{"id":291860,"date":"2016-09-12T15:33:26","date_gmt":"2016-09-12T22:33:26","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/?post_type=msr-event&#038;p=291860"},"modified":"2025-08-06T11:59:17","modified_gmt":"2025-08-06T18:59:17","slug":"ecc-2010","status":"publish","type":"msr-event","link":"https:\/\/www.microsoft.com\/en-us\/research\/event\/ecc-2010\/","title":{"rendered":"ECC 2010"},"content":{"rendered":"\n\n<div id=\"dedM\" class=\"deM\">\n<p>Workshop on Elliptic Curves and Computation: 25th Anniversary of Elliptic Curve Cryptography<\/p>\n<\/div>\n<p><span id=\"label-external-link\" class=\"sr-only\" aria-hidden=\"true\">Opens in a new tab<\/span><\/p>\n<h3>Main Organizers:<\/h3>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.washington.edu\/~koblitz\/\">Neal Koblitz<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Washington, Seattle, USA)<\/li>\n<li><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/people\/klauter\/\">Kristin Lauter<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Microsoft Research, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/en.wikipedia.org\/wiki\/Victor_S._Miller\">Victor Miller<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Institute for Defense Analyses, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/modular.math.washington.edu\/\">William Stein<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Washington, Seattle, USA)<\/li>\n<\/ul>\n<h3>Program Committee:<\/h3>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/cr.yp.to\/djb.html\">Daniel J. Bernstein<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Illinois at Chicago, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.loria.fr\/~gaudry\/index.en.html\">Pierrick Gaudry<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Loria, France)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.washington.edu\/~koblitz\/\">Neal Koblitz<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Washington, Seattle, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.hyperelliptic.org\/tanja\">Tanja Lange<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Technische Universiteit Eindhoven)<\/li>\n<li><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/people\/klauter\/\">Kristin Lauter<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Microsoft Research, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/en.wikipedia.org\/wiki\/Victor_S._Miller\">Victor Miller<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Institute for Defense Analyses, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/math.ucalgary.ca\/~rscheidl\/\">Renate Scheidler<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Calgary, Canada)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/modular.math.washington.edu\/\">William Stein<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Washington, Seattle, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.certicom.com\/index.php\/about\/9-board-of-directors\/94--founder-a-evp-strategic-technology\">Scott Vanstone<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Waterloo, Canada)<\/li>\n<\/ul>\n<p><span id=\"label-external-link\" class=\"sr-only\" aria-hidden=\"true\">Opens in a new tab<\/span><\/p>\n<p>\t<div data-wp-context='{\"items\":[]}' data-wp-interactive=\"msr\/accordion\">\n\t\t\t\t\t<div class=\"clearfix\">\n\t\t\t\t<div\n\t\t\t\t\tclass=\"btn-group align-items-center mb-g float-sm-right\"\n\t\t\t\t\tdata-bi-aN=\"accordion-collapse-controls\"\n\t\t\t\t>\n\t\t\t\t\t<button\n\t\t\t\t\t\tclass=\"btn btn-link m-0\"\n\t\t\t\t\t\tdata-bi-cN=\"Expand all\"\n\t\t\t\t\t\tdata-wp-bind--aria-controls=\"state.ariaControls\"\n\t\t\t\t\t\tdata-wp-bind--aria-expanded=\"state.ariaExpanded\"\n\t\t\t\t\t\tdata-wp-bind--disabled=\"state.isAllExpanded\"\n\t\t\t\t\t\tdata-wp-class--inactive=\"state.isAllExpanded\"\n\t\t\t\t\t\tdata-wp-on--click=\"actions.onExpandAll\"\n\t\t\t\t\t\ttype=\"button\"\n\t\t\t\t\t>\n\t\t\t\t\t\tExpand all\t\t\t\t\t<\/button>\n\t\t\t\t\t<span aria-hidden=\"true\"> | <\/span>\n\t\t\t\t\t<button\n\t\t\t\t\t\tclass=\"btn btn-link m-0\"\n\t\t\t\t\t\tdata-bi-cN=\"Collapse all\"\n\t\t\t\t\t\tdata-wp-bind--aria-controls=\"state.ariaControls\"\n\t\t\t\t\t\tdata-wp-bind--aria-expanded=\"state.ariaExpanded\"\n\t\t\t\t\t\tdata-wp-bind--disabled=\"state.isAllCollapsed\"\n\t\t\t\t\t\tdata-wp-class--inactive=\"state.isAllCollapsed\"\n\t\t\t\t\t\tdata-wp-on--click=\"actions.onCollapseAll\"\n\t\t\t\t\t\ttype=\"button\"\n\t\t\t\t\t>\n\t\t\t\t\t\tCollapse all\t\t\t\t\t<\/button>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t\t<ul class=\"msr-accordion\">\n\t\t\t\t\t\t\t\t<li class=\"m-0\" data-wp-context='{\"id\":\"accordion-content-2690\"}' data-wp-init=\"callbacks.init\">\n\t\t<div class=\"accordion-header\">\n\t\t\t<button\n\t\t\t\taria-controls=\"accordion-content-2690\"\n\t\t\t\tclass=\"btn btn-collapse\"\n\t\t\t\tdata-wp-bind--aria-expanded=\"state.isExpanded\"\n\t\t\t\tdata-wp-on--click=\"actions.onClick\"\n\t\t\t\tid=\"accordion-button-2689\"\n\t\t\t\ttype=\"button\"\n\t\t\t>\n\t\t\t\tMonday\t\t\t<\/button>\n\t\t<\/div>\n\t\t<div\n\t\t\taria-labelledby=\"accordion-button-2689\"\n\t\t\tclass=\"msr-accordion__content\"\n\t\t\tdata-wp-bind--inert=\"!state.isExpanded\"\n\t\t\tdata-wp-run=\"callbacks.run\"\n\t\t\tid=\"accordion-content-2690\"\n\t\t>\n\t\t\t<div class=\"msr-accordion__body\">\n\t\t\t\t<table>\n<tbody>\n<tr>\n<td colspan=\"3\"><strong>Monday<\/strong><\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td colspan=\"2\">Session chair: Kristin Lauter<\/td>\n<\/tr>\n<tr>\n<td>09:00 &#8211; 10:00<\/td>\n<td>Gerhard Frey<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/elliptic-curves-facts-conjectures-and-applications\/\">Elliptic Curves: Facts, Conjectures and Applicationsi<\/a><\/td>\n<\/tr>\n<tr>\n<td>10:00 &#8211; 10:30<\/td>\n<td><\/td>\n<td>Coffee break<\/td>\n<\/tr>\n<tr>\n<td>10:30 &#8211; 11:30<\/td>\n<td>Victor Miller<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/elliptic-curves-cryptography-and-computation\/\">Elliptic Curves, Cryptography and Computation<\/a><\/td>\n<\/tr>\n<tr>\n<td>11:30 &#8211; 11:45<\/td>\n<td><\/td>\n<td>Short break<\/td>\n<\/tr>\n<tr>\n<td>11:45 &#8211; 12:45<\/td>\n<td>Francois Morain<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/elliptic-curves-with-complex-multiplication-history-and-perspectives\/\">Elliptic curves with complex multiplication: history and perspectives<\/a><\/td>\n<\/tr>\n<tr>\n<td>12:45 &#8211; 14:00<\/td>\n<td><\/td>\n<td>Lunch break<\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td colspan=\"2\">Session chair: Scott Vanstone<\/td>\n<\/tr>\n<tr>\n<td>14:00 &#8211; 15:00<\/td>\n<td>Ren\u00e9 Schoof<\/td>\n<td><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/Counting points on elliptic curves over finite fields and beyond\">Counting points on elliptic curves over finite fields and beyond<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><\/td>\n<\/tr>\n<tr>\n<td>15:00 &#8211; 15:30<\/td>\n<td><\/td>\n<td>Coffee break<\/td>\n<\/tr>\n<tr>\n<td>15:30 &#8211; 16:30<\/td>\n<td>Shafi Goldwasser<\/td>\n<td>Past and Present: Primes and Cryptography<\/td>\n<\/tr>\n<tr>\n<td>16:30 &#8211; 16:45<\/td>\n<td><\/td>\n<td>Short break<\/td>\n<\/tr>\n<tr>\n<td>16:45 &#8211; 17:45<\/td>\n<td>Neal Koblitz<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/my-last-24-years-in-crypto-a-few-good-judgments-and-many-bad-ones\/\">My Last 24 Years in Crypto: A Few Good Judgments and Many Bad Ones<\/a><\/td>\n<\/tr>\n<tr>\n<td>18:00 &#8211;<\/td>\n<td><\/td>\n<td>Reception<\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td colspan=\"2\">Session chair: Neal Koblitz<\/td>\n<\/tr>\n<tr>\n<td>18:30 &#8211; 18:50<\/td>\n<td>Scott Vanstone<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/scott-vanstone-award-lecture-rump-session\/\">Award lecture<\/a>\u00a0(video covers also rump session)<\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td colspan=\"2\">Session chair: Daniel J. Bernstein<\/td>\n<\/tr>\n<tr>\n<td>18:50 &#8211; 21:00<\/td>\n<td><\/td>\n<td><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/hyperelliptic.org\/djb\/ecc2010rump\/submit.php\">Rump session<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span id=\"label-external-link\" class=\"sr-only\" aria-hidden=\"true\">Opens in a new tab<\/span><\/p>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/li>\n\t\t<li class=\"m-0\" data-wp-context='{\"id\":\"accordion-content-2692\"}' data-wp-init=\"callbacks.init\">\n\t\t<div class=\"accordion-header\">\n\t\t\t<button\n\t\t\t\taria-controls=\"accordion-content-2692\"\n\t\t\t\tclass=\"btn btn-collapse\"\n\t\t\t\tdata-wp-bind--aria-expanded=\"state.isExpanded\"\n\t\t\t\tdata-wp-on--click=\"actions.onClick\"\n\t\t\t\tid=\"accordion-button-2691\"\n\t\t\t\ttype=\"button\"\n\t\t\t>\n\t\t\t\tTuesday\t\t\t<\/button>\n\t\t<\/div>\n\t\t<div\n\t\t\taria-labelledby=\"accordion-button-2691\"\n\t\t\tclass=\"msr-accordion__content\"\n\t\t\tdata-wp-bind--inert=\"!state.isExpanded\"\n\t\t\tdata-wp-run=\"callbacks.run\"\n\t\t\tid=\"accordion-content-2692\"\n\t\t>\n\t\t\t<div class=\"msr-accordion__body\">\n\t\t\t\t<table>\n<tbody>\n<tr valign=\"top\">\n<td colspan=\"3\"><b>Tuesday<\/b><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td><\/td>\n<td colspan=\"2\">Session chair: Alfred Menezes<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>09:00 &#8211; 10:00<\/td>\n<td>Michael Naehrig<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/pairings-on-elliptic-curves-parameter-selection-and-efficient-computation\/\">Pairings on elliptic curves &#8211; parameter selection and efficient computation<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>10:00 &#8211; 10:30<\/td>\n<td><\/td>\n<td>Coffee break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>10:30 &#8211; 11:30<\/td>\n<td>William Stein<\/td>\n<td><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/rmc-stage\/apps\/video\/dl.aspx?id=140583\">Elliptic Curves in Sage<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>11:30 &#8211; 11:45<\/td>\n<td><\/td>\n<td>Short break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>11:45 &#8211; 12:45<\/td>\n<td>Wouter Castryck<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/the-probability-of-primality-of-the-order-of-a-genus-2-curve-jacobian\/\">The probability of primality of the order of a genus 2 curve Jacobian<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>12:45- 14:00<\/td>\n<td><\/td>\n<td>Lunch break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td><\/td>\n<td colspan=\"2\">Session chair: Peter Stevenhagen<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>14:00 &#8211; 15:00<\/td>\n<td>David Kohel<\/td>\n<td><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/rmc-stage\/apps\/video\/dl.aspx?id=140496\">Endomorphisms, isogeny graphs, and moduli<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>15:00 &#8211; 15:30<\/td>\n<td><\/td>\n<td>Coffee break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>15:30 &#8211; 16:30<\/td>\n<td>Huseyin Hisil<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/faster-formulas-for-elliptic-curves\/\">Faster formulas for elliptic curves<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>16:30 &#8211; 16:45<\/td>\n<td><\/td>\n<td>Short break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>16:45 &#8211; 17:45<\/td>\n<td>Da<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span id=\"label-external-link\" class=\"sr-only\" aria-hidden=\"true\">Opens in a new tab<\/span><\/p>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/li>\n\t\t<li class=\"m-0\" data-wp-context='{\"id\":\"accordion-content-2694\"}' data-wp-init=\"callbacks.init\">\n\t\t<div class=\"accordion-header\">\n\t\t\t<button\n\t\t\t\taria-controls=\"accordion-content-2694\"\n\t\t\t\tclass=\"btn btn-collapse\"\n\t\t\t\tdata-wp-bind--aria-expanded=\"state.isExpanded\"\n\t\t\t\tdata-wp-on--click=\"actions.onClick\"\n\t\t\t\tid=\"accordion-button-2693\"\n\t\t\t\ttype=\"button\"\n\t\t\t>\n\t\t\t\tWednesday\t\t\t<\/button>\n\t\t<\/div>\n\t\t<div\n\t\t\taria-labelledby=\"accordion-button-2693\"\n\t\t\tclass=\"msr-accordion__content\"\n\t\t\tdata-wp-bind--inert=\"!state.isExpanded\"\n\t\t\tdata-wp-run=\"callbacks.run\"\n\t\t\tid=\"accordion-content-2694\"\n\t\t>\n\t\t\t<div class=\"msr-accordion__body\">\n\t\t\t\t<table>\n<tbody>\n<tr valign=\"top\">\n<td colspan=\"3\"><b>Wednesday<\/b><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td><\/td>\n<td colspan=\"2\">Session chair: Pierrick Gaudry<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>09:00 &#8211; 10:00<\/td>\n<td>Francisco Rodrigues-Henriquez<\/td>\n<td>Faster Implementation of Pairings<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>10:00 &#8211; 10:30<\/td>\n<td><\/td>\n<td>Coffee break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>10:30 &#8211; 11:30<\/td>\n<td>Bianca Viray<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/igusa-class-polynomials-embeddings-of-quartic-cm-fields-and-arithmetic-intersection-theory\/\">Igusa class polynomials, embeddings of quartic CM fields, and arithmetic intersection theory<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>11:30 &#8211; 11:45<\/td>\n<td><\/td>\n<td>Short break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>11:45 &#8211; 12:45<\/td>\n<td>Vanessa Vitse<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/f4-traces-and-index-calculus-on-elliptic-curves-over-extension-fields\/\">F4 traces and index calculus on elliptic curves over extension fields<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>12:45- 14:00<\/td>\n<td><\/td>\n<td>Lunch break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td><\/td>\n<td colspan=\"2\">Session chair: Neal Koblitz<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>14:00 &#8211; 15:00<\/td>\n<td>Darrel Hankerson<\/td>\n<td>Software implementation of pairings at the 128-bit security level<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>15:00 &#8211; 15:30<\/td>\n<td><\/td>\n<td>Coffee break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>15:30 &#8211; 16:30<\/td>\n<td>Karl Rubin<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/selmer-ranks-of-elliptic-curves-in-families-of-quadratic-twists\/\">Selmer ranks of elliptic curves in families of quadratic twists<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>16:30 &#8211; 16:45<\/td>\n<td><\/td>\n<td>Short break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>16:45 &#8211; 17:45<\/td>\n<td>Damien Robert<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/generalizing-velus-formulas-and-some-applications\/\">Generalizing V\u00e9lu&#8217;s formulas and some applications<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>18:00 &#8211;<\/td>\n<td><\/td>\n<td>Conference dinner<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span id=\"label-external-link\" class=\"sr-only\" aria-hidden=\"true\">Opens in a new tab<\/span><\/p>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/li>\n\t\t<li class=\"m-0\" data-wp-context='{\"id\":\"accordion-content-2696\"}' data-wp-init=\"callbacks.init\">\n\t\t<div class=\"accordion-header\">\n\t\t\t<button\n\t\t\t\taria-controls=\"accordion-content-2696\"\n\t\t\t\tclass=\"btn btn-collapse\"\n\t\t\t\tdata-wp-bind--aria-expanded=\"state.isExpanded\"\n\t\t\t\tdata-wp-on--click=\"actions.onClick\"\n\t\t\t\tid=\"accordion-button-2695\"\n\t\t\t\ttype=\"button\"\n\t\t\t>\n\t\t\t\tThursday\t\t\t<\/button>\n\t\t<\/div>\n\t\t<div\n\t\t\taria-labelledby=\"accordion-button-2695\"\n\t\t\tclass=\"msr-accordion__content\"\n\t\t\tdata-wp-bind--inert=\"!state.isExpanded\"\n\t\t\tdata-wp-run=\"callbacks.run\"\n\t\t\tid=\"accordion-content-2696\"\n\t\t>\n\t\t\t<div class=\"msr-accordion__body\">\n\t\t\t\t<table>\n<tbody>\n<tr valign=\"top\">\n<td colspan=\"3\"><b>Thursday<\/b><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td><\/td>\n<td colspan=\"2\">Session chair: William Stein<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>09:00 &#8211; 10:00<\/td>\n<td>Junfeng Fan<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/ecc-on-constrained-devices\/\">ECC on constrained devices<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>10:00 &#8211; 10:30<\/td>\n<td><\/td>\n<td>Coffee break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>10:30 &#8211; 11:30<\/td>\n<td>Melissa Chase<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/pairing-based-proof-systems-and-applications-to-anonymous-credentials\/\">Pairing-based proof systems and applications to anonymous credentials<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>11:30 &#8211; 11:45<\/td>\n<td><\/td>\n<td>Short break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>11:45 &#8211; 12:45<\/td>\n<td>Kristin Lauter<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/computing-genus-2-curves-from-invariants-on-the-hilbert-moduli-space\/\">Computing genus 2 curves from invariants on the Hilbert moduli space<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>12:45- 14:00<\/td>\n<td><\/td>\n<td>Lunch break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td><\/td>\n<td colspan=\"2\">Session chair: Victor Miller<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>14:00 &#8211; 15:00<\/td>\n<td>Daniel J. Bernstein<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/algorithms-for-primes\/\">Algorithms for primes<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>15:00 &#8211; 15:30<\/td>\n<td><\/td>\n<td>Coffee break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>15:30 &#8211; 16:30<\/td>\n<td>Winnie Li<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/atkin-swinnerton-dyer-congruences-on-noncongruence-modular-forms\/\">Atkin-Swinnerton-Dyer congruences on noncongruence modular forms<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>16:30 &#8211; 16:45<\/td>\n<td><\/td>\n<td>Short break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>16:45 &#8211; 17:45<\/td>\n<td>Bryan Birch<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/a-tribute-to-oliver-atkin\/\">A Tribute to Oliver Atkin<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td colspan=\"3\"><b>Friday<\/b><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td><\/td>\n<td colspan=\"2\">Session chair: Tanja Lange<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>09:00 &#8211; 10:00<\/td>\n<td>Andreas Enge<\/td>\n<td>Class polynomials by Chinese remaindering<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>10:00 &#8211; 10:30<\/td>\n<td><\/td>\n<td>Coffee break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>10:30 &#8211; 11:30<\/td>\n<td>Alice Silverberg<\/td>\n<td>On elliptic curves with an isogeny of degree 7<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>11:30 &#8211; 11:45<\/td>\n<td><\/td>\n<td>Short break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>11:45 &#8211; 12:45<\/td>\n<td>Melanie Matchett Wood<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/composition-laws\/\">Composition Laws<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>12:45- 14:30<\/td>\n<td><\/td>\n<td>Lunch break in the MS commons<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td><\/td>\n<td colspan=\"2\">Session chair: Harold Edwards<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>14:30 &#8211; 15:30<\/td>\n<td>Peter