Hyper-and-elliptic-curve Clock( R ): the commutative group ( x; y - PowerPoint PPT Presentation

� � Hyper-and-elliptic-curve Clock( R ): the commutative group ( x; y ) ∈ R × R : x 2 + y 2 = 1 ˘ ¯ cryptography under the operations Daniel J. Bernstein “0”: () �→ (0 ; 1); University of Illinois at Chicago & “ − ”: ( x; y ) �→ ( − x; y ); Technische Universiteit Eindhoven “+”: ( x 1 ; y 1 ) ; ( x 2 ; y 2 ) �→ Includes recent joint work with: ( x 1 y 2 + y 1 x 2 ; y 1 y 2 − x 1 x 2 ). Tanja Lange y Technische Universiteit Eindhoven neutral = (0 ; 1) • cr.yp.to/papers.html#hyperand P 1 = ( x 1 ; y 1 ) • ✂ ✂ ✂ P 2 = ( x 2 ; y 2 ) ✂ • ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ x P ✐ ✂ P P P P P P • P 3 = ( x 3 ; y 3 )

� � er-and-elliptic-curve Clock( R ): the commutative group More clo ( x; y ) ∈ R × R : x 2 + y 2 = 1 ˘ ¯ cryptography “A parametrize under the operations J. Bernstein t �→ (sin “0”: () �→ (0 ; 1); University of Illinois at Chicago & is a group “ − ”: ( x; y ) �→ ( − x; y ); echnische Universiteit Eindhoven inducing “+”: ( x 1 ; y 1 ) ; ( x 2 ; y 2 ) �→ Includes recent joint work with: ( x 1 y 2 + y 1 x 2 ; y 1 y 2 − x 1 x 2 ). Lange y echnische Universiteit Eindhoven neutral = (0 ; 1) • cr.yp.to/papers.html#hyperand P 1 = ( x 1 ; y 1 ) • ✂ ✂ ✂ P 2 = ( x 2 ; y 2 ) ✂ • ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ x ✐ P ✂ P P P P P P • P 3 = ( x 3 ; y 3 )

� � er-and-elliptic-curve Clock( R ): the commutative group More clock perspectives: ( x; y ) ∈ R × R : x 2 + y 2 = 1 ˘ ¯ “A parametrized clo under the operations Bernstein t �→ (sin t; cos t ) “0”: () �→ (0 ; 1); Illinois at Chicago & is a group hom R “ − ”: ( x; y ) �→ ( − x; y ); Universiteit Eindhoven inducing R = 2 ı Z , ։ “+”: ( x 1 ; y 1 ) ; ( x 2 ; y 2 ) �→ joint work with: ( x 1 y 2 + y 1 x 2 ; y 1 y 2 − x 1 x 2 ). y Universiteit Eindhoven neutral = (0 ; 1) • cr.yp.to/papers.html#hyperand P 1 = ( x 1 ; y 1 ) • ✂ ✂ ✂ P 2 = ( x 2 ; y 2 ) ✂ • ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ x P ✐ ✂ P P P P P P • P 3 = ( x 3 ; y 3 )

� � Clock( R ): the commutative group More clock perspectives: ( x; y ) ∈ R × R : x 2 + y 2 = 1 ˘ ¯ “A parametrized clock”: under the operations t �→ (sin t; cos t ) “0”: () �→ (0 ; 1); Chicago & is a group hom R ։ Clock( R “ − ”: ( x; y ) �→ ( − x; y ); Eindhoven inducing R = 2 ı Z , ։ Clock( R “+”: ( x 1 ; y 1 ) ; ( x 2 ; y 2 ) �→ with: ( x 1 y 2 + y 1 x 2 ; y 1 y 2 − x 1 x 2 ). y Eindhoven neutral = (0 ; 1) • cr.yp.to/papers.html#hyperand P 1 = ( x 1 ; y 1 ) • ✂ ✂ ✂ P 2 = ( x 2 ; y 2 ) ✂ • ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ x P ✐ ✂ P P P P P P • P 3 = ( x 3 ; y 3 )

� � Clock( R ): the commutative group More clock perspectives: ( x; y ) ∈ R × R : x 2 + y 2 = 1 ˘ ¯ “A parametrized clock”: under the operations t �→ (sin t; cos t ) “0”: () �→ (0 ; 1); is a group hom R ։ Clock( R ) “ − ”: ( x; y ) �→ ( − x; y ); inducing R = 2 ı Z , ։ Clock( R ). “+”: ( x 1 ; y 1 ) ; ( x 2 ; y 2 ) �→ ( x 1 y 2 + y 1 x 2 ; y 1 y 2 − x 1 x 2 ). y neutral = (0 ; 1) • P 1 = ( x 1 ; y 1 ) • ✂ ✂ ✂ P 2 = ( x 2 ; y 2 ) ✂ • ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ x P ✐ ✂ P P P P P P • P 3 = ( x 3 ; y 3 )

� � Clock( R ): the commutative group More clock perspectives: ( x; y ) ∈ R × R : x 2 + y 2 = 1 ˘ ¯ “A parametrized clock”: under the operations t �→ (sin t; cos t ) “0”: () �→ (0 ; 1); is a group hom R ։ Clock( R ) “ − ”: ( x; y ) �→ ( − x; y ); inducing R = 2 ı Z , ։ Clock( R ). “+”: ( x 1 ; y 1 ) ; ( x 2 ; y 2 ) �→ “Complex numbers of norm 1”: ( x 1 y 2 + y 1 x 2 ; y 1 y 2 − x 1 x 2 ). { u ∈ C : uu = 1 } is a group under y 1; u �→ u ; u 1 ; u 2 �→ u 1 u 2 . neutral = (0 ; 1) ( x; y ) �→ y + ix is a group hom • P 1 = ( x 1 ; y 1 ) • Clock( R ) , ։ { u ∈ C : uu = 1 } . ✂ ✂ ✂ P 2 = ( x 2 ; y 2 ) ✂ • ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ x ✐ P ✂ P P P P P P • P 3 = ( x 3 ; y 3 )

� � Clock( R ): the commutative group More clock perspectives: ( x; y ) ∈ R × R : x 2 + y 2 = 1 ˘ ¯ “A parametrized clock”: under the operations t �→ (sin t; cos t ) “0”: () �→ (0 ; 1); is a group hom R ։ Clock( R ) “ − ”: ( x; y ) �→ ( − x; y ); inducing R = 2 ı Z , ։ Clock( R ). “+”: ( x 1 ; y 1 ) ; ( x 2 ; y 2 ) �→ “Complex numbers of norm 1”: ( x 1 y 2 + y 1 x 2 ; y 1 y 2 − x 1 x 2 ). { u ∈ C : uu = 1 } is a group under y 1; u �→ u ; u 1 ; u 2 �→ u 1 u 2 . neutral = (0 ; 1) ( x; y ) �→ y + ix is a group hom • P 1 = ( x 1 ; y 1 ) • Clock( R ) , ։ { u ∈ C : uu = 1 } . ✂ ✂ ✂ P 2 = ( x 2 ; y 2 ) ✂ • ✐ ✂ ✐ ✐ ✐ “2-dimensional rotations”: ✂ ✐ ✐ x P ✐ ✂ “ y P P P x ” P P ( x; y ) �→ is a P • P 3 = ( x 3 ; y 3 ) − x y group hom Clock( R ) , ։ SO 2 ( R ).

� � R ): the commutative group More clock perspectives: Clocks over ) ∈ R × R : x 2 + y 2 = 1 ¯ “A parametrized clock”: Clock( F 7 the operations ˘ t �→ (sin t; cos t ) ( x; y ) ∈ () �→ (0 ; 1); is a group hom R ։ Clock( R ) Group op ( x; y ) �→ ( − x; y ); inducing R = 2 ı Z , ։ Clock( R ). · ( x 1 ; y 1 ) ; ( x 2 ; y 2 ) �→ · “Complex numbers of norm 1”: + y 1 x 2 ; y 1 y 2 − x 1 x 2 ). { u ∈ C : uu = 1 } is a group under · y 1; u �→ u ; u 1 ; u 2 �→ u 1 u 2 . · neutral = (0 ; 1) ( x; y ) �→ y + ix is a group hom · • P 1 = ( x 1 ; y 1 ) • Clock( R ) , ։ { u ∈ C : uu = 1 } . · ✂ ✂ ✂ P 2 = ( x 2 ; y 2 ) ✂ • · ✐ ✂ ✐ ✐ ✐ “2-dimensional rotations”: ✂ ✐ ✐ x P ✐ ✂ “ y P P P Diagram x ” P P ( x; y ) �→ is a P • P 3 = ( x 3 ; y 3 ) − x y − 3 ; − 2 ; − group hom Clock( R ) , ։ SO 2 ( R ).

