Paper 2022/794

Generation of "independent" points on elliptic curves by means of Mordell--Weil lattices

Dmitrii Koshelev, Télécom Paris
Abstract

This article develops a novel method of generating "independent" points on an ordinary elliptic curve $E$ over a finite field. Such points are actively used in the Pedersen vector commitment scheme and its modifications. In particular, the new approach is relevant for Pasta curves (of $j$-invariant $0$), which are very popular in the given type of elliptic cryptography. These curves are defined over highly $2$-adic fields, hence successive generation of points via a hash function to $E$ is an expensive solution. Our method also satisfies the NUMS (Nothing Up My Sleeve) principle, but it works faster on average. More precisely, instead of finding each point separately in constant time, we suggest to sample several points at once with some probability.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint.
Keywords
elliptic curves "independent" points isotrivial elliptic surfaces Mordell--Weil lattices vector commitment schemes
Contact author(s)
dimitri koshelev @ gmail com
History
2022-07-22: last of 3 revisions
2022-06-20: received
See all versions
Short URL
https://ia.cr/2022/794
License
No rights reserved
CC0

BibTeX 

@misc{cryptoeprint:2022/794,
      author = {Dmitrii Koshelev},
      title = {Generation of "independent" points on elliptic curves by means of Mordell--Weil lattices},
      howpublished = {Cryptology ePrint Archive, Paper 2022/794},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/794}},
      url = {https://eprint.iacr.org/2022/794}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.