Presentation is loading. Please wait.

Presentation is loading. Please wait.

Elliptic Curve Cryptography and Curve Counting Via the Feynman Transform Michael Slawinski Ph.D. Candidate, UCSD Mathematics Department.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Elliptic Curve Cryptography and Curve Counting Via the Feynman Transform Michael Slawinski Ph.D. Candidate, UCSD Mathematics Department."— Presentation transcript:

1 Elliptic Curve Cryptography and Curve Counting Via the Feynman Transform Michael Slawinski Ph.D. Candidate, UCSD Mathematics Department

2 Outline I.Algebraic Geometry and Cryptography a) Background on Algebraic Geometry i) What is Algebraic Geometry? ii) Algebraic Varieties iii) Function Fields iv) Divisors v) The Genus of a Curve vi) The Riemann-Roch Theorem vii) The Group Law on the Elliptic Curve b) Elliptic Curve Cryptography II. Thesis project a) The problem b) My contribution and its importance c) Motivation from String Theory d) The project in detail

3 What is Algebraic Geometry? Algebraic geometry is the study of the relationship between polynomial equations and their solution sets. For example, the solution set of the polynomial equation y = x 2 – 1 is given by the parabola x y This equation is rewritten as y – x 2 + 1 = 0, and the algebraic variety corresponding to the polynomial f = y – x 2 + 1 is the zero set of this polynomial.

4 Algebraic Varieties An algebraic variety is a set consisting of all roots of a finite collection of polyomial equations with coefficients in a field K : i.e., V(f 1,..., f m ):= {(x 1,..., x n )|f 1 (x 1,..., x n ) =... = f m (x 1,..., x n ) = 0} S T STST S = V({f i }) T = V({g j }) S  T = V({f i }  {g j }) f = x 2 – y – 3 g = x – y + 1 h = x – y – 2 V(f,g) = {P, Q} V(f,h) = {R, S} V(f, g, h) = {empty} Q P S R

5 Function Fields The function field K(C) of a curve C, is defined to be the field of rational functions on C. Then define K(C)* = {f in K(C) such that fg=1 for some g}. This is the multiplicative group of the function field K(C). K(C) is a vector space over K, where K is the field over which the curve C is defined. K(C) = { |f and g are polynomial functions on C}

6 Divisors on Curves A divisor on a curve C is a finite, formal sum of the form D =  n P P, where {P} is an arbitrary finite set of points on C and {n P } is a set of integers. The degree of a divisor D, denoted deg D, is  n P. C P Q R Some examples of divisors involving these points are D 1 = 3P – 4Q + R, D 2 = 2P + 13Q – 5R Deg (D 1 ) = 3 – 4 + 1 and deg(D 2 ) = 2 + 13 – 5.

7 Divisors on Curves Assume that the curve C is smooth, and let f belong to K(C)*. A divisor can be associated to f by defining div(f) =  ord P (f) P. C P Q R For example, let and assume has a zero of order 3 at P, and has a zero of order 2 at R. Then div(f) = 3P – 2R We write D  0 if n P  0 for every P in C, and write D 1  D 2 if D 1 – D 2  0. Define L(D) = {f in K(C)* such that div(f)  – D}  {0} and write l(D) for dim L(D).

8 Divisors on Curves For example, if D = div(g), then f belongs to L(D) if the numerators of g vanish to higher order than the corresponding poles of f. In other words, fg is defined on the poles of f. L(D) = {f in K(C)* such that div(f)  – D}  {0} Example: If and, then f belongs to L(div(g)) because – 3P  – (4P), where P is the origin. Differentials Let C be a curve. The space of meromorphic differential forms on C is a K-vector space generated by symbols of the form dx for x in K(C), subject to the relations: I.d(x+y) = dx + dy II.d(xy) = xdy + ydx III.da = 0 Let  be a nonzero differential. Set K C = div(  ).

9 Genus of a Curve The genus of a curve is a nonnegative integer, which can be defined in any one of the following equivalent ways: g = dimension of the space of differentials with no poles on C 2g – 2 = (no. of zeroes) – (no. of poles) of any differential g = number of handles of C = number of 2-dimensional holes g = 0 g = 1 g = 2

10 Riemann-Roch Theorem Let C be a smooth curve. For any divisor D, one has l(D) – l(K C – D) = deg D – g +1, where l(D) = dim L(D) = dim{f in K(C)* such that div(f)  – D}  {0} All of these concepts are related in the famous Riemann-Roch Theorem: This theorem has many applications in algebraic geometry, and in the case of an elliptic curve gives a group structure to the curve itself. This group structure is at the heart of Elliptic Curve Cryptography, or ECC.

