primality proving with elliptic curves
play

Primality Proving with Elliptic Curves Laurent Thry Marelle - PowerPoint PPT Presentation

Oct 02, 2022 •33 likes •283 views

Primality Proving with Elliptic Curves Laurent Thry Marelle Project 29/03/2007 p.1 Prime Number Inductive N := O: N | S ( n : N ): N Definition m + n := if m is S m then S ( m + n ) else n Definition m * n := if m is S m then

  1. Primality Proving with Elliptic Curves Laurent Théry Marelle Project 29/03/2007 – p.1

  2. Prime Number Inductive N := O: N | S ( n : N ): N Definition m + n := if m is S m ′ then S ( m ′ + n ) else n Definition m * n := if m is S m ′ then n + ( m ′ * n ) else O Definition m | n := ∃ q, n = q * m Definition prime p := ∀ m, m | p ⇒ m = 1 ∨ m = p ∧ p � = 1 29/03/2007 – p.2

  3. Prime Number Theorem ex 1 : prime 1234567891. Proof. Qed. 29/03/2007 – p.3

  4. Fermat little theorem b k − 1 b k − 1 a b k − 1 a 2 . . . b k − 1 a i . . . b k − 1 a m − 1 . . . . . . . . . . . . . . . . . . . . . . . . b i a i . . . b i a m − 1 b i a 2 b i b i a . . . . . . . . . . . . . . . . . . . . . . . . b 1 a i . . . b 1 a m − 1 b 1 a 2 b 1 b 1 a . . . a i . . . a m − 1 a 2 1 a a m = 1 mod n a n − 1 = a mk = ( a m ) k = 1 mod n 29/03/2007 – p.4

  5. Pocklington Certificate m is the order of a : a m = 1 mod n ∧ ∀ k, k | m ⇒ a m/k � = 1 mod n Projection from Z /n Z to Z /p Z ( p | n ) : gcd ( u, n ) = 1 ∧ u � = 0 mod n ⇒ u � = 0 mod p 29/03/2007 – p.5

  6. Pocklington Certificate Let N be an integer. Assume that there exists a coprime to n and m such that a m = 1 mod n ∀ p, prime p ∧ p | m ⇒ gcd ( a m/p − 1 , n ) = 1 Then, if m ≥ √ n , n is prime. 29/03/2007 – p.6

  7. Elliptic Curve Cubic curve: y 2 = x 3 + Ax + B (4 A 3 + 27 B 2 � = 0) Example: y 2 = x 3 − x 29/03/2007 – p.7

  8. Formalisation Inductive elt: Set := | inf_elt: elt | curve_elt (x: K) (y: K) (H: y 2 = x 3 + A * x + B): elt. 29/03/2007 – p.8

  9. Elliptic Curve r q p 29/03/2007 – p.9

  10. Elliptic Curve -p p 29/03/2007 – p.10

  11. Formalisation Definition -p := match p with | inf_elt ⇒ inf_elt | curve_elt x y H ⇒ curve_elt x (-y) opp lem end. 29/03/2007 – p.11

  12. Elliptic Curve q q q p+q p p p 29/03/2007 – p.12

  13. Formalisation Definition p 1 + p 2 := match p1, p2 with | inf_elt, _ ⇒ p 2 | _, inf_elt ⇒ p 1 | curve_elt x 1 y 1 H 1 , curve_elt x 2 y 2 H 2 ⇒ if x 1 = = x 2 then if (y 1 = = -y 2 ) then inf_elt else let l = (3 * x 2 1 + A)/(2 * y1) in let x 3 = l 2 - 2 * x 1 in ⊕ t curve_elt x 3 (-y 1 - l * (x 3 - x 1 )) add lem 1 else let l = (y 2 - y 1 )/(x 2 - x 1 ) in let x 3 = l 2 - x 1 - x 2 in ⊕ g curve_elt x 3 (-y 1 - l * (x 3 - x 1 )) add lem 2 29/03/2007 – p.13

