صفحه شمار :
نه, [129]ص.: مصور, جدول, نمودار
توصيفگر ها :
خم بيضوي , آيزوجني , آيزوجني ابرمنفرد , امضاي غيرقابل انكار , سيستم تبادل كليد ديفي- هلمن
چكيده فارسي :
از مسائل مهم در ارسال و دريافت پيامهاي رمزنگاري شده تاييد اصالت محتوا و هويت ارسال كننده است. امضاي ديجيتال يك راه حل كارآمد براي تحقق اين نياز است. به همين علت امضاهاي ديجيتال مطرح شدند تا ارسال كننده با درج امضاي خود، اين دو تضمين را به مخاطب بدهد. در مواردي، افراد ميتوانستند پس از توليد و ارسال امضاي ديجيتال متن، هويت خود را انكار كنند. در همين راستا امضاهاي غيرقابل انكار مطرح شدند تا به امضاهاي ديجيتال اعتبار ببخشند. اين امضا براي هر شخص، وابسته به كليد خصوصي و منحصر به فرد است و براي تاييد هويت فرستنده، به يك همكاري دوطرفه نياز دارد.
يكي از چالشهاي اساسي هر سيستم تبادل اطلاعات، تضمين محرمانگي است. اين نياز با بنا كردن پروتكلها بر پايه مسائل سخت محاسباتي بر طرف ميشود. خمهاي بيضوي و آيزوجنيها، ساختارهاي برآمده از هندسه جبري هستند كه بخاطر مسائل سخت محاسباتي كه مطرح ميكنند، در سيستمهاي مختلف مورد توجه قرار گرفتهاند. در اين پاياننامه با نگاهي ريشهاي به اين موضوع، ابتدا يك سيستم مشابه سيستم تبادل كليد ديفي-هلمن با استفاده از آيزوجنيهاي معمولي را مطالعه ميكنيم. سپس به بررسي يك سيستم مشابه سيستم تبادل كليد ديفي$-$هلمن با استفاده از آيزوجنيهاي ابرمنفرد و يك طرح امضاي غير قابل انكار مبتني بر آن ميپردازيم كه تاكنون با اجراي حملات و الگوريتمهاي كوانتومي نيز امنيت خود را حفظ كردهاند.
چكيده انگليسي :
As we know, some secure cryptographic schemes are based on hard computational number-theoretic problems. Computationally hard isogeny-based problems allow us to construct cryptographic schemes which are secure against both classic and post-quantum attacks. Indeed, isogeny-based cryptography, besides Hash-based cryptography, Lattice-based cryptography, Code-based cryptography, and Multivariate-based cryptography, is one of the promising candidate in the post-quantum era. This family is the youngest among all the post-quantum families, and it ties pure mathematics to modern concepts such as quantum algorithms. For a fixed security level, isogeny-based key exchange protocol brings about the shortest shared key, which is a crucial feature when we need to design devices with memory constraint.
This thesis can be divided into the following part:
- We first review the fundamental concepts such as elliptic curves, endomorphism rings of elliptic curves, isogenies between elliptic curves, and isogeny graphs. More precisely, an isogeny between elliptic curves is a non-constant map that can be written as a fraction of polynomials and is compatible with addition on both curves, so that the image of the sum of two points on the first curve is equal to the sum of the images, when computed on the second curve. Isogeny-based cryptography uses isogenies between elliptic curves over finite fields. One of the computationally hard problems that are used in isogeny-based cryptography is as follows: You are given two isogenous elliptic curves and you have to find an isogeny between them. Up to now, all of the classic and quantum algorithms which are proposed for solving this problem in supersingular isogeny graphs have exponential complexity. It means, this problem could be a reliable problem for constructing some post-quantum schemes in the post-quantum era. It is worth mentioning that there are other computationally hard problems based on isogenies that have been utilized in constructing secure schemes and we state them in chapter 3.
- Then, we explain how these concepts are associated with cryptography. Specifically, we discuss the key exchange protocol based on isogenies between ordinary and supersingular elliptic curves. In both cases, Alice and Bob start from an elliptic curve E and walk randomly in the isogeny graph using l_A-isogenies and l_B-isogenies to get to two random elliptic curves E_A and E_B. After that, they exchange some information such as the j-invariant of their respective curves, and Alice pursue her walk from an elliptic curve isomorphic to E_B using l_A-isogenies while Bob pursue his walk from an elliptic curve isomorphic to E_A using l_B-isogenies. They would reach two isomorphic elliptic curves, so two curves have the same j-invariant that is a random element and is considered as the shared key.
- Finally, we discuss the post-quantum undeniable isogeny-based digital signature scheme that is based on isogenies between supersingular elliptic curves. Digital signature is one the selling points of the public key cryptography that brings about data integrity and authentication. Undeniable signatures keep us secure from the malicious behaviour of parties who sign messages and later will deny signing them. The core idea of the undeniable signature scheme is like before, only we use three small primes l_A, l_M and l_C to blind the signature in confirmation and disavowal protocols. This scheme is interactive and allows the verifier to either verify or disprove the identity of signer, or equivalently confirm or disavow the signature. As we said, security of these protocols relies on finding isogenies between elliptic curves that have exponential time-complexity in both classic and quantum computers.
