EUROCRYPT 2013 was held in Athens last week. It was a very well-organised and enjoyable conference, with two papers directly related to elliptic curve research.
Craig Costello presented his recent work with Joppe Bos, Huseyin Hisil, and Kristin Lauter on fast implementations of cryptographic algorithms based on some special genus 2 curves. Their main techniques are fast kummer surface arithmetic and four-dimensional scalar decompositions, applied to genus 2 CM curves: y^2 = x^5 + b and y^2 = x^5 + ax, which both have cyclotomic CM (by fifth and eighth roots of unity, respectively).
Antoine Joux presented some of his recent work on discrete logarithms in finite fields. These results, which have great importance for pairing-based ECC, have already been discussed elsewhere on the blog. The last six months has seen a small explosion of results on discrete logarithms, and this seems like a good point to collect some of the announcements:
- Antoine Joux, 24/12/2012, GF(p^47), p a 25-bit prime (1175-bit prime-degree field)
- Antoine Joux, 06/01/2013, GF(p^57), p a 25-bit prime (1425-bit field; note that Grothendieck would have called this a prime-degree extension)
- Antoine Joux, 11/02/2013, GF((2^14)^127) (1778-bit binary field)
- Faruk Gologlu, Rob Granger, Gary McGuire, Jens Zumbragel, 19/02/2013, GF((2^27)^73) (1971-bit binary field)
- Antoine Joux, 22/03/2013, GF((2^16)^255) (4080-bit binary field)
- Razvan Barbulescu, Cyril Bouvier, Jérémie Detrey, Pierrick Gaudry, Hamza Jeljeli, Emmanuel Thomé, Marion Videau, Paul Zimmermann, 09/04/2013, GF(2^809) (809-bit prime-degree binary field)
- Faruk Gologlu, Rob Granger, Gary McGuire, Jens Zumbragel, 11/04/2013, GF(((2^24)^3)^255) (6120-bit binary field)
- Antoine Joux, 21/05/2013, GF((2^257)^24) (6168-bit binary field)
In other news this week, Dan Boneh, Matthew Franklin, and Antoine Joux were awarded the 2013 Gödel prize for their foundational papers in constructive pairing-based cryptography: Boneh and Franklin for their Identity-Based Encryption protocol, and Joux for his one-round tripartite Diffie-Hellman protocol.