Showing 1–10 of 10 results for author: Biasse, J

A note on the security of CSIDH

Authors: Jean-François Biasse, Annamaria Iezzi, Michael J. Jacobson Jr

Abstract: We propose an algorithm for computing an isogeny between two elliptic curves $E_1,E_2$ defined over a finite field such that there is an imaginary quadratic order $\mathcal{O}$ satisfying $\mathcal{O}\simeq \operatorname{End}(E_i)$ for $i = 1,2$. This concerns ordinary curves and supersingular curves defined over $\mathbb{F}_p$ (the latter used in the recent CSIDH proposal). Our algorithm has heur… ▽ More We propose an algorithm for computing an isogeny between two elliptic curves $E_1,E_2$ defined over a finite field such that there is an imaginary quadratic order $\mathcal{O}$ satisfying $\mathcal{O}\simeq \operatorname{End}(E_i)$ for $i = 1,2$. This concerns ordinary curves and supersingular curves defined over $\mathbb{F}_p$ (the latter used in the recent CSIDH proposal). Our algorithm has heuristic asymptotic run time $e^{O\left(\sqrt{\log(|Δ|)}\right)}$ and requires polynomial quantum memory and $e^{O\left(\sqrt{\log(|Δ|)}\right)}$ classical memory, where $Δ$ is the discriminant of $\mathcal{O}$. This asymptotic complexity outperforms all other available method for computing isogenies. We also show that a variant of our method has asymptotic run time $e^{\tilde{O}\left(\sqrt{\log(|Δ|)}\right)}$ while requesting only polynomial memory (both quantum and classical). △ Less

Submitted 1 August, 2018; v1 submitted 10 June, 2018; originally announced June 2018.

On the computation of the HNF of a module over the ring of integers of a number field

Authors: Jean-François Biasse, Claus Fieker, Tommy Hofmann

Abstract: We present a variation of the modular algorithm for computing the Hermite normal form of an $\mathcal O_K$-module presented by Cohen, where $\mathcal O_K$ is the ring of integers of a number field $K$. An approach presented in (Cohen 1996) based on reductions modulo ideals was conjectured to run in polynomial time by Cohen, but so far, no such proof was available in the literature. In this paper,… ▽ More We present a variation of the modular algorithm for computing the Hermite normal form of an $\mathcal O_K$-module presented by Cohen, where $\mathcal O_K$ is the ring of integers of a number field $K$. An approach presented in (Cohen 1996) based on reductions modulo ideals was conjectured to run in polynomial time by Cohen, but so far, no such proof was available in the literature. In this paper, we present a modification of the approach of Cohen to prevent the coefficient swell and we rigorously assess its complexity with respect to the size of the input and the invariants of the field $K$. △ Less

Submitted 30 December, 2016; originally announced December 2016.

MSC Class: 11Y40

Journal ref: Journal of Symbolic Computation, Volume 80 (2017), Pages 581-615

A fast algorithm for finding a short generator of a principal ideal of $\mathbb{Q}(ζ_{p^s})$

Authors: Jean-Francois Biasse

Abstract: We present a heuristic algorithm to compute the ideal class group, and a generator of a principal ideal in $\mathbb{Q}(ζ_{p^s})$ in time $2^{O(n^{1/2+\varepsilon})}$ for $n:= deg(K)$ and arbitrarily small $\varepsilon$. This yields an attack on the schemes relying on the hardness of finding a short generator of a principal ideal such as such as the homomorphic encryption scheme of Vercauteren and… ▽ More We present a heuristic algorithm to compute the ideal class group, and a generator of a principal ideal in $\mathbb{Q}(ζ_{p^s})$ in time $2^{O(n^{1/2+\varepsilon})}$ for $n:= deg(K)$ and arbitrarily small $\varepsilon$. This yields an attack on the schemes relying on the hardness of finding a short generator of a principal ideal such as such as the homomorphic encryption scheme of Vercauteren and Smart, and the multilinear maps of Garg, Gentry and Halevi. We rely on the work from Cramer, Ducas, Peikert and Regev. They proved that finding a short generator polynomially reduces to finding an arbitrary one. The complexity is better than when we rely on the work of Biasse and Fieker on the PIP, which yields an attack in time $2^{n^{2/3+\varepsilon}}$ for arbitrarily small $\varepsilon >0$. $\textbf{Since Sep. 30 2016}$ We present practical improvements to our methods. Moreover, we describe a variant that solves the PIP on input ideal $I$ of norm less than $2^{n^b}$ in time $2^{O\left(n^{c+o(1)}\right)}$ for $2/5 < c < 1/2$ and $b\leq 7c -2$ given a one time precomputation of cost $2^{O(n^{2-3c+\varepsilon})}$ for an arbitrarily small $\varepsilon$. This also solves $γ$-SVP in principal ideals of $\mathbb{Q}(ζ_{p^s})$ for $γ\in e^{\tilde{O}(\sqrt{n})}$. On principal ideals of norm less than $2^{n^b}$, we can leverage the precomputation to achieve a better asymptotic run time than the BKZ algorithm. △ Less

