scholarly journals Optimized CSIDH Implementation Using a 2-Torsion Point

Cryptography ◽  
2020 ◽  
Vol 4 (3) ◽  
pp. 20 ◽  
Author(s):  
Donghoe Heo ◽  
Suhri Kim ◽  
Kisoon Yoon ◽  
Young-Ho Park ◽  
Seokhie Hong
Keyword(s):  
Elliptic Curve ◽  
Group Action ◽  
Large Degree ◽  
Transitive Group ◽  
Optimization Method ◽  
Torsion Point ◽  
Torsion Points ◽  
Diffie Hellman ◽  
Odd Degree ◽  
Montgomery Curve

The implementation of isogeny-based cryptography mainly use Montgomery curves, as they offer fast elliptic curve arithmetic and isogeny computation. However, although Montgomery curves have efficient 3- and 4-isogeny formula, it becomes inefficient when recovering the coefficient of the image curve for large degree isogenies. Because the Commutative Supersingular Isogeny Diffie-Hellman (CSIDH) requires odd-degree isogenies up to at least 587, this inefficiency is the main bottleneck of using a Montgomery curve for CSIDH. In this paper, we present a new optimization method for faster CSIDH protocols entirely on Montgomery curves. To this end, we present a new parameter for CSIDH, in which the three rational two-torsion points exist. By using the proposed parameters, the CSIDH moves around the surface. The curve coefficient of the image curve can be recovered by a two-torsion point. We also proved that the CSIDH while using the proposed parameter guarantees a free and transitive group action. Additionally, we present the implementation result using our method. We demonstrated that our method is 6.4% faster than the original CSIDH. Our works show that quite higher performance of CSIDH is achieved while only using Montgomery curves.

Ramification of the Kummer extension generated from torsion points of elliptic curves

2015 ◽  
Vol 11 (06) ◽  
pp. 1725-1734
Author(s):  
Masaya Yasuda
Keyword(s):  
Elliptic Curve ◽  
Elliptic Curves ◽  
Number Field ◽  
Torsion Subgroup ◽  
Torsion Point ◽  
Torsion Points ◽  
Root Of Unity

For a prime p, let ζp denote a fixed primitive pth root of unity. Let E be an elliptic curve over a number field k with a p-torsion point. Then the p-torsion subgroup of E gives a Kummer extension over k(ζp). In this paper, for p = 5 and 7, we study the ramification of such Kummer extensions using explicit Kummer generators directly computed by Verdure in 2006.

KUMMER GENERATORS AND TORSION POINTS OF ELLIPTIC CURVES WITH BAD REDUCTION AT SOME PRIMES

2013 ◽  
Vol 09 (07) ◽  
pp. 1743-1752 ◽  
Author(s):  
MASAYA YASUDA
Keyword(s):  
Elliptic Curve ◽  
Elliptic Curves ◽  
Number Field ◽  
Quadratic Fields ◽  
Torsion Subgroup ◽  
Torsion Point ◽  
Torsion Points ◽  
Root Of Unity ◽  
Fundamental Units

For a prime p, let ζp denote a fixed primitive pth root of unity. Let E be an elliptic curve over a number field K with a p-torsion point. Then the p-torsion subgroup of E gives a Kummer extension over K(ζp), and in this paper, we study the ramification of such Kummer extensions using the Kummer generators directly computed by Verdure in 2006. For quadratic fields K, we also give unramified Kummer extensions over K(ζp) generated from elliptic curves over K having a p-torsion point with bad reduction at certain primes. Many of these unramified Kummer extensions have not appeared in the previous work using fundamental units of quadratic fields.

Using Montgomery curve arithmetic over F2p for point scalar multiplication on short Weierstrass curve over Fp with exactly one 2-torsion point and order not divisible by 4

2016 ◽  
Vol 0 (0) ◽  
pp. 33-38
Author(s):  
Michał Wroński
Keyword(s):  
Scalar Multiplication ◽  
Side Channel ◽  
Torsion Point ◽  
Side Channel Attacks ◽  
Torsion Points ◽  
Standard Methods ◽  
Hardware Implementations ◽  
Point Scalar Multiplication ◽  
Montgomery Curve

Montgomery curves are well known because of their efficiency and side channel attacks vulnerability. In this article it is showed how Montgomery curve arithmetic may be used for point scalar multiplication on short Weierstrass curve ESW over Fp with exactly one 2-torsion point and #ESW (Fp) not divisible by 4. If P ∈ ESW (Fp) then also P ∈ ESW (Fp2). Because ESW (Fp2) has three 2-torsion points (because ESW (Fp) has one 2-torsion point) it is possible to use 2-isogenous Montgomery curve EM (Fp2) to the curve ESW (Fp2) for counting point scalar multiplication on ESW (Fp). However arithmetic in (Fp2) is much more complicated than arithmetic in Fp, in hardware implementations this method may be much more useful than standard methods, because it may be nearly 45% faster.

Torsion points and matrices defining elliptic curves

2014 ◽  
Vol 24 (06) ◽  
pp. 879-891 ◽  
Author(s):  
G. V. Ravindra ◽  
Amit Tripathi
Keyword(s):  
Elliptic Curve ◽  
Elliptic Curves ◽  
Quadratic Polynomial ◽  
Closed Field ◽  
Torsion Point ◽  
Torsion Points ◽  
Algebraically Closed Field ◽  
Linear Polynomial

Let k be an algebraically closed field, char k ≠ 2, 3, and let X ⊂ ℙ2 be an elliptic curve with defining polynomial f. We show that any non-trivial torsion point of order r, determines up to equivalence, a unique minimal matrix Φr of size 3r × 3r with linear polynomial entries such that det Φr = fr. We also show that the identity, thought of as the trivial torsion point of order r, determines up to equivalence, a unique minimal matrix Ψr of size (3r - 2) × (3r - 2) with linear and quadratic polynomial entries such that det Ψr = fr.

scholarly journals Primitive divisors of sequences associated to elliptic curves with complex multiplication

2021 ◽  
Vol 7 (2) ◽  
Author(s):  
Matteo Verzobio
Keyword(s):  
Elliptic Curve ◽  
Elliptic Curves ◽  
Number Field ◽  
Complex Multiplication ◽  
Dedekind Domain ◽  
Torsion Point ◽  
Integral Ideal ◽  
Primitive Divisors ◽  
Primitive Divisor ◽  
The Ideal

AbstractLet P and Q be two points on an elliptic curve defined over a number field K. For $$\alpha \in {\text {End}}(E)$$ α ∈ End ( E ) , define $$B_\alpha $$ B α to be the $$\mathcal {O}_K$$ O K -integral ideal generated by the denominator of $$x(\alpha (P)+Q)$$ x ( α ( P ) + Q ) . Let $$\mathcal {O}$$ O be a subring of $${\text {End}}(E)$$ End ( E ) , that is a Dedekind domain. We will study the sequence $$\{B_\alpha \}_{\alpha \in \mathcal {O}}$$ { B α } α ∈ O . We will show that, for all but finitely many $$\alpha \in \mathcal {O}$$ α ∈ O , the ideal $$B_\alpha $$ B α has a primitive divisor when P is a non-torsion point and there exist two endomorphisms $$g\ne 0$$ g ≠ 0 and f so that $$f(P)= g(Q)$$ f ( P ) = g ( Q ) . This is a generalization of previous results on elliptic divisibility sequences.

scholarly journals The number of maximal torsion cosets in subvarieties of tori

2019 ◽  
Vol 2019 (755) ◽  
pp. 103-126
Author(s):  
César Martínez
Keyword(s):  
Newton Polytope ◽  
Torsion Point ◽  
Torsion Points ◽  
Sharp Bounds ◽  
Maximal Torsion ◽  
Algebraic Torus

AbstractWe present sharp bounds on the number of maximal torsion cosets in a subvariety of the complex algebraic torus {\mathbb{G}_{\mathrm{m}}^{n}}. Our first main result gives a bound in terms of the degree of the defining polynomials. We also give a bound for the number of isolated torsion point, that is maximal torsion cosets of dimension 0, in terms of the volume of the Newton polytope of the defining polynomials. This result proves the conjectures of Ruppert and of Aliev and Smyth on the number of isolated torsion points of a hypersurface. These conjectures bound this number in terms of the multidegree and the volume of the Newton polytope of a polynomial defining the hypersurface, respectively.

Sign in / Sign up

Export Citation Format

Share Document