| Preface |
|
xiii | |
| Acknowledgements |
|
xiv | |
|
|
|
1 | (10) |
|
1.1 Public key cryptography |
|
|
2 | (1) |
|
1.2 The textbook RSA cryptosystem |
|
|
2 | (2) |
|
1.3 Formal definition of public key cryptography |
|
|
4 | (7) |
|
|
|
11 | (48) |
|
2 Basic algorithmic number theory |
|
|
13 | (41) |
|
2.1 Algorithms and complexity |
|
|
13 | (8) |
|
|
|
21 | (3) |
|
|
|
24 | (3) |
|
2.4 Computing Legendre and Jacobi symbols |
|
|
27 | (2) |
|
|
|
29 | (2) |
|
2.6 Chinese remainder theorem |
|
|
31 | (1) |
|
|
|
32 | (1) |
|
2.8 Modular exponentiation |
|
|
33 | (3) |
|
2.9 Square roots modulo p |
|
|
36 | (2) |
|
2.10 Polynomial arithmetic |
|
|
38 | (1) |
|
2.11 Arithmetic in finite fields |
|
|
39 | (1) |
|
2.12 Factoring polynomials over finite fields |
|
|
40 | (3) |
|
|
|
43 | (1) |
|
2.14 Algorithms in finite fields |
|
|
43 | (4) |
|
2.15 Computing orders of elements and primitive roots |
|
|
47 | (4) |
|
2.16 Fast evaluation of polynomials at multiple points |
|
|
51 | (2) |
|
2.17 Pseudorandom generation |
|
|
53 | (1) |
|
|
|
53 | (1) |
|
3 Hash functions and MACs |
|
|
54 | (5) |
|
3.1 Security properties of hash functions |
|
|
54 | (1) |
|
|
|
55 | (1) |
|
3.3 Message authentication codes |
|
|
56 | (1) |
|
3.4 Constructions of hash functions |
|
|
56 | (1) |
|
3.5 Number-theoretic hash functions |
|
|
57 | (1) |
|
|
|
57 | (1) |
|
|
|
58 | (1) |
|
|
|
59 | (154) |
|
4 Preliminary remarks on algebraic groups |
|
|
61 | (5) |
|
4.1 Informal definition of an algebraic group |
|
|
61 | (1) |
|
4.2 Examples of algebraic groups |
|
|
62 | (1) |
|
4.3 Algebraic group quotients |
|
|
63 | (1) |
|
4.4 Algebraic groups over rings |
|
|
64 | (2) |
|
|
|
66 | (20) |
|
5.1 Affine algebraic sets |
|
|
66 | (3) |
|
5.2 Projective algebraic sets |
|
|
69 | (5) |
|
|
|
74 | (2) |
|
|
|
76 | (3) |
|
5.5 Rational maps and morphisms |
|
|
79 | (4) |
|
|
|
83 | (1) |
|
5.7 Weil restriction of scalars |
|
|
84 | (2) |
|
|
|
86 | (15) |
|
6.1 Cyclotomic subgroups of finite fields |
|
|
86 | (2) |
|
|
|
88 | (1) |
|
|
|
89 | (5) |
|
|
|
94 | (5) |
|
|
|
99 | (1) |
|
6.6 Algebraic tori over rings |
|
|
99 | (2) |
|
7 Curves and divisor class groups |
|
|
101 | (20) |
|
7.1 Non-singular varieties |
|
|
101 | (4) |
|
7.2 Weierstrass equations |
|
|
105 | (1) |
|
7.3 Uniformisers on curves |
|
|
106 | (2) |
|
7.4 Valuation at a point on a curve |
|
|
108 | (2) |
|
7.5 Valuations and points on curves |
|
|
110 | (1) |
|
|
|
111 | (1) |
|
|
|
112 | (2) |
|
|
|
114 | (2) |
|
|
|
116 | (5) |
|
8 Rational maps on curves and divisors |
|
|
121 | (17) |
|
8.1 Rational maps of curves and the degree |
|
|
121 | (2) |
|
8.2 Extensions of valuations |
|
|
123 | (3) |
|
8.3 Maps on divisor classes |
|
|
126 | (3) |
|
|
|
129 | (1) |
|
8.5 Derivations and differentials |
|
|
130 | (6) |
|
