skip to main content
research-article

On Kummer Lines with Full Rational 2-torsion and Their Usage in Cryptography

Published: 09 December 2019 Publication History

Abstract

A paper by Karati and Sarkar at Asiacrypt’17 has pointed out the potential for Kummer lines in genus 1, by observing that their SIMD-friendly arithmetic is competitive with the status quo. A more recent preprint explores the connection with (twisted) Edwards curves. In this article, we extend this work and significantly simplify the treatment of Karati and Sarkar. We show that their Kummer line is the x-line of a Montgomery curve translated by a point of order two, and exhibit a natural isomorphism to the y-line of a twisted Edwards curve. Moreover, we show that the Kummer line presented by Gaudry and Lubicz can be obtained via the action of a point of order two on the y-line of an Edwards curve. The maps connecting these curves and lines are all very simple. As a result, a cryptographic implementation can use the arithmetic that is optimal for its instruction set at negligible cost.

References

[1]
D. J. Bernstein. 2006a. Curve25519: New Diffie–Hellman speed records. In Proceedings of the 9th International Conference on Theory and Practice of Public-Key Cryptography. 207--228.
[2]
D. J. Bernstein. 2006b. Elliptic vs. Hyperelliptic, part I. Talk at ECC (Slides retrieved from http://cr.yp.to/talks/2006.09.20/slides.pdf).
[3]
D. J. Bernstein, P. Birkner, M. Joye, T. Lange, and C. Peters. 2008. Twisted Edwards curves. In Proceedings of the 1st International Conference on Cryptology in Africa (Lecture Notes in Computer Science), S. Vaudenay (Ed.), Vol. 5023. Springer, 389--405.
[4]
D. J. Bernstein, C. Chuengsatiansup, T. Lange, and P. Schwabe. 2014. Kummer strikes back: New DH speed records. In Proceedings of the 20th International Conference on the Theory and Application of Cryptology and Information Security, Palash Sarkar and Tetsu Iwata (Eds.). Springer Berlin, 317--337.
[5]
D. J. Bernstein and T. Lange. 2007. Faster addition and doubling on elliptic curves. In Proceedings of the 13th International Conference on the Theory and Application of Cryptology and Information Security. 29--50.
[6]
D. J. Bernstein and T. Lange. 2015. Explicit-Formulas Database. Retrieved from: http://hyperelliptic.org/EFD/g1p/auto-edwards-yzsquared.html.
[7]
W. Bosma, J. Cannon, and C. Playoust. 1997. The Magma algebra system. I. The user language. J. Symbol. Comput. 24, 3--4 (1997), 235--265.
[8]
W. Castryck, S. D. Galbraith, and R. R. Farashahi. 2008. Efficient arithmetic on elliptic curves using a mixed Edwards-Montgomery representation. Cryptology ePrint Archive, Report 2008/218. Retrieved from: http://eprint.iacr.org/2008/218.
[9]
T. Chou. 2015. Sandy2x. Message on the curves mailing list at Retrieved from: https://moderncrypto.org/mail-archive/curves/2015/000637.html.
[10]
D. V. Chudnovsky and G. V. Chudnovsky. 1986. Sequences of numbers generated by addition in formal groups and new primality and factorization tests. Adv. Appl. Math. 7, 4 (1986), 385--434.
[11]
J. S. Coron. 1999. Resistance against differential power analysis for elliptic curve cryptosystems. In Proceedings of the Cryptographic Hardware and Embedded Systems Conference (CHES’99), Çetin K. Koç and C. Paar (Eds.), Vol. 1717. 292--302.
[12]
C. Costello and P. Longa. 2015. FourQ: Four-dimensional decompositions on a Q-curve over the Mersenne prime. In Proceedings of the 21st International Conference on the Theory and Application of Cryptology and Information Security. 214--235.
[13]
W. Diffie and M. E. Hellman. 1976. New directions in cryptography. IEEE Trans. Inform. Theor. 22, 6 (1976), 644--654.
[14]
M. Düll, B. Haase, G. Hinterwälder, M. Hutter, C. Paar, A. H. Sánchez, and P. Schwabe. 2015. High-speed Curve25519 on 8-bit, 16-bit, and 32-bit microcontrollers. Design, Codes and Cryptog. 77, 2 (2015). Retrieved from: http://cryptojedi.org/papers/#mu25519.
[15]
H. M. Edwards. 2007. A normal form for elliptic curves. Bull. Amer. Math. Soc. 44, 3 (July 2007), 393--422.
[16]
R. R. Farashahi and S. G. Hosseini. 2017. Differential addition on twisted Edwards curves. In Proceedings of the 22nd Australasian Conference on Information Security and Privacy (ACISP’17). 366--378.
[17]
R. R. Farashahi, D. Moody, and H. Wu. 2012. Isomorphism classes of Edwards curves over finite fields. Finite Fields Their Appl. 18, 3 (2012), 597--612.
[18]
R. R. Farashahi and I. E. Shparlinski. 2010. On the number of distinct elliptic curves in some families. Des. Codes Cryptog. 54, 1 (2010), 83--99.
[19]
A. Faz-Hernández and J. López. 2015. Fast implementation of Curve25519 using AVX2. In Proceedings of the 4th International Conference on Cryptology and Information Security in Latin America. 329--345.
[20]
S. D. Galbraith. 2012. Mathematics of Public Key Cryptography. Cambridge University Press. Retrieved from: https://www.math.auckland.ac.nz/ sgal018/crypto-book/crypto-book.html.
[21]
P. Gaudry. 2006. Variants of the Montgomery form based on theta functions. Retrieved from: http://www.fields.utoronto.ca/audio/06-07/number_theory/gaudry/.
[22]
P. Gaudry. 2007. Fast genus 2 arithmetic based on Theta functions. J. Math. Cryptol. 1, 3 (2007), 243--265.
[23]
P. Gaudry and D. Lubicz. 2009. The arithmetic of characteristic 2 Kummer surfaces and of elliptic Kummer lines. Finite Fields Their Appl. 15, 2 (2009), 246--260.
[24]
H. Hisil. 2010. Elliptic Curves, Group Law, and Efficient Computation. Ph.D. Dissertation. Queensland University of Technology.
[25]
H. Hisil, K. K. Wong, G. Carter, and E. Dawson. 2008. Twisted Edwards curves revisited. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security, Josef Pieprzyk (Ed.). Springer Berlin, 326--343.
[26]
S. Karati and P. Sarkar. 2017a. Connecting Legendre with Kummer and Edwards. Cryptology ePrint Archive, Report 2017/1205. Retrieved from: https://eprint.iacr.org/2017/1205.
[27]
S. Karati and P. Sarkar. 2017b. Kummer for genus one over prime order fields. In Proceedings of the 23rd International Conference on the Theory and Applications of Cryptology and Information Security. 3--32.
[28]
N. Koblitz. 1987. Elliptic curve cryptosystems. Math. Comp. 48 (1987), 203--209.
[29]
V. Miller. 1986. Use of elliptic curves in cryptography. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security. Lecture Notes in Computer Science, Vol. 218. Springer Berlin, 417--426.
[30]
P. L. Montgomery. 1987. Speeding the Pollard and elliptic curve methods of factorization. Math. Comput. 48, 177 (1987), 243--264.
[31]
J. Renes. 2018. Computing isogenies between Montgomery curves using the action of (0, 0). In Proceedings of the International Conference on Post-Quantum Cryptography. Lecture Notes in Computer Science, Vol. 10786. Springer, 229--247. Retrieved from: https://ia.cr/2017/1198.
[32]
J. Renes and B. Smith. 2017. qDSA: Small and secure digital signatures with curve-based Diffie--Hellman key pairs. In Proceedings of the 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Tsuyoshi Takagi and Thomas Peyrin (Eds.). Springer International Publishing, 273--302.
[33]
J. H. Silverman. 2009. The Arithmetic of Elliptic Curves, 2nd Edition. Springer. Retrieved from: http://link.springer.com/book/10.1007%2F978-0-387-09494-6.
[34]
A. Takahashi, M. Tibouchi, and M. Abe. 2018. New Bleichenbacher Records: Practical Fault Attacks on qDSA Signatures. Cryptology ePrint Archive, Report 2018/396. Retrieved from: https://eprint.iacr.org/2018/396.
[35]
The Sage Developers. 2018. SageMath, the Sage Mathematics Software System (version 8.1). Retrieved from: https://sagemath.org.

