index calculus

Similar documents
:00-16:10

2 2 ( M2) ( )

Skew-Frobenius IISEC, JANT18 1

#2 (IISEC)


II

320_…X…e†Q“õ‹øfiÁ’F

情報理論 第5回 情報量とエントロピー

DVIOUT

x () g(x) = f(t) dt f(x), F (x) 3x () g(x) g (x) f(x), F (x) (3) h(x) = x 3x tf(t) dt.9 = {(x, y) ; x, y, x + y } f(x, y) = xy( x y). h (x) f(x), F (x

p-sylow :

18 ( ) I II III A B C(100 ) 1, 2, 3, 5 I II A B (100 ) 1, 2, 3 I II A B (80 ) 6 8 I II III A B C(80 ) 1 n (1 + x) n (1) n C 1 + n C


II A A441 : October 02, 2014 Version : Kawahira, Tomoki TA (Kondo, Hirotaka )

7. y fx, z gy z gfx dz dx dz dy dy dx. g f a g bf a b fa 7., chain ule Ω, D R n, R m a Ω, f : Ω R m, g : D R l, fω D, b fa, f a g b g f a g f a g bf a

x = a 1 f (a r, a + r) f(a) r a f f(a) 2 2. (a, b) 2 f (a, b) r f(a, b) r (a, b) f f(a, b)

x ( ) x dx = ax

min. z = 602.5x x 2 + 2

M M M M

1 Abstract 2 3 n a ax 2 + bx + c = 0 (a 0) (1) ( x + b ) 2 = b2 4ac 2a 4a 2 D = b 2 4ac > 0 (1) 2 D = 0 D < 0 x + b 2a = ± b2 4ac 2a b ± b 2

ax 2 + bx + c = n 8 (n ) a n x n + a n 1 x n a 1 x + a 0 = 0 ( a n, a n 1,, a 1, a 0 a n 0) n n ( ) ( ) ax 3 + bx 2 + cx + d = 0 4


dy + P (x)y = Q(x) (1) dx dy dx = P (x)y + Q(x) P (x), Q(x) dy y dx Q(x) 0 homogeneous dy dx = P (x)y 1 y dy = P (x) dx log y = P (x) dx + C y = C exp

90 0 4

1 1 sin cos P (primary) S (secondly) 2 P S A sin(ω2πt + α) A ω 1 ω α V T m T m 1 100Hz m 2 36km 500Hz. 36km 1

lecture

FX ) 2

FX自己アフリエイトマニュアル

°ÌÁê¿ô³ØII

one way two way (talk back) (... ) C.E.Shannon 1948 A Mathematical theory of communication. 1 ( ) 0 ( ) 1


.3. (x, x = (, u = = 4 (, x x = 4 x, x 0 x = 0 x = 4 x.4. ( z + z = 8 z, z 0 (z, z = (0, 8, (,, (8, 0 3 (0, 8, (,, (8, 0 z = z 4 z (g f(x = g(

資料5:聖ウルスラ学院英智小・中学校 提出資料(1)

四変数基本対称式の解放

5.. z = f(x, y) y y = b f x x g(x) f(x, b) g x ( ) A = lim h g(a + h) g(a) h g(x) a A = g (a) = f x (a, b)

I

PDF


untitled

I A A441 : April 21, 2014 Version : Kawahira, Tomoki TA (Kondo, Hirotaka ) Google

(1) + b = b +, (2) b = b, (3) + 0 =, (4) 1 =, (5) ( + b) + c = + (b + c), (6) ( b) c = (b c), (7) (b + c) = b + c, (8) ( + b)c = c + bc (9

st.dvi

1 2 STEP 1 STEP 2 STEP 3


untitled

サイボウズ ガルーン 3 管理者マニュアル

H1_H4_ ai

P indd


85

1


今日からはじめるプロアクティブ

1

制御盤BASIC Vol.3

altus_storage_guide

Jacobson Prime Avoidance

untitled

1 2

untitled

INDEX

INDEX

1002goody_bk_作業用

外為オンライン FX 取引 操作説明書


newmain.dvi

,. Black-Scholes u t t, x c u 0 t, x x u t t, x c u t, x x u t t, x + σ x u t, x + rx ut, x rux, t 0 x x,,.,. Step 3, 7,,, Step 6., Step 4,. Step 5,,.


