739 research outputs found
Efficient algorithms for pairing-based cryptosystems
We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable
to that of RSA in larger characteristics.We also propose faster algorithms for scalar multiplication in characteristic 3 and square root extraction
over Fpm, the latter technique being also useful in contexts other than that of pairing-based cryptography
The Q-curve construction for endomorphism-accelerated elliptic curves
We give a detailed account of the use of -curve reductions to
construct elliptic curves over with efficiently computable
endomorphisms, which can be used to accelerate elliptic curve-based
cryptosystems in the same way as Gallant--Lambert--Vanstone (GLV) and
Galbraith--Lin--Scott (GLS) endomorphisms. Like GLS (which is a degenerate case
of our construction), we offer the advantage over GLV of selecting from a much
wider range of curves, and thus finding secure group orders when is fixed
for efficient implementation. Unlike GLS, we also offer the possibility of
constructing twist-secure curves. We construct several one-parameter families
of elliptic curves over equipped with efficient
endomorphisms for every p \textgreater{} 3, and exhibit examples of
twist-secure curves over for the efficient Mersenne prime
.Comment: To appear in the Journal of Cryptology. arXiv admin note: text
overlap with arXiv:1305.540
Point compression for the trace zero subgroup over a small degree extension field
Using Semaev's summation polynomials, we derive a new equation for the
-rational points of the trace zero variety of an elliptic curve
defined over . Using this equation, we produce an optimal-size
representation for such points. Our representation is compatible with scalar
multiplication. We give a point compression algorithm to compute the
representation and a decompression algorithm to recover the original point (up
to some small ambiguity). The algorithms are efficient for trace zero varieties
coming from small degree extension fields. We give explicit equations and
discuss in detail the practically relevant cases of cubic and quintic field
extensions.Comment: 23 pages, to appear in Designs, Codes and Cryptograph
Quasi-quadratic elliptic curve point counting using rigid cohomology
We present a deterministic algorithm that computes the zeta function of a
nonsupersingular elliptic curve E over a finite field with p^n elements in time
quasi-quadratic in n. An older algorithm having the same time complexity uses
the canonical lift of E, whereas our algorithm uses rigid cohomology combined
with a deformation approach. An implementation in small odd characteristic
turns out to give very good results.Comment: 14 page
Computing cardinalities of Q-curve reductions over finite fields
We present a specialized point-counting algorithm for a class of elliptic
curves over F\_{p^2} that includes reductions of quadratic Q-curves modulo
inert primes and, more generally, any elliptic curve over F\_{p^2} with a
low-degree isogeny to its Galois conjugate curve. These curves have interesting
cryptographic applications. Our algorithm is a variant of the
Schoof--Elkies--Atkin (SEA) algorithm, but with a new, lower-degree
endomorphism in place of Frobenius. While it has the same asymptotic asymptotic
complexity as SEA, our algorithm is much faster in practice.Comment: To appear in the proceedings of ANTS-XII. Added acknowledgement of
Drew Sutherlan
Easy decision-Diffie-Hellman groups
The decision-Diffie-Hellman problem (DDH) is a central computational problem
in cryptography. It is known that the Weil and Tate pairings can be used to
solve many DDH problems on elliptic curves. Distortion maps are an important
tool for solving DDH problems using pairings and it is known that distortion
maps exist for all supersingular elliptic curves. We present an algorithm to
construct suitable distortion maps. The algorithm is efficient on the curves
usable in practice, and hence all DDH problems on these curves are easy. We
also discuss the issue of which DDH problems on ordinary curves are easy
Fast, uniform, and compact scalar multiplication for elliptic curves and genus 2 Jacobians with applications to signature schemes
We give a general framework for uniform, constant-time one-and
two-dimensional scalar multiplication algorithms for elliptic curves and
Jacobians of genus 2 curves that operate by projecting to the x-line or Kummer
surface, where we can exploit faster and more uniform pseudomultiplication,
before recovering the proper "signed" output back on the curve or Jacobian.
This extends the work of L{\'o}pez and Dahab, Okeya and Sakurai, and Brier and
Joye to genus 2, and also to two-dimensional scalar multiplication. Our results
show that many existing fast pseudomultiplication implementations (hitherto
limited to applications in Diffie--Hellman key exchange) can be wrapped with
simple and efficient pre-and post-computations to yield competitive full scalar
multiplication algorithms, ready for use in more general discrete
logarithm-based cryptosystems, including signature schemes. This is especially
interesting for genus 2, where Kummer surfaces can outperform comparable
elliptic curve systems. As an example, we construct an instance of the Schnorr
signature scheme driven by Kummer surface arithmetic
Algebraic Curves and Cryptographic Protocols for the e-society
Amb l'augment permanent de l'adopció de sistemes intel·ligents de tot tipus en la societat actual apareixen nous reptes. Avui en dia quasi tothom en la societat moderna porta a sobre almenys un telèfon intel·ligent, si no és que porta encara més dispositius capaços d'obtenir dades personals, com podria ser un smartwatch per exemple. De manera similar, pràcticament totes les cases tindran un comptador intel·ligent en el futur pròxim per a fer un seguiment del consum d'energia. També s'espera que molts més dispositius del Internet de les Coses siguin instal·lats de manera ubiqua, recol·lectant informació dels seus voltants i/o realitzant accions, com per exemple en sistemes d'automatització de la llar, estacions meteorològiques o dispositius per la ciutat intel·ligent en general. Tots aquests dispositius i sistemes necessiten enviar dades de manera segura i confidencial, les quals poden contindre informació sensible o de caire privat. A més a més, donat el seu ràpid creixement, amb més de nou mil milions de dispositius en tot el món actualment, s'ha de tenir en compte la quantitat de dades que cal transmetre.
