Você está na página 1de 9

# Notation

## Basic mathematical notation

#S
ST
Z, Q, R, C
N, Z>0
Z/rZ
Fq
Zp , Qp
hg1 , . . . , gn i
(g1 , . . . , gn )
(n)
(n)
(N )
a | b, a b
qn , rn
s n , tn
hn /kn
log2 (x)
log(x)
[0, 1]

(al1 . . . a1 a0 )2
v, w
0
ei
In
hx, xi
kxk
k ka
span{v 1 , . . . , v n }
rank(A)
Mn (R)
x
x
[x], x

## The empty set

The number of elements in the finite set S
Set difference of sets S and T
integers, rationals, reals and complex numbers
Natural numbers
Integers modulo r
Finite field of q = pm elements
p-adic ring, field, where p (sometimes also called l) is a prime.
Group generated by g1 , . . . , gn
Ideal generated over a ring R by g1 , . . . , gn R
Euler phi function
Riemann zeta function
Carmichael lambda function
b is/is not a multiple of a
Quotient and remainder in n-th step of Euclidean algorithm
Numbers arising in the extended Euclidean algorithm to compute gcd(a, b),
they satisfy rn = asn + btn
Convergents of a continued fraction expansion
Logarithm to base 2
Natural logarithm
{x R : 0 x 1}
Approximately equal (we do not give a precise definition), such as 3.1415
Binary representation of an integer a
Vectors
Zero vector
i-th unit vector
n n identity matrix
Inner product
Euclidean length of a vector (2 norm)
a -norm for a N
Span of a set of vectors
Rank of a matrix A
n n matrices over the ring R
Round x R down to an integer
Round x R up to an integer
Closest integer to x, with [1/2] = 1/2 = 1

15

16

CONTENTS

## Notation for polynomials and fields

Fq
F (x)

TrFqm /Fq
NFqn /Fq or N
k
char(k)
k
k
Gal(k /k)
trdeg
F (x)
F (x)
R(F, G), Rx (F (x), G(x))
R1 (x), Ri (x), T (x)
deg(F (x)), deg x (F (x))
deg(f (x))
F
ZF
Cl(O)
h(O)

## Finite field of q = pm elements

Irreducible polynomial defining a finite field
Generator of a finite field
Trace
Norm map with respect to Fqn /Fq
Ground field, always assumed to be perfect
The characteristic of k (either 0 or a prime)
An algebraic closure of k
A field extension of k contained in k
Galois group if k /k is Galois
Transcendence degree
Polynomial of degree d
The derivative of the polynoial F (x)
Resultant of polynomials
Polynomials arising in polynomial factorisation algorithms of Section 2.12
Degree of polynomial
Total degree of polynomial
Polynomial in Fq [x] of degree m defining Fqm = Fq [x]/(F (x))
Ring of integers of number field F
Class group of order O
Class number of order O

## Notation for algorithms and complexity

O(f )
o(f )
)
O(f
(f )
(f )
R
len(a)
wt(m)
M (n)
M (d, q) = M (d log(dq))
sS
LN (a, c)
O, A

Big O notation
Little o notation
Soft O notation
Big Omega notation
Big Theta notation
Reduction
The bit-length of a
The Hamming weight of m (number of ones in binary expansion)
The cost of multiplication of two n-bit integers
The cost of multiplying two degree d polynomials over Fq
s S chosen according to an (implicit) distribution on S
Subexponential function
Oracle

## Notation for algebraic geometry

Ga (k)
Gm (k)
mult
inverse
[g]
G/
An (k)
Pn (k)
(x0 : : xn )

x
X, Y
X(k)

Multiplicative group (k , .)
Multiplication map in an algebraic group
Inverse map in an algebraic group
Orbit or equivalence class of g under an automorphism
Set of orbits/equivalence classes of G under the automorphism
Affine space, points (x1 , . . . , xn )
Projective space, points (x0 : . . . |xn )
Homogeneous coordinate for point of Pn
Equivalence of (n + 1)-tuples to define projective space
Either (x1 , . . . , xn ) An (k) or (x0 : : xn ) Pn (k)
Algebraic set
k-rational points of X

