AIDec 23, 2017
Towards Collaborative Conceptual ExplorationTom Hanika, Jens Zumbrägel
In domains with high knowledge distribution a natural objective is to create principle foundations for collaborative interactive learning environments. We present a first mathematical characterization of a collaborative learning group, a consortium, based on closure systems of attribute sets and the well-known attribute exploration algorithm from formal concept analysis. To this end, we introduce (weak) local experts for subdomains of a given knowledge domain. These entities are able to refute and potentially accept a given (implicational) query for some closure system that is a restriction of the whole domain. On this we build up a consortial expert and show first insights about the ability of such an expert to answer queries. Furthermore, we depict techniques on how to cope with falsely accepted implications and on combining counterexamples. Using notions from combinatorial design theory we further expand those insights as far as providing first results on the decidability problem if a given consortium is able to explore some target domain. Applications in conceptual knowledge acquisition as well as in collaborative interactive ontology learning are at hand.
NTFeb 15, 2014
Breaking `128-bit Secure' Supersingular Binary Curves (or how to solve discrete logarithms in ${\mathbb F}_{2^{4 \cdot 1223}}$ and ${\mathbb F}_{2^{12 \cdot 367}}$)Robert Granger, Thorsten Kleinjung, Jens Zumbrägel
In late 2012 and early 2013 the discrete logarithm problem (DLP) in finite fields of small characteristic underwent a dramatic series of breakthroughs, culminating in a heuristic quasi-polynomial time algorithm, due to Barbulescu, Gaudry, Joux and Thomé. Using these developments, Adj, Menezes, Oliveira and Rodríguez-Henríquez analysed the concrete security of the DLP, as it arises from pairings on (the Jacobians of) various genus one and two supersingular curves in the literature, which were originally thought to be $128$-bit secure. In particular, they suggested that the new algorithms have no impact on the security of a genus one curve over ${\mathbb F}_{2^{1223}}$, and reduce the security of a genus two curve over ${\mathbb F}_{2^{367}}$ to $94.6$ bits. In this paper we propose a new field representation and efficient general descent principles which together make the new techniques far more practical. Indeed, at the `128-bit security level' our analysis shows that the aforementioned genus one curve has approximately $59$ bits of security, and we report a total break of the genus two curve.