ECC 2012

ECC 2012 was held in the city of Queretaro in Mexico.

The conference began on Sunday 28th with a series of introductory lectures for students, followed by a “welcome reception” with live jazz music.

The morning of Monday 29th was spent on a historical tour of the city. The main conference lectures began with Christophe Petit speaking about a heuristic subexponential-time algorithm for the elliptic curve discrete logarithm problem for all elliptic curves over F_{2^n}. If a certain heuristic about Groebner bases is true then the complexity is O( 2^{c n^{2/3} log(n)} ) for some constant c. The current advice is DON’T PANIC, since the algorithm is not likely to have any influence for elliptic curves over fields of fewer than 2000 bits. This work has been discussed in more detail in this blog post; also see his paper to appear at Asiacrypt 2012.

The next talk was by me. It was mostly about my papers with Ruprai and Pollard-Ruprai, though I did mention talk about some research currently being done on isogenies between supersingular curves.

Yumi Sakemi gave a talk about her PKC2012 paper (with Hanaoka, Izu, Takenaka and Yasuda) on Cheon’s algorithm. Alice Silverberg gave a talk (based on her joint paper with Abatzoglou, Sutherland and Wong at the ANTS 2012 conference) about primality proving for primes of a special form.

The rump session contained several humorous talks, and three significant announcements: Emmanuel Thome described solving a DLP problem in the finite field F_{2^{619}} in a “single day”; Craig Costello announced new speed records for exponentiation in a group with 128-bit security, by using the Kummer surface (this will appear on eprint within a few weeks); Thomasz Oliveira on a new speed record (with Francisco Rodriguez-Henriquez and Julio Lopez) for elliptic curves in characteristic 2. The prize for best rump session talk went to Lil Rodriguez and Andres Cortes — the prize was a copy of my book “Mathematics of Public Key Cryptography”.

The second day began with a pair of talks about non-uniform algorithms. Neal Koblitz spoke of his work with Menezes (eprint 2012/359) pointing out some potential hazards of proofs of security in the non-uniform model. He also pointed out inconsistencies in the use of the phrase “non-uniform” in the literature. Dan Bernstein began with some remarks on computational assumptions and the necessity for precision when discussing time complexity; he then presented (joint work with Tanja Lange; eprint 2012/318 and 2012/458) an O( ell^{1/3} ) non-uniform algorithm for the ECDLP in a group of size ell (the catch being that writing down the algorithm requires O( ell^{2/3} ) computation). Dan’s conclusion about an O( ell^{1/3} ) ECDLP algorithm was: DON’T PANIC. Both talks were delivered in the characteristic style of the presenter, and generated plenty of discussion.

David Grunewald and Sorina Ionica gave interesting, but rather technical, talks about some problems regarding isogenies/endomorphisms of Jacobians of genus 2 curves. Takuya Hayashi reported on the recent DLP record in F_{3^{6*97}}, and gave some predictions for the cost of further discrete log computations in F_{3^{6n}}.

As I remarked to the person sitting next to me, I could listen all day long to Drew Sutherland speaking about isogenies. He gave a marvelous talk on computing modular polynomials. For more details see his survey paper and contributed paper at the ANTS 2012 conference.

I have little to say about the sessions on pairings, implementation and side-channels. Mainly because I skipped some of the talks. I apologise to readers of this blog (and the speakers), but if you are interested then it should be possible to find the talk slides online (I believe they will eventually be available from the ECC2012 conference website). I would like to highlight the talk by Billy Bob Brumley, as it was an impressive demonstration of the power of cache attacks, bug attacks, and (semi-)remote timing attacks on open SSL.

The conference banquet was held at the restaurant “Mesón de Chucho el Roto” in one of the busy squares of Queretaro. We were entertained by various musicians, including a Mariachi ensemble of around 8 musicians wearing impressive matching clothes.

Overall, Francisco Rodríguez-Henríquez and his team organised an excellent conference. I send my thanks to them.

— Steven Galbraith