CONTENTS
V (I)
(S)
Ik (X), I(X)
k[X]
k(X)m k(C)
F, K, L
Ui
i

i
1
i
1
i
X An
f
I
X
O(X)
dim(X)

p
S 1 R
Rp
OP,k (X), OP
mP,k (X), mP
JX,P
C
E
C(k), E(k)
OE , OC
(P )
vP (f )
tP
l(x, y)
v(x)
Homk (E1 , E2 ), Endk (E)
Tl (E)
x(P ), xP , y(P ), yP
q
P0
n (x)
Gq,n
g

TrFqn /Fq or Tr
Tn
comp
decomp

17
Zero set of the ideal I
Ideal over k[x] generated by the set S
Ideal over k corresponding to the algebraic set X over k
Coordinate ring of algebraic set X
Function field of X (resp. C)
Function field
Subset of Pn comprising all points (x0 : : xn ) with xi 6= 0
Rational map i : An Pn with image Ui
Rational map n
Homogenisation map from k[y1 , . . . , yn ] to k[x0 , . . . , xn ]
Rational map Pn An
De-homogenisation k[x0 , . . . , xn ] k[y1 , . . . , yn ]
Abbreviation for 1
n (X Un )
Homogenisation of the polynomial f
Homogenisation of the ideal I
Projective closure of algebraic set X An
Regular functions on variety X
Dimension of the algebraic variety X
Rational map or morphism of varieties
A prime ideal of a ring
The localiation of a ring with respect to a multiplicative set S
The localisation of a ring at the prime ideal p
Local ring of X at P .
Maximal ideal of OP,k (X)
Jacobian matrix of X = V (f1 , . . . , fm ) An at P
Curve
Elliptic curve
The k-rational points of C (resp. E)
Point at infinity on a curve
If P = (x, y) then (P ) = (x, y a1 x a3 )
Valuation of function f k(C) at point P
Uniformizer at P
Line between points P1 and P2 on an elliptic curve
Vertical line on an elliptic curve
Homomorphisms/endos of elliptic curves
Tate module of an elliptic curve
Coordinates of the point P = (xP , yP ) C(k)
q-power Frobenius map
A given k-rational point on a curve
n-th cyclotomic polynomial
Cyclotomic subgroup of Fqn of order n (q)
An element of Gq,n
Generator over Fq of a finite field Fq2
Trace map with respect to Fqn /Fq
Algebraic torus
Torus compression function
Torus decompression function
Partial group operation for T2

18

CONTENTS
Vn
U
pU
g (x)
tn
F (x), H(x)
E(x, y)
a1 , a2 , a3 , a4 , a6
D
div(f )
Supp(D)
Divk (C)
Div0k (C)
Prink (C)
D
Pic0k (C)

v | v
Rv
mv
Lk (D)
k (D)
D D
DivEff
Picdk (X)
degx a(x)
deg()
deg(D)

g
F/x
hdx
k (C)

E
div()
(C, P ), (E, O)
Q
[n]
E[n]
Twist(E)
E (d)
Homk (E1 , E2 )
Endk (E)
ker()
t
P (T )

Trace of g n in LUC
Hypersurface in the construction of T6
Rational parameterisation of the hypersurface U
Characteristic polynomial over Fq2 of element of Fq6
Trace of g n in XTR
Polynomials in k[x] used to define a curve
Weierstrass equation y 2 + H(x)y F (x)
Coefficients of Weierstrass equation
Divisor
Divisor of the function f
Support of a divisor
Divisors on C defined over k
Degree zero divisors on C defined over k
Principal divisors on C
Divisor class
Degree zero divisor class group of curve C over k
Linear equivalence (i.e., equivalence of divisors)
Extension of valuations
Valuation ring
Maximal ideal of the valuation
Riemann-Roch space for divisor D
Dimension of Riemann-Roch space for D
Ordering relation on divisors
Set of all effective divisors
Divisor class group (degree d divisor class group of X over the field k)
Degree in x of the polynomial a(x)
Degree of the morphism
Degree of the divisor D
Pullback under a morphism
Pushforward under a morphism
genus of curve C
Standard partial differentiation of polynomials or rational functions
Differential on C
Set of differentials on C over k
Differential on C
Invariant differential on elliptic curve E
Divisor of a differential on C
A pointed curve, i.e., a curve over k together
with a specified k-rational point.
Translation map
Multiplication by n map on an elliptic curve (or torus or Abelian variety)
Points of order dividing n on an elliptic curve
Set of classes of twists of E
Group of isogenies from E1 to E2 over k
Ring of isogenies from E to itself over k
Kernel of an isogeny
Uniformizer on elliptic curve at OE
Characteristic polynomial of Frobenius

