elliptic curve primality proving
play

Elliptic Curve Primality Proving Jared Asuncion PhD Away Days - PowerPoint PPT Presentation

Dec 23, 2023 •198 likes •596 views

Elliptic Curve Primality Proving Jared Asuncion PhD Away Days Bordeaux-Luxembourg 19 October 2019 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 1 / 11 Definition An elliptic curve over k ( char k = 2 , 3 ) is a smooth projective

  1. Elliptic Curve Primality Proving Jared Asuncion PhD Away Days Bordeaux-Luxembourg 19 October 2019 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 1 / 11

  2. Definition An elliptic curve over k ( char k � = 2 , 3 ) is a smooth projective curve given by an equation of the form y 2 = f ( x ) = x 3 + ax + b where a , b ∈ k and f ( x ) has no double roots in k. Example Take k = R . Then y 2 = x 3 + x + 1 is an elliptic curve over R since R = C and x 3 + x + 1 has distinct roots over C . Example Take k = F 31 . Then y 2 = x 3 + x + 1 is NOT an elliptic curve since ( x − 14) 2 ( x − 3) = x 3 − 31 x 2 + 280 x − 588 ≡ x 3 + x + 1 mod 31 . Jared Asuncion https://shorturl.at/krtxD PhD Away Days 2 / 11

  3. An elliptic curve has a group structure. The group structure is obtained using the ‘connect-intersect-reflect’ method. The identity of this group is called the point at infinity, denoted by ∞ . P Q y 2 = x 3 + 1 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 3 / 11

  4. An elliptic curve has a group structure. The group structure is obtained using the ‘connect-intersect-reflect’ method. The identity of this group is called the point at infinity, denoted by ∞ . P Q y 2 = x 3 + 1 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 3 / 11

  5. An elliptic curve has a group structure. The group structure is obtained using the ‘connect-intersect-reflect’ method. The identity of this group is called the point at infinity, denoted by ∞ . P Q y 2 = x 3 + 1 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 3 / 11

  6. An elliptic curve has a group structure. The group structure is obtained using the ‘connect-intersect-reflect’ method. The identity of this group is called the point at infinity, denoted by ∞ . P Q P + Q y 2 = x 3 + 1 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 3 / 11

  7. An elliptic curve has a group structure. The group structure is obtained using the ‘connect-intersect-reflect’ method. The identity of this group is called the point at infinity, denoted by ∞ . P y 2 = x 3 + 1 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 4 / 11

  8. An elliptic curve has a group structure. The group structure is obtained using the ‘connect-intersect-reflect’ method. The identity of this group is called the point at infinity, denoted by ∞ . P y 2 = x 3 + 1 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 4 / 11

  9. An elliptic curve has a group structure. The group structure is obtained using the ‘connect-intersect-reflect’ method. The identity of this group is called the point at infinity, denoted by ∞ . P y 2 = x 3 + 1 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 4 / 11

  10. An elliptic curve has a group structure. The group structure is obtained using the ‘connect-intersect-reflect’ method. The identity of this group is called the point at infinity, denoted by ∞ . P P + P y 2 = x 3 + 1 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 4 / 11

  11. An elliptic curve has a group structure. The group structure is obtained using the ‘connect-intersect-reflect’ method. The identity of this group is called the point at infinity, denoted by ∞ . P Q y 2 = x 3 + 1 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 5 / 11

  12. An elliptic curve has a group structure. The group structure is obtained using the ‘connect-intersect-reflect’ method. The identity of this group is called the point at infinity, denoted by ∞ . P Q y 2 = x 3 + 1 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 5 / 11

  13. An elliptic curve has a group structure. The group structure is obtained using the ‘connect-intersect-reflect’ method. The identity of this group is called the point at infinity, denoted by ∞ . P Q y 2 = x 3 + 1 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 5 / 11

  14. An elliptic curve has a group structure. The group structure is obtained using the ‘connect-intersect-reflect’ method. The identity of this group is called the point at infinity, denoted by ∞ . P Q y 2 = x 3 + 1 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 5 / 11

