En el Marco del Programa de Posgrado, y financiados por el MEC, se impartirán los siguientes cursos y seminarios abiertos a cualquier persona interesada.
Todos los cursos se impartirán en el C-XV-320.
This course is intended for graduate students in the field of cryptography and mathematics.
The content of the course is:
- Discrete logarithm problem (DLP) in generic groups: We present generic methods of computing discrete logarithms.
- Cryptographic protocols based on the DLP.
- Elliptic curves and Jacobians of higher genus curves as attractive candidates for DLP: We will present elliptic, hyperelliptic and non-hyperelliptic curves and details efficient arithmetic in their Jacobians.
Elliptic curve cryptography (ECC) has developed into the most important primitive for public key applications. In its latest guidelines the NSA does no longer allow RSA but only ECC. This reflects the trust in the security of ECC as well as the fact that the performance of ECC is better than that of RSA for (presumably) equal levels of security.
Elliptic curves were suggested for cryptographic applications more than 20 years ago and much research effort has been spent on achieving efficient arithmetic on elliptic curves over finite fields. Different representations of elliptic curves have been studied and the field seemed pretty stable. Early 2007 we became aware of a new representation of elliptic curves, introduced by Harold M. Edwards. We investigated their use for cryptography and considered them for finite fields of odd characteristic. These "Edwards curves" allow faster addition and doubling and are thus very interesting for
In this week we will introduce Edwards curves as a new way to see elliptic curves. We will give the connection with elliptic curves in Weierstrass form and also present alternative representations such as Hessian form, Jacobi quartic, and Jacobi intersection. An overview of these systems along with their respective performance for the main group operations can be found on http://www.hyperelliptic.org/EFD/
We will introduce the concept of strongly unified and complete addition formulas. The former are addition formulas that can be used for doubling; the latter are addition formulas that hold for ANY input points, so there are no exceptions for doubling, for adding the negative of a point, for adding the neutral element or for any other input. This is particularly useful to avoid side-channel attacks and also helps to avoid cumbersome checks when implementing.
It is helpful to have some familiarity with elliptic curves in Weierstrass form but it is not required to follow this course. Some examples will be given using SAGE for the finite field arithmetic.
The lectures will survey this area of public key cryptography. First we recall the discrete logarithm problem, Diffie-Hellman key exchange, ElGamal encryption and Schnorr signatures. Then we introduce identity based cryptography and (briefly) bilinear pairings. We present the Joux 3-party key exchange protocol and the Boneh-Franklin identity based encryption scheme and give a security analysis of them. Then we discuss digital signatures and their security, including the BLS signature, aggregate signatures and the Boneh-Boyen signature. If there is time, I will present some information about efficient implementation of pairings.
Última Modificación: 14/5/2008