[curves] Webpage on pairing-friendly curves

Brad Klee bradklee at gmail.com
Tue Mar 30 10:50:02 PDT 2021


Hi Aurore!

Such a pretty website, why no response? La terreur et la pierre de la
geurre? You probably couldn't care less what I think, but here for you:

When others finally understand more about curves, smart tabulations
such as yours will probably be viewed in a similar light to lists of
integer
sequences on OEIS, so keep going and do branch out!

French academic professionalism is not an area where I excel
(ni la linguistique française), but I also have a few tabulations:

https://pqdtopen.proquest.com/doc/2489352408.html?FMT=ABS

My poor work isn't in the running for the Levchin Prize, but you may
be interested anyways... In the final draft, Edwards's addition rules
eventually contributed to proof of the alternate exact pendulum
solution in Chapter 2. Very sad to hear the news of H.E. passing
last year and disappointed to never have met him--known for "la
lumière de la vérité" and also language skills sanz supremacy.

Meanwhile, in the news, you will probably be happy to read about
Victor Miller (also a valuable contributor on [mathfun]):

https://math.washington.edu/news/2021/02/22/neil-koblitz-co-recipient-2021-levchin-prize

Unfortunately the prize cycle is always falling years behind the exploit
cycle, and given current madness, we can wonder what "success" will
look like five years from now? Sacrebleu!

As far as "teaching" goes, here's one of my targets right now:

https://sha-mbles.github.io/

Scary that a "Pratyekabuddha GTX-Slinger" (sorry) could accomplish
a SHA-1 Chosen Prefix attack for L.T. 1 BTC. In the next version of the
crypto-capitalist university system, such a problem could presumably
be given out as homework. For now we would be happy with a lower
entry price point. So the problem is:

Design a weak hash function susceptible to prefix-collision in under an
hour of brute force searching, prove "Hello World" = "Goodbye World",
and claim the title "Evil Zen Master" that everyone is talking about.

The other, bigger question is whether or not SHA-2 could fall to a similar
attack, which relies on highly-incentivized crowd computing? I have asked
around, but experts are going silent and / or becoming "company interns"
(excusez moi à nouveau).

I will look through your dissertation today, send questions or comments
if you want, or ideas about the toy hash function.

Au revoir,

--Brad


On Wed, Sep 16, 2020 at 2:08 AM Aurore Guillevic <aurore.guillevic at inria.fr>
wrote:

> Hi,
>
> Following a discussion at the session cryptanalysis 2 at CRYPTO 2020
> online, I started a webpage on pairing-friendly curves, this is at
>
> https://members.loria.fr/AGuillevic/pairing-friendly-curves/
>
> Your comments are welcome.
>
> Best,
>
> Aurore Guillevic.
>
>
> --
> Aurore Guillevic
> Chargée de recherche / Research scientist
> Équipe Caramba bureau B258
> Inria Nancy -- Grand Est
> 615 rue du jardin botanique
> CS 20101
> 54603 Villers-lès-Nancy Cedex France
> https://members.loria.fr/AGuillevic/
>
> _______________________________________________
> Curves mailing list
> Curves at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/curves
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20210330/ab9f5e11/attachment.htm>


More information about the Curves mailing list