数理.indd


‚䔃OK

000ŒÚ”Ł

28Łª”q-11…|…X…^†[

.....I.v.{..

「個人をどう捉えるか」で変わる教育シーン

untitled

untitled

HP・図書リスト( ).xlsx


2014 x n 1 : : :

2009 IA I 22, 23, 24, 25, 26, a h f(x) x x a h

数学の基礎訓練I

III 1 (X, d) d U d X (X, d). 1. (X, d).. (i) d(x, y) d(z, y) d(x, z) (ii) d(x, y) d(z, w) d(x, z) + d(y, w) 2. (X, d). F X.. (1), X F, (2) F 1, F 2 F

di-problem.dvi

証券協会_p56

i

数学Ⅱ演習(足助・09夏)


x, y x 3 y xy 3 x 2 y + xy 2 x 3 + y 3 = x 3 y xy 3 x 2 y + xy 2 x 3 + y 3 = 15 xy (x y) (x + y) xy (x y) (x y) ( x 2 + xy + y 2) = 15 (x y)

CALCULUS II (Hiroshi SUZUKI ) f(x, y) A(a, b) 1. P (x, y) A(a, b) A(a, b) f(x, y) c f(x, y) A(a, b) c f(x, y) c f(x, y) c (x a, y b)

WLBARGS-P_-U_Q&A

.H..01..


No.262全ページ


CompuSec SW Ver.5.2 アプリケーションガイド(一部抜粋)

65歳雇用時代の賃金制度のつくり方


(check matrices and minimum distances) H : a check matrix of C the minimum distance d = (the minimum # of column vectors of H which are linearly depen

エジプト、アブ・シール南丘陵頂部・石造建造物のロータス柱の建造方法

Transcription:

index calculus 2008 3 8 1

generalized Weil descent p :, E/F p 3 : Y 2 = f(x), where f(x) = X 3 + AX + B, A F p, B F p 3 E(F p 3) 3 : Generalized Weil descent E(F p 4) 2

Index calculus Plain version Double-large-prime version Relation collection Gaudry Nagao 3

E(F p n) index calculus Index calculus(1991:adleman-demarrais-huang, 1997:Gaudry) Weil descent(1998:frey) E(F p n) F p index calculus Generalized Weil descent(2004:gaudry, 2007:Nagao) E(F p n) index calculus 4

Generalized Weil descent Step1 : Relation collection part Relation Gröbner Step2 : Linear algebra part relation 5

Relation collection part B 0 := {P i = (x i, y i ) E(F p 3) x i F p }, #B 0 = O(p) For Q E(F p 3) Relation : Q + P 1 + P 2 + P 3 = 0, P i B 0 Step1 : Step2 : Gröbner Gröbner 6

Relation collection Gaudry Semaev summation polynomials Gröbner Nagao Gaudry Gröbner 7

Gaudry 1 Semaev summation polynomials For P i = (x i, y i ) E(F p 3) f m (x 1, x 2, x 3,..., x m ) = 0, x 1, x 2, x 3,..., x m F p 3 P 1 + P 2 + P 3 + + P m = 0 E(F p 3) 8

For Q = (x, y) E(F p 3) Gaudry 2 Relation : Q + P 1 + P 2 + P 3 = 0, P i B 0 Relation 1 6 For P i = (X i, Y i ) E(F p 3), : X i, Y i Step1 : f 3 (X 1, X 2, X), f 3 (X 3, x, X) Step2 : f 4 (X 1, X 2, X 3, x) =Resultant(f 3, f 3, X) Step3 : X 1, X 2, X 3 9

Gaudry 3 For Q E(F p 3), P 1, P 2, P 3 E(F p 3), f(x) = X 3 + AX + B Step1: Summation polynomial f 3 (X 1, X 2, X) = (X 1 X 2 ) 2 X 2 2((X 1 + X 2 )(X 1 X 2 + A) + 2B) +((X 1 X 2 A) 2 4B(X 1 + X 2 )) f 3 (X 3, x, X) = (X 3 x) 2 X 2 2((X 3 + x)(x 3 x + A) + 2B) +((X 3 x A) 2 4B(X 3 + x)) 10

