here - Sites personnels de TELECOM ParisTech - TÃ©lÃ©com ParisTech

More documents

Recommendations

Info

106 Chapter 3. Bent functions and algebraic curvesThe genus of a hyperelliptic curve will be denoted by g. The above definition includes theelliptic curves, i.e. curves of genus 1, but it is sometimes understood that a hyperelliptic curveshould be of genus g ≥ 2, hence not an elliptic curve.A description of the different normal forms for hyperelliptic curves in even characteristic canbe found in the work of Enge [83]. For cryptographic applications, the curves are often chosen tobe imaginary hyperelliptic curves. This is also the kind of curves we will encounter in Chapter 4.An imaginary hyperelliptic curve of genus g can be described by an affine part given by thefollowing equation 14 :H : y 2 + h(x)y = f(x) ,where h(x) is of degree less than or equal to g and f(x) is monic of degree 2g + 1. In particular,its smooth projective model has only one point at infinity. Such a curve of genus 2 is depicted inFigure 3.7.Figure 3.7: The hyperelliptic curve H : y 2 = (x + 2)(x + 1)x(x − 2)(x − 5/2) of genus 2We finally define an interesting subclass of hyperelliptic curves.Definition 3.2.14 (Artin–Schreier curve). An Artin–Schreier curve is an imaginary hyperellipticcurve of genus g whose affine part is given by an equation of the formH : y 2 + x k y = f(x) ,where 0 ≤ k ≤ g and f(x) is monic of degree 2g + 1.3.2.4 Point countingThe main fact about elliptic and hyperelliptic curves defined over a finite field F q m that we willuse in Chapter 4 is the existence of algorithms to compute their cardinalities in polynomial timeand space in m. Moreover, those algorithms are quite efficient in small characteristic.14 Beware that the projective curve corresponding to the homogenization of the following equation will have asingularity at infinity as soon as g ≥ 2. The hyperelliptic curve is therefore the desingularization of that curve. It isa fact that it also has one and only one point at infinity, and that its affine part is described by the same equation.
3.2. Algebraic curves 107Let us begin our survey of such algorithms with the simplest case: elliptic curves. This isindeed the best mastered situation and there are several different algorithms to compute thecardinalities of such curves.The most famous one is without any doubt the so-called SEA algorithm. It is named afterSchoof [231] who developed in 1985 the first deterministic polynomial time algorithm for pointcounting, and Elkies and Atkin who subsequently proposed practical improvements [233, 81]. Theoverall idea of such l-adic algorithms is to compute the trace of the Frobenius endomorphismmodulo small primes different from the characteristic of the field, and to gather this informationback using the Chinese Remainder Theorem. Overviews of these algorithms, and in particularof additional practical improvements, are given in the theses of Müller [214] and Lercier [171].These l-adic algorithms were subsequently extended to higher genera by Pila [220] and madepractical, at least in genus 2, by Gaudry, Harley and Schost [111, 113].In small characteristic, and especially in even characteristic that will be our principal interestin Chapter 4, more efficient algorithms have been developed. The first breakthrough is dueto Satoh [228] who proposed in 1999 to compute the trace of the Frobenius endomorphismon a canonical lift of the curve over the p-adics for p ≥ 5. This is the so-called canonicallift method. This method was extended to characteristic 2 and 3, and improved, by differentauthors [98, 247, 276, 200, 229, 150, 109, 172]. The main result we need relies on the AGMmethod described by Mestre [200] and has been given by Lercier and Lubicz [172] and furtherimproved by Harley [126].Theorem 3.2.15 ([126]). Let E be an elliptic curve defined over F 2 m. There exists an algorithmto compute the cardinality of E in O(m 2 (log m) 2 log log m) time and O(m 2 ) space.Mestre [201] extended the AGM method to higher genera and a quasi-quadratic algorithmwas described by Lercier and Lubicz [173].Theorem 3.2.16. Let H be a hyperelliptic curve of genus g defined over F 2 m. There exists analgorithm to compute the cardinality of H inbit operations and O(2 3g+o(1) m 2 ) memory.O(2 4g+o(1) g 3 m 2+o(1) )It should be remarked that the complexity