Montgomery<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/ecm-then-and-now\/\">ECM &#8212; Then and Now<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>15:30 &#8211; 16:00<\/td>\n<td><\/td>\n<td>Coffee break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>16:00 &#8211; 17:00<\/td>\n<td>Tanja Lange<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/breaking-ecc2k-130-2\/\">Breaking ECC2K-130<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>17:00 &#8211;<\/td>\n<td><\/td>\n<td>adjourn<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span id=\"label-external-link\" class=\"sr-only\" aria-hidden=\"true\">Opens in a new tab<\/span><\/p>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t<\/div>\n\t<span id=\"label-external-link\" class=\"sr-only\" aria-hidden=\"true\">Opens in a new tab<\/span><\/p>\n<p><span id=\"label-external-link\" class=\"sr-only\" aria-hidden=\"true\">Opens in a new tab<\/span><\/p>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/cr.yp.to\/djb.html\">Daniel J. Bernstein<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Illinois at Chicago, USA)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Bernstein.pdf\">Algorithms for primes<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>This talk will consist of a series of light mini-talks inspired by Atkin&#8217;s papers on recognizing primes (1982, &#8220;On a primality test of Solovay and Strassen&#8221;; 1995, &#8220;Intelligent primality test offer&#8221;), proving primes to be prime (1993, &#8220;Elliptic curves and primality proving&#8221;), factoring integers into primes (1993, &#8220;Finding suitable curves for the elliptic curve method of factorization&#8221;), and enumerating primes (2004, &#8220;Prime sieves using binary quadratic forms&#8221;).<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/en.wikipedia.org\/wiki\/Bryan_Birch\">Bryan Birch<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Oxford, UK)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/birch-atkintribute.txt\">A Tribute to Oliver Atkin<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>As a tribute to Oliver Atkin, I will be surveying his work; I will also be including some biographical details. As that would be far too much to talk about, I will be forced to be selective, and will mainly concentrate on work he did in his earlier years, including a bit about what may have influenced him to do that work, and what his work led to.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/wis.kuleuven.be\/algebra\/castryck\/\">Wouter Castryck<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (K.U.Leuven, Belgium)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Castryck.pdf\">The probability of primality of the order of a genus 2 curve Jacobian<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>In 2000, Galbraith and McKee conjectured a formula estimating the probability of primality of the number of rational points on an elliptic curve over a finite field. Their heuristic derivation was based on an analytic class number formula counting bivariate quadratic forms up to equivalence. We will give alternative heuristics in favor of the conjecture, based on a random matrix model. This approach seems better-suited for generalizing the conjecture to curves of higher genus. We will then elaborate this in genus 2.\u00a0This is joint work with Hendrik Hubrechts and Alessandra Rigato.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"https:\/\/research.microsoft.com\/en-us\/um\/people\/melissac\/\">Melissa Chase<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Microsoft Research, USA)<br \/>\nPairing-based proof systems and applications to anonymous credentials<br \/>\nPairing based cryptography has resulted in a number of breakthrough results, including some major developments in the area of zero knowledge proof systems. A zero knowledge proof system allows a party to prove that a statement is true without revealing any other information. Zero knowledge proofs are used in everything from identification protocols (allowing a party to prove that he is who he claims to be) and encryption schemes with stronger security properties, to securing protocols against malicious adversaries, and constructing privacy preserving systems. It has been shown that zero knowledge proofs can be constructed from a variety of number theoretic assumptions (or, more generally from any trapdoor permutation); however most of these constructions are complex and inefficient. In &#8217;06 Groth, Ostrovsky, an Sahai showed how to construct proof systems based on pairings which have much more structure than traditional constructions; this structure in turn has since been shown to result in proof systems with greater efficiency, stronger security, and more functionality. This talk will describe at a high level how pairings allows us to construct zero knowledge proofs with more structure than traditional tools, and then discuss some of the applications that take advantage of this structure, focusing on applications to privacy and anonymity.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.u-bordeaux1.fr\/~enge\/\">Andreas Enge<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (INRIA Bordeaux &#8211; Sud-Ouest and IMB, France)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Enge.pdf\">Class polynomials by Chinese remaindering<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>Polynomials generating ring class fields of imaginary-quadratic number fields are the main ingredient for obtaining elliptic curves with prescribed complex multiplication. In recent years, algorithms computing such class polynomials by Chinese remaindering have been found which are faster (both in theory and practice) than the classical complex analytic approach. I will give an overview of the algorithms and concentrate on how the last stumbling block could be overcome, the use of alternative class invariants that lead to smaller polynomials.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/homes.esat.kuleuven.be\/~jfan\/\">Junfeng Fan<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (K.U.Leuven, Belgium)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Fan.pdf\">ECC on constrained devices<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>The embedded security community has been looking at the ECC ever since it was introduced. Hardware designers are now challenged by limited area (<15k Gates), low power budget (<100uw) and sophisticated physical attacks. This talk will report the stateof-the-art ECC implementations for ultra-constrained devices. We take a passive RFID tag as our potential target. We will discuss the known techniques to realize ECC on such kind of devices, and what are the challenges we face now and in the near future.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/en.wikipedia.org\/wiki\/Gerhard_Frey\">Gerhard Frey<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Institute for Experimental Mathematics, Germany)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Frey.pdf\">Elliptic Curves: Facts, Conjectures and Applications<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>Elliptic curves E can be given by plane projective cubic curves and so seem to be very simple objects. A first hint for more structure is that there is an algebraic addition law for the rational points. In fact, there is a natural isomorphism of E with its Jacobian variety, and so E is at the same time a curve of low degree and an abelian variety of smallest possible dimension. This is the reason for a very rich and deep theory behind making elliptic curves to ideal objects for both theoretical and experimental investigations, always with a strong algorithmic aspect. As outcome we find an abundance of key conjectures of arithmetic geometry inspired (and even proven) by elliptic curves. It will be the purpose of the talk to explain some of these conjectures and results and, as important and rather astonishing side effect, state why these properties of elliptic curves make them to a most efficient and secure tool for public key crypto systems based on discrete logarithms.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/people.csail.mit.edu\/shafi\/\">Shafi Goldwasser<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (MIT, USA and Weizmann Institute of Science, Israel)<br \/>\nPast and Present: Primes and Cryptography<br \/>\nThe talk will be composed of two parts: (1) We will present an open problem in primality testing (yes &#8211; they still exist) and (2) we will describe some current trends in designing public key encryption schemes (designing schemes which are circular secure, resistant to leakage about secret keys, and secure even when auxiliary input is known about secret keys), with an eye toward an elliptic curve based crypto system with these stronger properties.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.dcu.ie\/info\/staff_member.php?id_no=3620\">Rob Granger<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Claude Shannon Institute, Ireland)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Granger.pdf\">On the Static Diffie<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Granger.pdf\">&#8211;<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Granger.pdf\">Hellman Problem on Elliptic Curves over Extension Fields<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> Recent work by Koblitz and Menezes has highlighted the existence, in some cases, of apparent separations between the hardness of breaking discrete logarithms in a particular group, and the hardness of solving in that group problems to which the security of certain cryptosystems are provably related. We consider one such problem in the context of elliptic curves over extension fields, and report potential weaknesses of the GalbraithLin-Scott curves from EUROCRYPT 2009, as well as a practical attack on some legacy curves.