19

CONTENTS

degs ()
degi ()
(Y : Xd : : X0 )
C
P
(u(x), v(x))
+ ,
monic(u(x))
div(u(x), y v(x))
u , v , v
D
D
(u(x), v(x), n)
JC

L(t)
i
K/k

Dual isogeny
Separable degree
Inseparable degree
Variables for projective non-singular equation of hyperelliptic curve
Image of hyperelliptic curve C under map swapping and zero
Birational map from hyperelliptic curve taking P to infinity
Mumford representation for semi-reduced divisors
Points at infinity on a hyperelliptic curve
Monic polynomial obtain by dividing by the leading coefficient
Greatest common divisor of div(u(x)) and div(y v(x))
Polynomials arising in Cantor reduction and reduction at infinity
Semi-reduced divisor arising from Cantors reduction
Effective Divisor on a hyperelliptic curve of degree g with support only at infinity
Divisor div(u(x), y v(x)) A2 + n(+ ) + (g deg(u(x)) n)( )
Jacobian variety of the curve C
Mumford theta divisor
L-polynomial of the curve C over Fq
Roots of P (T ) and reciprocal roots of L(t) for curve C over Fq
Fields in Weil descent attack

## Notation for algorithms in algebraic groups

NAF
w-NAF or NAFw
D
digit
weight
logg (h)
r
(mods m)
1
PH
BSGS
Sj
Lj
LSBm
MSBm
HNP

Digit set for an expansion
Function assigning to an integer and integer in D
Weight of the expansion
Discrete logarithm problem (g G)
Large prime, the order of g G
Modular reduction to signed residue
Coefficient 1 in a signed expansion
Pohlig-Hellman algorithm
Baby-step-giant-step algorithm
Sets for representation problem and product DLP
Lists for generalised birthday algorithm
m least signficant bits
m most signficant bits, or bits specifying a decomposition of
the domain into equal partitions
Hidden number problem

Notation in Chapter 14
G
g
r
h
a
S
N
(X)
Pr
E

## An algebraic group or algebraic group quotient

An element in an AG or AGQ G, usually of prime order r
The prime order of an element g
An element in hgi
The discrete logarithm of h with respect to g
A set
Size of the set S, or an integer to be factored
The number of primes X
Probability
Complemenent of an event E

20

CONTENTS
l
nS
S
b(g)
X
xi
(ai , bi )
(uj , vj )
gj
walk
lt
lh

D
nD

NP
n
type
s
NC
x
x

Aut(G)
b
w
m
f :SS
fi : Si R
I
i : I Si
: R I 1, 2
f (x)

## The number of elements sampled from S

Number of partitions in Pollard walk
Map from G to Z/nS Z
Binary representation of g G
Random variable
Random walk sequence
Representation of walk element xi = g ai hbi
Powers of g and h in random walk steps
A jump in the random walk
The random walk function
Length of tail of Pollard rho walk
Length of cycle (or head) of Pollard rho walk
A small positive real number
Set of distinguished points
Number of bits used to define distinguishing property
Probability that a random g G is a distinguished point
Number of processors
Number of steps made by tame kangaroo
Indicator tame or wild
Spacing between starting positions of kangaroos in the same herd
Size of generic equivalence class
Equivalence class of x
Equivalence class representative of class of x
Automorphism group of an algebraic group G
Start of interval; usually set to 0
Length of interval
Mean step size
Function in parallel collision search
Function in meet-in-the-middle attack
Set {0, 1, . . . , N 1}
Functions in parallel meet-in-middle-attack
Function in parallel meet-in-middle-attack
Function in Pollard rho factoring

Notation in Chapter 15
(X, Y )
f (n) g(n)
(u)
TB
LN (a, c)
B
B
s
I(n)
N (n, b)
p(n, b)
Summn (x1 , . . . , xn )

## Number of Y -smooth integers less than X

If limn f (n)/g(n) = 1
Dickman-de Bruijn function
Expected number of trials until a random integer 1 x < N is B-smooth
Subexponential function
Factor base
Bound on primes to define B
Number of elements in factor base B
number of irreducible polynomials of degree n
number of b-smooth polynomials of degree exactly equal to n
probability that a uniformly chosen polynomial of degree at most n is b-smooth
Summation polynomial

