Table of contents

  • This session has been presented September 01, 2022.

Description

  • Speaker

    Youssef El Housni - LIX

At CANS’20, El Housni and Guillevic introduced a new 2-chain of pairing-friendly elliptic curves for recursive zero-knowledge Succinct Non-interactive ARguments of Knowledge (zk-SNARKs) made of the former BLS12-377 curve (a Barreto–Lynn–Scott curve over a 377- bit prime field) and the new BW6-761 curve (a Brezing–Weng curve of embedding degree 6 over a 761-bit prime field). First we generalise the curve construction, the pairing formulas (e : G1 × G2 → GT ) and the group operations to any BW6 curve defined on top of any BLS12 curve, forming a family of 2-chain pairing-friendly curves. Second, we investigate other possible 2-chain families made on top of the BLS12 and BLS24 curves. We compare BW6 to Cocks–Pinch curves of higher embedding degrees 8 and 12 (CP8, CP12) at the 128-bit security level. We explicit an optimal ate and optimal Tate pairing on our new CP curves. We show that both for BLS12 and BLS24, the BW6 construction always gives the fastest pairing and curve arithmetic compared to Cocks-Pinch curves. Finally, we suggest a short list of curves suitable for Groth16 and KZG-based universal SNARKs and present an optimized implementation of these curves. Based on Groth16 and PlonK (a KZG- based SNARK) implementations, we obtain that the BLS12-377/BW6-761 pair is optimized for the former while the BLS24-315/BW6-672 pair is optimized for the latter.
lien: https://univ-rennes1-fr.zoom.us/j/97066341266?pwd=RUthOFV5cm1uT0ZCQVh6QUcrb1drQT09

Next sessions

  • SoK: Security of the Ascon Modes

    • June 20, 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Charlotte Lefevre - Radboud University

    The Ascon authenticated encryption scheme and hash function of Dobraunig et al (Journal of Cryptology 2021) were recently selected as winner of the NIST lightweight cryptography competition. The mode underlying Ascon authenticated encryption (Ascon-AE) resembles ideas of SpongeWrap, but not quite, and various works have investigated the generic security of Ascon-AE, all covering different attack[…]

  • Comprehensive Modelling of Power Noise via Gaussian Processes with Applications to True Random Number Generators

    • June 27, 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Maciej Skorski - Laboratoire Hubert Curien

    The talk examines power noise modelling through Gaussian Processes for secure True Random Number Generators.   While revisiting one-sided fractional Brownian motion, we obtain novel contributions by quantifying posterior uncertainty in exact analytical form, establishing quasi-stationary properties, and developing rigorous time-frequency analysis. These results are applied to model oscillator[…]

    • Cryptography

    • TRNG

  • CryptoVerif: a computationally-sound security protocol verifier

    • September 05, 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Bruno Blanchet - Inria

    CryptoVerif is a security protocol verifier sound in the computational model of cryptography. It produces proofs by sequences of games, like those done manually by cryptographers. It has an automatic proof strategy and can also be guided by the user. It provides a generic method for specifying security assumptions on many cryptographic primitives, and can prove secrecy, authentication, and[…]

    • Cryptography

Show previous sessions
Page top