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.dms.auburn.edu\/faculty\/hankerson\/index.html\">Darrel Hankerson<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Auburn University, USA)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Hankerson.pdf\">Software implementation of pairings at the 128<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Hankerson.pdf\">&#8211;<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Hankerson.pdf\">bit security level<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>Security and efficiency issues for pairings derived from supersingular curves are discussed, in particular for genus-2 curves. Parallelization and new hardware features significantly accelerate such pairings, and we examine the competitiveness against asymmetric pairings. For the genus-2 case, we consider implications for certain protocols when attempting to choose parameters favorable to speed.<br \/>\nThis talk samples recent work with D. Aranha, S. Chatterjee, J. L\u00f3pez, and A. Menezes.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/cims.nyu.edu\/~harvey\/\">David Harvey<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Courant Institute of Mathematical Sciences, USA)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Harvey.pdf\">Counting points on projective hypersurfaces<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>I will discuss recent progress on a new algorithm for computing the Zeta function of a projective hypersurface over a finite field.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/huseyinhisil.net\/\">Huseyin Hisil<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Turkey)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Hisil.pdf\">Faster formulas for elliptic curves<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>The talk is about the derivation of the addition law on an arbitrary elliptic curve and efficiently adding points on this elliptic curve using the derived addition law. The outcomes of this work guarantee practical speedups in higher level operations which depend on point additions. In particular, the contributions immediately find applications in cryptology.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.washington.edu\/~koblitz\/\">Neal Koblitz<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Washington, Seattle, USA)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Koblitz.pdf\">My Last 24 Years in Crypto: A Few Good Judgments and Many Bad Ones<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>After describing some joint work with Menezes in which isogenies are used to show that conventional wisdom about parameter selection might sometimes be wrong, I&#8217;ll shift gears and make some comments on how easy it is to get things badly wrong in cryptography. I&#8217;ll illustrate by giving a brief survey of some of the many misjudgments I&#8217;ve made over the years.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/iml.univ-mrs.fr\/~kohel\/\">David Kohel<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Institut de Math\u00e9matiques de Luminy, France)<br \/>\nEndomorphisms, isogeny graphs, and moduli<br \/>\nI will present a retrospective of aspects of my thesis, in light of applications in the last 14 years since its birth. In particular, I will focus on explicit isogenies, moduli of elliptic curves and CM structure, the &#8220;local&#8221; Galois module structures of l-torsion and l-isogeny graphs, and &#8220;global&#8221; structure of action visa class groups and isogenies. The focus will be directed principally towards ordinary elliptic curves over finite fields, but I will discuss briefly the supersingular case and generalizations to higher dimension.<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/hyperelliptic.org\/tanja\/\">Tanja Lange<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Technische Universiteit Eindhoven, Netherlands)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Lange.pdf\">Breaking ECC2K<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Lange.pdf\">&#8211;<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Lange.pdf\">130<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>ECC2K-130 is the smallest unsolved Certicom discrete-logarithm challenge. Certicom originally stated that breaking ECC2K-130 was &#8220;infeasible&#8221; and would require 2700000000 machine days.<br \/>\nThis talk reports on an ongoing joint project by researchers from 12 different universities to break ECC2K-130. The project has increased our knowledge of the mathematical speedups for attacking elliptic-curve cryptosystems, has led to a new representation for finite fields in &#8216;optimal polynomial bases&#8217;, and has led to a better understanding of the randomness of pseudorandom walks used in Pollard&#8217;s rho method. The project has produced optimized implementations of a highly tuned iteration function for different platforms ranging from standard CPUs to customized FPGA clusters.These optimizations have moved the ECC2K-130 computation to the range of feasibility.The computation would finish in only two years using 1595 standard PCs, or 1231 PlayStation 3 game consoles, or 534 GTX 295 graphics cards, or 308 XC3S5000 FPGAs, or any combination of the above. We are now actively performing the computations. See our <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/x.com\/eccchallenge\">twitter page<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> for updates.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/research.microsoft.com\/en-us\/people\/klauter\/default.aspx\">Kristin Lauter<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Microsoft Research, USA)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Lauter.pdf\">Computing genus 2 curves from invariants on the Hilbert moduli space<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> Joint work with <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.wisc.edu\/~thyang\/\">Tonghai Yang<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Wisconsin USA); he was originally scheduled to present this work.<br \/>\nWe give a new method for generating genus 2 curves over a finite field with a given number of points on the Jacobian of the curve. We define two new invariants for genus 2 curves as values of modular functions on the Hilbert moduli space and show how to compute them. We relate them to the usual three Igusa invariants on the Siegel moduli space and give an algorithm to construct curves using these new invariants. Our approach simplifies the complex analytic method for computing genus 2 curves for cryptography and reduces the amount of computation required.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.psu.edu\/wli\/\">Winnie Li<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Penn State, USA and National Center for Theoretical Sciences, Taiwan)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Li.pdf\">Atkin<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Li.pdf\">&#8211;<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Li.pdf\">Swinnerton<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Li.pdf\">&#8211;<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Li.pdf\">Dyer congruences on noncongruence modular forms<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>The understanding for the arithmetic of modular forms for noncongruence subgroups pales when compared to that for congruence subgroups. In large part, this is due to the lack of effective Hecke operators. The first pioneering work on noncongruence modular forms was done by Atkin and Swinnerton-Dyer in 1971. Based on a handful numerical data they gathered, Atkin and Swinnerton-Dyer proposed p-adic congruence relations, similar to the recursive relation satisfied by Hecke eigenforms, to be satisfied by a basis of a given space of noncongruence cusp forms. In this talk we shall survey subsequent developments and the current status of the ASD congruences.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/en.wikipedia.org\/wiki\/Victor_S._Miller\">Victor Miller<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Institute for Defense Analyses, USA)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Miller.pdf\">Elliptic Curves, Cryptography and Computation<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>Much of the research in number theory, like mathematics as a whole, has been inspired by hard problems which are easy to state. A famous example is &#8220;Fermat&#8217;s Last Theorem&#8221;. Starting in the 1970&#8217;s number theoretic problems have been suggested as the basis for cryptosystems, such as RSA and Diffie-Hellman. In 1985 Koblitz and Miller independently suggested that the discrete logarithm problem on elliptic curves might be more secure than the &#8220;conventional&#8221; discrete logarithm on multiplicative groups of finite fields. Since then it has inspired a great deal of research in number theory and geometry in an attempt to understand its security.\u00a0I&#8217;ll give a brief historical tour concerning the elliptic curve discrete logarithm problem, and the closely connected Weil Pairing algorithm.