17,905 research outputs found
Families of fast elliptic curves from Q-curves
We construct new families of elliptic curves over \FF_{p^2} with
efficiently computable endomorphisms, which can be used to accelerate elliptic
curve-based cryptosystems in the same way as Gallant-Lambert-Vanstone (GLV) and
Galbraith-Lin-Scott (GLS) endomorphisms. Our construction is based on reducing
\QQ-curves-curves over quadratic number fields without complex
multiplication, but with isogenies to their Galois conjugates-modulo inert
primes. As a first application of the general theory we construct, for every
, two one-parameter families of elliptic curves over \FF_{p^2}
equipped with endomorphisms that are faster than doubling. Like GLS (which
appears as a degenerate case of our construction), we offer the advantage over
GLV of selecting from a much wider range of curves, and thus finding secure
group orders when is fixed. Unlike GLS, we also offer the possibility of
constructing twist-secure curves. Among our examples are prime-order curves
equipped with fast endomorphisms, with almost-prime-order twists, over
\FF_{p^2} for and
Rational torsion on optimal curves and rank-one quadratic twists
AbstractWhen an elliptic curve Eā²/Q of square-free conductor N has a rational point of odd prime order lā¤N, Dummigan (2005) in [Du] explicitly constructed a rational point of order l on the optimal curve E, isogenous over Q to Eā², under some conditions. In this paper, we show that his construction also works unconditionally. And applying it to Heegner points of elliptic curves, we find a family of elliptic curves Eā²/Q such that a positive proportion of quadratic twists of Eā² has (analytic) rank 1. This family includes the infinite family of elliptic curves of the same property in Byeon, Jeon, and Kim (2009) [B-J-K]
On Pseudo-Random Number Generators Using Elliptic Curves and Chaotic Systems
Elliptic Curve Cryptography (ECC) is a relatively recent branch of cryptography which is based on the arithmetic on elliptic curves and security of the hardness of the Elliptic Curve Discrete Logarithm Problem (ECDLP). Elliptic curve cryptographic schemes are public-key mechanisms that provide encryption, digital signature and key exchange capabilities. Elliptic curve algorithms are also applied to generation of sequences of pseudo-random numbers. Another recent branch of cryptography is chaotic dynamical systems where security is based on high sensitivity of iterations of maps to initial conditions and parameters. In the present work, we give a short survey describing state-of-the-art of several suggested constructions for generating sequences of pseudorandom number generators based on elliptic curves (ECPRNG) over finite fields of prime order. In the second part of the paper we propose a method of generating sequences of pseudorandom points on elliptic curves over finite fields which is driven by a chaotic map. Such a construction improves randomness of the sequence generated since it combines good statistical properties of an ECPRNG and a CPRNG (Chaotic Pseudo- Random Number Generator). The algorithm proposed in this work is of interest for both classical and elliptic curve cryptography
Constructing suitable ordinary pairing-friendly curves: A case of elliptic curves and genus two hyperelliptic curves
One of the challenges in the designing of pairing-based cryptographic protocols is to construct suitable pairing-friendly curves: Curves which would provide eļæ½cient implementation without compromising the security of the protocols. These curves have small embedding degree and large prime order subgroup. Random curves are likely to have large embedding degree and hence are not practical for implementation of pairing-based protocols.
In this thesis we review some mathematical background on elliptic and hyperelliptic curves in relation to the construction of pairing-friendly hyper-elliptic curves. We also present the notion of pairing-friendly curves. Furthermore, we construct new pairing-friendly elliptic curves and Jacobians of genus two hyperelliptic curves which would facilitate an efficient implementation in pairing-based protocols. We aim for curves that have smaller values than ever before reported for diļæ½erent embedding degrees. We also discuss optimisation of computing pairing in Tate pairing and its variants. Here we show how to eļæ½ciently multiply a point in a subgroup deļæ½ned on a twist curve by a large cofactor. Our approach uses the theory of addition chains. We also show a new method for implementation of the computation of the hard part of the ļæ½nal exponentiation in the calculation of the Tate pairing and its varian
Hard isogeny problems over RSA moduli and groups with infeasible inversion
We initiate the study of computational problems on elliptic curve isogeny
graphs defined over RSA moduli. We conjecture that several variants of the
neighbor-search problem over these graphs are hard, and provide a comprehensive
list of cryptanalytic attempts on these problems. Moreover, based on the
hardness of these problems, we provide a construction of groups with infeasible
inversion, where the underlying groups are the ideal class groups of imaginary
quadratic orders.
Recall that in a group with infeasible inversion, computing the inverse of a
group element is required to be hard, while performing the group operation is
easy. Motivated by the potential cryptographic application of building a
directed transitive signature scheme, the search for a group with infeasible
inversion was initiated in the theses of Hohenberger and Molnar (2003). Later
it was also shown to provide a broadcast encryption scheme by Irrer et al.
(2004). However, to date the only case of a group with infeasible inversion is
implied by the much stronger primitive of self-bilinear map constructed by
Yamakawa et al. (2014) based on the hardness of factoring and
indistinguishability obfuscation (iO). Our construction gives a candidate
without using iO.Comment: Significant revision of the article previously titled "A Candidate
Group with Infeasible Inversion" (arXiv:1810.00022v1). Cleared up the
constructions by giving toy examples, added "The Parallelogram Attack" (Sec
5.3.2). 54 pages, 8 figure
The Q-curve construction for endomorphism-accelerated elliptic curves
We give a detailed account of the use of -curve reductions to
construct elliptic curves over with efficiently computable
endomorphisms, which can be used to accelerate elliptic curve-based
cryptosystems in the same way as Gallant--Lambert--Vanstone (GLV) and
Galbraith--Lin--Scott (GLS) endomorphisms. Like GLS (which is a degenerate case
of our construction), we offer the advantage over GLV of selecting from a much
wider range of curves, and thus finding secure group orders when is fixed
for efficient implementation. Unlike GLS, we also offer the possibility of
constructing twist-secure curves. We construct several one-parameter families
of elliptic curves over equipped with efficient
endomorphisms for every p \textgreater{} 3, and exhibit examples of
twist-secure curves over for the efficient Mersenne prime
.Comment: To appear in the Journal of Cryptology. arXiv admin note: text
overlap with arXiv:1305.540
- ā¦