Project-CACAO:Curve-related results

Inria / Raweb 2009
Presentation of the Project CACAO

Section: New Results

Curve-related results

Participants : Răzvan Bărbulescu, Gaëtan Bisson, Iram Chelli, Romain Cosset, Pierrick Gaudry, Guillaume Hanrot, Damien Robert, Emmanuel Thomé.

Over the winter, Gaëtan Bisson has been working jointly with Andrew V. Sutherland (Massachusetts Institute of Technology) on new algorithms for computing endomorphism rings of ordinary elliptic curves over finite fields [18] . Endomorphism rings are relevant security parameters for elliptic-curve-based cryptosystems and are also very involved with the CM method for curve generation. The new algorithms outperform Kohel's algorithm (the previous state-of-the-art method) both asymptotically and in practice; it also satisfyingly answers the problem of certifying such endomorphism rings.

During his master project internship, Iram Chelli has designed a fully deterministic ECM algorithm [14] . For example, 124 well-chosen Suyama curves with bounds B₁ = 260 and B₂ = 11600 enable one to find all prime factors up to 2³² in any composite integer.

Răzvan Bărbulescu has found two infinite sub-families of Suyama curves for which the probability to give a factorization is higher [16] . This result is based on the observation by Kruppa of some weird behaviour of a few Suyama curves.

Romain Cosset has worked on developing a genus-2 “hyperelliptic curve method” for integer factoring [3] , as an extension to the well-known elliptic curve method. The implementation GMP-HECM of this algorithm is faster than GMP-ECM for factoring big numbers (at least 250 digits).

Damien Robert and David Lubicz have worked on explicit isogeny computation in genus 2. With Jean-Charles Faugère, they have defined a modular correspondance between abelian varieties [21] . Then they have designed an algorithm, similar to the so-called Vélu's formulae for elliptic curves, that uses this modular correspondence to construct explicit isogenies between abelian varieties. They have also found a new algorithm to compute the Weil pairing on an abelian variety. Two articles will be written in 2009–2010 describing these algorithms.

Pierrick Gaudry and Éric Schost finished a record-setting computation of a so-called doubly-secure genus 2 curve for cryptographic use. The computation is based on their previous experiment of Spring 2008, where a single curve was computed. The software has been improved – some critical parts now use the mp $Im8 $\#120125 _q$$ library – and has been run on thousands of curves until one with good cryptographic properties was obtained. They used the Sharcnet grid facility(http://www.sharcnet.ca ), on which they obtained a “Dedicated Ressource” grant of one and a half million hours. This result has been announced in oral communications at conferences, and a journal paper is under writing.

Andreas Enge, Pierrick Gaudry and Emmanuel Thomé have finished their common article describing a class of curves for which they give a discrete logarithm algorithm with heuristic complexity L_q^g(1/3) , where g is the genus and q the cardinality of the finite field. The article has been accepted to Journal of Cryptology [19] .

The article [6] by Gaudry and Lubicz about efficient arithmetic in Kummer surfaces has been accepted and published.

Logo Inria