65 research outputs found
Encoding points on hyperelliptic curves over finite fields in deterministic polynomial time
We present families of (hyper)elliptic curve which admit an efficient
deterministic encoding function
The geometry of some parameterizations and encodings
We explore parameterizations by radicals of low genera algebraic curves. We
prove that for a prime power that is large enough and prime to , a fixed
positive proportion of all genus 2 curves over the field with elements can
be parameterized by -radicals. This results in the existence of a
deterministic encoding into these curves when is congruent to modulo
. We extend this construction to parameterizations by -radicals for
small odd integers , and make it explicit for
Constructing Permutation Rational Functions From Isogenies
A permutation rational function is a rational function
that induces a bijection on , that is, for all
there exists exactly one such that . Permutation
rational functions are intimately related to exceptional rational functions,
and more generally exceptional covers of the projective line, of which they
form the first important example.
In this paper, we show how to efficiently generate many permutation rational
functions over large finite fields using isogenies of elliptic curves, and
discuss some cryptographic applications. Our algorithm is based on Fried's
modular interpretation of certain dihedral exceptional covers of the projective
line (Cont. Math., 1994)
EMBEDDING FINITE FIELDS INTO ELLIPTIC CURVES
Many elliptic curve cryptosystems require an encoding function from a finite field Fq into Fq-rational points of an elliptic curve. We propose a uniform encoding to general elliptic curves over Fq. We also discuss about an injective case of SWU encoing for hyperelliptic curves of genus 2. Moreover we discuss about an injective encoding for elliptic curves with a point of order two over a finite field and present a description for these elliptic curves
A Computational Introduction to Elliptic and Hyperelliptic Curve Cryptography
At its core, cryptography relies on problems that are simple to construct but difficult to solve unless certain information (the “key”) is known. Many of these problems come from number theory and group theory. One method of obtaining groups from which to build cryptosystems is to define algebraic curves over finite fields and then derive a group structure from the set of points on those curves. This thesis serves as an exposition of Elliptic Curve Cryptography (ECC), preceded by a discussion of some basic cryptographic concepts and followed by a glance into one generalization of ECC: cryptosystems based on hyperelliptic curves
Deterministic Encoding and Hashing to Odd Hyperelliptic Curves
The original publication is available at www.springerlink.comInternational audienceIn this paper we propose a very simple and efficient encoding function from Fq to points of a hyperelliptic curve over Fq of the form H : y2 = f(x) where f is an odd polynomial. Hyperelliptic curves of this type have been frequently considered in the literature to obtain Jacobians of good order and pairing-friendly curves. Our new encoding is nearly a bijection to the set of Fq -rational points on H . This makes it easy to construct well-behaved hash functions to the Jacobian J of H , as well as injective maps to J (Fq ) which can be used to encode scalars for such applications as ElGamal encryption. The new encoding is already interesting in the genus 1 case, where it provides a well-behaved encoding to Joux?s supersingular elliptic curves
Efficient Encodings to Hyperelliptic Curves over Finite Fields
Many cryptosystems are based on the difficulty of the discrete logarithm problem in finitegroups. In this case elliptic and hyperelliptic cryptosystems are more noticed because they providegood security with smaller size keys. Since these systems were used for cryptography, it hasbeen an important issue to transform a random value in finite field into a random point on anelliptic or hyperelliptic curve in a deterministic and efficient method. In this paper we proposea deterministic encoding to hyperelliptic curves over finite field. For cryptographic desires it isimportant to have an injective encoding. In finite fields with characteristic three we obtain aninjective encoding for genus two hyperelliptic curves
Improved Complexity Bounds for Counting Points on Hyperelliptic Curves
We present a probabilistic Las Vegas algorithm for computing the local zeta
function of a hyperelliptic curve of genus defined over . It
is based on the approaches by Schoof and Pila combined with a modeling of the
-torsion by structured polynomial systems. Our main result improves on
previously known complexity bounds by showing that there exists a constant
such that, for any fixed , this algorithm has expected time and space
complexity as grows and the characteristic is large
enough.Comment: To appear in Foundations of Computational Mathematic
SwiftEC: Shallue–van de Woestijne Indifferentiable Function To Elliptic Curves
Hashing arbitrary values to points on an elliptic curve is a required step in many cryptographic constructions, and a number of techniques have been proposed to do so over the years. One of the first ones was due to Shallue and van de Woestijne (ANTS-VII), and it had the interesting property of applying to essentially all elliptic curves over finite fields. It did not, however, have the desirable property of being indifferentiable from a random oracle when composed with a random oracle to the base field.
Various approaches have since been considered to overcome this limitation, starting with the foundational work of Brier et al. (CRYPTO 2011). For example, if is the Shallue--van de Woestijne (SW) map and are two independent random oracles to , we now know that is indifferentiable from a random oracle. Unfortunately, this approach has the drawback of being twice as expensive to compute than the straightforward, but not indifferentiable, . Most other solutions so far have had the same issue: they are at least as costly as two base field exponentiations, whereas plain encoding maps like cost only one exponentiation. Recently, Koshelev (DCC 2022) provided the first construction of indifferentiable hashing at the cost of one exponentiation, but only for a very specific class of curves (some of those with -invariant ), and using techniques that are unlikely to apply more broadly.
In this work, we revisit this long-standing open problem, and observe that the SW map actually fits in a one-parameter family of encodings, such that for independent random oracles to , is indifferentiable. Moreover, on a very large class of curves (essentially those that are either of odd order or of order divisible by 4), the one-parameter family admits a rational parametrization, which let us compute at almost the same cost as small , and finally achieve indifferentiable hashing to most curves with a single exponentiation.
Our new approach also yields an improved variant of the Elligator Squared technique of Tibouchi (FC 2014) that represents points of arbitrary elliptic curves as close-to-uniform random strings
- …