Kummer for Genus One over Prime Order Fields
نویسندگان
چکیده
This work considers the problem of fast and secure scalar multiplication using curves of genus one defined over a field of prime order. Previous work by Gaudry and Lubicz in 2009 had suggested the use of the associated Kummer line to speed up scalar multiplication. In this work, we explore this idea in detail. The first task is to obtain an elliptic curve in Legendre form which satisfies necessary security conditions such that the associated Kummer line has small parameters and a base point with small coordinates. In turns out that the ladder step on the Kummer line supports parallelism and can be implemented very efficiently in constant time using the single-instruction multiple-data (SIMD) operations available in modern processors. For the 128-bit security level, this work presents three Kummer lines denoted as K1 := KL2519(81, 20), K2 := KL25519(82, 77) and K3 := KL2663(260, 139) over the three primes 2 251 − 9, 2 − 19 and 2 − 3 respectively. Implementations of scalar multiplications for all the three Kummer lines using Intel intrinsics have been done and the code is publicly available. Timing results on the recent Skylake and the earlier Haswell processors of Intel indicate that both fixed base and variable base scalar multiplications for K1 and K2 are faster than those achieved by Sandy2x which is a highly optimised SIMD implementation in assembly of the well known Curve25519; for example, on Skylake, variable base scalar multiplication on K1 is faster than Curve25519 by about 25%. On Skylake, both fixed base and variable base scalar multiplication for K3 are faster than Sandy2x; whereas on Haswell, fixed base scalar multiplication for K3 is faster than Sandy2x while variable base scalar multiplication for both K3 and Sandy2x take roughly the same time. In fact, on Skylake, K3 is both faster and also offers about 5 bits of higher security compared to Curve25519. In practical terms, the particular Kummer lines that are introduced in this work are serious candidates for deployment and standardisation.
منابع مشابه
A Note on an Asymptotically Good Tame Tower
The explicit construction of function fields tower with many rational points relative to the genus in the tower play a key role for the construction of asymptotically good algebraic-geometric codes. In 1997 Garcia, Stichtenoth and Thomas [6] exhibited two recursive asymptotically good Kummer towers over any non-prime field. Wulftange determined the limit of one tower in his PhD thesis [13]. In ...
متن کاملConstructing pairing-friendly genus 2 curves over prime fields with ordinary Jacobians
We provide the first explicit construction of genus 2 curves over finite fields whose Jacobians are ordinary, have large prime-order subgroups, and have small embedding degree. Our algorithm works for arbitrary embedding degrees k and prime subgroup orders r. The resulting abelian surfaces are defined over prime fields Fq with q ≈ r. We also provide an algorithm for constructing genus 2 curves ...
متن کاملOn the Number of Points of Some Kummer Curves over Finite Fields
Let l be a prime number and let k = Fq be a finite field of characteristic p 6= l with q = p elements. Let n ≥ 1. The curve Cn : y l = x(x n − 1) is smooth of genus gn = φ(l) 2 = l(l−1) 2 over k. Let Fn/k be the function field of Cn, let PFn denote the set of places, and let DivFn denote the group of divisors of Fn/k. The absolute norm N(P) of a place P ∈ PFn is the cardinality of its residue c...
متن کاملStructure of finite wavelet frames over prime fields
This article presents a systematic study for structure of finite wavelet frames over prime fields. Let $p$ be a positive prime integer and $mathbb{W}_p$ be the finite wavelet group over the prime field $mathbb{Z}_p$. We study theoretical frame aspects of finite wavelet systems generated by subgroups of the finite wavelet group $mathbb{W}_p$.
متن کاملConstructing Pairing-Friendly Genus 2 Curves with Ordinary Jacobians
We provide the first explicit construction of genus 2 curves over finite fields whose Jacobians are ordinary, have large prime-order subgroups, and have small embedding degree. Our algorithm is modeled on the Cocks-Pinch method for constructing pairing-friendly elliptic curves [5], and works for arbitrary embedding degrees k and prime subgroup orders r. The resulting abelian surfaces are define...
متن کامل