Moduli of supersingular abelian varieties kezheng li. Supersingular abelian varieties are natural candidates for these. In positive characteristic the structure of the ptorsionstructure is an additional, useful tool. The divisor group of a curve c, denoted divc, is the free abelian group. For example, one can obtain embedding degree 12 from a supersingular abelian surface in char acteristic two. Using abelian varieties to improve pairingbased cryptography 3 supersingular abelian varieties than using supersingular elliptic curves, and supersingular abelian surfaces attain higher mov security per bit than supersingular elliptic curves over every. We treat in particular the practically relevant cases of field extensions of degree 3 or 5. Method 1 constructing pairingfriendly abelian varieties. We analyse the geometry of hilbert schemes of points on abelian surfaces and beauvilles generalized kummer varieties in positive characteristics.
Higher security levels require non supersingular usually, ordinary abelian vareities. Bringing together a fascinating mixture of topics in engineering, mathematics, computer science, and informatics, this book presents the timeless mathematical theory underpinning cryptosystems both old and new. Construct public key cryptosystems by hiding vulnerable curves by an isogeny the trapdoor tes06, or by encoding informations in the isogeny graph rs06. A quantum algorithm for computing isogenies between. On supersingular varieties frobenius supersingular varieties problems artinshioda conjecture every supersingular k3 surface s in the sense of shioda is conjectured to be purelyinseparably unirational. Supersingular curves in cryptography proceedings of the 7th. They show that for supersingular abelian varieties, the difference in the size of the exponent can be at. The converse is true if the tate conjecture is assumed. The main result is that, in characteristic two, the addition map from the. Supersingular abelian variety sometimes defined to be an abelian variety isogenous to a product of supersingular elliptic curves, and sometimes defined to be an abelian variety of some rank g whose endomorphism ring has rank 2g 2. Fully maximal and minimal supersingular abelian varieties. In algebraic number theory, a supersingular prime for a given elliptic curve is a prime number with a certain relationship to that curve.
The main purpose of this survey is to give a complete account of the computational aspects of the isogenies of low dimensional abelian varieties and their use in cryptography. Fully maximal and minimal supersingular abelian varieties valentijn karemaker university of pennsylvania joint with r. Constructing abelian varieties for pairingbased cryptography by david stephen freeman doctor of philosophy in mathematics university of california, berkeley professor kenneth a. Isogenies and endomorphism rings of elliptic curves ecc summer school damien robert microsoft research 15092011 nancy 2 66 outline 1 isogenies on elliptic curves 2 endomorphisms 3 supersingular elliptic curves 4 abelian varieties 5 references. Regarding the dual of an abelian variety stack exchange. Pries arithmetic, geometry, cryptography, and coding theory, cirm june 19, 2017. The author computes the rational chow groups of supersingular abelian varieties and some other related varieties, such as supersingular fermat varieties and supersingular k3 surfaces. See also cryptology eprint archive, report 2003167. Take isogenies to reduce the impact of side channel attacks sma03. Supersingular abelian varieties, designs, codes and cryptography, vol. The original ideas were first introduced into cryptography by frey. Part of the lecture notes in computer science book series lncs, volume.
Schaefer, cochairs abelian varieties that have small embedding degree with respect to a large primeorder. Pdf a cryptographic application of weil descent researchgate. Goldwasser, the search for provably secure cryptosystems, proceedings of symposia in applied mathematics, vol. Electronic books conference papers and proceedings. Let a be a supersingular abelian variety defined over a finite field k.
A strong background in the mathematics underlying public key cryptography is essential for a deep understanding of the subject, and this book provides exactly that for students and researchers in mathematics, computer science and electrical engineering. Mathematics of public key cryptography by steven d. We discuss how to apply gaudrys index calculus algorithm for abelian varieties to solve the discrete logarithm problem in the trace zero variety of an elliptic curve. For low dimensions the moduli of supersingular abelian varieties is by now well understood. Supersingular curves in cryptography proceedings of the. An abelian surface contains a smooth absolutely irreducible curve of genus 1 if and. For that structure supersingular abelian varieties can be considered the most special ones.
This alert has been successfully added and will be sent to. The isogeny graph of a supersingular elliptic curve can be used to construct secure hash functions clg09. A quantum algorithm for computing isogenies between supersingular elliptic curves jeanfran. David freeman constructing abelian varieties for pairingbased cryptography.
In this book we provide a description of the supersingular locus in all dimensions, in particular we compute the dimension of it. Meanwhile, we also list alllfunctions of supersingular curves of genus two over f 2 and determine the group structure of their divisor class groups over all finite algebraic extension of f 2. Todays pervasive computing and communications networks have created an intense need for secure and reliable cryptographic systems. Cryptography and secure communication by richard e. Box analysis of the blockcipherbased hashfunction constructions from pgv elliptic curves and abelian varieties supersingular abelian varieties in cryptology efficient algorithms for pairingbased cryptosystems computing zeta functions of hyperelliptic curves.
Our theoretical analysis is compared to other algorithms present in the literature, and is complemented by results from a prototype. They provide a starting point for the fine description of various structures. Compact hardware for computing the tate pairing over. Su persingular abelian varieties have already been proposed for pairingbased cryptography 10,14. Supersingular abelian varieties in cryptology uci math.
