Elliptic curves, group law, and efficient computation

This thesis is about the derivation of the addition law on an arbitrary elliptic curve and efficiently adding points on this elliptic curve using the derived addition law. The outcomes of this research guarantee practical speedups in higher level operations which depend on point additions. In particular, the contributions immediately find applications in cryptology. Mastered by the 19th century mathematicians, the study of the theory of elliptic curves has been active for decades. Elliptic curves over finite fields made their way into public key cryptography in late 1980’s with independent proposals by Miller [Mil86] and Koblitz [Kob87]. Elliptic Curve Cryptography (ECC), following Miller’s and Koblitz’s proposals, employs the group of rational points on an elliptic curve in building discrete logarithm based public key cryptosystems. Starting from late 1990’s, the emergence of the ECC market has boosted the research in computational aspects of elliptic curves. This thesis falls into this same area of research where the main aim is to speed up the additions of rational points on an arbitrary elliptic curve (over a field of large characteristic). The outcomes of this work can be used to speed up applications which are based on elliptic curves, including cryptographic applications in ECC. The aforementioned goals of this thesis are achieved in five main steps. As the first step, this thesis brings together several algebraic tools in order to derive the unique group law of an elliptic curve. This step also includes an investigation of recent computer algebra packages relating to their capabilities. Although the group law is unique, its evaluation can be performed using abundant (in fact infinitely many) formulae. As the second step, this thesis progresses the finding of the best formulae for efficient addition of points. In the third step, the group law is stated explicitly by handling all possible summands. The fourth step presents the algorithms to be used for efficient point additions. In the fifth and final step, optimized software implementations of the proposed algorithms are presented in order to show that theoretical speedups of step four can be practically obtained. In each of the five steps, this thesis focuses on five forms of elliptic curves over finite fields of large characteristic. A list of these forms and their defining equations are given as follows: (a) Short Weierstrass form, y2 = x3 + ax + b, (b) Extended Jacobi quartic form, y2 = dx4 + 2ax2 + 1, (c) Twisted Hessian form, ax3 + y3 + 1 = dxy, (d) Twisted Edwards form, ax2 + y2 = 1 + dx2y2, (e) Twisted Jacobi intersection form, bs2 + c2 = 1, as2 + d2 = 1, These forms are the most promising candidates for efficient computations and thus considered in this work. Nevertheless, the methods employed in this thesis are capable of handling arbitrary elliptic curves. From a high level point of view, the following outcomes are achieved in this thesis. - Related literature results are brought together and further revisited. For most of the cases several missed formulae, algorithms, and efficient point representations are discovered. - Analogies are made among all studied forms. For instance, it is shown that two sets of affine addition formulae are sufficient to cover all possible affine inputs as long as the output is also an affine point in any of these forms. In the literature, many special cases, especially interactions with points at infinity were omitted from discussion. This thesis handles all of the possibilities. - Several new point doubling/addition formulae and algorithms are introduced, which are more efficient than the existing alternatives in the literature. Most notably, the speed of extended Jacobi quartic, twisted Edwards, and Jacobi intersection forms are improved. New unified addition formulae are proposed for short Weierstrass form. New coordinate systems are studied for the first time. - An optimized implementation is developed using a combination of generic x86-64 assembly instructions and the plain C language. The practical advantages of the proposed algorithms are supported by computer experiments. - All formulae, presented in the body of this thesis, are checked for correctness using computer algebra scripts together with details on register allocations.

An exploration of affine group laws for elliptic curves

Several forms of elliptic curves are suggested for an efficient implementation of Elliptic Curve Cryptography. However, a complete description of the group law has not appeared in the literature for most popular forms. This paper presents group law in affine coordinates for three forms of elliptic curves. With the existence of the proposed affine group laws, stating the projective group law for each form becomes trivial. This work also describes an automated framework for studying elliptic curve group law, which is applied internally when preparing this work.

Group law computations on Jacobians of hyperelliptic Curves

We derive an explicit method of computing the composition step in Cantor’s algorithm for group operations on Jacobians of hyperelliptic curves. Our technique is inspired by the geometric description of the group law and applies to hyperelliptic curves of arbitrary genus. While Cantor’s general composition involves arithmetic in the polynomial ring F_q[x], the algorithm we propose solves a linear system over the base field which can be written down directly from the Mumford coordinates of the group elements. We apply this method to give more efficient formulas for group operations in both affine and projective coordinates for cryptographic systems based on Jacobians of genus 2 hyperelliptic curves in general form.