11 The Group Law on an Elliptic Curve An elliptic curve is a smooth, projective algebraic curve of genus one. By the Riemann-Roch theorem, the space L(6[  ]) has dimension 6, but contains the seven functions 1, x, y, x 2, xy, y 2, x 3. It follows there is a linear relation A 1 + A 2 x + A 3 y + A 4 x 2 + A 5 xy + A 6 y 2 + A 7 x 3 = 0 This is the equation of the elliptic curve in the plane.

12 The Group Law on an Elliptic Curve S R Q P  = O The group law is defined for any three points P, Q, and R by P + Q + R = 0 if and only if P, Q, and R are colinear. The point at infinity O is such that R + (– R) + O = 0. One writes the elliptic curve as (E,O), where E is the curve, and O is the point at infinity.

13 Elliptic Curve Cryptography Let (E,O) be an elliptic curve defined over a finite field F q where |F q |= q = p n for p a prime number. Let E(F q ) be the points of E. The Hasse – Weil bound is q + 1 – 2q 1/2  |E(F q )|  q + 1 + 2q 1/2 The ElGamal elliptic curve cryptosystem is described as follows: 1.Choose a point P in E(F q ) such that it has a large order in the group E(F q ). 2.The curve (E, O) and the point P are public knowledge. 3.The message that Alice wants to send to Bob is assumed to be a point M in E(F q ). 4.Bob chooses an integer d as his private key and publishes Q = dP as his public key. 5.Alice selects a random integer k and computes the points R = kP and S = M + kQ. 6.The pair (R, S) is sent as the ciphertext to Bob. 7.Bob can then recover the plaintext M by computing S + (– d)R. Indeed, S + (– d)R = M + kQ + (– d)R = M + k(dP) + (–d)kP = M. The security of the system is in the difficulty of computing d from dP.

14 Motivation from String Theory In ten dimensional string theory, the universe consists of the usual four-dimensional Minkowski space time R 1,3, and a “tiny” six- dimensional Calabi-Yau manifold M. The result is the cross product M x R 1,3. R 1,3 M x {p} p A single fiber of M x R 1,3 R 1,3

15 Strings through time and D-branes D1D1 String at time t String at time t + ϵ for ϵ > 0. D2D2 The endpoints of the string S are restricted to the D-branes D 1 and D 2,respectively. As S moves through time, it traces out a worldsheet with boundary restricted to D 1 and D 2.

16 The problem The counting of holomorphic curves on a Calabi-Yau manifold with boundary on the lagrangian submanifolds is equivalent to expressing the vector space Hom(L 0, L d )[– l][1]  Hom(L d-1, L d )[– l][-1]      Hom(L 0, L 1 ) [– l][-1][d – 1+ 2b 1 ] as an algebra over the Feynman transform. The space of holomorphic curves on a fixed Calabi-Yau X is denoted M g,n and consists of all continuous maps from genus g Riemann surfaces to X. For the purposes of this talk, the space Hom(L i, L j ) will be a complex vector space generated by the points of L i  L j, where the L i are special subspaces of the given Calabi-Yau called lagrangians.

17 My contribution I have been able to express Hom(L 0, L d )[– l][1]  Hom(L d-1, L d )[– l][-1]      Hom(L 0, L 1 ) [– l][-1][d – 1+ 2b 1 ] as an algebra over the Feynman transform in the case that the Calabi-Yau in question is an elliptic curve. This type of problem is very important in symplectic geometry, as well as in understanding a phenomenon known as mirror symmetry - the study of ‘mirror’ Calabi-Yau manifolds. In other words, there is a linear map of vector spaces encoding special relations among certain elements {m d } in the right hand vector space. FS[t] Hom(L 0, L d )[– l][1]  Hom(L d-1, L d )[– l][-1]      Hom(L 0, L 1 ) [– l][-1][d – 1 + 2b 1 ]

18 Circle as a quotient of the real line Let R/dZ be the set of real numbers modulo dZ. In other words, x = y in R/dZ if x-y is a multiple of d. This gives R/dZ the topological structure of a circle with circumference d. R 0d2d-d-2d R/dZ projection The projection can be visualized as the wrapping of R around R/dZ with each half-open interval [x, x+d) being a cover.

