411 research outputs found
Point compression for the trace zero subgroup over a small degree extension field
Using Semaev's summation polynomials, we derive a new equation for the
-rational points of the trace zero variety of an elliptic curve
defined over . Using this equation, we produce an optimal-size
representation for such points. Our representation is compatible with scalar
multiplication. We give a point compression algorithm to compute the
representation and a decompression algorithm to recover the original point (up
to some small ambiguity). The algorithms are efficient for trace zero varieties
coming from small degree extension fields. We give explicit equations and
discuss in detail the practically relevant cases of cubic and quintic field
extensions.Comment: 23 pages, to appear in Designs, Codes and Cryptograph
A CM construction for curves of genus 2 with p-rank 1
We construct Weil numbers corresponding to genus-2 curves with -rank 1
over the finite field \F_{p^2} of elements. The corresponding curves
can be constructed using explicit CM constructions. In one of our algorithms,
the group of \F_{p^2}-valued points of the Jacobian has prime order, while
another allows for a prescribed embedding degree with respect to a subgroup of
prescribed order. The curves are defined over \F_{p^2} out of necessity: we
show that curves of -rank 1 over \F_p for large cannot be efficiently
constructed using explicit CM constructions.Comment: 19 page
Efficient algorithms for pairing-based cryptosystems
We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable
to that of RSA in larger characteristics.We also propose faster algorithms for scalar multiplication in characteristic 3 and square root extraction
over Fpm, the latter technique being also useful in contexts other than that of pairing-based cryptography
Isogeny-based post-quantum key exchange protocols
The goal of this project is to understand and analyze the supersingular isogeny Diffie Hellman (SIDH), a post-quantum key exchange protocol which security lies on the isogeny-finding problem between supersingular elliptic curves. In order to do so, we first introduce the reader to cryptography focusing on key agreement protocols and motivate the rise of post-quantum cryptography as a necessity with the existence of the model of quantum computation. We review some of the known attacks on the SIDH and finally study some algorithmic aspects to understand how the protocol can be implemented
Distortion maps for genus two curves
Distortion maps are a useful tool for pairing based cryptography. Compared
with elliptic curves, the case of hyperelliptic curves of genus g > 1 is more
complicated since the full torsion subgroup has rank 2g. In this paper we prove
that distortion maps always exist for supersingular curves of genus g>1 and we
construct distortion maps in genus 2 (for embedding degrees 4,5,6 and 12).Comment: 16 page
Pairings in Cryptology: efficiency, security and applications
Abstract
The study of pairings can be considered in so many di�erent ways that it
may not be useless to state in a few words the plan which has been adopted,
and the chief objects at which it has aimed. This is not an attempt to write
the whole history of the pairings in cryptology, or to detail every discovery,
but rather a general presentation motivated by the two main requirements
in cryptology; e�ciency and security.
Starting from the basic underlying mathematics, pairing maps are con-
structed and a major security issue related to the question of the minimal
embedding �eld [12]1 is resolved. This is followed by an exposition on how
to compute e�ciently the �nal exponentiation occurring in the calculation
of a pairing [124]2 and a thorough survey on the security of the discrete log-
arithm problem from both theoretical and implementational perspectives.
These two crucial cryptologic requirements being ful�lled an identity based
encryption scheme taking advantage of pairings [24]3 is introduced. Then,
perceiving the need to hash identities to points on a pairing-friendly elliptic
curve in the more general context of identity based cryptography, a new
technique to efficiently solve this practical issue is exhibited.
Unveiling pairings in cryptology involves a good understanding of both
mathematical and cryptologic principles. Therefore, although �rst pre-
sented from an abstract mathematical viewpoint, pairings are then studied
from a more practical perspective, slowly drifting away toward cryptologic
applications
The supersingular endomorphism ring problem given one endomorphism
Given a supersingular elliptic curve E and a non-scalar endomorphism
of E, we prove that the endomorphism ring of E can be computed in classical
time about disc(Z[])^1/4 , and in quantum subexponential time, assuming
the generalised Riemann hypothesis. Previous results either had higher
complexities, or relied on heuristic assumptions. Along the way, we prove that
the Primitivisation problem can be solved in polynomial time (a problem
previously believed to be hard), and we prove that the action of smooth ideals
on oriented elliptic curves can be computed in polynomial time (previous
results of this form required the ideal to be powersmooth, i.e., not divisible
by any large prime power). Following the attacks on SIDH, isogenies in high
dimension are a central ingredient of our results
- …