121 research outputs found
Families of fast elliptic curves from Q-curves
We construct new families of elliptic curves over \FF_{p^2} with
efficiently computable endomorphisms, which can be used to accelerate elliptic
curve-based cryptosystems in the same way as Gallant-Lambert-Vanstone (GLV) and
Galbraith-Lin-Scott (GLS) endomorphisms. Our construction is based on reducing
\QQ-curves-curves over quadratic number fields without complex
multiplication, but with isogenies to their Galois conjugates-modulo inert
primes. As a first application of the general theory we construct, for every
, two one-parameter families of elliptic curves over \FF_{p^2}
equipped with endomorphisms that are faster than doubling. Like GLS (which
appears as a degenerate case of our construction), we offer the advantage over
GLV of selecting from a much wider range of curves, and thus finding secure
group orders when is fixed. Unlike GLS, we also offer the possibility of
constructing twist-secure curves. Among our examples are prime-order curves
equipped with fast endomorphisms, with almost-prime-order twists, over
\FF_{p^2} for and
The Q-curve construction for endomorphism-accelerated elliptic curves
We give a detailed account of the use of -curve reductions to
construct elliptic curves over with efficiently computable
endomorphisms, which can be used to accelerate elliptic curve-based
cryptosystems in the same way as Gallant--Lambert--Vanstone (GLV) and
Galbraith--Lin--Scott (GLS) endomorphisms. Like GLS (which is a degenerate case
of our construction), we offer the advantage over GLV of selecting from a much
wider range of curves, and thus finding secure group orders when is fixed
for efficient implementation. Unlike GLS, we also offer the possibility of
constructing twist-secure curves. We construct several one-parameter families
of elliptic curves over equipped with efficient
endomorphisms for every p \textgreater{} 3, and exhibit examples of
twist-secure curves over for the efficient Mersenne prime
.Comment: To appear in the Journal of Cryptology. arXiv admin note: text
overlap with arXiv:1305.540
Isogeny-based post-quantum key exchange protocols
The goal of this project is to understand and analyze the supersingular isogeny Diffie Hellman (SIDH), a post-quantum key exchange protocol which security lies on the isogeny-finding problem between supersingular elliptic curves. In order to do so, we first introduce the reader to cryptography focusing on key agreement protocols and motivate the rise of post-quantum cryptography as a necessity with the existence of the model of quantum computation. We review some of the known attacks on the SIDH and finally study some algorithmic aspects to understand how the protocol can be implemented
Four-Dimensional Gallant-Lambert-Vanstone Scalar Multiplication
The GLV method of Gallant, Lambert and Vanstone~(CRYPTO 2001) computes any multiple of a point of prime order lying on an elliptic curve with a low-degree endomorphism (called GLV curve) over as , with for some explicit constant . Recently, Galbraith, Lin and Scott (EUROCRYPT 2009) extended this method to all curves over which are twists of curves defined over .
We show in this work how to merge the two approaches in order to get, for twists of any GLV curve over , a four-dimensional decomposition together with fast endomorphisms over acting on the group generated by a point of prime order , resulting in a proven decomposition for any scalar given by , with . Remarkably, taking the best , we obtain , independently of the curve, ensuring in theory an almost constant relative speedup. In practice, our experiments reveal that the use of the merged GLV-GLS approach supports a scalar multiplication that runs up to 50\% faster than the original GLV method. We then improve this performance even further by exploiting the Twisted Edwards model and show that curves originally slower may become extremely efficient on this model. In addition, we analyze the performance of the method on a multicore setting and describe how to efficiently protect GLV-based scalar multiplication against several side-channel attacks. Our implementations improve the state-of-the-art performance of point multiplication for a variety of scenarios including side-channel protected and unprotected cases with sequential and multicore execution
Efficient and Secure ECDSA Algorithm and its Applications: A Survey
Public-key cryptography algorithms, especially elliptic curve cryptography (ECC)and elliptic curve digital signature algorithm (ECDSA) have been attracting attention frommany researchers in different institutions because these algorithms provide security andhigh performance when being used in many areas such as electronic-healthcare, electronicbanking,electronic-commerce, electronic-vehicular, and electronic-governance. These algorithmsheighten security against various attacks and the same time improve performanceto obtain efficiencies (time, memory, reduced computation complexity, and energy saving)in an environment of constrained source and large systems. This paper presents detailedand a comprehensive survey of an update of the ECDSA algorithm in terms of performance,security, and applications
Fast Cryptography in Genus 2
In this paper we highlight the benefits of using genus 2 curves in public-key cryptography. Compared to the standardized genus 1 curves, or elliptic curves, arithmetic on genus 2 curves is typically more involved but allows us to work with moduli of half the size. We give a taxonomy of the best known techniques to realize genus 2 based cryptography, which includes fast formulas on the Kummer surface and efficient 4-dimensional GLV decompositions. By studying different modular arithmetic approaches on these curves, we present a range of genus 2 implementations. On a single core of an Intel Core i7-3520M (Ivy Bridge), our implementation on the Kummer surface breaks the 125 thousand cycle barrier which sets a new software speed record at the 128-bit security level for constant-time scalar multiplications compared to all previous genus 1 and genus 2 implementations
Methodological Fundamentalism: or why Battermanâs Different Notions of âFundamentalismâ may not make a Difference
I argue that the distinctions Robert Batterman (2004) presents between âepistemically fundamentalâ versus âontologically fundamentalâ theoretical approaches can be subsumed by methodologically fundamental procedures. I characterize precisely what is meant by a methodologically fundamental procedure, which involves, among other things, the use of multilinear graded algebras in a theoryâs formalism. For example, one such class of algebras I discuss are the Clifford (or Geometric) algebras. Aside from their being touted by many as a âunified mathematical language for physics,â (Hestenes (1984, 1986) Lasenby, et. al. (2000)) Finkelstein (2001, 2004) and others have demonstrated that the techniques of multilinear algebraic âexpansion and contractionâ exhibit a robust regularizablilty. That is to say, such regularization has been demonstrated to remove singularities, which would otherwise appear in standard field-theoretic, mathematical characterizations of a physical theory. I claim that the existence of such methodologically fundamental procedures calls into question one of Battermanâs central points, that âour explanatory physical practice demands that we appeal essentially to (infinite) idealizationsâ (2003, 7) exhibited, for example, by singularities in the case of modeling critical phenomena, like fluid droplet formation. By way of counterexample, in the field of computational fluid dynamics (CFD), I discuss the work of Mann & Rockwood (2003) and Gerik Scheuermann, (2002). In the concluding section, I sketch a methodologically fundamental procedure potentially applicable to more general classes of critical phenomena appearing in fluid dynamics
The endomorphism ring problem and supersingular isogeny graphs
Supersingular isogeny graphs, which encode supersingular elliptic curves and their isogenies, have recently formed the basis for a number of post-quantum cryptographic protocols. The study of supersingular elliptic curves and their endomorphism rings has a long history and is intimately related to the study of quaternion algebras and their maximal orders. In this thesis, we give a treatment of the theory of quaternion algebras and elliptic curves over finite fields as these relate to supersingular isogeny graphs and computational problems on such graphs, in particular, consolidating and surveying results in the research literature. We also perform some numerical experiments on supersingular isogeny graphs and establish a number of refined upper bounds on supersingular elliptic curves with small non-integer endomorphisms
- âŠ