Elliptic curves associated with simplest quartic fields

International audienceWe are studying the infinite family of elliptic curves associated with simplest cubic fields. If the rank of such curves is 1, we determine the whole structure of the Mordell-Weil group and find all integral points on the original model of the curve. Note however, that we are not able to find them on the Weierstrass model if the parameter is even. We have also obtained similar results for an infinite subfamily of curves of rank 2. To our knowledge, this is the first time that so much information has been obtained both on the structure of the Mordell-Weil group and on integral points for an infinite family of curves of rank 2. The canonical height is the main tool we used for that study

A FPGA pairing implementation using the Residue Number System

Recently, a lot of progresses have been made in software implementations of pairings at the 128-bit security level in large characteristic. In this work, we obtain analogous progresses for hardware implementations. For this, we use the RNS representation of numbers which is especially well suited for pairing computation in a hardware context. A FPGA implementation is proposed, based on an adaptation of Guillermin\u27s architecture which computes a pairing in 1.07 ms. It is 2 times faster than all previous hardware implementations (including ASIC and small characteristic implementations) and almost as fast as best software implementations

Memory-saving computation of the pairing final exponentiation on BN curves

In this paper, we describe and improve efficient methods for computing the hard part of the final exponentiation of pairings on Barreto-Naehrig curves. Thanks to the variants of pairings which decrease the length of the Miller loop, the final exponentiation has become a significant component of the overall calculation. Here we exploit the structure of BN curves to improve this computation. We will first present the most famous methods in the literature that en- sure the computing of the hard part of the final exponentiation. We are particularly interested in the memory resources necessary for the implementation of these methods. Indeed, this is an important constraint in restricted environments. More precisely, we are studying Devegili et al. method, Scott et al. addition chain method and Fuentes et al. method. After recalling these methods and their complexities, we determine the number of required registers to compute the final result, because this is not always given in the literature. Then, we will present new versions of these methods which require less memory resources (up to 37%). Moreover, some of these variants are providing algorithms which are also more efficient than the original ones

Choosing and generating parameters for low level pairing implementation on BN curves

Many hardware and software pairing implementations can be found in the literature and some pairing friendly parameters are given. However, depending on the situation, it could be useful to generate other nice parameters (e.g. resistance to subgroup attacks, larger security levels, database of pairing friendly curves). The main purpose of this paper is to describe explicitly and exhaustively what should be done to generate the best possible parameters and to make the best choices depending on the implementation context (in terms of pairing algorithm, ways to build the tower field, $\mathbb{F}_{p^{12}}$ arithmetic, groups involved and their generators, system of coordinates). We focus on low level implementations, assuming that $\mathbb{F}_p$ additions have a significant cost compared to other $\mathbb{F}_p$ operations. However, the results obtained are still valid in the case where $\mathbb{F}_p$ additions can be neglected. We also explain why the best choice for the polynomials defining the tower field $\mathbb{F}_{p^{12}}$ is only depending on the value of the BN parameter $u$ modulo small integers like $12$ as a nice application of old elementary arithmetic results. Moreover, we use this opportunity to give some new improvements on $\mathbb{F}_{p^{12}}$ arithmetic (in a pairing context) in terms of $\mathbb{F}_p$-addition allowing to save around $10\%$ of them depending on the context

Area-Efficient Hardware Implementation of the Optimal Ate Pairing over BN curves.

To have an efficient asymmetric key encryption scheme such as elliptic curves, hyperelliptic curves, pairing etc., we have to go through an arithmetic optimization then a hardware one. Taking into consideration restricted environments’ compromises, we should strike a balance between efficiency and memory resources. For this reason, we studied the mathematical aspect of pairing computation and gave new development of the methods that compute the hard part of the final exponentiation in [2]. They prove that these new methods save an important number of temporary variables, and they are certainly faster than the existing one. In this paper, we will also present a new way of computing Miller loop, more precisely in the doubling algorithm. So we will use this result and the arithmetic optimization presented in [2]. Then, we will apply hardware optimization to find a satisfactory design which give the best compromise between area occupation and execution time. Our hardware implementation on a Virtex-6 FPGA(XC6VHX250T) used only 5976 Slices, 30 DSP, which is less resources used compared with state-ofthe-art hardware implementations, so we can say that our approach cope with the limited resources of restricted environmen

Montgomery scalar multiplication for genus 2 curves

International audienceUsing powerful tools on genus 2 curves like the Kummer variety, we generalize the Montgomery method for scalar multiplication to the jacobian of these curves. Previously this method was only known for elliptic curves. We obtain an algorithm that is competitive compared to the usual methods of scalar multiplication and that has additional properties such as resistance to timings attacks. This algorithm has very important applications in cryptography using hyperelliptic curves and more particularly for people interested in cryptography on smart cards