Advertisement · 728 × 90

Posts by Giacomo Pope 🍄

last two pieces of fiction i published last year are in this beauty. many thanks to giacomo and neutral spaces for being there.

1 year ago 1 1 0 0

Yo!

1 year ago 1 0 0 0
Song for Kristi Wood is good For a long time Flowers, Weeks If you change The water, cut off The low greens so They don’t rot In the vase. The first time I saw Your face was through a window, A perihelion feeling That revisits my bones Every day. I only remember pieces Of the prayer: Thee by that exceeding pain, A meadow you hold open Like a door

Song for Kristi Wood is good For a long time Flowers, Weeks If you change The water, cut off The low greens so They don’t rot In the vase. The first time I saw Your face was through a window, A perihelion feeling That revisits my bones Every day. I only remember pieces Of the prayer: Thee by that exceeding pain, A meadow you hold open Like a door

many thanks to @giac.bsky.social for including two poems of mine in the beautiful, stacked new issue of Neutral Spaces magazine — this one is for my wife Kristi and will be in A Letter From The Mountain & Other Poems, out in the new year from Animal Heart Press :) neutralspaces.co/magazine/fou...

1 year ago 49 11 4 2
Preview
Neutral Spaces Magazine | Issue Four I Cannot Make You Famous

Every now and again I put together a collection of writing via Neutral Spaces — issue four went up today

neutralspaces.co/magazine/four/

1 year ago 13 6 0 1
Preview
Two Million Shirts A book-lengthed poem by Zac Smith and Giacomo Pope

Also if you want to read it, it’s online for free: twomillionshirts.com

1 year ago 4 2 0 0
Trying to be normal Not knowing how not to be normal Accepting it doesn't matter But assuming maybe it does

Trying to be normal Not knowing how not to be normal Accepting it doesn't matter But assuming maybe it does

Accepting you don’t know what normal... anything is... or... something Understanding that normal to you doesn’t mean normal Feeling normal anyway

Accepting you don’t know what normal... anything is... or... something Understanding that normal to you doesn’t mean normal Feeling normal anyway

Zac Smith (@zacsmithtweeto.bsky.social) & Giacomo Pope (@giac.bsky.social), from Two Million Shirts

1 year ago 21 5 1 2

I love this book

1 year ago 1 0 1 0
Advertisement
Post image

Are you attending Asiacrypt2024? If you are a women-in-cryptography, you can participate in our coffee breaks: docs.google.com/forms/d/e/1F... We will match you with someone and you can grab a coffee/tea in person!

1 year ago 9 6 0 1
Post image Post image

As a gift via Molly and NYT

magazine.nytyrant.com/three-poems-...

1 year ago 5 1 0 1

Happy birthday, Tom :)

1 year ago 1 0 1 0
Post image

SQIsign lives!!

asiacrypt.iacr.org/2024/program...

1 year ago 15 7 2 0
Preview
Halving differential additions on Kummer lines We study differential additions formulas on Kummer lines that factorize through a degree $2$ isogeny $\phi$. We call the resulting formulas half differential additions: from the knowledge of $\phi(P),...

First, let me comment a bit on the article eprint.iacr.org/2024/1582, written with my phd student Nicolas Sarkis. This is a follow up to our article on computing 2-isogenies between Kummer lines: eprint.iacr.org/2024/037

1 year ago 11 5 1 0

Having fixed most issues, isogeni.es should be up and running now. Perhaps useful for others too!

(it simply scrapes recent isogeny papers from ePrint, and formats these nicely)

1 year ago 8 5 1 0
Abstract. In this paper, we describe an algorithm to compute chains of (2,2)-isogenies between products of elliptic curves in the theta model. The description of the algorithm is split into various subroutines to allow for a precise field operation counting. We present a constant time implementation of our algorithm in Rust and an alternative implementation in SageMath. Our work in SageMath runs ten times faster than a comparable implementation of an isogeny chain using the Richelot correspondence. The Rust implementation runs up to forty times faster than the equivalent isogeny in SageMath and has been designed to be portable for future research in higher-dimensional isogeny-based cryptography.

Abstract. In this paper, we describe an algorithm to compute chains of (2,2)-isogenies between products of elliptic curves in the theta model. The description of the algorithm is split into various subroutines to allow for a precise field operation counting. We present a constant time implementation of our algorithm in Rust and an alternative implementation in SageMath. Our work in SageMath runs ten times faster than a comparable implementation of an isogeny chain using the Richelot correspondence. The Rust implementation runs up to forty times faster than the equivalent isogeny in SageMath and has been designed to be portable for future research in higher-dimensional isogeny-based cryptography.

