Imai Laboratory’s Seminar Minimal Weight Representation

Download Report

Transcript Imai Laboratory’s Seminar Minimal Weight Representation 

Discrete Methods in Mathematical Informatics
Lecture 1: What is Elliptic Curve?
9th October 2012
Vorapong Suppakitpaisarn
http://www-imai.is.s.u-tokyo.ac.jp/~mr_t_dtone/
[email protected], Eng. 6 Room 363
Download Slide at:
https://www.dropbox.com/s/xzk4dv50f4cvs18/Lecture%201.pptx?m
First Section of This Course [5 lectures]
Lecture 1:
What is
Elliptic Curve?
Lecture 2:
Elliptic Curve
Cryptography
Lecture 3-4:
Fast Implementation
for Elliptic Curve
Cryptography
Recommended Reading
L. C. Washington, “Elliptic Curves: Number Theory
and Cryptography”, Chapman & Hall/CRC, 2003.
• Lecture 1: Chapter 1, Chapter 2 (2.1, 2.2)
• Lecture 2: Chapter 6 (6.1 – 6.6)
• Lecture 5: Chapter 7
H. Cohen, G. Frey, R. Avanzi, C. Doche, T. Lange, K. Nguyen, F.
Vercauteren, "Handbook of Elliptic and Hyperelliptic Curve
Cryptography", Chapman & Hall/CRC, 2005.
A. Cilardo, L. Coppolino, N. Mazzocca, L. Romano, "Elliptic Curve
Cryptography Engineering", Proc. of IEEE Vol. 94, No. 2, pp. 395406 (2006).
Lecture 5:
Factoring and
Primality
Testing
Grading
In each lecture, 1-2 exercises
will be given,
Choose
them.
3 Problems out of
Submit to
[email protected]
before 31 Dec 2012
First Section of This Course [5 lectures]
Lecture 1:
What is
Elliptic Curve?
Lecture 2:
Elliptic Curve
Cryptography
Lecture 3-4:
Fast Implementation
for Elliptic Curve
Cryptography
Recommended Reading
L. C. Washington, “Elliptic Curves: Number Theory
and Cryptography”, Chapman & Hall/CRC, 2003.
• Lecture 1: Chapter 1, Chapter 2 (2.1, 2.2)
• Lecture 2: Chapter 6 (6.1 – 6.6)
• Lecture 5: Chapter 7
H. Cohen, G. Frey, R. Avanzi, C. Doche, T. Lange, K. Nguyen, F.
Vercauteren, "Handbook of Elliptic and Hyperelliptic Curve
Cryptography", Chapman & Hall/CRC, 2005.
A. Cilardo, L. Coppolino, N. Mazzocca, L. Romano, "Elliptic Curve
Cryptography Engineering", Proc. of IEEE Vol. 94, No. 2, pp. 395406 (2006).
Lecture 5:
Factoring and
Primality
Testing
Grading
In each lecture, 1-2 exercises
will be given,
Choose
them.
3 Problems out of
Submit to
[email protected]
before 31 Dec 2012
Problem 1: The Artillerymens Dilemma
(is not a) Puzzle
?
http://cashflowco.hubpages.com/
12  2 2  32  ...  x 2 
x(x  1)( 2 x  1) 1 3 1 2 1
 x  x  x  y2
6
3
2
6
Height = 0: 0 Ball  Square
Elliptic Curve
Height = 1: 1 Ball  Square
Height = 2: 1 + 4 = 5 Balls  Not Square
Height = 3: 1 + 4 + 9 = 14 Balls  Not Square
Height = 4: 1 + 4 + 9 + 16 = 30 Balls  Not Square
Problem 1: The Artillerymens
Dilemma (is not a) Puzzle (cont.)
1 3 1 2 1
x  x  x  y2
3
2
6
(1,1)
(1/2,1/2)
(0,0)
y=x
1 3 1 2 1
x  x  x  x2
3
2
6
3
1
x3  x2  x  0
2
2
Suppose that a,b,c are
roots of the equation
( x  a)(x  b)(x  c )  0
x 3  (a  b  c ) x 2  (ab  ac  bc) x  abc  0
a  b  c  0 1 c 
c
3
2
1
2
1
1
We know that x  , y  is another solution.
2
2
Problem 1: The Artillerymens
Dilemma (is not a) Puzzle (cont.)
1 3 1 2 1
x  x  x  y2
3
2
6
(1,1)
(1/2,1/2)
1
51
1 x 
2
2
(0,0)
(1/2,-1/2)
y=x
1 3 1 2 1
x  x  x  (3x  2) 2
3
2
6
51
x 3  x 2  ...  0
2
x  24, y  70
12  22  ...  242  702
y = 3x-2
Pyramid Height 24 for Square Length 70
Problem 2: Right Triangle with
Rational Sides
We want to find a right triangle with rational sides
in which area = 5
5
3
17
8
6
60
4
5
10
5
5
15
17/2
4
15
15/2
Problem 2: Right Triangle with
Rational Sides (cont.)
ab  10, a 2  b 2  c 2
c
a
2
2
c 2  2 10  c 
 a  b  a  2ab  b

   5

 
4
4
 2 
2
2
ab/2 = 5
2
2
c 2  2 10  c 
 a  b  a  2ab  b

   5

 
2
4
4


2
2
b
ab c ab
, ,
are rational numbers
2 2 2
2
c
c 

5
,
 
 
2
2
2
2
2
c
,    5 are square of rational numbers
2
2
Note
x
is a solution
of elliptic curve,
5 45
, is not a
4 4
square of rational num
but
( x  5) x( x  5)  x 3  25x  y 2
Elliptic Curve
25
4
Problem 2: Right Triangle with
Rational Sides (cont.)
x 3  25x  y 2
 ( x 3  25x )   ( y 2 )
(3x 2  25)x  2yy
(-4,6)
23
41
y  x
12
3
y 3x 2  25 3(4) 2  25 23



x
2y
2(6)
12
23
x c
12
23
41
c  (6)  (4) 
12
3
y
Problem 2: Right Triangle with
Rational Sides (cont.)
x 3  25x  y 2
x 3  25 x  (
x3 
23
41
x  )2
12
3
529 2
x  ...  0
144
(1681/144,62279/1728)
(-4,6)
Suppose that a,b,c are
roots of the equation
( x  a)(x  b)(x  c )  0
x 3  (a  b  c ) x 2  (ab  ac  bc) x  abc  0
y
23
41
x
12
3
( x  ( 4))(x  ( 4))(x  c )  0
44 x 
529
144
1681  41
x


144  6 
2
Problem 2: Right Triangle with
Rational Sides (cont.)
2
x 3  25x  y 2
 41
c 
x 
  
 12 
2
2
961  31
ab
x 5 

 

144  12 
2


2
(1681/144,62279/1728)
(-4,6)
2
2401  49 
ab
x 5 

 

144  12 
2


2
41
41
2 
12
6
31
31
ab 
2 
12
6
49
49
ab 
2 
12
6
20
3
a
,b 
3
2
2
c
y
23
41
x
12
3
20/3
5
41/6
3/2
Exercises
Exercise 1
1681 62279
Use the tangent line at ( x , y )  (
,
)
144 1728
to find another right triangle w itharea 5.
Exercise 2
Let n be an integer. Show that if x, y are rational numbers satisfying
y 2  x 3  n 2 x , and x  0,  n, then the tangent line to this curveat
(x,y) intersects the curvein a point (x1,y1 ) such that x1,x1  n,x1  n
are squares of rational numbers.
Problem 3: Fermat’s Last Theorem
Given n  3,
there is no nonzerointegers a,b,c
such that
an  bn  c n
• Conjectured by Pierre de Fermat in
Arithmetica (1637).
“I have discovered a marvellous proof to
this theorem, that this margin is too narrow
to contain”
• There are more than 1,000 attempts, but
the theorem is not proved until 1995 by
Andrew Wiles.
http://wikipedia.com/
• One of his main tools is Elliptic Curve!!!
Problem 3: Fermat’s Last Theorem
(cont.)
Given n  3,
there is no nonzerointegers a,b ,c such that
an  bn  c n
• Fermat kindly provided the proof
for the case when n = 4
b2  c 2
b (b 2  c 2 )
x
,y  4
2
a
a2
y 2  x 3  4x Elliptic Curve
By several elliptic curves techniques, Fermat found that all
rational solutions of the elliptic curve are (0,0), (2,0), (-2,0)
Formal Definitions of Elliptic Curve
Weierstrass Equation
1 3 1 2 1
x  x  x  y2
3
2
6
y 2  x 3  Ax  B w hen4A3  27B2  0
Elliptic Curve
E(L)  {}  {(x,y) L  L|y 2  x 3  Ax  B}
(1,1)
(1/2,1/2)
(0,0)
(1/2,-1/2)
y=x
Point Addition
P  ( x1 , y1 ),Q  ( x 2 , y 2 )  E (L)
If x1  x 2 , w edefine P  Q as follow s:
1. Draw a line that pass point P and Q
2. Find point R  (x3,y 3 ), another point
that the line cut the curve.
3. P  Q  (x3,  y 3 ).
1 1
(0,0)  (1,1)  ( , )
2 2
Formal Definitions of Elliptic Curve
(cont.)
Point Addition
P  ( x1 , y1 ),Q  ( x 2 , y 2 )  E (L)
If x1  x 2 , w edefine P  Q as follow s:
1. Draw a line that pass point P and Q
y 2  y1
m
x 2  x1
y  y1  m( x  x1 )
2. Find point R  (x3,y 3 ), another point
that the line cut the curve.
y 2  x 3  Ax  B
(m( x  x1 )  y1 )  x 3  Ax  B
x 3  m 2 x 2  ...  0
3. P  Q  (x3,  y 3 ).
x3  m2  x1  x2
y 3  m( x3  x1 )  y1
Formal Definitions of Elliptic Curve
(cont.)
Point Addition
1 3 13 2 1 2 2
x x x25x xy  y
3
2
6
(1681/144,62279/1728)
P  ( x1 , y1 ),Q  ( x2 , y 2 )  E (L)
If x1  x2 , y1  y 2 , P  Q  
P    P,     
Point Double
(1/2,1/2)
(-4,6)
P  ( x1 , y1 ),Q  ( x 2 , y 2 )  E (L)
y
23
41
x
12
3
(1/2,-1/2)
If x1  x 2 , y 1  y 2
1. Draw a line touching the curveat point P.
2. Find another point R  (x3,y 3 ) that the line
x = 1/2
cut the curve.
3. P  Q  P  P  2P  (x3,  y 3 )
 1681 62279
2(4,6)  (4,6)  (4,6)  
,

144
1728


Formal Definitions of Elliptic Curve
(cont.)
Point Double
P  ( x1 , y1 ),Q  ( x 2 , y 2 )  E (L)
If x1  x 2 , y 1  y 2
1. Draw a line touching the curveat point P.
2. Find another point R  (x3,y 3 ) that the line
cut the curve.
y 2  x 3  Ax  B
2 yy  (3x 2  A)x
y 3x 2  A
m

x
2y
y  y1  m( x  x1 )
y 2  x 3  Ax  B
(m( x  x1 )  y1 )  x 3  Ax  B
3. P  Q  P  P  2P  (x3,  y 3 )
x 3  m 2 x 2  ...  0
x3  m2  2x1
y 3  m( x3  x1 )  y1
First Section of This Course [5 lectures]
Lecture 1:
What is
Elliptic Curve?
Lecture 2:
Elliptic Curve
Cryptography
Lecture 3-4:
Fast Implementation
for Elliptic Curve
Cryptography
Recommended Reading
L. C. Washington, “Elliptic Curves: Number Theory
and Cryptography”, Chapman & Hall/CRC, 2003.
• Lecture 1: Chapter 1, Chapter 2 (2.1, 2.2)
• Lecture 2: Chapter 6 (6.1 – 6.6)
• Lecture 5: Chapter 7
H. Cohen, G. Frey, R. Avanzi, C. Doche, T. Lange, K. Nguyen, F.
Vercauteren, "Handbook of Elliptic and Hyperelliptic Curve
Cryptography", Chapman & Hall/CRC, 2005.
A. Cilardo, L. Coppolino, N. Mazzocca, L. Romano, "Elliptic Curve
Cryptography Engineering", Proc. of IEEE Vol. 94, No. 2, pp. 395406 (2006).
Lecture 5:
Factoring and
Primality
Testing
Grading
In each lecture, 1-2 exercises
will be given,
Choose
them.
3 Problems out of
Submit to
[email protected]
before 31 Dec 2012
Exercises
Exercise 1
1681 62279
Use the tangent line at ( x , y )  (
,
)
144 1728
to find another right triangle w itharea 5.
Exercise 2
Let n be an integer. Show that if x, y are rational numbers satisfying
y 2  x 3  n 2 x , and x  0,  n, then the tangent line to this curveat
(x,y) intersects the curvein a point (x1,y1 ) such that x1,x1  n,x1  n
are squares of rational numbers.
Thank you for your attention
Please feel free to ask questions or comment.
Scalar Multiplication
•
Scalar Multiplication on Elliptic Curve
S = P + P + … + P = rP
r times
•
•
when r1 is positive integer, S,P is a member of the curve
Double-and-add method
Let r = 14 = (01110)2
Compute rP = 14P
r = 14 = (0
1
P
O
1
1
0)2
3P 7P 14P
2P 6P 14P
3 – 1 = 2 Point Additions
4 – 1 = 3 Point Doubles
Weight = 3