Cryptography 35c3 - No evidence of communication and morality in protocols: Off-the-Record protocol version 4 |
- 35c3 - No evidence of communication and morality in protocols: Off-the-Record protocol version 4
- Understanding the CSIDH protocol. [Post quantum cryptography]
- Linear transformations as perfect hashing functions
- 35C3 - Memsad why clearing memory is hard.
- The year in post-quantum crypto
| 35c3 - No evidence of communication and morality in protocols: Off-the-Record protocol version 4 Posted: 30 Dec 2018 03:52 PM PST |
| Understanding the CSIDH protocol. [Post quantum cryptography] Posted: 30 Dec 2018 03:40 PM PST Hi all. I am trying to understand the CSIDH protocol (https://www.cs.ru.nl/~jrenes/publications/csidh.pdf page 16) and there is something that I am not getting right. For the setup, we will work in F_p with p=3 mod 8. In short, we consider the elliptic curve E0: y^2 = x^3 + x and its Endomorphism Ring Z[pi], which is an order O in Q[Pi]. Also, there's a nice action of Cl(O) over Ell_p(O) such that [a]E = E_a, i.e. it gives us the curve with kernel = [a]. Facts we know:
The protocol is as follows: Both Alice and Bob starts with E0 as the initial curve which I will denote with E.
In trying to do so, Alice first checks with an algorithm (which I won't specify here) whether or not [B]E is supersingular. If it finally is supersingular, then she proceeds. Why? I don't see how being supersingular implies that [B]E falls into Ell_p(O). What I do see is that, from fact 1, it is in the Cl(O)-orbit of E0. But we already knew that. And also, because of fact 2, E and [B]E have the same End_p(E) (so that would automatically imply they are both in Ell_p(O)?), that fact plus being supersingular gives that [B]E has Montgomery form, because of fact 3. But didn't Bob already sent a curve in Montgomery form?
I think I understand the big picture, at the end it's based in a Diffie Hellman protocol, but I am very confused about step 2 and why do they have to do that process. Any help or insight about this doubt will be highly appreciated, thanks. PS: Extra question. Previously to that, it says that we are interested in ideals L of Cl(O) that split in O, i.e. LO=(l,pi-lambda)(l,pi+lambda). Why? I think it has to do with splitting isogeny into several isogenies but I can't see it clear. I understand that (l , pi - lambda) are the points of order l that have coordinates in Fp. [link] [comments]  |
| Linear transformations as perfect hashing functions Posted: 30 Dec 2018 10:09 AM PST Hey all, I "discovered" something interesting I would like to learn more about, figured this would be a good place to ask. Take a square matrix initialized with arbitrary positive integers, and treat this linear transformation as your hash function. In the test I did, I hashed the values of 0-99 into a hash table of length 100 using a linear transformation as just described. It was a "perfect hash", where each unique integer was mapped to some unique index (this was not a trivial mapping where 1 was mapped to index 1 and so on). I treated each input number as an vector, for example 51 is (0, 5, 1). It turns out that if you randomly initialize the matrix with positive integers, some subset of the matrices will be a perfect hashes and the rest will not. This is about as far as I have looked, and I am wondering if any of you know of any research I could read up on that goes more into this phenomena? I unfortunately have no formal education on this subject so sorry if this is already common knowledge. [link] [comments]  |
| 35C3 - Memsad why clearing memory is hard. Posted: 30 Dec 2018 05:58 PM PST |
| The year in post-quantum crypto Posted: 30 Dec 2018 03:47 AM PST |
| You are subscribed to email updates from Cryptography news and discussions. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment