Hashing to elliptic curves of j-invariant 1728

被引:0
|
作者
Dmitrii Koshelev
机构
[1] Versailles Saint-Quentin-en-Yvelines University,Versailles Laboratory of Mathematics
[2] Institute for Information Transmission Problems,Algebra and Number Theory Laboratory
[3] Moscow Institute of Physics and Technology,Department of Discrete Mathematics
来源
Cryptography and Communications | 2021年 / 13卷
关键词
Finite fields; Pairing-based cryptography; Elliptic curves of ; -invariant 1728; Kummer surfaces; Rational curves; Weil restriction; Isogenies; 14E05; 14G15; 14G50; 14Q20; 14K02; 14H52;
D O I
暂无
中图分类号
学科分类号
摘要
This article generalizes the simplified Shallue–van de Woestijne–Ulas (SWU) method of a deterministic finite field mapping h:Fq→Ea(Fq)\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$h\!: \mathbb {F}_{q} \to E_{a}(\mathbb {F}_{q})$\end{document} to the case of any elliptic Fq\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$\mathbb {F}_{q}$\end{document}-curve Ea : y2 = x3 − ax of j-invariant 1728. In comparison with the (classical) SWU method the simplified SWU method allows to avoid one quadratic residuosity test in the field Fq\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$\mathbb {F}_{q}$\end{document}, which is a quite painful operation in cryptography with regard to timing attacks. More precisely, in order to derive h we obtain a rational Fq\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$\mathbb {F}_{q}$\end{document}-curve C (and its explicit quite simple proper Fq\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$\mathbb {F}_{q}$\end{document}-parametrization) on the Kummer surface K′\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$K^{\prime }$\end{document} associated with the direct product Ea×Ea′\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}${E_{a}} \times {E_{a}^{\prime }}$\end{document}, where Ea′\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$E_{a}^{\prime }$\end{document} is the quadratic Fq\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$\mathbb {F}_{q}$\end{document}-twist of Ea. Our approach of finding C is based on the fact that every curve Ea has a vertical Fq2\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$\mathbb {F}_{q^{2}}$\end{document}-isogeny of degree 2.
引用
下载
收藏
页码:479 / 494
页数:15
相关论文
共 50 条
  • [41] J-INVARIANT OF LINEAR ALGEBRAIC GROUPS
    Petrov, Viktor
    Semenov, Nikita
    Zainoulline, Kirill
    ANNALES SCIENTIFIQUES DE L ECOLE NORMALE SUPERIEURE, 2008, 41 (06): : 1023 - 1053
  • [42] The J-invariant, Tits algebras and triality
    Queguiner-Mathieu, A.
    Semenov, N.
    Zainoulline, K.
    JOURNAL OF PURE AND APPLIED ALGEBRA, 2012, 216 (12) : 2614 - 2628
  • [43] On Hermitian surfaces with J-invariant Ricci tensor
    Muškarov O.
    Journal of Geometry, 2001, 72 (1) : 151 - 156
  • [44] Verified Indifferentiable Hashing into Elliptic Curves
    Barthe, Gilles
    Gregoire, Benjamin
    Heraud, Sylvain
    Olmedo, Federico
    Zanella Beguelin, Santiago
    PRINCIPLES OF SECURITY AND TRUST, POST 2012, 2012, 7215 : 209 - 228
  • [45] Verified indifferentiable hashing into elliptic curves
    Barthe, Gilles
    Gregoire, Benjamin
    Heraud, Sylvain
    Olmedo, Federico
    Zanella-Beguelin, Santiago
    JOURNAL OF COMPUTER SECURITY, 2013, 21 (06) : 881 - 917
  • [46] A universal formula for the j-invariant of the canonical lifting
    Erdogan, Altan
    JOURNAL OF NUMBER THEORY, 2015, 150 : 26 - 40
  • [47] The J-invariant, exceptional surfaces and notions of periodicity
    Calta, Kariane
    Smillie, John
    PARTIALLY HYPERBOLIC DYNAMICS, LAMINATIONS, AND TEICHMULLER FLOW, 2007, 51 : 113 - +
  • [48] Lifting the j-invariant: Questions of Mazur and Tate
    Finotti, Luis R. A.
    JOURNAL OF NUMBER THEORY, 2010, 130 (03) : 620 - 638
  • [49] The J-invariant over splitting fields of Tits algebras
    Zhykhovich, Maksim
    COMPOSITIO MATHEMATICA, 2024, 160 (09)
  • [50] Efficient Indifferentiable Hashing into Ordinary Elliptic Curves
    Brier, Eric
    Coron, Jean-Sebastien
    Icart, Thomas
    Madore, David
    Randriam, Hugues
    Tibouchi, Mehdi
    ADVANCES IN CRYPTOLOGY - CRYPTO 2010, 2010, 6223 : 237 - +
12345