Donkey sentence: Difference between revisions

From formulasearchengine
Jump to navigation Jump to search
en>Jason Quinn
slight change
Line 1: Line 1:
{{multiple issues|
{{Refimprove|date=March 2011}}
{{Orphan|date=February 2009}}
}}


In 1998 [[Gerhard Frey]] firstly proposed using '''trace zero varieties''' for cryptographic purpose. These varieties are subgroups of the divisor class group on a low genus hyperelliptic curve defined over a [[finite field]]. These groups can be used to establish [[Public-key cryptography|asymmetric cryptography]] using the [[discrete logarithm]] problem as cryptographic primitive.


Trace zero varieties feature a better scalar multiplication performance than elliptic curves. This allows a fast arithmetic in this groups, which can speed up the calculations with a factor 3 compared with elliptic curves and hence speed up the cryptosystem.
If you present photography effectively, it helps you look much more properly at the globe around you. It is thus, on these grounds that compel various web service provider companies to integrate the same in their packages too. SEO Ultimate - I think this plugin deserves more recognition than it's gotten up till now. In the recent years, there has been a notable rise in the number of companies hiring Indian Word - Press developers. You can customize the appearance with PSD to Word - Press conversion ''. <br><br>Creating a website from scratch can be such a pain. When you write a new post, you'll see a small bar that goes across the text input area. Which is perfect for building a mobile site for business use. You can add new functionalities and edit the existing ones to suit your changing business needs. The biggest advantage of using a coupon or deal plugin is that it gives your readers the coupons and deals within minutes of them becoming available. <br><br>Digital photography is a innovative effort, if you removethe stress to catch every position and viewpoint of a place, you free yourself up to be more innovative and your outcomes will be much better. The nominee in each category with the most votes was crowned the 2010 Parents Picks Awards WINNER and has been established as the best product, tip or place in that category. After age 35, 18% of pregnancies will end in miscarriage. Our skilled expertise, skillfulness and excellence have been well known all across the world. Websites using this content based strategy are always given top scores by Google. <br><br>Numerous bloggers are utilizing Word - Press and with good reason. But the Joomla was created as the CMS over years of hard work. Normally, the Word - Press developers make a thorough research on your website goals and then ingrain the most suitable graphical design elements to your websiteIf you adored this article therefore you would like to acquire more info with regards to [http://www.samsungsoccer.com/profile/742819/Le07C.html wordpress dropbox backup] please visit the website. A whole lot worse, your site will likely be useless as well as your merchandise won't sell if no one has the endurance to wait for the web pages to load. If your site does well you can get paid professional designer to create a unique Word - Press theme. <br><br>A sitemap is useful for enabling web spiders and also on rare occasions clients, too, to more easily and navigate your website. I don't want that for my visitors and I'm quite sure they don't either. The days of spending a lot of time and money to have a website built are long gone. You should stay away from plugins that are full of flaws and bugs. Article Source: Hostgator discount coupons for your Wordpress site here.
 
Another advantage is that for a groups of cryptographically relevant size, the order of the group can simply be calculated using the characteristic polynomial of the Frobenius endomorphism. This is not the case, for example, in [[elliptic curve cryptography]] when the group of points of an elliptic curve over a prime field is used for cryptographic purpose.
 
However to represent an element of the trace zero variety more bits are needed compared with elements of elliptic or hyperelliptic curves. Another disadvantage, is the fact, that it is possible to reduce the security of the TZV of <sup>1</sup>/<sub>6</sub><sup>th</sup> of the bit length using cover attack.
 
== Mathematical background ==
A [[hyperelliptic curve]] ''C'' of genus ''g'' over a prime field <math>\mathbb{F}_q</math> where ''q'' = ''p''<sup>''n''</sup> (''p'' prime) of odd characteristic is defined as
 
: <math>
C:~y^2 + h(x)y = f(x),
</math>
 
where ''f'' monic, deg(''f'') = 2''g''&nbsp;+&nbsp;1 and deg(''h'') ≤ g. The curve has at least one <math>\mathbb{F}_q</math>-rational Weierstraßpoint.
 
The [[Jacobian variety]] <math>J_C(\mathbb{F}_{q^n})</math> of ''C'' is for all finite extension <math>\mathbb{F}_{q^n}</math> isomorphic to the ideal class group <math>\operatorname{Cl}(C/\mathbb{F}_{q^n})</math>. With the ''Mumford's representation'' it is possible to represent the elements of  <math>J_C(\mathbb{F}_{q^n})</math>  with a pair of polynomials ''[u, v]'', where ''u'', ''v'' ∈ <math>\mathbb{F}_{q^n}[x]</math>.
 