  15. An elliptic curve has a group structure. The group structure is obtained using the ‘connect-intersect-reflect’ method. The identity of this group is called the point at infinity, denoted by ∞ . So, P + Q = ∞ . P Q y 2 = x 3 + 1 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 5 / 11

  16. Using the same equations for the ‘connect-intersect-reflect’ method, we also find a group law for elliptic curves over finite fields. Example The elliptic curve y 2 = x 3 + x over F 7 has eight points with coordinates in F 7 : E = {∞ , (0 , 0) , (1 , ± 3) , (3 , ± 4) , (5 , ± 2) } It has other points in extension fields (e.g. in F 7 ( i ) ) such as (2 , 2 i ) : y 2 (2 i ) 2 = = − 4 ≡ 3 mod 7 x 3 + x 2 3 + 2 = = 10 ≡ 3 mod 7 . Jared Asuncion https://shorturl.at/krtxD PhD Away Days 6 / 11

  17. Note that ‘multiplication-by- m ’ is a group homomorphism from E to E (i.e. an endomorphism of E ). − 1 · (5 , 2) = (5 , − 2) 2 · (5 , 2) = (1 , 3) − 1 · (1 , 3) = (1 , − 3) 2 · (1 , 3) = (0 , 0) Jared Asuncion https://shorturl.at/krtxD PhD Away Days 7 / 11

  18. Note that ‘multiplication-by- m ’ is a group homomorphism from E to E (i.e. an endomorphism of E ). − 1 · (5 , 2) = (5 , − 2) 2 · (5 , 2) = (1 , 3) − 1 · (1 , 3) = (1 , − 3) 2 · (1 , 3) = (0 , 0) Some elliptic curves have extra endomorphisms. For example, the elliptic curve y 2 = x 3 + x has i : ( x , y ) �→ ( − x , iy ). i 2 · (5 , 2) = (5 , − 2) i · (5 , 2) = ( − 5 , 2 i ) i 2 · (1 , 3) = (1 , − 3) i · (1 , 3) = ( − 1 , 3 i ) i 2 · ( − 5 , 2 i ) = ( − 5 , − 2 i ) i · ( − 5 , 2 i ) = (5 , − 2) i 2 · ( − 1 , 3 i ) = (1 , − 3 i ) i · ( − 1 , 3 i ) = (1 , − 3) Jared Asuncion https://shorturl.at/krtxD PhD Away Days 7 / 11

  19. Note that ‘multiplication-by- m ’ is a group homomorphism from E to E (i.e. an endomorphism of E ). − 1 · (5 , 2) = (5 , − 2) 2 · (5 , 2) = (1 , 3) − 1 · (1 , 3) = (1 , − 3) 2 · (1 , 3) = (0 , 0) Some elliptic curves have extra endomorphisms. For example, the elliptic curve y 2 = x 3 + x has i : ( x , y ) �→ ( − x , iy ). i 2 · (5 , 2) = (5 , − 2) i · (5 , 2) = ( − 5 , 2 i ) i 2 · (1 , 3) = (1 , − 3) i · (1 , 3) = ( − 1 , 3 i ) i 2 · ( − 5 , 2 i ) = ( − 5 , − 2 i ) i · ( − 5 , 2 i ) = (5 , − 2) i 2 · ( − 1 , 3 i ) = (1 , − 3 i ) i · ( − 1 , 3 i ) = (1 , − 3) Observe that i 2 · P = − P . It is similar to how i 2 = − 1 (as complex numbers). Jared Asuncion https://shorturl.at/krtxD PhD Away Days 7 / 11

  20. Primality Proving Trial Division To prove N is prime, it suffices to check if it is divisible by integers √ greater than 1 whose value is at most N . √ We prove that q = 31 is prime. Note that 31 ≈ 5 . 5678. 31 divided by 2 = 15 r. 1 31 divided by 3 = 10 r. 1 31 divided by 4 = 7 r. 3 31 divided by 5 = 6 r. 1 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 8 / 11

  21. Proposition Let 6 < N be an integer. If there exists: an integer m a prime q an elliptic curve E over Z / N Z and a point P on E such that m = qs for some s ∈ Z � 2 N 1 / 4 + 1 � q > mP = ∞ sP � = ∞ then N is prime. Jared Asuncion https://shorturl.at/krtxD PhD Away Days 9 / 11