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/en.wikipedia.org\/wiki\/Peter_Montgomery\">Peter Montgomery<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Microsoft Research, USA)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Montgomery.pdf\">ECM <span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Montgomery.pdf\">&#8212; <span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Montgomery.pdf\">Then and Now<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>This presentation has two parts. The first half discusses the major factorization algorithms when ECM was discovered in 1985, stressing the similarities between ECM and P +- 1. The second half describes the recent discoveries of six large Mersenne factors using ECM on a network of PlayStations.\u00a0This is joint work with Joppe W. Bos, Thorsten Kleinjung, and Arjen K. Lenstra from EPFL.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/www.lix.polytechnique.fr\/~morain\/\">Francois Morain<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (LIX \u00c9cole Polytechnique, France)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Morain.pdf\">Elliptic curves with complex multiplication: history and perspectives<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>The theory of complex multiplication on curves is very old and rich, going back at least to Gauss. Since then, many authors have been developing the theory, in parallel with quite a heavy load of computations and formulas (by hand!). Soon after Schoof&#8217;s 1985 major article, reduction of curves with complex multiplication over finite fields were used to prove the primality of special or general numbers, and the corresponding algorithms are still in use today. As a result, this led to the emergence of the so-called CM-method to build curves with prescribed properties. The talk will present some parts of this history, concentrating on explicit computations and applications of the CM theory to some old and new problems.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.cryptojedi.org\/users\/michael\/\">Michael Naehrig<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Microsoft Research, USA)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Naehrig.pdf\">Pairings on elliptic curves <span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Naehrig.pdf\">&#8211; <span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Naehrig.pdf\">parameter selection and efficient computation<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> This talk is about efficient pairing computation on elliptic curves. I will discuss particularly implementation-friendly curves, the use of the polynomial parameter representation to compute pairings on BN curves, and reasons to use affine coordinates for pairings at high security levels.\u00a0This contains joint work with P. Barreto, G. Pereira, M. Simpl\u00edcio Jr, P. Schwabe, R. Niederhagen, K. Lauter, and P. Montgomery.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.normalesup.org\/~robert\/pro\/index.html\">Damien Robert<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (INRIA Bordeaux &#8211; Sud-Ouest, France)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Robert.pdf\">Generalizing V\u00e9lu&#8217;s formulas and some applications<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>V\u00e9lu&#8217;s formulas allow to compute an isogeny between elliptic curves from the coordinates of the points in the kernel. In this talk, I describe an algorithm using theta functions to compute an isogeny from its kernel on any abelian variety. I will give specific timings of a genus 2 implementation, and describe some applications. This is a joint work with Romain Cosset and David Lubicz.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/delta.cs.cinvestav.mx\/~francisco\/\">Francisco Rodriguez<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/delta.cs.cinvestav.mx\/~francisco\/\">&#8211;<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/delta.cs.cinvestav.mx\/~francisco\/\">Henriquez<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Centro de investigaci\u00f3n y de Estudios Avanzados del\u00a0I.P.N., Mexico)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/FRH.pdf\">Faster Implementation of Pairings<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>This talk gives an overview of the design of a fast hardware accelerator and a software\u00a0library for the computation of symmetric and asymmetric cryptographic pairings. The first half of this talk is devoted to describe the architecture of two hardware accelerators that compute the \u03b7T pairing over F2m and F3m. This accelerator implements Miller&#8217;s algorithm using a parallel pipelined Karatsuba multiplier, and takes advantage of a dedicated coprocessor responsible for computing the final exponentiation.\u00a0The second half discusses the design of fast software libraries for the computation of both symmetric and asymmetric pairings. First, a brief description of the design of a fast multicore library for the cryptographic Tate pairing over supersingular elliptic curves is given. Then, the efficient computation of the optimal ate pairing on a Barreto-Naehrig elliptic curve is explained in detail.<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.uci.edu\/~krubin\/\">Karl Rubin<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of California at Irvine, USA)<br \/>\nSelmer ranks of elliptic curves in families of quadratic twists<br \/>\nThis talk will report on ongoing work with Barry Mazur that studies 2-Selmer ranks in the family of all quadratic twists of a fixed elliptic curve over a number field. Our goal is to compute the density of twists with a given 2-Selmer rank r, for every r. This has been done by Heath-Brown, Swinnerton-Dyer, and Kane for elliptic curves over Q with all 2torsion rational. Our methods are different and work best for curves with no rational points of order 2. So far we can prove under certain hypotheses that E has &#8220;many&#8221; twists of every 2-Selmer rank, but not that the set of such twists has positive density. In this talk I will describe these results and the methods involved, and discuss a basic question about algebraic number fields that arises in trying to improve our results.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.mat.uniroma2.it\/~schoof\/\">Rene Schoof<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Universita di Roma &#8220;Tor Vergata&#8221;, Italy)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Schoof.pdf\">Counting points on elliptic curves over finite fields and beyond<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.uci.edu\/~asilverb\/\">Alice Silverberg<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of California at Irvine, USA)<br \/>\nOn elliptic curves with an isogeny of degree 7<br \/>\nThis talk is about joint work with Ralph Greenberg and Karl Rubin. Given a group C of order 7 with a Galois action (in characteristic not 7), we construct the family of all elliptic curves with a rational subgroup Galois-isomorphic to C. As an application, we show that the images of 7-adic representations of elliptic curves over Q with a rational subgroup of order 7 are as large as they can be, with at most one exception (counted suitably). Whether the exception occurs depends on whether a certain genus 12 curve with 6 &#8220;obvious&#8221; rational points has any additional rational solutions. We use work of Poonen and Schaefer along with Stoll&#8217;s version of the method of Chabauty to show that the curve has either 6 or 12 rational points.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/modular.math.washington.edu\/\">William Stein<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Washington, Seattle, USA)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Stein.pdf\">Elliptic Curves in Sage<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>Sage (http:\/\/sagemath.org) is the most feature rich general purpose free open source software for computing with elliptic curves. In this talk, I&#8217;ll describe what Sage can compute about elliptic curves and how it does some of these computation, then discuss what Sage currently can&#8217;t compute but should be able to (e.g., because Magma can).<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/math.brown.edu\/~bviray\/\">Bianca Viray<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Brown University, USA)<br \/>\nIgusa class polynomials, embeddings of quartic CM fields, and arithmetic intersection\u00a0theory<br \/>\nCurrently, one of the best ways of computing genus 2 curves that can be used in cryptographic systems is via computation of Igusa class polynomials. Unfortunately Igusa class polynomials (the genus 2 analogue of Hilbert class polynomials) can be difficult to compute, mostly because recovering the coefficients from approximations requires a bound on the denominators. We will sketch how the denominators can be related both to the number of embeddings of quartic CM fields into certain endomorphism rings and to a conjectural formula of Bruinier and Yang for certain intersection numbers. We will present computations of these three values for 13 different CM fields and, in the cases in which the values are not what we might expect, we point to explanations for the differences. Joint work with H. Grundman, J. Johnson-Leung, K. Lauter, A. Salerno, E. Wittenborn<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/vvitse.free.fr\/\">Vanessa Vitse<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Universit\u00e9 de Versailles Saint-Quentin-en-Yvelines, France)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Vitse.pdf\">F4 traces and index calculus on elliptic curves over extension fields<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>Recently, Gaudry and Diem have proposed an index calculus method for the resolution of the DLP on elliptic curves defined over extension fields. In this talk, I will first present a variant of this method that enables to decrease the asymptotic complexity of the DLP on E(Fqn) for a large range of q and n, then introduce a second improvement provided by the use of F4 traces for polynomial system solving. Finally, I will give a practical example of our index calculus variant to the oracle-assisted Static Diffie-Hellman Problem. This is a joint work with Antoine Joux.