hyper and elliptic curve cryptography which is not the
play

Hyper-and-elliptic-curve cryptography (which is not the same as: - PowerPoint PPT Presentation

Feb 27, 2023 •288 likes •1.07k views

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein Through our inefficient use of University of Illinois at Chicago & energy (gas

  1. Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein “Through our inefficient use of University of Illinois at Chicago & energy (gas guzzling vehicles, Technische Universiteit Eindhoven badly insulated buildings, Tanja Lange poorly optimized crypto, etc) Technische Universiteit Eindhoven we needlessly throw away almost a third of the energy we use.” —Greenpeace UK

  2. Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein “Through our inefficient use of University of Illinois at Chicago & energy (gas guzzling vehicles, Technische Universiteit Eindhoven badly insulated buildings, Tanja Lange poorly optimized crypto , etc) Technische Universiteit Eindhoven we needlessly throw away almost a third of the energy we use.” —Greenpeace UK (mostly)

  3. er-and-elliptic-curve DH speed cryptography Sandy Bridge is not the same as: security ❛❀ P ✼✦ ❛P erelliptic-curve cryptography (“?” if not elliptic-curve cryptography) 2011 Bernstein–Duif–Lange– Schwabe–Y J. Bernstein 2012 Hamburg: “Through our inefficient use of University of Illinois at Chicago & 2012 Longa–Sica: energy (gas guzzling vehicles, echnische Universiteit Eindhoven 2013 Bos–Costello–Hisil– badly insulated buildings, Lauter: Lange poorly optimized crypto , etc) 2013 Oliveira–L´ echnische Universiteit Eindhoven we needlessly throw away almost Rodr´ ıguez-Henr a third of the energy we use.” 2013 Faz-Hern S´ anchez: —Greenpeace UK (mostly) 2014 Bernstein–Chuengsatiansup– Lange–Schw

  4. er-and-elliptic-curve DH speed records Sandy Bridge cycles the same as: security constant-time ❛❀ P ✼✦ ❛P erelliptic-curve cryptography (“?” if not SUPERCOP-verified): elliptic-curve cryptography) 2011 Bernstein–Duif–Lange– Schwabe–Yang: Bernstein 2012 Hamburg: “Through our inefficient use of Illinois at Chicago & 2012 Longa–Sica: energy (gas guzzling vehicles, Universiteit Eindhoven 2013 Bos–Costello–Hisil– badly insulated buildings, Lauter: poorly optimized crypto , etc) 2013 Oliveira–L´ opez–Aranha– Universiteit Eindhoven we needlessly throw away almost Rodr´ ıguez-Henr´ ıquez: a third of the energy we use.” 2013 Faz-Hern´ andez–Longa– S´ anchez: —Greenpeace UK (mostly) 2014 Bernstein–Chuengsatiansup– Lange–Schwabe:

  5. DH speed records Sandy Bridge cycles for high- as: security constant-time ❛❀ P ✼✦ ❛P cryptography (“?” if not SUPERCOP-verified): cryptography) 2011 Bernstein–Duif–Lange– Schwabe–Yang: 194036 2012 Hamburg: 153000? “Through our inefficient use of Chicago & 2012 Longa–Sica: 137000? energy (gas guzzling vehicles, Eindhoven 2013 Bos–Costello–Hisil– badly insulated buildings, Lauter: 122716 poorly optimized crypto , etc) 2013 Oliveira–L´ opez–Aranha– Eindhoven we needlessly throw away almost Rodr´ ıguez-Henr´ ıquez: 114800? a third of the energy we use.” 2013 Faz-Hern´ andez–Longa– S´ anchez: 96000? —Greenpeace UK (mostly) 2014 Bernstein–Chuengsatiansup– Lange–Schwabe: 91320

