SIDH hybrid schemes with a classical component based on the discrete logarithm problem over finite field extension

The concept of a hybrid scheme with connection of SIDH and ECDH is nowadays very popular. In hardware implementations it is convenient to use a classical key exchange algorithm, which is based on the same finite field as SIDH. Most frequently used hybrid scheme is SIDH-ECDH. On the other hand, using the same field as in SIDH, one can construct schemes over \Fpn, like Diffie-Hellman or XTR scheme, whose security is based on the discrete logarithm problem. In this paper, idea of such schemes will be presented. The security of schemes, which are based on the discrete logarithm problem over fields \Fp, \Fpd, \Fpc, \Fps and \Fpo, for primes $p$ used in SIDH, will be analyzed. At the end, the propositions of practical applications of these schemes will be presented

Efficient algorithms for pairing-based cryptosystems

We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable to that of RSA in larger characteristics.We also propose faster algorithms for scalar multiplication in characteristic 3 and square root extraction over Fpm, the latter technique being also useful in contexts other than that of pairing-based cryptography

An Improved Public Key Cryptography Based on the Elliiptic Curve

Elliptic curve cryptography offers two major benefits over RSA: more security per bit, and a suitable key size for hardware and modern communication. Thus, this results to smaller size of public key certificates, lower power requirements and smaller hardware processors. Three major approaches are used in this dissertation to enhance the elliptic curve cryptsystems: reducing the number of the elliptic curve group arithmetic operations, speeding up the underlying finite field operations and reducing the size of the transited parameters. A new addition formula in the projective coordinate is introduced, where the analysis for this formula shows that the number of multiplications over the finite field is reduced to nine general field element multiplications. Thus this reduction will speed up the computation of adding two points on the elliptic curve by 11 percent. Moreover, the new formula can be used more efficiently when it is combined with the suggested sparse elements algorithms. To speed up the underlying finite field operations, several new algorithms are introduced namely: selecting random sparse elements algorithm, finding sparse base points, sparse multiplication over polynomial basis, and sparse multiplication over normal basis. The complexity analysis shows that whenever the sparse techniques are used, the improvement rises to 33 percent compared to the standard projective coordinate formula and improvement of 38 percent compared to affine coordinate. A new algorithm to compress and decompress the sparse elements algorithms are introduced to reduce the size of the transited parameters. The enhancements are applied on three protocols and two applications. The protocols are Diffie-Hellman, ELGamal and elliptic curve digital signature. In these protocols the speed of encrypting, decrypting and signing the message are increased by 23 to 38 percent. Meanwhile, the size of the public keys are reduced by 37 to 48 percent. The improved algorithms are applied to the on-line and off-line electronic payments systems, which lead to probably the best solution to reduce the objects size and enhance the performance in both systems

Point compression for the trace zero subgroup over a small degree extension field

Using Semaev's summation polynomials, we derive a new equation for the $\mathbb{F}_q$-rational points of the trace zero variety of an elliptic curve defined over $\mathbb{F}_q$. Using this equation, we produce an optimal-size representation for such points. Our representation is compatible with scalar multiplication. We give a point compression algorithm to compute the representation and a decompression algorithm to recover the original point (up to some small ambiguity). The algorithms are efficient for trace zero varieties coming from small degree extension fields. We give explicit equations and discuss in detail the practically relevant cases of cubic and quintic field extensions.Comment: 23 pages, to appear in Designs, Codes and Cryptograph

XTR and Tori

At the turn of the century, 80-bit security was the standard. When considering discrete-log based cryptosystems, it could be achieved using either subgroups of 1024-bit finite fields or using (hyper)elliptic curves. The latter would allow more compact and efficient arithmetic, until Lenstra and Verheul invented XTR. Here XTR stands for \u27ECSTR\u27, itself an abbreviation for Efficient and Compact Subgroup Trace Representation. XTR exploits algebraic properties of the cyclotomic subgroup of sixth degree extension fields, allowing representation only a third of their regular size, making finite field DLP-based systems competitive with elliptic curve ones. Subsequent developments, such as the move to 128-bit security and improvements in finite field DLP, rendered the original XTR and closely related torus-based cryptosystems no longer competitive with elliptic curves. Yet, some of the techniques related to XTR are still relevant for certain pairing-based cryptosystems. This chapter describes the past and the present of XTR and other methods for efficient and compact subgroup arithmetic