Preferencje help
Widoczny [Schowaj] Abstrakt
Liczba wyników
Powiadomienia systemowe
  • Sesja wygasła!

Znaleziono wyników: 4

Liczba wyników na stronie
first rewind previous Strona / 1 next fast forward last
Wyniki wyszukiwania
help Sortuj według:

help Ogranicz wyniki do:
first rewind previous Strona / 1 next fast forward last
EN
In this paper for elliptic curves provided by Huff’s equation H a,b : ax(y² − 1) = by(x² − 1) and general Huff’s equation G a,b : x(ay² − 1) = y(bx² − 1) and degree 2 compression function f(x, y) = xy on these curves, herein we provide formulas for doubling and differential addition after compression, which for Huff’s curves are as efficient as Montgomery’s formulas for Montgomery’s curves By² = x³ + Ax² + x. For these curves we also provided point recovery formulas after compression, which for a point P on these curves allows to compute [n]f(P) after compression using the Montgomery ladder algorithm, and then recover [n]P. Using formulas of Moody and Shumow for computing odd degree isogenies on general Huff’s curves, we have also provide formulas for computing odd degree isogenies after compression for these curves. Moreover, it is shown herein how to apply obtained formulas using compression to the ECM algorithm.
EN
This paper presents method for obtaining high-degree compression functions using natural symmetries in a given model of an elliptic curve. Such symmetries may be found using symmetry of involution [–1] and symmetry of translation morphism τ T = P + T , where T is the n -torsion point which naturally belongs to the E (𝕂) for a given elliptic curve model. We will study alternative models of elliptic curves with points of order 2 and 4, and specifically Huff’s curves and the Hessian family of elliptic curves (like Hessian, twisted Hessian and generalized Hessian curves) with a point of order 3. We bring up some known compression functions on those models and present new ones as well. For (almost) every presented compression function, differential addition and point doubling formulas are shown. As in the case of high-degree compression functions manual investigation of differential addition and doubling formulas is very difficult, we came up with a Magma program which relies on the Gröbner basis. We prove that if for a model E of an elliptic curve exists an isomorphism φ : E → E M , where E M is the Montgomery curve and for any P ∈ E (𝕂) holds that φ (P ) = (φ x (P ), φ y (P )), then for a model E one may find compression function of degree 2. Moreover, one may find, defined for this compression function, differential addition and doubling formulas of the same efficiency as Montgomery’s. However, it seems that for the family of elliptic curves having a natural point of order 3, compression functions of the same efficiency do not exist.
EN
Daniel Bernstein and Tanja Lange [9] proved that two given addition formulas on twisted Edwards elliptic curves ax² + y² = 1 + dxy are complete (i.e. the sum of any two points on a curve can be computed using one of these formulas). In this paper we give simple verification of completeness of these formulas using a program written in Magma, which is based on the fact that completeness means that some systems of polynomial equations have no solutions. This method may also be useful to verify completeness of additions formulas on other models of elliptic curves.
EN
Let E be an elliptic curve given by any model over a field K. A rational function f : E → K of degree 2 such that f(P) = f(Q) ⇔ Q = ±P can be used as a point compression on E. Then there exists induced from E multiplication of values of f by integers given by [n]f(P) := f([n]P), which can be computed using the Montgomery ladder algorithm. For this algorithm one needs the generalized Montgomery formulas for differential addition and doubling that is rational functions A(X1, X2, X3) ∈ K(X1, X2, X3) and [2] ∈ K(X) such that f(P + Q) = A(f(P), f(Q), f(Q − P)) and [2]f(P) = f([2]P) for generic P,Q ∈ E. For most standard models of elliptic curves generalized Montgomery formulas are known. To use compression for scalar multiplication [n]P for P ∈ E, one can compute after compression [n]f(P), which is followed by [n + 1]f(P) in the Montgomery ladder algorithm, then one can recover [n]P on E, since there exists a rational map B such that [n]P = B(P, [n]f(P), [n + 1]f(P)) for generic P ∈ E and n ∈ Z. Such a map B is known for Weierstrass and Edwards curves, but to our knowledge it seems that it was not given for other models of elliptic curves. In this paper for an elliptic curve E and the above compression function f we give an algorithm to search for generalized Montgomery formulas, functions on K induced after compression by endomorphisms of E, and the above map B for point recovering. All these tasks require searching for solutions of similar type problems for which we describe an algorithm based on Gröbner bases. As applications we give formulas for differential addition, doubling and the above map B for Jacobi quartic, Huff curves, and twisted Hessian curves.
first rewind previous Strona / 1 next fast forward last
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.