Hostname: page-component-848d4c4894-x5gtn Total loading time: 0 Render date: 2024-05-03T20:20:41.664Z Has data issue: false hasContentIssue false
  • English
  • Français

Hyper-and-elliptic-curve cryptography

Part of: Arithmetic algebraic geometry Communication, information Arithmetic problems. Diophantine geometry

Published online by Cambridge University Press:  01 August 2014

Daniel J. Bernstein  and
Tanja Lange
Daniel J. Bernstein
Affiliation:
Computer Science, University of Illinois at Chicago, Chicago, IL 60607-7045, USA Mathematics and Computer Science, Technische Universiteit Eindhoven, PO Box 513, 5600 MB Eindhoven, The Netherlands email djb@cr.yp.to
Tanja Lange
Affiliation:
Mathematics and Computer Science, Technische Universiteit Eindhoven, PO Box 513, 5600 MB Eindhoven, The Netherlands email tanja@hyperelliptic.org

Abstract

Core share and HTML view are not available for this content. However, as you have access to this content, a full PDF is available via the ‘Save PDF’ action button.

This paper introduces ‘hyper-and-elliptic-curve cryptography’, in which a single high-security group supports fast genus-2-hyperelliptic-curve formulas for variable-base-point single-scalar multiplication (for example, Diffie–Hellman shared-secret computation) and at the same time supports fast elliptic-curve formulas for fixed-base-point scalar multiplication (for example, key generation) and multi-scalar multiplication (for example, signature verification).

MSC classification

Secondary: 11G20: Curves over finite and local fields 14G50: Applications to coding theory and cryptography 94A60: Cryptography
Type
Research Article
Information
LMS Journal of Computation and Mathematics , Volume 17 , Special Issue A: Algorithmic Number Theory Symposium XI , 2014 , pp. 181 - 202
Copyright
© The Author(s) 2014 