Gaudry 4 Step2: f 4 (X 1, X 2, X 3, x) = Resultant(f 3, f 3, X) Step3: F p 3/F p 1, t, t 2 f 4 = ϕ 0 (X 1, X 2, X 3 ) + ϕ 1 (X 1, X 2, X 3 )t + ϕ 2 (X 1, X 2, X 3 )t 2 where ϕ i (X 1, X 2, X 3 ) F p [X 1, X 2, X 3 ] f 4 (X 1, X 2, X 3, x) = 0 Q + P 1 + P 2 + P 3 = 0 ϕ 0 = 0, ϕ 1 = 0, ϕ 2 = 0 ϕ 0 = 0, ϕ 1 = 0, ϕ 2 = 0 X 1, X 2, X 3 11

Gaudry Relation Step1 : ϕ 0 = 0, ϕ 1 = 0, ϕ 2 = 0 Step2 : Gröbner Step3 : X 1, X 2, X 3 F p P i = (X i, Y i ) B 0 12

Gaudry :, :, Step1 : ϕ 0 = 0, ϕ 1 = 0, ϕ 2 = 0 T 1 = X 1 + X 2 + X 3 T 2 = X 1 X 2 + X 2 X 3 + X 1 X 3 T 3 = X 1 X 2 X 3 Step2 : ϕ 0 (T 1, T 2, T 3 ) = 0, ϕ 1 (T 1, T 2, T 3 ) = 0, ϕ 2 (T 1, T 2, T 3 ) = 0 Gröbner Step3 : X 3 + T 1 X 2 + T 2 X + T 3, : X X 1, X 2, X 3 13

Nagao 1 For Q = (x, y) E(F p 3) Relation : Q + P 1 + P 2 + P 3 = 0, P i B 0 Q, P 1, P 2, P 3 E h(x, Y ) = 0 h(x, Y ) = (X x)(x + u) + (Y y)v, : u, v 14

Nagao 2 h(x, Y ) = 0 Y 2 = f(x) Y S(X) := v 2 f(x) + ((X x)(u + X) yv) 2 = X 4 + ( v 2 + 2u 2x)X 3 +( 2yv + u 2 4xu + x 2 )X 2 +( Av 2 2yuv + 2xyv 2xu 2 + 2x 2 u)x Bv 2 + y 2 v 2 + 2xyuv + x 2 u 2 = 0 15

(X x) S(X) g(x) := S(X) X x Nagao 3 g(x) := X 3 + C 2 X 2 + C 1 X + C 0 = 0, where C i F p 3[u, v] g(x) = 0 P 1, P 2, P 3 X F p 3/F p 1, t, t 2 u = u 0 + u 1 t + u 2 t 2 v = v 0 + v 1 t + v 2 t 2 : u i, v i 16

Nagao 4 g(x) := X 3 + C 2 X 2 + C 1 X + C 0 C i,j F p [u 0,..., v 2 ], i.e. C 0 = C 0,0 + C 0,1 t + C 0,2 t 2 C 1 = C 1,0 + C 1,1 t + C 1,2 t 2 C 2 = C 2,0 + C 2,1 t + C 2,2 t 2 P 1, P 2, P 3 B 0 g(x) F p [X] g(x) = X 3 + C 2,0 X 2 + C 1,0 X + C 0,0 C 0,1 = 0,..., C 2,2 = 0 17

Nagao Relation Step1 : C 0,1 = 0, C 0,2 = 0, C 1,1 = 0, C 1,2 = 0, C 2,1 = 0, C 2,2 = 0 Step2 : Gröbner u 0,..., v 2 F p C 0,0, C 1,0, C 2,0 F p Step3 : g(x) = X 3 + C 2,0 X 2 + C 1,0 X + C 0,0 g(x) = (X x 1 )(X x 2 )(X x 3 ) = 0 s.t. x i F p P i = (x i, y i ) B 0 18