� commutative group More clock perspectives: Clocks over finite fields : x 2 + y 2 = 1 ¯ “A parametrized clock”: Clock( F 7 ) = erations ˘ t �→ (sin t; cos t ) ( x; y ) ∈ F 7 × F 7 1); is a group hom R ։ Clock( R ) Group operations as − x; y ); inducing R = 2 ı Z , ։ Clock( R ). · · · · 2 ; y 2 ) �→ · • · · · “Complex numbers of norm 1”: y 2 − x 1 x 2 ). { u ∈ C : uu = 1 } is a group under · · · • · 1; u �→ u ; u 1 ; u 2 �→ u 1 u 2 . · · • · · neutral = (0 ; 1) ( x; y ) �→ y + ix is a group hom · · · • · P 1 = ( x 1 ; y 1 ) • Clock( R ) , ։ { u ∈ C : uu = 1 } . · • · · · ✂ ✂ P 2 = ( x 2 ; y 2 ) • · · · · ✐ ✐ ✐ ✐ “2-dimensional rotations”: x “ y Diagram plots F 7 as x ” P P ( x; y ) �→ is a P • P 3 = ( x 3 ; y 3 ) − x y − 3 ; − 2 ; − 1 ; 0 ; 1 ; 2 ; group hom Clock( R ) , ։ SO 2 ( R ).

commutative group More clock perspectives: Clocks over finite fields ¯ = 1 “A parametrized clock”: Clock( F 7 ) = ( x; y ) ∈ F 7 × F 7 : x 2 + y 2 ˘ t �→ (sin t; cos t ) is a group hom R ։ Clock( R ) Group operations as before. inducing R = 2 ı Z , ։ Clock( R ). · · · · · · · · • · · · · • · · “Complex numbers of norm 1”: ). { u ∈ C : uu = 1 } is a group under · · · • · · · · 1; u �→ u ; u 1 ; u 2 �→ u 1 u 2 . · · • · · • · · · (0 ; 1) ( x; y ) �→ y + ix is a group hom · · · • · · · · ( x 1 ; y 1 ) Clock( R ) , ։ { u ∈ C : uu = 1 } . · • · · · · • · · = ( x 2 ; y 2 ) · · · · · · · “2-dimensional rotations”: x “ y Diagram plots F 7 as x ” ( x; y ) �→ is a ( x 3 ; y 3 ) − x y − 3 ; − 2 ; − 1 ; 0 ; 1 ; 2 ; 3. group hom Clock( R ) , ։ SO 2 ( R ).

More clock perspectives: Clocks over finite fields “A parametrized clock”: Clock( F 7 ) = ( x; y ) ∈ F 7 × F 7 : x 2 + y 2 = 1 ˘ ¯ t �→ (sin t; cos t ) . is a group hom R ։ Clock( R ) Group operations as before. inducing R = 2 ı Z , ։ Clock( R ). · · · · · · · · • · · · · • · · “Complex numbers of norm 1”: { u ∈ C : uu = 1 } is a group under · · · • · · · · 1; u �→ u ; u 1 ; u 2 �→ u 1 u 2 . · · • · · • · · · ( x; y ) �→ y + ix is a group hom · · · • · · · · Clock( R ) , ։ { u ∈ C : uu = 1 } . · • · · · · • · · · · · · · · · “2-dimensional rotations”: “ y Diagram plots F 7 as x ” ( x; y ) �→ is a − x y − 3 ; − 2 ; − 1 ; 0 ; 1 ; 2 ; 3. group hom Clock( R ) , ։ SO 2 ( R ).

Hyper-and-elliptic-curve Clock( R ): the commutative group ( x; y - PowerPoint PPT Presentation

Hyper-and-elliptic-curve Clock( R ): the commutative group ( x; y ) R R : x 2 + y 2 = 1 cryptography under the operations Daniel J. Bernstein 0: () (0 ; 1); University of Illinois at Chicago &

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Elliptic Curves over the Rational Mordells Theorem Numbers Q An elliptic curve is a

Quick Review: Quadratic Residues Koblitzs Method We want to solve equations like: All of the

Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Next-generation elliptic-curve cryptography (ECC) Daniel J. Bernstein Cryptographic

Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm Problem

The AGM- X 0 ( N ) Algorithm Heegner point lifting with application to elliptic curve point

Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018

Elliptic Curves over Q Peter Birkner Technische Universiteit Eindhoven DIAMANT Summer School on

Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July

Efficient Finite Field and Elliptic Curve Arithmetic Laurent Imbert CNRS, LIRMM, Universit e

Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The

1 / 25 Elliptic Curve Cryptography EC crypto consists of geometric points with an addition

Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven

On Using Torsion Points in the Elliptic Curve Index Calculus Gu ena el Renault Sorbonne

A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March

Elliptic Curve Cryptography in Bitcoin Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of

elliptic curve cryptography Craig Costello Summer School on Real-World Crypto and Privacy June

A Proof of the Group Properties of an Elliptic Curve David M. Russinoff ACL2 Workshop 2017 May

Efficient arithmetic on elliptic curves in large characteristic D. J. Bernstein University of

The elliptic-curve zoo D. J. Bernstein University of Illinois at Chicago EC point counting 1983

Elliptic Curve Primality Proving Jared Asuncion PhD Away Days Bordeaux-Luxembourg 19 October

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil