Indifferentiable hashing to ordinary elliptic $\mathbb{F}_{\!q}$-curves of $j=0$ with the cost of one exponentiation in $\mathbb{F}_{\!q}$

Dmitrii Koshelev

Paper 2021/301

Indifferentiable hashing to ordinary elliptic -curves of with the cost of one exponentiation in

Dmitrii Koshelev

Abstract

Let be a finite field and be an ordinary (i.e., non-supersingular) elliptic curve (of -invariant ) such that and . For example, these conditions are fulfilled for the curve BLS12-381 (). It is a de facto standard in the real world pairing-based cryptography at the moment. This article provides a new constant-time hash function indifferentiable from a random oracle. Its main advantage is the fact that computes only one exponentiation in . In comparison, the previous fastest constant-time indifferentiable hash functions to compute two exponentiations in . In particular, applying to the widely used BLS multi-signature with different messages, the verifier should perform only exponentiations rather than ones during the hashing phase.

Metadata

Available format(s): PDF
Category: Implementation
Publication info: Preprint.
Keywords: cubic residue symbol and cubic roots indifferentiability from a random oracle pairing-based cryptography
Contact author(s): dimitri koshelev @ gmail com
History: 2021-09-29: last of 7 revisions; 2021-03-09: received; See all versions
Short URL: https://ia.cr/2021/301
License: CC BY

BibTeX

@misc{cryptoeprint:2021/301,
      author = {Dmitrii Koshelev},
      title = {Indifferentiable hashing to ordinary elliptic $\mathbb{F}_{\!q}$-curves of $j=0$ with the cost of one exponentiation in $\mathbb{F}_{\!q}$},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/301},
      year = {2021},
      url = {https://eprint.iacr.org/2021/301}
}