It is generally accepted that a large-scale quantum computer would be capable to break any public-key cryptosystem used today, thereby posing a serious threat to the security of the Internet’s public-key infrastructure. The US National Institute of Standards and Technology (NIST) addresses this threat with an open process for the standardization of quantum-safe key establishment and signature schemes, which is now in the final phase of the evaluation of candidates. SIKE (an abbreviation of Supersingular Isogeny Key Encapsulation) is one of the alternate candidates under evaluation and distinguishes itself from other candidates due to relatively short key lengths and relatively high computing costs. In this paper, we analyze how the latest generation of Intel’s Advanced Vector Extensions (AVX), in particular AVX-512IFMA, can be used to minimize the latency (resp. maximize the hroughput) of the SIKE key encapsulation mechanism when executed on Ice Lake CPUs based on the Sunny Cove microarchitecture. We present various techniques to parallelize and speed up the base/extension field arithmetic, point arithmetic, and isogeny computations performed by SIKE. All these parallel processing techniques are combined in AvxSike, a highly optimized implementation of SIKE using Intel AVX-512IFMA instructions. Our experiments indicate that AvxSike instantiated with the SIKEp503 parameter set is approximately 1.5 times faster than the to-date best AVX-512IFMA-based SIKE software from the literature. When executed on an Intel Core i3-1005G1 CPU, AvxSike outperforms the x64 assembly implementation of SIKE contained in Microsoft’s SIDHv3.4 library by a factor of about 2.5 for key generation and decapsulation, while the encapsulation is even 3.2 times faster.
Generating pairing-friendly elliptic curves is a crucial step in the deployment of pairing-based cryptographic applications. The most efficient method for their construction is based on polynomial families, namely complete families, complete families with variable discriminant and sparse families. In this work we further study the case of sparse families which seem to produce more pairing-friendly elliptic curves than the other two polynomial families and also can lead to better ρ-values in many cases. We present two general methods for producing sparse families and we apply them for four embedding degrees k ∈ {5, 8, 10, 12}. Particularly for k = 5 we introduce for the first time the use of Pell equations by setting a record with ρ = 3/2 and we present a family that has better chances in producing suitable curve parameters than any other reported family for k / ∈ {3, 4, 6}. In addition we generalise some existing examples of sparse families for k = 8, 12 and provide extensive experimental results for every new sparse family for k ∈ {5, 8, 10, 12} regarding the number of the constructed elliptic curve parameters.
The majority of methods for constructing pairing-friendly elliptic curves are based on representing the curve parameters as polynomial families. There are three such types, namely complete, complete with variable discriminant and sparse families. In this paper, we present a method for constructing sparse families and produce examples of this type that have not previously appeared in the literature, for various embedding degrees. We provide numerical examples obtained by these sparse families, considering for the first time the effect of the recent progress on the tower number field sieve (TNFS) method for solving the discrete logarithm problem (DLP) in finite field extensions of composite degree.
Finding suitable elliptic curves for pairing-based cryptosystems is a crucial step for their actual deployment. Miyaji, Nakabayashi and Takano [11] (MNT) were the first to produce ordinary pairing-friendly elliptic curves of prime order with embedding degree k ∈ {3, 4, 6}. Scott and Barreto [15] as well as Galbraith et al. [9] extended this method by allowing the group order to be non-prime. The advantage of this idea is the construction of much more suitable elliptic curves, which we will call generalized MNT curves. A necessary step for the construction of such elliptic curves is finding the solutions of a generalized Pell equation. However, these equations are not always solvable and this fact considerably affects the efficiency of the curve construction. In this paper we discuss a way to construct generalized MNT curves through Pell equations which are always solvable and thus considerably improve the efficiency of the whole generation process. We provide analytic tables with all polynomial families that lead to non-prime pairingfriendly elliptic curves with embedding degree k ∈ {3, 4, 6} and discuss the efficiency of our method through extensive experimental assessments.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.