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/math.stanford.edu\/~mwood\/\">Melanie Matchett Wood<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (American Institute of Mathematics, USA)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Wood.pdf\">Composition Laws<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>The group laws on elliptic curves, Jacobians of hyperelliptic curves, and ideal class groups of quadratic number fields are all examples of group laws that can be computed explicitly via composition on various types of binary quadratic forms. We will discuss how these examples fit into a larger picture of class groups of quadratic extensions of any base space or ring, which can all be given explicitly by composition on generalized binary quadratic forms. Further, we will discuss how this is the degree 2 piece of a larger story, in which class groups of all cubic extensions and even some degree n extensions (for n>3) can be given in terms of composition laws on trilinear forms. For example, one can compute Jacobians of trigonal curves via composition on certain trilinear forms.<\/li>\n<\/ul>\n<p>&nbsp;<span id=\"label-external-link\" class=\"sr-only\" aria-hidden=\"true\">Opens in a new tab<\/span><\/p>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/cr.yp.to\/djb.html\">Daniel J. Bernstein<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Illinois at Chicago, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/en.wikipedia.org\/wiki\/Bryan_Birch\">Bryan Birch<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Oxford, UK)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/wis.kuleuven.be\/algebra\/castryck\/\">Wouter Castryck<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (K.U.Leuven, Belgium)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"https:\/\/research.microsoft.com\/en-us\/um\/people\/melissac\/\">Melissa Chase<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Microsoft Research, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.u-bordeaux1.fr\/~enge\/\">Andreas Enge<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (INRIA Bordeaux &#8211; Sud-Ouest and IMB, France)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/homes.esat.kuleuven.be\/~jfan\/\">Junfeng Fan<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (K.U.Leuven, Belgium)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/en.wikipedia.org\/wiki\/Gerhard_Frey\">Gerhard Frey<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Institute for Experimental Mathematics, Germany)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/people.csail.mit.edu\/shafi\/\">Shafi Goldwasser<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (MIT, USA and Weizmann Institute of Science, Israel)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.dcu.ie\/info\/staff_member.php?id_no=3620\">Rob Granger<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Claude Shannon Institute, Ireland)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.dms.auburn.edu\/faculty\/hankerson\/index.html\">Darrel Hankerson<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Auburn University, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/cims.nyu.edu\/~harvey\/\">David Harvey<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Courant Institute of Mathematical Sciences, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/huseyinhisil.net\/\">Huseyin Hisil<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Turkey)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.washington.edu\/~koblitz\/\">Neal Koblitz<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Washington, Seattle, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/iml.univ-mrs.fr\/~kohel\/\">David Kohel<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Institut de Math\u00e9matiques de Luminy, France)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/hyperelliptic.org\/tanja\/\">Tanja Lange<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Technische Universiteit Eindhoven, Netherlands)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/rmc-stage\/en-us\/people\/klauter\/default.aspx\">Kristin Lauter<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Microsoft Research, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.psu.edu\/wli\/\">Winnie Li<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Penn State, USA and National Center for Theoretical Sciences, Taiwan)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/en.wikipedia.org\/wiki\/Victor_S._Miller\">Victor Miller<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Institute for Defense Analyses, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/en.wikipedia.org\/wiki\/Peter_Montgomery\">Peter Montgomery<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Microsoft Research, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.lix.polytechnique.fr\/Labo\/Francois.Morain\/\">Francois Morain<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (LIX \u00c9cole Polytechnique, France)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.cryptojedi.org\/users\/michael\/\">Michael Naehrig<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Microsoft Research, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.normalesup.org\/~robert\/pro\/index.html\">Damien Robert<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (INRIA Bordeaux &#8211; Sud-Ouest, France)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/delta.cs.cinvestav.mx\/~francisco\/\">Francisco Rodriguez-Henriquez<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Centro de investigaci\u00f3n y de Estudios Avanzados del I.P.N., Mexico)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.uci.edu\/~krubin\/\">Karl Rubin<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of California at Irvine, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.mat.uniroma2.it\/~schoof\/\">Rene Schoof<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Universita di Roma &#8220;Tor Vergata&#8221;, Italy)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.uci.edu\/~asilverb\/\">Alice Silverberg<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of California at Irvine, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/modular.math.washington.edu\/\">William Stein<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Washington, Seattle, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/math.brown.edu\/~bviray\/\">Bianca Viray<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Brown University, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/vvitse.free.fr\/\">Vanessa Vitse<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Universit\u00e9 de Versailles Saint-Quentin-en-Yvelines, France)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/math.stanford.edu\/~mwood\/\">Melanie Matchett Wood<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (American Institute of Mathematics, USA)<\/li>\n<\/ul>\n<p>&nbsp;<span id=\"label-external-link\" class=\"sr-only\" aria-hidden=\"true\">Opens in a new tab<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Workshop on Elliptic Curves and Computation: 25th Anniversary of Elliptic Curve Cryptography Opens in a new tab Main Organizers: Neal Koblitz (opens in new tab) (University of Washington, Seattle, USA) Kristin Lauter (opens in new tab) (Microsoft Research, USA) Victor Miller (opens in new tab) (Institute for Defense Analyses, USA) William Stein (opens in new [&hellip;]<\/p>\n","protected":false},"featured_media":0,"template":"","meta":{"msr-url-field":"","msr-podcast-episode":"","msrModifiedDate":"","msrModifiedDateEnabled":false,"ep_exclude_from_search":false,"_classifai_error":"","msr_startdate":"2010-10-18","msr_enddate":"2010-10-22","msr_location":"","msr_expirationdate":"","msr_event_recording_link":"","msr_event_link":"","msr_event_link_redirect":false,"msr_event_time":"","msr_hide_region":false,"msr_private_event":true,"msr_hide_image_in_river":0,"footnotes":""},"research-area":[],"msr-region":[],"msr-event-type":[],"msr-video-type":[],"msr-locale":[268875],"msr-program-audience":[],"msr-post-option":[],"msr-impact-theme":[],"class_list":["post-291860","msr-event","type-msr-event","status-publish","hentry","msr-locale-en_us"],"msr_about":"<!-- wp:msr\/event-details {\"title\":\"ECC 2010\",\"backgroundColor\":\"grey\"} \/-->\n\n<!-- wp:msr\/content-tabs --><!-- wp:msr\/content-tab {\"title\":\"People\"} --><!