We introduce cryptography based on algebraic tori, give a new public key system called CEILIDH, and compare it to other discrete log based systems including LUC and XTR. Like those systems, we obtain small key sizes. While LUC and XTR are essentially restricted to exponentiation, we are able to perform multiplication as well. We also disprove the open conjectures from [2], and give a new algebro-geometric interpretation of the approach in that paper and of LUC and XTR.

This paper gives a survey of some ways to improve the ef- ciency of discrete log-based cryptography by using the restriction of scalars and the geometry and arithmetic of algebraic tori and abelian varieties.

Abstract. We introduce a compact and efficient representation of elements of the algebraic torus. This allows us to design a new discretelog based public-key system achieving the optimal communication rate, partially answering the conjecture in [4]. For n the product of distinct primes, we construct efficient ElGamal signature and encryption schemes in a subgroup of F ∗ qn in which the number of bits exchanged is only a φ(n)/n fraction of that required in traditional schemes, while the security offered remains the same. We also present a Diffie-Hellman key exchange protocol averaging only φ(n) log2 q bits of communication per key. For the cryptographically important cases of n = 30 and n = 210, we transmit a 4/5 and a 24/35 fraction, respectively, of the number of bits required in XTR [14] and recent CEILIDH [24] cryptosystems. 1

At Crypto 2004, van Dijk and Woodruff introduced a new way of using the algebraic tori Tn in cryptography, and obtained an asymptotically optimal n/φ(n) savings in bandwidth and storage for a number of cryptographic applications. However, the computational requirements of compression and decompression in their scheme were impractical, and it was left open to reduce them to a practical level. We give a new method that compresses orders of magnitude faster than the original, while also speeding up the decompression and improving on the compression factor (by a constant term). Further, we give the first efficient implementation that uses T30 , compare its performance to XTR, CEILIDH, and ECC, and present new applications. Our methods achieve better compression than XTR and CEILIDH for the compression of as few as two group elements. This allows us to apply our results to ElGamal encryption with a small message domain to obtain ciphertexts that are 10% smaller than in previous schemes.

Let K be a number field, S a finite set of valuations of K, including the archimedean valuations, and OS the ring of S-integers. Let X be an algebraic

Abstract not found

Let k be a field of characteristic zero and k an algebraic closure of k. For a geometrically integral variety X over k, we write k(X) for the function field of X = X ×k k. If X has a smooth k-point, the natural embedding of multiplicative groups k ∗ ֒ → k(X) ∗ admits a Galois-equivariant retraction. In the first part of the paper, over local and then over global fields, equivalent conditions to the existence of such a retraction are given. They are expressed in terms of the Brauer group of X. In the second part of the paper, we restrict attention to varieties which are homogeneous spaces of connected but otherwise arbitrary algebraic groups, with connected geometric stabilizers. For k local or global, for such a variety X, in many situations but not all, the existence of a Galois-equivariant retraction to k ∗ ֒ → k(X) ∗ ensures the existence of a k-rational point on X. For homogeneous spaces of linear algebraic groups, the technique also handles the case where k is the function field of a complex surface.

Abstract. We give a mathematical interpretation in terms of algebraic tori of Lucas-based cryptosystems, XTR, and the conjectural generalizations in [2]. We show that the varieties underlying these systems are quotients of algebraic tori by actions of products of symmetric groups. Further, we use these varieties to disprove conjectures from [2]. 1

The essential dimension is a numerical invariant of an algebraic group G which may be thought of as a measure of complexity of G-torsors over fields. A recent theorem of N. Karpenko and A. Merkurjev gives a simple formula for the essential dimension of a finite p-group. We obtain similar formulas for the essential p-dimension of a broader

Abstract. The essential dimension is a numerical invariant of an algebraic group G which may be thought of as a measure of complexity of G-torsors over fields. A recent theorem of N. Karpenko and A. Merkurjev gives a simple formula for the essential dimension of a finite p-group. We obtain similar formulas for the essential p-dimension of a broad class of groups, which includes all algebraic tori. 1.