Cryptology ePrint Archive: Report 2020/969

Hashing to elliptic curves of $j=0$ and quadratic imaginary orders of class number $2$

Dmitrii Koshelev

Abstract: In this article we produce the simplified SWU encoding to some Barreto--Naehrig curves, including BN512, BN638 from the standards ISO/IEC 15946-5 and TCG Algorithm Registry respectively. Moreover, we show (for any $j$-invariant) how to implement the simplified SWU encoding in constant time of one exponentiation in the basic field, namely without quadratic residuosity tests and inversions. Thus in addition to the protection against timing attacks, the new encoding turns out to be much more efficient than the (universal) SWU encoding, which generally requires to perform two quadratic residuosity tests.

Category / Keywords: implementation / Barreto--Naehrig curves, constant-time implementation, hashing to elliptic curves, Kummer surfaces, pairing-based cryptography, quadratic imaginary orders, rational curves and their parametrization, vertical isogenies

Date: received 8 Aug 2020, last revised 8 Jun 2021

Contact author: dishport at yandex ru

Available format(s): PDF | BibTeX Citation

Version: 20210608:191953 (All versions of this report)

Short URL: ia.cr/2020/969


[ Cryptology ePrint archive ]