  14. Formalisation ( elt , +) is a commutative group The difficult part: p 1 + ( p 2 + p 3 ) = ( p 1 + p 2 ) + p 3 Reduce to p 1 ⊕ ( p 2 ⊕ p 3 ) = ( p 1 ⊕ p 2 ) ⊕ p 3 Further reduce to 1. p 1 ⊕ g ( p 2 ⊕ g p 3 ) = ( p 1 ⊕ g p 2 ) ⊕ g p 3 . 2. p 1 ⊕ g ( p 2 ⊕ t p 2 ) = ( p 1 ⊕ g p 2 ) ⊕ g p 2 . 3. p 1 ⊕ g ( p 1 ⊕ g ( p 1 ⊕ t p 1 )) = ( p 1 ⊕ t p 1 ) ⊕ t ( p 1 ⊕ t p 1 ) 4. p 1 ⊕ g ( p 2 ⊕ g ( p 1 ⊕ g p 2 )) = ( p 1 ⊕ g p 2 ) ⊕ t ( p 1 ⊕ g p 2 ) 29/03/2007 – p.14

  15. Explicit computation y 2 = x 3 + Ax + B ∧ l = (3 x 2 + A ) / 2 y ∧ x 1 = l 2 − 2 x ∧ y 1 = − y − l ( x 1 − x ) ∧ ⇒ y 2 1 = x 3 1 + Ax 1 + B Common denominator: 2 10 y 8 − 2 10 y 6 x 3 − 2 10 Ay 6 x − 2 10 By 6 = 0 29/03/2007 – p.15

  16. Explicit computation Common denominator: 2 10 y 8 − 2 10 y 6 x 3 − 2 10 Ay 6 x − 2 10 By 6 = 0 Rewriting: 2 10 ( x 3 + Ax + B ) 4 − 2 10 ( x 3 + Ax + B ) 3 x 3 − 2 10 A ( x 3 + Ax + B ) 3 x − 2 10 B ( x 3 + Ax + B ) 3 = 0 Ring Equality: Qed 29/03/2007 – p.16

  17. First equation x 1 − x 2 � = 0 ∧ x 4 − x 3 � = 0 ∧ x 2 − x 3 � = 0 ∧ x 5 − x 1 � = 0 ∧ y 2 1 = x 3 1 + A ∗ x 1 + B ∧ y 2 2 = x 3 2 + A ∗ x 2 + B ∧ y 2 3 = x 3 3 + A ∗ x 3 + B ∧ x 4 = ( y 1 − y 2 ) 2 / ( x 1 − x 2 ) 2 − x 1 − x 2 ∧ y 4 = − ( y 1 − y 2 ) / ( x 1 − x 2 ) ∗ ( x 4 − x 1 ) − y 1 ∧ x 6 = ( y 4 − y 3 ) 2 / ( x 4 − x 3 ) 2 − x 4 − x 3 ∧ y 6 = − ( y 4 − y 3 ) / ( x 4 − x 3 ) ∗ ( x 6 − x 3 ) − y 3 ∧ x 5 = ( y 2 − y 3 ) 2 / ( x 2 − x 3 ) 2 − x 2 − x 3 ∧ y 5 = − ( y 2 − y 3 ) / ( x 2 − x 3 ) ∗ ( x 5 − x 2 ) − y 2 ∧ x 7 = ( y 5 − y 1 ) 2 / ( x 5 − x 1 ) 2 − x 5 − x 1 ∧ y 7 = − ( y 5 − y 1 ) / ( x 5 − x 1 ) ∗ ( x 7 − x 1 ) − y 1 ⇒ x 6 − x 7 = 0 29/03/2007 – p.17