The ''Frobenius endomorphism'' σ is used on an element ''[u, v]'' of <math>J_C(\mathbb{F}_{q^n})</math> to raise the power of each coefficient of that element to ''q'': σ(''[u, v]'') = [''u''<sup>q</sup>(x), v<sup>q</sup>(x)]. The characteristic polynomial of this endomorphism has the following form:
 
: <math>
\chi(T) = T^{2g} + a_1T^{2g-1} + \cdots + a_gT^g + \cdots + a_1q^{g-1}T + q^g,
</math>
where a<sub>i</sub> in {{Unicode|&#x2124;}}
 
With the ''Hasse–Weil theorem'' it is possible to receive the group order of any extension field <math>\mathbb{F}_{q^n}</math> by using the complex roots τ<sub>i</sub> of χ(''T''):
 
: <math>
|J_C(\mathbb{F}_{q^n})| = \prod_{i=1}^{2g} (1 - \tau_i^n)
</math>
 
Let ''D'' be an element of the <math>J_C(\mathbb{F}_{q^n})</math> of ''C'', then it is possible to define an endomorphism of <math>J_C(\mathbb{F}_{q^n})</math>, the so-called ''trace of D'':
 
: <math>
\operatorname{Tr}(D) = \sum_{i=0}^{n-1} \sigma^i(D) = D + \sigma(D) + \cdots + \sigma^{n-1}(D)
</math>
 
Based on this endomorphism one can reduce the Jacobian variety to a subgroup ''G'' with the property, that every element is of trace zero:
 
: <math>
G = \{ D \in J_C(\mathbb{F}_{q^n})~|~\text{Tr}(D) = \textbf{\textit{0}} \}, ~~~(\textbf{\textit{0}} \text{ neutral element in } J_C(\mathbb{F}_{q^n})
</math>
 
''G'' is the kernel of the trace endomorphism and thus ''G'' is a group, the so-called '''trace zero (sub)variety''' (TZV) of <math>J_C(\mathbb{F}_{q^n})</math>.
 
The intersection of ''G'' and <math>J_C(\mathbb{F}_{q})</math> is produced by the ''n''-torsion elements of <math>J_C(\mathbb{F}_{q})</math>. If the greatest common divisor <math>\gcd(n, |J_C(\mathbb{F}_q)|) = 1</math> the intersection is empty and one can compute the group order of ''G'':
 
: <math>
|G| = \dfrac{|J_C(\mathbb{F}_{q^n})|}{|J_C(\mathbb{F}_q)|} = \dfrac{\prod_{i=1}^{2g} (1 - \tau_i^n)}{ \prod_{i=1}^{2g} (1 - \tau_i)}
</math>
 
The actual group used in cryptographic applications is a subgroup ''G<sub>0</sub>'' of ''G'' of a large prime order ''l''This group  may be ''G'' itself.<ref>G. Frey and T. Lange: "Mathematical background of public key cryptography"</ref><ref>T. Lange: "Trace zero subvariety for cryptosystems"</ref>
 
There exist three different cases of cryptograpghical relevance for TZV:<ref>R. M. Avanzi and E. Cesena: "Trace zero varieties over fields of characteristic 2 for cryptographic applications"</ref>
*''g'' = 1, ''n'' = 3
*''g'' = 1, ''n'' = 5
*''g'' = 2, ''n'' = 3
 
== Arithmetic ==
 
The arithmetic used in the TZV group ''G<sub>0</sub>'' based on the arithmetic for the whole group <math>J_C(\mathbb{F}_{q^n})</math>, But it is possible to use the ''Frobenius endomorphism'' σ to speed up the scalar multiplication. This can be archived if ''G<sub>0</sub>'' is generated by ''D'' of order ''l'' then ''σ(D) = sD'', for some integers ''s''. For the given cases of TZV ''s'' can be computed as follows, where ''a''<sub>i</sub> come from the characteristic polynomial of the Frobenius endomorphism :
 
* For ''g'' = 1, ''n'' = 3:  <math>s = \dfrac {q-1} {1 - a_1} \bmod{\ell} </math>
 
* For ''g'' = 1, ''n'' = 5:  <math>s = \dfrac {q^2-q-a_1^2q+a_1q+1} {q-2a_1q+a_1^3-a_1^2+a_1-1} \bmod{\ell} </math>
 
* For ''g'' = 2, ''n'' = 3:  <math>s = - \dfrac {q^2-a_2+a_1} {a_1q-a_2+1} \bmod{\ell}</math>
 
Knowing this, it is possible to replace any scalar multiplication  ''mD (|m| ≤ l/2)'' with:
 
: <math>
m_0D + m_1\sigma(D) + \cdots + m_{n-1}\sigma^{n-1}(D),  ~~~~\text{where }m_i = O(\ell^{1/(n-1)}) = O(q^g)
</math>
 