  22. Proposition Let 6 < N = 97 be an integer. If there exists: an integer m a prime q an elliptic curve E over Z / N Z and a point P on E such that m = qs for some s ∈ Z � 2 N 1 / 4 + 1 � q > mP = ∞ sP � = ∞ then N is prime. Jared Asuncion https://shorturl.at/krtxD PhD Away Days 9 / 11

  23. Proposition Let 6 < N = 97 be an integer. If there exists: an integer m = 93 a prime q an elliptic curve E over Z / N Z and a point P on E such that m = qs for some s ∈ Z � 2 N 1 / 4 + 1 � q > mP = ∞ sP � = ∞ then N is prime. Jared Asuncion https://shorturl.at/krtxD PhD Away Days 9 / 11

  24. Proposition Let 6 < N = 97 be an integer. If there exists: an integer m = 93 a prime q = 31 an elliptic curve E over Z / N Z and a point P on E such that m = qs for some s ∈ Z � 2 N 1 / 4 + 1 � q > mP = ∞ sP � = ∞ then N is prime. Jared Asuncion https://shorturl.at/krtxD PhD Away Days 9 / 11

  25. Proposition Let 6 < N = 97 be an integer. If there exists: an integer m = 93 a prime q = 31 an elliptic curve E over Z / N Z , say, E : y 2 = x 3 + 69 x + 2 and a point P on E such that m = qs for some s ∈ Z � 2 N 1 / 4 + 1 � q > mP = ∞ sP � = ∞ then N is prime. Jared Asuncion https://shorturl.at/krtxD PhD Away Days 9 / 11

  26. Proposition Let 6 < N = 97 be an integer. If there exists: an integer m = 93 a prime q = 31 an elliptic curve E over Z / N Z , say, E : y 2 = x 3 + 69 x + 2 and a point P on E, say, P = (12 , 91) such that m = qs for some s ∈ Z � 2 N 1 / 4 + 1 � q > mP = ∞ sP � = ∞ then N is prime. Jared Asuncion https://shorturl.at/krtxD PhD Away Days 9 / 11

  27. Proposition Let 6 < N = 97 be an integer. If there exists: an integer m = 93 a prime q = 31 an elliptic curve E over Z / N Z , say, E : y 2 = x 3 + 69 x + 2 and a point P on E, say, P = (12 , 91) such that m = qs for some s ∈ Z . We have s = 3 ∈ Z since 93 = 31 · 3 . � 2 N 1 / 4 + 1 � q > mP = ∞ sP � = ∞ then N is prime. Jared Asuncion https://shorturl.at/krtxD PhD Away Days 9 / 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Deterministic elliptic curve primality proving for special sequences Alice Silverberg UC Irvine

Deterministic elliptic curve primality proving for special sequences Alice Silverberg UC Irvine

Deterministic elliptic curve primality proving for special sequences Alice Silverberg UC Irvine GEOCRYPT 2013 Deterministic Primality Proving In joint work with Alex Abatzoglou, Drew Sutherland, and Angela Wong, we give necessary and

726 views • 44 slides
Deterministic Elliptic Curve Primality Proving for a Special Sequence of Numbers Alex

Deterministic Elliptic Curve Primality Proving for a Special Sequence of Numbers Alex

Deterministic Elliptic Curve Primality Proving for a Special Sequence of Numbers Alex Abatzoglou, Alice Silverberg, Andrew V. Sutherland, Angela Wong Tenth Algorithmic Number Theory Symposium University of California, San Diego July 9, 2012

630 views • 43 slides
Primality Proving with Elliptic Curves Laurent Thry Marelle Project 29/03/2007 p.1 Prime

Primality Proving with Elliptic Curves Laurent Thry Marelle Project 29/03/2007 p.1 Prime

Primality Proving with Elliptic Curves Laurent Thry Marelle Project 29/03/2007 p.1 Prime Number Inductive N := O: N | S ( n : N ): N Definition m + n := if m is S m then S ( m + n ) else n Definition m * n := if m is S m then

