Hi All, 2014-04-23 14:06 GMT+02:00 Diego Aranha <[email protected]>: > This is probably too "researchy" and not ready for prime time, but we > recently implemented a GLS binary curve over GF(2^254) [1] with the > following results for constant-time variable-base scalar multiplication:
Maybe in the same vein, I helped with the theoretical part of an implementation over GF(p^2) with p = 2^127 - 1 (Huseyin Hisil and Craig Costello did all the hard work). It's a Montgomery curve (x-coordinate only) with an efficient endomorphism, aiming at roughly 128-bit security. Ivy Bridge: 148K. (That's for the uniform & constant-time version; there are results for a few other addition chains in the paper.) [1] http://eprint.iacr.org/2013/692 [2] http://research.microsoft.com/en-us/downloads/ef32422a-af38-4c83-a033-a7aafbc1db55/ [3] hhisil.yasar.edu.tr/files/hisil20140318compact.tar.gz ben -- You know we all became mathematicians for the same reason: we were lazy. --Max Rosenlicht _______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