Twisted Edwards curves revisited

This paper introduces fast algorithms for performing group operations on twisted Edwards curves, pushing the recent speed limits of Elliptic Curve Cryptography (ECC) forward in a wide range of applications. Notably, the new addition algorithm uses for suitably selected curve constants. In comparison, the fastest point addition algorithms for (twisted) Edwards curves stated in the literature use . It is also shown that the new addition algorithm can be implemented with four processors dropping the effective cost to . This implies an effective speed increase by the full factor of 4 over the sequential case. Our results allow faster implementation of elliptic curve scalar multiplication. In addition, the new point addition algorithm can be used to provide a natural protection from side channel attacks based on simple power analysis (SPA).

Elliptic curve algorithm integration in the secure shell transport layer

This document describes algorithms based on Elliptic Cryptography (ECC) for use within the Secure Shell (SSH) transport protocol. In particular, it specifies Elliptic Curve Diffie-Hellman (ECDH) key agreement, Elliptic Curve Menezes-Qu-Vanstone (ECMQV) key agreement, and Elliptic Curve Digital Signature Algorithm (ECDSA) for use in the SSH Transport Layer protocol.

Faster group operations on elliptic curves

This paper improves implementation techniques of Elliptic Curve Cryptography. We introduce new formulae and algorithms for the group law on Jacobi quartic, Jacobi intersection, Edwards, and Hessian curves. The proposed formulae and algorithms can save time in suitable point representations. To support our claims, a cost comparison is made with classic scalar multiplication algorithms using previous and current operation counts. Most notably, the best speeds are obtained from Jacobi quartic curves which provide the fastest timings for most scalar multiplication strategies benefiting from the proposed 12M + 5S + 1D point doubling and 7M + 3S + 1D point addition algorithms. Furthermore, the new addition algorithm provides an efficient way to protect against side channel attacks which are based on simple power analysis (SPA). Keywords: Efficient elliptic curve arithmetic,unified addition, side channel attack.

Jacobi quartic curves revisited

This paper provides new results about efficient arithmetic on Jacobi quartic form elliptic curves, y 2 = d x 4 + 2 a x 2 + 1. With recent bandwidth-efficient proposals, the arithmetic on Jacobi quartic curves became solidly faster than that of Weierstrass curves. These proposals use up to 7 coordinates to represent a single point. However, fast scalar multiplication algorithms based on windowing techniques, precompute and store several points which require more space than what it takes with 3 coordinates. Also note that some of these proposals require d = 1 for full speed. Unfortunately, elliptic curves having 2-times-a-prime number of points, cannot be written in Jacobi quartic form if d = 1. Even worse the contemporary formulae may fail to output correct coordinates for some inputs. This paper provides improved speeds using fewer coordinates without causing the above mentioned problems. For instance, our proposed point doubling algorithm takes only 2 multiplications, 5 squarings, and no multiplication with curve constants when d is arbitrary and a = ±1/2.

Fast formulas for computing cryptographic pairings

The most powerful known primitive in public-key cryptography is undoubtedly elliptic curve pairings. Upon their introduction just over ten years ago the computation of pairings was far too slow for them to be considered a practical option. This resulted in a vast amount of research from many mathematicians and computer scientists around the globe aiming to improve this computation speed. From the use of modern results in algebraic and arithmetic geometry to the application of foundational number theory that dates back to the days of Gauss and Euler, cryptographic pairings have since experienced a great deal of improvement. As a result, what was an extremely expensive computation that took several minutes is now a high-speed operation that takes less than a millisecond. This thesis presents a range of optimisations to the state-of-the-art in cryptographic pairing computation. Both through extending prior techniques, and introducing several novel ideas of our own, our work has contributed to recordbreaking pairing implementations.

