Indifferentiable Hashing to Barreto-Naehrig Curves

  title={Indifferentiable Hashing to Barreto-Naehrig Curves},
  author={Pierre-Alain Fouque and Mehdi Tibouchi},
A number of recent works have considered the problem of constructing constant-time hash functions to various families of elliptic curves over finite fields. In the relevant literature, it has been occasionally asserted that constant-time hashing to certain special elliptic curves, in particular so-called BN elliptic curves, was an open problem. It turns out, however, that a suitably general encoding function was constructed by Shallue and van de Woestijne back in 2006. In this paper, we show… 

Fast Hashing to G2 in Direct Anonymous Attestation

This paper generalizes the previous work to address the bottlenecks involved in hashing to G 2 on the two curves and further optimize the hashing algorithm, which would be nearly twice as fast as the previous one in theory.

Binary Elligator Squared

Two efficient approaches have been recently proposed to make random points on elliptic curves representable as uniform random strings, and its variant “Elligator Squared” suggested by Tibouchi (FC 2014), which is slightly more complex but supports arbitrary curves.

Security Analysis of CPace

A security analysis of CPace in the universal composability framework for implementations on ellipticcurve groups and represents the assumptions required by the proof as libraries which a simulator can access, and lets us efficiently analyze the security guarantees of all the different CPace variants.

Optimized and secure pairing-friendly elliptic curves suitable for one layer proof composition

This work constructs a new pairing-friendly elliptic curve to be used with BLS12377, which is STNFS-secure and fully optimized for one layer composition, and proposes an optimized Rust implementation that is almost thirty times faster than the one available in ZEXE library.

Impossibility of Surjective Icart-Like Encodings

This chapter discusses the encoding of Boneh and Franklin (CRYPTO 2001), which is very convenient for security proofs, as well as for applications like covertness, but it is only defined for a very limited class of elliptic curves, all of them supersingular, and hence quite inefficient.

Generation of Elliptic Curve Points in Tandem

  • Armando Faz-HernándezJulio López
  • Computer Science, Mathematics
    Anais do XX Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2020)
  • 2020
This work instantiate this approach with a parallel software implementation of a hash to curve function that outputs points on a twisted Edwards curve, and shows that this parallel implementation is 1.4 times faster than its sequential implementation.

Elligator: elliptic-curve points indistinguishable from uniform random strings

A new bijection between strings and about half of all curve points is introduced, applicable to every odd-characteristic elliptic curve with a point of order 2, except for curves of $j$-invariant 1728.

The Realm of the Pairings

This paper reviews the evolution of pairing-based cryptosystems, the development of efficient algorithms and the state of the art in pairing computation, and the challenges yet to be addressed on the subject, while also presenting some new algorithmic and implementation refinements in affine and projective coordinates.

Algorithms for Outsourcing Pairing Computation

Two new efficient protocols for securely outsourcing pairing computations to an untrusted helper are introduced, one of which is proven computationally secure, and the other unconditionally secure.

Batch Verification of Elliptic Curve Digital Signatures

This thesis investigates the efficiency of batching the verification of elliptic curve signatures and finds that when batch verifying signatures, CHP is only 11% slower than EdDSA with Bos-Coster, a significant improvement over the gap in single verification cost between the two schemes.



Indifferentiable deterministic hashing to elliptic and hyperelliptic curves

A new, simpler technique based on bounds of character sums is presented to prove the indifferentiability of similar hash function constructions based on essentially any deterministic encoding to elliptic curves or curves of higher genus, such as the algorithms by Shallue, van de Woestijne and Ulas, or the Icart-like encodings recently presented.

Verified Indifferentiable Hashing into Elliptic Curves

This work presents a machine-checked proof of the first generic construction for hashing into ordinary elliptic curves indifferentiable from a random oracle, based on an extension of the CertiCrypt framework with logics and mechanized tools for reasoning about approximate forms of observational equivalence, and integrates mathematical libraries of group theory and elliptic curve.

Encoding Points on Hyperelliptic Curves over Finite Fields in Deterministic Polynomial Time

A low degree encoding map for Hessian elliptic curves, and for the first time, hashing functions for genus 2 curves are obtained and presented for any genus (more narrowed) families of hyperelliptic curves with this property.

Deterministic Encoding and Hashing to Odd Hyperelliptic Curves

A very simple and efficient encoding function from Fq to points of a hyperelliptic curve over Fq of the form H: y2 = f(x) where f is an odd polynomial that makes it easy to construct well-behaved hash functions to the Jacobian J of H, as well as injective maps to J(Fq) which can be used to encode scalars for such applications as ElGamal encryption.

Estimating the Size of the Image of Deterministic Hash Functions to Elliptic Curves

This paper proves a conjecture which was left as an open problem in Icart's paper that a deterministic function Fq → E(Fq) which can be computed efficiently, and allowed him and Coron to define well-behaved hash functions with values in E( Fq).

Constructing Elliptic Curves with Prescribed Embedding Degrees

Criteria for curves with larger k that generalize prior work by Miyaji et al. based on the properties of cyclotomic polynomials are examined, and efficient representations for the underlying algebraic structures are proposed.

Advances in Cryptology — ASIACRYPT 2002

  • Yuliang Zheng
  • Computer Science
    Lecture Notes in Computer Science
  • 2002
It is concluded that from a practical standpoint, the security of RSA relies exclusively on the hardness of the relation collection step of the number field sieve.

Careful with Composition: Limitations of the Indifferentiability Framework

We exhibit a hash-based storage auditing scheme which is provably secure in the random-oracle model (ROM), but easily broken when one instead uses typical indifferentiable hash constructions. This

Public Key Cryptography — PKC 2003

  • Y. Desmedt
  • Mathematics, Computer Science
    Lecture Notes in Computer Science
  • 2002
The first simple and efficient construction of verifiable random functions (VRFs) is given, based on a new variant of decisional Diffie-Hellman (DDH) assumption on certain groups where the regular DDH assumption does not hold.

A family of implementation-friendly BN elliptic curves