With this trick the multiple scalar product can be reduced to about 1/(''n''&nbsp;&minus;&nbsp;1)<sup>th</sub> of doublings necessary for calculating ''mD'', if the implied constants are small enough.<ref>R. M. Avanzi and E. Cesena: "Trace zero varieties over fields of characteristic 2 for cryptographic applications"</ref><ref>T. Lange: "Trace zero subvariety for cryptosystems"</ref>
 
== Security ==
The security of cryptographic systems based on trace zero subvarieties according of the results of the papers<ref>T. Lange: "Trace zero subvariety for cryptosystems"</ref><ref>R. M. Avanzi and E. Cesena: "Trace zero varieties over fields of characteristic 2 for cryptographic applications"</ref>
comparable to the security of hyper-elliptic curves of low genus ''g' '' over <math>\mathbb{F}_{p'}</math>, where ''p' '' ~ (''n''&nbsp;&minus;&nbsp;1)(''g/g' '') for ''|G|'' ~128 bits.
 
For the cases where ''n'' = 3, ''g'' = 2 and ''n'' = 5, ''g'' = 1 it is possible to reduce the security for at most 6 bits, where ''|G|'' ~ 2<sup>256</sup>, because one can not be sure that ''G'' is contained in a Jacobian of a curve of genus 6. The security of curves of genus 4 for similar fields are far less secure.
 
== Cover attack on a trace zero crypto-system ==
The attack published in<ref>C. Diem and J. Scholten: "An attack on a trace-zero cryptosystem"</ref>
shows, that the DLP in trace zero groups of genus 2 over finite fields of characteristic  diverse than 2 or 3 and a field extension of degree 3 can be transformed into a DLP in a class group of degree 0 with genus of at most 6 over the base field. In this new class group the DLP can be attacked with the index calculus methods. This leads to a reduction of the bit length <sup>1</sup>/<sub>6</sub><sup>th</sup>.
 
== Notes ==
{{reflist|2}}
 
== References ==
* G. Frey and T. Lange: "Mathematical background of public key cryptography", Technical report, 2005{{Refimprove-inline|date=March 2011}}
* R. M. Avanzi and E. Cesena: "Trace zero varieties over fields of characteristic 2 for cryptographic applications", Technical report, 2007{{Refimprove-inline|date=March 2011}}
* T. Lange: "Trace zero subvariety for cryptosystems", Technical report, 2003, http://eprint.iacr.org/2003/094, 2003 {{Refimprove-inline|date=March 2011}}
* C. Diem and J. Scholten: "An attack on a trace-zero cryptosystem"{{Refimprove-inline|date=March 2011}}
* M. Wienecke: "Cryptography on Trace-Zero Varieties", ITS-Seminar paper, http://www.crypto.rub.de/its_seminar_ws0708.html, 2008
* A. V. Sutherland: "101 useful trace zero varieties", http://www-math.mit.edu/~drew/TraceZeroVarieties.html, 2007
 
[[Category:Cryptography]]

Revision as of 09:07, 13 February 2014


If you present photography effectively, it helps you look much more properly at the globe around you. It is thus, on these grounds that compel various web service provider companies to integrate the same in their packages too. SEO Ultimate - I think this plugin deserves more recognition than it's gotten up till now. In the recent years, there has been a notable rise in the number of companies hiring Indian Word - Press developers. You can customize the appearance with PSD to Word - Press conversion .

Creating a website from scratch can be such a pain. When you write a new post, you'll see a small bar that goes across the text input area. Which is perfect for building a mobile site for business use. You can add new functionalities and edit the existing ones to suit your changing business needs. The biggest advantage of using a coupon or deal plugin is that it gives your readers the coupons and deals within minutes of them becoming available.

Digital photography is a innovative effort, if you removethe stress to catch every position and viewpoint of a place, you free yourself up to be more innovative and your outcomes will be much better. The nominee in each category with the most votes was crowned the 2010 Parents Picks Awards WINNER and has been established as the best product, tip or place in that category. After age 35, 18% of pregnancies will end in miscarriage. Our skilled expertise, skillfulness and excellence have been well known all across the world. Websites using this content based strategy are always given top scores by Google.

Numerous bloggers are utilizing Word - Press and with good reason. But the Joomla was created as the CMS over years of hard work. Normally, the Word - Press developers make a thorough research on your website goals and then ingrain the most suitable graphical design elements to your website. If you adored this article therefore you would like to acquire more info with regards to wordpress dropbox backup please visit the website. A whole lot worse, your site will likely be useless as well as your merchandise won't sell if no one has the endurance to wait for the web pages to load. If your site does well you can get paid professional designer to create a unique Word - Press theme.

A sitemap is useful for enabling web spiders and also on rare occasions clients, too, to more easily and navigate your website. I don't want that for my visitors and I'm quite sure they don't either. The days of spending a lot of time and money to have a website built are long gone. You should stay away from plugins that are full of flaws and bugs. Article Source: Hostgator discount coupons for your Wordpress site here.