DSpace Collection:
http://hdl.handle.net/2307/30
2014-07-30T09:04:55ZSemiclassical analysis of loop quantum gravity
http://hdl.handle.net/2307/603
<Title>Semiclassical analysis of loop quantum gravity</Title>
<Authors>Perini, Claudio</Authors>
<Issue Date>2010-04-30</Issue Date>
<Abstract>In this PhD thesis I discuss various aspects of the semiclassical dynamics of Loop Quantum Gravity (LQG) as defined by Spin Foam models (the covariant version of canonical LQG). In particular I consider the ”new spin foam models” as candidates for the LQG vertex amplitude. I introduce a technique for testing the semiclassical behaviour which is the study of the propagation of semiclassical wave-packets, obtaining some preliminary good indications. Then I study the asymptotics of a building block of the spin foam amplitude which are the fusion coefficients; these
are combinatorial symbols that realize the equivalence between the LQG and the SF kinematical state space. Their asymptotics shows nice properties in the semiclassical sector. One of the most important test is the comparison of the n-point functions computed in LQG with the ones of standard perturbative quantum gravity. I compute the connected 2-point function of metric operators, and compare it with the graviton propagator of standard QFT, finding a complete agreement (scaling and tensorial structure) for a suitable choice of the few free parameters. This is an important test for the ”new SF models” since the previous major model, the Barrett-Crane model, failed to yield the correct graviton propagator. The computation of the propagator is based on a rather particular choice of the boundary state (the one representing the semiclassical geometry over which the gravitons propagate), which is dictated by geometrical intuition. The robustness of this formalism is strengthened in my recent work ”Coherent spin-networks”. Here I define coherent states for full LQG from a heat-kernel over phase-space (like in ordinary QM) and find that in the semiclassical limit their asymptotics reproduce exactly the states used in SF models.
The importance of coherent spin-networks, defined over a three-dimensional hypersurface, is that we have a clear geometrical interpretation of the classical geometry (intrinsic and extrinsic) they are peaked on; hence we can in principle construct quantum states having minimal uncertainty in conjugate quantities that represent a given (e.g. Minkowski or deSitter) classical space-time.</Abstract>2010-04-29T22:00:00ZDegenerations and applications : polynomial interpolation and secant degree
http://hdl.handle.net/2307/602
<Title>Degenerations and applications : polynomial interpolation and secant degree</Title>
<Authors>Postinghel, Elisa</Authors>
<Issue Date>2010-04-07</Issue Date>
<Abstract>The polynomial interpolation problem in several variables and higher multiplicities is a
subject that has been widely studied, but there is only a little understanding about the
question. What is known, so far, is essentially concentrated in the Alexander-Hirschowitz
Theorem which says that a general collection of double points in Pr gives independent conditions on the linear system L of the hypersurfaces of degree d, with a well known list of
exceptions. In the ﬁrst part of this thesis we present a new proof of this theorem which consists in performing degenerations of Pr and analyzing how L degenerates. Our construction
gives hope for further extensions to greater multiplicities.
There is a long tradition within algebraic geometry that studies the dimension and the
degree of k -secant varieties. These are problems that are unsolved in general. In the second
part of the thesis, we consider any projective toric surface XP associated to a polytope
P ⊆ R2 and we perform planar toric degenerations D of XP in order to study the k -secant
varieties of XP . In particular we give a lower bound to the secant degree and to the 2-secant
degree of XP , taking into account the singularities of the conﬁguration D of non-delightful
planar toric degenerations.
1</Abstract>2010-04-06T22:00:00ZGeometry and combinatorics of toric arrangements
http://hdl.handle.net/2307/601
<Title>Geometry and combinatorics of toric arrangements</Title>
<Authors>Moci, Luca</Authors>
<Issue Date>2010-03-26</Issue Date>
<Abstract>A toric arrangement is a finite set of hypersurfaces in a complex torus, each hypersurface being the kernel of a character.
In the first chapter we focus on the case of toric arrangements defined by root systems: by describing the action of the Weyl group, we get precise counting formulae for the layers (connected components of intersections) of the arrangement, and then we compute the Euler characteristic of its complement.
In the second chapter we introduce a multiplicity Tutte polynomial M(x,y), which generalizes the ordinary one and has
applications to zonotopes, multigraphs and toric arragements. We prove that M(x,y) satisfies a deletion-restriction formula and has positive coefficients. The characteristic polynomial and the Poincaré polynomial of a toric arrangement are shown to be specializations of the associated polynomial M(x,y). Furthermore, M(x,1) counts integral points in the faces of a zonotope, while M(1,y) is the graded dimension of the related discrete Dahmen-Micchelli space.
In the third chapter we build wonderful models for toric arrangements. We develop the "toric analogue" of the combinatorics of nested sets, which allows to prove that the model is smooth, and to give a precise description of the normal crossing divisor.</Abstract>2010-03-25T23:00:00ZAsymptotic analysis for a singularly perturbed Dirichlet problem
http://hdl.handle.net/2307/600
<Title>Asymptotic analysis for a singularly perturbed Dirichlet problem</Title>
<Authors>Petralla, Maristella</Authors>
<Issue Date>2010-05-10</Issue Date>
<Abstract>Let us consider the problem −∆u + λV (x)u = up in Ω, u = 0 on ∂ Ω, where Ω is a smooth
bounded domain, p > 1, V is a positive potential and λ > 0. We are interested in the regime λ → +∞, which is equivalent to a singularly perturbed Dirichlet problem. It is known that
solutions u must blow up as λ → +∞, and we address here the asymptotic description of such
a blow up behavior. When the ”energy” is uniformly bounded, the behavior is well understood
and the solutions can develop just a ﬁnite number of sharp peaks. When V is not constant, the
blow up points must be c.p.’s of the potential V. The situation is more involved when V = 1,
and the crucial role is played by the mutual distances between the blow-up points as well as the
boundary distances. The construction of these blowing-up solutions has also been addressed.
The ﬁrst part in the thesis is devoted to strengthen such an analysis when just a Morse index
information is available. A posteriori, we obtain an equivalence in the form of a double-side
bound between Morse index and ”energy” with essentially optimal constants. This result can be
seen as a sort of Rozenblyum-Lieb-Cwikel inequality, where the number of negative eigenvalues
of a Schrodinger operator −∆ + V can be estimated in terms of a suitable Lebesgue norm of the
negative part V− . Thanks to the speciﬁcity of our problem, we improve it by getting the correct
Lebesgue exponent (in view of the double-side bound) as well as the sharp constants. We then
turn to the question of concentration on manifolds of positive dimensions. The problem is well
understood by a constructive approach but the asymptotic analysis is in general missing. Let
us notice that on the annulus the radial ground state solution has Morse index and ”energy”
which blow up as λ → +∞. Nonetheless, the radial Morse index is one which has allowed
Esposito-Mancini-Santra-Srikanth to develop a ﬁne asymptotic analysis to localize the limiting
concentration radii. They are c.p.’s of a modiﬁed potential, whose role had been already
clariﬁed by the constructive results. The second part part of the thesis is devoted to develop an
asymptotic analyis for solutions on the annulus which have partial symmetries. In particular,
we consider the three-dimensional annulus and solutions which are invariant under rotations
around the z-axis. Assuming an uniform bound on the reduced invariant Morse index, we obtain
a localization of the limiting concentration circles in terms of a suitable modiﬁed potential. The
main difficulty here is related to the presence of ﬁxed points w.r.t. the group action (the z-axis)
and the aim is to exhibit potentials V for which the concentration circles (for example, for the
ground state solution) do not degenerate to points on the z-axis.</Abstract>2010-05-09T22:00:00ZKronecker function rings of domains and projective models
http://hdl.handle.net/2307/598
<Title>Kronecker function rings of domains and projective models</Title>
<Authors>Fabbri, Alice</Authors>
<Issue Date>2010-02-16</Issue Date>
<Abstract>In questa tesi vengono aﬀrontati due argomenti entrambi riguardanti
l’anello delle funzioni di Kronecker. Nella prima parte si aﬀronta il problema di
caratterizzare e dare nuovi esempi di quei domini integralmente chiusi aventi
un unico anello di funzioni di Kronecker. Nella seconda parte si considera la
generalizzazione degli anelli di funzioni di Kronecker introdotta da Halter-Koch,
ovvero gli anelli di F -funzioni, con F campo. Per particolari estensioni di campi
si fornisce una costruzione d’ispirazione geometrica, in cui anche gli anelli di
F -funzioni si possono dedurre da operazioni di tipo star come nel caso classico.</Abstract>2010-02-15T23:00:00ZTrace zero varietes in pairing-based cryptography
http://hdl.handle.net/2307/597
<Title>Trace zero varietes in pairing-based cryptography</Title>
<Authors>Cesena, Emanuele</Authors>
<Issue Date>2010-03-26</Issue Date>
<Abstract>The term cryptography, by etymology or simply by association of ideas, suggests its
connection with secret messages and this is made clear from the deﬁnition that we ﬁnd
in Wikipedia: “The practice and study of hiding information”.