CONTENTS

## Notation for Part IV

b, v, w
0
ei
In
hx, xi
kxk
k ka
span{v 1 , . . . , v n }
rank(A)
x
B
L
bi
i,j
Bi
i
det(L)
n
X
B(i)
di
D
P1/2 (B)
F (x), F (x, y)
G(x), G(x, y)
X, Y
bF
R(F, G), Rx (F (x), G(x))
W
P, R
amp(x)
B, B
In
U
m, e, c

M
s
a1 , . . . , an
b1 , . .P
. , bn
n
s = i=1 xi ai
d

M
W
U
t

21

## Row vectors (usually in Rm )

Zero vector in Rm
i-th unit vector in Rm
n n identity matrix
Inner product
Euclidean length (2 norm)
a -norm for a N
Span of a set of vectors over R
Rank of a matrix A
Closest integer to x, 1/2 = 1
Basis matrix for a lattice
Lattice
Gram-Schmidt vector arising from ordered basis {b1 , . . . , bn }
Gram-Schmidt coefficient hbi , bj i/hbj , bj i
kbi k2
Successive minima of a lattice
Determinant of a lattice
Hermites constant
Bound on the size of the entries in the basis matrix L
i m matrix formed by the first i rows of B
Determinant of matrix of hbj , bk i for 1 j, k i
Product of di
Fundamental domain (parallelepiped) for lattice basis B
Polynomial with small root
Polynomial with small root in common with F (x) (resp., F (x, y))
Bounds on size of root in Coppersmiths method
Coefficient vector of polynomial F
Resultant of polynomials
Bound in Coppersmiths method
Constants in noisy Chinese remaindering
The amplitude gcd(P, x R) in noisy Chinese remaindering
Basis matrices for GGH encryption
n n identity matrix
Invertible matrix disguising the private key in GGH
Message (respectively, error vector, ciphertext) in McEliece or GGH
Entry in error vector in GGH
Size of coefficients in message in GGH
GGH signature
Subset sum weights
Superincreasing sequence
The sum in a subset sum instance, with xi {0, 1}
Density of a subset sum instance
Permutation of {1, . . . , n} used in the Merkle-Hellman cryptosystem
Vector in Nguyen attack
Modulus in Merkle-Hellman knapsack
Multiplier in Merkle-Hellman knapsack
W 1 (mod M ) in Merkle-Hellman
Number of iterations in iterated Merkle-Hellman knapsack

22

CONTENTS

## Notation for cryptography

M
PK
SK
C
pk
sk
m
c, (c1 , c2 )
s, (s1 , s2 )
Enc
Dec
g

H
qS
F (s1 )
DLP
CDH
DDH
kdf
Inverse-DH
Static-DH
Strong-DH
Square-DH
Hash-DH
MAC
KEM
DEM
K
Xg1 ,g2 ,h
id
S

Security parameter
Message space
Public key space
Private key space
Ciphertext space
Public key
Private key
Message
Ciphertext
Signature
Symmetric encryption
Symmetric decryption
Element of an algebraic group G
Symbol for invalid ciphertext or algorithm failure
Cryptographic hash function
Number of signature queries in security proof
Function used in Elgamal and DSA signatures
Discrete logarithm problem
Computational Diffie-Hellman problem
Decisional Diffie-Hellman problem
Key derivation function
1
Inverse Diffie-Hellman problem (g, g a ) 7 g a
Static Diffie-Hellman problem
Strong Diffie-Hellman problem
Square Diffie-Hellman problem
Hash Diffie-Hellman problem
Message authentication code
Key encapsulation mechanism
Date encapsulation mechanism
Key space (for a KEM)
A set used in the security proof of the Cramer-Shoup encryption scheme
Identity of a user
The set of RSA moduli

23

CONTENTS

E/G
d (x, y)

a, b, l
XE,Fq ,S
E[l]
v (S)
e (S)
f (D)
en
tn
tn
k(q, n)
G1 , G2
T
aT (Q, P )

## Quotient elliptic curve by subgroup G

Modular polynomial
j-invariant of isogenous curve in Elkies method
O-ideals
Isogeny graph
Kernel of isogeny corresponding to ideal l
Vertex boundary of a set S in a graph
Edge boundary of a set S in a graph
Evaluation of function f at divisor D
Weil pairing
Tate-Lichtenbaum pairing
Reduced Tate-Lichtenbaum pairing
Embedding degree
Eigenspaces of Frobenius in E[r]
t 1, used in the ate pairing
Ate pairing