Kirsten Eisenträger

Weak Instances of PLWE

In this paper we present a new attack on the polynomial version of the Ring-LWE assumption, for certain carefully chosen number fields. This variant of RLWE, introduced in [BV11] and called the PLWE assumption, is known to be as hard as the RLWE assumption for \(2\)-power cyclotomic number fields, and for cyclotomic number fields in general with a small cost in terms of error growth. For general number fields, we articulate the relevant properties and prove security reductions for number fields with those properties. We then present an attack on PLWE for number fields satisfying certain properties.

Fast elliptic curve arithmetic and improved weil pairing evaluation

The side channel attack (SCA) is a serious attack on wearable devices that have scarce computational resources. Cryptographic algorithms on them should be efficient using small memory -- we have to make efforts to optimize the trade-off between efficiency and memory. In this paper we present efficient SCA-resistant scalar multiplications based on window method. Moller proposed an SPA-resistant window method based on 2w-ary window method, which replaces w-consecutive zeros to 1 plus w-consecutive 1 and it requires 2w points of table (or 2w-1 +1 points if the signed 2w-ary is used). The most efficient window method with small memory is the width-w NAF, which requires 2w-2 points of table. In this paper we convert the width-w NAF to an SPA-resistant addition chain. Indeed we generate a scalar sequence with the fixed pattern, e.g. |0..0x|0..0x|...|0..0x|, where x is positive odd points < 2w. Thus the size of the table is 2w-1, which is optimal in the construction of the SPA-resistant chain based on width-w NAF. The table sizes of the proposed scheme are 6% to 50% smaller than those of Mollers scheme for w = 2, 3, 4, 5, which are relevant choices in the sense of efficiency for 160-bit ECC.

Descent on elliptic curves and Hilbert’s tenth problem

. Descent via an isogeny on an elliptic curve is used to construct two subrings of the field of rational numbers, which are complementary in a strong sense, and for which Hilberts Tenth Problem is undecidable. This method further develops that of Poonen, who used elliptic divisibility sequences to obtain undecidability results for some large subrings of the rational numbers.

Improved Weil and Tate Pairings for Elliptic and Hyperelliptic Curves

We present algorithms for computing the squared Weil and Tate pairings on elliptic curves and the squared Tate pairing on hyperelliptic curves. The squared pairings introduced in this paper have the advantage that our algorithms for evaluating them are deterministic and do not depend on a random choice of points. Our algorithm to evaluate the squared Weil pairing is about 20% more efficient than the standard Weil pairing. Our algorithm for the squared Tate pairing on elliptic curves matches the efficiency of the algorithm given by Barreto, Lynn, and Scott in the case of arbitrary base points where their denominator cancellation technique does not apply. Our algorithm for the squared Tate pairing for hyperelliptic curves is the first detailed implementation of the pairing for general hyperelliptic curves of genus 2, and saves an estimated 30% over the standard algorithm.

A quantum algorithm for computing the unit group of an arbitrary degree number field

Computing the group of units in a field of algebraic numbers is one of the central tasks of computational algebraic number theory. It is believed to be hard classically, which is of interest for cryptography. In the quantum setting, efficient algorithms were previously known for fields of constant degree. We give a quantum algorithm that is polynomial in the degree of the field and the logarithm of its discriminant. This is achieved by combining three new results. The first is a classical algorithm for computing a basis for certain ideal lattices with doubly exponentially large generators. The second shows that a Gaussian-weighted superposition of lattice points, with an appropriate encoding, can be used to provide a unique representation of a real-valued lattice. The third is an extension of the hidden subgroup problem to continuous groups and a quantum algorithm for solving the HSP over the group Rn.

Hilbert's tenth problem for function fields of varieties over ℂ

Let K be the function field of a variety of dimension greater than or equal to 2 over an algebraically closed field of characteristic zero. Then Hilberts tenth problem for K is undecidable. This generalizes the result by Kim and Roush, 1992, that Hilberts tenth problem for the purely transcendental function field ℂ(t 1 ,t 2 ) is undecidable.

Hilbert's Tenth Problem over function fields of positive characteristic not containing the algebraic closure of a finite field

We prove that the existential theory of any function field

Supersingular Isogeny Graphs and Endomorphism Rings: Reductions and Solutions

K

Computing the Cassels Pairing on Kolyvagin Classes in the Shafarevich-Tate Group

of characteristic

Constructing elliptic curves and curves of genus 2 over finite fields

p> 0