Twisted Edwards Elliptic Curves for Zero-Knowledge Circuits

Circuit-based zero-knowledge proofs have arose as a solution to the implementation of privacy in blockchain applications, and to current scalability problems that blockchains suffer from. The most efficient circuit-based zero-knowledge proofs use a pairing-friendly elliptic curve to generate and validate proofs. In particular, the circuits are built connecting wires that carry elements from a large prime field, whose order is determined by the number of elements of the pairing-friendly elliptic curve. In this context, it is important to generate an inner curve using this field, because it allows to create circuits that can verify public-key cryptography primitives, such as digital signatures and encryption schemes. To this purpose, in this article, we present a deterministic algorithm for generating twisted Edwards elliptic curves defined over a given prime field. We also provide an algorithm for checking the resilience of this type of curve against most common security attacks. Additionally, we use our algorithms to generate Baby Jubjub, a curve that can be used to implement elliptic-curve cryptography in circuits that can be validated in the Ethereum blockchain.

On generators of the unstable $\mathscr A$-module $H^{*}((K(\mathbb F_2, 1))^{\times 5})$ in a generic degree and applications

Let us consider the prime field of two elements, $\mathbb F_2.$ It is well-known that the classical "hit problem" for a module over the mod 2 Steenrod algebra $\mathscr A$ is an interesting and important open problem of Algebraic topology, which asks a minimal set of generators for the polynomial algebra $\mathcal P_m:=\mathbb F_2[x_1, x_2, \ldots, x_m]$, regarded as a connected unstable $\mathscr A$-module on $m$ variables $x_1, \ldots, x_m,$ each of degree 1. The algebra $\mathcal P_m$ is the $\mathbb F_2$-cohomology of the product of $m$ copies of the Eilenberg-MacLan complex $K(\mathbb F_2, 1).$ Although the hit problem has been thoroughly studied for more than 3 decades, solving it remains a mystery for $m\geq 5.$ The aim of this work is of studying the hit problem of five variables. More precisely, we develop our previous work \cite{D.P3} on the hit problem for $\mathscr A$-module $\mathcal P_5$ in a degree of the generic form $n_t:=5(2^t-1) + 18.2^t,$ for any non-negative integer $t.$ An efficient approach to solve this problem had been presented. Moreover, we provide an algorithm in MAGMA for verifying the results and studying the hit problem in general. As an consequence, the calculations confirmed Sum's conjecture \cite{N.S2} for the relationship between the minimal sets of $\mathscr A$-generators of the polynomial algebras $\mathcal P_{m-1}$ and $\mathcal P_{m}$ in the case $m=5$ and degree $n_t.$ Two applications of this study are to determine the dimension of $\mathcal P_6$ in the generic degree $5(2^{t+4}-1) + n_1.2^{t+4}$ for all $t > 0$ and describe the modular representations of the general linear group of rank 5 over $\mathbb F_2.$ As a corollary, the cohomological "transfer", defined by W. Singer \cite{W.S1}, is an isomorphism at the bidegree $(5, 5+n_0).$ Singer's transfer is one of the relatively efficient tools to approach the structure of mod-2 cohomology of the Steenrod algebra.

On the dimension of the "cohits" space $\mathbb Z_2\otimes_{\mathcal A_2} H^{*}((\mathbb RP(\infty))^{\times t}, \mathbb Z_2)$ and some applications

We denote by $\mathbb Z_2$ the prime field of two elements and by $P_t = \mathbb Z_2[x_1, \ldots, x_t]$ the polynomial algebra of $t$ generators $x_1, \ldots, x_t$ with the degree of each $x_i$ being one. Let $\mathcal A_2$ be the Steenrod algebra over $\mathbb Z_2.$ A central problem of homotopy theory is to determine a minimal set of generators for the $\mathbb Z_2$-graded vector space $\mathbb Z_2\otimes_{\mathcal A_2} P_t.$ This problem, which is called the "hit" problem for Steenrod algebra, has been systematically studied for $t\leq 4.$ The present paper is devoted to the investigation of the structure of the "cohits" space $\mathbb Z_2\otimes_{\mathcal A_2} P_t$ in some certain "generic" degrees. More specifically, we explicitly determine a monomial basis of $\mathbb Z_2\otimes_{\mathcal A_2} P_5$ in degree \mbox{$n_s=5(2^{s}-1) + 42.2^{s}$} for every non-negative integer $s.$ As a result, it confirms Sum's conjecture \cite{N.S2} for a relation between the minimal sets of $\mathcal A_2$-generators of the algebras $P_{t-1}$ and $P_{t}$ in the case $t=5$ and degree $n_s$. Based on Kameko's map \cite{M.K} and a previous result by Sum \cite{N.S1}, we obtain a inductive formula for the dimension of $\mathbb Z_2\otimes_{\mathcal A_2} P_t$ in a generic degree given. As an application, we obtain the dimension of $\mathbb Z_2\otimes_{\mathcal A_2} P_6$ in the generic degree $5(2^{s+5}-1) + n_0.2^{s+5}$ for all $s\geq 0,$ and show that the Singer's cohomological transfer \cite{W.S1} is an isomorphism in bidegree $(5, 5+n_s)$.

The "hit" problem of five variables in the generic degree and its application

Let $P_s:= \mathbb F_2[x_1,x_2,\ldots ,x_s]$ be the graded polynomial algebra over the prime field of two elements, $\mathbb F_2$, in $s$ variables $x_1, x_2, \ldots , x_s$, each of degree one. This algebra is considered as a graded module over the mod-2 Steenrod algebra, $\mathscr {A}$. We are interested in the "hit" problem of finding a minimal set of generators for $\mathscr A$-module $P_s.$ This problem is unresolved for every $s\geqslant 5.$ In this paper, we study the hit problem of five variables in a generic degree, from which we investigate Singer's conjecture [Math. Z. 202 (1989), 493-523] for the transfer homomorphism of rank $5$ in degrees given. This gives an efficient method to study the algebraic transfer and it is different from the ones of Singer.

On Peterson's open problem and representations of the general linear groups

Fix $\mathbb Z/2$ is the prime field of two elements and write $\mathcal A_2$ for the mod $2$ Steenrod algebra. Denote by $GL_d:= GL(d, \mathbb Z/2)$ the general linear group of rank $d$ over $\mathbb Z/2$ and by $\mathscr P_d$ the polynomial algebra $\mathbb Z/2[x_1, x_2, \ldots, x_d],$ which is viewed as a connected unstable $\mathcal A_2$-module on $d$ generators of degree one. We study the Peterson "hit problem" of finding the minimal set of $\mathcal A_2$-generators for $\mathscr P_d.$ It is equivalent to determining a $\mathbb Z/2$-basis for the space of "cohits"$$Q\mathscr P_d := \mathbb Z/2\otimes_{\mathcal A_2} \mathscr P_d \cong \mathscr P_d/\mathcal A_2^+\mathscr P_d.$$ This $Q\mathscr P_d$ is considered as a form modular representation of $GL_d$ over $\mathbb Z/2.$ The problem for $d= 5$ is not yet completely solved, and unknown in general. In this work, we give an explicit solution to the hit problem of five variables in the generic degree $n = r(2^t -1) + 2^ts$ with $r = d = 5,\ s =8$ and $t$ an arbitrary non-negative integer. An application of this study to the cases $t = 0$ and $t = 1$ shows that the Singer algebraic transfer is an isomorphism in the bidegrees $(5, 5+(13.2^{0} - 5))$ and $(5, 5+(13.2^{1} - 5)).$ Moreover, the result when $t\geq 2$ was also discussed. Here, the Singer transfer of rank $d$ is a $\mathbb Z/2$-algebra homomorphism from $GL_d$-coinvariants of certain subspaces of $Q\mathscr P_d$ to the cohomology groups of the Steenrod algebra, ${\rm Ext}_{\mathcal A_2}^{d, d+*}(\mathbb Z/2, \mathbb Z/2).$ It is one of the useful tools for studying mysterious Ext groups and the Kervaire invariant one problem.

Batching CSIDH Group Actions using AVX-512

Commutative Supersingular Isogeny Diffie-Hellman (or CSIDH for short) is a recently-proposed post-quantum key establishment scheme that belongs to the family of isogeny-based cryptosystems. The CSIDH protocol is based on the action of an ideal class group on a set of supersingular elliptic curves and comes with some very attractive features, e.g. the ability to serve as a “drop-in” replacement for the standard elliptic curve Diffie-Hellman protocol. Unfortunately, the execution time of CSIDH is prohibitively high for many real-world applications, mainly due to the enormous computational cost of the underlying group action. Consequently, there is a strong demand for optimizations that increase the efficiency of the class group action evaluation, which is not only important for CSIDH, but also for related cryptosystems like the signature schemes CSI-FiSh and SeaSign. In this paper, we explore how the AVX-512 vector extensions (incl. AVX-512F and AVX-512IFMA) can be utilized to optimize constant-time evaluation of the CSIDH-512 class group action with the goal of, respectively, maximizing throughput and minimizing latency. We introduce different approaches for batching group actions and computing them in SIMD fashion on modern Intel processors. In particular, we present a hybrid batching technique that, when combined with optimized (8 × 1)-way prime-field arithmetic, increases the throughput by a factor of 3.64 compared to a state-of-the-art (non-vectorized) x64 implementation. On the other hand, vectorization in a 2-way fashion aimed to reduce latency makes our AVX-512 implementation of the group action evaluation about 1.54 times faster than the state-of-the-art. To the best of our knowledge, this paper is the first to demonstrate the high potential of using vector instructions to increase the throughput (resp. decrease the latency) of constant-time CSIDH.

High-Speed Area-Efficient Processor for Elliptic Curve Point Multiplication Over Prime Field Along with RSA Comparison

Creating a high-speed elliptic curve cryptographic (ECC) processor capable of performing fast point Multiplication with low hardware utilisation is a critical requirement in cryptography and network security. This paper describes the implementation of a high-speed, field-programmable gate array (FPGA) in this paper. A high-security digital signature technique is implemented using Edwards25519, a recently approved twisted Edwards’s curve. For point addition and point doubling operations on the twisted Edwards curve, advanced hardware configurations are developed in which each task involves only 516 and 1029 clock cycles, respectively. As an observation the ECC processor presented in this paper begins with the process which takes 1.48 ms of single-point multiplication to be performed. The comparison of key size and its ratio which shows the impact on processing of each processor is shown for ECC processor and RSA processor. The delay and number of slices used for the ECC processor is shown and this is a developed solution saves time by providing rapid scalar multiplication with low hardware consumption without compromising on security.

Jordan triple homomorphisms on $${\mathcal {T}}_\infty (F)$$

Let $${\mathcal {T}}_\infty (F)$$ T ∞ ( F ) be the algebra of all $${\mathbb {N}}\times {\mathbb {N}}$$ N × N upper triangular matrices defined over a field F of characteristic different from 2. We consider the Jordan triple homomorphisms of $${\mathcal {T}}_\infty (F)$$ T ∞ ( F ) , i.e. the additive maps that satisfy the condition $$\phi (xyx)=\phi (x)\phi (y)\phi (x)$$ ϕ ( x y x ) = ϕ ( x ) ϕ ( y ) ϕ ( x ) for all $$x,y\in {\mathcal {T}}_\infty (F)$$ x , y ∈ T ∞ ( F ) . For the case when F is a prime field we find the form of all such maps $$\phi $$ ϕ . For the general case we present the form of the surjective maps $$\phi $$ ϕ .

An Efficient Approach to Point-Counting on Elliptic Curves from a Prominent Family over the Prime Field Fp

Here, we elaborate an approach for determining the number of points on elliptic curves from the family Ep={Ea:y2=x3+a(modp),a≠0}, where p is a prime number >3. The essence of this approach consists in combining the well-known Hasse bound with an explicit formula for the quantities of interest-reduced modulo p. It allows to advance an efficient technique to compute the six cardinalities associated with the family Ep, for p≡1(mod3), whose complexity is O˜(log2p), thus improving the best-known algorithmic solution with almost an order of magnitude.

The hit problem of five variables in the generic degree $5(2^{s}-1) + 42.2^{s}$ and its application

We denote by $\mathbb Z_2$ the prime field of two elements and by $P_t = \mathbb Z_2[x_1, \ldots, x_t]$ the polynomial algebra of $t$ generators $x_1, \ldots, x_t$ with $\deg(x_j) = 1.$ Let $\mathcal A_2$ be the Steenrod algebra over $\mathbb Z_2.$ A central problem of homotopy theory is to determine a minimal set of generators for the $\mathbb Z_2$-graded vector space $\{(\mathbb Z_2\otimes_{\mathcal A_2} P_t)_n\}_{n\geq 0}.$ It is called \textit{the "hit" problem} for Steenrod algebra and has been completely solved for $t\leq 4.$ In this article, we explicitly solve the hit problem of five variables in the "generic" degree $n=5(2^{s}-1) + 42.2^{s}$ for every non-negative integer $s.$ The result confirms Sum's conjecture [15] for the relation between the minimal sets of $\mathcal A_2$-generators of the algebras $P_{t-1}$ and $P_{t}$ in the case $t=5$ and degree $n$ above. An efficient approach for surveying the hit problem of five variables has been presented. As an application, we obtain the dimension of $(\mathbb Z_2\otimes_{\mathcal A_2} P_t)_n$ for $t = 6$ and degree $5(2^{s+5}-1) + 42.2^{s+5}$ for all $s\geq 0.$ At the same time, we show that the Singer transfer homomorphism is an isomorphism in bidegree $(5, 5+n)$.