Galbraith, christophe petit and javier silva, identification protocols and signature schemes based on supersingular isogeny problems, journal of cryptology, volume 33, issue 1 2020 175. We give a survey on old and new results on relations between geometric invariants of principally polarized supersingular abelian varieties and arithmetic invariants of quaternion hermitian forms such as the numbers of polarizations and irreducible components of the supersingular locus, the field of definition, existence of curves with many rational points, class numbers, type numbers. Supersingular prime algebraic number theory wikipedia. On supersingular varieties frobenius supersingular varieties an example if the cohomology ring of x is generated by the classes of algebraic cycles over fq, then x is frobenius supersingular. Mathematical foundations of elliptic curve cryptography tu wien. In mathematics, particularly in algebraic geometry, complex analysis and number theory, an abelian variety is a projective algebraic variety that is also an algebraic group, i. Verifiable property means that one participant may verify hisher own share, but cannot check the validity of the other participants shares. Silverberg, supersingular abelian varieties in cryptology, advances in cryptology crypto2002, lncs 2442, springerverlag 2002, pp. Newest abelianvarieties questions mathematics stack.
Constructing abelian varieties for pairingbased cryptography. Advances in cryptology asiacrypt 2019 25th international conference on the theory and application of cryptology and information security, kobe, japan, december 812, 2019, proceedings, parts i, ii, iii. Hierarchical idbased cryptography proceedings of the. Optimal blackbox secret sharing over arbitrary abelian groups. This paper determines exactly which values can occur as the security parameters of supersingular abelian varieties in terms of the dimension of the abelian variety and the size of the finite field, and gives constructions of supersingular abelian varieties that are optimal for use in cryptography. You will be notified whenever a record that you have chosen has been cited.
An algebraic set is called a projective variety if it is irreducible or. I have seen the definition of supersingular elliptic curves on textbooks by hartshorne and silverman. Blackbox analysis of the blockcipherbased hashfunction constructions from pgv. The prank of an abelian variety a over a field k of characteristic p is the integer k for which the kernel ap of multiplication by p has p k points. Ordinary abelian varieties having small embedding degree. Abelian varieties and pairingbased cryptography constructing pairingfriendly abelian varieties. On small characteristic algebraic tori in pairingbased cryptography. Elliptic curves and abelian varieties supersingular abelian varieties in cryptology efficient algorithms. Newest abelianvarieties questions mathematics stack exchange. Supersingular abelian varieties are natural candidates for these applications.
Isogenies and endomorphism rings of elliptic curves ecc. An efficient identitybased key management scheme for. For special classes of varieties such as elliptic curves it is common to use various ad hoc definitions of supersingular, which are usually equivalent to the one given above. Method 2 constructing abelian varieties for pairingbased cryptography david freeman stanford university, usa foundations of computational mathematics. Highest voted abelianvarieties questions mathematics. Pdf griffiths groups of supersingular abelian varieties. Sep, 2002 this paper determines exactly which values can occur as the security parameters of supersingular abelian varieties in terms of the dimension of the abelian variety and the size of the finite field, and gives constructions of supersingular abelian varieties that are optimal for use in cryptography. Moduli of supersingular abelian varieties springerlink. If the curve e defined over the rational numbers, then a prime p is supersingular for e if the reduction of e modulo p is a supersingular elliptic curve over the residue field f p. On supersingular abelian varieties of dimension two over. Faster pairings on special weierstrass curves proceedings. Supersingular abelian varieties over finite fields. Lecture notes in computer science volumes 11921, 11922, 11923, springer 2019.
Supersingular abelian varieties in cryptology springerlink. Supersingular abelian varieties in cryptology 3 note that, since cryptographic security is based on the cyclic subgroups of af q, for purposes of cryptology it is only necessary to consider simple abelian varieties, i. For standard elliptic curve cryptography, supersingular elliptic curves are known to be weak. It may take any value from 0 to d, the dimension of a. Pairingfriendly ordinary elliptic curves g 1 wellstudied. Introduction the results of this paper show that it is the best of times and the worst of times for supersingular abelian varieties in cryptology. This paper determines exactly which values can occur as the security parameters of supersingular abelian varieties in terms of the dimension of the abelian variety and the size of the.
We show that supersingular abelian varieties can be used to obtain higher mov. They provide a starting point for the fine description. Electronic books conference papers and proceedings congresses. In this paper we study the characteristic polynomials and the rational point group structure of supersingular varieties of dimension two over finite fields. Abelian varieties can be classified via their moduli. Public key cryptography is a major interdisciplinary subject with many realworld applications, such as digital signatures. Supersingular abelian varieties and modular forms microsoft. The second direction taken in the paper is to consider abelian varieties of dimension two.
An introduction to supersingular elliptic curves and supersingular primes anh huynh abstract in this article, we introduce supersingular elliptic curves over a. Rubin received april, 1999 let a be a supersingular abelian variety defined over a finite field k. Supersingular abelian varieties over finite fields hui june zhu department of mathematics, university of california, berkeley, california 947203880 email. Abelian varieties and more generally at level 1 truncated barsottitate groups and k3surfaces. A comparison of mnt curves and supersingular curves, cryptology eprint archive, report 2004165.
Considering the limitations in wsns, such as low computing capacity, small memory, power supply limitations and price, we propose an efficient identitybased key management ibkm scheme, which exploits the bloom filter to authenticate the communication sensor node with storage efficiency. Supersingular abelian varieties are a special class of abelian varieties. Therefore in order to analyze elliptic curve cryptography ecc it is necessary to have a. We give an approximate description of the structure of the group ak of krat. Proceedings of the 7th international conference on the theory and application of cryptology and information security. In a verifiable multisecret sharing vmss scheme, multiple secrets are shared among participants during one sharing process in such a way that some qualified subsets of them can recover these secrets. Supersingular abelian varieties in cryptology, in advances in cryptology crypto 2002, lecture notes in computer science 2442 2002, springer, 336353.