Group

You are currently browsing articles tagged Group.

Groups and Finite Fields – Crypto Theoretical Minimum

May 24, 2018 in Bitcoin, Monero, Prerequisites | No comments

Download pdf here: Groups and Finite Fields

1. Introduction

Group, field and elliptic curve theories make a regular appearance in the study of crypto-assets including but not limited to cryptocurrencies. For example, the security strength of a number of crypto-specific primitives relies on the math of elliptic curve groups over finite fields. These groups constitute a robust infrastructure to generate adequate public keys from private ones.

Groups and fields are foundational pillars of modern algebra. While in elementary algebra we rely on common arithmetic operations (e.g., addition and multiplication of real numbers), in modern algebra we raise further the level of abstraction. In particular, we introduce more general counterparts to real number addition and multiplication and define them over more general sets. An important objective is to study the common properties of all sets on which a fixed number of operations are defined. These operations tend to be interrelated in some definite way (e.g., distributivity of multiplication over addition).

In this post, we provide a concise (but by no means comprehensive) introduction to group and finite-field theory at the level needed to better appreciate the mathematical foundation of crypto assets. In a subequent post we build on this material to introduce elliptic curve groups defined over finite fields. The interested reader could consult e.g., [1] for a deeper dive on the theory of finite fields and its applications.

Read the rest of this entry »

Tags: ,

LSAG Signature Scheme

April 26, 2018 in Monero | No comments

Download pdf here: LSAG Signature Scheme

1. Introduction

For a given ring size n, Cryptonote’s original scheme (as introduced in part 5), generates signatures of the form (I, c_1,..,c_n,r_1,..,r_n) consisting of (2n+1) arguments. It turns out that a more efficient scheme initially introduce in [3] and later adapted by Adam Back in [1] can achieve the same security properties as Cryptonote’s with (n+2) arguments instead (a reduction factor that tends to 2 as n tends to \infty). The scheme introduced in [3] is known as Linkable Spontaneous Anonymous Group signature or LSAG signature scheme for short. In part 7 of this series, we will see how [4] generalizes the LSAG construct to build the foundation of Monero’s current ringCT signature scheme.

2. The LSAG scheme

The LSAG signature introduced in [3] is built on a group E of prime order q and generator G. Moreover, it uses 2 statistically independent ROs:

  • \mathcal{H}_1: \{{0,1\}^*} \longrightarrow \mathbb{F}_q
  • \mathcal{H}_2: \{{0,1\}^*} \longrightarrow E

In what follows we introduce a slightly modified LSAG scheme that will allow an easier comparison to Cryptonote’s original scheme. We carry forward all the notation used in the Cryptonote scheme to the current LSAG definition. In particular, we let E be a large finite group generated by the same elliptic curve introduced in part 5 (refer to the post entitled Elliptic Curve Groups for an introduction to this topic). We also consider the same base point G. Recall that the base point is chosen in such a way to ensure that it has a large prime order l < q. All arithmetic is done in the subgroup \{{G\}} of the elliptic curve group E. As a matter of convention, we write \{{G\}^{*}} \equiv \{{G\}} - e.

Read the rest of this entry »

Tags: , , , , , ,