scispace - formally typeset
Search or ask a question
Author

Jérôme Plût

Bio: Jérôme Plût is an academic researcher. The author has contributed to research in topics: Isogeny & Elliptic curve. The author has an hindex of 3, co-authored 3 publications receiving 263 citations.

Papers
More filters
Journal ArticleDOI
TL;DR: A new zero-knowledge identification scheme and detailed security proofs for the protocols, and a new, asymptotically faster, algorithm for key generation, a thorough study of its optimization, and new experimental data are presented.
Abstract: Abstract We present new candidates for quantum-resistant public-key cryptosystems based on the conjectured difficulty of finding isogenies between supersingular elliptic curves. The main technical idea in our scheme is that we transmit the images of torsion bases under the isogeny in order to allow the parties to construct a shared commutative square despite the non-commutativity of the endomorphism ring. We give a precise formulation of the necessary computational assumptions along with a discussion of their validity, and prove the security of our protocols under these assumptions. In addition, we present implementation results showing that our protocols are multiple orders of magnitude faster than previous isogeny-based cryptosystems over ordinary curves. This paper is an extended version of [Lecture Notes in Comput. Sci. 7071, Springer (2011), 19–34]. We add a new zero-knowledge identification scheme and detailed security proofs for the protocols. We also present a new, asymptotically faster, algorithm for key generation, a thorough study of its optimization, and new experimental data.

249 citations

Journal ArticleDOI
TL;DR: The approach is inspired by a previous algorithm due to Couveignes, that involved computations using the $p$-torsion on the curves to determine $\psi$ from the knowledge of E, $E'$ and of its degree $r by using the structure of the $\ell$- torsion of the curves.
Abstract: Consider two ordinary elliptic curves defined over a finite field , and suppose that there exists an isogeny between and . We propose an algorithm that determines from the knowledge of , and of its degree , by using the structure of the -torsion of the curves (where is a prime different from the characteristic of the base field). Our approach is inspired by a previous algorithm due to Couveignes, which involved computations using the -torsion on the curves. The most refined version of that algorithm, due to De Feo, has a complexity of base field operations. On the other hand, the cost of our algorithm is , for a large class of inputs; this makes it an interesting alternative for the medium- and large-characteristic cases.

8 citations

Journal ArticleDOI
TL;DR: In this article, the authors proposed an algorithm that determines the degree of an elliptic curve by using the structure of the $p$-torsion of the curve, where $p is a prime different from the characteristic of the base field.
Abstract: Consider two elliptic curves $E,E'$ defined over the finite field $\mathbb{F}_q$, and suppose that there exists an isogeny $\psi$ between $E$ and $E'$. We propose an algorithm that determines $\psi$ from the knowledge of $E$, $E'$ and of its degree $r$, by using the structure of the $\ell$-torsion of the curves (where $\ell$ is a prime different from the characteristic $p$ of the base field). Our approach is inspired by a previous algorithm due to Couveignes, that involved computations using the $p$-torsion on the curves. The most refined version of that algorithm, due to De Feo, has a complexity of $\tilde{O}(r^2) p^{O(1)}$ base field operations. On the other hand, the cost of our algorithm is $\tilde{O}(r^2 + \sqrt{r} \log(q))$; this makes it an interesting alternative for the medium- and large-characteristic cases.

7 citations


Cited by
More filters
Journal ArticleDOI
TL;DR: This highly successful textbook, widely regarded as the “bible of computer algebra”, gives a thorough introduction to the algorithmic basis of the mathematical engine in computer algebra systems.
Abstract: Computer algebra systems are now ubiquitous in all areas of science and engineering. This highly successful textbook, widely regarded as the “bible of computer algebra”, gives a thorough introduction to the algorithmic basis of the mathematical engine in computer algebra systems. Designed to accompany oneor two-semester courses for advanced undergraduate or graduate students in computer science or mathematics, its comprehensiveness and reliability has also made it an essential reference for professionals in the area. Special features include: detailed study of algorithms including time analysis; implementation reports on several topics; complete proofs of the mathematical underpinnings; and a wide variety of applications (among others, in chemistry, coding theory, cryptography, computational logic, and the design of calendars and musical scales). A great deal of historical information and illustration enlivens the text. In this third edition, errors have been corrected and much of the Fast Euclidean Algorithm chapter has been renovated.

937 citations

Book ChapterDOI
01 Jan 2018
TL;DR: The Diffie–Hellman scheme resulting from the group action allows for public-key validation at very little cost, runs reasonably fast in practice, and has public keys of only 64 bytes at a conjectured AES-128 security level, matching NIST’s post-quantum security category I.
Abstract: We propose an efficient commutative group action suitable for non-interactive key exchange in a post-quantum setting. Our construction follows the layout of the Couveignes–Rostovtsev–Stolbunov cryptosystem, but we apply it to supersingular elliptic curves defined over a large prime field \(\mathbb F_p\), rather than to ordinary elliptic curves. The Diffie–Hellman scheme resulting from the group action allows for public-key validation at very little cost, runs reasonably fast in practice, and has public keys of only 64 bytes at a conjectured AES-128 security level, matching NIST’s post-quantum security category I.

333 citations

Book ChapterDOI
01 Jan 2003
TL;DR: In this article, the authors present a survey of 4-regular graphs with large girth, including Xp,q and PSL2(q) graphs, with a focus on the number of vertices.
Abstract: An overview 1. Graph theory 2. Number theory 3. PSL2(q) 4. The graphs Xp,q Appendix A. 4-regular graphs with large girth Index Bibliography.

239 citations

Journal Article
TL;DR: In this article, the authors define small submodules of a module M over R over a ring with identity, M is a module over R, G is an abelian group of finite rank, E is the ring of endomorphisms of G and S is the center of E.
Abstract: The concept of a continuous module is a generalization of that of an injective module, and conditions (), (C) and () are given for this concept in [4]. In this paper, we study modules with properties that are dual to continuity. These will be called discrete and we discuss discrete abelian groups. Throughout R is a ring with identity, M is a module over R, G is an abelian group of finite rank, E is the ring of endomorphisms of G and S is the center of E. Dual to the notion of essential submodules, we define small submodules of a module M over R.(omitted)

235 citations

Book ChapterDOI
14 Aug 2016
TL;DR: This paper proposes a new suite of algorithms that significantly improve the performance of supersingular isogeny Diffie-Hellman SIDH key exchange and presents a full-fledged implementation of SidH that is geared towards the 128-bit quantum and 192-bit classical security levels.
Abstract: We propose a new suite of algorithms that significantly improve the performance of supersingular isogeny Diffie-Hellman SIDH key exchange. Subsequently, we present a full-fledged implementation of SIDH that is geared towards the 128-bit quantum and 192-bit classical security levels. Our library is the first constant-time SIDH implementation and is upi¾?to 2.9 times faster than the previous best non-constant-time SIDH software. The high speeds in this paper are driven by compact, inversion-free point and isogeny arithmetic and fast SIDH-tailored field arithmetic: on an Intel Haswell processor, generating ephemeral public keys takes 46 million cycles for Alice and 52 million cycles for Bob, while computing the shared secret takes 44 million and 50 million cycles, respectively. The size of public keys is only 564 bytes, which is significantly smaller than most of the popular post-quantum key exchange alternatives. Ultimately, the size and speed of our software illustrates the strong potential of SIDH as a post-quantum key exchange candidate and we hope that these results encourage a wider cryptanalytic effort.

226 citations