Théorie algorithmique des nombres et applications à la cryptanalyse de primitives cryptographiques. (Algorithmic Number Theory and Applications to the Cryptanalysis of Cryptographical Primitives)

Le probleme de la factorisation et celui du logarithme discret sont deux fondements essentiels de nombreux algorithmes de la cryptographie a cle publique. Dans le champ des algorithmes pour attaquer ces problemes eminemment ardus, le crible algebrique et ses algorithmes cousins occupent une place de premiere importance. La premiere partie de ce memoire est consacree a la presentation de la " famille " du crible algebrique, et a plusieurs de mes contributions dans ce domaine. D'autres travaux sont abordes dans la partie suivante, notamment en lien avec le probleme du logarithme discret sur les jacobiennes de courbes, et a ma contribution a de nouveaux algorithmes pour ce probleme dans certains cas particuliers. La partie 3 du memoire aborde mes travaux sur le theme de l'algebre lineaire creuse sur les corps finis, motives par le contexte d'application des algorithmes precedemment cites. La partie 4, enfin, traite de mes travaux dans le domaine de l'arithmetique, notamment concernant l'arithmetique des polynomes sur GF(2). La proximite des travaux apparaissant dans ces parties 3 et 4 avec des problematiques d'implantation indique le souci permanent, dans mes travaux, de ne pas laisser de cote cet aspect.

[1]  Douglas H. Wiedemann Solving sparse linear equations over finite fields , 1986, IEEE Trans. Inf. Theory.

[2]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[3]  B. D. Saunders,et al.  Efficient matrix preconditioners for black box linear algebra , 2002 .

[4]  Alfred Menezes,et al.  Another look at non-standard discrete log and Diffie-Hellman problems , 2008, J. Math. Cryptol..

[5]  D. Coppersmith Solving homogeneous linear equations over GF (2) via block Wiedemann algorithm , 1994 .

[6]  Damien Robert,et al.  Fonctions thêta et applications à la cryptographie , 2010 .

[7]  Emmanuel Thomé,et al.  Index Calculus in Class Groups of Non-hyperelliptic Curves of Genus Three , 2008, Journal of Cryptology.

[8]  Leonard M. Adleman,et al.  A Subexponential Algorithm for Discrete Logarithms over All Finite Fields , 1993, CRYPTO.

[9]  Richard P. Brent,et al.  Multiple-precision zero-finding methods and the complexity of elementary function evaluation , 1975, ArXiv.

[10]  Pierrick Gaudry Fast genus 2 arithmetic based on Theta functions , 2007, J. Math. Cryptol..

[11]  J. Pollard Factoring with cubic integers , 1993 .

[12]  R. G. Swan,et al.  Factorization of polynomials over finite fields. , 1962 .

[13]  Gaetan Bisson,et al.  Endomorphism Rings in Cryptography , 2011 .

[14]  Martin Fürer Faster integer multiplication , 2007, STOC '07.

[15]  Tsuyoshi Takagi,et al.  Breaking Pairing-Based Cryptosystems Using η T Pairing over GF(397) , 2012, ASIACRYPT.

[16]  Richard P. Brent,et al.  Ten new primitive binary trinomials , 2008, Math. Comput..

[17]  Richard P. Brent,et al.  Faster Multiplication in GF(2)[x] , 2008, ANTS.

[18]  Richard P. Brent,et al.  The great trinomial hunt , 2010, ArXiv.

[19]  Arjen K. Lenstra,et al.  Factorization of a 768-Bit RSA Modulus , 2010, CRYPTO.

[20]  M. G. Bruin,et al.  A uniform approach for the fast computation of Matrix-type Padé approximants , 1996 .

[21]  David Mandell Freeman,et al.  Pairing-based identification schemes , 2005, IACR Cryptol. ePrint Arch..

[22]  Oliver Schirokauer,et al.  Discrete Logarithms: The Effectiveness of the Index Calculus Method , 1996, ANTS.

[23]  Nicolas Gürel,et al.  An Extension of Kedlaya's Point-Counting Algorithm to Superelliptic Curves , 2001, ASIACRYPT.

[24]  Robert D. Silverman Optimal Parameterization of SNFS , 2007, J. Math. Cryptol..

[25]  Jeff Gilchrist,et al.  Factorization of a 512-Bit RSA Modulus , 2000, EUROCRYPT.

[26]  David Harvey The Karatsuba integer middle product , 2012, J. Symb. Comput..

[27]  Frederik Vercauteren,et al.  The Number Field Sieve in the Medium Prime Case , 2006, CRYPTO.