|
|
136 | (1) |
|
8.7 Riemann-Roch theorem and Hurwitz genus formula |
|
|
137 | (1) |
|
|
|
138 | (40) |
|
|
|
138 | (2) |
|
9.2 Morphisms between elliptic curves |
|
|
140 | (2) |
|
9.3 Isomorphisms of elliptic curves |
|
|
142 | (1) |
|
|
|
143 | (1) |
|
|
|
144 | (2) |
|
|
|
146 | (7) |
|
9.7 The invariant differential |
|
|
153 | (2) |
|
9.8 Multiplication by n and division polynomials |
|
|
155 | (1) |
|
9.9 Endomorphism structure |
|
|
156 | (2) |
|
|
|
158 | (6) |
|
9.11 Supersingular elliptic curves |
|
|
164 | (4) |
|
9.12 Alternative models for elliptic curves |
|
|
168 | (7) |
|
9.13 Statistical properties of elliptic curves over finite fields |
|
|
175 | (2) |
|
9.14 Elliptic curves over rings |
|
|
177 | (1) |
|
|
|
178 | (35) |
|
10.1 Non-singular models for hyperelliptic curves |
|
|
179 | (7) |
|
10.2 Isomorphisms, automorphisms and twists |
|
|
186 | (2) |
|
10.3 Effective affine divisors on hyperelliptic curves |
|
|
188 | (8) |
|
10.4 Addition in the divisor class group |
|
|
196 | (8) |
|
10.5 Jacobians, Abelian varieties and isogenies |
|
|
204 | (2) |
|
|
|
206 | (1) |
|
10.7 Hyperelliptic curves over finite fields |
|
|
206 | (3) |
|
10.8 Supersingular curves |
|
|
209 | (4) |
|
PART III EXPONENTIATION, FACTORING AND DISCRETE LOGARITHMS |
|
|
213 | (122) |
|
11 Basic algorithms for algebraic groups |
|
|
215 | (23) |
|
11.1 Efficient exponentiation using signed exponents |
|
|
215 | (4) |
|
11.2 Multi-exponentiation |
|
|
219 | (2) |
|
11.3 Efficient exponentiation in specific algebraic groups |
|
|
221 | (10) |
|
11.4 Sampling from algebraic groups |
|
|
231 | (4) |
|
11.5 Determining group structure and computing generators for elliptic curves |
|
|
235 | (1) |
|
11.6 Testing subgroup membership |
|
|
236 | (2) |
|
12 Primality testing and integer factorisation using algebraic groups |
|
|
238 | (8) |
|
|
|
238 | (2) |
|
12.2 Generating random primes |
|
|
240 | (2) |
|
12.3 The p - 1 factoring method |
|
|
242 | (2) |
|
12.4 Elliptic curve method |
|
|
244 | (1) |
|
12.5 Pollard-Strassen method |
|
|
245 | (1) |
|
13 Basic discrete logarithm algorithms |
|
|
246 | (16) |
|
|
|
247 | (1) |
|
13.2 The Pohlig-Hellman method |
|
|
247 | (3) |
|
13.3 Baby-step-giant-step (BSGS) method |
|
|
250 | (3) |
|
13.4 Lower bound on complexity of generic algorithms for the DLP |
|
|
253 | (3) |
|
13.5 Generalised discrete logarithm problems |
|
|
256 | (2) |
|
13.6 Low Hamming weight DLP |
|
|
258 | (2) |
|
13.7 Low Hamming weight product exponents |
|
|
260 | (2) |
|
14 Factoring and discrete logarithms using pseudorandom walks |
|
|
262 | (39) |
|
|
|
262 | (2) |
|
14.2 The Pollard rho method |
|
|
264 | (9) |
|
14.3 Distributed Pollard rho |
|
|
273 | (3) |
|
14.4 Speeding up the rho algorithm using equivalence classes |
|
|
276 | (4) |
|
|
|
280 | (7) |
