The first part will be taught by
Tanja Lange
Coding Theory and Cryptology
Eindhoven Institute for the Protection of Information
Department of Mathematics and Computer Science
Room HG 9.92
Technische Universiteit Eindhoven
P.O. Box 513
5600 MB Eindhoven
Netherlands

The easiest ways to reach me where ever I am:
e-mail:tanja@hyperelliptic.org


The second part will be taught by Alp Bassa and Ronald Cramer

This is an overview of the topics taught in the master math course Algebraic Geometry in Cryptology. Details are filled in as time permits. The official home page is here.
The course takes place Tuesdays at the University of Utrecht in Minnaertbuilding room 208, except for March 16 and April 27 when it is in Buys Ballot Lab, room 205.
The first part consists of 7 weeks of lectures, the dates are Feb 09, Feb 16, Feb 23, Mar 02, Mar 09, Mar 16, and Mar 23. Each class takes from 14:00 - 16:45. These 3 hours are lectures with integrated exercises, so there are no separate exercise sessions.

Description
Cryptology deals with mathematical techniques for design and analysis of algorithms and protocols for digital security in the presence of malicious adversaries. For example, encryption and digital signatures are used to construct private and authentic communication channels, which are instrumental to secure Internet transactions.
Some of the most fascinating advances rely on algebraic geometry: Elliptic curves are becoming the new standard for public key primitives and research in elliptic curve cryptography received a recent boost with cryptographic pairings; hyperelliptic curves offer interesting performance for hardware implementations; Goppa codes for curves of genus 0 are used to construct secure code-based cryptosystems; curves over finite fields also find applications in secret sharing schemes and towers of algebraic function fields have an important bearing on strongly multiplicative secret haring schemes with good asymptotic properties. These schemes are highly relevant, as they are the basis for information-theoretically secure multi-party computation. Depending on time we will also highlight the use of towers of function fields for constructing codes with particularly good error correction properties.
This course provides an introduction to cryptography and to algebraic geometry at a master course level. The main focus is on the diverse applications that algebraic geometry has in cryptology.

Announcements

The room has changed to Minnaertgebouw 208 (Zonnezaal); for exceptions see above.

Literature

There are a few books covering topics we touch in class but there is no 'textbook' that covers everything. The following list will be updated as the course proceeds.

• Roberto M. Avanzi, Henri Cohen, Christophe Doche, Gerhard Frey, Tanja Lange, Kim Nguyen, Frederik Vercauteren "Handbook of Elliptic and Hyperelliptic Curve Cryptography", CRC Press.
  Currently the chapter "Background on Curves and Jacobians" is online as sample.
• Gerhard Frey, Tanja Lange Mathematical Background of Public Key Cryptography.
• William Fulton "Algebraic Curves, An Introduction to Algebraic Geometry", Benjamin. Fulton made his book available for download (note, different page numbers from the original).
• Lawrence C Washington "Elliptic Curves: Number Theory and Cryptography", CRC Press

Examination

The grade will be based on homework. During my 7 weeks you will receive 2 homework sheets.

Homework

• Attention, sheet has changed on the evening of the 28th. Exercise 1
  You may also submit your solutions as a sage worksheet. Make sure not to use any external functions; my installation of sage is not linked to any other algebra package.
  For easier cut-and-paste: The numbers for exercise 2 are p=10715086071862673209484250490600018105614048117055336074437503883703510511249361224931983788156958581275946729175531468251871452856923140435984577574698574803934567774824230985421074605062371141877954182153046474983581941267398767559165543946077062914571196477686542167660429831652624386837205668069673
  x(P)=8255302200938733614552466823477968457325782561218935056142726059110027388580706295782453565856664044528951968669913089204536275560323221045301534436485766149615760236824682690257100316670322275196568095088609815097515822522344479021114874270630610500757033318682332538694141098282779328155579116892630
  y(P)=7860451953253008016334319086973083671521985101867784180016587109402633627711212053182594093190183411074103537064829327834079804038525491451700540424683612685440079252783622824399433548599140173127051099135461057611363536109031294511484067798548644218636887891791329270723692896110985700871789305536949
  x(Q)=5327609297028292779281513309522061279072414264207422741862931141475973121719474042903306563396093622226700853860644281122888175388772299457384953735538300477233265223224828254792004233895115540315241123596698290228186281908362797832882869784043219513269107469016697438520682668518343339087861597928735
  y(Q)=6767574787998374045312531254485889267346635804210880573324198399103120818582869100692668723348853775626141450834240856516304468882593153806337540708655249527404559485322585846232433049950011450661683866308369532044985375861438408167088416826106478860667145954248204485340418606294002881501861726441301
  
• The exercise sheet is now updated to have all 4 exercises.
  Exercise 2
  

Class notes

09 Feb 2010
General introduction to cryptography; concepts public key and symmetric key cryptography, Diffie-Hellman key exchange over the rationals and modulo primes. The clock group and how to compute there efficiently. Curve equation of Edwards curves.
I took pictures of all black boards before erasing them. They are here.

16 Feb 2010
Edwards curves; proof that denominators cannot vanish, points of finite order; generalization of curve equation to ax²+y²=1+dx²y². Attention, this model is called twisted Edwards curve (I left out the 'twisted' in the definition); ElGamal encryption; number of points; general musings about how to do things in practice.
I took pictures of all black boards before erasing them. They are here.

23 Feb 2010
Affine and projective space, Zariski topology, connections between affine and projective space, varieties, Jacobi criterion. Some reading material is posted under literature (chapter 4 of HEHCC and preprint with Frey).
I took pictures of all black boards before erasing them. They are here.

02 Mar 2010
Varieties, irreducible vs. absolutely irreducible, function field of variety, field of constants, morphisms, Frobenius endomorphism, isomorphisms, rational functions, birational equivalences, Montgomery curves.
I took pictures of all black boards before erasing them. They are here.

09 Mar 2010
Model solutions of the homework; blow-ups of singularities; group of divisors, degree of a divisor, effective divisors.
I took pictures of all black boards before erasing them. They are here.

16 Mar 2010
Principal divisors, Riemann-Roch theorem, genus, Weierstrass form elliptic curves, divisor class group, operations in divisor class group of elliptic curve and representation of the classes. The slides showing the geometric interpretation of the addition on Edwards curves are here; the pictures start page 12. There is also a preprint giving more of the background.
I took pictures of all black boards before erasing them. They are here.

23 Mar 2010
Hyperelliptic curves, details on imaginary hyperelliptic curves (curve equation, involution, representation of divisor classes), pairings (definition, protocols, Tate pairing) The slides I used for the pairings description are here; some newer slides are here
I took pictures of all black boards before erasing them. They are here.