References

Alster, K., Urbanowicz, J. and Williams, H. C. (eds), Public-key cryptography and computational number theory, proceedings of the international conference held in Warsaw, September 11–15, 2000 (Walter de Gruyter, 2001) ISBN 3-11-017046-9; MR 2002h:94001, see [23].Google Scholar
Arita, S., Matsuo, K., Nagao, K. and Shimura, M., ‘A Weil descent attack against elliptic curve cryptosystems over quartic extension fields’, 2004, https://eprint.iacr.org/2004/240 (citations in this document: § 2, § 2, § 2, § 3.2).Google Scholar
Bernstein, D. J., Birkner, P., Joye, M., Lange, T. and Peters, C., ‘Twisted Edwards curves’, in Africacrypt 2008 [53], 2008, 389–405, https://eprint.iacr.org/2008/013 (citations in this document: § 5).CrossRefGoogle Scholar
Bernstein, D. J., Chuengsatiansup, C., Lange, T. and Schwabe, P., ‘Kummer strikes back: new DH speed records’, 2014, https://eprint.iacr.org/2014/134 (citations in this document: § 1.1, § 1.1, § 1.1, § 4.4, § 6).Google Scholar
Bertoni, G. and Coron, J.-S. (eds), Cryptographic hardware and embedded systems, CHES 2013, 15th international workshop, Santa Barbara, CA, USA, August 20–23, 2013, Lecture Notes in Computer Science 8086 (Springer, 2013) ISBN 978-3-642-40348-4, see [7, 44].Google Scholar
Bos, J. W., Costello, C., Hisil, H. and Lauter, K., ‘Fast cryptography in genus 2’, in Eurocrypt 2013 [34], 2013, 194–210, https://eprint.iacr.org/2012/670 (citations in this document: § 1.1, § 1.2, § 4.1, § 4.1, § 4.1, § 4.4, § 4.4, § 4.4, § 6).Google Scholar
Bos, J. W., Costello, C., Hisil, H. and Lauter, K., ‘High-performance scalar multiplication using 8-dimensional GLV/GLS decomposition’, in CHES 2013 [5], 2013, 331–348, https://eprint.iacr.org/2013/146 (citations in this document: § 1.1).Google Scholar
Bosma, W., Cannon, J. and Playoust, C., ‘The Magma algebra system. I. The user language’, J. Symbolic Comput. 24 (1997) 235265, http://www.math.ru.nl/∼bosma/pubs/JSC1997Magma.pdf (citations in this document: § 2.2).CrossRefGoogle Scholar
Brankovic, L. and Susilo, W. (eds), Seventh Australasian information security conference (AISC 2009), Wellington, New Zealand, Conferences in Research and Practice in Information Technology (CRPIT) 98 (ACS, 2009) see [30].Google Scholar
Cassels, J. W. S. and Flynn, E. V., Prolegomena to a middlebrow arithmetic of curves of genus 2, London Mathematical Society Lecture Note Series 230 (Cambridge University Press, 1996) ISBN 0-521-48370-0 (citations in this document: § 4.4, § 4.4).CrossRefGoogle Scholar
Chudnovsky, D. V. and Chudnovsky, G. V., ‘Sequences of numbers generated by addition in formal groups and new primality and factorization tests’, Adv. Appl. Math. 7 (1986) 385434; MR 88h:11094 (citations in this document: § 4.4).Google Scholar
Cosset, R., ‘Factorization with genus 2 curves’, Math. Comput. 79 (2010) 11911208; http://arxiv.org/pdf/0905.2325 (citations in this document: § 4.4, § 4.4).Google Scholar
Degabriele, J. P., Lehmann, A., Paterson, K. G., Smart, N. P. and Strefler, M., ‘On the joint security of encryption and signature in EMV’, in CT-RSA 2012 [18], 2012, 116–135,http://www.isg.rhul.ac.uk/∼psai074/publications/EMV_Joint_Sec.pdf (citations in this document: § 1.3).Google Scholar
Diem, C., ‘The GHS attack in odd characteristic’, J. Ramanujan Math. Soc. 18 (2003) 132; (citations in this document: § 2, § 3.2).Google Scholar
Diem, C. and Scholten, J., ‘Cover attacks: a report for the AREHCC project’, 2003,http://www.math.uni-leipzig.de/∼diem/preprints/cover-attacks.pdf (citations in this document: § 2).Google Scholar
Diem, C. and Scholten, J., ‘An attack on a trace-zero cryptosystem’, 2004,http://www.math.uni-leipzig.de/∼diem/preprints/trace-zero.pdf (citations in this document: § 2).Google Scholar
Diffie, W. and Hellman, M., ‘New directions in cryptography’, IEEE Trans. Inform. Theory 22 (1976) 644654; ISSN 0018-9448; MR 55:10141 (citations in this document: § 1).Google Scholar
