1,577 research outputs found
Analysis of Parallel Montgomery Multiplication in CUDA
For a given level of security, elliptic curve cryptography (ECC) offers improved efficiency over classic public key implementations. Point multiplication is the most common operation in ECC and, consequently, any significant improvement in perfor- mance will likely require accelerating point multiplication. In ECC, the Montgomery algorithm is widely used for point multiplication. The primary purpose of this project is to implement and analyze a parallel implementation of the Montgomery algorithm as it is used in ECC. Specifically, the performance of CPU-based Montgomery multiplication and a GPU-based implementation in CUDA are compared
Point compression for the trace zero subgroup over a small degree extension field
Using Semaev's summation polynomials, we derive a new equation for the
-rational points of the trace zero variety of an elliptic curve
defined over . Using this equation, we produce an optimal-size
representation for such points. Our representation is compatible with scalar
multiplication. We give a point compression algorithm to compute the
representation and a decompression algorithm to recover the original point (up
to some small ambiguity). The algorithms are efficient for trace zero varieties
coming from small degree extension fields. We give explicit equations and
discuss in detail the practically relevant cases of cubic and quintic field
extensions.Comment: 23 pages, to appear in Designs, Codes and Cryptograph
Computing cardinalities of Q-curve reductions over finite fields
We present a specialized point-counting algorithm for a class of elliptic
curves over F\_{p^2} that includes reductions of quadratic Q-curves modulo
inert primes and, more generally, any elliptic curve over F\_{p^2} with a
low-degree isogeny to its Galois conjugate curve. These curves have interesting
cryptographic applications. Our algorithm is a variant of the
Schoof--Elkies--Atkin (SEA) algorithm, but with a new, lower-degree
endomorphism in place of Frobenius. While it has the same asymptotic asymptotic
complexity as SEA, our algorithm is much faster in practice.Comment: To appear in the proceedings of ANTS-XII. Added acknowledgement of
Drew Sutherlan
Computer Architectures for Cryptosystems Based on Hyperelliptic Curves
Security issues play an important role in almost all modern communication and computer networks. As Internet applications continue to grow dramatically, security requirements have to be strengthened. Hyperelliptic curve cryptosystems (HECC) allow for shorter operands at the same level of security than other public-key cryptosystems, such as RSA or Diffie-Hellman. These shorter operands appear promising for many applications. Hyperelliptic curves are a generalization of elliptic curves and they can also be used for building discrete logarithm public-key schemes. A major part of this work is the development of computer architectures for the different algorithms needed for HECC. The architectures are developed for a reconfigurable platform based on Field Programmable Gate Arrays (FPGAs). FPGAs combine the flexibility of software solutions with the security of traditional hardware implementations. In particular, it is possible to easily change all algorithm parameters such as curve coefficients and underlying finite field. In this work we first summarized the theoretical background of hyperelliptic curve cryptosystems. In order to realize the operation addition and doubling on the Jacobian, we developed architectures for the composition and reduction step. These in turn are based on architectures for arithmetic in the underlying field and for arithmetic in the polynomial ring. The architectures are described in VHDL (VHSIC Hardware Description Language) and the code was functionally verified. Some of the arithmetic modules were also synthesized. We provide estimates for the clock cycle count for a group operation in the Jacobian. The system targeted was HECC of genus four over GF(2^41)
Fast algorithms for computing isogenies between ordinary elliptic curves in small characteristic
The problem of computing an explicit isogeny between two given elliptic
curves over F_q, originally motivated by point counting, has recently awaken
new interest in the cryptology community thanks to the works of Teske and
Rostovstev & Stolbunov.
While the large characteristic case is well understood, only suboptimal
algorithms are known in small characteristic; they are due to Couveignes,
Lercier, Lercier & Joux and Lercier & Sirvent. In this paper we discuss the
differences between them and run some comparative experiments. We also present
the first complete implementation of Couveignes' second algorithm and present
improvements that make it the algorithm having the best asymptotic complexity
in the degree of the isogeny.Comment: 21 pages, 6 figures, 1 table. Submitted to J. Number Theor
On the distribution of Atkin and Elkies primes for reductions of elliptic curves on average
For an elliptic curve E/Q without complex multiplication we study the
distribution of Atkin and Elkies primes l, on average, over all good reductions
of E modulo primes p. We show that, under the Generalised Riemann Hypothesis,
for almost all primes p there are enough small Elkies primes l to ensure that
the Schoof-Elkies-Atkin point-counting algorithm runs in (log p)^(4+o(1))
expected time.Comment: 20 pages, to appear in LMS J. Comput. Mat
- …