[28]  H. W. Lenstra,et al.  Factoring integers with elliptic curves , 1987 .

[29]  Tibor Juhas The use of elliptic curves in cryptography , 2007 .

[30]  Ueli Maurer,et al.  Diffie-Hellman Oracles , 1996, CRYPTO.

[31]  Arjen K. Lenstra,et al.  NFS with Four Large Primes: An Explosive Experiment , 1995, CRYPTO.

[32]  Larry Carter,et al.  Localizing non-affine array references , 1999, 1999 International Conference on Parallel Architectures and Compilation Techniques (Cat. No.PR00425).

[33]  Pierrick Gaudry,et al.  An L(1/3) Discrete Logarithm Algorithm for Low Degree Curves , 2009, Journal of Cryptology.

[34]  Thorsten Kleinjung,et al.  Using a grid platform for solving large sparse linear systems over GF(2) , 2010, 2010 11th IEEE/ACM International Conference on Grid Computing.

[35]  Philippe Flajolet,et al.  Random Mapping Statistics , 1990, EUROCRYPT.

[36]  Pierrick Gaudry,et al.  An Algorithm for Solving the Discrete Log Problem on Hyperelliptic Curves , 2000, EUROCRYPT.

[37]  Leonard M. Adleman,et al.  A subexponential algorithm for the discrete logarithm problem with applications to cryptography , 1979, 20th Annual Symposium on Foundations of Computer Science (sfcs 1979).

[38]  Arjen K. Lenstra,et al.  Factoring With Two Large Primes , 1990, EUROCRYPT.

[39]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[40]  Dino J. Lorenzini An Invitation to Arithmetic Geometry , 1996 .

[41]  Florian Hess,et al.  Computing Riemann-Roch Spaces in Algebraic Function Fields and Related Topics , 2002, J. Symb. Comput..

[42]  Joachim von zur Gathen,et al.  Modern Computer Algebra , 1998 .

[43]  Igor A. Semaev An algorithm for evaluation of discrete logarithms in some nonprime finite fields , 1998, Math. Comput..

[44]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[45]  Carl Pomerance The Quadratic Sieve Algorithm , 1985 .

[46]  Paul C. van Oorschot,et al.  Parallel Collision Search with Cryptanalytic Applications , 2013, Journal of Cryptology.

[47]  Jeffrey W. Smith,et al.  Reduction of Huge, Sparse Matrices over Finite Fields Via Created Catastrophes , 1992, Exp. Math..

[48]  Daniel M. Gordon,et al.  Discrete Logarithms in GF(P) Using the Number Field Sieve , 1993, SIAM J. Discret. Math..

[49]  Marco Bodrato,et al.  Towards Optimal Toom-Cook Multiplication for Univariate and Multivariate Polynomials in Characteristic 2 and 0 , 2007, WAIFI.

[50]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[51]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[52]  Andrew V. Sutherland Accelerating the CM method , 2010, 1009.1082.

[53]  Don Coppersmith,et al.  Discrete logarithms inGF(p) , 2005, Algorithmica.

[54]  Tanja Lange,et al.  ECM using Edwards curves , 2012, Math. Comput..

[55]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[56]  Bertil Schmidt,et al.  Iterative Sparse Matrix-Vector Multiplication for Integer Factorization on GPUs , 2011, Euro-Par.

[57]  Patrick Longa,et al.  Efficient Techniques for High-Speed Elliptic Curve Cryptography , 2010, CHES.

[58]  Nicolas Thériault,et al.  A double large prime variation for small genus hyperelliptic index calculus , 2004, Math. Comput..

[59]  Christof Paar,et al.  Cantor versus Harley: optimization and analysis of explicit formulae for hyperelliptic curve cryptosystems , 2005, IEEE Transactions on Computers.

[60]  Oliver Schirokauer Virtual logarithms , 2005, J. Algorithms.

[61]  Svante Janson,et al.  Random graphs , 2000, ZOR Methods Model. Oper. Res..

[62]  Emmanuel Thomé,et al.  Square Root Algorithms for the Number Field Sieve , 2012, WAIFI.

[63]  Shi Bai,et al.  Root optimization of polynomials in the number field sieve , 2012, Math. Comput..

[64]  Masaaki Shirase,et al.  Solving a 676-bit Discrete Logarithm Problem in GF(36n) , 2010, IACR Cryptol. ePrint Arch..

[65]  Philippe Flajolet,et al.  An Analytic Approach to Smooth Polynominals over Finite Fields , 1998, ANTS.

[66]  Don Coppersmith Modifications to the Number Field Sieve , 2004, Journal of Cryptology.