Dunkelman, O. (ed.), Topics in cryptology, CT-RSA 2012, the cryptographers’ track at the RSA Conference 2012, San Francisco, CA, USA, February 27–March 2, 2012, Lecture Notes in Computer Science 7178 (Springer, 2012) ISBN 978-3-642-27953-9, see [13].Google Scholar
Faz-Hernandez, A., Longa, P. and Sanchez, A. H., ‘Efficient and secure algorithms for GLV-based scalar multiplication and their implementation on GLV–GLS curves’, 2013, https://eprint.iacr.org/2013/158 (citations in this document: § 1.1).CrossRefGoogle Scholar
Flynn, E. V., ‘Genus 2 site’, 2007, http://people.maths.ox.ac.uk/flynn/genus2 (citations in this document: § 4.4, § 4.4).Google Scholar
Freeman, D. M. and Satoh, T., ‘Constructing pairing-friendly hyperelliptic curves using Weil restriction’, J. Number Theory 131 (2011) 959983, http://eprint.iacr.org/2009/103 (citations in this document: § 2).CrossRefGoogle Scholar
Frey, G., ‘How to disguise an elliptic curve (Weil descent)’, Presentation at ECC 1998, 1998,http://www.cacr.math.uwaterloo.ca/conferences/1998/ecc98/slides.html (citations in this document: § 2).Google Scholar
Galbraith, S. D., ‘Limitations of constructive Weil descent’, in [1], 2001, 59–70; MR 2002m:11052 (citations in this document: § 2, § 6).Google Scholar
Gaudry, P., ‘Variants of the Montgomery form based on theta functions’, 2006, see also newer version [25], http://www.loria.fr/∼gaudry/publis/toronto.pdf (citations in this document: § 1.1).CrossRefGoogle Scholar
Gaudry, P., ‘Fast genus 2 arithmetic based on theta functions’, J. Math. Cryptol. 1 (2007) 243265; see also older version [24], http://webloria.loria.fr/∼gaudry/publis/arithKsurf.pdf (citations in this document: § 4.1, § 4.1, § 4.4, § 4.4, § 6).Google Scholar
Gaudry, P., Hess, F. and Smart, N. P., ‘Constructive and destructive facets of Weil descent on elliptic curves’, J. Crypt. 15 (2002) 1946 (citations in this document: § 2, § 2, § 2, § 3.2).Google Scholar
Gaudry, P. and Schost, É., ‘Genus 2 point counting over prime fields’, J. Symbolic Comput. 47 (2012) 368400, http://www.csd.uwo.ca/∼eschost/publications/countg2.pdf (citations in this document:  § 1.1, § 6).CrossRefGoogle Scholar
Giry, D., ‘Cryptographic key length recommendation’, 2014, http://keylength.com (citations in this document: § 1.1).Google Scholar
Haber, S. and Pinkas, B., ‘Securely combining public key cryptosystems’, in CCS 2001 [46] 2001, 215–224 (citations in this document: § 1.3).Google Scholar
Hisil, H., Wong, K. K.-H., Carter, G. and Dawson, E., ‘Faster group operations on elliptic curves’, in AISC 2009 [9], 2009, 7–19, https://eprint.iacr.org/2007/441 (citations in this document: § 3.2).Google Scholar
Hoffman-Andrews, J., ‘Forward secrecy at Twitter’, 2013,https://blog.twitter.com/2013/forward-secrecy-at-twitter-0 (citations in this document: § 1).Google Scholar
Howe, E. W. and Kedlaya, K. S. (eds), Tenth algorithmic number theory symposium (Mathematical Sciences Publishers, 2013) ISBN 978-1-935107-01-9, see [50].Google Scholar
Iijima, T., Momose, F. and Chao, J., ‘Classification of elliptic/hyperelliptic curves with weak coverings against GHS attack under an isogeny condition’, 2013, http://eprint.iacr.org/2013/487 (citations in this document: § 2).Google Scholar
Johansson, T. and Nguyen, P. Q. (eds), Advances in cryptology — EUROCRYPT 2013, 32nd annual international conference on the theory and applications of cryptographic techniques, Athens, Greece, May 26–30, 2013, Lecture Notes in Computer Science 7881 (Springer, 2013) ISBN 978-3-642-38347-2, see [6].Google Scholar
Joux, A. (ed.), Advances in cryptology — EUROCRYPT 2009, 28th annual international conference on the theory and applications of cryptographic techniques, Cologne, Germany, April 26–30, 2009, Lecture Notes in Computer Science 5479 (Springer, 2009), see [47].Google Scholar
Koblitz, N., ‘Elliptic curve cryptosystems’, Math. Comput. 48 (1987) 203209; ISSN 0025-5718;MR 88b:94017 (citations in this document: § 1.1).CrossRefGoogle Scholar