  18. First equation - (2) * y 8 2 * x 7 3 * x 6 2 + 2 * (2 * (1 + 2)) * y 8 2 * x 7 3 * x 5 2 * x 1 - 2 * (1 + 2 * (1 + 2 * (1 + 2))) * y 8 2 * x 7 3 * x 4 2 * x 2 1 + 2 * (2 * (2 * (1 + 4))) * y 8 2 * x 7 3 * x 3 2 * x 3 1 - 2 * (1 + 2 * (1 + 2 * (1 + 2))) * y 8 2 * x 7 3 * x 2 2 * x 4 1 + 2 * (2 * (1 + 2)) * y 8 2 * x 7 3 * x 2 * x 5 1 - 2 * y 8 2 * x 7 3 * x 6 1 + 2 * (2 * (1 + 2)) * y 8 2 * x 6 3 * x 7 2 - 2 * (1 + 2 * (1 + 2 * (2 * 4))) * y 8 2 * x 6 3 * x 6 2 * x 1 + 2 * (2 * (2 * (1 + 2 * (2 * (1 + 4))))) * y 8 2 * x 6 3 * x 5 2 * x 2 1 - 2 * (1 + 2 * (2 * (2 * (1 + 2 * (2 * (1 + 2)))))) * y 8 2 * x 6 3 * x 4 2 * x 3 1 + 2 * (2 * (1 + 2 * (1 + 2 * (2 * 4)))) * y 8 2 * x 6 3 * x 3 2 * x 4 1 - 2 * (1 + 2 * (2 * (1 + 4))) * y 8 2 * x 6 3 * x 2 2 * x 5 1 + 2 * y 8 2 * x 6 3 * x 7 1 - ................................................... ................................................... ................................................... 20000 lines!! 29/03/2007 – p.18

  19. Reflection One Reification Ring Horner Representation: P ❀ P ′ + x i Q ′ Rewrite [ m = R ] Naive: P ❀ P = P ′ + mQ ′ ❀ P ′ + RQ ′ Common denominator P 1 /Q 1 + P 2 /Q 2 ❀ ( P ′ 1 Q ′ 2 + P ′ 2 Q ′ 1 ) /Q ′ 1 Q ′ 2 Result: field[H 1 ; H 2 ] 80 seconds. 29/03/2007 – p.19

  20. Elliptic Certificate Order of a point: m.P = P + · · · + P = 0 � �� � m Projective coordinate: (3 / 4 , 1 / 3) ❀ (9 : 4 : 12) 29/03/2007 – p.20

  21. Elliptic Certificate Let n be an integer. Assume that there exist an elliptic curve y 2 = x 3 + Ax + B with A, B ∈ Z and gcd (4 A 3 + 27 B 2 , n ) = 1 , a point P = ( x P : y P : 1) such that y 2 P = x 3 P + Ax P + B mod n , and an integer m such that • m.P = (0 : 1 : 0) mod n ; • for all prime p | m , ( m/p ) .P = ( x p : y p : z p ) mod n with gcd ( z p , n ) = 1 . Then, if 4 n < ( m − 1) 2 , n is prime 29/03/2007 – p.21

  22. Elliptic Certificate { 329719147332060395689499 , − 94080 , 9834496 , 0 , 3136 , 8209062 , [(40165264598163841 , 1)] } with the curve y 2 = x 3 − 94080 x + 9834496 and the point 8209062 . (0 , 3136) whose order is 40165264598163841 , 329719147332060395689499 is prime if 40165264598163841 is prime . 29/03/2007 – p.22

  23. Checking certificates Definition double( p 1 , sc 1 ) = if p 1 = 0 then (0 , sc 1 ) else let ( x 1 : y 1 : z 1 ) = p 1 in if y 1 = 0 then (0 , z 1 sc 1 ) else let m = 3 x 2 1 + Az 2 1 and l = 2 y 1 z 1 in let l 2 = l 2 and x 2 = m 2 z 1 − 2 x 1 l 2 in (( x 2 l : l 2 ( x 1 m − y 1 l ) − x 2 m : z 1 l 2 l ) , sc 1 ) 29/03/2007 – p.23