  6. DH speed records Sandy Bridge cycles for high- security constant-time ❛❀ P ✼✦ ❛P (“?” if not SUPERCOP-verified): 2011 Bernstein–Duif–Lange– Schwabe–Yang: 194036 2012 Hamburg: 153000? “Through our inefficient use of 2012 Longa–Sica: 137000? energy (gas guzzling vehicles, 2013 Bos–Costello–Hisil– badly insulated buildings, Lauter: 122716 poorly optimized crypto , etc) 2013 Oliveira–L´ opez–Aranha– we needlessly throw away almost Rodr´ ıguez-Henr´ ıquez: 114800? a third of the energy we use.” 2013 Faz-Hern´ andez–Longa– S´ anchez: 96000? —Greenpeace UK (mostly) 2014 Bernstein–Chuengsatiansup– Lange–Schwabe: 91320

  7. DH speed records Critical fo Sandy Bridge cycles for high- 1986 Chudnovsky–Chudnovsky: security constant-time ❛❀ P ✼✦ ❛P traditional (“?” if not SUPERCOP-verified): allows fa 14 M for ❳ P ✼✦ ❳ P 2011 Bernstein–Duif–Lange– Schwabe–Yang: 194036 2006 Gaudry: 2012 Hamburg: 153000? “Through our inefficient use of 25 M for ❳ P ❀ ❳ ◗ ❀ ❳ ◗ � P 2012 Longa–Sica: 137000? (gas guzzling vehicles, ✼✦ ❳ (2 P ❀ ❳ ◗ P 2013 Bos–Costello–Hisil– insulated buildings, 6 M by surface Lauter: 122716 optimized crypto , etc) 2013 Oliveira–L´ opez–Aranha– 2012 Gaudry–Schost: needlessly throw away almost Rodr´ ıguez-Henr´ ıquez: 114800? 1000000-CPU-hour of the energy we use.” 2013 Faz-Hern´ andez–Longa– found secure S´ anchez: 96000? —Greenpeace UK (mostly) 2014 Bernstein–Chuengsatiansup– surface over � Lange–Schwabe: 91320

  8. DH speed records Critical for 122716, Sandy Bridge cycles for high- 1986 Chudnovsky–Chudnovsky: security constant-time ❛❀ P ✼✦ ❛P traditional Kummer (“?” if not SUPERCOP-verified): allows fast scalar mult. 14 M for ❳ ( P ) ✼✦ ❳ P 2011 Bernstein–Duif–Lange– Schwabe–Yang: 194036 2006 Gaudry: even 2012 Hamburg: 153000? inefficient use of 25 M for ❳ ( P ) ❀ ❳ ( ◗ ❀ ❳ ◗ � P 2012 Longa–Sica: 137000? guzzling vehicles, ✼✦ ❳ (2 P ) ❀ ❳ ( ◗ + P 2013 Bos–Costello–Hisil– buildings, 6 M by surface coefficients. Lauter: 122716 optimized crypto , etc) 2013 Oliveira–L´ opez–Aranha– 2012 Gaudry–Schost: throw away almost Rodr´ ıguez-Henr´ ıquez: 114800? 1000000-CPU-hour energy we use.” 2013 Faz-Hern´ andez–Longa– found secure small-co S´ anchez: 96000? UK (mostly) 2014 Bernstein–Chuengsatiansup– surface over F 2 127 � Lange–Schwabe: 91320

  9. DH speed records Critical for 122716, 91320: Sandy Bridge cycles for high- 1986 Chudnovsky–Chudnovsky: security constant-time ❛❀ P ✼✦ ❛P traditional Kummer surface (“?” if not SUPERCOP-verified): allows fast scalar mult. 14 M for ❳ ( P ) ✼✦ ❳ (2 P ). 2011 Bernstein–Duif–Lange– Schwabe–Yang: 194036 2006 Gaudry: even faster. 2012 Hamburg: 153000? use of 25 M for ❳ ( P ) ❀ ❳ ( ◗ ) ❀ ❳ ( ◗ � P 2012 Longa–Sica: 137000? vehicles, ✼✦ ❳ (2 P ) ❀ ❳ ( ◗ + P ), including 2013 Bos–Costello–Hisil– 6 M by surface coefficients. Lauter: 122716 , etc) 2013 Oliveira–L´ opez–Aranha– 2012 Gaudry–Schost: almost Rodr´ ıguez-Henr´ ıquez: 114800? 1000000-CPU-hour computation use.” 2013 Faz-Hern´ andez–Longa– found secure small-coefficient S´ anchez: 96000? (mostly) 2014 Bernstein–Chuengsatiansup– surface over F 2 127 � 1 . Lange–Schwabe: 91320

