15,347 research outputs found
Generalised Mersenne Numbers Revisited
Generalised Mersenne Numbers (GMNs) were defined by Solinas in 1999 and
feature in the NIST (FIPS 186-2) and SECG standards for use in elliptic curve
cryptography. Their form is such that modular reduction is extremely efficient,
thus making them an attractive choice for modular multiplication
implementation. However, the issue of residue multiplication efficiency seems
to have been overlooked. Asymptotically, using a cyclic rather than a linear
convolution, residue multiplication modulo a Mersenne number is twice as fast
as integer multiplication; this property does not hold for prime GMNs, unless
they are of Mersenne's form. In this work we exploit an alternative
generalisation of Mersenne numbers for which an analogue of the above property
--- and hence the same efficiency ratio --- holds, even at bitlengths for which
schoolbook multiplication is optimal, while also maintaining very efficient
reduction. Moreover, our proposed primes are abundant at any bitlength, whereas
GMNs are extremely rare. Our multiplication and reduction algorithms can also
be easily parallelised, making our arithmetic particularly suitable for
hardware implementation. Furthermore, the field representation we propose also
naturally protects against side-channel attacks, including timing attacks,
simple power analysis and differential power analysis, which is essential in
many cryptographic scenarios, in constrast to GMNs.Comment: 32 pages. Accepted to Mathematics of Computatio
Discrete logarithms in curves over finite fields
A survey on algorithms for computing discrete logarithms in Jacobians of
curves over finite fields
Fast Arithmetics in Artin-Schreier Towers over Finite Fields
An Artin-Schreier tower over the finite field F_p is a tower of field
extensions generated by polynomials of the form X^p - X - a. Following Cantor
and Couveignes, we give algorithms with quasi-linear time complexity for
arithmetic operations in such towers. As an application, we present an
implementation of Couveignes' algorithm for computing isogenies between
elliptic curves using the p-torsion.Comment: 28 pages, 4 figures, 3 tables, uses mathdots.sty, yjsco.sty Submitted
to J. Symb. Compu
Strongly universal string hashing is fast
We present fast strongly universal string hashing families: they can process
data at a rate of 0.2 CPU cycle per byte. Maybe surprisingly, we find that
these families---though they require a large buffer of random numbers---are
often faster than popular hash functions with weaker theoretical guarantees.
Moreover, conventional wisdom is that hash functions with fewer multiplications
are faster. Yet we find that they may fail to be faster due to operation
pipelining. We present experimental results on several processors including
low-powered processors. Our tests include hash functions designed for
processors with the Carry-Less Multiplication (CLMUL) instruction set. We also
prove, using accessible proofs, the strong universality of our families.Comment: Software is available at
http://code.google.com/p/variablelengthstringhashing/ and
https://github.com/lemire/StronglyUniversalStringHashin
The ElGamal cryptosystem over circulant matrices
In this paper we study extensively the discrete logarithm problem in the
group of non-singular circulant matrices. The emphasis of this study was to
find the exact parameters for the group of circulant matrices for a secure
implementation. We tabulate these parameters. We also compare the discrete
logarithm problem in the group of circulant matrices with the discrete
logarithm problem in finite fields and with the discrete logarithm problem in
the group of rational points of an elliptic curve
Point compression for the trace zero subgroup over a small degree extension field
Using Semaev's summation polynomials, we derive a new equation for the
-rational points of the trace zero variety of an elliptic curve
defined over . Using this equation, we produce an optimal-size
representation for such points. Our representation is compatible with scalar
multiplication. We give a point compression algorithm to compute the
representation and a decompression algorithm to recover the original point (up
to some small ambiguity). The algorithms are efficient for trace zero varieties
coming from small degree extension fields. We give explicit equations and
discuss in detail the practically relevant cases of cubic and quintic field
extensions.Comment: 23 pages, to appear in Designs, Codes and Cryptograph
The Q-curve construction for endomorphism-accelerated elliptic curves
We give a detailed account of the use of -curve reductions to
construct elliptic curves over with efficiently computable
endomorphisms, which can be used to accelerate elliptic curve-based
cryptosystems in the same way as Gallant--Lambert--Vanstone (GLV) and
Galbraith--Lin--Scott (GLS) endomorphisms. Like GLS (which is a degenerate case
of our construction), we offer the advantage over GLV of selecting from a much
wider range of curves, and thus finding secure group orders when is fixed
for efficient implementation. Unlike GLS, we also offer the possibility of
constructing twist-secure curves. We construct several one-parameter families
of elliptic curves over equipped with efficient
endomorphisms for every p \textgreater{} 3, and exhibit examples of
twist-secure curves over for the efficient Mersenne prime
.Comment: To appear in the Journal of Cryptology. arXiv admin note: text
overlap with arXiv:1305.540
- …