Linearizing torsion classes in the Picard group of algebraic curves over finite fields

We address the problem of computing in the group of $\ell^k$-torsion rational points of the jacobian variety of algebraic curves over finite fields, with a view toward computing modular representations.Comment: To appear in Journal of Algebr

Twisted exchange interaction between localized spins embedded in a one- or two-dimensional electron gas with Rashba spin-orbit coupling

We study theoretically the Ruderman-Kittel-Kasuya-Yosida (RKKY) interaction in one- and two-dimensions in presence of a Rashba spin-orbit (SO) coupling. We show that rotation of the spin of conduction electrons due to SO coupling causes a twisted RKKY interaction between localized spins which consists of three different terms: Heisenberg, Dzyaloshinsky-Moriya, and Ising interactions. We also show that the effective spin Hamiltonian reduces to the usual RKKY interaction Hamiltonian in the twisted spin space where the spin quantization axis of one localized spin is rotated.Comment: 4pages, no figur

Improved Classical Cryptanalysis of SIKE in Practice

Item does not contain fulltextPKC 202

Fast construction of irreducible polynomials over finite fields

International audienceWe present a randomized algorithm that on input a finite field $K$ with $q$ elements and a positive integer $d$ outputs a degree $d$ irreducible polynomial in $K[x]$. The running time is $d^{1+o(1)} \times (\log q)^{5+o(1)}$ elementary operations. The $o(1)$ in $d^{1+o(1)}$ is a function of $d$ that tends to zero when $d$ tends to infinity. And the $o(1)$ in $(\log q)^{5+o(1)}$ is a function of $q$ that tends to zero when $q$ tends to infinity. In particular, the complexity is quasi-linear in the degree $d$

A faster way to the CSIDH

Recently Castryck, Lange, Martindale, Panny, and Renes published CSIDH, a new key exchange scheme using supersingular elliptic curve isogenies. Due to its small key sizes, and the possibility of a non-interactive and a static-static key exchange, CSIDH seems very interesting for practical applications. However, the performance is rather slow. Therefore, we employ some techniques to speed up the algorithms, mainly by restructuring the elliptic curve point multiplications and by using twisted Edwards curves in the isogeny image curve computations, yielding a speed-up factor of 1.33 in comparison to the implementation of Castryck et al. Furthermore, we suggest techniques for constant-time implementations

On Lions and Elligators: An efficient constant-time implementation of CSIDH

The recently proposed CSIDH primitive is a promising candidate for post quantum static-static key exchanges with very small keys. However, until now there is only a variable-time proof-of-concept implementation by Castryck, Lange, Martindale, Panny, and Renes, recently optimized by Meyer and Reith, which can leak various information about the private key. Therefore, we present an efficient constant-time implementation that samples key elements only from intervals of nonnegative numbers and uses dummy isogenies, which prevents certain kinds of side-channel attacks. We apply several optimizations, e.g. Elligator and the newly introduced SIMBA, in order to get a more efficient implementation

Supersingular isogeny key exchange for beginners

This is an informal tutorial on the supersingular isogeny Diffie-Hellman protocol aimed at non-isogenists

On collisions related to an ideal class of order 3 in CSIDH

CSIDH is an isogeny-based key exchange, which is a candidate for post quantum cryptography. It uses the action of an ideal class group on Fp-isomorphic classes of supersingular elliptic curves. In CSIDH, the ideal classes are represented by vectors with integer coefficients. The number of ideal classes represented by these vectors de- termines the security level of CSIDH. Therefore, it is important to investigate the correspondence between the vectors and the ideal classes. Heuristics show that integer vectors in a certain range represent “almost” uniformly all of the ideal classes. However, the precise correspondence between the integer vectors and the ideal classes is still unclear. In this paper, we investigate the correspondence between the ideal classes and the integer vectors and show that the vector (1, . . . , 1) corresponds to an ideal class of order 3. Consequently, the integer vectors in CSIDH have collisions related to this ideal class. Here, we use the word “collision” in the sense of distinct vectors belonging to the same ideal class, i.e., distinct secret keys that correspond to the same public key in CSIDH. We further propose a new ideal representation in CSIDH that does not include these collisions and give formulae for efficiently computing the action of the new representation