In light of the results of the fundamental article of Diﬃe and Hellman New Directions in Cryptography [DH76] this simple deﬁnition of cryptography seems to require
a supplement: nowadays states, public organizations and private individuals can not
only exchange information in secrecy, but also sign electronic documents so that the
digital signature is easily veriﬁable, but not falsiﬁable. To make this possible, Diﬃe
and Hellman introduced the concept of public-key cryptosystems : the use of public keys
allows us to exchange secret keys without having to meet in person (for instance, using
channels in clear on the network) or generate/verify digital signatures.
The ﬁrst example of a public key cryptosystem was proposed in 1978 by Rivest,
Shamir and Adleman [RSA78]. Diﬃe and Hellman also advanced the idea of establishing
a cryptographic system on the discrete logarithm problem (DLP) in a ﬁnite ﬁeld, an idea
which they attributed to Prof. Gill of Stanford University, and carried out for the ﬁrst
time in 1985 by ElGamal [ElG85].
In the same year Miller and Koblitz [Mil86, Kob87] proposed to use the group of
rational points of an elliptic curve over a ﬁnite ﬁeld. Compared to those already mentioned, elliptic curves allow greater ﬂexibility in building the group and the use of smaller
keys at the same level of security. Four years later Koblitz [Kob89] indicated the Jacobian variety of hyperelliptic curves as another possible candidate for the construction of
cryptosystems.
In 1998 Frey [Fre98, Fre01] suggested to use Trace Zero Varieties (TZV) for cryptosystems based on the DLP. The starting point of Frey’s construction is, in the simplest
case, an elliptic curve E deﬁned over a ﬁnite ﬁeld Fq . Let Fqr /Fq be a ﬁnite extension.
The group E (Fqr ) contains E (Fq ) and the Frobenius automorphism Fqr /Fq extends to
E (Fqr ) in a natural way. The TZV is a subgroup of E (Fqr ) (more precisely, a subvariety
of the Weil restriction of scalars of E (Fqr ) from Fqr to Fq ) which is globally invariant
under the action of the Frobenius and isomorphic to the quotient E (Fqr )/E (Fq ). It is
exactly the action of the Frobenius that makes the computation of scalar multiplication
on TZV particularly eﬃcient.
Several authors addressed the study of TZV: Naumann [Nau99] and Blady [Bla02]
considered TZV of elliptic curves over extension ﬁelds of degree 3 (r = 3); Weimerskirch [Wei01] analyzed the case for extension ﬁelds of degree 5; ﬁnally Lange [Lan01,
Lan04] built TZV from the Jacobian variety of hyperelliptic curves of genus two, over extension ﬁelds of degree 3. Avanzi and Lange [AL04] compared the performance of these
three kinds of TZV over ﬁelds of odd characteristic. Avanzi and Cesena [Ces04, AC08]
compared the same three types of TZV deﬁned over binary ﬁelds, highlighting similarities and main diﬀerences between TZV deﬁned over ﬁelds of even and odd characteristic.
1
The performance of an elliptic curve cryptosystem depends mainly on two aspects
that one needs to consider when implementing the scalar multiplication: the ﬁrst is
the choice of the coordinate system used to represent points, such as classical aﬃne
coordinates where a point is represented by the pair (x, y ), and the second is the use or
not of precomputation.
In this work we extend the results of [AC08] over binary ﬁelds, by taking into account diﬀerent types of coordinate systems and evaluating the eﬀect of using or not
precomputation (the latter has already been considered in literature).
For elliptic curves several coordinate systems are available. The basic idea is to avoid
inversions in the ﬁeld (typically expensive) and to speed up the operation of doubling a
point on the curve, which is the one with the major impact on scalar multiplication, especially when using precomputation. Among the proposed coordinate systems for binary
elliptic curves, we mention projective coordinates in which a point is represented by the
tuple (X, Y, Z ) that corresponds to (x, y ) = (X/Z, Y /Z ) and L´pez-Dahab coordinates
o
where (X, Y, Z ) corresponds to (x, y ) = (X/Z, Y /Z 2 ).
The main result of our analysis is that TZV of elliptic curves over extensions of
degree 5 are the most eﬃcient groups suitable to build cryptographic systems based
on the DLP. On our Intel platform (32-bit), at 80-bit security they are about 10%
faster (20% using precomputation) and at 96-bit security they are about 22% faster
(30% using precomputation) than elliptic curves with L´pez-Dahab coordinates (to be
o
precise, we considered the fastest extended L´pez-Dahab coordinates). For TZV, the
o
aﬃne coordinates appear to be the most eﬃcient. This is because we work in extension
ﬁelds, where the bad impact of inversions is reduced (an inversion in a extension ﬁeld
Fqr only requires a single inversion in the ground ﬁeld Fq ).