283 views • 25 slides
Quick Review: Quadratic Residues Koblitzs Method We want to solve equations like: All of the

Quick Review: Quadratic Residues Koblitzs Method We want to solve equations like: All of the

Elliptic Curves Suppose F is a field and a 1 , . . . , a 6 F . Elliptic Curve Cryptography Definition 1. An elliptic curve E over a field F is a curve given by an equation: Jim Royer Y 2 + a 1 XY + a 3 Y X 3 + a 2 X 2 + a 4 X + a 6 = (1)

337 views • 5 slides
Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Cryptography Elliptic Curve Cryptography Overview of Elliptic Curve Cryptography Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve Cryptography Cryptography in OpenSSL School of Engineering and

857 views • 17 slides
Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein University of Illinois at Chicago &amp; Technische Universiteit Eindhoven Tanja Lange

318 views • 29 slides
Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein Through our inefficient use of University of Illinois at Chicago &amp; energy (gas

1.07k views • 76 slides
Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm Problem

Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm Problem

Counting points on elliptic curves over F q Christiane Peters DIAMANT-Summer School on Elliptic and Hyperelliptic Curve Cryptography September 17, 2008 Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm

587 views • 30 slides
Elliptic Curves over the Rational Mordells Theorem Numbers Q An elliptic curve is a

Elliptic Curves over the Rational Mordells Theorem Numbers Q An elliptic curve is a

Elliptic Curves over the Rational Mordells Theorem Numbers Q An elliptic curve is a nonsingular plane cu- Theorem (Mordell). The group E ( Q ) of rational points on an bic curve with a rational point (possibly at elliptic curve is a

402 views • 7 slides
The AGM- X 0 ( N ) Algorithm Heegner point lifting with application to elliptic curve point

The AGM- X 0 ( N ) Algorithm Heegner point lifting with application to elliptic curve point

The AGM- X 0 ( N ) Algorithm Heegner point lifting with application to elliptic curve point counting David R. Kohel School of Mathematics and Statistics University of Sydney I Elliptic Curves in Cryptography An elliptic curve E/ F p r for

415 views • 18 slides
Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018

Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018

Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018 Introduction y 2 = x 3 + ax + b en.wikipedia.org/wiki/Elliptic curve Elliptic Curve Addition P = ( x p .y p ), Q = ( x q , y q ), R = ( x r .y r ) =

187 views • 16 slides
Elliptic Curves over Q Peter Birkner Technische Universiteit Eindhoven DIAMANT Summer School on

Elliptic Curves over Q Peter Birkner Technische Universiteit Eindhoven DIAMANT Summer School on

Elliptic Curves over Q Peter Birkner Technische Universiteit Eindhoven DIAMANT Summer School on Elliptic and Hyperelliptic Curve Cryptography 16 September 2008 What is an elliptic curve? (1) An elliptic curve E over a field k in Weierstra

298 views • 25 slides
Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July

Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July

Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July 23, 2014 1 / 12 Elliptic-curve cryptography: signatures and key exchange Given: some elliptic curve E , point P on E of known order . Key

885 views • 16 slides
Efficient Finite Field and Elliptic Curve Arithmetic Laurent Imbert CNRS, LIRMM, Universit e

Efficient Finite Field and Elliptic Curve Arithmetic Laurent Imbert CNRS, LIRMM, Universit e

Efficient Finite Field and Elliptic Curve Arithmetic Laurent Imbert CNRS, LIRMM, Universit e Montpellier 2 Summer School ECC 2011 Nancy, September 12-16, 2011 Part 2 Elliptic curve arithmetic 1/41 The two facets of an elliptic curve

606 views • 42 slides
The probability of primality of the order of a genus 2 curve Jacobian Wouter Castryck joint with

The probability of primality of the order of a genus 2 curve Jacobian Wouter Castryck joint with

The probability of primality of the order of a genus 2 curve Jacobian Wouter Castryck joint with Hendrik Hubrechts, Alessandra Rigato, Andrew Sutherland K.U. Leuven / M.I.T. ECC 2010, Redmond P (# Jac(genus 2 curve) is prime ) Wouter Castryck

