Refinements of Miller's Algorithm over Weierstrass Curves Revisited

In 1986 Victor Miller described an algorithm for computing the Weil pairing in his unpublished manuscript. This algorithm has then become the core of all pairing-based cryptosystems. Many improvements of the algorithm have been presented. Most of them involve a choice of elliptic curves of a \emph{special} forms to exploit a possible twist during Tate pairing computation. Other improvements involve a reduction of the number of iterations in the Miller's algorithm. For the generic case, Blake, Murty and Xu proposed three refinements to Miller's algorithm over Weierstrass curves. Though their refinements which only reduce the total number of vertical lines in Miller's algorithm, did not give an efficient computation as other optimizations, but they can be applied for computing \emph{both} of Weil and Tate pairings on \emph{all} pairing-friendly elliptic curves. In this paper we extend the Blake-Murty-Xu's method and show how to perform an elimination of all vertical lines in Miller's algorithm during Weil/Tate pairings computation on \emph{general} elliptic curves. Experimental results show that our algorithm is faster about 25% in comparison with the original Miller's algorithm.Comment: 17 page

Computing all integer solutions of a genus 1 equation

The Elliptic Logarithm Method has been applied with great successto the problem of computing all integer solutions of equations ofdegree 3 and 4 defining elliptic curves. We extend this methodto include any equation f(u,v)=0 that defines a curve of genus 1.Here f is a polynomial with integer coefficients and irreducible overthe algebraic closure of the rationals, but is otherwise of arbitrary shape and degree.We give a detailed description of the general features of our approach,and conclude with two rather unusual examples corresponding to equationsof degree 5 and degree 9.Elliptic curve;Elliptic logarithm;Dophantine equation

History of Cryptographic Key Sizes

International audienc

Implementing the Thull-Yap algorithm for computing Euclidean remainder sequences

International audienceThere are two types of integer gcd algorithms: those which compute the sequence of remainders of Euclid's algorithm and those which build different sequences. The former are more difficult to validate and analyse, whereas the latter are simpler and more efficient. When one wants the euclidean remainders (for instance if one wants to compute continued fractions), only the former can be used. Our main focus is the subquadratic time Thull-Yap GCD algorithm, and in fact on its core computing a half gcd (TYHGCD). This algorithm is tricky due to the difficulty in correcting the remainder sequence that comes back from a recursive call. The aim of this work is to revise TYHGCD in order to implement it using GMP. We clarify some points of the algorithm, in particular the stopping conditions that are always difficult to set correctly. We add a base case to speed up the whole algorithm, using Jebelean's quadratic algorithm with a stopping condition. We give our own modified version and add the proofs where needed. We insist on the test phase for this algorithm, giving families of hard cases for all branches, some of which are rarely activated. We give some details on our implementation in GMP using low-level functions, adding some remarks on the use of fast multiplications techniques. We pay attention to the data structure needed to store partial quotients, enabling to navigate rapidly back and forth in the sequence of Euclidean remainders. Benchmarks are provided. Some comments are made on Lichtblau's algorithm, which is close in spirit to the Thull-Yap algorithm

Single-factor lifting and factorization of polynomials over local fields

Let f (x) be a separable polynomial over a local field. The Montes algorithm computes certain approximations to the different irreducible factors of f (x), with strong arithmetic properties. In this paper, we develop an algorithm to improve any one of these approximations, till a prescribed precision is attained. The most natural application of this ‘‘single-factor lifting’’ routine is to combine it with the Montes algorithm to provide a fast polynomial factorization algorithm. Moreover, the single-factor lifting algorithm may be applied as well to accelerate the computational resolution of several global arithmetic problems in which the improvement of an approximation to a single local irreducible factor of a polynomial is requiredPostprint (published version

Sparse Gaussian Elimination modulo p: an Update

International audienceThis paper considers elimination algorithms for sparse matrices over finite fields. We mostly focus on computing the rank, because it raises the same challenges as solving linear systems, while being slightly simpler. We developed a new sparse elimination algorithm inspired by the Gilbert-Peierls sparse LU factorization, which is well-known in the numerical computation community. We benchmarked it against the usual right-looking sparse gaussian elimination and the Wiedemann algorithm using the Sparse Integer Matrix Collection of Jean-Guillaume Dumas. We obtain large speedups (1000× and more) on many cases. In particular , we are able to compute the rank of several large sparse matrices in seconds or minutes, compared to days with previous methods

Computing all integer solutions of a genus 1 equation

The Elliptic Logarithm Method has been applied with great success to the problem of computing all integer solutions of equations of degree 3 and 4 defining elliptic curves. We extend this method to include any equation f(u,v)=0 that defines a curve of genus 1. Here f is a polynomial with integer coefficients and irreducible over the algebraic closure of the rationals, but is otherwise of arbitrary shape and degree. We give a detailed description of the general features of our approach, and conclude with two rather unusual examples corresponding to equations of degree 5 and degree 9