Algebraic Geometry in Cryptology - Spring 2010

Part I

Pictures and slides Announcements Literature Course Homework

The first part will be taught by
Tanja Lange
Coding Theory and Cryptology
Eindhoven Institute for the Protection of Information
Department of Mathematics and Computer Science
Room HG 9.92
Technische Universiteit Eindhoven
P.O. Box 513
5600 MB Eindhoven

The easiest ways to reach me where ever I am:

The second part will be taught by Alp Bassa and Ronald Cramer

This is an overview of the topics taught in the master math course Algebraic Geometry in Cryptology. Details are filled in as time permits. The official home page is here.
The course takes place Tuesdays at the University of Utrecht in Minnaertbuilding room 208, except for March 16 and April 27 when it is in Buys Ballot Lab, room 205.
The first part consists of 7 weeks of lectures, the dates are Feb 09, Feb 16, Feb 23, Mar 02, Mar 09, Mar 16, and Mar 23. Each class takes from 14:00 - 16:45. These 3 hours are lectures with integrated exercises, so there are no separate exercise sessions.

Cryptology deals with mathematical techniques for design and analysis of algorithms and protocols for digital security in the presence of malicious adversaries. For example, encryption and digital signatures are used to construct private and authentic communication channels, which are instrumental to secure Internet transactions.
Some of the most fascinating advances rely on algebraic geometry: Elliptic curves are becoming the new standard for public key primitives and research in elliptic curve cryptography received a recent boost with cryptographic pairings; hyperelliptic curves offer interesting performance for hardware implementations; Goppa codes for curves of genus 0 are used to construct secure code-based cryptosystems; curves over finite fields also find applications in secret sharing schemes and towers of algebraic function fields have an important bearing on strongly multiplicative secret haring schemes with good asymptotic properties. These schemes are highly relevant, as they are the basis for information-theoretically secure multi-party computation. Depending on time we will also highlight the use of towers of function fields for constructing codes with particularly good error correction properties.
This course provides an introduction to cryptography and to algebraic geometry at a master course level. The main focus is on the diverse applications that algebraic geometry has in cryptology.


The room has changed to Minnaertgebouw 208 (Zonnezaal); for exceptions see above.


There are a few books covering topics we touch in class but there is no 'textbook' that covers everything. The following list will be updated as the course proceeds.

It is not necessary to purchase any of the books to follow the course.


The grade will be based on homework. During my 7 weeks you will receive 2 homework sheets.


Class notes

09 Feb 2010
General introduction to cryptography; concepts public key and symmetric key cryptography, Diffie-Hellman key exchange over the rationals and modulo primes. The clock group and how to compute there efficiently. Curve equation of Edwards curves.
I took pictures of all black boards before erasing them. They are here.

16 Feb 2010
Edwards curves; proof that denominators cannot vanish, points of finite order; generalization of curve equation to ax2+y2=1+dx2y2. Attention, this model is called twisted Edwards curve (I left out the 'twisted' in the definition); ElGamal encryption; number of points; general musings about how to do things in practice.
I took pictures of all black boards before erasing them. They are here.

23 Feb 2010
Affine and projective space, Zariski topology, connections between affine and projective space, varieties, Jacobi criterion. Some reading material is posted under literature (chapter 4 of HEHCC and preprint with Frey).
I took pictures of all black boards before erasing them. They are here.

02 Mar 2010
Varieties, irreducible vs. absolutely irreducible, function field of variety, field of constants, morphisms, Frobenius endomorphism, isomorphisms, rational functions, birational equivalences, Montgomery curves.
I took pictures of all black boards before erasing them. They are here.

09 Mar 2010
Model solutions of the homework; blow-ups of singularities; group of divisors, degree of a divisor, effective divisors.
I took pictures of all black boards before erasing them. They are here.

16 Mar 2010
Principal divisors, Riemann-Roch theorem, genus, Weierstrass form elliptic curves, divisor class group, operations in divisor class group of elliptic curve and representation of the classes. The slides showing the geometric interpretation of the addition on Edwards curves are here; the pictures start page 12. There is also a preprint giving more of the background.
I took pictures of all black boards before erasing them. They are here.

23 Mar 2010
Hyperelliptic curves, details on imaginary hyperelliptic curves (curve equation, involution, representation of divisor classes), pairings (definition, protocols, Tate pairing) The slides I used for the pairings description are here; some newer slides are here
I took pictures of all black boards before erasing them. They are here.