Welcome to the resource topic for 2025/196
Title:
Endomorphisms for Faster Cryptography on Elliptic Curves of Moderate CM Discriminants, II
Authors: Dimitri Koshelev, Antonio Sanso
Abstract:The present article is a natural extension of the previous one about the GLV method of accelerating a (multi-)scalar multiplication on elliptic curves of moderate CM discriminants D < 0. In comparison with the first article, much greater magnitudes of D (in absolute value) are achieved, although the base finite fields of the curves have to be pretty large. This becomes feasible by resorting to quite powerful algorithmic tools developed primarily in the context of lattice-based and isogeny-based cryptography. Curiously, pre-quantum cryptography borrows research outcomes obtained when seeking conversely quantum-resistant solutions or attacks on them.
For instance, some 2-cycle of pairing-friendly MNT curves (with -D \approx 100{,}000{,}000, i.e., \log_2(-D) \approx 26.5) is relevant for the result of the current article. The given 2-cycle was generated at one time by Guillevic to provide \approx 128 security bits, hence it was close to application in real-world zk-SNARKs. Another more performant MNT 2-cycle (with slightly smaller security level, but with much larger D) was really employed in the protocol Coda (now Mina) until zero-knowledge proof systems on significantly faster pairing-free (or half-pairing) 2-cycles were invented. It is also shown in the given work that more lollipop curves, recently proposed by Costello and Korpal to replace MNT ones, are now covered by the GLV technique.
ePrint: https://eprint.iacr.org/2025/196
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .