Alexandre Gélin scite author profile

Alexandre Gélin

3Publications

29Citation Statements Received

127Citation Statements Given

How they've been cited

How they cite others

124

Affiliations

Sorbonne University, Université Paris Cité

Publications

Order By: Most citations

Reducing number field defining polynomials: an application to class group computations

Gélin¹,

Joux²

2016

LMS J. Comput. Math.

View full text Add to dashboard Cite

In this paper we describe how to compute smallest monic polynomials that define a given number field K. We make use of the one-to-one correspondence between monic defining polynomials of K and algebraic integers that generate K. Thus, a smallest polynomial corresponds to a vector in the lattice of integers of K and this vector is short in some sense. The main idea is to consider weighted coordinates for the vectors of the lattice of integers of K. This allows us to find the desired polynomial by enumerating short vectors in these weighted lattices. In the context of the subexponential algorithm of Biasse and Fieker for computing class groups, this algorithm can be used as a precomputation step that speeds up the rest of the computation. It also widens the applicability of their faster conditional method, which requires a defining polynomial of small height, to a much larger set of number field descriptions.

show abstract

Loop-Abort Faults on Supersingular Isogeny Cryptosystems

Gélin

Wesolowski

2017

View full text Add to dashboard Cite

Cryptographic schemes based on supersingular isogenies have become an active area of research in the field of post-quantum cryptography. We investigate the resistance of these cryptosystems to fault injection attacks. It appears that the iterative structure of the secret isogeny computation renders these schemes vulnerable to loop-abort attacks. Loop-abort faults allow to perform a full key recovery, bypassing all the previously introduced validation methods. Therefore implementing additional countermeasures seems unavoidable for applications where physical attacks are relevant.

show abstract

Computing Generator in Cyclotomic Integer Rings

Biasse

Espitau

Fouque

et al. 2017

View full text Add to dashboard Cite

The Principal Ideal Problem (resp. Short Principal Ideal Problem), shorten as PIP (resp. SPIP), consists in finding a generator (resp. short generator) of a principal ideal in the ring of integers of a number field. Several lattice-based cryptosystems rely on the presumed hardness of these two problems. In practice, most of them do not use an arbitrary number field but a power-of-two cyclotomic field. The Smart and Vercauteren fully homomorphic encryption scheme and the multilinear map of Garg, Gentry, and Halevi epitomize this common restriction. Recently, Cramer, Ducas, Peikert, and Regev showed that solving the SPIP in such cyclotomic rings boiled down to solving the PIP. In this paper, we present a heuristic algorithm that solves the PIP in prime-power cyclotomic fields in subexponential time L |∆ K | (1/2), where ∆ K denotes the discriminant of the number field. This is achieved by descending to its totally real subfield. The implementation of our algorithm allows to recover in practice the secret key of the Smart and Vercauteren scheme, for the smallest proposed parameters (in dimension 256). solving lattice problems, such as signature, basic encryption, Identity Based Encryption (IBE) as well as Fully Homomorphic Encryption (FHE) [21]. Not all these schemes rely on the same lattice-based problem. For instance, the NTRU cryptosystem [24], which is one of the most efficient encryption scheme related to lattices, is based on the Shortest Vector Problem (SVP). Besides, the authors of NTRU were the first to consider specific kinds of lattices, namely those related to polynomial rings. This idea was followed by the definition of another lattice-based problem that is the topic of a large body of works [31,32,33,34,44]: the Ring Learning With Error Problem (RLWE). Cryptosystems based on RLWE present both an efficient key size reduction and improved performance (for instance decryption, encryption and signature are faster than with arbitrary lattices). Yet, RLWE belongs to the specific family of ideal-lattice problems, which stem from algebraic number theory. This raises a potential drawback, since those lattices carry more structure than classical lattices, as they are derived from ideals in integer rings of number fields. SPIP and PIP. Another presumably hard problem related to these ideals is called the Short Principal Ideal Problem (SPIP). It consists in finding a short 5 generator of an ideal, assuming it is principal. For instance, recovering the secret key from the public key in the Smart and Vercauteren FHE scheme [43] and in the Garg, Gentry, and Halevi multilinear map scheme [20], consists in solving an instance of the SPIP. This problem turns out to hinge on two distinct phases: on the one hand finding an arbitrary generator-known as the Principal Ideal Problem (PIP)-and on the other hand reducing such a generator to a short one. The problem of finding a generator of a principal ideal, which is the aim of this article, and even testing the principality of an ideal, are difficult problems in algorithmic n...

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.