Description
The curve shape suggested by Edwards does not define elliptic curves over fields of characteristic 2. We recently generalized the concept of Edwards curves and defined binary Edwards curves. These curves offer complete addition formulas and are the first binary curves with this property. Doubling and differential addition (addition of two points with known difference, like in the Montgomery ladder) are very fast on these curves. We present the design principles behind this choice of curve shape, present the birational equivalence with Weierstrass elliptic curves and explain how to obtain fast doubling and differential addition.<br/> This is joint work with Daniel J. Bernstein and Reza Rezaeian Farashahi.
Next sessions
-
Oblivious Transfer from Zero-Knowledge Proofs (or how to achieve round-optimal quantum Oblivious Transfer without structure)
Speaker : Léo Colisson - Université Grenoble Alpes
We provide a generic construction to turn any classical Zero-Knowledge (ZK) protocol into a composable oblivious transfer (OT) protocol (the protocol itself involving quantum interactions), mostly lifting the round-complexity properties and security guarantees (plain-model/statistical security/unstructured functions…) of the ZK protocol to the resulting OT protocol. Such a construction is unlikely[…]-
Cryptography
-