[67]  Jean-Charles Faugère,et al.  The arithmetic of Jacobian groups of superelliptic cubics , 2005, Math. Comput..

[68]  Antoine Joux,et al.  When e-th Roots Become Easier Than Factoring , 2007, ASIACRYPT.

[69]  James Demmel,et al.  Minimizing communication in sparse matrix solvers , 2009, Proceedings of the Conference on High Performance Computing Networking, Storage and Analysis.

[70]  Véronique Cortier,et al.  Ballot stuffing in a postal voting system , 2011, 2011 International Workshop on Requirements Engineering for Electronic Voting Systems.

[71]  Emmanuel Thomé,et al.  Subquadratic Computation of Vector Generating Polynomials and Improvement of the Block Wiedemann Algorithm , 2002, J. Symb. Comput..

[72]  PalaiseauDeutschland Franceenge A General Framework for Subexponential Discrete Logarithm Algorithms , 2000 .

[73]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[74]  Oliver Schirokauer The number field sieve for integers of low weight , 2010, Math. Comput..

[75]  Robert Harley,et al.  Finding Secure Curves with the Satoh-FGH Algorithm and an Early-Abort Strategy , 2001, EUROCRYPT.

[76]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[77]  Peter L. Montgomery,et al.  Square roots of products of algebraic numbers , 1994 .

[78]  Seigo Arita Gaudry's Variant against Cab Curves , 2000, Public Key Cryptography.

[79]  J. Couveignes,et al.  Algebraic groups and discrete logarithm , 2001 .

[80]  Antoine Joux,et al.  Improvements to the general number field sieve for discrete logarithms in prime fields. A comparison with the gaussian integer method , 2003, Math. Comput..

[81]  B. Murphy Polynomial Selection for the Number Field Sieve Integer Factorisation Algorithm , 1999 .

[82]  Stefania Cavallar,et al.  Strategies in Filtering in the Number Field Sieve , 2000, ANTS.

[83]  James A. Davis,et al.  Factorization Using the Quadratic Sieve Algorithm , 1983, CRYPTO.

[84]  Charles L. Lawson,et al.  Basic Linear Algebra Subprograms for Fortran Usage , 1979, TOMS.

[85]  David G. Gantor On arithmetical algorithms over finite fields , 1989 .

[86]  Shuhong Gao,et al.  Additive Fast Fourier Transforms Over Finite Fields , 2010, IEEE Transactions on Information Theory.

[87]  Alfred V. Aho,et al.  The Design and Analysis of Computer Algorithms , 1974 .

[88]  Emmanuel Thomé,et al.  Algorithmes de calcul de logarithmes discrets dans les corps finis , 2003 .

[89]  Chanathip Namprempre,et al.  The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme , 2003, Journal of Cryptology.

[90]  R. Marije Elkenbracht-Huizing,et al.  An Implementation of the Number Field Sieve , 1996, Exp. Math..

[91]  R. Lercier,et al.  A quasi quadratic time algorithm for hyperelliptic curve point counting , 2006 .

[92]  H. Lenstra,et al.  Factoring integers with the number field sieve , 1993 .

[93]  Arjen K. Lenstra,et al.  A heterogeneous computing environment to solve the 768-bit RSA challenge , 2010, Cluster Computing.

[94]  Michael C. Harrison,et al.  An extension of Kedlaya's algorithm for hyperelliptic curves , 2010, J. Symb. Comput..

[95]  N. Smart,et al.  The equivalence between the DHP and DLP for elliptic curves used in practical applications , 2004 .

[96]  Mark Bauer,et al.  Point counting on Picard curves in large characteristic , 2005, Math. Comput..

[97]  Don Coppersmith,et al.  Fast evaluation of logarithms in fields of characteristic two , 1984, IEEE Trans. Inf. Theory.

[98]  Pierrick Gaudry,et al.  The mpFq library and implementing curve-based key exchanges , 2007 .

[99]  Bruce Dodson,et al.  20 Years of ECM , 2006, ANTS.

[100]  Kesheng Wu,et al.  A Revised Proposal for a Sparse BLAS Toolkit , 1994 .

[101]  David G. Cantor,et al.  On arithmetical algorithms over finite fields , 1989, Journal of combinatorial theory. Series A.

[102]  Jacques Stern,et al.  RSA-OAEP Is Secure under the RSA Assumption , 2001, Journal of Cryptology.

[103]  Tanja Lange,et al.  Arithmetic of Elliptic Curves , 2005 .

[104]  Éric Schost,et al.  Genus 2 point counting over prime fields , 2012, J. Symb. Comput..

