Skew-Frobenius map on twisted Edwards curve

In this paper, we consider the Frobenius endomorphism on twisted Edwards curve and give the characteristic polynomial of the map. Applying the Frobenius endomorphism on twisted Edwards curve, we construct a skew-Frobenius map defined on the quadratic twist of an twisted Edwards curve. Our results show that the Frobenius endomorphism on twisted Edwards curve and the skew-Frobenius endomorphism on quadratic twist of an twisted Edwards curve can be exploited to devise fast point multiplication algorithm that do not use any point doubling. As an application, the GLV method can be used for speeding up point multiplication on twisted Edwards curve

Bitcoin Security with a Twisted Edwards Curve

International audienceThe security of the Bitcoin cryptocurrency system depends on the Koblitz curve secp256k1 combined with the digital signature ECDSA and the hash function SHA-256. In this paper, we show that the security of Bitcoin with ECDSA and secp256k1 is not optimal and present a detailed study of the efficiency of Bitcoin with the digital signature algorithm Ed25519 combined with the twisted Edwards curve CurveEd25519 and the hash function SHA-512. We show that Bitcoin is more secure and more efficient with the digital signature algorithm Ed25519 and the twisted Edwards curve CurveEd25519. Subject Classifications: 94A6

The performance of group operations on twisted Edwards curve over a prime field

Дан сравнительный анализ производительности вычислений на кривой Эдвардса с модификацией закона сложения точек и на кривой в канонической форме.Данo порівняний аналіз продуктивності обчислень на кривої Едвардса с модифікацією закона додавання точок і на кривої у каноничної формі.Comparative analysis of productivity calculations on the Edwards curve with modification addition law of points and the curve in canonical form

Edwards Curves and Gaussian Hypergeometric Series

Let $E$ be an elliptic curve described by either an Edwards model or a twisted Edwards model over $\mathbb{F}_p$, namely, $E$ is defined by one of the following equations $x^2+y^2=a^2(1+x^2y^2),\, a^5-a\not\equiv 0$ mod $p$, or, $ax^2+y^2=1+dx^2y^2,\,ad(a-d)\not\equiv0$ mod $p$, respectively. We express the number of rational points of $E$ over $\mathbb{F}_p$ using the Gaussian hypergeometric series $\displaystyle {_2F_1}\left(\begin{matrix} \phi&\phi {} & \epsilon \end{matrix}\Big| x\right)$ where $\epsilon$ and $\phi$ are the trivial and quadratic characters over $\mathbb{F}_p$ respectively. This enables us to evaluate $|E(\mathbb{F}_p)|$ for some elliptic curves $E$, and prove the existence of isogenies between $E$ and Legendre elliptic curves over $\mathbb{F}_p$

Finding ECM-friendly curves through a study of Galois properties

In this paper we prove some divisibility properties of the cardinality of elliptic curves modulo primes. These proofs explain the good behavior of certain parameters when using Montgomery or Edwards curves in the setting of the elliptic curve method (ECM) for integer factorization. The ideas of the proofs help us to find new families of elliptic curves with good division properties which increase the success probability of ECM

Faster computation of the Tate pairing

This paper proposes new explicit formulas for the doubling and addition step in Miller's algorithm to compute the Tate pairing. For Edwards curves the formulas come from a new way of seeing the arithmetic. We state the first geometric interpretation of the group law on Edwards curves by presenting the functions which arise in the addition and doubling. Computing the coefficients of the functions and the sum or double of the points is faster than with all previously proposed formulas for pairings on Edwards curves. They are even competitive with all published formulas for pairing computation on Weierstrass curves. We also speed up pairing computation on Weierstrass curves in Jacobian coordinates. Finally, we present several examples of pairing-friendly Edwards curves.Comment: 15 pages, 2 figures. Final version accepted for publication in Journal of Number Theor