En aquesta tesi mostrem la utilitat de les corbes algebraiques sobre cossos finits en criptosistemes de clau pública, en particular la de les corbes de gènere 2, ja que ofereixen la mida de clau més petita per a un nivell de seguretat donat i això redueix de manera significativa el cost total de comunicacions d'un sistema, a la vegada que manté un rendiment raonable. Analitzem com la valoració 2-àdica del cardinal de la Jacobiana augmenta en successives extensions quadràtiques, considerant corbes de gènere 2 en cossos de característica senar, incloent les supersingulars. A més, millorem els algoritmes actuals per a computar la meitat d'un divisor d'una corba de gènere 2 sobre un cos binari, cosa que pot ser útil en la multiplicació escalar, que és l'operació principal en criptografia de clau pública amb corbes.
Pel que fa a la privacitat, presentem un sistema de pagament d'aparcament per mòbil que permet als conductors pagar per aparcar mantenint la seva privacitat, i per tant impedint que el proveïdor del servei o un atacant obtinguin un perfil de conducta d'aparcament. Finalment, oferim protocols de smart metering millorats, especialment pel que fa a la privacitat i evitant l'ús de terceres parts de confiança.Con el aumento permanente de la adopción de sistemas inteligentes de todo tipo en la sociedad actual aparecen nuevos retos. Hoy en día prácticamente todos en la sociedad moderna llevamos encima al menos un teléfono inteligente, si no es que llevamos más dispositivos capaces de obtener datos personales, como podría ser un smartwatch por ejemplo. De manera similar, en el futuro cercano la mayoría de las casas tendrán un contador inteligente para hacer un seguimiento del consumo de energía. También se espera que muchos más dispositivos del Internet de las Cosas sean instalados de manera ubicua, recolectando información de sus alrededores y/o realizando acciones, como por ejemplo en sistemas de automatización del hogar, estaciones meteorológicas o dispositivos para la ciudad inteligente en general. Todos estos dispositivos y sistemas necesitan enviar datos de manera segura y confidencial, los cuales pueden contener información sensible o de ámbito personal. Además, dado su rápido crecimiento, con más de nueve mil millones de dispositivos en todo el mundo actualmente, hay que tener en cuenta la cantidad de datos a transmitir.
En esta tesis mostreamos la utilidad de las curvas algebraicas sobre cuerpos finitos en criptosistemas de clave pública, en particular la de las curvas de género 2, ya que ofrecen el tamaño de clave más pequeño para un nivel de seguridad dado y esto disminuye de manera significativa el coste total de comunicaciones del sistema, a la vez que mantiene un rendimiento razonable. Analizamos como la valoración 2-ádica del cardinal de la Jacobiana aumenta en sucesivas extensiones cuadráticas, considerando curvas de género 2 en cuerpos de característica importa, incluyendo las supersingulares. Además, mejoramos los algoritmos actuales para computar la mitad de un divisor de una curva de género 2 sobre un cuerpo binario, lo cual puede ser útil en la multiplicación escalar, que es la operación principal en criptografía de clave pública con curvas.
Respecto a la privacidad, presentamos un sistema de pago de aparcamiento por móvil que permite a los conductores pagar para aparcar manteniendo su privacidad, y por lo tanto impidiendo que el proveedor del servicio o un atacante obtengan un perfil de conducta de aparcamiento. Finalmente, ofrecemos protocolos de smart metering mejorados, especialmente en lo relativo a la privacidad y evitando el uso de terceras partes de confianza.With the ever increasing adoption of smart systems of every kind throughout society, new challenges arise. Nowadays, almost everyone in modern societies carries a smartphone at least, if not even more devices than can also gather personal data, like a smartwatch or a fitness wristband for example. Similarly, practically all homes will have a smart meter in the near future for billing and energy consumption monitoring, and many other Internet of Things devices are expected to be installed ubiquitously, obtaining information of their surroundings and/or performing some action, like for example, home automation systems, weather detection stations or devices for the smart city in general. All these devices and systems need to securely and privately transmit some data, which can be sensitive and personal information. Moreover, with a rapid increase of their number, with already more than nine billion devices worldwide, the amount of data to be transmitted has to be considered.
In this thesis we show the utility of algebraic curves over finite fields in public key cryptosystems, specially genus 2 curves, since they offer the minimum key size for a given security level and that significantly reduces the total communication costs of a system, while maintaining a reasonable performance. We analyze how the 2-adic valuation of the cardinality of the Jacobian increases in successive quadratic extensions, considering genus 2 curves with odd characteristic fields, including supersingular curves. In addition, we improve the current algorithms for computing the halving of a divisor of a genus 2 curve over binary fields, which can be useful in scalar multiplication, the main operation in public key cryptography using curves.
As regards to privacy, we present a pay-by-phone parking system which enables drivers to pay for public parking while preserving their privacy, and thus impeding the service provider or an attacker to obtain a profile of parking behaviors. Finally, we offer better protocols for smart metering, especially regarding privacy and the avoidance of trusted third parties
- …