You are looking at a specific version 20200902:125512 of this paper. See the latest version.

Paper 2020/969

Hashing to elliptic curves of $j=0$ and quadratic imaginary orders of class number $2$

Dmitrii Koshelev

Abstract

Let $\mathbb{F}_{\!p}$ be a prime finite field ($p > 5$) and $E_b\!: y_0^2 = x_0^3 + b$ be an elliptic $\mathbb{F}_{\!p}$-curve of $j$-invariant $0$. In this article we produce the simplified SWU hashing to curves $E_b$ having an $\mathbb{F}_{\!p^2}$-isogeny of degree $5$. This condition is fulfilled for some Barreto--Naehrig curves, including BN512 from the standard ISO/IEC 15946-5. Moreover, we show how to implement the simplified SWU hashing in constant time (for any $j$-invariant), namely without quadratic residuosity tests and inversions in $\mathbb{F}_{\!p}$. Thus in addition to the protection against timing attacks, the new hashing $h\!: \mathbb{F}_{\!p} \to E_b(\mathbb{F}_{\!p})$ turns out to be much more efficient than the (universal) SWU hashing, which generally requires to perform $2$ quadratic residuosity tests.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
constant-time implementationhashing to elliptic curvesKummer surfacespairing-based cryptographyrational curves and their parametrizationvertical isogenies
Contact author(s)
dishport @ yandex ru
History
2021-08-08: last of 7 revisions
2020-08-18: received
See all versions
Short URL
https://ia.cr/2020/969
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.