  24. A Demo 29/03/2007 – p.24

  25. Conclusions Proving Primality Proving Ubiquity of computing 29/03/2007 – p.25

Recommend

Deterministic elliptic curve primality proving for special sequences Alice Silverberg UC Irvine

Deterministic elliptic curve primality proving for special sequences Alice Silverberg UC Irvine

Deterministic elliptic curve primality proving for special sequences Alice Silverberg UC Irvine GEOCRYPT 2013 Deterministic Primality Proving In joint work with Alex Abatzoglou, Drew Sutherland, and Angela Wong, we give necessary and

726 views • 44 slides
Deterministic Elliptic Curve Primality Proving for a Special Sequence of Numbers Alex

Deterministic Elliptic Curve Primality Proving for a Special Sequence of Numbers Alex

Deterministic Elliptic Curve Primality Proving for a Special Sequence of Numbers Alex Abatzoglou, Alice Silverberg, Andrew V. Sutherland, Angela Wong Tenth Algorithmic Number Theory Symposium University of California, San Diego July 9, 2012

630 views • 43 slides
Elliptic Curve Primality Proving Jared Asuncion PhD Away Days Bordeaux-Luxembourg 19 October

Elliptic Curve Primality Proving Jared Asuncion PhD Away Days Bordeaux-Luxembourg 19 October

Elliptic Curve Primality Proving Jared Asuncion PhD Away Days Bordeaux-Luxembourg 19 October 2019 Jared Asuncion https://shorturl.at/krtxD PhD Away Days 1 / 11 Definition An elliptic curve over k ( char k = 2 , 3 ) is a smooth projective

596 views • 38 slides
Rational Points on Modular Elliptic Curves I. Elliptic Curves Hedrick Lecture Series MAA

Rational Points on Modular Elliptic Curves I. Elliptic Curves Hedrick Lecture Series MAA

Rational Points on Modular Elliptic Curves I. Elliptic Curves Hedrick Lecture Series MAA MathFest Boulder, Colorado August 2003 http://www.math.mcgill.ca/darmon /slides/slides.html Elliptic Curves Definition : An elliptic curve over the

494 views • 26 slides
Weierstra Equations 2 d 4 16 ( 1 t 2 / 4 ) Singular points

Weierstra Equations 2 d 4 16 ( 1 t 2 / 4 ) Singular points

Elliptic curves over F q Introduction History length of ellipses why Elliptic curves? Fields Weierstra Equations Singular points The Discriminant E LLIPTIC CURVES OVER FINITE FIELDS Elliptic curves / F 2 Elliptic curves / F 3 The sum of

660 views • 32 slides
Forms of elliptic curves Wouter Castryck Forms of elliptic curves First definitions Well-known

Forms of elliptic curves Wouter Castryck Forms of elliptic curves First definitions Well-known

Well-known forms of elliptic curves Toric forms of elliptic curves Forms of elliptic curves Wouter Castryck Forms of elliptic curves First definitions Well-known forms of elliptic curves Projective coordinates Toric forms of elliptic curves

478 views • 46 slides
Elliptic Curves in Sage William Stein Sage Project Functionality William Stein Demo

Elliptic Curves in Sage William Stein Sage Project Functionality William Stein Demo

Elliptic Curves in Sage Elliptic Curves in Sage William Stein Sage Project Functionality William Stein Demo Questions? October 19 at ECC 2010 Lowest (known) conductor elliptic curves of ranks 0,1,2,3,4 Abstract Elliptic Curves in Sage

628 views • 14 slides
Lecture 11: Elliptic curves and their moduli May 26, 2020 1 / 9 Elliptic curves and complex

Lecture 11: Elliptic curves and their moduli May 26, 2020 1 / 9 Elliptic curves and complex

