On a new generalization of Huff curves

Recently two kinds of Huff curves were introduced as elliptic curves models and their arithmetic was studied. It was also shown that they are suitable for cryptographic use such as Montgomery curves or Koblitz curves (in Weierstrass form) and Edwards curves. In this work, we introduce the new generalized Huff curves $ax(y^{2} -c) = by(x^{2}-d)$ with $abcd(a^{2}c-b^{2}d)\neq 0$, which contains the generalized Huff\u27s model $ax(y^{2}- d) = by(x^{2}-d)$ with $abd(a^{2}-b^{2})\neq 0$ of Joye-Tibouchi-Vergnaud and the generalized Huff curves $x(ay^{2} -1) =y(bx^{2}-1)$ with $ab(a-b)\neq 0$ of Wu-Feng as a special case. The addition law in projective coordinates is as fast as in the previous particular cases. More generally all good properties of the previous particular Huff curves, including completeness and independence of two of the four curve parameters, extend to the new generalized Huff curves. We verified that the method of Joye-Tibouchi-Vergnaud for computing of pairings can be generalized over the new curve

Simple verification of completeness of two addition formulas on twisted Edwards curves

Daniel Bernstein and Tanja Lange  proved thattwo given addition formulas on twisted Edwards elliptic curvesax^2 + y^2 = 1 + dxy are complete (i.e. the sum of any two pointson a curve can be computed using one of these formulas). Inthis paper we give other simple verification of completenessof these formulas using for example Groebner bases and an ¨algorithm implemented in Magma, which is based on the fact thatcompleteness means that some systems of polynomial equationshave no solutions. This method may be also applied to verifycompleteness  of additions formulas on other models of ellipticcurves

Simple verification of completeness of two addition formulas on twisted Edwards curves

Daniel Bernstein and Tanja Lange  proved thattwo given addition formulas on twisted Edwards elliptic curvesax^2 + y^2 = 1 + dxy are complete (i.e. the sum of any two pointson a curve can be computed using one of these formulas). Inthis paper we give other simple verification of completenessof these formulas using for example Groebner bases and an ¨algorithm implemented in Magma, which is based on the fact thatcompleteness means that some systems of polynomial equationshave no solutions. This method may be also applied to verifycompleteness  of additions formulas on other models of ellipticcurves

Analogues of Velu\u27s Formulas for Isogenies on Alternate Models of Elliptic Curves

Isogenies are the morphisms between elliptic curves, and are accordingly a topic of interest in the subject. As such, they have been well-studied, and have been used in several cryptographic applications. Velu’s formulas show how to explicitly evaluate an isogeny, given a specification of the kernel as a list of points. However, Velu’s formulas only work for elliptic curves specified by a Weierstrass equation. This paper presents formulas similar to Velu’s that can be used to evaluate isogenies on Edwards curves and Huff curves, which are normal forms of elliptic curves that provide an alternative to the traditional Weierstrass form. Our formulas are not simply compositions of Velu’s formulas with mappings to and from Weierstrass form. Our alternate derivation yields efficient formulas for isogenies with lower algebraic complexity than such compositions. In fact, these formulas have lower algebraic complexity than Velu’s formulas on Weierstrass curves

Arithmetic using compression on elliptic curves in Huff\u27s form and its applications

In this paper for elliptic curves provided by Huff\u27s equation $H_{a,b}: ax(y^2-1) = by(x^2-1)$ and general Huff\u27s equation $G_{\overline{a},\overline{b}}\ :\ {\overline{x}}(\overline{a}{\overline{y}}^2-1)={\overline{y}}(\overline{b}{\overline{x}}^2-1)$ and degree 2 compression function $f(x,y) = xy$ on these curves, herein we provide formulas for doubling and differential addition after compression, which for Huff\u27s curves are as efficient as Montgomery\u27s formulas for Montgomery\u27s curves $By^2 = x^3 + Ax^2 + x$. For these curves we also provided point recovery formulas after compression, which for a point $P$ on these curves allows to compute $[n]f(P)$ after compression using the Montgomery ladder algorithm, and then recover $[n]P$. Using formulas of Moody and Shumow for computing odd degree isogenies on general Huff\u27s curves, we have also provide formulas for computing odd degree isogenies after compression for these curves.Moreover, it is shown herein how to apply obtained formulas using compression to the ECM algorithm. In the appendix, we present examples of Huff\u27s curves convenient for the isogeny-based cryptography, where compression can be used

Efficient Montgomery-like formulas for general Huff\u27s and Huff\u27s elliptic curves and their applications to the isogeny-based cryptography

