CIFRIS24 - an event by De Cifris

Venue: Banca d'Italia, Centro D. Menichella, Largo Guido Carli 1, Frascati (Roma)
Social dinner: September 25th, Satiricus, Via dei Corridori 58, Roma
September 25th, 26th, 27th 2024


NTC24 - Number Theory and Cryptography 2024

Organizers

Federico Accossato (PoliTo, Italy)
Gessica Alecci (PoliTo, Italy)
Danilo Bazzanella (PoliTo, Italy)
Laura Capuano (RomaTre, Italy)
Giuseppe D’Alconzo (PoliTo, Italy)
Simone Dutto (ACN, Italy)
Nadir Murru (UniTN, Italy)
Giordano Santilli (ACN, Italy)

Description

The workshop aims at exploring the connections between number theory and cryptography with a focus on the most challenging topics involved in modern cryptography (from classical public-key algorithms to post-quantum cryptography). Particular emphasis will be given to the applications of number theory for developing new cryptosystems and methods of cryptanalysis.

Program

September 27th, workshop session
Room B, 10:00 - 11:20

Invited speaker: Federico Pintore, University of Trento (Italy)

September 27th (morning) - Workshop Session
10:00
10:30
Federico Pintore, University of Trento (Italy)
Hessians of elliptic curves: isogenies and graphs
Abstract The determinant of the Hessian matrix of an elliptic curve E with nonzero j-invariant yields another elliptic curve Hess(E). We consider the map that sends a j-invariant in a finite field Fq to the j-invariant of the corresponding Hessian curve. This map defines a dynamical system, i.e. a functional graph which we call Hessian graph, whose structure is remarkably regular. In this talk we will justify the regularities of the graphs, by showing that the Hessian transformation is nothing but a 3-isogeny on a prescribed elliptic curve. Joint work with M. Mula and D. Taufer.
10:30
10:45
Marzio Mula, Research Institute CODE, Universität der Bundeswehr München (Germany)
Proving knowledge of an isogeny using modular polynomials
Abstract Given a small prime ℓ and a prime p of cryptographic size, a cyclic isogeny of degree ℓʳ between two supersingular j-invariants j, j' ∈ Fₚ² can be represented as a sequence of j-invariants j = j₀, j₁, ..., jᵣ = j' such that each pair (jᵢ, jᵢ₊₁) is a root of the ℓ-th classical modular polynomial Φₗ(X, Y). For ℓ = 2, previous work by Cong, Lai, and Levin shows how this representation can be effectively expressed — by means of a suitable arithmetization — in the setting of generic proof systems (such as zk-SNARKs) to prove the knowledge of a 2-smooth cyclic isogeny in a non-interactive way. In this talk, we discuss some possible optimizations of their method, using an alternative family of modular polynomials — called canonical modular polynomials — and leveraging some additional techniques to improve the arithmetization. Finally, we explore the scalability of the resulting proof system for different small primes. Joint work with T. den Hollander, S. Kleine, D. Slamanig, and S. A. Spindler.
10:45
11:00
Stefano Barbero, Politecnico di Torino (Italy)
Lattices and Cryptography, an Overview
Abstract Lattices play an important role in several branches of Mathematics, such as Algebra and Number Theory, becoming also very relevant in Cryptography in the last two decades. The aim of this talk is to explore how and why they acquired this importance, giving a concise but comprehensive overview. Starting from basic definitions and properties, we focus on some of the most important problems involving lattices. We consider these problems, their hardness and what algorithms we know to tackle them. Finally, we take a sharp look at the applications of lattices in Cryptography, especially in the Post Quantum scenario.
11:00
11:15
Guglielmo Morgari, Telsy SPA (Italy)
A Note on the P-values Distribution in NIST SP 800-22 Rev. 1a Statistical Tests
Abstract Randomness is crucial in cryptography, as it is required for generating unpredictable keys and related material. The quality of random number generators is typically evaluated by means of hypothesis tests. In hypothesis testing, a central concept is the p-value, a numerical measure assigned to each sample generated from the random process under analysis. This measure assesses the plausibility of a hypothesis, known as the null hypothesis, about the random process based on the observed data. P-values are derived from the probability distribution associated with the null hypothesis. Despite being inherently discrete, in practice this distribution is commonly approximated by continuous distributions for ease of handling. In this talk, we show that such approximation can lead to subtle errors, and we examine the impact of these inaccuracies on the SP800-22 statistical test suite proposed by the National Institute of Standards and Technology (NIST) for cryptographic applications.