Infinity Problem . . . A Rational Physics-Related In Reality, Infinities . . . What Should We Do Explanation of

270 views • 14 slides
Rules for logarithms We review the properties of logarithms from the previous lecture. In that

Rules for logarithms We review the properties of logarithms from the previous lecture. In that

Rules for logarithms We review the properties of logarithms from the previous lecture. In that lecture, we developed the following identities. The Product Property is an identity involving the logarithm of product: Elementary Functions log

93 views • 6 slides
Detection of supernova neutrinos at Super-Kamiokande M. Nakahata Kamioka Observatory, ICRR,

Detection of supernova neutrinos at Super-Kamiokande M. Nakahata Kamioka Observatory, ICRR,

Detection of supernova neutrinos at Super-Kamiokande M. Nakahata Kamioka Observatory, ICRR, Kavli IPMU, Univ. of Tokyo The sixth Astrophysical Multimessenger Observatory Network(AMON) Workshop 1 May 22, 2019 Core-collapse supernova

497 views • 30 slides
Low-energy neutrino observation at Super-Kamiokande-III Yasuo Takeuchi Kamioka Observatory,

Low-energy neutrino observation at Super-Kamiokande-III Yasuo Takeuchi Kamioka Observatory,

Low-energy neutrino observation at Super-Kamiokande-III Yasuo Takeuchi Kamioka Observatory, ICRR, Univ. of Tokyo Outline SK detector Update of the supernova neutrino observation in SK-I & SK-II Supernova burst neutrino

977 views • 21 slides
in Japanese - Class #5 Level 3 Student, teacher, senpai Phrases Okurigana Japanese

in Japanese - Class #5 Level 3 Student, teacher, senpai Phrases Okurigana Japanese

Getting Started in Japanese - Class #5 Level 3 Student, teacher, senpai Phrases Okurigana Japanese names TBD Intro to Kanji Ta / Te verbs Months and years Kanji Advantages / based on your Disadvantages Adjective

366 views • 23 slides
INFO 4300 / CS4300 Information Retrieval slides adapted from Hinrich Sch utzes, linked from

INFO 4300 / CS4300 Information Retrieval slides adapted from Hinrich Sch utzes, linked from

INFO 4300 / CS4300 Information Retrieval slides adapted from Hinrich Sch utzes, linked from http://informationretrieval.org/ IR 19/25: Web Search Basics and Classification Paul Ginsparg Cornell University, Ithaca, NY 9 Nov 2010 1 / 67

1.14k views • 67 slides
Service composition: Deriving Component Designs from Global Requirements Gregor v. Bochmann

Service composition: Deriving Component Designs from Global Requirements Gregor v. Bochmann

Service composition: Deriving Component Designs from Global Requirements Gregor v. Bochmann School of I nformation Technology and Engineering (SI TE) University of Ottawa Canada http://www.site.uottawa.ca/~ bochmann/talks/Deriving-3.ppt

707 views • 56 slides
Definite Meaning and Definite Marking Manfred Sailer largely based on joint work with Assif Am

Definite Meaning and Definite Marking Manfred Sailer largely based on joint work with Assif Am

Definite Meaning and Definite Marking Manfred Sailer largely based on joint work with Assif Am David Goethe University, Frankfurt a.M. July 24, 2016 Sailer (GU Frankfurt) HeadLex 2016, Warsaw July 24, 2016 1 / 59 Overview introduction 1

1.03k views • 63 slides
On Enumerating Subsemigroups of the Full Transformation Semigroup Attila Egri-Nagy joint work

On Enumerating Subsemigroups of the Full Transformation Semigroup Attila Egri-Nagy joint work

On Enumerating Subsemigroups of the Full Transformation Semigroup Attila Egri-Nagy joint work with James East (Univ. of Western Sydney) and James D. Mitchell (University of St. Andrews, Scotland) 2013.06.08. Novi Sad Algebra Conference e-n@

975 views • 31 slides
An algorithm for the classification of nil- potent semigroups by coclass Andreas Distler

An algorithm for the classification of nil- potent semigroups by coclass Andreas Distler

An algorithm for the classification of nil- potent semigroups by coclass Andreas Distler (Technische Universitt Braunschweig) Questions, Algorithms, and Computations in Abstract Group Theory, Braunschweig, 21 May 2013 What is a semigroup?

448 views • 17 slides

More recommend