Point Compression for Koblitz Elliptic Curves

Elliptic curves over finite fields have applications in public key cryptography. A Koblitz curve is an elliptic curve $E$ over \F_2; the group E( \Ftn ) has convenient features for efficient implementation of elliptic curve cryptography. Wiener and Zuccherato and Gallant, Lambert and Vanstone showed that one can accelerate the Pollard rho algorithm for the discrete logarithm problem on Koblitz curves. This implies that when using Koblitz curves, one has a lower security per bit than when using general elliptic curves defined over the same field. Hence for a fixed security level, systems using Koblitz curves require slightly more bandwidth. We present a method to reduce this bandwidth when a normal basis representation for \Ftn is used. Our method is appropriate for applications such as Diffie-Hellman key exchange or Elgamal encryption. We show that, with a low probability of failure, our method gives the expected bandwidth for a given security level

Point compression for the trace zero subgroup over a small degree extension field

Using Semaev's summation polynomials, we derive a new equation for the $\mathbb{F}_q$-rational points of the trace zero variety of an elliptic curve defined over $\mathbb{F}_q$. Using this equation, we produce an optimal-size representation for such points. Our representation is compatible with scalar multiplication. We give a point compression algorithm to compute the representation and a decompression algorithm to recover the original point (up to some small ambiguity). The algorithms are efficient for trace zero varieties coming from small degree extension fields. We give explicit equations and discuss in detail the practically relevant cases of cubic and quintic field extensions.Comment: 23 pages, to appear in Designs, Codes and Cryptograph

Generation, Verification, and Attacks on Elliptic Curves and their Applications in Signal Protocol

Elliptic curves (EC) are widely studied due to their mathematical and cryptographic properties. Cryptographers have used the properties of EC to construct elliptic curve cryptosystems (ECC). ECC are based on the assumption of hardness of special instances of the discrete logarithm problem in EC. One of the strong merits of ECC is providing the same cryptographic strength with smaller key size compared to other public key cryptosystems. A 256 bit ECC can provide similar cryptographic strength as a 3072 bit RSA cryptosystem. Due to smaller key sizes, elliptic curves are an attractive option in devices with limited storage capacity. It is therefore essential to understand how to generate these curves, verify their correctness and assure that they are resistant against attacks. The security of an EC cryptosystem is determined by the choice of the curve that is used in that cryptosystem. Over the years, a number of elliptic curves were introduced for cryptographic use. Elliptic curves such as FRP256V1, NIST P-256, Secp256k1 or SM2 curve are widely used in many applications like cryptocurrencies, transport layer protocol and Internet messaging applications. Another type of popular curves are Curve25519 introduced by Dan Bernstein and Curve448 introduced by Mike Hamburg, which are used in an end to end encryption protocol called Signal. This protocol is used in popular messaging applications like WhatsApp, Signal Messenger and Facebook Messenger. Recently, there has been a growing distrust among security researchers against the previously standardized curves. We have seen backdoors in the elliptic curve cryptosystems like the DUAL_EC_DRBG function that was standardized by NIST, and suspicious random seeds that were used in NIST P-curves. We can say that many of the previously standardized curves lack transparency in their generation and verification. We focus on transparent generation and verification of elliptic curves. We generate curves based on NIST standards and propose new standards to generate special types of elliptic curves. We test their resistance against the known attacks that target the ECC. Finally, we demonstrate ECDLP attacks on small curves with weak structure

Elliptic curve cryptography: Generation and validation of domain parameters in binary Galois Fields

Elliptic curve cryptography (ECC) is an increasingly popular method for securing many forms of data and communication via public key encryption. The algorithm utilizes key parameters, referred to as the domain parameters. These parameters must adhere to specific characteristics in order to be valid for use in the algorithm. The American National Standards Institute (ANSI), in ANSI X9.62, provides the process for generating and validating these parameters. The National Institute of Standards and Technology (NIST) has identified fifteen sets of parameters; five for prime fields, five for binary fields, and five for Koblitz curves. The parameter generation and validation processes have several key issues. The first is the fast reduction within the proper modulus. The modulus chosen is an irreducible polynomial having degree greater than 160. Choosing irreducible polynomials of a particular order is less critical since they have isomorphic properties, mathematically. However, since there are differences in performance, there are standards that determine the specific polynomials chosen. The NIST standards are also based on word lengths of 32 bits. Processor architecture, primality, and validation of irreducibility are other important characteristics. The area of ECC that is researched is the generation and validation processes, as they are specified for binary Galois Fields F (2m). The rationale for the parameters, as computed for 32 bit and 64 bit computer architectures, and the algorithms used for implementation, as specified by ANSI, NIST and others, are examined. The methods for fast reduction are also examined as a baseline for understanding these parameters. Another aspect of the research is to determine a set of parameters beyond the 571-bit length that meet the necessary criteria as determined by the standards

