Alice Silverberg

Hierarchical ID-Based Cryptography

We present hierarchical identity-based encryption schemes and signature schemes that have total collusion resistance on an arbitrary number of levels and that have chosen ciphertext security in the random oracle model assuming the difficulty of the Bilinear Diffie-Hellman problem.

Supersingular Abelian Varieties in Cryptology

For certain security applications, including identity based encryption and short signature schemes, it is useful to have abelian varieties with security parameters that are neither too small nor too large. Supersingular abelian varieties are natural candidates for these applications. This paper determines exactly which values can occur as the security parameters of supersingular abelian varieties (in terms of the dimension of the abelian variety and the size of the finite field), and gives constructions of supersingular abelian varieties that are optimal for use in cryptography.

Ranks of elliptic curves

This paper gives a general survey of ranks of elliptic curves over the field of rational numbers. The rank is a measure of the size of the set of rational points. The paper includes discussions of the Birch and SwinnertonDyer Conjecture, the Parity Conjecture, ranks in families of quadratic twists, and ways to search for elliptic curves of large rank.

Efficient Traitor Tracing Algorithms Using List Decoding

We use powerful new techniques for list decoding errorcorrecting codes to efficiently trace traitors. Although much work has focusedon constructing traceability schemes, the complexity of the tracing algorithm has receivedlittle attention. Because the TA tracing algorithm has a runtime of O(N) in general, where N is the number of users, it is inefficient for large populations.We produce schemes for which the TA algorithm is very fast. The IPP tracing algorithm, though less efficient, can list all coalitions capable of constructing a given pirate. We give evidence that when using an algebraic structure, the ability to trace with the IPP algorithm implies the ability to trace with the TA algorithm. We also construct schemes with an algorithm that finds all possible traitor coalitions faster than the IPP algorithm. Finally, we suggest uses for other decoding techniques in the presence of additional information about traitor behavior.

Applications of list decoding to tracing traitors

We apply results from algebraic coding theory to solve problems in cryptography, by using recent results on list decoding of error-correcting codes to efficiently find traitors who collude to create pirates. We produce schemes for which the traceability (TA) traitor tracing algorithm is very fast. We compare the TA and identifiable parent property (IPP) traitor tracing algorithms, and give evidence that when using an algebraic structure, the ability to trace traitors with the IPP algorithm implies the ability to trace with the TA algorithm. We also demonstrate that list decoding techniques can be used to find all possible pirate coalitions. Finally, we raise some related open questions about linear codes, and suggest uses for other decoding techniques in the presence of additional information about traitor behavior.

Fields of definition for homomorphisms of abelian varieties

We give results on when homomorphisms between abelian varieties are or are not defined over fields obtained from division points on the varieties. For example, if A and B are abelian varieties defined over a field F, of dimensions d and e, respectively, and L is the intersection of the fields F(AN, BN) for all integers N prime to the characteristic of F and greater than 2, then every element of Hom(A, B) is defined over L,LF is unramified at the discrete places of good reduction for A × B, and [L : F] divides H(d,e), where H(d,e) is a number given by an explicit formula and is less than 4(9d)2d(9e)2e.

Rank Frequencies for Quadratic Twists of Elliptic Curves

We give explicit examples of infinite families of elliptic curves E over Q with (nonconstant) quadratic twists over Q(t) of rank at least 2 and 3. We recover some results announced by Mestre, as well as some additional families. Suppose D is a squarefree integer and let rE(D) denote the rank of the quadratic twist of E by D. We apply results of Stewart and Top to our examples to obtain results of the form for all sufficiently large x.

Choosing the correct elliptic curve in the CM method

We give an elementary way to distinguish between the twists of an ordinary elliptic curve E over F p in order to identify the one with p+1—2U points, when p = U 2 + dV 2 with 2U, 2V ∈ ℤ and E is constructed using the CM method for finding elliptic curves with a prescribed number of points. Our algorithms consist in most cases of reading off simple congruence conditions on U and V modulo 4.

Using Abelian Varieties to Improve Pairing-Based Cryptography

We show that supersingular Abelian varieties can be used to obtain higher MOV security per bit, in all characteristics, than supersingular elliptic curves. We give a point compression/decompression algorithm for primitive subgroups associated with elliptic curves that gives shorter signatures, ciphertexts, or keys for the same security while using the arithmetic on supersingular elliptic curves. We determine precisely which embedding degrees are possible for simple supersingular Abelian varieties over finite fields and define some invariants that are better measures of cryptographic security than the embedding degree. We construct examples of good supersingular Abelian varieties to use in pairing-based cryptography.

Using Primitive Subgroups to Do More with Fewer Bits

This paper gives a survey of some ways to improve the efficiency of discrete log-based cryptography by using the restriction of scalars and the geometry and arithmetic of algebraic tori and abelian varieties.