Jean-Gabriel Kammerer scite author profile

ISBN : 978-3-662-45610-1International audienceThe fastest implementations of elliptic curve cryptography in recent years have been achieved on curves endowed with nontriv-ial efficient endomorphisms, using techniques due to Gallant–Lambert– Vanstone (GLV) and Galbraith–Lin–Scott (GLS). In such implementa-tions, a scalar multiplication [k]P is computed as a double multiplication [k1]P + [k2]ψ(P), for ψ an efficient endomorphism and k1, k2 appropri-ate half-size scalars. To compute a random scalar multiplication, one can either select the scalars k1, k2 at random, hoping that the resulting k = k1 + k2λ is close to uniform, or pick a uniform k instead and decom-pose it as k1 + k2λ afterwards. The main goal of this paper is to discuss security issues that may arise using either approach. When k1 and k2 are chosen uniformly at random in [0, √ n), n = ord(P), we provide a security proofs under mild assumptions. However, if they are chosen as random integers of 1

show abstract

Encoding Points on Hyperelliptic Curves over Finite Fields in Deterministic Polynomial Time

Kammerer

Lercier

Renault

2010

View full text Add to dashboard Cite

We provide new hash functions into (hyper)elliptic curves over finite fields. These functions aims at instantiating in a secure manner cryptographic protocols where we need to map strings into points on algebraic curves, typically user identities into public keys in pairingbased IBE schemes.Contrasting with recent Icart's encoding, we start from "easy to solve by radicals" polynomials in order to obtain models of curves which in turn can be deterministically "algebraically parameterized". As a result, we obtain a low degree encoding map for Hessian elliptic curves, and for the first time, hashing functions for genus 2 curves. More generally we present for any genus (more narrowed) families of hyperelliptic curves with this property.The image of these encodings is large enough to be "weak" encodings in the sense of Brier et al., and so they can be easily turned into admissible cryptographic encodings. deterministic encoding, elliptic curves, Galois theory, hyperelliptic curves J 2 = −2 6 3 λ 2 (9 µ 3 + 9 a 2 + 10 b) , J 4 = 2 9 3 bλ 4 (297 µ 3 + 54 a 2 + 55 b) , J 6 = 2 14 b 2 λ 6 (−6480 µ 3 + 81 a 2 + 80 b) , J 8 = −2 16 3 b 2 λ 8 (31347 µ 6 − 134136 µ 3 a 2 − 158310 bµ 3 + 11664 a 4 + 23940 ba 2 + 12275 b 2 ) , J 10 = −2 24 3 6 b 3 λ 10 (µ 6 + 2 µ 3 a 2 − 2 bµ 3 + a 4 + 2 ba 2 + b 2 ) .

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Jean-Gabriel Kammerer

Contributions to the Design of Residue Number System Architectures

GLV/GLS Decomposition, Power Analysis, and Attacks on ECDSA Signatures with Single-Bit Nonce Bias

Encoding Points on Hyperelliptic Curves over Finite Fields in Deterministic Polynomial Time

Contact Info

Product

Resources

About