Gaudry Gaudry Nagao 3 3 6 3 3 6 12 4 2 125,124,124 35,33,33 21,21,15,15,5,5 Gröbner 19

Relation collection Relation collection OS:Linux version 2.6.13 CPU:AMD Athlon 64 X2, 2.4GHz 4GB MAGMA V2.14-5 20

Gaudry, Nagao p 3 42-160bit relation 1000

Relation 1 Gaudry log p 3 Gröbner 64 (bit) 0.751 (sec) 0.101 (sec) 0.856 (sec) 96 (bit) 1.339 (sec) 0.355 (sec) 1.714 (sec) 128 (bit) 1.299 (sec) 0.365 (sec) 1.690 (sec) 160 (bit) 1.279 (sec) 0.407 (sec) 1.703 (sec) Nagao log p 3 Gröbner 64 (bit) 0.011 (sec) 0.188 (sec) 0.201 (sec) 96 (bit) 0.015 (sec) 0.972 (sec) 0.994 (sec) 128 (bit) 0.014 (sec) 1.036 (sec) 1.058 (sec) 160 (bit) 0.013 (sec) 1.106 (sec) 1.128 (sec) 21

Index calculus(plain version) Relation collection part : p relation Gaudry, Nagao relation p Gaudry p 3 20-50bit relation 100 relation p 22

Relation collection 2 100 2 90 Gaudry s algorithm Gaudry s algorithm (with symmetry) Nagao s algorithm 2 80 2 70 2 60 Time(sec) 2 50 2 40 2 30 2 20 2 10 2 0 50 60 70 80 90 100 110 120 130 140 150 160 170 180 190 200 210 220 230 240 250 log 2 p 3 (bit) 23

Index calculus Gaudry (Gaudry) : Plain version O(p 2 ) Plain version Gaudry-Harley (Gaudry-Harley) O(p 3 2) Single-large-prime version (Thériault) Double-large-prime version (Nagao,Gaudry-Thomé-Thériault-Diem) O(p 4 3) < Rho O(p 3 2) 24

Index calculus (plain version) B 0 s.t. #B 0 p Relation collection part O(p) Linear algebra part O(p 2 ) O(p 2 ) : Rho 25

Index calculus (plain version) Index calculus p 3 20-53bit (Relation collection by Nagao ) 53bit 26

Index calculus (plain version) 2 260 2 240 2 220 Relation collection part Linear algebra part Rho method 2 200 2 180 2 160 Time(sec) 2 140 2 120 2 100 2 80 2 60 2 40 2 20 2 0 20 40 60 80 100 120 140 160 180 200 220 240 260 280 300 log 2 p 3 (bit) 27

Index calculus (double-large-prime version) : B B 0 s.t. #B p 2 3 Relation collection part O(p 4 3) Linear algebra part O(p 4 3) O(p 4 3) < Rho O(p 3 2) 28

Double-large-prime version Double-large-prime version p 3 20-35bit (Relation collection by Nagao ) double-large-prime version 29

Double-large-prime-version 2 140 2 120 Relation collection part Linear algebra part Rho method 2 100 2 80 Time(sec) 2 60 2 40 2 20 2 0 20 40 60 80 100 120 140 160 180 200 220 240 260 log 2 p 3 (bit) 30

4 Relation collection Relation 1 64(bit) : 59808 (sec) 96(bit) : 194352 (sec) Time(sec) 2 220 2 210 2 200 2 190 2 180 2 170 2 160 2 150 2 140 2 130 2 120 2 110 2 100 2 90 2 80 2 70 2 60 2 50 2 40 2 30 2 20 2 10 2 0 ext.deg = 4 ext.deg = 3 Rho method 60 80 100 120 140 160 180 200 220 240 260 280 300 320 340 360 380 400 log 2 #E(F p n) (bit) p 3 : p 4 3, p 4 : p 3 2 relation 31

Relation collection Gaudry Nagao Index calculus Plain version Double-large-prime version Generalized Weil descent 3 32

2024 © docsplayer.net プライバシー | 利用規約 | フィードバック