Submitted 24 March, 2017; v1 submitted 10 March, 2015; originally announced March 2015.

Improvements in the computation of ideal class groups of imaginary quadratic number fields

Authors: Jean-François Biasse

Abstract: We investigate improvements to the algorithm for the computation of ideal class groups described by Jacobson in the imaginary quadratic case. These improvements rely on the large prime strategy and a new method for performing the linear algebra phase. We achieve a significant speed-up and are able to compute ideal class groups with discriminants of 110 decimal digits in less than a week. We investigate improvements to the algorithm for the computation of ideal class groups described by Jacobson in the imaginary quadratic case. These improvements rely on the large prime strategy and a new method for performing the linear algebra phase. We achieve a significant speed-up and are able to compute ideal class groups with discriminants of 110 decimal digits in less than a week. △ Less

Submitted 5 April, 2012; originally announced April 2012.

Comments: 14 pages, 5 figures

MSC Class: Primary: 58F15; 58F17; Secondary: 53C35

Journal ref: J.-F. Biasse, Practical improvements to ideal class group computation in imaginary quadratic number fields, Advances in Mathematics of Comunications 4 (2), 2010, pp. 141-154

A polynomial time algorithm for computing the HNF of a module over the integers of a number field

Authors: Jean-François Biasse, Claus Fieker

Abstract: We present a variation of the modular algorithm for computing the Hermite Normal Form of an $\OK$-module presented by Cohen, where $\OK$ is the ring of integers of a number field K. The modular strategy was conjectured to run in polynomial time by Cohen, but so far, no such proof was available in the literature. In this paper, we provide a new method to prevent the coefficient explosion and we rig… ▽ More We present a variation of the modular algorithm for computing the Hermite Normal Form of an $\OK$-module presented by Cohen, where $\OK$ is the ring of integers of a number field K. The modular strategy was conjectured to run in polynomial time by Cohen, but so far, no such proof was available in the literature. In this paper, we provide a new method to prevent the coefficient explosion and we rigorously assess its complexity with respect to the size of the input and the invariants of the field K. △ Less

Submitted 5 April, 2012; originally announced April 2012.

Comments: 11 pages

MSC Class: Primary 54C40; 14E20; Secondary 46E25; 20C20

New techniques for computing the ideal class group and a system of fundamental units in number fields

Authors: Jean-François Biasse, Claus Fieker

Abstract: We describe a new algorithm for computing the ideal class group, the regulator and a system of fundamental units in number fields under the generalized Riemann hypothesis. We use sieving techniques adapted from the number field sieve algorithm to derive relations between elements of the ideal class group, and $p$-adic approximations to manage the loss of precision during the computation of units.… ▽ More We describe a new algorithm for computing the ideal class group, the regulator and a system of fundamental units in number fields under the generalized Riemann hypothesis. We use sieving techniques adapted from the number field sieve algorithm to derive relations between elements of the ideal class group, and $p$-adic approximations to manage the loss of precision during the computation of units. This new algorithm is particularily efficient for number fields of small degree for which a speed-up of an order of magnitude is achieved with respect to the standard methods. △ Less

Submitted 5 April, 2012; originally announced April 2012.

