The aim of the IACR Ph.D. database is twofold. On the first hand, we want to offer an overview of Ph.D. already completed
in the domain of cryptology. Where possible, this should also include a subject classification, an abstract, and
access to the full text.
On the second hand, it deals with Ph.D. subjects
currently under investigation. This way, we provide a timely
map of contemporary research in cryptology.
All entries or changes need to be approved by an editor. You can contact them via phds (at) iacr.org.
Aurore Guillevic (#1209)
Topic of his/her doctorate.
Arithmetic of pairings on algebraic curves for cryptography
elliptic curves, genus 2 curves, endomorphisms, pairings, composite-order groups
Year of completion
Since 2000 pairings became a very useful tool to design new protocols in cryptography. Short signatures and identity-based encryption became also practical thanks to these pairings. This thesis contains two parts. One part is about optimized pairing implementation on different elliptic curves according to the targeted protocol. Pairings are implemented on supersingular elliptic curves in large characteristic and on Barreto-Naehrig curves. The pairing library developed at Thales is used in a broadcast encryption scheme prototype. The prototype implements pairings over Barreto-Naehrig curves. Pairings over supersingular curves are much slower and have larger parameters. However these curves are interesting when implementing protocols which use composite-order elliptic curves (the group order is an RSA modulus). We implement two protocols that use pairings on composite-order groups and compare the benchmarks and the parameter size with their counterpart in a prime-order setting. The composite-order case is 30 up to 250 times much slower according to the considered step in the protocols: the efficiency difference in between the two cases is very important. A second part in this thesis is about two families of genus 2 curves. Their Jacobians are isogenous to the product of two elliptic curves over a small extension field. The properties of elliptic curves can be translated to the Jacobians thanks to this isogeny. Point counting is as easy as for elliptic curves in this case. We also construct two endomorphisms both on the Jacobians and the elliptic curves. These endomorphisms can be used for scalar multiplication improved with a four-dimensional Gallant-Lambert-Vanstone method.