Challenges with Assessing the Impact of NFS Advances on the Security of Pairing-Based Cryptography
[chapter]

2017
*
Lecture Notes in Computer Science
*

This article presents a concise overview of these

doi:10.1007/978-3-319-61273-7_5
fatcat:jefi5xpxljhi5mqpoxygpowume
*algorithms*and discusses some of*the*challenges*with*assessing their impact*on*keylengths for*pairing*-based cryptosystems. ... In*the*past two years there have been several advances in Number Field Sieve (*NFS*)*algorithms*for computing discrete logarithms in finite fields Fpn where p is prime and n > 1 is a small integer. ... Acknowledgements We thank*the*referees for their comments which helped improve*the*presentation of*the*paper. ...##
###
The Past, Evolving Present, and Future of the Discrete Logarithm
[chapter]

2014
*
Open Problems in Mathematics and Computational Science
*

In particular, this is

doi:10.1007/978-3-319-10683-0_2
fatcat:ykp3rhh2lnhn5ml4otrrfszoii
*the*case for*the*multiplicative groups of finite fields*with*medium to large characteristic and for*the*additive group of a general elliptic*curve*. ...*The*first practical public key cryptosystem ever published,*the*Diffie-Hellman key exchange*algorithm*, relies for its security*on**the*assumption that discrete logarithms are hard to compute. ... , for example,*on**hyperelliptic**curves*. ...##
###
Rigorous analysis of a randomised number field sieve

2018
*
Journal of Number Theory
*

*The*Number Field Sieve (

*NFS*) introduced circa 1990, is still

*the*state of

*the*art

*algorithm*, but no rigorous proof that it halts or generates relationships is known. ... For each n, we show that these randomised variants of

*the*

*NFS*and Coppersmith's multiple polynomial sieve find congruences of squares in expected times matching

*the*best-known heuristic estimates. ... For technical reasons, we instead use

*the*somewhat more complex

*Hyperelliptic*

*Curve*Method, which works

*on*

*the*Jacobian of a

*hyperelliptic*

*curve*in place of an elliptic

*curve*. ...

##
###
Examples of CM curves of genus two defined over the reflex field

2015
*
LMS Journal of Computation and Mathematics
*

Our list therefore contains

doi:10.1112/s1461157015000121
fatcat:oni5ascyg5b6lgzvje6kvf3o4m
*the*smallest 'generic' examples of CM*curves*of genus two.We explain our methods for obtaining this list, including a new height-reduction*algorithm*for arbitrary*hyperelliptic*... Comp.68 (1999) no. 225, 307–320] lists 19*curves*of genus two over$\mathbf{Q}$*with*complex multiplication (CM). ...*The*authors would like to thank Bill Hart for his help*with**the*factoring software GMP-ECM and CADO-*NFS*, Jeroen Sijsling for useful discussions about models and invariants, Damiano Testa as advisor of ...##
###
Non-uniform Cracks in the Concrete: The Power of Free Precomputation
[chapter]

2013
*
Lecture Notes in Computer Science
*

There is a flaw in

doi:10.1007/978-3-642-42045-0_17
fatcat:eh677w5xbbcfnlfq25642mfeyq
*the*standard security definitions used in*the*literature*on*provable concrete security. ...*The*definitions are frequently conjectured to assign a security level of 2 128 to AES,*the*NIST P-256 elliptic*curve*, DSA-3072, RSA-3072, and various higher-level protocols, but they actually assign a ... Koblitz and Menezes in [32]*recently**considered**the*family of attacks D s . ...##
###
Explicit Methods in Number Theory

2005
*
Oberwolfach Reports
*

These notes contain extended abstracts

doi:10.4171/owr/2005/32
fatcat:c7bvrqbu3zc25hwv7j2xkkvtq4
*on**the*topic of explicit methods in number theory. ...*The*range of topics included modular forms, varieties over finite fields, rational and integral points*on*varieties, class groups, and integer factorization. ... This only depends*on**the*d f l values as above.*The*effort to identify good*pairs*among*the*d l f polynomial*pairs**considered*above is O(d l 2 log d). ...##
###
Remodeling the B-Model

2008
*
Communications in Mathematical Physics
*

*The*formalism is based

*on*

*the*recursive solution of matrix models

*recently*proposed by Eynard and Orantin.

*The*resulting amplitudes are non-perturbative in both

*the*closed and

*the*open moduli. ... We also use our formalism to predict

*the*disk amplitude for

*the*orbifold C^3/Z_3. ...

*The*work of S.P. was partly supported by

*the*Swiss National Science Foundation and by

*the*European Commission under contracts MRTN-CT-2004-005104. ...

##
###
Finiteness theorems on elliptical billiards and a variant of the Dynamical Mordell-Lang Conjecture
[article]

2021
*
arXiv
*
pre-print

Another instance is

arXiv:2103.11347v2
fatcat:63tc47p5fzf7zia4nt7x6ps6om
*the*finiteness of*the*billiard shots which send a given ball into another*one*so that this falls eventually in a hole. ... For instance, if two players hit a ball at a given position and*with*directions forming a fixed angle in (0,π), there are only finitely many cases for both trajectories being periodic. ... Then*the*equation becomes of*the*form Q(m) =*nF*(m) for polynomials Q(X), F (X)*with*deg Q ≤ 2, deg F ≤ 1. ...##
###
The annual meeting of the society

1951
*
Bulletin of the American Mathematical Society
*

If

doi:10.1090/s0002-9904-1951-09479-3
fatcat:gv6o2ywuyjgtvoukqa4advbtd4
*the*irreducible canonical system*on*a regular algebraic surface of genera py-pa^p, p( l)~n -\-l, consists of*hyperelliptic**curves*, it has n--2p+4: simple base points*on*a model free from exceptional ... of*the*boundary functions and*on**the*smoothness of*the*boundary*curve*. ... Reserves held in accounts "Reserve for Investment Losses" ($4,386) and "Profit*on*Sales of Securities" ($18,168) may still be*considered*adequate protection against contingent depreciation in market value ...##
###
On the Analysis of Public-Key Cryptologic Algorithms

2015

−1 < n < 2 N )

doi:10.5075/epfl-thesis-6603
fatcat:kijyxks7kvagtc7rj4lr6qreiu
*on**the*four (modified)*curves*we*consider*in this work. ... a collection of*pairs*of integers (a, b) that results from*NFS*sieving for*one*or more special primes. ... Each row contains a value d ,*the*class number h −d of*the*imaginary quadratic field Q( −d )*with*discriminant −d ,*the*root used (commonly referred to as*the*j -invariant),*the*elliptic*curve*E = E a, ...##
###
Algorithms and Number Theory

2001
unpublished

*The*use of elliptic

*curves*in cryptography seems to be well understood by now, and

*the*focus is

*on*speeding up

*the*

*algorithms*, whereas

*the*research

*on*

*the*use of hyper-elliptic

*curves*is more focused

*on*... There has also been continuing interest in cryptography, and this year almost a third of

*the*talks were

*on*algebraic

*curves*, most

*with*an eye to applications in cryptography. ... Independence of Rational Points

*on*

*Hyperelliptic*

*Curves*Michael Stoll

*Consider*

*the*following question. Let C/Q : y 2 = f (x) be a

*hyperelliptic*

*curve*of genus g ≥ 2, and let J denote its Jacobian. ...

##
###
Matrix Model Superpotentials and Calabi-Yau Spaces: an ADE Classification
[article]

2005
*
arXiv
*
pre-print

We find that ADE superpotentials in

arXiv:math/0505111v1
fatcat:i6dwdovzpfakpbefjcc4rv2nsa
*the*Intriligator--Wecht classification exactly match matrix model superpotentials obtained from Calabi-Yau's*with*corresponding ADE singularities. ... To obtain these results we develop techniques for performing small resolutions and small blow-downs, including an*algorithm*for blowing down exceptional ^1's. ... Here we briefly sketch*the*rudiments of*the*hermitian*one*-matrix model, and show*the*emergence of*the**hyperelliptic**curve*which geometrically encodes*the*solution. ...##
###
Endomorphism rings in cryptography
[article]

2011

For instance, many featureful cryptographic schemes have

doi:10.6100/ir714676
fatcat:jaubmqut55b43kmzqujncrr6ce
*recently*been enabled by*pairings*; to make these schemes pra ical, abelian varieties endowed*with*efficient*pairings*must be generated. ... "More discriminants*with**the*Brezing-Weng method". "Computing*the*endomorphism ring of an ordinary elliptic*curve*over a nite eld". ... More precisely, this length can essentially be quadratic if we require that*the*runtime of*the*generation*algorithm*be bounded under*the*generalized Riemann hypothesis (via eorem ..), or linear if ...##
###
Lifts of Hilbert modular forms and application to modularity of abelian varieties
[article]

2017
*
arXiv
*
pre-print

We then use those lifts to provide evidence for a conjecture of Gross

arXiv:1705.03054v1
fatcat:ur24bo5hanagbelbcpc7groysa
*on**the*modularity of abelian varieties not of GL_2-type. ... In this paper, we prove*the*existence of certain lifts of Hilbert cusp forms to general odd spin groups. ... Voight for allowing us to use their*algorithm*for computing endomorphism rings of abelian varieties, and for kindly providing us*with*a preliminary version of ...##
###
14th Meeting of the Canadian Number Theory Association
[article]

2019

To advance these goals,

doi:10.11575/prism/36513
fatcat:nblta3bmtnac7abeps4vptl6ay
*the*CNTA organizes bi-annual conferences that showcase new research in number theory,*with**the*aim of exposing Canadian and international students and researchers to*the*latest ... An exceptional scholar and Professor Emeritus at*the*University of Calgary, Richard's numerous and outstanding contributions to number theory have had a lasting impact*on**the*field, and his collection ... Stoll*recently*computed an explicit embedding of*the*Kummer variety of genus three*hyperelliptic**curves*, together*with*a theory of heights. ...
