Asiacrypt 2012

Asiacrypt 2012 was held during December 2-6 in the Beijing International Convention Center, Beijing, China.

In the first session on Monday a paper by Hayashi, Shimoyama, Shinohara and Takagi was presented. They outline how they broke a eta_T pairing by reducing the elliptic curve discrete logarithm problem for a supersingular elliptic curve over F_{3^97} to a discrete logarithm problem over F_{3^{6*97}}. They solved the latter 923-bit discrete logarithm using the function field sieve in less than 150 days using 252 CPU cores. See also

The IACR distinguished lecture was given by Dan Boneh and titled “Pairing-based Cryptography: Past, Present, and Future”. In this talk the applications of pairings to cryptography were outlined and the current open problems were mentioned. The recent multi-linear maps paper ( by Garg, Gentry and Halevi (see also this blog post ( was discussed.  

On Tuesday afternoon there was the social event; visiting either the Birdnest/Watercube on the Beijing Olympic park (right next to the convention center) or the national museum. This was followed by the rump session chaired by Ed Dawson. Besides a significant number of invitations to various crypto conferences and workshops there were some fun talks by Yvo Desmedt and Claudio Orlandi, and interesting announcements. Shamir announced new round reduced attacks on SHA-3 while the only elliptic curve related talk was by Kanaoka announcing TEPLA: a new software library for pairing based  cryptosystems.

On Wednesday morning I presented my work with Thorsten Kleinjung outlining how to speed up the elliptic curve scalar multiplication when the scalar is fixed. Our methods are particularly suitable for memory-constrained devices like graphics cards and are useful in the setting of factoring integers using the elliptic curve method. The number theory session contained two very interesting papers by Ducas and Nguyen related to lattices, and the paper by Petit and Quisquater describing a heuristic subexponential algorithm for solving the elliptic curve discrete logarithm problem for curves over F_{2^n}. The current elliptic curve systems are currently not threatened because it is estimated that this approach outperforms the generic algorithms for n>2000 (ssee for more info).

On the last day in the implementation section the work by Longa and Sica was presented. Here it was shown, based on the work by Gallant, Lambert and Vanstone (GLV) and Galbraith, Lin and Scott (GLS), how to achieve a four-dimensional scalar decomposition for some curves over F_{p^2}. This merged GLV-GLS approach is up to 50% faster compared to the GLV approach in practice. A number of implementations are presented and performance numbers for sequential and multi-core execution and implementations resistant against several side-channel attacks are given. This sets new performance 
software speed records for computing point multiplication. 

Hence, Asiacrypt 2012 was a very pleasant and interesting conference with quite some talks related to elliptic curve cryptography!

 — Joppe Bos

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s