- Wouter Castryck, Tanja Lange, Chloe Martindale, Lorenz Panny, Joost Renes
- ASIACRYPT
- 2018

We propose an efficient commutative group action suitable for non-interactive key exchange in a post-quantum setting. Our construction follows the layout of the Couveignesâ€“Rostovtsevâ€“Stolbunovâ€¦ (More)

- Wouter Castryck, Ilia Iliashenko, Frederik Vercauteren
- EUROCRYPT
- 2016

In CRYPTO 2015, Elias, Lauter, Ozman and Stange described an attack on the non-dual decision version of the ring learning with errors problem (RLWE) for two special families of defining polynomials,â€¦ (More)

- Wouter Castryck, Steven D. Galbraith, Reza Rezaeian Farashahi
- IACR Cryptology ePrint Archive
- 2008

From the viewpoint of x-coordinate-only arithmetic on elliptic curves, switching between the Edwards model and the Montgomery model is quasi cost-free. We use this observation to speed upâ€¦ (More)

Since its introduction in 2010 by Lyubashevsky, Peikert and Regev, the Ring Learning With Errors problem (Ring-LWE) has become a popular building block for cryptographic primitives, due to its greatâ€¦ (More)

Let Fq be a finite field and let b and N be integers. We study the probability that the number of points on a randomly chosen elliptic curve E over Fq equals b modulo N . We prove explicit formulasâ€¦ (More)

In a previous paper, we proved that over a finite field k of sufficiently large cardinality, all curves of genus at most 3 over k can be modeled by a bivariate Laurent polynomial that isâ€¦ (More)

- Joppe W. Bos, Wouter Castryck, Ilia Iliashenko, Frederik Vercauteren
- AFRICACRYPT
- 2016

While the smart grid has the potential to have a positive impact on the sustainability and efficiency of the electricity market, it also poses some serious challenges with respect to the privacy ofâ€¦ (More)

Computing zeta functions in families of C a,b curves

- Wouter Castryck, Ilia Iliashenko, Frederik Vercauteren
- IACR Cryptology ePrint Archive
- 2016

We give a combinatorial upper bound for the gonality of a curve that is defined by a bivariate Laurent polynomial with given Newton polygon. We conjecture that this bound is generically attained, andâ€¦ (More)