## CryptoDB

### Reza Rezaeian Farashahi

#### Affiliation: Department of Computing, Macquarie University

#### Publications

**Year**

**Venue**

**Title**

2010

EPRINT

Hashing into Hessian Curves
Abstract

We describe a hashing function from the elements of the finite field $\F_q$ into points
on a Hessian curve. Our function features the uniform and smaller size for the cardinalities of
almost all fibers compared with the other known hashing functions for elliptic curves. Moreover, a
point on the image set of the function is uniquely given by its abscissa. For ordinary Hessian
curves, the cardinality of the image set of the function is exactly given by $(q+i)/2$ for some
$i=1,2,3$.

2008

EPRINT

Binary Edwards Curves
Abstract

This paper presents a new shape for ordinary elliptic curves over fields of characteristic 2. Using the new shape, this paper presents the first complete addition formulas for binary elliptic curves, i.e., addition formulas that work for all pairs of input points, with no exceptional cases. If n >= 3 then the complete curves cover all isomorphism classes of ordinary elliptic curves over F_2^n.
This paper also presents dedicated doubling formulas for these curves using 2M + 6S + 3D, where M is the cost of a field multiplication, S is the cost of a field squaring, and D is the cost of multiplying by a curve parameter. These doubling formulas are also the first complete doubling formulas in the literature, with no exceptions for the neutral element, points of order 2, etc.
Finally, this paper presents complete formulas for differential addition, i.e., addition of points with known difference. A differential addition and doubling, the basic step in a Montgomery
ladder, uses 5M + 4S + 2D when the known difference is given in affine form.

2008

EPRINT

Efficient arithmetic on elliptic curves using a mixed Edwards-Montgomery representation
Abstract

From the viewpoint of x-coordinate-only arithmetic on elliptic curves, switching between the Edwards model and the Montgomery model is quasi cost-free. We use this observation to speed up Montgomery's algorithm, reducing the complexity of a doubling step from 2M + 2S to 1M + 3S for suitably chosen curve parameters.

2006

EPRINT

Efficient Pseudorandom Generators Based on the DDH Assumption
Abstract

A family of pseudorandom generators based on the decisional
Diffie-Hellman assumption is proposed. The new construction is a
modified and generalized version of the Dual Elliptic Curve
generator proposed by Barker and Kelsey. Although the original
Dual Elliptic Curve generator is shown to be insecure, the
modified version is provably secure and very efficient in
comparison with the other pseudorandom generators based on
discrete log assumptions.
Our generator can be based on any group of prime order provided
that an additional requirement is met (i.e., there exists an
efficiently computable function that in some sense enumerates the
elements of the group). Two specific instances are presented.
The techniques used to design the instances, for example, the new
probabilistic randomness extractor are of independent interest
for other applications.

#### Coauthors

- Daniel J. Bernstein (2)
- Wouter Castryck (1)
- Steven D. Galbraith (1)
- Marc Joye (1)
- Tanja Lange (2)
- Berry Schoenmakers (2)
- Andrey Sidorenko (2)