Elliptic curve

Summary

In mathematics, an elliptic curve is a smooth, projective, algebraic curve of genus one, on which there is a specified point O. An elliptic curve is defined over a field K and describes points in K2, the Cartesian product of K with itself. If the field's characteristic is different from 2 and 3, then the curve can be described as a plane algebraic curve which consists of solutions (x, y) for: :y^2 = x^3 + ax + b for some coefficients a and b in K. The curve is required to be non-singular, which means that the curve has no cusps or self-intersections. (This is equivalent to the condition 4a3 + 27b2 ≠ 0, that is, being square-free in x.) It is always understood that the curve is really sitting in the projective plane, with the point O being the unique point at infinity. Many sources define an elliptic curve to be simply a curve given by an equation of this

Official source

https://en.wikipedia.org/wiki/Elliptic_curve

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related publications (100)

Related publications

Related people (19)

Related people

Related units (11)

Related units

Related concepts (89)

Related concepts

Related courses (33)

Related courses

Related lectures (79)

Related lectures

On the Mordell-Weil lattice of y(2) = x(3) + bx plus t(3n+1) in characteristic 3

Gauthier Leterrier

We study the elliptic curves given by y(2) = x(3) + bx + t(3n+1) over global function fields of characteristic 3 ; in particular we perform an explicit computation of the L-function by relating it to the zeta function of a certain superelliptic curve u(3) + bu = v(3n+1). In this way, using the Neron-Tate height on the Mordell-Weil group, we obtain lattices in dimension 2.3(n) for every n >= 1, which improve on the currently best known sphere packing densities in dimensions 162 (case n = 4) and 486 (case n = 5). For n = 3, the construction has the same packing density as the best currently known sphere packing in dimension 54, and for n = 1 it has the same density as the lattice E-6 in dimension 6.

SPRINGER INT PUBL AG2022

Computing Cyclic Isogenies between Principally Polarized Abelian Varieties over Finite Fields

Marius Lorenz Vuille

Abelian varieties are fascinating objects, combining the fields of geometry and arithmetic. While the interest in abelian varieties has long time been of purely theoretic nature, they saw their first real-world application in cryptography in the mid 1980's, and have ever since lead to broad research on the computational and the arithmetic side. The most instructive examples of abelian varieties are elliptic curves and Jacobian varieties of hyperelliptic curves, and they come naturally equipped with some additional structure, called a principal polarization. Morphisms between abelian varieties that respect both the geometric and the arithmetic structure are called isogenies. In this thesis we focus on the computation of isogenies with cyclic kernel between principally polarized abelian varieties over finite fields.

EPFL2020

This thesis presents, firstly, an introduction to the current state of the art in isogeny-based cryptography, and secondly, a side-channel differential power analysis of SIKE—an isogeny-based key exchange algorithm—in semi-static mode. These attacks have been realized on an ARM implementation of SIKEp434 in the pqm4 library which is itself based on the reference implementation of the SIKE submission to the NIST post-quantum standardization process. We have analyzed the power consumption of an STM32F3 board which features an ARM Cortex-M4 microcontroller through Pearson’s correlation in the Hamming Weight model. We investigated an information leak of the 3-points Ladder involved in the decapsulation mechanism of SIKEp434. As this function was used to compute P + [m]Q where m is Bob’s private key and P, Q are two public points on a known elliptic curve, we showed that we can recover every bit of Bob’s private key by exploiting the power consumption as a bit distinguisher through a correlation with the result of an ADDS assembly instruction. A proof of leakage of the ADDS instruction of ARM has been demonstrated in this thesis. Ideas for countermeasures to prevent this attack are discussed.

2020