Nowadays it is easy to be blinded by the incredible amount of memory and computational power which is available in laptops and personal computers. However, it is
important to stress that there are countless applications – where cryptography is important and often overlooked – that are or need to be deployed on devices with limited
resources, like mobile phones or wireless sensors.
In such cases using aﬃne coordinates and avoiding precomputation can be the only
way to cope with the constrains imposed by the scenario and TZV turn out to be an
excellent solution to improve performance. Indeed, if we limit ourselves to consider aﬃne
coordinates, we conﬁrm the results in [AC08] that TZV of elliptic curves are always much
more eﬃcient than elliptic curves themselves (by factors about 1.5 for extension of degree
3 and more than 2 for degree 5).
To further assess the validity of our results, we perform experiments also on a PowerPC machine, still a relatively powerful server, but the idea is to have a comparison
also with an architecture more similar to what can be found in many embedded devices.
Here the advantage of TZV is even more accentuated.
Finally, following an idea of [HKA06], we develop for TZV a new coordinate system,
the compressed L´pez-Dahab coordinates, in which a Fqr -rational point is represented
o
by the tuple (X, Y, z ) ∈ Fqr × Fqr × Fq that corresponds to (x, y ) = (X/z, Y /z 2 ). The
difference with L´pez-Dahab coordinates is therefore that the coordinate z is in Fq , thus
o
smaller. Arithmetic in this representation is made possible by a particular operation
available in extension ﬁelds, called pseudo-inversion, that does not involve inversions in
the ground ﬁeld.
This new coordinate system turns out to be on average 8 − 10% faster than L´pezo
Dahab coordinates, and generally presents similar performance to aﬃne coordinates. We
2
want to remark that, since they do not require inversions in the ground ﬁeld, compressed
coordinates become more eﬀective the worse the inversion is, thus they are attractive
for devices with constrained resources.
Returning to the history of public-key cryptography, a big step forward has been
made with the introduction of pairing-based cryptography. A pairing, from the mathematical point of view, is a non-degenerate, bilinear map and to use it in practical
applications, we additionally require that it is eﬃciently computable. Algebraic geometry gives us two examples of pairings that meet the above deﬁnition: the Weil pairing
and the Lichtenbaum-Tate pairing, that we shall simply call Tate pairing. The latter is particularly interesting for cryptography because it has better qualities from a
computational point of view, at least for moderate security levels.
The ﬁrst use of pairings in cryptography dates back to the 1990’s, when they are
exploited by Menezes, Okamoto and Vanstone [MOV93] and by Frey and R¨ck [FR94] to
u
attack cryptosystems by reducing the DLP in the group of rational points of an elliptic
curve to the DLP in a ﬁnite ﬁeld.
We have to wait until 2000 to see authors rediscover pairings and use it “for good”,
starting to develop cryptographic protocols and schemes based on pairings: Sakai,
Ohgishi and Kasahara [SOK00] introduced the ﬁrst pairing-based key-agreement and
signature schemes, and Joux [Jou00] extended the Diﬃe-Hellman key agreement protocol to a three-party, one-round protocol.
Another fundamental construction is the ﬁrst Identiy-Based Encryption (IBE) scheme
realized in 2001 by Boneh and Franklin [BF01]. In IBE, the user’s public key is derived
from some known aspects of her identity, such as her name or e-mail address and this
eliminates the key distribution or certiﬁcation problems. The construction of a workable
and provably secure scheme was an open problem posed by Shamir in 1984 [Sha85].
These key contributions have been the trigger for an actual explosion of interest in
pairing-based cryptography, which led in recent years the deﬁnition of many protocols
and schemes and motivated the research for ever more eﬃcient implementations.
Pairings met TZV in 2002, when Rubin and Silverberg [RS02] proposed to use
supersingular abelian varieties of dimension greater than one to improve the security
of pairing-based cryptosystems. Besides Jacobian varieties of hyperelliptic curves, the
other signiﬁcant example was the class of TZV (called primitive subgroups in that paper), which can be constructed from elliptic curves.
The original work of Rubin and Silverberg and their more recent results presented
in [RS09] constitute the motivation of our research. Notably, supersingular TZV of
elliptic curves allow to achieve higher “security per bit” than supersingular elliptic curves
themselves: in characteristic 3 (r = 5) TZV represent the ﬁrst example of supersingular
abelian varieties with security parameter greater than 6 (in fact 7.5); in characteristic
2 (r = 3) TZV present an alternative to supersingular elliptic curves over F3m which is
more eﬃcient, simpler to implement and with equivalent security properties.
