eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.

Paper 2021/1034

Optimal encodings to elliptic curves of $j$-invariants $0$, $1728$

Dmitrii Koshelev
Abstract

This article provides new constant-time encodings $\mathbb{F}_{\!q}^* \to E(\mathbb{F}_{\!q})$ to ordinary elliptic $\mathbb{F}_{\!q}$-curves $E$ of $j$-invariants $0$, $1728$ having a small prime divisor of the Frobenius trace. Therefore all curves of $j = 1728$ are covered. This circumstance is also true for the Barreto--Naehrig curves BN512, BN638 from the international cryptographic standards ISO/IEC 15946-5, TCG Algorithm Registry, and FIDO ECDAA Algorithm. Many $j = 1728$ curves as well as BN512, BN638 are not appropriate for the most efficient prior encodings. So, in fact, only universal SW (Shallue--van de Woestijne) one was previously applicable to them. However this encoding (in contrast to the new ones) cannot be computed at the cost of one exponentiation in the field $\mathbb{F}_{\!q}$.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint.
Keywords
encodings to (hyper)elliptic curves isogenies $j$-invariants $0$ and $1728$ optimal covers Weil pairing
Contact author(s)
dimitri koshelev @ gmail com
History
2022-11-16: last of 4 revisions
2021-08-16: received
See all versions
Short URL
https://ia.cr/2021/1034
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2021/1034,
      author = {Dmitrii Koshelev},
      title = {Optimal encodings to elliptic curves of $j$-invariants $0$, $1728$},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1034},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/1034}},
      url = {https://eprint.iacr.org/2021/1034}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.