Lecture 11: Elliptic curves and their moduli May 26, 2020 1 / 9 Elliptic curves and complex tori E a , b : y 2 x 3 ` ax ` b , 4 a 3 ` 27 b 2 0 4 a 3 j p E a , b q 1728 4 a 3 ` 27 b 2 Theorem. The map z r p z q : 1 2 1 p

646 views • 9 slides
Isogenies and endomorphism rings of elliptic curves ECC Summer School Damien Robert Microsoft

Isogenies and endomorphism rings of elliptic curves ECC Summer School Damien Robert Microsoft

Isogenies and endomorphism rings of elliptic curves ECC Summer School Damien Robert Microsoft Research 15 / 09 / 2011 (Nancy) 2 / 66 Outline 1 Isogenies on elliptic curves 2 Endomorphisms 3 Supersingular elliptic curves 4 Abelian varieties

1.84k views • 79 slides
The Elliptic Curves Discrete Logarithm Problem and an implementation of parallelized Pollards

The Elliptic Curves Discrete Logarithm Problem and an implementation of parallelized Pollards

What is an elliptic curve? Elliptic Curves in Cryptography. ECDLP resolution. -Pollard and CUDA. Conclusions The Elliptic Curves Discrete Logarithm Problem and an implementation of parallelized Pollards algorithm for ECDLP Alberto

1.52k views • 103 slides
Deterministic Generation of Elliptic Curves (a.k.a. &quot;NUMS&quot; Curves) Motivation

Deterministic Generation of Elliptic Curves (a.k.a. &quot;NUMS&quot; Curves) Motivation

Deterministic Generation of Elliptic Curves (a.k.a. &quot;NUMS&quot; Curves) Motivation Reduced customer confidence in NIST-standardized curves (FIPS 186-3) Industry moving to Perfect Forward Secrecy (PFS) ciphersuites (e.g. ECDHE)

306 views • 11 slides
Faltings Heights of CM Elliptic Curves Tyler Genao Florida Atlantic University In collaboration

Faltings Heights of CM Elliptic Curves Tyler Genao Florida Atlantic University In collaboration

Faltings Heights of CM Elliptic Curves Tyler Genao Florida Atlantic University In collaboration with Adrian Barquero-Sanchez, Lindsay Cadwallader, Olivia Cannon, Riad Masri Tyler Genao Faltings Heights of CM Elliptic Curves Elliptic Curves

571 views • 41 slides
Elliptic Curves II Reinier Br oker Fields Institute &amp; University of Calgary Summer School

Elliptic Curves II Reinier Br oker Fields Institute &amp; University of Calgary Summer School

Elliptic Curves II Reinier Br oker Fields Institute &amp; University of Calgary Summer School before ECC September 2006 Elliptic curves An elliptic curve E over a field K is given by a Weierstra equation Y 2 + h ( X ) Y = f ( X ) with h, f

416 views • 13 slides
Finding Cryptographically Strong Elliptic Curves An Introduction Hamish Ivey-Law

Finding Cryptographically Strong Elliptic Curves An Introduction Hamish Ivey-Law

Outline Elliptic curve cryptography Secure domain parameters Case study: finding secure Edwards curves Finding Cryptographically Strong Elliptic Curves An Introduction Hamish Ivey-Law hlaw@iml.univ-mrs.fr Institute de Math ematiques de

662 views • 41 slides
The symplectic type of congruences between elliptic curves John Cremona University of Warwick

The symplectic type of congruences between elliptic curves John Cremona University of Warwick

The symplectic type of congruences between elliptic curves John Cremona University of Warwick joint work with Nuno Freitas (Warwick) AGC 2 T Luminy, 10 June 2019 Overview 1. Elliptic curves, mod p Galois representations, Weil pairing. 2.

