EN FR
EN FR


Section: New Results

Elliptic curve cryptology

Participants : Jean-Marc Couveignes, Vincent Verneuil.

In joint work with C. Clavier, B. Feix, G. Gagnerot and M. Roussellet, V. Verneuil has presented in [15] new side-channel analysis results on the AES. They propose improvements on collision-correlation attacks which require less power traces than classical second-order power analysis techniques. In particular, two new methods are presented and are shown to be efficient in practice on two first-order protected AES implementations. They also mention that other symmetric embedded algorithms can be targeted by these new techniques.

With the same coauthors, V. Verneuil has presented new exponentiation algorithms for embedded implementations in [19] . Embedded exponentiation techniques have become a key concern for security and efficiency in hardware devices using public key cryptography. An exponentiation is basically a sequence of multiplications and squarings, but this sequence may reveal exponent bits to an attacker on an unprotected implementation. Although this subject has been covered for years, they present new exponentiation algorithms based on trading multiplications for squarings. This method circumvents attacks aimed at distinguishing squarings from multiplications at a lower cost than other countermeasures. Finally, they present new algorithms using two parallel squaring blocks which provide one of the fastest exponentiation algorithms.

Together with D. Lubicz, D. Robert has extended their algorithm to compute pairings on abelian varieties using theta functions (published at ANTS 2010) to the case of the ate and optimal ate pairings. This involves a description of the Miller functions in term of theta coordinates and an extension of the addition law using more general Riemann relations in order to compute them. The case of theta functions of level 2 has been optimised by introducing a way to compute “compatible” additions without the need for a square roots. A preprint describing these results is being written, and some details can be found in the talk http://www.normalesup.org/~robert/pro/publications/slides/2011-06-Geocrypt.pdf .

With J.-G. Kammerer, J.-M. Couveignes has given in [22] an appropriate geometric method for studying and classifying encodings into elliptic curves in a cryptographic context. Such encodings were first proposed by Icart in 2009, and later on by Farashahi, Kammerer, Lercier, and Renault. But it was a little bit disappointing to see that it was no more than an application of Tartaglia’s result without any geometrical explanations for the existence of such “parameterisations” of elliptic curves. Couveignes and Kammerer have filled this gap by giving exactly what can be expected from geometry: a clear explanation. Moreover, they unify all the recent “parameterisations” of elliptic curves under the same geometric point of view. The approach described in this article uses dual curves with some results coming from intersection theory. The main originality of this work is that these geometrical tools are employed to explain symbolic computations used in cryptography, that is, encoding on elliptic curves.