The computation of pairings over TZV has already been taken into account by Barreto et al. [BK+ 02, BG+ 07], who deﬁned the η and ηT pairings on supersingular abelian
varieties. Other pairings, such as the (twisted) Ate pairing [HSV06] and its extended
versions [MK+ 07, LLP09, Ver08] can be naturally deﬁned on TZV too. However no work
in literature considered using the q th power Frobenius available in TZV to speed-up the
computation of pairings.
The focus of the present work is exactly that: develop a new algorithm to compute
3
the Tate pairing on TZV exploiting the action of the q th power Frobenius. Our result
applies to supersingular TZV in characteristic 2, 3 and p > 3.
ˆ
In our main theorem we derive a new formula for the Tate pairing t(P, Q):
M a q a−1
r
r−1
q i(r+1)
fq,P (Qσi )
ˆ
t(P, Q) =
,
i=0
where fq,P is the Miller function, σi is proper power of the q th power Frobenius endomorphism, and a and M are constants depending on the curve.
The previous formula yields a new algorithm to compute the Tate pairing over supersingular TZV. We evaluate fq,P at the r points Qσi (raising each evaluation to the
proper power q i(r+1) ). At the end we compute the ﬁnal exponentiation to M a q a−1 .
r
The algorithm is suitable for a parallel implementation, requiring r processors and
achieving a Miller loop of “length” q . Moreover, both in a parallel and in a sequential
model, an implementation with precomputation of the multiples of P requires the storage
of only log2 q points. Together with implementation details, we also propose a variant
of the point compression algorithm of Rubin and Silverberg [RS02] in characteristic 2
which is more eﬃcient and requires no inversion in the ﬁeld.
Experimental results show that the parallel version of our new algorithm is on average
25 − 30% faster than any previous pairing algorithm – notably the ηT pairing described
in [BG+ 07].
Besides the computation of pairings, we also analyze the performance of scalar multiplication on supersingular elliptic curves and TZV. Supersingular TZV are much faster
than the corresponding elliptic curves and, as we already mentioned, they also allow
to achieve higher security per bit. For instance, on our Intel platform (32-bit), scalar
multiplication on the supersingular TZV over F2103 (r = 3) is 4 times faster than on the
corresponding elliptic curve deﬁned over F2307 , pairing can be up to 30% faster exploiting the parallel version of the new algorithm and ﬁnally points can be compressed to
208 bits, allowing a reduction of storage or bandwidth by a factor about 3/2.
In conclusion we have seen that TZV, ordinary and supersingular, have many interesting features that make them attractive for building cryptosystems based on the DLP
as well as pairing-based cryptosystems. They are also well suited for implementations
on devices with constrained resources at moderate security levels.
Foundation
The following publications and pre-prints form the foundation of this thesis:
• R. M. Avanzi and E. Cesena. Pairing on Supersingular Trace Zero Varieties.
Cryptology ePrint Archive, Report 2008/404, 2008.
http://eprint.iacr.org/2008/404
A preliminary version of this work was presented at Eurocrypt 2009 poster session.
• R. M. Avanzi and E. Cesena. Trace Zero Varieties over Fields of Characteristic 2 for Cryptographic Applications. In J. Hirschfeld, J. Chaumine, and
R. Rolland, editors, Algebraic geometry and its applications, volume 5 of Number
Theory and Its Applications, pp. 188–215. World Scientiﬁc, 2008. Proceedings of
the ﬁrst SAGA conference, Papeete, 7-11 May 2007.
4
• E. Cesena, H. L¨hr, G. Ramunno, A.-R. Sadeghi, and D. Vernizzi. Anonymous
o
Authentication with TLS and DAA. Submitted to TRUST 2010.
• E. Cesena, G. Ramunno, and D. Vernizzi. Towards Trusted Broadcast Encryption. TrustCom 2008: The 2008 International Symposium on Trusted Computing. Zhang Jia Jie (Hunan, China), 18-20 November 2008, pp. 2125–2130.
Organization
The dissertation is organized as follows.
Chapter 1 introduces pairing-based cryptography with a few relevant cryptographic
schemes taken from the literature; this serves as a practical motivation and we will
return to the schemes during the course of the dissertation.
In Chapter 2 we arrange the mathematical background with particular focus on
the Lichtenbaum-Tate pairing. Most of this chapter is taken from two presentations of
Prof. Frey at the ﬁrst Symposium on Algebraic Geometry and its Applications (SAGA
2007) and at the GTEM Workshop on Pairings (Essen, 2009). We adapt the theory to
better ﬁt the case of TZV.
