Elliptic Curve Primality Proving Jared Asuncion PhD Away Days - PowerPoint PPT Presentation

Elliptic Curve Primality Proving Jared Asuncion PhD Away Days Bordeaux-Luxembourg 19 October 2019 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 1 / 11

Definition An elliptic curve over k ( char k � = 2 , 3 ) is a smooth projective curve given by an equation of the form y 2 = f ( x ) = x 3 + ax + b where a , b ∈ k and f ( x ) has no double roots in k. Example Take k = R . Then y 2 = x 3 + x + 1 is an elliptic curve over R since R = C and x 3 + x + 1 has distinct roots over C . Example Take k = F 31 . Then y 2 = x 3 + x + 1 is NOT an elliptic curve since ( x − 14) 2 ( x − 3) = x 3 − 31 x 2 + 280 x − 588 ≡ x 3 + x + 1 mod 31 . Jared Asuncion https://shorturl.at/krtxD PhD Away Days 2 / 11

An elliptic curve has a group structure. The group structure is obtained using the ‘connect-intersect-reflect’ method. The identity of this group is called the point at infinity, denoted by ∞ . P Q y 2 = x 3 + 1 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 3 / 11

An elliptic curve has a group structure. The group structure is obtained using the ‘connect-intersect-reflect’ method. The identity of this group is called the point at infinity, denoted by ∞ . P Q P + Q y 2 = x 3 + 1 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 3 / 11

An elliptic curve has a group structure. The group structure is obtained using the ‘connect-intersect-reflect’ method. The identity of this group is called the point at infinity, denoted by ∞ . P y 2 = x 3 + 1 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 4 / 11

An elliptic curve has a group structure. The group structure is obtained using the ‘connect-intersect-reflect’ method. The identity of this group is called the point at infinity, denoted by ∞ . P P + P y 2 = x 3 + 1 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 4 / 11

An elliptic curve has a group structure. The group structure is obtained using the ‘connect-intersect-reflect’ method. The identity of this group is called the point at infinity, denoted by ∞ . P Q y 2 = x 3 + 1 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 5 / 11

An elliptic curve has a group structure. The group structure is obtained using the ‘connect-intersect-reflect’ method. The identity of this group is called the point at infinity, denoted by ∞ . So, P + Q = ∞ . P Q y 2 = x 3 + 1 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 5 / 11

Using the same equations for the ‘connect-intersect-reflect’ method, we also find a group law for elliptic curves over finite fields. Example The elliptic curve y 2 = x 3 + x over F 7 has eight points with coordinates in F 7 : E = {∞ , (0 , 0) , (1 , ± 3) , (3 , ± 4) , (5 , ± 2) } It has other points in extension fields (e.g. in F 7 ( i ) ) such as (2 , 2 i ) : y 2 (2 i ) 2 = = − 4 ≡ 3 mod 7 x 3 + x 2 3 + 2 = = 10 ≡ 3 mod 7 . Jared Asuncion https://shorturl.at/krtxD PhD Away Days 6 / 11

Note that ‘multiplication-by- m ’ is a group homomorphism from E to E (i.e. an endomorphism of E ). − 1 · (5 , 2) = (5 , − 2) 2 · (5 , 2) = (1 , 3) − 1 · (1 , 3) = (1 , − 3) 2 · (1 , 3) = (0 , 0) Jared Asuncion https://shorturl.at/krtxD PhD Away Days 7 / 11

Note that ‘multiplication-by- m ’ is a group homomorphism from E to E (i.e. an endomorphism of E ). − 1 · (5 , 2) = (5 , − 2) 2 · (5 , 2) = (1 , 3) − 1 · (1 , 3) = (1 , − 3) 2 · (1 , 3) = (0 , 0) Some elliptic curves have extra endomorphisms. For example, the elliptic curve y 2 = x 3 + x has i : ( x , y ) �→ ( − x , iy ). i 2 · (5 , 2) = (5 , − 2) i · (5 , 2) = ( − 5 , 2 i ) i 2 · (1 , 3) = (1 , − 3) i · (1 , 3) = ( − 1 , 3 i ) i 2 · ( − 5 , 2 i ) = ( − 5 , − 2 i ) i · ( − 5 , 2 i ) = (5 , − 2) i 2 · ( − 1 , 3 i ) = (1 , − 3 i ) i · ( − 1 , 3 i ) = (1 , − 3) Jared Asuncion https://shorturl.at/krtxD PhD Away Days 7 / 11

Note that ‘multiplication-by- m ’ is a group homomorphism from E to E (i.e. an endomorphism of E ). − 1 · (5 , 2) = (5 , − 2) 2 · (5 , 2) = (1 , 3) − 1 · (1 , 3) = (1 , − 3) 2 · (1 , 3) = (0 , 0) Some elliptic curves have extra endomorphisms. For example, the elliptic curve y 2 = x 3 + x has i : ( x , y ) �→ ( − x , iy ). i 2 · (5 , 2) = (5 , − 2) i · (5 , 2) = ( − 5 , 2 i ) i 2 · (1 , 3) = (1 , − 3) i · (1 , 3) = ( − 1 , 3 i ) i 2 · ( − 5 , 2 i ) = ( − 5 , − 2 i ) i · ( − 5 , 2 i ) = (5 , − 2) i 2 · ( − 1 , 3 i ) = (1 , − 3 i ) i · ( − 1 , 3 i ) = (1 , − 3) Observe that i 2 · P = − P . It is similar to how i 2 = − 1 (as complex numbers). Jared Asuncion https://shorturl.at/krtxD PhD Away Days 7 / 11