  10. DH speed records Critical for 122716, 91320: Sandy Bridge cycles for high- 1986 Chudnovsky–Chudnovsky: security constant-time ❛❀ P ✼✦ ❛P traditional Kummer surface (“?” if not SUPERCOP-verified): allows fast scalar mult. 14 M for ❳ ( P ) ✼✦ ❳ (2 P ). 2011 Bernstein–Duif–Lange– Schwabe–Yang: 194036 2006 Gaudry: even faster. 2012 Hamburg: 153000? 25 M for ❳ ( P ) ❀ ❳ ( ◗ ) ❀ ❳ ( ◗ � P ) 2012 Longa–Sica: 137000? ✼✦ ❳ (2 P ) ❀ ❳ ( ◗ + P ), including 2013 Bos–Costello–Hisil– 6 M by surface coefficients. Lauter: 122716 2013 Oliveira–L´ opez–Aranha– 2012 Gaudry–Schost: Rodr´ ıguez-Henr´ ıquez: 114800? 1000000-CPU-hour computation 2013 Faz-Hern´ andez–Longa– found secure small-coefficient S´ anchez: 96000? 2014 Bernstein–Chuengsatiansup– surface over F 2 127 � 1 . Lange–Schwabe: 91320

  11. � � � � � � � � � � � � � � � � � eed records Critical for 122716, 91320: ① 2 ② 2 ③ t ① ② ③ t Bridge cycles for high- 1986 Chudnovsky–Chudnovsky: Hadama y constant-time ❛❀ P ✼✦ ❛P traditional Kummer surface if not SUPERCOP-verified): allows fast scalar mult. ✁ ❆ 2 ✁ ❆ ✁ ❆ ❇ 2 ❈ ❉ 14 M for ❳ ( P ) ✼✦ ❳ (2 P ). Bernstein–Duif–Lange– abe–Yang: 194036 ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ 2006 Gaudry: even faster. Hamburg: 153000? 25 M for ❳ ( P ) ❀ ❳ ( ◗ ) ❀ ❳ ( ◗ � P ) Longa–Sica: 137000? Hadama ✼✦ ❳ (2 P ) ❀ ❳ ( ◗ + P ), including Bos–Costello–Hisil– 6 M by surface coefficients. Lauter: 122716 ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ Oliveira–L´ opez–Aranha– 2012 Gaudry–Schost: ıguez-Henr´ ıquez: 114800? ✁ ❛ 2 ✁ ① ✁ ① ✁ ① ✁ ❛ ✁ ❛ 1000000-CPU-hour computation ❜ 2 ② ③ t az-Hern´ andez–Longa– ❝ ❞ found secure small-coefficient anchez: 96000? ① 4 ② 4 ③ t ① ② ③ t Bernstein–Chuengsatiansup– surface over F 2 127 � 1 . Lange–Schwabe: 91320

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Tanja Lange

318 views • 29 slides
Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Cryptography Elliptic Curve Cryptography Overview of Elliptic Curve Cryptography Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve Cryptography Cryptography in OpenSSL School of Engineering and

857 views • 17 slides
Hyper-and-elliptic-curve Clock( R ): the commutative group ( x; y ) R R : x 2 + y

Hyper-and-elliptic-curve Clock( R ): the commutative group ( x; y ) R R : x 2 + y

Hyper-and-elliptic-curve Clock( R ): the commutative group ( x; y ) R R : x 2 + y 2 = 1 cryptography under the operations Daniel J. Bernstein 0: () (0 ; 1); University of Illinois at Chicago &

1.43k views • 100 slides
Quick Review: Quadratic Residues Koblitzs Method We want to solve equations like: All of the

Quick Review: Quadratic Residues Koblitzs Method We want to solve equations like: All of the

Elliptic Curves Suppose F is a field and a 1 , . . . , a 6 F . Elliptic Curve Cryptography Definition 1. An elliptic curve E over a field F is a curve given by an equation: Jim Royer Y 2 + a 1 XY + a 3 Y X 3 + a 2 X 2 + a 4 X + a 6 = (1)

337 views • 5 slides
Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The

Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The

Twenty-Three Years of Elliptic Curve Cryptography Alfred Menezes University of Waterloo September 3 2008 1 Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The serpentine course of a paradigm

300 views • 18 slides
Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven

Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven

Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven 22 April 2008 Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

491 views • 32 slides
Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July

Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July

Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July 23, 2014 1 / 12 Elliptic-curve cryptography: signatures and key exchange Given: some elliptic curve E , point P on E of known order . Key

885 views • 16 slides
Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018

Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018

Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018 Introduction y 2 = x 3 + ax + b en.wikipedia.org/wiki/Elliptic curve Elliptic Curve Addition P = ( x p .y p ), Q = ( x q , y q ), R = ( x r .y r ) =

187 views • 16 slides
Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm Problem

Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm Problem

Counting points on elliptic curves over F q Christiane Peters DIAMANT-Summer School on Elliptic and Hyperelliptic Curve Cryptography September 17, 2008 Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm

587 views • 30 slides
A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March

A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March

A Brief Introduction to Elliptic Curve Cryptography A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March 21 st , 2016 1/13 A Brief Introduction to Elliptic Curve Cryptography Elliptic Curve 2/13 A

385 views • 13 slides
Next-generation elliptic-curve cryptography (ECC) Daniel J. Bernstein Cryptographic

Next-generation elliptic-curve cryptography (ECC) Daniel J. Bernstein Cryptographic

Next-generation elliptic-curve cryptography (ECC) Daniel J. Bernstein Cryptographic Implementations group: eindhoven.cr.yp.to working closely with the Coding Theory and Cryptology group: www.win.tue.nl/cc/ Next-generation elliptic-curve

456 views • 18 slides
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Math ematiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 1

1.72k views • 143 slides
Elliptic Curve Cryptography: Invention and Impact: The invasion of the Number Theorists Victor S.

Elliptic Curve Cryptography: Invention and Impact: The invasion of the Number Theorists Victor S.

Elliptic Curve Cryptography: Invention and Impact: The invasion of the Number Theorists Victor S. Miller IDA Center for Communications Research Princeton, NJ 08540 USA 24 May, 2007 Victor S. Miller (CCR) Elliptic Curve Cryptography 24 May,

1.08k views • 69 slides
Bitcoin II & Introduction to Elliptic Curve Cryptography Sep. 11, 2019 Overview

Bitcoin II & Introduction to Elliptic Curve Cryptography Sep. 11, 2019 Overview

Bitcoin II & Introduction to Elliptic Curve Cryptography Sep. 11, 2019 Overview Bitcoin Transactions Elliptic Curve Cryptography Introduction Arithmetics Signature Bitcoin, the protocol A blockchain Each

992 views • 52 slides
Introduction to Elliptic Curve Cryptography Rana Barua Indian Statistical Institute Kolkata May

Introduction to Elliptic Curve Cryptography Rana Barua Indian Statistical Institute Kolkata May

Introduction to Elliptic Curve Cryptography Rana Barua Indian Statistical Institute Kolkata May 19, 2017 university-logo-isi Rana Barua Introduction to Elliptic Curve Cryptography ElGamal Public Key Cryptosystem, 1984 Key Generation: Choose

417 views • 16 slides
elliptic curve cryptography Craig Costello Summer School on Real-World Crypto and Privacy June

elliptic curve cryptography Craig Costello Summer School on Real-World Crypto and Privacy June

