Paper 2020/969

Hashing to elliptic curves of $j=0$ and quadratic imaginary orders of class number $2$

Dmitrii Koshelev

Abstract

In this article we produce the simplified SWU encoding to some Barreto--Naehrig curves, including BN512, BN638 from the standards ISO/IEC 15946-5 and TCG Algorithm Registry respectively. Moreover, we show (for any $j$-invariant) how to implement the simplified SWU encoding in constant time of one exponentiation in the basic field, namely without quadratic residuosity tests and inversions. Thus in addition to the protection against timing attacks, the new encoding turns out to be much more efficient than the (universal) SWU encoding, which generally requires to perform two quadratic residuosity tests.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
Barreto--Naehrig curvesconstant-time implementationhashing to elliptic curvesKummer surfacespairing-based cryptographyquadratic imaginary ordersrational curves and their parametrizationvertical isogenies
Contact author(s)
dishport @ yandex ru
History
2021-08-08: last of 7 revisions
2020-08-18: received
See all versions
Short URL
https://ia.cr/2020/969
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2020/969,
      author = {Dmitrii Koshelev},
      title = {Hashing to elliptic curves of $j=0$ and quadratic imaginary orders of class number $2$},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/969},
      year = {2020},
      url = {https://eprint.iacr.org/2020/969}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.