## ECC 2018 Program

### November 19 2018 (Mon) (8 talks)

 08:30 - 09:00 Registration 09:00 - 09:20 Opening Remarks 09:20 - 11:00 Isogeny-Based Cryptography (1) (Chair: Tsuyoshi Takagi) 09:20 - 10:10 David Jao(University of Waterloo/evolutionQ, Inc., Waterloo): Implementing Supersingular Isogeny Cryptography Abstract: Recent years have seen dramatic progress and improvements in the implementation of supersingular isogeny-based cryptosystems. In this talk we provide an overview of results obtained to date, and discuss the near-term viability of supersingular isogeny cryptography on constrained and embedded hardware platforms. [Slide] [Video] 10:10 - 11:00 Travis Morrison(The Pennsylvania State University): Computing Isogenies and Endomorphism Rings of Supersingular Elliptic Curves [Slide] [Video] 11:00 - 11:20 Coffee Break 11:20 - 12:40 Block Chain (Chair: Kazumasa Omote) 11:20 - 12:10 Eiichiro Fujisaki(JAIST): Ring Signatures for Blockchain Abstract: Traceable ring signatures were proposed in PKC 2007. Recently, it was implemented in one of blockchain-based cryptocurrencies. We review traceable ring signatures and discuss how it can be used in the blockchain technology. [Slide] [Video] 12:10 - 12:40 Roger Wattenhofer(ETH Zurich): The Role of Cryptography in Distributed Systems Abstract: Distributed protocols often employ some form of cryptography, in particular digital signatures. In my talk I would like to shed some light on the role of cryptography in distributed systems. I will start out with some examples of distributed protocols with and without cryptography: consensus, byzantine agreement, blockchain. This brings us the interesting question to what degree cryptography is needed: What distributed problems can or cannot be solved without cryptography, and what is still unknown? [Slide] [Video] 12:40 - 13:40 Lunch Break 13:40 - 15:20 Beyond ECC (Chair: Tanja Lange) 13:40 - 14:30 Pierrick Gaudry(LORIA): Point Counting on Hyperelliptic Curves of Genus 3 and Higher in Large Characteristic Abstract: In this joint work with Simon Abelard and Pierre-Jean Spaenlehauer, we study the complexity of counting points on hyperelliptic curves with the family of methods derived from Schoof's algorithm. Our focus is mostly on the polynomial systems of equations used to model the torsion subgroups and their specificities. Depending on the context (genus 3 or higher; complexity result or practical computation), we use different tools: resultants, Groebner basis or geometric resolution. Using the multi-homogeneous nature of the systems, we show that the main exponent in the complexity grows linearly with the genus, while the previous best algorithm with this respect had an exponent quadratic in the genus. In the particular case of genus 3, we use an ad-hoc approach to the resolution, and show that in the case of curves with explicit real multiplication, the complexity can be significantly reduced and practical experiments are feasible. [Slide] [Video] 14:30 - 15:20 Divesh Aggarwal(National University of Singapore): A New Public Key Cryptosystem Based on Mersenne Numbers Abstract: In this work, we propose a new public-key cryptosystem whose security is based on the computational intractability of the following problem: Given a Mersenne number p = 2^n - 1, where n is a prime, a positive integer h, and two n-bit integers T, R, decide whether their exist n-bit integers F, G each of Hamming weight less than h such that T = F R + G modulo p. [Slide] [Video] 15:20 - 15:40 Coffee Break 15:40 - 17:20 Fundamental (Computer algebra to Quantum Computer) (Chair: Akira Otsuka) 15:40 - 16:30 Nobuyuki Imoto(Osaka University): Quantum Information Processing --- Similarities and Differences with Classical Information Processing Abstract: Quantum information processing, which is rapidly attracting attention in recent years, started around 1985. The purpose is the same. Quantum computation is a mean to realize faster computation. Quantum cryptography is a mean to realize more secure communication. The means are, however, different. We use quantum parallelism in quantum computation, and unavoidable quantum back action in detecting eavesdropping and distilling secure keys in quantum cryptography. The ingredients we use in quantum information processing are different from classical information processing. We use superposition of states and entanglement (= quantum correlation) between different qubits. The main obstacles that are common to classical and quantum technologies are noise and loss. Classically, a number of methods have been established such as error correction codes, repeaters (discriminating and regeneration of bits), and classical encryption algorithms. We also have quantum version of these: error correction codes, quantum repeaters, and quantum key distribution. Something uncommon is decoherence. We need to maintain the superposition and/or entanglement under noise and loss. I will explain these and introduce our efforts to cope with these problems including recent results. Something that needs to be improved, I feel, is that there have been little interaction between classical information and quantum information communities. Since the two areas are closely related, we definitely need more cooperations. [Slide] [Video] 16:30 - 17:20 Henri Cohen(Université de Bordeau): Point Counting on Quasi-Diagonal Hypersurfaces Abstract: A quasi-diagonal hypersurface has a projective equation of the type $\sum_{1\le i\le m}a_ix_i^m-b\prod_{1\le i\le m}x_i=0$. The goal of this talk is to give a number of methods for computing its number of points over a finite field ${\mathbb F}_q$ and to compare their speed. The conclusion is that the best method is to use the $p$-adic Gross--Koblitz formula. [Slide] [Video] 19:00 - 21:00 Banquet