Hashing to elliptic curves of $j$-invariant $1728$

Dmitrii Koshelev

Paper 2019/1294

Hashing to elliptic curves of $j$ -invariant $1728$

Dmitrii Koshelev

Abstract

This article generalizes the simplified Shallue--van de Woestijne--Ulas (SWU) method of a deterministic finite field mapping $h : F_{q} \to E_{a} (F_{q})$ to the case of any elliptic $F_{q}$ -curve $E_{a} : y^{2} = x^{3} - a x$ of $j$ -invariant $1728$ . In comparison with the (classical) SWU method the simplified SWU method allows to avoid one quadratic residuosity test in the field $F_{q}$ , which is a quite painful operation in cryptography with regard to timing attacks. More precisely, in order to derive $h$ we obtain a rational $F_{q}$ -curve $C$ (and its explicit quite simple proper $F_{q}$ -parametrization) on the Kummer surface $K^{'}$ associated with the direct product $E_{a} \times E_{a}^{'}$ , where $E_{a}^{'}$ is the quadratic $F_{q}$ -twist of $E_{a}$ . Our approach of finding $C$ is based on the fact that every curve $E_{a}$ has a vertical $F_{q^{2}}$ -isogeny of degree $2$ .

Metadata

Available format(s): PDF
Category: Implementation
Publication info: Preprint. MINOR revision.
Keywords: finite fields pairing-based cryptography elliptic curves of -invariant Kummer surfaces rational curves Weil restriction isogenies
Contact author(s): dishport @ ya ru
History: 2021-06-21: last of 12 revisions; 2019-11-07: received; See all versions
Short URL: https://ia.cr/2019/1294
License: CC BY

BibTeX

@misc{cryptoeprint:2019/1294,
      author = {Dmitrii Koshelev},
      title = {Hashing to elliptic curves of $j$-invariant $1728$},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/1294},
      year = {2019},
      url = {https://eprint.iacr.org/2019/1294}
}

Paper 2019/1294

Hashing to elliptic curves of j-invariant 1728

Abstract

Metadata

Hashing to elliptic curves of $j$ -invariant $1728$