PORTALE DELLA DIDATTICA

PORTALE DELLA DIDATTICA

PORTALE DELLA DIDATTICA

Elenco notifiche



An introduction to isogeny-based cryptography

01TTSRT

A.A. 2020/21

Course Language

Inglese

Degree programme(s)

Doctorate Research in Matematica Pura E Applicata - Torino

Course structure
Teaching Hours
Lezioni 30
Lecturers
Teacher Status SSD h.Les h.Ex h.Lab h.Tut Years teaching
Co-lectures
Espandi

Context
SSD CFU Activities Area context
*** N/A ***    
--
--
Basic notions on big-o notation, complexity classes, finite fields
Basic notions on big-o notation, complexity classes, finite fields
Lecture 1 - Modern Cryptography: security models and provable security - Public-key Cryptography: conditional security and hard mathematical problems - Passive and active security - Public-key encryption, key exchange and KEM - Fujisaki-Okamoto (FO) transform Lecture 2 - Security of the FO transform - Variants of the FO transform - Digital signatures - Identification/Sigma protocols and the Fiat Shamir transform - Security proof of Fiat-Shamir digital signatures Lecture 3 - Elliptic curves over finite fields: Weierstrass equation and group law - The ECDLP and its difficulty - Shor's algorithm, Post-quantum Cryptography and NIST's competition - History of Isogeny-based Cryptography and overview of the state of the art - Morphisms and isogenies between elliptic curves Lecture 4 - Isogenies are group homomorphisms, either constant or surjective - Degree, composition and group of isogenies - Endomorphisms and the endomorphism ring - Multiplication by m and the m-torsion subgroup Lecture 5 - Separable isogenies and their degree - A finite subgroup of E determines a unique separable isogeny from E - Examples: isogenies of degree 2 and 3 - Velu's formula - j-invariant and isomorphisms Lecture 6 - The dual isogeny and its properties - Orders and endomorphism rings: ordinary and supersingular elliptic curves - The m-isogeny graph - Number of vertices and connected components of the isogeny graph - Regularity, degree and expander property of a (connected component of an) isogeny graph Lecture 7 - Montgomery and Edwards model for elliptic curves - The Montgomery ladder - Velu's formula for Montgomery (and Edwards?) curves Lecture 8 - The SIDH protocol and its implementation - SIDH-based encryption and identification protocol - Classical and quantum attacks - Active attacks Lecture 9 - Compressed public keys - SIKE and its state of the art implementation - B-SIDH Lecture 10 - SIDH-based digital signatures - Unruh transformation - Open problems: ring/group signatures? other zero-knowledge proofs? Lecture 11 - The subring of endomorphisms defined over a base prime field - Quadratic fields, orders and ideal class groups - Class group action and CSIDH Lecture 12 - Parallelization and vectorization problem, and their quantum equivalence - Classical and quantum attacks - CSIDH on the surface Lecture 13 - Sea-sign and its improvements - CSI-FiSh - Lossy CSI-FiSh Lecture 14 - Ring signatures - Threshold signatures - Open problems Lecture 15 - Other results, or something from the above (if running late) Course webpage: https://poliuni-mathphd-en.campusnet.unito.it/do/corsi.pl/Show?_id=5cqp
Lecture 1 - Modern Cryptography: security models and provable security - Public-key Cryptography: conditional security and hard mathematical problems - Passive and active security - Public-key encryption, key exchange and KEM - Fujisaki-Okamoto (FO) transform Lecture 2 - Security of the FO transform - Variants of the FO transform - Digital signatures - Identification/Sigma protocols and the Fiat Shamir transform - Security proof of Fiat-Shamir digital signatures Lecture 3 - Elliptic curves over finite fields: Weierstrass equation and group law - The ECDLP and its difficulty - Shor's algorithm, Post-quantum Cryptography and NIST's competition - History of Isogeny-based Cryptography and overview of the state of the art - Morphisms and isogenies between elliptic curves Lecture 4 - Isogenies are group homomorphisms, either constant or surjective - Degree, composition and group of isogenies - Endomorphisms and the endomorphism ring - Multiplication by m and the m-torsion subgroup Lecture 5 - Separable isogenies and their degree - A finite subgroup of E determines a unique separable isogeny from E - Examples: isogenies of degree 2 and 3 - Velu's formula - j-invariant and isomorphisms Lecture 6 - The dual isogeny and its properties - Orders and endomorphism rings: ordinary and supersingular elliptic curves - The m-isogeny graph - Number of vertices and connected components of the isogeny graph - Regularity, degree and expander property of a (connected component of an) isogeny graph Lecture 7 - Montgomery and Edwards model for elliptic curves - The Montgomery ladder - Velu's formula for Montgomery (and Edwards?) curves Lecture 8 - The SIDH protocol and its implementation - SIDH-based encryption and identification protocol - Classical and quantum attacks - Active attacks Lecture 9 - Compressed public keys - SIKE and its state of the art implementation - B-SIDH Lecture 10 - SIDH-based digital signatures - Unruh transformation - Open problems: ring/group signatures? other zero-knowledge proofs? Lecture 11 - The subring of endomorphisms defined over a base prime field - Quadratic fields, orders and ideal class groups - Class group action and CSIDH Lecture 12 - Parallelization and vectorization problem, and their quantum equivalence - Classical and quantum attacks - CSIDH on the surface Lecture 13 - Sea-sign and its improvements - CSI-FiSh - Lossy CSI-FiSh Lecture 14 - Ring signatures - Threshold signatures - Open problems Lecture 15 - Other results, or something from the above (if running late) Course webpage: https://poliuni-mathphd-en.campusnet.unito.it/do/corsi.pl/Show?_id=5cqp
Modalità mista
Mixed mode
Presentazione orale
Oral presentation
P.D.1-1 - Novembre
P.D.1-1 - November