A gentle introduction to elliptic curve cryptography Craig Costello Summer School on Real-World Crypto and Privacy June 11, 2018 ibenik , Croatia Part 1: Motivation Part 2: Elliptic Curves Part 3: Elliptic Curve Cryptography Part 4:

1.38k views • 48 slides
Fast and Secure Updatable Encryption August 10, 2020 1 Norwegian University of Science and

Fast and Secure Updatable Encryption August 10, 2020 1 Norwegian University of Science and

Fast and Secure Updatable Encryption August 10, 2020 1 Norwegian University of Science and Technology (NTNU), Norway 2 Bergische Universitt Wuppertal, Germany 1 Colin Boyd 1 Gareth T. Davies 2 Kristian Gjsteen 1 Yao Jiang 1 Table of contents

578 views • 46 slides
Time-reversal symmetric two-dimensional topological insulators the BernevigHughesZhang

Time-reversal symmetric two-dimensional topological insulators the BernevigHughesZhang

Chapter 8 Time-reversal symmetric two-dimensional topological insulators the BernevigHughesZhang model Conductance channel with up-spin charge carriers - zed, ics forma- one-dimensional edges moves quan- - Conductance

418 views • 19 slides
Lecture 5 Revisit dipole field clicker problem Dipole

Lecture 5 Revisit dipole field clicker problem Dipole

Lecture 5 Revisit dipole field clicker problem Dipole System - +/- Q separated by distance s Clicker 5-2 E kp Which loca6on has:

248 views • 8 slides
Part 3: Compassion By Liz Witherspoon and Julie Elliott of Simplicity Coaching What is Stress?

Part 3: Compassion By Liz Witherspoon and Julie Elliott of Simplicity Coaching What is Stress?

RESILIENCE THROUGH MINDFULNESS: Part 3: Compassion By Liz Witherspoon and Julie Elliott of Simplicity Coaching What is Stress? A state of mental or emotional strain or tension resulting from adverse or very demanding circumstances EVENT

623 views • 25 slides
IKT i Projektering og udfrelse. ICT Fundamentals in Construction . Cand. Scient.

IKT i Projektering og udfrelse. ICT Fundamentals in Construction . Cand. Scient.

ICT Enhanced Buildings Potentials IKT i Projektering og udfrelse. ICT Fundamentals in Construction . Cand. Scient. Bygningsinformatik og Byggeledelse. Semester 1, 2010. CONTENT What is ICT? The building process and ICT Driving

757 views • 29 slides
Midterm Review CMPUT 366: Intelligent Systems Weeks 1-7 Lecture Structure 1. Exam structure

Midterm Review CMPUT 366: Intelligent Systems Weeks 1-7 Lecture Structure 1. Exam structure

Midterm Review CMPUT 366: Intelligent Systems Weeks 1-7 Lecture Structure 1. Exam structure and details 2. Learning objectives walkthrough Clarifying questions are the point of this class 3. Other questions, clarifications Midterm

444 views • 23 slides
Invariance and symbolic control of cooperative systems for temperature regulation in intelligent

Invariance and symbolic control of cooperative systems for temperature regulation in intelligent

Monotonicity Invariance Symbolic Compositional Experiment Invariance and symbolic control of cooperative systems for temperature regulation in intelligent buildings Pierre-Jean Meyer Universit e Grenoble-Alpes PhD Defense, September 24 th

1.03k views • 77 slides
Laguerre Polynomials and Interlacing of Zeros Kathy Driver University of Cape Town SANUM

Laguerre Polynomials and Interlacing of Zeros Kathy Driver University of Cape Town SANUM

Laguerre Polynomials and Interlacing of Zeros Kathy Driver University of Cape Town SANUM Conference Stellenbosch University Kathy Driver Laguerre Polynomials 22-24 March 2016 1 / 16 Laguerre Polynomials and Interlacing of Zeros Kathy

786 views • 44 slides

More recommend