Efficient algorithms for pairing-based cryptosystems

We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable to that of RSA in larger characteristics.We also propose faster algorithms for scalar multiplication in characteristic 3 and square root extraction over Fpm, the latter technique being also useful in contexts other than that of pairing-based cryptography

ELLIPTIC CURVE CRYPTOGRAPHY

In this article main points of ECC’s application and structure  is reviewed.Here is described the main advantages of ECC. The aim of this article is to systematize information on the practical application of elliptic curves,its general terms ,affect the topic of ECC popularity.Another interesting part of article is the question of patents,in most of Certicoms patents. Assuring fact is that the question of ECC is discovered by ECC Workshop, since 1997  were hold  a series of conferences on the ECC theme.The last one takes place in 2013 year. Since the first ECC workshop, held 1997 in Waterloo, the ECC conference series has broadened its scope beyond elliptic curve cryptography and now covers a wide range of areas within modern cryptography.The table in the end of article compares key sizes,and main points of ECC and RSA.The conclusion is that  ECC provides much more confidence use than first-generation public key cryptography systems. Equations based on elliptic curves is easy to perform, and extremely difficult to reverse and it is in demand.В этой статье выложены основные точки приложения эллиптической криптографии и ее структура.Цель этой статьи систематизировать информацию о практическом приминении эллиптических кривых ,ее основных  понятий, затронуть тему популярности эллиптических кривых. Другая интересная часть статьи это вопрос о патентировании, в большинстве это патенты  Certicom. Обнадеживающим фактом является то,что вопрос эллиптической криптографии раскрывается  «ECC Workshop» ,с 1997 была проведена серия конференций.Последняя конференция была проведена в 2013 году.С первого семинара, которая состоялась в 1997 году в Ватерлоо, серии  конференций  расширили свою сферу за пределы эллиптической криптографии и в настоящее время охватывает широкий спектр областей в современной криптографии.Таблица в конце статьи сравнивает размеры ключей,основных положений РСА и эллиптической криптографии.Вывод состоит в том,что эллиптическая криптография  обеспечивает гораздо большую  секретность,чем использование криптографии с открытым ключом. Уравнения , основанные на эллиптических кривых легки в использовании , и их  трудно  реверсировать,они пользуются спросом.Розглянуто структуру еліптичної криптографії, її вигляд,основне застосування. Схарактеризовано основні переваги використання еліптичної криптографії з-поміж РСА та іншими. Викладено основні історичні дати про цю гілку криптографії. Зібрано основні дані про патенти, що її стосуються —запропонованих NIST. Надано порівняння РСА та еліптичної криптографії у вигляді таблиці. Вважалось,що еліптичні криві матимуть успіх у криптографії через деякі їх властивості, такі як довжина ключа, менша вибагливість до продуктивності, надійності. Еліптичні криві використовуються для передачі даних по TLS, SSH, смарт-картах, Bitcoin,C++, Apple's i Message service. Зараз питанням еліптичних кривих активно займаються керуючий комітет «ECC Workshops» на чолі з Tanja Lange (Technische Universiteit Eindhoven, Netherlands), Chair Alfred Menezes (University of Waterloo, Canada , Christof Paar (Ruhr — Universität Bochum, Germany), Scott Vanstone ( University of Waterloo, Canada). ECC Workshop — це щорічні семінари, присвячені вивченню еліптичної криптографії та суміжних їй областей. С першого семінару в 1997 р. в Ватерлоо конференція з еліптичних кривих розширила свою сферу діяльності за межі еліптичної криптографії і наразі охоплює широкий спектр в областях сучасної криптографії

Identity based cryptography from bilinear pairings

This report contains an overview of two related areas of research in cryptography which have been prolific in significant advances in recent years. The first of these areas is pairing based cryptography. Bilinear pairings over elliptic curves were initially used as formal mathematical tools and later as cryptanalysis tools that rendered supersingular curves insecure. In recent years, bilinear pairings have been used to construct many cryptographic schemes. The second area covered by this report is identity based cryptography. Digital certificates are a fundamental part of public key cryptography, as one needs a secure way of associating an agent’s identity with a random (meaningless) public key. In identity based cryptography, public keys can be arbitrary bit strings, including readable representations of one’s identity.Fundação para a Ci~Encia e Tecnologia - SFRH/BPD/20528/2004

Scalar multiplication in compressed coordinates in the trace-zero subgroup

We consider trace-zero subgroups of elliptic curves over a degree three field extension. The elements of these groups can be represented in compressed coordinates, i.e. via the two coefficients of the line that passes through the point and its two Frobenius conjugates. In this paper we give the first algorithm to compute scalar multiplication in the degree three trace-zero subgroup using these coordinates.Comment: 23 page