Edwards curves and CM curves

Edwards curves are a particular form of elliptic curves that admit a fast, unified and complete addition law. Relations between Edwards curves and Montgomery curves have already been described. Our work takes the view of parameterizing elliptic curves given by their j-invariant, a problematic that arises from using curves with complex multiplication, for instance. We add to the catalogue the links with Kubert parameterizations of X0(2) and X0(4). We classify CM curves that admit an Edwards or Montgomery form over a finite field, and justify the use of isogenous curves when needed

Faster computation of the Tate pairing

This paper proposes new explicit formulas for the doubling and addition step in Miller's algorithm to compute the Tate pairing. For Edwards curves the formulas come from a new way of seeing the arithmetic. We state the first geometric interpretation of the group law on Edwards curves by presenting the functions which arise in the addition and doubling. Computing the coefficients of the functions and the sum or double of the points is faster than with all previously proposed formulas for pairings on Edwards curves. They are even competitive with all published formulas for pairing computation on Weierstrass curves. We also speed up pairing computation on Weierstrass curves in Jacobian coordinates. Finally, we present several examples of pairing-friendly Edwards curves.Comment: 15 pages, 2 figures. Final version accepted for publication in Journal of Number Theor

On isogeny classes of Edwards curves over finite fields

We count the number of isogeny classes of Edwards curves over finite fields, answering a question recently posed by Rezaeian and Shparlinski. We also show that each isogeny class contains a {\em complete} Edwards curve, and that an Edwards curve is isogenous to an {\em original} Edwards curve over \F_q if and only if its group order is divisible by 8 if $q \equiv -1 \pmod{4}$, and 16 if $q \equiv 1 \pmod{4}$. Furthermore, we give formulae for the proportion of d \in \F_q \setminus \{0,1\} for which the Edwards curve $E_d$ is complete or original, relative to the total number of $d$ in each isogeny class.Comment: 27 page

Edwards Curves and Gaussian Hypergeometric Series

Let $E$ be an elliptic curve described by either an Edwards model or a twisted Edwards model over $\mathbb{F}_p$, namely, $E$ is defined by one of the following equations $x^2+y^2=a^2(1+x^2y^2),\, a^5-a\not\equiv 0$ mod $p$, or, $ax^2+y^2=1+dx^2y^2,\,ad(a-d)\not\equiv0$ mod $p$, respectively. We express the number of rational points of $E$ over $\mathbb{F}_p$ using the Gaussian hypergeometric series $\displaystyle {_2F_1}\left(\begin{matrix} \phi&\phi {} & \epsilon \end{matrix}\Big| x\right)$ where $\epsilon$ and $\phi$ are the trivial and quadratic characters over $\mathbb{F}_p$ respectively. This enables us to evaluate $|E(\mathbb{F}_p)|$ for some elliptic curves $E$, and prove the existence of isogenies between $E$ and Legendre elliptic curves over $\mathbb{F}_p$

BINARY EDWARDS CURVES IN ELLIPTIC CURVE CRYPTOGRAPHY

Edwards curves are a new normal form for elliptic curves that exhibit some cryp- tographically desirable properties and advantages over the typical Weierstrass form. Because the group law on an Edwards curve (normal, twisted, or binary) is complete and unified, implementations can be safer from side channel or exceptional procedure attacks. The different types of Edwards provide a better platform for cryptographic primitives, since they have more security built into them from the mathematic foun- dation up. Of the three types of Edwards curves—original, twisted, and binary—there hasn’t been as much work done on binary curves. We provide the necessary motivation and background, and then delve into the theory of binary Edwards curves. Next, we examine practical considerations that separate binary Edwards curves from other recently proposed normal forms. After that, we provide some of the theory for bi- nary curves that has been worked on for other types already: pairing computations. We next explore some applications of elliptic curve and pairing-based cryptography wherein the added security of binary Edwards curves may come in handy. Finally, we finish with a discussion of e2c2, a modern C++11 library we’ve developed for Edwards Elliptic Curve Cryptography