Comments: 17 pages

MSC Class: Primary 54C40; 14E20; Secondary 46E25; 20C20

An L(1/3) algorithm for discrete logarithm computation and principality testing in certain number fields

Authors: Jean-François Biasse

Abstract: We analyse the complexity of solving the discrete logarithm problem and of testing the principality of ideals in a certain class of number fields. We achieve the subexponential complexity in $O(L(1/3,O(1)))$ when both the discriminant and the degree of the extension tend to infinity by using techniques due to Enge, Gaudry and Thomé in the context of algebraic curves over finite fields. We analyse the complexity of solving the discrete logarithm problem and of testing the principality of ideals in a certain class of number fields. We achieve the subexponential complexity in $O(L(1/3,O(1)))$ when both the discriminant and the degree of the extension tend to infinity by using techniques due to Enge, Gaudry and Thomé in the context of algebraic curves over finite fields. △ Less

Submitted 5 April, 2012; originally announced April 2012.

Comments: 13 pages

MSC Class: Primary: 58F15; 58F17; Secondary: 53C35

An algorithm for list decoding number field codes

Authors: Jean-François Biasse, Guillaume Quintin

Abstract: We present an algorithm for list decoding codewords of algebraic number field codes in polynomial time. This is the first explicit procedure for decoding number field codes whose construction were previously described by Lenstra and Guruswami. We rely on an equivalent of the LLL reduction algorithm for $\OK$-modules due to Fieker and Stehlé and on algorithms due to Cohen for computing the Hermite… ▽ More We present an algorithm for list decoding codewords of algebraic number field codes in polynomial time. This is the first explicit procedure for decoding number field codes whose construction were previously described by Lenstra and Guruswami. We rely on an equivalent of the LLL reduction algorithm for $\OK$-modules due to Fieker and Stehlé and on algorithms due to Cohen for computing the Hermite normal form of matrices representing modules over Dedekind domains. △ Less

Submitted 5 April, 2012; v1 submitted 12 July, 2011; originally announced July 2011.

Security Estimates for Quadratic Field Based Cryptosystems

Authors: Jean-François Biasse, Jacobson John Michael, Silverster K. Alan

Abstract: We describe implementations for solving the discrete logarithm problem in the class group of an imaginary quadratic field and in the infrastructure of a real quadratic field. The algorithms used incorporate improvements over previously-used algorithms, and extensive numerical results are presented demonstrating their efficiency. This data is used as the basis for extrapolations, used to provide re… ▽ More We describe implementations for solving the discrete logarithm problem in the class group of an imaginary quadratic field and in the infrastructure of a real quadratic field. The algorithms used incorporate improvements over previously-used algorithms, and extensive numerical results are presented demonstrating their efficiency. This data is used as the basis for extrapolations, used to provide recommendations for parameter sizes providing approximately the same level of security as block ciphers with $80,$ $112,$ $128,$ $192,$ and $256$-bit symmetric keys. △ Less

Submitted 30 April, 2010; originally announced April 2010.

Journal ref: Lecture notes in computer science (2010)

An L(1/3) algorithm for ideal class group and regulator computation in certain number fields

Authors: Jean-François Biasse

Abstract: We analyse the complexity of the computation of the class group structure, regulator, and a system of fundamental units of a certain class of number fields. Our approach differs from Buchmann's, who proved a complexity bound of L(1/2,O(1)) when the discriminant tends to infinity with fixed degree. We achieve a subexponential complexity in O(L(1/3,O(1))) when both the discriminant and the degree… ▽ More We analyse the complexity of the computation of the class group structure, regulator, and a system of fundamental units of a certain class of number fields. Our approach differs from Buchmann's, who proved a complexity bound of L(1/2,O(1)) when the discriminant tends to infinity with fixed degree. We achieve a subexponential complexity in O(L(1/3,O(1))) when both the discriminant and the degree of the extension tend to infinity by using techniques due to Enge and Gaudry in the context of algebraic curves over finite fields. △ Less

Submitted 10 December, 2009; originally announced December 2009.