International Association for Cryptologic Research

International Association
for Cryptologic Research


Cyril Bouvier


I Want to Ride My BICYCL : BICYCL Implements CryptographY in CLass Groups
We introduce BICYCL  an open-source C++ library that implements arithmetic in the ideal class groups of imaginary quadratic fields, together with a set of cryptographic primitives based on class groups. It is available at under GNU General Public License version 3 or any later version. BICYCL  provides significant speed-ups on the implementation of the arithmetic of class groups. Concerning cryptographic applications, BICYCL  is orders of magnitude faster than any previous pilot implementation of the $$\textsf{CL}$$ CL linearly encryption scheme, making it faster than Paillier’s encryption scheme at any security level. Linearly homomorphic encryption is the core of many multi-party computation protocols, sometimes involving a huge number of encryptions and homomorphic evaluations: class group-based protocols become the best solution in terms of bandwidth and computational efficiency to rely upon.
An Alternative Approach for SIDH Arithmetic
Cyril Bouvier Laurent Imbert
In this paper, we present new algorithms for the field arithmetic layers of supersingular isogeny Diffie-Hellman; one of the fifteen remaining candidates in the NIST post-quantum standardization process. Our approach uses a polynomial representation of the field elements together with mechanisms to keep the coefficients within bounds during the arithmetic operations. We present timings and comparisons for SIKEp503 and suggest a novel 736-bit prime that offers a 1.17x speedup compared to SIKEp751 for a similar level of security.
Faster Cofactorization with ECM Using Mixed Representations 📺
Cyril Bouvier Laurent Imbert
This paper introduces a novel implementation of the elliptic curve factoring method specifically designed for medium-size integers such as those arising by billions in the cofactorization step of the Number Field Sieve. In this context, our algorithm requires fewer modular multiplications than any other publicly available implementation. The main ingredients are: the use of batches of primes, fast point tripling, optimal double-base decompositions and Lucas chains, and a good mix of Edwards and Montgomery representations.