19 The torus as a fiber bundle R R/Z Projection Restriction to a single fiber: Projection E := C/(Z+Zi) C/Z Complex plane

20 Lagrangian submanifolds of the torus (x mod dZ,y mod Z) (x,y)(x mod dZ,y) projection L is given by y = nx. L A submanifold L M is called lagrangian if ω| TL = 0 and dim L= (1/2) dim M. If M = E is an elliptic curve, then any 1-dimensional submanifold is lagrangian. TR projection E In the context of the elliptic curve, the lagrangians play the part of the D – branes.

21 The elliptic curve as a torus The Weierstrass  function gives a way of writing the elliptic curve as a 2-torus as opposed to a plane cubic.  (z) is defined as follows: z (  (z),  ’(z)) C/Z y 2 = x(x-1)(x- )

22 The elements of Hom(L 0, L d )[– l][1]  Hom(L d-1, L d )[– l][-1]      Hom(L 0, L 1 ) [– l][-1][d – 1 + 2b 1 ] Recall that Hom(L i, L j ) is a complex vector space generated by L i  L j Using the duality isomorphism Hom(L i, L j )  Hom(L j, L i )*[l], the elements of Hom(L 0, L d )[– l][1]  Hom(L d-1, L d )[– l][-1]      Hom(L 0, L 1 ) [– l][-1][d – 1 + 2b 1 ] can be expressed as maps The elements u are holomorphic maps of the following types: The tensor product A  B of two vector spaces A and B is defined as follows A  B = {a  b| (a 1 +a 2 )  b = a 1  b + a 2  b, and a  (b 1 + b 2 ) = a  b 1 + a  b 2 }

23 The holomorphic maps u p 0,1 p 1,0 L L1L1 L0L0 Complex plane p 1,0 p 0,1 L L1L1 L0L0 nd p 1,2 p 0,2 p 0,1 L2L2 L1L1 L0L0 Unit disk in the complex plane p 1,2 p 0,2 p 0,1 L2L2 L0L0 L1L1 Complex Plane

24 Signs of polygons and annuli The point p 1,2 contributes a +1 as the orientation of L 2 agrees with the orientation of C, and p 0,3 contributes a -1 as the orientation of L 0 disagrees with that of C. p 0,3 p 0,1 p 2,3 p 1,2 L0L0 L3L3 L2L2 L1L1

25 Tropical Morse Graphs-Definition A tropical morse graph is a continuous map  (s) from a directed, connected graph G to the circle R/dZ, such that : 1.A vector field v e for each edge e of G, where v e (s) is a tangent vector of R/dZ at  (s) Specifically, v e (s) = v e (0) + n e (  (s) -  (0)). 2. The length of e is log(v e (1)/v e (0)). 3. ∑ v e(in) (1) = ∑ v e(out) (0) The point of the TMG is to provide a combinatorial way of working with the holomorphic maps from disks and annuli to the elliptic curve. s e v e (s)  (s) 

26 Tropical morse trees p 0,1 p 1,2 p 2,3 p 0,3 R projection p 0,1 +kdp 0,3 +kdp 2,3 +kd p 1,2 +kd p 0,1 p 0,3 p 2,3 p 1,2 Assume  maps f to p 1,2. The map  can either take e to the arc between p 2,3 and p 1,2 or it can wrap around some integer number of times and then complete this arc. The upshot here is that although the images of the external vertices of T are determined, there are an infinite number of distinct maps , indexed by the integers, which satisfy this. R/dZ p 0,1 p 1,2 p 2,3 p 0,3 

27 Tropical morse graphs p 0,1 p 1,2 p 0,2 p 1,2 p 0,2 p 0,1 In the graph case, the map  does not factor through R as the domain is not simply connected. Note that  can still wrap around R/dZ even though there is no lift of  to R. The dimension of the space of all maps, G d, from the space of all graphs with d + 1 external legs, marked by {p i-1,i }, to the circle R/dZ is dim G d = d – 1 + 2b 1 - deg p 0,d -  deg p i-1,i where b 1 is the number of minimal loops of a graph G.

28 Degeneration of tropical morse trees p 0,3 p 0,1 p 1,3 p 2,3 p 1,2 |e|  Assume  (v) is free to move. The tree degenerates when  (v) is such that v e(1) (1) + v e(2) (1) = 0. p 0,1 p 1,2 p 2,3 p 0,3 e e(1)e(2) v The pair of trees on the right corresponds to the composition m 2 (m 2 (p 2,3, p 1,2 ), p 0,1 ).