-- wp:freeform --><div id=\"dedM\" class=\"deM\">\n<p>Workshop on Elliptic Curves and Computation: 25th Anniversary of Elliptic Curve Cryptography<\/p>\n<\/div>\n<p><span id=\"label-external-link\" class=\"sr-only\" aria-hidden=\"true\">Opens in a new tab<\/span><\/p>\n<h3>Main Organizers:<\/h3>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.washington.edu\/~koblitz\/\">Neal Koblitz<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Washington, Seattle, USA)<\/li>\n<li><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/people\/klauter\/\">Kristin Lauter<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Microsoft Research, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/en.wikipedia.org\/wiki\/Victor_S._Miller\">Victor Miller<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Institute for Defense Analyses, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/modular.math.washington.edu\/\">William Stein<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Washington, Seattle, USA)<\/li>\n<\/ul>\n<h3>Program Committee:<\/h3>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/cr.yp.to\/djb.html\">Daniel J. Bernstein<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Illinois at Chicago, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.loria.fr\/~gaudry\/index.en.html\">Pierrick Gaudry<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Loria, France)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.washington.edu\/~koblitz\/\">Neal Koblitz<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Washington, Seattle, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.hyperelliptic.org\/tanja\">Tanja Lange<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Technische Universiteit Eindhoven)<\/li>\n<li><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/people\/klauter\/\">Kristin Lauter<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Microsoft Research, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/en.wikipedia.org\/wiki\/Victor_S._Miller\">Victor Miller<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Institute for Defense Analyses, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/math.ucalgary.ca\/~rscheidl\/\">Renate Scheidler<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Calgary, Canada)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/modular.math.washington.edu\/\">William Stein<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Washington, Seattle, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.certicom.com\/index.php\/about\/9-board-of-directors\/94--founder-a-evp-strategic-technology\">Scott Vanstone<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Waterloo, Canada)<\/li>\n<\/ul>\n<p><span id=\"label-external-link\" class=\"sr-only\" aria-hidden=\"true\">Opens in a new tab<\/span><\/p>\n<!-- \/wp:freeform --><!-- \/wp:msr\/content-tab --><!-- wp:msr\/content-tab {\"title\":\"Program Agenda\"} --><!-- wp:freeform --><p>\t<div data-wp-context='{\"items\":[]}' data-wp-interactive=\"msr\/accordion\">\n\t\t\t\t\t<div class=\"clearfix\">\n\t\t\t\t<div\n\t\t\t\t\tclass=\"btn-group align-items-center mb-g float-sm-right\"\n\t\t\t\t\tdata-bi-aN=\"accordion-collapse-controls\"\n\t\t\t\t>\n\t\t\t\t\t<button\n\t\t\t\t\t\tclass=\"btn btn-link m-0\"\n\t\t\t\t\t\tdata-bi-cN=\"Expand all\"\n\t\t\t\t\t\tdata-wp-bind--aria-controls=\"state.ariaControls\"\n\t\t\t\t\t\tdata-wp-bind--aria-expanded=\"state.ariaExpanded\"\n\t\t\t\t\t\tdata-wp-bind--disabled=\"state.isAllExpanded\"\n\t\t\t\t\t\tdata-wp-class--inactive=\"state.isAllExpanded\"\n\t\t\t\t\t\tdata-wp-on--click=\"actions.onExpandAll\"\n\t\t\t\t\t\ttype=\"button\"\n\t\t\t\t\t>\n\t\t\t\t\t\tExpand all\t\t\t\t\t<\/button>\n\t\t\t\t\t<span aria-hidden=\"true\"> | <\/span>\n\t\t\t\t\t<button\n\t\t\t\t\t\tclass=\"btn btn-link m-0\"\n\t\t\t\t\t\tdata-bi-cN=\"Collapse all\"\n\t\t\t\t\t\tdata-wp-bind--aria-controls=\"state.ariaControls\"\n\t\t\t\t\t\tdata-wp-bind--aria-expanded=\"state.ariaExpanded\"\n\t\t\t\t\t\tdata-wp-bind--disabled=\"state.isAllCollapsed\"\n\t\t\t\t\t\tdata-wp-class--inactive=\"state.isAllCollapsed\"\n\t\t\t\t\t\tdata-wp-on--click=\"actions.onCollapseAll\"\n\t\t\t\t\t\ttype=\"button\"\n\t\t\t\t\t>\n\t\t\t\t\t\tCollapse all\t\t\t\t\t<\/button>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t\t<ul class=\"msr-accordion\">\n\t\t\t\t\t\t\t\t<li class=\"m-0\" data-wp-context='{\"id\":\"accordion-content-2690\"}' data-wp-init=\"callbacks.init\">\n\t\t<div class=\"accordion-header\">\n\t\t\t<button\n\t\t\t\taria-controls=\"accordion-content-2690\"\n\t\t\t\tclass=\"btn btn-collapse\"\n\t\t\t\tdata-wp-bind--aria-expanded=\"state.isExpanded\"\n\t\t\t\tdata-wp-on--click=\"actions.onClick\"\n\t\t\t\tid=\"accordion-button-2689\"\n\t\t\t\ttype=\"button\"\n\t\t\t>\n\t\t\t\tMonday\t\t\t<\/button>\n\t\t<\/div>\n\t\t<div\n\t\t\taria-labelledby=\"accordion-button-2689\"\n\t\t\tclass=\"msr-accordion__content\"\n\t\t\tdata-wp-bind--inert=\"!state.isExpanded\"\n\t\t\tdata-wp-run=\"callbacks.run\"\n\t\t\tid=\"accordion-content-2690\"\n\t\t>\n\t\t\t<div class=\"msr-accordion__body\">\n\t\t\t\t<table>\n<tbody>\n<tr>\n<td colspan=\"3\"><strong>Monday<\/strong><\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td colspan=\"2\">Session chair: Kristin Lauter<\/td>\n<\/tr>\n<tr>\n<td>09:00 &#8211; 10:00<\/td>\n<td>Gerhard Frey<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/elliptic-curves-facts-conjectures-and-applications\/\">Elliptic Curves: Facts, Conjectures and Applicationsi<\/a><\/td>\n<\/tr>\n<tr>\n<td>10:00 &#8211; 10:30<\/td>\n<td><\/td>\n<td>Coffee break<\/td>\n<\/tr>\n<tr>\n<td>10:30 &#8211; 11:30<\/td>\n<td>Victor Miller<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/elliptic-curves-cryptography-and-computation\/\">Elliptic Curves, Cryptography and Computation<\/a><\/td>\n<\/tr>\n<tr>\n<td>11:30 &#8211; 11:45<\/td>\n<td><\/td>\n<td>Short break<\/td>\n<\/tr>\n<tr>\n<td>11:45 &#8211; 12:45<\/td>\n<td>Francois Morain<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/elliptic-curves-with-complex-multiplication-history-and-perspectives\/\">Elliptic curves with complex multiplication: history and perspectives<\/a><\/td>\n<\/tr>\n<tr>\n<td>12:45 &#8211; 14:00<\/td>\n<td><\/td>\n<td>Lunch break<\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td colspan=\"2\">Session chair: Scott Vanstone<\/td>\n<\/tr>\n<tr>\n<td>14:00 &#8211; 15:00<\/td>\n<td>Ren\u00e9 Schoof<\/td>\n<td><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/Counting points on elliptic curves over finite fields and beyond\">Counting points on elliptic curves over finite fields and beyond<\/a><\/td>\n<\/tr>\n<tr>\n<td>15:00 &#8211; 15:30<\/td>\n<td><\/td>\n<td>Coffee break<\/td>\n<\/tr>\n<tr>\n<td>15:30 &#8211; 16:30<\/td>\n<td>Shafi Goldwasser<\/td>\n<td>Past and Present: Primes and Cryptography<\/td>\n<\/tr>\n<tr>\n<td>16:30 &#8211; 16:45<\/td>\n<td><\/td>\n<td>Short break<\/td>\n<\/tr>\n<tr>\n<td>16:45 &#8211; 17:45<\/td>\n<td>Neal Koblitz<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/my-last-24-years-in-crypto-a-few-good-judgments-and-many-bad-ones\/\">My Last 24 Years in Crypto: A Few Good Judgments and Many Bad Ones<\/a><\/td>\n<\/tr>\n<tr>\n<td>18:00 &#8211;<\/td>\n<td><\/td>\n<td>Reception<\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td colspan=\"2\">Session chair: Neal Koblitz<\/td>\n<\/tr>\n<tr>\n<td>18:30 &#8211; 18:50<\/td>\n<td>Scott Vanstone<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/scott-vanstone-award-lecture-rump-session\/\">Award lecture<\/a>\u00a0(video covers also rump session)<\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td colspan=\"2\">Session chair: Daniel J. Bernstein<\/td>\n<\/tr>\n<tr>\n<td>18:50 &#8211; 21:00<\/td>\n<td><\/td>\n<td><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/hyperelliptic.org\/djb\/ecc2010rump\/submit.php\">Rump session<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span id=\"label-external-link\" class=\"sr-only\" aria-hidden=\"true\">Opens in a new tab<\/span><\/p>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/li>\n\t\t<li class=\"m-0\" data-wp-context='{\"id\":\"accordion-content-2692\"}' data-wp-init=\"callbacks.init\">\n\t\t<div class=\"accordion-header\">\n\t\t\t<button\n\t\t\t\taria-controls=\"accordion-content-2692\"\n\t\t\t\tclass=\"btn btn-collapse\"\n\t\t\t\tdata-wp-bind--aria-expanded=\"state.isExpanded\"\n\t\t\t\tdata-wp-on--click=\"actions.onClick\"\n\t\t\t\tid=\"accordion-button-2691\"\n\t\t\t\ttype=\"button\"\n\t\t\t>\n\t\t\t\tTuesday\t\t\t<\/button>\n\t\t<\/div>\n\t\t<div\n\t\t\taria-labelledby=\"accordion-button-2691\"\n\t\t\tclass=\"msr-accordion__content\"\n\t\t\tdata-wp-bind--inert=\"!state.isExpanded\"\n\t\t\tdata-wp-run=\"callbacks.run\"\n\t\t\tid=\"accordion-content-2692\"\n\t\t>\n\t\t\t<div class=\"msr-accordion__body\">\n\t\t\t\t<table>\n<tbody>\n<tr valign=\"top\">\n<td colspan=\"3\"><b>Tuesday<\/b><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td><\/td>\n<td colspan=\"2\">Session chair: Alfred Menezes<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>09:00 &#8211; 10:00<\/td>\n<td>Michael Naehrig<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/pairings-on-elliptic-curves-parameter-selection-and-efficient-computation\/\">Pairings on elliptic curves &#8211; parameter selection and efficient computation<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>10:00 &#8211; 10:30<\/td>\n<td><\/td>\n<td>Coffee break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>10:30 &#8211; 11:30<\/td>\n<td>William Stein<\/td>\n<td><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/rmc-stage\/apps\/video\/dl.aspx?id=140583\">Elliptic Curves in Sage<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>11:30 &#8211; 11:45<\/td>\n<td><\/td>\n<td>Short break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>11:45 &#8211; 12:45<\/td>\n<td>Wouter Castryck<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/the-probability-of-primality-of-the-order-of-a-genus-2-curve-jacobian\/\">The probability of primality of the order of a genus 2 curve Jacobian<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>12:45- 14:00<\/td>\n<td><\/td>\n<td>Lunch break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td><\/td>\n<td colspan=\"2\">Session chair: Peter Stevenhagen<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>14:00 &#8211; 15:00<\/td>\n<td>David