Showing papers on "Weil pairing published in 1999"
TL;DR: In this article, the authors define a lift of the involution to the determinant line bundle L. The lifted involutions act on the spaces of holomorphic sections of powers of L whose dimensions are given by the Verlinde formula, and compute the characters of these vector spaces as representations of the group generated by the lifts.
Abstract: The moduli space M of semi-stable rank 2 bundles with trivial deter- minant over a complex curvecarries involutions naturally associated to 2-torsion points on the Jacobian of the curve. For every lift of a 2-torsion point to a 4-torsion point, we define a lift of the involution to the determinant line bundle L. We ob- tain an explicit presentation of the group generated by these lifts in terms of the order 4 Weil pairing. This is related to the triple intersections of the components of the fixed point sets in M, which we also determine completely using the order 4 Weil pairing. The lifted involutions act on the spaces of holomorphic sections of powers of L, whose dimensions are given by the Verlinde formula. We compute the characters of these vector spaces as representations of the group generated by our lifts, and we obtain an explicit isomorphism (as group representations) with the combinatorial-topological TQFT-vector spaces of (BHMV). As an application, we describe a 'brick decomposition', with explicit dimension formulas, of the Verlinde vector spaces. We also obtain similar results in the twisted (i.e., degree one) case.
31 citations
Posted Content•
TL;DR: In this paper, the moduli surface for pairs of elliptic curves together with an isomorphism between their N-torsion groups is studied, and it is shown that the component with determinant -1 is somehow the dominant one.
Abstract: We study the moduli surface for pairs of elliptic curves together with an isomorphism between their N-torsion groups. The Weil pairing gives a "determinant" map from this moduli surface to (Z/NZ)*; its fibers are the components of the surface. We define spaces of modular forms on these components and Hecke correspondences between them, and study how those spaces of modular forms behave as modules for the Hecke algebra. We discover that the component with determinant -1 is somehow the "dominant" one; we characterize the difference between its spaces of modular forms and the spaces of modular forms on the other components using forms with complex multiplication. Finally, we show some simplifications that arise when N is prime, including a complete determination of such CM-forms, and give numerical examples.
9 citations
14 Nov 1999
TL;DR: A novel method of efficiently finding an n-torsion point is constructed, which leads to a solution of the second problem of the Menezes-Okamoto-Vanstone reduction, and allows the conclusion that the MOV reduction is indeed as powerful as the Frey-Ruck reduction under n Xq-1 to be drawn.
Abstract: We address the Menezes-Okamoto-Vanstone (MOV) algorithm for attacking elliptic curve cryptosystems which is completed in subexponential time for supersingular elliptic curves. There exist two hurdles to clear, from an algorithmic point of view, in applying the MOV reduction to general elliptic curves: the problem of explicitly determining the minimum extension degree k such that \(E[n]\subset E(F_{q^k})\) and that of efficiently finding an n-torsion point needed to evaluate the Weil pairing, where n is the order of a cyclic group of the elliptic curve discrete logarithm problem. We can find an answer to the first problem in a recent paper by Balasubramanian and Koblitz. On the other hand, the second problem is important as well, since the reduction might require exponential time even for small k. In this paper, we actually construct a novel method of efficiently finding an n-torsion point, which leads to a solution of the second problem. In addition, our contribution allows us to draw the conclusion that the MOV reduction is indeed as powerful as the Frey-Ruck reduction under \(n
ot\vert q-1\), not only from the viewpoint of the minimum extension degree but also from that of the effectiveness of algorithms.
2 citations
Journal Article•
TL;DR: In this article, the Menezes-Okamoto-Vanstone (MOV) algorithm for attacking elliptic curve cryptosystems is presented, which is completed in subexponential time for supersingular elliptic curves.
Abstract: We address the Menezes-Okamoto-Vanstone (MOV) algorithm for attacking elliptic curve cryptosystems which is completed in subexponential time for supersingular elliptic curves There exist two hurdles to clear, from an algorithmic point of view, in applying the MOV reduction to general elliptic curves: the problem of explicitly determining the minimum extension degree k such that E[n] ⊂ E(F q k) and that of efficiently finding an n-torsion point needed to evaluate the Weil pairing, where n is the order of a cyclic group of the elliptic curve discrete logarithm problem We can find an answer to the first problem in a recent paper by Balasubramanian and Koblitz On the other hand, the second problem is important as well, since the reduction might require exponential time even for small k In this paper, we actually construct a novel method of efficiently finding an n-torsion point, which leads to a solution of the second problem In addition, our contribution allows us to draw the conclusion that the MOV reduction is indeed as powerful as the Frey-Ruck reduction under n Xq-1, not only from the viewpoint of the minimum extension degree but also from that of the effectiveness of algorithms
2 citations