|
14.6 Distributed kangaroo algorithm |
|
|
287 | (5) |
|
14.7 The Gaudry-Schost algorithm |
|
|
292 | (4) |
|
14.8 Parallel collision search in other contexts |
|
|
296 | (1) |
|
14.9 Pollard rho factoring method |
|
|
297 | (4) |
|
15 Factoring and discrete logarithms in subexponential time |
|
|
301 | (34) |
|
|
|
301 | (2) |
|
15.2 Factoring using random squares |
|
|
303 | (7) |
|
15.3 Elliptic curve method revisited |
|
|
310 | (2) |
|
15.4 The number field sieve |
|
|
312 | (1) |
|
15.5 Index calculus in finite fields |
|
|
313 | (11) |
|
15.6 Discrete logarithms on hyperelliptic curves |
|
|
324 | (4) |
|
|
|
328 | (1) |
|
15.8 Discrete logarithms on elliptic curves over extension fields |
|
|
329 | (3) |
|
|
|
332 | (3) |
|
|
|
335 | (68) |
|
|
|
337 | (10) |
|
16.1 Basic notions on lattices |
|
|
338 | (5) |
|
16.2 The Hermite and Minkowski bounds |
|
|
343 | (2) |
|
16.3 Computational problems in lattices |
|
|
345 | (2) |
|
17 Lattice basis reduction |
|
|
347 | (19) |
|
17.1 Lattice basis reduction in two dimensions |
|
|
347 | (5) |
|
17.2 LLL-reduced lattice bases |
|
|
352 | (4) |
|
17.3 The Gram-Schmidt algorithm |
|
|
356 | (2) |
|
|
|
358 | (4) |
|
|
|
362 | (3) |
|
17.6 Variants of the LLL algorithm |
|
|
365 | (1) |
|
18 Algorithms for the closest and shortest vector problems |
|
|
366 | (14) |
|
18.1 Babai's nearest plane method |
|
|
366 | (5) |
|
18.2 Babai's rounding technique |
|
|
371 | (2) |
|
18.3 The embedding technique |
|
|
373 | (2) |
|
18.4 Enumerating all short vectors |
|
|
375 | (4) |
|
18.5 Korkine-Zolotarev bases |
|
|
379 | (1) |
|
19 Coppersmith's method and related applications |
|
|
380 | (23) |
|
19.1 Coppersmith's method for modular univariate polynomials |
|
|
380 | (7) |
|
19.2 Multivariate modular polynomial equations |
|
|
387 | (1) |
|
19.3 Bivariate integer polynomials |
|
|
387 | (3) |
|
19.4 Some applications of Coppersmith's method |
|
|
390 | (7) |
|
19.5 Simultaneous Diophantine approximation |
|
|
397 | (1) |
|
19.6 Approximate integer greatest common divisors |
|
|
398 | (2) |
|
19.7 Learning with errors |
|
|
400 | (2) |
|
19.8 Further applications of lattice reduction |
|
|
402 | (1) |
|
PART V CRYPTOGRAPHY RELATED TO DISCRETE LOGARITHMS |
|
|
403 | (80) |
|
20 The Diffie-Hellman problem and cryptographic applications |
|
|
405 | (13) |
|
20.1 The discrete logarithm assumption |
|
|
405 | (1) |
|
|
|
405 | (3) |
|
20.3 Textbook Elgamal encryption |
|
|
408 | (2) |
|
20.4 Security of textbook Elgamal encryption |
|
|
410 | (4) |
|
20.5 Security of Diffie-Hellman key exchange |
|
|
414 | (2) |
|
20.6 Efficiency considerations for discrete logarithm cryptography |
|
|
416 | (2) |
|
21 The Diffie-Hellman problem |
|
|
418 | (34) |
|
21.1 Variants of the Diffie-Hellman problem |
|
|
418 | (4) |
|
