Description
The curve shape suggested by Edwards does not define elliptic curves over fields of characteristic 2. We recently generalized the concept of Edwards curves and defined binary Edwards curves. These curves offer complete addition formulas and are the first binary curves with this property. Doubling and differential addition (addition of two points with known difference, like in the Montgomery ladder) are very fast on these curves. We present the design principles behind this choice of curve shape, present the birational equivalence with Weierstrass elliptic curves and explain how to obtain fast doubling and differential addition.<br/> This is joint work with Daniel J. Bernstein and Reza Rezaeian Farashahi.
Next sessions
-
Séminaire C2 à INRIA Paris
Emmanuel Thomé et Pierrick Gaudry Rachelle Heim Boissier Épiphane Nouetowa Dung Bui Plus d'infos sur https://seminaire-c2.inria.fr/ -
Attacking the Supersingular Isogeny Problem: From the Delfs–Galbraith algorithm to oriented graphs
Speaker : Arthur Herlédan Le Merdy - COSIC, KU Leuven
The threat of quantum computers motivates the introduction of new hard problems for cryptography.One promising candidate is the Isogeny problem: given two elliptic curves, compute a “nice’’ map between them, called an isogeny.In this talk, we study classical attacks on this problem, specialised to supersingular elliptic curves, on which the security of current isogeny-based cryptography relies. In[…]-
Cryptography
-