Karl Rubin

Supersingular Abelian Varieties in Cryptology

For certain security applications, including identity based encryption and short signature schemes, it is useful to have abelian varieties with security parameters that are neither too small nor too large. Supersingular abelian varieties are natural candidates for these applications. This paper determines exactly which values can occur as the security parameters of supersingular abelian varieties (in terms of the dimension of the abelian variety and the size of the finite field), and gives constructions of supersingular abelian varieties that are optimal for use in cryptography.

Ranks of twists of elliptic curves and Hilbert's tenth problem

In this paper we investigate the 2-Selmer rank in families of quadratic twists of elliptic curves over arbitrary number fields. We give sufficient conditions on an elliptic curve so that it has twists of arbitrary 2-Selmer rank, and we give lower bounds for the number of twists (with bounded conductor) that have a given 2-Selmer rank. As a consequence, under appropriate hypotheses we can find many twists with trivial Mordell-Weil group, and (assuming the Shafarevich-Tate conjecture) many others with infinite cyclic Mordell-Weil group. Using work of Poonen and Shlapentokh, it follows from our results that if the Shafarevich-Tate conjecture holds, then Hilbert’s Tenth Problem has a negative answer over the ring of integers of every number field.

Ranks of elliptic curves

This paper gives a general survey of ranks of elliptic curves over the field of rational numbers. The rank is a measure of the size of the set of rational points. The paper includes discussions of the Birch and SwinnertonDyer Conjecture, the Parity Conjecture, ranks in families of quadratic twists, and ways to search for elliptic curves of large rank.

Rank Frequencies for Quadratic Twists of Elliptic Curves

We give explicit examples of infinite families of elliptic curves E over Q with (nonconstant) quadratic twists over Q(t) of rank at least 2 and 3. We recover some results announced by Mestre, as well as some additional families. Suppose D is a squarefree integer and let rE(D) denote the rank of the quadratic twist of E by D. We apply results of Stewart and Top to our examples to obtain results of the form for all sufficiently large x.

Choosing the correct elliptic curve in the CM method

We give an elementary way to distinguish between the twists of an ordinary elliptic curve E over F p in order to identify the one with p+1—2U points, when p = U 2 + dV 2 with 2U, 2V ∈ ℤ and E is constructed using the CM method for finding elliptic curves with a prescribed number of points. Our algorithms consist in most cases of reading off simple congruence conditions on U and V modulo 4.

Using Abelian Varieties to Improve Pairing-Based Cryptography

We show that supersingular Abelian varieties can be used to obtain higher MOV security per bit, in all characteristics, than supersingular elliptic curves. We give a point compression/decompression algorithm for primitive subgroups associated with elliptic curves that gives shorter signatures, ciphertexts, or keys for the same security while using the arithmetic on supersingular elliptic curves. We determine precisely which embedding degrees are possible for simple supersingular Abelian varieties over finite fields and define some invariants that are better measures of cryptographic security than the embedding degree. We construct examples of good supersingular Abelian varieties to use in pairing-based cryptography.

Using Primitive Subgroups to Do More with Fewer Bits

This paper gives a survey of some ways to improve the efficiency of discrete log-based cryptography by using the restriction of scalars and the geometry and arithmetic of algebraic tori and abelian varieties.

Disparity in Selmer ranks of quadratic twists of elliptic curves

We study the parity of 2-Selmer ranks in the family of quadratic twists of an arbitrary elliptic curve E over an arbitrary number eld K. We prove that the fraction of twists (of a given elliptic curve over a xed number eld) having even 2-Selmer rank exists as a stable limit over the family of twists, and we compute this fraction as an explicit product of local factors. We give an example of an elliptic curve E such that as K varies, these fractions are dense in [0; 1]. More generally, our results also apply to p-Selmer ranks of twists of 2-dimensional self-dual Fp-representations of the absolute Galois group of K by characters of order p.

Compression in Finite Fields and Torus-Based Cryptography

We present efficient compression algorithms for subgroups of multiplicative groups of finite fields, we use our compression algorithms to construct efficient public key cryptosystems called

Kolyvagin’s System of Gauss Sums

\T_2