Thomas Icart

Learn More
We describe a new explicit function that given an elliptic curve E defined over Fpn , maps elements of Fpn into E in deterministic polynomial time and in a constant number of operations over Fpn . The function requires to compute a cube root. As an application we show how to hash deterministically into an elliptic curve.
On an elliptic curve, the degree of an isogeny corresponds essentially to the degrees of the polynomial expressions involved in its application. The multiplication–by– map [ ] has degree , therefore the complexity to directly evaluate [ ](P ) is O( ). For a small prime (= 2, 3) such that the additive binary representation provides no better performance,(More)
We provide the first construction of a hash function into ordinary elliptic curves that is indifferentiable from a random oracle, based on Icart’s deterministic encoding from Crypto 2009. While almost as efficient as Icart’s encoding, this hash function can be plugged into any cryptosystem that requires hashing into elliptic curves, while not compromising(More)
At first glance, privacy and zero-knowledgeness seem to be similar properties. A scheme is private when no information is revealed on the prover and in a zero-knowledge scheme, communications should not leak provers' secrets. Until recently, privacy threats were only partially formalized and some zero-knowledge (ZK) schemes have been proposed so far to(More)
Shabal is based on a new provably secure mode of operation. Some related-key distinguishers for the underlying keyed permutation have been exhibited recently by Aumasson et al. and Knudsen et al., but with no visible impact on the security of Shabal. This paper then aims at extensively studying such distinguishers for the keyed permutation used in Shabal,(More)
We describe a solution for physically obfuscating the representation of a cipher, to augment chips resistance against physical threats, by combining ideas from masking techniques and Physical Obfuscated Keys (POKs). With embedded chips – like RFID tags – as main motivation, we apply this strategy to the representation of a Linear Feedback Shift Register(More)
In 2004, Molnar and Wagner introduced a very appealing scheme dedicated to the identification of RFID tags. Their protocol relies on a binary tree of secrets which are shared – for all nodes except the leaves – amongst the tags. Hence the compromise of one tag also has implications on the other tags with whom it shares keys. We describe a new(More)