Chapter 3 is the core of this dissertation. We take a more computationally oriented
approach: we discuss the arithmetic in the ideal class group of a TZV, we review techniques for pairing computation taken from the literature and we develop a new algorithm
for the computation of the Tate pairing over supersingular TZV which exploits the action of the q th power Frobenius endomorphism. In the end of the chapter we discuss
the security of TZV and we provide explicit examples of curves that are used in the
experiments.
In Chapter 4 we deal with the implementation details and we provide experimental
results. For emotional reasons most of this chapter is devoted to the implementation
in characteristic two. Notably, in this chapter we deﬁne new compressed L´pez-Dahab
o
coordinates for ordinary TZV of elliptic curves, we analyze the performance of scalar
multiplication both on ordinary and supersingular TZV, we detail the parallel and the
sequential versions of the new algorithm for the Tate pairing, including experimental
results.
Finally, Chapter 5 is devoted to real-world applications and notably to the Trusted
Computing technology: due to my personal and somehow atypical research experience
at Politecnico di Torino, I have gotten to know a more applied way to do research and
I wish to include in the dissertation some results obtained in this area. Pairing here is
used as a black-box toolkit and actually these topics originated my interest in pairing
computation. Unfortunately, due to technical details that will be clariﬁed at proper
time, the algorithm for pairing computation developed in this dissertation is probably
not the best candidate for such applications, but the hope is to continue my research
and let these two routes converge.
References
[AC08]
R. M. Avanzi and E. Cesena. Trace Zero Varieties over Fields of Characteristic
2 for Cryptographic Applications. In J. Hirschfeld, J. Chaumine, and R. Rolland, editors, Algebraic geometry and its applications, volume 5 of Number
5
Theory and Its Applications, pages 188–215. World Scientiﬁc, 2008. Proceedings of the ﬁrst SAGA conference, 2007, Papeete.
[AL04]
R. M. Avanzi and T. Lange. Cryptographic Applications of Trace Zero Varieties. Unpublished manuscript., 2004.
[BF01]
D. Boneh and M. Franklin. Identity-based encryption from the Weil pairing.
LNCS, 2139:213–??, 2001.
´
[BG+ 07] P. S. Barreto, S. D. Galbraith, C. O’ H´igeartaigh, and M. Scott. Eﬃcient
e
pairing computation on supersingular Abelian varieties. Des. Codes Cryptography, 42(3):239–271, 2007.
[BK+ 02] P. S. L. M. Barreto, H. Y. Kim, B. Lynn, and M. Scott. Eﬃcient algorithms
for pairing-based cryptosystems. In Advances in Cryptology - CRYPTO 2002,
22nd Annual International Cryptology Conference, Santa Barbara, California,
USA, August 18-22, 2002, Proceedings, volume 2442 of LNCS, pages 354–368.
Springer, 2002.
[Bla02]
G. Blady. Die Weil-Restriktion elliptischer Kurven in der Kryptographie.
Master’s thesis, Universit¨t-Gesamthochschule Essen, 2002.
a
[Ces04]
E. Cesena. Variet` a traccia zero su campi binari – applicazioni crittograﬁche.
a
Master’s thesis, Universit` degli Studi di Milano, 2004.
a
[DH76]
W. Diffe and M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22(6):644–654, 1976.
[ElG85]
T. ElGamal. A public key cryptosystem and signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, pages 473–481,
1985.
[FR94]
G. Frey and H.-G. R¨ck. A remark concerning m-divisibility and the discrete
u
logarithm in the divisor class group of curves. Mathematics of Computation,
62(206):865–874, 1994.
[Fre98]
G. Frey. How to disguise an elliptic curve. Talk at Waterloo workshop on the
ECDLP, 1998. http://www.cacr.math.uwaterloo.ca/conferences/1998/
ecc98/slides.html.
[Fre01]
G. Frey. Applications of arithmetical geometry to cryptographic constructions.
In Finite ﬁelds and applications (Augsburg, 1999), pages 128–161. Springer,
Berlin, 2001.
[HKA06] F. Hoshino, T. Kobayashi, and K. Aoki. Compressed jacobian coordinates for
OEF. In Progress in Cryptology - VIETCRYPT 2006, volume 4341 of LNCS,
pages 147–156. Springer, 2006.
[HSV06] F. Hess, N. P. Smart, and F. Vercauteren. The Eta Pairing Revisited. IEEE
Trans. Inform. Theory, 52:4595–4602, 2006.
[Jou00]
A. Joux. A one round protocol for tripartite Diﬃe–Hellman. In Algorithmic
Number Theory, ANTS-IV, volume 1838 of LNCS, pages 385–394. Springer,
2000.
6
[Kob87]
N. Koblitz. Elliptic curve cryptosystems. Math. Comp., 48(177):203–209,
1987.
[Kob89]
N. Koblitz. Hyperelliptic cryptosystems. Journal of Cryptology, 1:139–150,
1989.
[Lan01]
T. Lange. Eﬃcient arithmetic on hyperelliptic curves. PhD thesis, University
Essen, 2001.
[Lan04]
T. Lange. Trace zero subvarieties of genus 2 curves for cryptosystems. J.
Ramanujan. Math. Soc., 19:15–33, 2004.
[LLP09] E. Lee, H.-S. Lee, and C.-M. Park. Eﬃcient and generalized pairing computation on abelian varieties. IEEE Transactions on Information Theory,
55(4):1793–1803, 2009.
[Mil86]
V. S. Miller. Use of elliptic curves in cryptography. In Advances in cryptology
– crypto ’85, volume 218 of LNCS, pages 417–426. Springer, Berlin, 1986.
[MK+ 07] S. Matsuda, N. Kanayama, F. Hess, and E. Okamoto. Optimised versions of
the Ate and Twisted Ate Pairings. In The 11th IMA International Conference
on Cryptography and Coding, volume 4887 of LNCS, pages 302–312. Springer,
2007.
[MOV93] A. J. Menezes, T. Okamoto, and S. Vanstone. Reducing elliptic curve logarithms to a ﬁnite ﬁeld. IEEE Trans. on Inform. Theory, 39:1639–1646, 1993.
[Nau99]
N. Naumann. Weil-Restriktion abelscher Variet¨ten. Master’s thesis, Univera
sity Essen, 1999.
[RS02]
K. Rubin and A. Silverberg. Supersingular abelian varieties in cryptology.
In CRYPTO ’02: Proceedings of the 22nd Annual International Cryptology
Conference on Advances in Cryptology, pages 336–353, London, UK, 2002.
Springer.
[RS09]
K. Rubin and A. Silverberg. Using abelian varieties to improve pairing-based
cryptography. Journal of Cryptology, 22(3):330–364, 2009.
[RSA78] R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital
signature and public key cryptosystems. Comm. ACM, 21:120–126, 1978.
[Sha85]
A. Shamir. Identity-based cryptosystems and signature schemes. In Proceedings of CRYPTO 84 on Advances in cryptology, pages 47–53. Springer, 1985.
[SOK00] R. Sakai, K. Ohgishi, and M. Kasahara. Cryptosystems based on pairing. In
The 2000 Symposium on Cryptography and Information Security (SCIS2000),
pages 26–28, Okinawa, Japan, 2000.
[Ver08]
F. Vercauteren. Optimal Pairings. Cryptology ePrint Archive, Report
2008/096, 2008. http://eprint.iacr.org/2008/096.
[Wei01]
A. Weimerskirch. The application of the Mordell–Weil group to cryptographic
systems. Master’s thesis, Worchester Polytechnic Institute, 2001.</Abstract>2010-03-25T23:00:00ZQuantum lattice Boltzmann methods for the linearand nonlinear Schrödinger equation in several dimensions
http://hdl.handle.net/2307/587
<Title>Quantum lattice Boltzmann methods for the linearand nonlinear Schrödinger equation in several dimensions</Title>
<Authors>Palpacelli, Silvia</Authors>
<Issue Date>2009-05-27</Issue Date>
<Abstract>In the last decade the lattice kinetic approach to fluid dynamics, and notably the Lattice Boltzmann (LB) method, has consolidated into a powerful
alternative to the discretization of the Navier-Stokes equations for the numerical simulation of a wide range of complex fluid flows. However, to date,
the overwhelming majority of LB work has been directed to the investigation
of classical (non quantum) fluids. Nonetheless a small group of authors have
also investigated lattice kinetic formulations of quantum mechanics which
led to the definition of the so-called quantum lattice gas methods for solving
linear and nonlinear Schrodinger equations.
The earliest LB model for quantum motion was proposed by Succi and Benzi
in 1993 and it built upon a formal analogy between the Dirac equations and
a Boltzmann equation satisfied by a complex distribution function. This
first quantum lattice Boltzmann (qLB) scheme was formulated in multi-
dimensions but it was numerically validated only in one space dimension.
Indeed, the first result of this thesis is the effective numerical extension
and validation of the multi-dimensional qLB scheme.
In particular, we present a numerical study of the two- and three- dimensional qLB model, based on an operator splitting approach. Our results show
a satisfactory agreement with the analytical solutions, thereby demonstrating the validity of the three-step stream-collide-rotate theoretical structure
of the multi-dimensional qLB scheme.
Moreover, we extend the qLB model by developing an imaginary-time
version of the scheme in order to compute the ground state solution of the
Gross-Pitaevskii equation (GPE). The GPE is commonly used to describe
the dynamics of zero-temperature Bose-Einstein condensates (BEC) and it
is a nonlinear Schrodinger equation with a cubic nonlinearity. The ground state solution of the GPE is the eigenstate which corresponds to the minimum energy level. Typically, this minimizer is found by applying to the
GPE a transformation, known as Wick rotation, which consists on "rotating"
the time axis on the complex plane so that time becomes purely imaginary.
With this rotation of the time axis, the GPE becomes a diffusion equation
with an absorption/emission term given by the nonlinear potential.
Thus, the basic idea behind the imaginary-time qLB model is to apply the
Wick rotation to the real-time qLB scheme. The imaginary-time qLB scheme
is also extended to multi-dimensions by using the same splitting operator
approach already applied to the real-time qLB model.
In addition, we apply the qLB scheme to the study of the dynamics of
a BEC in a random potential, which is a very active topic in present time
research on condensed matter and atomic physics research. In particular,
we investigate the conditions under which an expanding BEC in a random
speckle potential can exhibit Anderson localization.
Indeed, it is well known that disorder can profoundly affect the behavior of
quantum systems, Anderson localization being one of the most fascinating
phenomena in point.
Here, we explore the use of qLB for the case of nonlinear interactions with
random potentials and, in particular, we investigate the mechanism by which
the localized state of the BEC is modified by the residual self-interaction in
the (very) long-time term evolution of the condensate.
These studies have demonstrated the viability of the qLB model as numerical algorithm for solving linear and nonlinear Schrodinger equations for
both the time-dependent and ground state solutions, even in external random potentials.
Such lattice kinetic methods for quantum mechanics represent interesting
numerical schemes, which can be easily implemented and retain the usual
attractive features of LB methods: simplicity, computational speed, straight-
forward parallel implementation.</Abstract>2009-05-26T22:00:00ZCompactified Picard stacks over the moduli space of curves with marked points
http://hdl.handle.net/2307/426
<Title>Compactified Picard stacks over the moduli space of curves with marked points</Title>
<Authors>Mascarenhas Melo, Ana Margarida</Authors>
<Issue Date>2009-05-28</Issue Date>
<Abstract>For any d Z and g, n 0 such that 2g - 2 + n > 0, denote by Picd, g, n
the stack whose sections over a scheme S consist of flat and proper families
: C S of smooth curves of genus g, with n distinct sections si : S C
and a line bundle L of relative degree d over C. Morphisms between two
such objects are given by cartesian diagrams
C
2
// C
S 1
//
si
II
S s
iU
U
such that si 1 = 2 si, 1 i n, together with an isomorphism
3 : L
2(L ).
Picd, g, n is endowed with a natural forgetful map onto Mg, n and it is, of
course, not complete.
The present thesis consists of the construction of an algebraic stack Pd, g, n
with a map d, g, n onto Mg, n with the following properties.
(1) Pd, g, n and d, g, n fit in the following diagram;
Picd, g, n
// Pd, g, n
d, g, n
Mg, n
// Mg, n
(2) d, g, n is universally closed;
(3) Pd, g, n has a geometrically meaningful modular description.
For n = 0 (and g 2), our compactification consists of a stack theoretical
interpretation of Lucia Caporaso's compactification of the universal Picard
variety over Mg. Then, for n > 0 and 2g-2+n > 1, we proceed by induction
in the number of points following the guidelines of Knudsen's construction
of Mg, n.
1</Abstract>2009-05-27T22:00:00ZCollisions of fat points
http://hdl.handle.net/2307/423
<Title>Collisions of fat points</Title>
<Authors>Nesci, Michele</Authors>
<Issue Date>2009-03-30</Issue Date>2009-03-29T22:00:00ZGroup schemes of order p^2 and extension of Z/p^2Z-torsors
http://hdl.handle.net/2307/135
<Title>Group schemes of order p^2 and extension of Z/p^2Z-torsors</Title>
<Authors>Tossici, Dajano</Authors>
<Issue Date>2008-03-03</Issue Date>2008-03-02T23:00:00ZMinimal surfaces derived from the Costa-Hoffman-Meeks examples
http://hdl.handle.net/2307/111
<Title>Minimal surfaces derived from the Costa-Hoffman-Meeks examples</Title>
<Authors>Morabito, Filippo</Authors>
<Issue Date>2008-05-28</Issue Date>2008-05-27T22:00:00Z