Cited By

View all
  • (2025)Revolutionizing signature scheme: the enhanced Edward Elgamal extreme performance accumulate signature approach for IoT and blockchain applicationsSoft Computing10.1007/s00500-025-10426-0Online publication date: 12-Feb-2025
  • (2025)On the Efficient Representation of IsogeniesNumber-Theoretic Methods in Cryptology10.1007/978-3-031-82380-0_1(3-84)Online publication date: 19-Feb-2025
  • (2024)Computing 2-isogenies between Kummer linesIACR Communications in Cryptology10.62056/abvua69p1Online publication date: 9-Apr-2024
  • Show More Cited By

Index Terms

  1. On Kummer Lines with Full Rational 2-torsion and Their Usage in Cryptography

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Transactions on Mathematical Software
    ACM Transactions on Mathematical Software  Volume 45, Issue 4
    December 2019
    207 pages
    ISSN:0098-3500
    EISSN:1557-7295
    DOI:10.1145/3375544
    Issue’s Table of Contents
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 09 December 2019
    Accepted: 01 September 2019
    Revised: 01 August 2019
    Received: 01 January 2019
    Published in TOMS Volume 45, Issue 4

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. Edwards curves
    2. Kummer lines
    3. Montgomery curves
    4. Montgomery ladder
    5. digital signatures

    Qualifiers

    • Research-article
    • Research
    • Refereed

    Funding Sources

    • Dutch government
    • Technology Foundation STW (project 13499--TYPHOON 8 ASPASIA)

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)11
    • Downloads (Last 6 weeks)1
    Reflects downloads up to 20 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2025)Revolutionizing signature scheme: the enhanced Edward Elgamal extreme performance accumulate signature approach for IoT and blockchain applicationsSoft Computing10.1007/s00500-025-10426-0Online publication date: 12-Feb-2025
    • (2025)On the Efficient Representation of IsogeniesNumber-Theoretic Methods in Cryptology10.1007/978-3-031-82380-0_1(3-84)Online publication date: 19-Feb-2025
    • (2024)Computing 2-isogenies between Kummer linesIACR Communications in Cryptology10.62056/abvua69p1Online publication date: 9-Apr-2024
    • (2023)Isogeny computation on Kummer lines and applicationsJournal of Information Security and Applications10.1016/j.jisa.2023.10354676:COnline publication date: 1-Aug-2023
    • (2023)Kummer and Hessian Meet in the Field of Characteristic 2Progress in Cryptology – INDOCRYPT 202310.1007/978-3-031-56232-7_9(175-196)Online publication date: 10-Dec-2023
    • (2022)Simplified isogeny formulas on twisted Jacobi quartic curvesFinite Fields and Their Applications10.1016/j.ffa.2021.10198178:COnline publication date: 1-Feb-2022

    View Options

    Login options

    Full Access

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    HTML Format

    View this article in HTML Format.

    HTML Format

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media