Faster software for fast endomorphisms

GLV curves (Gallant et al.) have performance advantages over standard elliptic curves, using half the number of point doublings for scalar multiplication. Despite their introduction in 2001, implementations of the GLV method have yet to permeate widespread software libraries. Furthermore, side-channel vulnerabilities, specifically cache-timing attacks, remain unpatched in the OpenSSL code base since the first attack in 2009 (Brumley and Hakala) even still after the most recent attack in 2014 (Benger et al.). This work reports on the integration of the GLV method in OpenSSL for curves from 160 to 256 bits, as well as deploying and evaluating two side-channel defenses. Performance gains are up to 51%, and with these improvements GLV curves are now the fastest elliptic curves in OpenSSL for these bit sizes

The Q-curve construction for endomorphism-accelerated elliptic curves

We give a detailed account of the use of $\mathbb{Q}$-curve reductions to construct elliptic curves over $\mathbb{F}\_{p^2}$ with efficiently computable endomorphisms, which can be used to accelerate elliptic curve-based cryptosystems in the same way as Gallant--Lambert--Vanstone (GLV) and Galbraith--Lin--Scott (GLS) endomorphisms. Like GLS (which is a degenerate case of our construction), we offer the advantage over GLV of selecting from a much wider range of curves, and thus finding secure group orders when $p$ is fixed for efficient implementation. Unlike GLS, we also offer the possibility of constructing twist-secure curves. We construct several one-parameter families of elliptic curves over $\mathbb{F}\_{p^2}$ equipped with efficient endomorphisms for every p \textgreater{} 3, and exhibit examples of twist-secure curves over $\mathbb{F}\_{p^2}$ for the efficient Mersenne prime $p = 2^{127}-1$.Comment: To appear in the Journal of Cryptology. arXiv admin note: text overlap with arXiv:1305.540

Computing cardinalities of Q-curve reductions over finite fields

We present a specialized point-counting algorithm for a class of elliptic curves over F\_{p^2} that includes reductions of quadratic Q-curves modulo inert primes and, more generally, any elliptic curve over F\_{p^2} with a low-degree isogeny to its Galois conjugate curve. These curves have interesting cryptographic applications. Our algorithm is a variant of the Schoof--Elkies--Atkin (SEA) algorithm, but with a new, lower-degree endomorphism in place of Frobenius. While it has the same asymptotic asymptotic complexity as SEA, our algorithm is much faster in practice.Comment: To appear in the proceedings of ANTS-XII. Added acknowledgement of Drew Sutherlan

Distribution of periodic trajectories of Anosov C-system

The hyperbolic Anosov C-systems have a countable set of everywhere dense periodic trajectories which have been recently used to generate pseudorandom numbers. The asymptotic distribution of periodic trajectories of C-systems with periods less than a given number is well known, but a deviation of this distribution from its asymptotic behaviour is less known. Using fast algorithms, we are studying the exact distribution of periodic trajectories and their deviation from asymptotic behaviour for hyperbolic C-systems which are defined on high dimensional tori and are used for Monte-Carlo simulations. A particular C-system which we consider in this article is the one which was implemented in the MIXMAX generator of pseudorandom numbers. The generator has the best combination of speed, reasonable size of the state, and availability for implementing the parallelization and is currently available generator in the ROOT and CLHEP software packages at CERN.Comment: 22 pages, 14 figure

Fast, uniform, and compact scalar multiplication for elliptic curves and genus 2 Jacobians with applications to signature schemes

We give a general framework for uniform, constant-time one-and two-dimensional scalar multiplication algorithms for elliptic curves and Jacobians of genus 2 curves that operate by projecting to the x-line or Kummer surface, where we can exploit faster and more uniform pseudomultiplication, before recovering the proper "signed" output back on the curve or Jacobian. This extends the work of L{\'o}pez and Dahab, Okeya and Sakurai, and Brier and Joye to genus 2, and also to two-dimensional scalar multiplication. Our results show that many existing fast pseudomultiplication implementations (hitherto limited to applications in Diffie--Hellman key exchange) can be wrapped with simple and efficient pre-and post-computations to yield competitive full scalar multiplication algorithms, ready for use in more general discrete logarithm-based cryptosystems, including signature schemes. This is especially interesting for genus 2, where Kummer surfaces can outperform comparable elliptic curve systems. As an example, we construct an instance of the Schnorr signature scheme driven by Kummer surface arithmetic

PyTomography: A Python Library for Quantitative Medical Image Reconstruction

Background: There is a scarcity of open-source libraries in medical imaging dedicated to both (i) the development and deployment of novel reconstruction algorithms and (ii) support for clinical data. Purpose: To create and evaluate a GPU-accelerated, open-source, and user-friendly image reconstruction library, designed to serve as a central platform for the development, validation, and deployment of novel tomographic reconstruction algorithms. Methods: PyTomography was developed using Python and inherits the GPU-accelerated functionality of PyTorch for fast computations. The software uses a modular design that decouples the system matrix from reconstruction algorithms, simplifying the process of integrating new imaging modalities or developing novel reconstruction techniques. As example developments, SPECT reconstruction in PyTomography is validated against both vendor-specific software and alternative open-source libraries. Bayesian reconstruction algorithms are implemented and validated. Results: PyTomography is consistent with both vendor-software and alternative open source libraries for standard SPECT clinical reconstruction, while providing significant computational advantages. As example applications, Bayesian reconstruction algorithms incorporating anatomical information are shown to outperform the traditional ordered subset expectation maximum (OSEM) algorithm in quantitative image analysis. PSF modeling in PET imaging is shown to reduce blurring artifacts. Conclusions: We have developed and publicly shared PyTomography, a highly optimized and user-friendly software for quantitative image reconstruction of medical images, with a class hierarchy that fosters the development of novel imaging applications.Comment: 26 pages, 7 figure