Primality Proving Trial Division To prove N is prime, it suffices to check if it is divisible by integers √ greater than 1 whose value is at most N . √ We prove that q = 31 is prime. Note that 31 ≈ 5 . 5678. 31 divided by 2 = 15 r. 1 31 divided by 3 = 10 r. 1 31 divided by 4 = 7 r. 3 31 divided by 5 = 6 r. 1 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 8 / 11

Proposition Let 6 < N be an integer. If there exists: an integer m a prime q an elliptic curve E over Z / N Z and a point P on E such that m = qs for some s ∈ Z � 2 N 1 / 4 + 1 � q > mP = ∞ sP � = ∞ then N is prime. Jared Asuncion https://shorturl.at/krtxD PhD Away Days 9 / 11

Proposition Let 6 < N = 97 be an integer. If there exists: an integer m a prime q an elliptic curve E over Z / N Z and a point P on E such that m = qs for some s ∈ Z � 2 N 1 / 4 + 1 � q > mP = ∞ sP � = ∞ then N is prime. Jared Asuncion https://shorturl.at/krtxD PhD Away Days 9 / 11

Proposition Let 6 < N = 97 be an integer. If there exists: an integer m = 93 a prime q an elliptic curve E over Z / N Z and a point P on E such that m = qs for some s ∈ Z � 2 N 1 / 4 + 1 � q > mP = ∞ sP � = ∞ then N is prime. Jared Asuncion https://shorturl.at/krtxD PhD Away Days 9 / 11

Proposition Let 6 < N = 97 be an integer. If there exists: an integer m = 93 a prime q = 31 an elliptic curve E over Z / N Z and a point P on E such that m = qs for some s ∈ Z � 2 N 1 / 4 + 1 � q > mP = ∞ sP � = ∞ then N is prime. Jared Asuncion https://shorturl.at/krtxD PhD Away Days 9 / 11

Proposition Let 6 < N = 97 be an integer. If there exists: an integer m = 93 a prime q = 31 an elliptic curve E over Z / N Z , say, E : y 2 = x 3 + 69 x + 2 and a point P on E such that m = qs for some s ∈ Z � 2 N 1 / 4 + 1 � q > mP = ∞ sP � = ∞ then N is prime. Jared Asuncion https://shorturl.at/krtxD PhD Away Days 9 / 11

Proposition Let 6 < N = 97 be an integer. If there exists: an integer m = 93 a prime q = 31 an elliptic curve E over Z / N Z , say, E : y 2 = x 3 + 69 x + 2 and a point P on E, say, P = (12 , 91) such that m = qs for some s ∈ Z � 2 N 1 / 4 + 1 � q > mP = ∞ sP � = ∞ then N is prime. Jared Asuncion https://shorturl.at/krtxD PhD Away Days 9 / 11

Proposition Let 6 < N = 97 be an integer. If there exists: an integer m = 93 a prime q = 31 an elliptic curve E over Z / N Z , say, E : y 2 = x 3 + 69 x + 2 and a point P on E, say, P = (12 , 91) such that m = qs for some s ∈ Z . We have s = 3 ∈ Z since 93 = 31 · 3 . � 2 N 1 / 4 + 1 � q > mP = ∞ sP � = ∞ then N is prime. Jared Asuncion https://shorturl.at/krtxD PhD Away Days 9 / 11

Elliptic Curve Primality Proving Jared Asuncion PhD Away Days - PowerPoint PPT Presentation

Elliptic Curve Primality Proving Jared Asuncion PhD Away Days Bordeaux-Luxembourg 19 October 2019 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 1 / 11 Definition An elliptic curve over k ( char k = 2 , 3 ) is a smooth projective

Deterministic elliptic curve primality proving for special sequences Alice Silverberg UC Irvine

Deterministic Elliptic Curve Primality Proving for a Special Sequence of Numbers Alex

Primality Proving with Elliptic Curves Laurent Thry Marelle Project 29/03/2007 p.1 Prime

Quick Review: Quadratic Residues Koblitzs Method We want to solve equations like: All of the

Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm Problem

Elliptic Curves over the Rational Mordells Theorem Numbers Q An elliptic curve is a

The AGM- X 0 ( N ) Algorithm Heegner point lifting with application to elliptic curve point

Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018

Elliptic Curves over Q Peter Birkner Technische Universiteit Eindhoven DIAMANT Summer School on

Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July

Efficient Finite Field and Elliptic Curve Arithmetic Laurent Imbert CNRS, LIRMM, Universit e

The probability of primality of the order of a genus 2 curve Jacobian Wouter Castryck joint with

Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The

Next-generation elliptic-curve cryptography (ECC) Daniel J. Bernstein Cryptographic

Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven

A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March

elliptic curve cryptography Craig Costello Summer School on Real-World Crypto and Privacy June

Efficient arithmetic on elliptic curves in large characteristic D. J. Bernstein University of

The elliptic-curve zoo D. J. Bernstein University of Illinois at Chicago EC point counting 1983

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil

Elliptic Curve Cryptography: Invention and Impact: The invasion of the Number Theorists Victor S.