An Algorithmic Approach to (2,2)-isogenies in the Theta Model and Applications to Isogeny-based Cryptography (Pierrick Dartois, Luciano Maino, Giacomo Pope, Damien Robert) ia.cr/2023/1747

2 years ago 4 2 0 0
Abstract. GLS254 is an elliptic curve defined over a finite field of characteristic 2; it contains a 253-bit prime order subgroup, and supports an endomorphism that can be efficiently computed and helps speed up some typical operations such as multiplication of a curve element by a scalar. That curve offers on x86 and ARMv8 platforms the best known performance for elliptic curves at the 128-bit security level. In this paper we present a number of new results related to GLS254: - We describe new efficient and complete point doubling formulas (2M+4S) applicable to all ordinary binary curves. - We apply the previously described (x,s) coordinates to GLS254, enhanced with the new doubling formulas. We obtain formulas that are not only fast, but also complete, and thus allow generic constant-time usage in arbitrary cryptographic protocols. - Our strictly constant-time implementation multiplies a point by a scalar in 31615 cycles on an x86 Coffee Lake, and 77435 cycles on an ARM Cortex-A55, improving previous records by 13% and 11.7% on these two platforms, respectively. - We take advantage of the completeness of the formulas to define some extra operations, such as canonical encoding with (x, s) compression, constant-time hash-to-curve, and signatures. Our Schnorr signatures have size only 48 bytes, and offer good performance: signature generation in 18374 cycles, and verification in 27376 cycles, on x86; this is about four times faster than the best reported Ed25519 implementations on the same platform. - The very fast implementations leverage the carryless multiplication opcodes offered by the target platforms. We also investigate performance on CPUs that do not offer such an operation, namely a 64-bit RISC-V CPU (SiFive-U74 core) and a 32-bit ARM Cortex-M4 microcontroller. While the achieved performance is substantially poorer, it is not catastrophic; on both platforms, GLS254 signatures are only about 2x to 2.5x slower than Ed25519.

Abstract. GLS254 is an elliptic curve defined over a finite field of characteristic 2; it contains a 253-bit prime order subgroup, and supports an endomorphism that can be efficiently computed and helps speed up some typical operations such as multiplication of a curve element by a scalar. That curve offers on x86 and ARMv8 platforms the best known performance for elliptic curves at the 128-bit security level. In this paper we present a number of new results related to GLS254: - We describe new efficient and complete point doubling formulas (2M+4S) applicable to all ordinary binary curves. - We apply the previously described (x,s) coordinates to GLS254, enhanced with the new doubling formulas. We obtain formulas that are not only fast, but also complete, and thus allow generic constant-time usage in arbitrary cryptographic protocols. - Our strictly constant-time implementation multiplies a point by a scalar in 31615 cycles on an x86 Coffee Lake, and 77435 cycles on an ARM Cortex-A55, improving previous records by 13% and 11.7% on these two platforms, respectively. - We take advantage of the completeness of the formulas to define some extra operations, such as canonical encoding with (x, s) compression, constant-time hash-to-curve, and signatures. Our Schnorr signatures have size only 48 bytes, and offer good performance: signature generation in 18374 cycles, and verification in 27376 cycles, on x86; this is about four times faster than the best reported Ed25519 implementations on the same platform. - The very fast implementations leverage the carryless multiplication opcodes offered by the target platforms. We also investigate performance on CPUs that do not offer such an operation, namely a 64-bit RISC-V CPU (SiFive-U74 core) and a 32-bit ARM Cortex-M4 microcontroller. While the achieved performance is substantially poorer, it is not catastrophic; on both platforms, GLS254 signatures are only about 2x to 2.5x slower than Ed25519.

Image showing part 2 of abstract.

Image showing part 2 of abstract.

Image showing part 3 of abstract.

Image showing part 3 of abstract.

Faster Complete Formulas for the GLS254 Binary Curve (Thomas Pornin) ia.cr/2023/1688

2 years ago 5 3 0 0

Zq is usually used for p-adics anyway, so you can be a force for change and just use Fp, as they’re working over this Galois field, right?

2 years ago 0 0 0 0
Advertisement

*slaps roof of the theta model* this baby can go to arbitrary dimension.

2 years ago 2 1 1 0

Time to standardise isogenies 🐙

2 years ago 1 0 1 0

🪿 Honk World 🪿

2 years ago 4 0 0 0

If it’s not catchy then there’s no worry about it catching on ;)

2 years ago 4 0 0 0

This is so cool. If nothing else, this account will encourage me to pop onto the app each day.

2 years ago 2 0 0 0