Caricamento in corso...
An introduction to isogeny-based cryptography
01TTSRT
A.A. 2020/21
Course Language
Inglese
Degree programme(s)
Doctorate Research in Matematica Pura E Applicata - Torino
Course structure
| Teaching | Hours |
|---|---|
| Lezioni | 30 |
Lecturers
| Teacher | Status | SSD | h.Les | h.Ex | h.Lab | h.Tut | Years teaching |
|---|
Co-lectures
Context
| SSD | CFU | Activities | Area context | *** N/A *** |
|---|
--
--
Basic notions on big-o notation, complexity classes, finite fields
Basic notions on big-o notation, complexity classes, finite fields
Lecture 1
- Modern Cryptography: security models and provable security
- Public-key Cryptography: conditional security and hard mathematical problems
- Passive and active security
- Public-key encryption, key exchange and KEM
- Fujisaki-Okamoto (FO) transform
Lecture 2
- Security of the FO transform
- Variants of the FO transform
- Digital signatures
- Identification/Sigma protocols and the Fiat Shamir transform
- Security proof of Fiat-Shamir digital signatures
Lecture 3
- Elliptic curves over finite fields: Weierstrass equation and group law
- The ECDLP and its difficulty
- Shor's algorithm, Post-quantum Cryptography and NIST's competition
- History of Isogeny-based Cryptography and overview of the state of the art
- Morphisms and isogenies between elliptic curves
Lecture 4
- Isogenies are group homomorphisms, either constant or surjective
- Degree, composition and group of isogenies
- Endomorphisms and the endomorphism ring
- Multiplication by m and the m-torsion subgroup
Lecture 5
- Separable isogenies and their degree
- A finite subgroup of E determines a unique separable isogeny from E
- Examples: isogenies of degree 2 and 3
- Velu's formula
- j-invariant and isomorphisms
Lecture 6
- The dual isogeny and its properties
- Orders and endomorphism rings: ordinary and supersingular elliptic curves
- The m-isogeny graph
- Number of vertices and connected components of the isogeny graph
- Regularity, degree and expander property of a (connected component of an) isogeny graph
Lecture 7
- Montgomery and Edwards model for elliptic curves
- The Montgomery ladder
- Velu's formula for Montgomery (and Edwards?) curves
Lecture 8
- The SIDH protocol and its implementation
- SIDH-based encryption and identification protocol
- Classical and quantum attacks
- Active attacks
Lecture 9
- Compressed public keys
- SIKE and its state of the art implementation
- B-SIDH
Lecture 10
- SIDH-based digital signatures
- Unruh transformation
- Open problems: ring/group signatures? other zero-knowledge proofs?
Lecture 11
- The subring of endomorphisms defined over a base prime field
- Quadratic fields, orders and ideal class groups
- Class group action and CSIDH
Lecture 12
- Parallelization and vectorization problem, and their quantum equivalence
- Classical and quantum attacks
- CSIDH on the surface
Lecture 13
- Sea-sign and its improvements
- CSI-FiSh
- Lossy CSI-FiSh
Lecture 14
- Ring signatures
- Threshold signatures
- Open problems
Lecture 15
- Other results, or something from the above (if running late)
Course webpage: https://poliuni-mathphd-en.campusnet.unito.it/do/corsi.pl/Show?_id=5cqp
Lecture 1
- Modern Cryptography: security models and provable security
- Public-key Cryptography: conditional security and hard mathematical problems
- Passive and active security
- Public-key encryption, key exchange and KEM
- Fujisaki-Okamoto (FO) transform
Lecture 2
- Security of the FO transform
- Variants of the FO transform
- Digital signatures
- Identification/Sigma protocols and the Fiat Shamir transform
- Security proof of Fiat-Shamir digital signatures
Lecture 3
- Elliptic curves over finite fields: Weierstrass equation and group law
- The ECDLP and its difficulty
- Shor's algorithm, Post-quantum Cryptography and NIST's competition
- History of Isogeny-based Cryptography and overview of the state of the art
- Morphisms and isogenies between elliptic curves
Lecture 4
- Isogenies are group homomorphisms, either constant or surjective
- Degree, composition and group of isogenies
- Endomorphisms and the endomorphism ring
- Multiplication by m and the m-torsion subgroup
Lecture 5
- Separable isogenies and their degree
- A finite subgroup of E determines a unique separable isogeny from E
- Examples: isogenies of degree 2 and 3
- Velu's formula
- j-invariant and isomorphisms
Lecture 6
- The dual isogeny and its properties
- Orders and endomorphism rings: ordinary and supersingular elliptic curves
- The m-isogeny graph
- Number of vertices and connected components of the isogeny graph
- Regularity, degree and expander property of a (connected component of an) isogeny graph
Lecture 7
- Montgomery and Edwards model for elliptic curves
- The Montgomery ladder
- Velu's formula for Montgomery (and Edwards?) curves
Lecture 8
- The SIDH protocol and its implementation
- SIDH-based encryption and identification protocol
- Classical and quantum attacks
- Active attacks
Lecture 9
- Compressed public keys
- SIKE and its state of the art implementation
- B-SIDH
Lecture 10
- SIDH-based digital signatures
- Unruh transformation
- Open problems: ring/group signatures? other zero-knowledge proofs?
Lecture 11
- The subring of endomorphisms defined over a base prime field
- Quadratic fields, orders and ideal class groups
- Class group action and CSIDH
Lecture 12
- Parallelization and vectorization problem, and their quantum equivalence
- Classical and quantum attacks
- CSIDH on the surface
Lecture 13
- Sea-sign and its improvements
- CSI-FiSh
- Lossy CSI-FiSh
Lecture 14
- Ring signatures
- Threshold signatures
- Open problems
Lecture 15
- Other results, or something from the above (if running late)
Course webpage: https://poliuni-mathphd-en.campusnet.unito.it/do/corsi.pl/Show?_id=5cqp
Modalità mista
Mixed mode
Presentazione orale
Oral presentation
P.D.1-1 - Novembre
P.D.1-1 - November