954 views • 70 slides
Lecture 2 Elliptic curves over finite fields The Group structure Reminder from Monday the j

Lecture 2 Elliptic curves over finite fields The Group structure Reminder from Monday the j

Elliptic curves over F q F. Pappalardi Lecture 2 Elliptic curves over finite fields The Group structure Reminder from Monday the j -invariant Research School: Algebraic curves over finite fields Points of finite order

581 views • 29 slides
Recent Advances in Parallel Implementations of Scalar Multiplication over Binary Elliptic Curves

Recent Advances in Parallel Implementations of Scalar Multiplication over Binary Elliptic Curves

Recent Advances in Parallel Implementations of Scalar Multiplication over Binary Elliptic Curves C. Negre and J.M. Robert april 8, 2015 1 / 39 Outline Overview of elliptic curve cryptography 1 Implementation of F 2 m arithmetic 2 Elliptic

781 views • 75 slides
Elliptic Curves over the Rational Mordells Theorem Numbers Q An elliptic curve is a

Elliptic Curves over the Rational Mordells Theorem Numbers Q An elliptic curve is a

Elliptic Curves over the Rational Mordells Theorem Numbers Q An elliptic curve is a nonsingular plane cu- Theorem (Mordell). The group E ( Q ) of rational points on an bic curve with a rational point (possibly at elliptic curve is a

402 views • 7 slides
Q ( 5) Elliptic Curves over Q ( 5) Stein William Stein, University of Washington This is

Q ( 5) Elliptic Curves over Q ( 5) Stein William Stein, University of Washington This is

Curves Over Q ( 5) Elliptic Curves over Q ( 5) Stein William Stein, University of Washington This is part of the NSF-funded AIM FRG project on Databases of L -functions. This talk had much valuable input from Noam Elkies, John Voight,

567 views • 40 slides
Faster formulas for elliptic curves Hseyin H sl hisil.huseyin@gmail.com

Faster formulas for elliptic curves Hseyin H sl hisil.huseyin@gmail.com

Faster formulas for elliptic curves Hseyin H sl hisil.huseyin@gmail.com www.huseyinhisil.net ECC2010, Redmond Hseyin H sl () October 19, 2010 1 / 36 Faster formulas for elliptic curves (A roadmap for formula-hunters)

825 views • 55 slides
Stein Elliptic Curves over Q ( 5) William Stein, University of Washington (This is part of

Stein Elliptic Curves over Q ( 5) William Stein, University of Washington (This is part of

Curves Over Q ( 5) Stein Elliptic Curves over Q ( 5) William Stein, University of Washington (This is part of the NSF-funded AIM FRG project on Databases of L -functions) February 2011 Curves Over Q ( 5) Stein 1. Finding

536 views • 34 slides
Elliptic gamma functions, gerbes and triptic curves Giovanni Felder, ETH Zurich Paris, 18

Elliptic gamma functions, gerbes and triptic curves Giovanni Felder, ETH Zurich Paris, 18

Elliptic gamma functions, gerbes and triptic curves Giovanni Felder, ETH Zurich Paris, 18 January 2007 1 Table of contents 0. Introduction 1. Two periods: Jacobis infinite products, elliptic curves, SL 2 ( Z ) 2. Three periods:

510 views • 18 slides
On the discrete logarithm problem in elliptic curves Claus Diem University of Leipzig On the

On the discrete logarithm problem in elliptic curves Claus Diem University of Leipzig On the

On the discrete logarithm problem in elliptic curves Claus Diem University of Leipzig On the discrete logarithm problem in elliptic curves p.1/37 Some history At ECC 2004 in Bochum, Pierrick Gaudry presented an index calculus algorithm

897 views • 67 slides
Elliptic Curves over Q Peter Birkner Technische Universiteit Eindhoven DIAMANT Summer School on

Elliptic Curves over Q Peter Birkner Technische Universiteit Eindhoven DIAMANT Summer School on

Elliptic Curves over Q Peter Birkner Technische Universiteit Eindhoven DIAMANT Summer School on Elliptic and Hyperelliptic Curve Cryptography 16 September 2008 What is an elliptic curve? (1) An elliptic curve E over a field k in Weierstra

298 views • 25 slides

More recommend