[105]  S. Vanstone,et al.  Computing Logarithms in Finite Fields of Characteristic Two , 1984 .

[106]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[107]  Arjen K. Lenstra,et al.  Factoring by Electronic Mail , 1990, EUROCRYPT.

[108]  Emeric Gioan,et al.  Mapping Computation with No Memory , 2009, UC.

[109]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[110]  Carl Pomerance,et al.  A Tale of Two Sieves , 1998 .

[111]  Antoine Joux,et al.  New Generic Algorithms for Hard Knapsacks , 2010, EUROCRYPT.

[112]  Leonard M. Adleman,et al.  Factoring numbers using singular integers , 1991, STOC '91.

[113]  Elwyn R. Berlekamp,et al.  Algebraic coding theory , 1984, McGraw-Hill series in systems science.

[114]  Oliver Schirokauer The impact of the number field sieve on the discrete logarithm problem in finite fields , 2008 .

[115]  James L. Massey,et al.  Shift-register synthesis and BCH decoding , 1969, IEEE Trans. Inf. Theory.

[116]  Leonard M. Adleman,et al.  A subexponential algorithm for discrete logarithms over the rational subgroup of the jacobians of large genus hyperelliptic curves over finite fields , 1994, ANTS.

[117]  Thorsten Kleinjung,et al.  On polynomial selection for the general number field sieve , 2006, Math. Comput..

[118]  F. Chung,et al.  The Diameter of Random Sparse Graphs , 2000 .

[119]  Seigo Arita,et al.  An addition algorithm in Jacobian of Cab curves , 2003, Discret. Appl. Math..

[120]  Jean-Guillaume Dumas,et al.  Dense Linear Algebra over Word-Size Prime Fields: the FFLAS and FFPACK Packages , 2006, TOMS.

[121]  Emmanuel Thomé,et al.  Computation of Discrete Logarithms in F2607 , 2001, ASIACRYPT.

[122]  Benjamin A. Smith Isogenies and the Discrete Logarithm Problem in Jacobians of Genus 3 Hyperelliptic Curves, , 2008, Journal of Cryptology.

[123]  Tanja Lange,et al.  Handbook of Elliptic and Hyperelliptic Curve Cryptography , 2005 .

[124]  P. Zimmermann,et al.  Speeding up the Division and Square Root of Power Series , 2000 .

[125]  Roger Oyono,et al.  Fast Arithmetic on Jacobians of Picard Curves , 2004, Public Key Cryptography.

[126]  Masaaki Shirase,et al.  Solving a 676-Bit Discrete Logarithm Problem in GF(3 6 n ) , 2010 .

[127]  Peter L. Montgomery,et al.  A Block Lanczos Algorithm for Finding Dependencies Over GF(2) , 1995, EUROCRYPT.

[128]  Victor Shoup,et al.  OAEP Reconsidered , 2002, Journal of Cryptology.

[129]  J. Couveignes Computing a square root for the number field sieve , 1993 .

[130]  Antoine Joux,et al.  The Function Field Sieve Is Quite Special , 2002, ANTS.

[131]  K. McCurley,et al.  A rigorous subexponential algorithm for computation of class groups , 1989 .

[132]  A. K. Lenstra,et al.  The Development of the Number Field Sieve , 1993 .

[133]  Antoine Joux,et al.  Oracle-Assisted Static Diffie-Hellman Is Easier Than Discrete Logarithms , 2009, IMACC.

[134]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[135]  Howard Cheng,et al.  Time-and space-efficient evaluation of some hypergeometric constants , 2007, ISSAC '07.

[136]  Joachim von zur Gathen,et al.  Arithmetic and factorization of polynomial over F2 (extended abstract) , 1996, ISSAC '96.

[137]  Joachim von zur Gathen,et al.  Polynomial factorization over F2 , 2002, Math. Comput..

[138]  Oliver Schirokauer,et al.  Using number fields to compute logarithms in finite fields , 2000, Math. Comput..

[139]  Nicolas Thériault,et al.  Index Calculus Attack for Hyperelliptic Curves of Small Genus , 2003, ASIACRYPT.

[140]  Jean-Charles Faugère,et al.  Implementing the Arithmetic of C3, 4Curves , 2004, ANTS.

[141]  Gerrit Bleumer,et al.  Undeniable Signatures , 2011, Encyclopedia of Cryptography and Security.

[142]  B. Beckermann,et al.  A Uniform Approach for the Fast Computation of Matrix-Type Padé Approximants , 1994, SIAM J. Matrix Anal. Appl..

[143]  Oliver Schirokauer The Special Function Field Sieve , 2002, SIAM J. Discret. Math..