Koç, Ç. K., Naccache, D. and Paar, C. (eds), Cryptographic hardware and embedded systems — CHES 2001, third international workshop, Paris, France, May 14–16, 2001, Lecture Notes in Computer Science 2162 (Springer, 2001) ISBN 3-540-42521-7; MR 2003g:94002, see [43].Google Scholar
Langley, A., ‘Protecting data for the long term with forward secrecy’, 2011,http://googleonlinesecurity.blogspot.nl/2011/11/protecting-data-for-long-term-with.html (citations in this document: § 1).Google Scholar
Lee, D. H. and Wang, X. (eds), Advances in cryptology — ASIACRYPT 2011, 17th international conference on the theory and application of cryptology and information security, Seoul, South Korea, December 4–8, 2011, Lecture Notes in Computer Science 7073 (Springer, 2011) ISBN 978-3-642-25384-3, see [45].Google Scholar
Miller, V. S., ‘Use of elliptic curves in cryptography’, in [54], 1986, 417–426; MR 88b:68040 (citations in this document: § 1.1).Google Scholar
Momose, F. and Chao, J., ‘Scholten forms and elliptic/hyperelliptic curves with weak Weil restrictions’, 2005, http://eprint.iacr.org/2005/ (citations in this document: § 2).Google Scholar
Monagan, M. B. and Pearce, R., ‘Rational simplification modulo a polynomial ideal’, in ISSAC 2006 [52], 2006, 239–245 (citations in this document: § 3.2).CrossRefGoogle Scholar
Okeya, K. and Sakurai, K., ‘Efficient elliptic curve cryptosystems from a scalar multiplication algorithm with recovery of the $\def \xmlpi #1{}\def \mathsfbi #1{\boldsymbol {\mathsf {#1}}}\let \le =\leqslant \let \leq =\leqslant \let \ge =\geqslant \let \geq =\geqslant \def \Pr {\mathit {Pr}}\def \Fr {\mathit {Fr}}\def \Rey {\mathit {Re}}y$-coordinate on a Montgomery-form elliptic curve’, in CHES 2001 [37], 2001, 126–141 (citations in this document: § 4.6).CrossRefGoogle Scholar
Oliveira, T., López, J., Aranha, D. F. and Rodríguez-Henríquez, F., ‘Lambda coordinates for binary elliptic curves’, in CHES 2013 [5], 2013, 311–330, https://eprint.iacr.org/2013/131 (citations in this document: § 1.1).Google Scholar
Paterson, K. G., Schuldt, J. C. N., Stam, M. and Thomson, S., ‘On the joint security of encryption and signature, revisited’, in Asiacrypt 2011 [39] 2011, 161–178, https://eprint.iacr.org/2011/486 (citations in this document: § 1.3).Google Scholar
Reiter, M. K. and Samarati, P. (eds), CCS 2001, proceedings of the 8th ACM conference on computer and communications security, Philadelphia, Pennsylvania, USA, November 6–8, 2001 (Association for Computing Machinery, 2001) ISBN 1-58113-385-5, see [29].Google Scholar
Satoh, T., ‘Generating genus two hyperelliptic curves over large characteristic finite fields’, in EUROCRYPT 2009 [35], 2009, 536–553 (citations in this document: § 2).Google Scholar
Scholten, J., ‘Weil restriction of an elliptic curve over a quadratic extension’, 2003,http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.118.7987&rep=rep1&type=pdf (citations in this document: § 2, § 2, § 2, § 2, § 2.1, § 3.1).Google Scholar
Stein, W. (ed.), Sage Mathematics Software (Version 6.1.1) (The Sage Group, 2014) http://www.sagemath.org (citations in this document: § 2.2).Google Scholar
Sutherland, A. V., ‘Isogeny volcanoes’, in ANTS X [32], 2013, http://arxiv.org/abs/1208.5370 (citations in this document: § 5).Google Scholar
Thériault, N., ‘Weil descent attack for Kummer extensions’, J. Ramanujan Math. Soc. 18 (2003) 281312; (citations in this document: § 2).Google Scholar
Trager, B. M. (ed.), ISSAC ’06: proceedings of the 2006 international symposium on symbolic and algebraic computation, Genoa, Italy, July 09–12, 2006 (ACM, 2006) ISBN 1-59593-276-3, see [42].CrossRefGoogle Scholar
Vaudenay, S. (ed.), Progress in cryptology — AFRICACRYPT 2008, first international conference on cryptology in Africa, Casablanca, Morocco, June 11–14, 2008, Lecture Notes in Computer Science 5023 (Springer, 2008) ISBN 978-3-540-68159-5, see [3].Google Scholar
Williams, H. C. (ed.), Advances in cryptology: CRYPTO ’85, Lecture Notes in Computer Science 218 (Springer, 1986) ISBN 3-540-16463-4, see [40].CrossRefGoogle Scholar