Multiplication in Finite Fields and Elliptic Curves

La cryptographie à clef publique permet de s'échanger des clefs de façon distante, d'effectuer des signatures électroniques, de s'authentifier à distance, etc. Dans cette thèse d'HDR nous allons présenter quelques contributions concernant l'implantation sûre et efficace de protocoles cryptographiques basés sur les courbes elliptiques. L'opération de base effectuée dans ces protocoles est la multiplication scalaire d'un point de la courbe. Chaque multiplication scalaire nécessite plusieurs milliers d'opérations dans un corps fini.Dans la première partie du manuscrit nous nous intéressons à la multiplication dans les corps finis car c'est l'opération la plus coûteuse et la plus utilisée. Nous présentons d'abord des contributions sur les multiplieurs parallèles dans les corps binaires. Un premier résultat concerne l'approche sous-quadratique dans une base normale optimale de type 2. Plus précisément, nous améliorons un multiplieur basé sur un produit de matrice de Toeplitz avec un vecteur en utilisant une recombinaison des blocs qui supprime certains calculs redondants. Nous présentons aussi un multiplieur pous les corps binaires basé sur une extension d'une optimisation de la multiplication polynomiale de Karatsuba.Ensuite nous présentons des résultats concernant la multiplication dans un corps premier. Nous présentons en particulier une approche de type Montgomery pour la multiplication dans une base adaptée à l'arithmétique modulaire. Cette approche cible la multiplication modulo un premier aléatoire. Nous présentons alors une méthode pour la multiplication dans des corps utilisés dans la cryptographie sur les couplages : les extensions de petits degrés d'un corps premier aléatoire. Cette méthode utilise une base adaptée engendrée par une racine de l'unité facilitant la multiplication polynomiale basée sur la FFT. Dans la dernière partie de cette thèse d'HDR nous nous intéressons à des résultats qui concernent la multiplication scalaire sur les courbes elliptiques. Nous présentons une parallélisation de l'échelle binaire de Montgomery dans le cas de E(GF(2^n)). Nous survolons aussi quelques contributions sur des formules de division par 3 dans E(GF(3^n)) et une parallélisation de type (third,triple)-and-add. Dans le dernier chapitre nous développons quelques directions de recherches futures. Nous discutons d'abord de possibles extensions des travaux faits sur les corps binaires. Nous présentons aussi des axes de recherche liés à la randomisation de l'arithmétique qui permet une protection contre les attaques matérielles

Ranks of Elliptic Curves with Prescribed Torsion over Number Fields

We study the structure of Mordell-Weil groups of elliptic curves over number fields of degrees 2, 3, and 4. We show that if T is a group, then either the class of all elliptic curves over quadratic fields with torsion subgroup T is empty or it contains curves of rank 0 as well as curves of positive rank. We prove a similar but slightly weaker result for cubic and quartic fields. On the other hand, we find a group T and a quartic field K such that among the elliptic curves over K with torsion subgroup T, there are curves of positive rank, but none of rank 0. We find examples of elliptic curves with positive rank and given torsion in many previously unknown cases. We also prove that all elliptic curves over quadratic fields with a point of order 13 or 18 and all elliptic curves over quartic fields with a point of order 22 are isogenous to one of their Galois conjugates and, by a phenomenon that we call false complex multiplication, have even rank. Finally, we discuss connections with elliptic curves over finite fields and applications to integer factorizatio

Isogeny graphs with maximal real multiplication

An isogeny graph is a graph whose vertices are principally polarized abelian varieties and whose edges are isogenies between these varieties. In his thesis, Kohel described the structure of isogeny graphs for elliptic curves and showed that one may compute the endomorphism ring of an elliptic curve defined over a finite field by using a depth first search algorithm in the graph. In dimension 2, the structure of isogeny graphs is less understood and existing algorithms for computing endomorphism rings are very expensive. Our setting considers genus 2 jacobians with complex multiplication, with the assumptions that the real multiplication subring is maximal and has class number one. We fully describe the isogeny graphs in that case. Over finite fields, we derive a depth first search algorithm for computing endomorphism rings locally at prime numbers, if the real multiplication is maximal. To the best of our knowledge, this is the first DFS-based algorithm in genus 2

Efficient Algorithms for Elliptic Curve Cryptosystems

Elliptic curves are the basis for a relative new class of public-key schemes. It is predicted that elliptic curves will replace many existing schemes in the near future. It is thus of great interest to develop algorithms which allow efficient implementations of elliptic curve crypto systems. This thesis deals with such algorithms. Efficient algorithms for elliptic curves can be classified into low-level algorithms, which deal with arithmetic in the underlying finite field and high-level algorithms, which operate with the group operation. This thesis describes three new algorithms for efficient implementations of elliptic curve cryptosystems. The first algorithm describes the application of the Karatsuba-Ofman Algorithm to multiplication in composite fields GF((2n)m). The second algorithm deals with efficient inversion in composite Galois fields of the form GF((2n)m). The third algorithm is an entirely new approach which accelerates the multiplication of points which is the core operation in elliptic curve public-key systems. The algorithm explores computational advantages by computing repeated point doublings directly through closed formulae rather than from individual point doublings. Finally we apply all three algorithms to an implementation of an elliptic curve system over GF((216)11). We provide ablolute performance measures for the field operations and for an entire point multiplication. We also show the improvements gained by the new point multiplication algorithm in conjunction with the k-ary and improved k-ary methods for exponentiation

Ranks of elliptic curves with prescribed torsion over number fields

We study the structure of Mordell-Weil groups of elliptic curves over number fields of degrees 2, 3, and 4. We show that if T is a group, then either the class of all elliptic curves over quadratic fields with torsion subgroup T is empty or it contains curves of rank 0 as well as curves of positive rank. We prove a similar but slightly weaker result for cubic and quartic fields. On the other hand, we find a group T and a quartic field K such that among the elliptic curves over K with torsion subgroup T, there are curves of positive rank, but none of rank 0. We find examples of elliptic curves with positive rank and given torsion in many previously unknown cases. We also prove that all elliptic curves over quadratic fields with a point of order 13 or 18 and all elliptic curves over quartic fields with a point of order 22 are isogenous to one of their Galois conjugates and, by a phenomenon that we call false complex multiplication, have even rank. Finally, we discuss connections with elliptic curves over finite fields and applications to integer factorizatio

Fast Endomorphism for any Genus 2 Hyperelliptic Curve over a Finite Field of Even Characteristic

In EUROCRYPT 2009, Galbraith, Lin and Scott constructed an efficiently computable endomorphism for a large family of elliptic curves defined over finite fields of large characteristic. They demonstrated that the endomorphism can be used to accelerate scalar multiplication in the elliptic curve cryptosystem based on these curves. In this paper we extend the method to any genus 2 hyperelliptic curve defined over a finite field of even characteristic. We propose an efficient algorithm to generate a random genus 2 hyperelliptic curve and its quadratic twist equipped with a fast endomorphism on the Jacobian. The analysis of the operation amount of the scalar multiplication is also given