The effect of exercise training on sleep quality in heart failure

Background: Heart failure is a serious condition estimated to affect 1.5-2.0% of the Australian population with a point prevalence of approximately 1% in people aged 50-59 years, 10% in people aged 65 years or more and over 50% in people aged 85 years or over (National Heart Foundation of Australian and the Cardiac Society of Australia and New Zealand, 2006). Sleep disturbances are a common complaint of persons with heart failure. Disturbances of sleep can worsen heart failure symptoms, impair independence, reduce quality of life and lead to increased health care utilisation in patients with heart failure. Previous studies have identified exercise as a possible treatment for poor sleep in patients without cardiac disease however there is limited evidence of the effect of this form of treatment in heart failure. Aim: The primary objective of this study was to examine the effect of a supervised, hospital-based exercise training programme on subjective sleep quality in heart failure patients. Secondary objectives were to examine the association between changes in sleep quality and changes in depression, exercise performance and body mass index. Methods: The sample for the study was recruited from metropolitan and regional heart failure services across Brisbane, Queensland. Patients with a recent heart failure related hospital admission who met study inclusion criteria were recruited. Participants were screened by specialist heart failure exercise staff at each site to ensure exercise safety prior to study enrolment. Demographic data, medical history, medications, Pittsburgh Sleep Quality Index score, Geriatric Depression Score, exercise performance (six minute walk test), weight and height were collected at Baseline. Pittsburgh Sleep Quality Index score, Geriatric Depression Score, exercise performance and weight were repeated at 3 months. One hundred and six patients admitted to hospital with heart failure were randomly allocated to a 3-month disease-based management programme of education and self-management support including standard exercise advice (Control) or to the same disease management programme as the Control group with the addition of a tailored physical activity program (Intervention). The intervention consisted of 1 hour of aerobic and resistance exercise twice a week. Programs were designed and supervised by an exercise specialist. The main outcome measure was achievement of a clinically significant change (.3 points) in global Pittsburgh Sleep Quality score. Results: Intervention group participants reported significantly greater clinical improvement in global sleep quality than Control (p=0.016). These patients also exhibited significant improvements in component sleep disturbance (p=0.004), component sleep quality (p=0.015) and global sleep quality (p=0.032) after 3 months of supervised exercise intervention. Improvements in sleep quality correlated with improvements in depression (p<0.001) and six minute walk distance (p=0.04). When study results were examined categorically, with subjects classified as either "poor" or "good" sleepers, subjects in the Control group were significantly more likely to report "poor" sleep at 3 months (p=0.039) while Intervention participants were likely to report "good" sleep at this time (p=0.08). Conclusion: Three months of supervised, hospital based, aerobic and resistance exercise training improved subjective sleep quality in patients with heart failure. This is the first randomised controlled trial to examine the role of aerobic and resistance exercise training in the improvement of sleep quality for patients with this disease. While this study establishes exercise as a therapy for poor sleep quality, further research is needed to investigate the effect of exercise training on objective parameters of sleep in this population.

A Taxonomy of image matching techniques for stereo vision

Stereo vision is a method of depth perception, in which depth information is inferred from two (or more) images of a scene, taken from different perspectives. Applications of stereo vision include aerial photogrammetry, autonomous vehicle guidance, robotics, industrial automation and stereomicroscopy. A key issue in stereo vision is that of image matching, or identifying corresponding points in a stereo pair. The difference in the positions of corresponding points in image coordinates is termed the parallax or disparity. When the orientation of the two cameras is known, corresponding points may be projected back to find the location of the original object point in world coordinates. Matching techniques are typically categorised according to the nature of the matching primitives they use and the matching strategy they employ. This report provides a detailed taxonomy of image matching techniques, including area based, transform based, feature based, phase based, hybrid, relaxation based, dynamic programming and object space methods. A number of area based matching metrics as well as the rank and census transforms were implemented, in order to investigate their suitability for a real-time stereo sensor for mining automation applications. The requirements of this sensor were speed, robustness, and the ability to produce a dense depth map. The Sum of Absolute Differences matching metric was the least computationally expensive; however, this metric was the most sensitive to radiometric distortion. Metrics such as the Zero Mean Sum of Absolute Differences and Normalised Cross Correlation were the most robust to this type of distortion but introduced additional computational complexity. The rank and census transforms were found to be robust to radiometric distortion, in addition to having low computational complexity. They are therefore prime candidates for a matching algorithm for a stereo sensor for real-time mining applications. A number of issues came to light during this investigation which may merit further work. These include devising a means to evaluate and compare disparity results of different matching algorithms, and finding a method of assigning a level of confidence to a match. Another issue of interest is the possibility of statistically combining the results of different matching algorithms, in order to improve robustness.

Cross-Border Insolvency Law

This new work provides a comprehensive and theoretically rich discussion of the law on cross-border insolvency. It engages with several current multi-billion dollar insolvencies such as those of Nortel Networks and Lehman Brothers to provide the reader with state of the art knowledge of the complex problems posed by transnational insolvency. As the number of transnational insolvencies grows due to prevailing economic conditions, practitioners are increasingly required to navigate the mass of legal rules applicable to cross-border insolvency situations. The associated challenges are heightened by the diversity of legal structures employed by modern business entities and a patchwork of costly, inefficient, and unpredictable national legal rules. The response has been a proliferation of international legal instruments such as the UNCITRAL Model Law and the the EU Insolvency Regulation, supplemented by judicial practice, adding further layers of complexity. Writing from an Australian perspective, the authors analyse this network of legal rules and subsequent case law. In addition, they explain the theoretical underpinnings of these rules in an accessible manner to build a solid foundation for practice, facilitate advanced reasoning, and enable the development of sophisticated arguments for law reform. Comparative case law from jurisdictions such as the United States and United Kingdom is also included. This book is highly relevant to insolvency practitioners faced with the recovery of assets located in different jurisdictions, transactional lawyers for whom knowledge of potential insolvency pitfalls is essential, and academics. It is invaluable for students at both undergraduate and postgraduate level seeking a sound understanding of this challenging area of law.