of this algorithm is exponential in the genus of thecurve.There also exist other efficient algorithms in small and medium characteristic computing thetrace of the Frobenius endomorphism:1. on Dwork cohomology groups [78] in the approach of Lauder and Wan [165, 163, 164];2. on Monsky–Washnitzer cohomology groups [211, 208, 210, 209] in the approach initiated byKedlaya [146, 147] and extended to even characteristic by Denef and Vercauteren [66, 67];3. using deformation theory [79], for example in the work of Lauder [162] and Hubrechts [137,136].A complete description of many of the existing p-adic algorithms can be found in the theses ofVercauteren [275] and Hubrechts [135], or in different articles [274, 174]. Such algorithms havethe advantage to extend naturally to higher genera in any characteristic.We now state more precisely a result of Denef and Vercauteren [66, 67, 275] about hyperellipticcurves defined over a finite field of even characteristic.
Page 1:
2012-ENST-003EDITE de ParisDoctorat
Page 4 and 5:
Jean-Pierre Flori: Boolean function
Page 7:
AbstractThe core of this thesis is
Page 11 and 12:
AcknowledgmentsVladimir. — Quand
Page 13 and 14:
ContentsList of symbols and notatio
Page 15 and 16:
Contentsxv4 Efficient characterizat
Page 17 and 18:
List of figures1.1 The filter model
Page 19 and 20:
List of symbols and notationGeneral
Page 21 and 22:
List of symbols and notationxxil(t)
Page 23 and 24:
List of symbols and notationxxiiidi
Page 25:
List of symbols and notationxxvu
Page 28 and 29:
2 Introduction1 Mathematics and cry
Page 30 and 31:
4 Introductiongiving more general b
Page 33 and 34:
Chapter 1Boolean functions incrypto
Page 35 and 36:
1.1. Cryptographic criteria for Boo
Page 37 and 38:
1.2. Families of Boolean functions
Page 39 and 40:
Page 41 and 42:
Page 43:
Page 46 and 47:
20 Chapter 2. On a conjecture about
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
Page 82 and 83: 56 Chapter 2. On a conjecture about
Page 119: Part IIBent functions and pointcoun
Page 122 and 123: 96 Chapter 3. Bent functions and al
Page 124 and 125: 98 Chapter 3. Bent functions and al
Page 126 and 127: 100 Chapter 3. Bent functions and a
Page 136 and 137: 110 Chapter 4. Efficient characteri
Page 155: Part IIIComplex multiplication and
Page 158 and 159: 132 Chapter 5. Complex multiplicati
Page 182 and 183:
156 Chapter 5. Complex multiplicati
Page 185 and 186:
Chapter 6Complex multiplication in
Page 187 and 188:
6.1. Abelian varieties 1616.1 Abeli
Page 189 and 190:
6.1. Abelian varieties 163Theorem 6
Page 191 and 192:
6.1. Abelian varieties 165A homomor
Page 193 and 194:
6.1. Abelian varieties 1676.1.5 Hom
Page 195 and 196:
6.2. Class groups and units 169The
Page 197 and 198:
6.2. Class groups and units 171in [
Page 199 and 200:
6.3. Complex multiplication 173If t
Page 201 and 202:
6.3. Complex multiplication 175•
Page 203 and 204:
6.3. Complex multiplication 177We h
Page 205 and 206:
6.3. Complex multiplication 179pola
Page 207 and 208:
6.4. Class polynomials for genus 2
Page 209 and 210:
6.4. Class polynomials for genus 2
Page 211:
Appendices
Page 214 and 215:
Table A.3: Coefficients for d = 3,
Page 216 and 217:
Table A.8: Coefficients for d = 8,
Page 218 and 219:
192 Bibliography[13] Elwyn Ralph Be
Page 220 and 221:
194 Bibliography[42] Claude Carlet,
Page 222 and 223:
196 Bibliography[72] Cunsheng Ding,
Page 224 and 225:
198 Bibliography[102] David Freeman
Page 226 and 227:
200 Bibliography[132] Marc Hindry a
Page 228 and 229:
202 Bibliography[161] Philippe Lang
Page 230 and 231:
204 Bibliography[191] Willi Meier a
Page 232 and 233:
206 Bibliography[222] Oscar Seymour
Page 234 and 235:
208 Bibliography[254] Marco Streng.
Page 236 and 237:
210 Bibliography[286] Chia-Fu Yu. T
Page 238 and 239:
212 IndexForm class group . . . . .
Page 240 and 241:
214 IndexKKloosterman sum . . . . .
Page 243 and 244:
Résumé longFauĆ.Werd’ iĚ beru
Page 245 and 246:
1. Des fonctions booléennes et d
Page 247 and 248:
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
2. Fonctions courbes et comptage de
Page 255 and 256:
Page 257 and 258:
Page 259 and 260:
Page 261 and 262:
3. Multiplication complexe et polyn
Page 263 and 264:
Page 265 and 266:
Page 267:
show all

here - Sites personnels de TELECOM ParisTech - TÃ©lÃ©com ParisTech

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?