438 views • 41 slides
Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The

Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The

Twenty-Three Years of Elliptic Curve Cryptography Alfred Menezes University of Waterloo September 3 2008 1 Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The serpentine course of a paradigm

300 views • 18 slides
Strongly minimal groups in o-minimal structures ( with P . Eleftheriou and A. Hasson ) Kobi

Strongly minimal groups in o-minimal structures ( with P . Eleftheriou and A. Hasson ) Kobi

Strongly minimal groups in o-minimal structures ( with P . Eleftheriou and A. Hasson ) Kobi Peterzil Department of Mathematics University of Haifa Model theory, combinatorics and valued fields, IHP , Paris 2018 Kobi Peterzil 1

336 views • 15 slides
Permutations and Weyl Groups: Seeing Irreducibility in Cycle Structures Noah Hughes Appalachian

Permutations and Weyl Groups: Seeing Irreducibility in Cycle Structures Noah Hughes Appalachian

Permutations and Weyl Groups: Seeing Irreducibility in Cycle Structures Noah Hughes Appalachian State University hughesna@appstate.edu Saturday, October 5, 2013 Outline: * A brief introduction to finite simple Lie Algebras * Root Systems,

200 views • 18 slides
Subgroup structure of branch groups Alejandra Garrido University of Oxford Groups St Andrews, St

Subgroup structure of branch groups Alejandra Garrido University of Oxford Groups St Andrews, St

Subgroup structure of branch groups Alejandra Garrido University of Oxford Groups St Andrews, St Andrews 311 August 2013 Alejandra Garrido (Oxford) Subgroup structure of branch groups St Andrews, August 2013 1 / 17 What is a branch

715 views • 44 slides
Developing Tensor Operations with an Underlying Group Structure Carla D. Martin (with M. Kilmer,

Developing Tensor Operations with an Underlying Group Structure Carla D. Martin (with M. Kilmer,

Developing Tensor Operations with an Underlying Group Structure Carla D. Martin (with M. Kilmer, Tufts University) James Madison University NSF Workshop: Future Directions in Tensor-Based Computation and Modeling February 21, 2009 Carla

644 views • 25 slides
Interpretable sets in o-minimal structures Will Johnson March 27, 2015 Will Johnson

Interpretable sets in o-minimal structures Will Johnson March 27, 2015 Will Johnson

Interpretable sets in o-minimal structures Will Johnson March 27, 2015 Will Johnson Interpretable sets in o-minimal structures March 27, 2015 1 / 13 Interpretable groups in o-minimal theories Theorem (Ramakrishnan, Peterzil, Eleftheriou)

937 views • 44 slides
The structure set of arbitrary spaces, the algebraic surgery exact sequence and the total surgery

The structure set of arbitrary spaces, the algebraic surgery exact sequence and the total surgery

The structure set of arbitrary spaces, the algebraic surgery exact sequence and the total surgery obstruction Andrew Ranicki Department of Mathematics and Statistics University of Edinburgh, Scotland, UK Lecture given at the: Summer School

419 views • 18 slides
Variants of the Borel Conjecture and Sacks dense ideals Wolfgang Wohofsky Vienna University of

Variants of the Borel Conjecture and Sacks dense ideals Wolfgang Wohofsky Vienna University of

Variants of the Borel Conjecture and Sacks dense ideals Wolfgang Wohofsky Vienna University of Technology (TU Wien) and Kurt G odel Research Center, Vienna (KGRC) wolfgang.wohofsky@gmx.at Trends in set theory Warsaw, Poland, July 08-11,

904 views • 51 slides
Invertible Objects: An Elementary Introduction to Picard Groups Richard Wong Math Club 2020

Invertible Objects: An Elementary Introduction to Picard Groups Richard Wong Math Club 2020

Invertible Objects Classical Cases Generalizations Invertible Objects: An Elementary Introduction to Picard Groups Richard Wong Math Club 2020 Slides can be found at http://www.ma.utexas.edu/users/richard.wong/ Richard Wong University of

849 views • 29 slides

More recommend