21.2 Lower bound on the complexity of CDH for generic algorithms |
|
|
422 | (1) |
|
21.3 Random self-reducibility and self-correction of CDH |
|
|
423 | (3) |
|
21.4 The den Boer and Maurer reductions |
|
|
426 | (9) |
|
21.5 Algorithms for static Diffie-Hellman |
|
|
435 | (4) |
|
21.6 Hard bits of discrete logarithms |
|
|
439 | (4) |
|
21.7 Bit security of Diffie-Hellman |
|
|
443 | (9) |
|
22 Digital signatures based on discrete logarithms |
|
|
452 | (17) |
|
|
|
452 | (7) |
|
22.2 Other public key signature schemes |
|
|
459 | (7) |
|
22.3 Lattice attacks on signatures |
|
|
466 | (1) |
|
22.4 Other signature functionalities |
|
|
467 | (2) |
|
23 Public key encryption based on discrete logarithms |
|
|
469 | (14) |
|
23.1 CCA secure Elgamal encryption |
|
|
469 | (5) |
|
23.2 Cramer-Shoup encryption |
|
|
474 | (4) |
|
23.3 Other encryption functionalities |
|
|
478 | (5) |
|
PART VI CRYPTOGRAPHY RELATED TO INTEGER FACTORISATION |
|
|
483 | (30) |
|
24 The RSA and Rabin cryptosystems |
|
|
485 | (28) |
|
24.1 The textbook RSA cryptosystem |
|
|
485 | (6) |
|
24.2 The textbook Rabin cryptosystem |
|
|
491 | (7) |
|
24.3 Homomorphic encryption |
|
|
498 | (1) |
|
24.4 Algebraic attacks on textbook RSA and Rabin |
|
|
499 | (5) |
|
24.5 Attacks on RSA parameters |
|
|
504 | (3) |
|
24.6 Digital signatures based on RSA and Rabin |
|
|
507 | (4) |
|
24.7 Public key encryption based on RSA and Rabin |
|
|
511 | (2) |
|
PART VII ADVANCED TOPICS IN ELLIPTIC AND HYPERELLIPTIC CURVES |
|
|
513 | (51) |
|
25 Isogenies of elliptic curves |
|
|
515 | (30) |
|
25.1 Isogenies and kernels |
|
|
515 | (8) |
|
25.2 Isogenies from j-invariants |
|
|
523 | (6) |
|
25.3 Isogeny graphs of elliptic curves over finite fields |
|
|
529 | (6) |
|
25.4 The structure of the ordinary isogeny graph |
|
|
535 | (5) |
|
25.5 Constructing isogenies between elliptic curves |
|
|
540 | (3) |
|
25.6 Relating the discrete logarithm problem on isogenous curves |
|
|
543 | (2) |
|
26 Pairings on elliptic curves |
|
|
545 | (19) |
|
|
|
545 | (1) |
|
|
|
546 | (2) |
|
26.3 The Tate-Lichtenbaum pairing |
|
|
548 | (9) |
|
26.4 Reduction of ECDLP to finite fields |
|
|
557 | (2) |
|
26.5 Computational problems |
|
|
559 | (2) |
|
26.6 Pairing-friendly elliptic curves |
|
|
561 | (3) |
|
Appendix A Background mathematics |
|
|
564 | (15) |
|
|
|
564 | (1) |
|
|
|
564 | (1) |
|
|
|
565 | (1) |
|
|
|
565 | (1) |
|
|
|
566 | (1) |
|
|
|
567 | (2) |
|
|
|
569 | (1) |
|
|
|
570 | (1) |
|
|
|
571 | (1) |
|
A.10 Vector spaces and linear algebra |
|
|
572 | (3) |
|
|
|
575 | (1) |
|
A.12 Orders in quadratic fields |
|
|
575 | (1) |
|
|
|
576 | (1) |
|
A.14 Probability and combinatorics |
|
|
576 | (3) |
| References |
|
579 | (24) |
| Author index |
|
603 | (5) |
| Subject index |
|
608 | |
Biežāk uzdotie jautājumi par e-grāmatām