29 Moduli Space of TMT’s/TMG’s The point  (v) is free to move in R/dZ. In the left-hand picture v e(1) (1) + v e(2) (1) = v e(3) (0), so the length of e(3) is infinite, and the tree degenerates. Similarly for the right-hand picture. p 2,3 p 1,2 p 0,3 p 0,1  (v) p 1,2 p 2,3 p 0,1  (v) p 0,1 p 1,2 p 0,3 p 2,3  (v) As  (v) moves around in the circle, the shape of the domain changes accordingly. p 0,3 p 2,3 p 1,2 p 0,1 v p 0,3 p 2,3 p 1,2 p 0,1 v p 0,3 p 2,3 p 1,2 p 0,1 v

30 Forming polygons/annuli from edges of graphs v e (0) v e (s) v e (1) ReRe LjLj LiLi -v e (0) -v e (s) -v e (1) TR e = e x {0} e x {1} e x [0,1] 0 s 1 0 s 1 R e : e x [0,1]  TR (s,t) – n i  (s) – tv e (s)

31 Polygons swept out by tangent vectors on a single edge e n e = n j - n i -v e (s) LiLi LjLj  (e) f n f = n j - n i LiLi LjLj -v e (s)  (f)

32 Polygons correspond to entire graphs p 2,3 p 1,2 p 0,1 p 0,3 L0L0 L1L1 L2L2 L3L3 veve vfvf vgvg i) v e (1) + v h (1) = v e (1) = v f (0) andii) v f (1) + v k (1) = v f (1) = v g (0) The balancing conditions at v and w give: e f g p 1,2 p 0,1 p 0,3 p 2,3 h k v w

33 Relation among m d ’s, TMT’s/TMG’s p 0,3 p 2,3 p 1,2 p 0,1 p 0,3 p 2,3 p 1,2 p 0,1 p 0,3 p 2,3 p 1,2 p 0,1 |e| =  To each point on this line is associated a TMT with 3 inputs. The endpoints are given by degenerate trees, each of which splits as a composition of two m 2 ’s. Each tree corresponds to a polygon, which in turn gives rise to the sign +1 or – 1. In this case these signs yield the relation  m 2 (m 2 (p 2,3, p 1,2 ), p 0,1 )  m 2 (p 2,3,m 2 (p 1,2, p 0,1 )) = 0 In the case that b 1 (G) > 0, these parameter spaces are always 0-dimensional, so there is no relation among the m d ’s which correspond to graphs with loops.

34 The result FS[t] Hom(L d-1, L d )[– l][1]  Hom(L d-1, L d )[– l][-1]      Hom(L 0, L 1 ) [– l][-1][d – 1 + 2b 1 ] These one-dimensional parameter spaces exist for all graphs with b 1 = 0, and arbitrarily many legs. The relations among the {m d }, resulting from assigning signs to pairs of degenerate trees allows one to define the map of vectors spaces where the basis of the vector space FS[t] can be represented by graphs similar to those already mentioned. The operations {m d } corresponding to TMG’s with b 1 = 1 satisfy a trivial relation and are described as follows.

35 Graphs Definition: A graph is a connected, one-dimensional space formed by a set of line segments (edges) and points (vertices). Maps of graphs: T/(e,f) T e f T/e f e f g G f g G/e g G/(e,f) Write  (n,b 1 ) for the space of graphs G with n external legs and b 1 minimal loops.

36 Operads An operad is a function which takes as its input a graph, and outputs a graded vector space. Example: S[t](G v )= the vector space spanned by the cyclic orders on the legs of G v. If G =  G v, then S[t](G)=  S[t](G v ). These vectors can be represented as graphs as follows: T : S[t](G)S[t](G/e)

37 Feynman Transform + FS[t] d F =  T* : Hom(L d-1, L d )[– l][1]  Hom(L d-1, L d )[– l][-1]      Hom(L 0, L 1 ) [– l][-1][d – 1 + 2b 1 ] FS[t] mdmd

38 The Feynman transform yields the relations for b 1 = 0 + mdmd  m 2  1 m 2  m 2  2 m 2 dFdF d = 0

39 The m d corresponding to a graph with b 1 = 1 FS[t] Hom(L d-1, L d )[– l][1]  Hom(L d-1, L d )[– l][-1]      Hom(L 0, L 1 ) [– l][-1][d – 1 + 2b 1 ] mdmd where m d is given by summing over maps of the form L L L L L p1p1 p2p2 p3p3 q2q2 q1q1 L E The annulus wraps around the torus in both directions a finite number of times.

40 Summary

41 Acknowledgements Thank you to the people of SPAWAR for giving me the opportunity speak about my work, and thank you to my advisor, Professor Mark Gross for suggesting the problem.

Download ppt "Elliptic Curve Cryptography and Curve Counting Via the Feynman Transform Michael Slawinski Ph.D. Candidate, UCSD Mathematics Department."

Similar presentations

Aim: How do we find the zeros of polynomial functions?

Aim: How do we find the zeros of polynomial functions?
Hodge Theory Complex Manifolds. by William M. Faucette Adapted from lectures by Mark Andrea A. Cataldo.

Hodge Theory Complex Manifolds. by William M. Faucette Adapted from lectures by Mark Andrea A. Cataldo.
5.4 Basis And Dimension.

5.4 Basis And Dimension.
5.1 Real Vector Spaces.

5.1 Real Vector Spaces.
1 A camera is modeled as a map from a space pt (X,Y,Z) to a pixel (u,v) by ‘homogeneous coordinates’ have been used to ‘treat’ translations ‘multiplicatively’

1 A camera is modeled as a map from a space pt (X,Y,Z) to a pixel (u,v) by ‘homogeneous coordinates’ have been used to ‘treat’ translations ‘multiplicatively’
Cryptography and Network Security

Cryptography and Network Security
Degenerations of algebras. José-Antonio de la Peña UNAM, México Advanced School and Conference on Homological and Geometrical Methods in Representation.

Degenerations of algebras. José-Antonio de la Peña UNAM, México Advanced School and Conference on Homological and Geometrical Methods in Representation.
1 390-Elliptic Curves and Elliptic Curve Cryptography Michael Karls.

1 390-Elliptic Curves and Elliptic Curve Cryptography Michael Karls.
Algebraic Geometric Coding Theory presented by Jake Hustad John Hanson Berit Rollay Nick Bremer Tyler Stelzer Robert Coulson.

Algebraic Geometric Coding Theory presented by Jake Hustad John Hanson Berit Rollay Nick Bremer Tyler Stelzer Robert Coulson.
Mee Seong Im, UIUC Singularities in Calabi-Yau varieties Mee Seong Im The University of Illinois Urbana-Champaign July 21, 2008.

Mee Seong Im, UIUC Singularities in Calabi-Yau varieties Mee Seong Im The University of Illinois Urbana-Champaign July 21, 2008.
Geometric Transitions 25 Giugno 2007 Michele Rossi.

Geometric Transitions 25 Giugno 2007 Michele Rossi.
Parshuram Budhathoki FAU October 25, 2012 11/25/2012 Ph.D. Preliminary Exam, Department of Mathematics, FAU.

Parshuram Budhathoki FAU October 25, /25/2012 Ph.D. Preliminary Exam, Department of Mathematics, FAU.
Osculating curves Étienne Ghys CNRS- ENS Lyon « Geometry and the Imagination » Bill Thurston’s 60 th birthday Princeton, June 2007.

Osculating curves Étienne Ghys CNRS- ENS Lyon « Geometry and the Imagination » Bill Thurston’s 60 th birthday Princeton, June 2007.
Math 3121 Abstract Algebra I

Math 3121 Abstract Algebra I
Generalized Chebyshev polynomials and plane trees Anton Bankevich St. Petersburg State University Jass’07.

Generalized Chebyshev polynomials and plane trees Anton Bankevich St. Petersburg State University Jass’07.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
On the Toric Varieties Associated with Bicolored Metric Trees Khoa Lu Nguyen Joseph Shao Summer REU 2008 at Rutgers University Advisors: Prof. Woodward.

On the Toric Varieties Associated with Bicolored Metric Trees Khoa Lu Nguyen Joseph Shao Summer REU 2008 at Rutgers University Advisors: Prof. Woodward.
Embedded Curves and Gromov-Witten Invariants Eaman Eftekhary Harvard University.

Embedded Curves and Gromov-Witten Invariants Eaman Eftekhary Harvard University.
Elliptic Curve Cryptography (ECC) Mustafa Demirhan Bhaskar Anepu Ajit Kunjal.

Elliptic Curve Cryptography (ECC) Mustafa Demirhan Bhaskar Anepu Ajit Kunjal.
Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )

Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )

Similar presentations

Ads by Google