In this paper for elliptic curves provided by Huff\u27s equation $H_{a,b}: ax(y^2-1) = by(x^2-1)$ and general Huff\u27s equation $G_{\overline{a},\overline{b}}\ :\ {\overline{x}}(\overline{a}{\overline{y}}^2-1)={\overline{y}}(\overline{b}{\overline{x}}^2-1)$ and degree 2 compression function $f(x,y) = xy$ on these curves, herein we provide formulas for doubling and differential addition after compression, which for Huff\u27s curves are as efficient as Montgomery\u27s formulas for Montgomery\u27s curves $By^2 = x^3 + Ax^2 + x$. For these curves we also provided point recovery formulas after compression, which for a point $P$ on these curves allows to compute $[n]f(P)$ after compression using the Montgomery ladder algorithm, and then recover $[n]P$. Using formulas of Moody and Shumow for computing odd degree isogenies on general Huff\u27s curves, we have also provide formulas for computing odd degree isogenies after compression for these curves. Moreover, it is shown herein how to apply obtained formulas using compression to the ECM algorithm. In the appendix, we present examples of Huff\u27s curves convenient for the isogeny-based cryptography, where compression can be used

Arithmetic using compression on elliptic curves in Huff's form and its applications

In this paper for elliptic curves provided by Huff's equation $H_{a,b}: ax(y^2-1) = by(x^2-1)$ and general Huff's equation $G_{\overline{a},\overline{b}}\ :\ {\overline{x}}(\overline{a}{\overline{y}}^2-1)={\overline{y}}(\overline{b}{\overline{x}}^2-1)$ and degree 2 compression function $f(x,y) = xy$ on these curves, herein we provide formulas for doubling and differential addition after compression, which for Huff's curves are as efficient as Montgomery's formulas for Montgomery's curves $By^2 = x^3 + Ax^2 + x$. For these curves we also provided point recovery formulas after compression, which for a point $P$ on these curves allows to compute $[n]f(P)$ after compression using the Montgomery ladder algorithm, and then recover $[n]P$. Using formulas of Moody and Shumow for computing odd degree isogenies on general Huff's curves, we have also provide formulas for computing odd degree isogenies after compression for these curves.Moreover, it is shown herein how to apply obtained formulas using compression to the ECM algorithm. In the appendix, we present examples of Huff's curves convenient for the isogeny-based cryptography, where compression can be used

Side Channel Attacks against Pairing over Theta Functions

In \cite{LuRo2010}, Lubicz and Robert generalized the Tate pairing over any abelian variety and more precisely over Theta functions. The security of the new algorithms is an important issue for the use of practical cryptography. Side channel attacks are powerful attacks, using the leakage of information to reveal sensitive data. The pairings over elliptic curves were sensitive to side channel attacks. In this article, we study the weaknesses of the Tate pairing over Theta functions when submitted to side channel attacks

Elliptic Curve Arithmetic for Cryptography

The advantages of using public key cryptography over secret key cryptography include the convenience of better key management and increased security. However, due to the complexity of the underlying number theoretic algorithms, public key cryptography is slower than conventional secret key cryptography, thus motivating the need to speed up public key cryptosystems. A mathematical object called an elliptic curve can be used in the construction of public key cryptosystems. This thesis focuses on speeding up elliptic curve cryptography which is an attractive alternative to traditional public key cryptosystems such as RSA. Speeding up elliptic curve cryptography can be done by speeding up point arithmetic algorithms and by improving scalar multiplication algorithms. This thesis provides a speed up of some point arithmetic algorithms. The study of addition chains has been shown to be useful in improving scalar multiplication algorithms, when the scalar is fixed. A special form of an addition chain called a Lucas chain or a differential addition chain is useful to compute scalar multiplication on some elliptic curves, such as Montgomery curves for which differential addition formulae are available. While single scalar multiplication may suffice in some systems, there are others where a double or a triple scalar multiplication algorithm may be desired. This thesis provides triple scalar multiplication algorithms in the context of differential addition chains. Precomputations are useful in speeding up scalar multiplication algorithms, when the elliptic curve point is fixed. This thesis focuses on both speeding up point arithmetic and improving scalar multiplication in the context of precomputations toward double scalar multiplication. Further, this thesis revisits pairing computations which use elliptic curve groups to compute pairings such as the Tate pairing. More specifically, the thesis looks at Stange's algorithm to compute pairings and also pairings on Selmer curves. The thesis also looks at some aspects of the underlying finite field arithmetic

Speeding up Huff Form of Elliptic Curves

This paper presents faster inversion-free point addition formulas for the curve y*(1+a*x^2)=c*x*(1+d*y^2). The proposed formulas improve the point doubling operation count record from 6M+5S to 8M and mixed-addition operation count record from 10M to 8M. Both sets of formulas are shown to be 4-way parallel, leading to an effective cost of 2M per either of the group operations