[144]  Katherine Yelick,et al.  The Optimized Sparse Kernel Interface (OSKI) Library User's Guide for Version 1.0.1h , 2007 .

[145]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[146]  Romain Cosset,et al.  Applications des fonctions thêta à la cryptographie sur courbes hyperelliptiques. (Applications of theta functions for hyperelliptic curve cryptography) , 2011 .

[147]  F. Vercauteren,et al.  Computing Zeta Functions of Curves over Finite Fields , 2008 .

[148]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[149]  D. V. Matyukhin On asymptotic complexity of computing discrete logarithms over GF(p) , 2003 .

[150]  Robert Harley,et al.  Counting Points on Hyperelliptic Curves over Finite Fields , 2000, ANTS.

[151]  Leonard M. Adleman,et al.  Function Field Sieve Method for Discrete Logarithms over Finite Fields , 1999, Inf. Comput..

[152]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[153]  Phong Q. Nguyen A Montgomery-Like Square Root for the Number Field Sieve , 1998, ANTS.

[154]  Joris van der Hoeven The truncated fourier transform and applications , 2004, ISSAC '04.

[155]  J. Brillhart,et al.  A method of factoring and the factorization of , 1975 .

[156]  Tsuyoshi Takagi,et al.  Key Length Estimation of Pairing-Based Cryptosystems Using η T Pairing , 2012, ISPEC.

[157]  Emmanuel Thomé,et al.  Fast computation of linear generators for matrix sequences and application to the block Wiedemann algorithm , 2001, ISSAC '01.

[158]  Igor A. Semaev Special prime numbers and discrete logs in finite prime fields , 2002, Math. Comput..

[159]  Andreas Enge,et al.  Class Invariants by the CRT Method , 2010, ANTS.

[160]  Claus Diem,et al.  An Index Calculus Algorithm for Plane Curves of Small Degree , 2006, ANTS.

[161]  James Demmel,et al.  Performance Optimizations and Bounds for Sparse Matrix-Vector Multiply , 2002, ACM/IEEE SC 2002 Conference (SC'02).

[162]  Iain S. Duff,et al.  An overview of the sparse basic linear algebra subprograms: The new standard from the BLAS technical forum , 2002, TOMS.

[163]  Eun-Jin Im,et al.  Model-Based Memory Hierarchy Optimizations for Sparse Matrices , 2007 .

[164]  Edlyn Teske On random walks for Pollard's rho method , 2001, Math. Comput..

[165]  晋輝 趙,et al.  H. Cohen, G. Frey, R. Avanzi, C. Doche, T. Lange, K. Nguyen and F. Vercauteren (eds.): Handbook of Elliptic and Hyperelliptic Curve Cryptography, Discrete Math. Appl. (Boca Raton)., Chapman & Hall/CRC, 2006年,xxxiv + 808ページ. , 2009 .

[166]  Ryutaroh Matsumoto Using Cab Curves in the Function Field Sieve , 1999 .

[167]  Razvan Barbulescu,et al.  Improvements on the Discrete Logarithm Problem in GF(p) , 2011 .

[168]  Arjen K. Lenstra,et al.  MPQS with Three Large Primes , 2002, ANTS.

[169]  Burton S. Kaliski,et al.  Server-assisted generation of a strong secret from a password , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).

[170]  Igor A. Semaev,et al.  An Algorithm to Solve the Discrete Logarithm Problem with the Number Field Sieve , 2006, Public Key Cryptography.

[171]  Erich Kaltofen,et al.  On randomized Lanczos algorithms , 1997, ISSAC.

[172]  Oliver Schirokauer Discrete logarithms and local units , 1993, Philosophical Transactions of the Royal Society of London. Series A: Physical and Engineering Sciences.

[173]  Andrew M. Odlyzko,et al.  Solving Large Sparse Linear Systems over Finite Fields , 1990, CRYPTO.

[174]  GiorgiPascal,et al.  Dense Linear Algebra over Word-Size Prime Fields , 2008 .

[175]  Theodorus Cornelis Streng,et al.  Complex multiplication of abelian surfaces , 2010 .

[176]  Arnold Schönhage,et al.  Schnelle Multiplikation von Polynomen über Körpern der Charakteristik 2 , 1977, Acta Informatica.

[177]  Andrew V. Sutherland Computing Hilbert class polynomials with the Chinese remainder theorem , 2009, Math. Comput..

[178]  Andrew M. Odlyzko,et al.  Discrete Logarithms in Finite Fields and Their Cryptographic Significance , 1985, EUROCRYPT.