# Indifferentiable Hashing to Barreto-Naehrig Curves

@inproceedings{Fouque2012IndifferentiableHT, title={Indifferentiable Hashing to Barreto-Naehrig Curves}, author={Pierre-Alain Fouque and Mehdi Tibouchi}, booktitle={LATINCRYPT}, year={2012} }

A number of recent works have considered the problem of constructing constant-time hash functions to various families of elliptic curves over finite fields. In the relevant literature, it has been occasionally asserted that constant-time hashing to certain special elliptic curves, in particular so-called BN elliptic curves, was an open problem. It turns out, however, that a suitably general encoding function was constructed by Shallue and van de Woestijne back in 2006.
In this paper, we show…

## 32 Citations

### Fast Hashing to G2 in Direct Anonymous Attestation

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2022

This paper generalizes the previous work to address the bottlenecks involved in hashing to G 2 on the two curves and further optimize the hashing algorithm, which would be nearly twice as fast as the previous one in theory.

### Binary Elligator Squared

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2014

Two efficient approaches have been recently proposed to make random points on elliptic curves representable as uniform random strings, and its variant “Elligator Squared” suggested by Tibouchi (FC 2014), which is slightly more complex but supports arbitrary curves.

### Security Analysis of CPace

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2021

A security analysis of CPace in the universal composability framework for implementations on ellipticcurve groups and represents the assumptions required by the proof as libraries which a simulator can access, and lets us efficiently analyze the security guarantees of all the different CPace variants.

### Optimized and secure pairing-friendly elliptic curves suitable for one layer proof composition

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2020

This work constructs a new pairing-friendly elliptic curve to be used with BLS12377, which is STNFS-secure and fully optimized for one layer composition, and proposes an optimized Rust implementation that is almost thirty times faster than the one available in ZEXE library.

### Impossibility of Surjective Icart-Like Encodings

- Computer Science, MathematicsProvSec
- 2014

This chapter discusses the encoding of Boneh and Franklin (CRYPTO 2001), which is very convenient for security proofs, as well as for applications like covertness, but it is only defined for a very limited class of elliptic curves, all of them supersingular, and hence quite inefficient.

### Generation of Elliptic Curve Points in Tandem

- Computer Science, MathematicsAnais do XX Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2020)
- 2020

This work instantiate this approach with a parallel software implementation of a hash to curve function that outputs points on a twisted Edwards curve, and shows that this parallel implementation is 1.4 times faster than its sequential implementation.

### Elligator: elliptic-curve points indistinguishable from uniform random strings

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2013

A new bijection between strings and about half of all curve points is introduced, applicable to every odd-characteristic elliptic curve with a point of order 2, except for curves of $j$-invariant 1728.

### The Realm of the Pairings

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2013

This paper reviews the evolution of pairing-based cryptosystems, the development of efficient algorithms and the state of the art in pairing computation, and the challenges yet to be addressed on the subject, while also presenting some new algorithmic and implementation refinements in affine and projective coordinates.

### Algorithms for Outsourcing Pairing Computation

- Computer Science, MathematicsCARDIS
- 2014

Two new efficient protocols for securely outsourcing pairing computations to an untrusted helper are introduced, one of which is proven computationally secure, and the other unconditionally secure.

### Batch Verification of Elliptic Curve Digital Signatures

- Computer Science, Mathematics
- 2015

This thesis investigates the efficiency of batching the verification of elliptic curve signatures and finds that when batch verifying signatures, CHP is only 11% slower than EdDSA with Bos-Coster, a significant improvement over the gap in single verification cost between the two schemes.

## References

SHOWING 1-10 OF 59 REFERENCES

### Indifferentiable deterministic hashing to elliptic and hyperelliptic curves

- Computer Science, MathematicsMath. Comput.
- 2013

A new, simpler technique based on bounds of character sums is presented to prove the indifferentiability of similar hash function constructions based on essentially any deterministic encoding to elliptic curves or curves of higher genus, such as the algorithms by Shallue, van de Woestijne and Ulas, or the Icart-like encodings recently presented.

### Verified Indifferentiable Hashing into Elliptic Curves

- Mathematics, Computer SciencePOST
- 2012

This work presents a machine-checked proof of the first generic construction for hashing into ordinary elliptic curves indifferentiable from a random oracle, based on an extension of the CertiCrypt framework with logics and mechanized tools for reasoning about approximate forms of observational equivalence, and integrates mathematical libraries of group theory and elliptic curve.

### Encoding Points on Hyperelliptic Curves over Finite Fields in Deterministic Polynomial Time

- Computer Science, MathematicsPairing
- 2010

A low degree encoding map for Hessian elliptic curves, and for the first time, hashing functions for genus 2 curves are obtained and presented for any genus (more narrowed) families of hyperelliptic curves with this property.

### Deterministic Encoding and Hashing to Odd Hyperelliptic Curves

- Mathematics, Computer SciencePairing
- 2010

A very simple and efficient encoding function from Fq to points of a hyperelliptic curve over Fq of the form H: y2 = f(x) where f is an odd polynomial that makes it easy to construct well-behaved hash functions to the Jacobian J of H, as well as injective maps to J(Fq) which can be used to encode scalars for such applications as ElGamal encryption.

### Estimating the Size of the Image of Deterministic Hash Functions to Elliptic Curves

- Mathematics, Computer ScienceLATINCRYPT
- 2010

This paper proves a conjecture which was left as an open problem in Icart's paper that a deterministic function Fq → E(Fq) which can be computed efficiently, and allowed him and Coron to define well-behaved hash functions with values in E( Fq).

### Constructing Elliptic Curves with Prescribed Embedding Degrees

- Mathematics, Computer ScienceSCN
- 2002

Criteria for curves with larger k that generalize prior work by Miyaji et al. based on the properties of cyclotomic polynomials are examined, and efficient representations for the underlying algebraic structures are proposed.

### Advances in Cryptology — ASIACRYPT 2002

- Computer ScienceLecture Notes in Computer Science
- 2002

It is concluded that from a practical standpoint, the security of RSA relies exclusively on the hardness of the relation collection step of the number field sieve.

### Careful with Composition: Limitations of the Indifferentiability Framework

- Computer Science, MathematicsEUROCRYPT
- 2011

We exhibit a hash-based storage auditing scheme which is provably secure in the random-oracle model (ROM), but easily broken when one instead uses typical indifferentiable hash constructions. This…

### Public Key Cryptography — PKC 2003

- Mathematics, Computer ScienceLecture Notes in Computer Science
- 2002

The first simple and efficient construction of verifiable random functions (VRFs) is given, based on a new variant of decisional Diffie-Hellman (DDH) assumption on certain groups where the regular DDH assumption does not hold.

### A family of implementation-friendly BN elliptic curves

- Mathematics, Computer ScienceJ. Syst. Softw.
- 2011