2015
DOI: 10.1007/978-3-662-48797-6_10
|View full text |Cite
|
Sign up to set email alerts
|

Four $$\mathbb {Q}$$ : Four-Dimensional Decompositions on a $$\mathbb {Q}$$ -curve over the Mersenne Prime

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
2

Citation Types

0
84
0
1

Year Published

2017
2017
2020
2020

Publication Types

Select...
6
1

Relationship

1
6

Authors

Journals

citations
Cited by 76 publications
(85 citation statements)
references
References 38 publications
0
84
0
1
Order By: Relevance
“…FourQ, introduced by Costello and Longa in 2015 [16], is defined by the complete twisted Edwards [4] equation E/F p 2 : −x 2 + y 2 = 1 + dx 2 y 2 , where the quadratic extension field F p 2 = F p (i) for i 2 = −1 and p = 2 127 − 1, and d = 125317048443780598345676279555970305165 · i + 4205857648805777768770. The prime order subgroup E(F p 2 ) [N ], where N is the 246-bit prime corresponding to #E(F p 2 ) = 392 · N , is used to carry out cryptographic computations.…”
Section: Preliminaries: Fourqmentioning
confidence: 99%
See 2 more Smart Citations
“…FourQ, introduced by Costello and Longa in 2015 [16], is defined by the complete twisted Edwards [4] equation E/F p 2 : −x 2 + y 2 = 1 + dx 2 y 2 , where the quadratic extension field F p 2 = F p (i) for i 2 = −1 and p = 2 127 − 1, and d = 125317048443780598345676279555970305165 · i + 4205857648805777768770. The prime order subgroup E(F p 2 ) [N ], where N is the 246-bit prime corresponding to #E(F p 2 ) = 392 · N , is used to carry out cryptographic computations.…”
Section: Preliminaries: Fourqmentioning
confidence: 99%
“…FourQ [16] is a high-performance elliptic curve that provides about 128 bits of security and enables efficient and secure scalar multiplications. Implementations based on this curve have been shown to achieve the fastest computations of variable-base, fixed-base and double scalar multiplications to date on a large variety of x64 and ARMv7-A processors [16,36].…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation
“…These include, e.g., regular w-NAF and m-ary methods [20,34,40,45,51], regular width-w τ -adic NAF method for Koblitz curves [46], the regular signed-digit comb methods [21,30], and scalar multiplications on curves with fast endomorphisms that use multiscalar multiplications with precomputations (e.g., GLV [24] and GLS [23] methods and, in particular, the recent regular algorithm [19]). Some of these methods have been recently utilized in lightweight ECC implementations to achieve protection against single-trace attacks: e.g., [30] was used in [47], [46] in [48], and [19] in [14]. All deterministic countermeasures inside Ψ such as atomicity of point addition and point doubling, unified addition formulae, etc., do not work against the attack and are, thus, also in the list of vulnerable methods when used in a scalar multiplication algorithm that utilizes precomputations in the above sense.…”
Section: Preliminariesmentioning
confidence: 99%
“…Fully regular patterns of operations can be achieved with atomic scalar multiplication algorithms with precomputations which typically combine side-channel security with efficiency (see, e.g., [19,30,45,46]). Such algorithms have been recently used for side-channel protected lightweight hardware implementations, e.g., in [47,48] as well as fast software, e.g., in [14]. In the light of new advanced single-trace attacks, there have been doubts about the security offered by these algorithms (see, e.g., [3,31,47]).…”
Section: Introductionmentioning
confidence: 99%