Description
The curve shape suggested by Edwards does not define elliptic curves over fields of characteristic 2. We recently generalized the concept of Edwards curves and defined binary Edwards curves. These curves offer complete addition formulas and are the first binary curves with this property. Doubling and differential addition (addition of two points with known difference, like in the Montgomery ladder) are very fast on these curves. We present the design principles behind this choice of curve shape, present the birational equivalence with Weierstrass elliptic curves and explain how to obtain fast doubling and differential addition.<br/> This is joint work with Daniel J. Bernstein and Reza Rezaeian Farashahi.
Next sessions
-
!!! Reporté !!! Encryption homomorphe sans bruit à l'aide de groupes
Speaker : Pierre Guillot - Ravel Technologies (dispo Université de Strasbourg, IRMA)
Je vais rappeler les travaux de Nuida et Ostrovski sur l'utilisation des groupes pour l'élaboration de schémas cryptographiques homomorphes. Je vais présenter nos travaux qui fournissent des encodages à la fois plus efficaces et plus généraux, et qui déterminent exactement quels groupes peuvent être utilisés. Puis je vais discuter GRAFHEN, un protocole qui utilise ces idées. Je dirai juste[…]-
Cryptography
-
-
MIKE: An efficient and compact NIKE Based on a Commutative Monoidal Action
Speaker : Jonathan Komada Eriksen - COSIC, KU Leuven
Robert recently described a powerful correspondence between certain (Hermitian) modules and (polarized) abelian varieties, which simultaneously generalizes both the class-group action underlying protocols such as CSIDH, and the Deuring correspondence, underlying protocols such as SQIsign. Using this correspondence, he also proposed how to construct a post-quantum NIKE, called MIKE, which, at a[…]-
Cryptography
-
-
TBA
Speaker : Anmoal Porwal - Technical University of Munich
-
Cryptography
-
Asymmetric primitive
-