Kohel<\/td>\n<td><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/rmc-stage\/apps\/video\/dl.aspx?id=140496\">Endomorphisms, isogeny graphs, and moduli<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>15:00 &#8211; 15:30<\/td>\n<td><\/td>\n<td>Coffee break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>15:30 &#8211; 16:30<\/td>\n<td>Huseyin Hisil<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/faster-formulas-for-elliptic-curves\/\">Faster formulas for elliptic curves<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>16:30 &#8211; 16:45<\/td>\n<td><\/td>\n<td>Short break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>16:45 &#8211; 17:45<\/td>\n<td>Da<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span id=\"label-external-link\" class=\"sr-only\" aria-hidden=\"true\">Opens in a new tab<\/span><\/p>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/li>\n\t\t<li class=\"m-0\" data-wp-context='{\"id\":\"accordion-content-2694\"}' data-wp-init=\"callbacks.init\">\n\t\t<div class=\"accordion-header\">\n\t\t\t<button\n\t\t\t\taria-controls=\"accordion-content-2694\"\n\t\t\t\tclass=\"btn btn-collapse\"\n\t\t\t\tdata-wp-bind--aria-expanded=\"state.isExpanded\"\n\t\t\t\tdata-wp-on--click=\"actions.onClick\"\n\t\t\t\tid=\"accordion-button-2693\"\n\t\t\t\ttype=\"button\"\n\t\t\t>\n\t\t\t\tWednesday\t\t\t<\/button>\n\t\t<\/div>\n\t\t<div\n\t\t\taria-labelledby=\"accordion-button-2693\"\n\t\t\tclass=\"msr-accordion__content\"\n\t\t\tdata-wp-bind--inert=\"!state.isExpanded\"\n\t\t\tdata-wp-run=\"callbacks.run\"\n\t\t\tid=\"accordion-content-2694\"\n\t\t>\n\t\t\t<div class=\"msr-accordion__body\">\n\t\t\t\t<table>\n<tbody>\n<tr valign=\"top\">\n<td colspan=\"3\"><b>Wednesday<\/b><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td><\/td>\n<td colspan=\"2\">Session chair: Pierrick Gaudry<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>09:00 &#8211; 10:00<\/td>\n<td>Francisco Rodrigues-Henriquez<\/td>\n<td>Faster Implementation of Pairings<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>10:00 &#8211; 10:30<\/td>\n<td><\/td>\n<td>Coffee break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>10:30 &#8211; 11:30<\/td>\n<td>Bianca Viray<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/igusa-class-polynomials-embeddings-of-quartic-cm-fields-and-arithmetic-intersection-theory\/\">Igusa class polynomials, embeddings of quartic CM fields, and arithmetic intersection theory<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>11:30 &#8211; 11:45<\/td>\n<td><\/td>\n<td>Short break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>11:45 &#8211; 12:45<\/td>\n<td>Vanessa Vitse<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/f4-traces-and-index-calculus-on-elliptic-curves-over-extension-fields\/\">F4 traces and index calculus on elliptic curves over extension fields<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>12:45- 14:00<\/td>\n<td><\/td>\n<td>Lunch break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td><\/td>\n<td colspan=\"2\">Session chair: Neal Koblitz<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>14:00 &#8211; 15:00<\/td>\n<td>Darrel Hankerson<\/td>\n<td>Software implementation of pairings at the 128-bit security level<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>15:00 &#8211; 15:30<\/td>\n<td><\/td>\n<td>Coffee break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>15:30 &#8211; 16:30<\/td>\n<td>Karl Rubin<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/selmer-ranks-of-elliptic-curves-in-families-of-quadratic-twists\/\">Selmer ranks of elliptic curves in families of quadratic twists<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>16:30 &#8211; 16:45<\/td>\n<td><\/td>\n<td>Short break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>16:45 &#8211; 17:45<\/td>\n<td>Damien Robert<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/generalizing-velus-formulas-and-some-applications\/\">Generalizing V\u00e9lu&#8217;s formulas and some applications<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>18:00 &#8211;<\/td>\n<td><\/td>\n<td>Conference dinner<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span id=\"label-external-link\" class=\"sr-only\" aria-hidden=\"true\">Opens in a new tab<\/span><\/p>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/li>\n\t\t<li class=\"m-0\" data-wp-context='{\"id\":\"accordion-content-2696\"}' data-wp-init=\"callbacks.init\">\n\t\t<div class=\"accordion-header\">\n\t\t\t<button\n\t\t\t\taria-controls=\"accordion-content-2696\"\n\t\t\t\tclass=\"btn btn-collapse\"\n\t\t\t\tdata-wp-bind--aria-expanded=\"state.isExpanded\"\n\t\t\t\tdata-wp-on--click=\"actions.onClick\"\n\t\t\t\tid=\"accordion-button-2695\"\n\t\t\t\ttype=\"button\"\n\t\t\t>\n\t\t\t\tThursday\t\t\t<\/button>\n\t\t<\/div>\n\t\t<div\n\t\t\taria-labelledby=\"accordion-button-2695\"\n\t\t\tclass=\"msr-accordion__content\"\n\t\t\tdata-wp-bind--inert=\"!state.isExpanded\"\n\t\t\tdata-wp-run=\"callbacks.run\"\n\t\t\tid=\"accordion-content-2696\"\n\t\t>\n\t\t\t<div class=\"msr-accordion__body\">\n\t\t\t\t<table>\n<tbody>\n<tr valign=\"top\">\n<td colspan=\"3\"><b>Thursday<\/b><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td><\/td>\n<td colspan=\"2\">Session chair: William Stein<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>09:00 &#8211; 10:00<\/td>\n<td>Junfeng Fan<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/ecc-on-constrained-devices\/\">ECC on constrained devices<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>10:00 &#8211; 10:30<\/td>\n<td><\/td>\n<td>Coffee break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>10:30 &#8211; 11:30<\/td>\n<td>Melissa Chase<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/pairing-based-proof-systems-and-applications-to-anonymous-credentials\/\">Pairing-based proof systems and applications to anonymous credentials<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>11:30 &#8211; 11:45<\/td>\n<td><\/td>\n<td>Short break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>11:45 &#8211; 12:45<\/td>\n<td>Kristin Lauter<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/computing-genus-2-curves-from-invariants-on-the-hilbert-moduli-space\/\">Computing genus 2 curves from invariants on the Hilbert moduli space<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>12:45- 14:00<\/td>\n<td><\/td>\n<td>Lunch break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td><\/td>\n<td colspan=\"2\">Session chair: Victor Miller<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>14:00 &#8211; 15:00<\/td>\n<td>Daniel J. Bernstein<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/algorithms-for-primes\/\">Algorithms for primes<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>15:00 &#8211; 15:30<\/td>\n<td><\/td>\n<td>Coffee break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>15:30 &#8211; 16:30<\/td>\n<td>Winnie Li<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/atkin-swinnerton-dyer-congruences-on-noncongruence-modular-forms\/\">Atkin-Swinnerton-Dyer congruences on noncongruence modular forms<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>16:30 &#8211; 16:45<\/td>\n<td><\/td>\n<td>Short break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>16:45 &#8211; 17:45<\/td>\n<td>Bryan Birch<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/a-tribute-to-oliver-atkin\/\">A Tribute to Oliver Atkin<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td colspan=\"3\"><b>Friday<\/b><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td><\/td>\n<td colspan=\"2\">Session chair: Tanja Lange<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>09:00 &#8211; 10:00<\/td>\n<td>Andreas Enge<\/td>\n<td>Class polynomials by Chinese remaindering<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>10:00 &#8211; 10:30<\/td>\n<td><\/td>\n<td>Coffee break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>10:30 &#8211; 11:30<\/td>\n<td>Alice Silverberg<\/td>\n<td>On elliptic curves with an isogeny of degree 7<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>11:30 &#8211; 11:45<\/td>\n<td><\/td>\n<td>Short break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>11:45 &#8211; 12:45<\/td>\n<td>Melanie Matchett Wood<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/composition-laws\/\">Composition Laws<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>12:45- 14:30<\/td>\n<td><\/td>\n<td>Lunch break in the MS commons<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td><\/td>\n<td colspan=\"2\">Session chair: Harold Edwards<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>14:30 &#8211; 15:30<\/td>\n<td>Peter Montgomery<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/ecm-then-and-now\/\">ECM &#8212; Then and Now<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>15:30 &#8211; 16:00<\/td>\n<td><\/td>\n<td>Coffee break<\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>16:00 &#8211; 17:00<\/td>\n<td>Tanja Lange<\/td>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/breaking-ecc2k-130-2\/\">Breaking ECC2K-130<\/a><\/td>\n<\/tr>\n<tr valign=\"top\">\n<td>17:00 &#8211;<\/td>\n<td><\/td>\n<td>adjourn<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span id=\"label-external-link\" class=\"sr-only\" aria-hidden=\"true\">Opens in a new tab<\/span><\/p>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t<\/div>\n\t<span id=\"label-external-link\" class=\"sr-only\" aria-hidden=\"true\">Opens in a new tab<\/span><\/p>\n<!-- \/wp:freeform --><!-- \/wp:msr\/content-tab --><!-- wp:msr\/content-tab {\"title\":\"Videos\"} --><!-- wp:freeform --><p><span id=\"label-external-link\" class=\"sr-only\" aria-hidden=\"true\">Opens in a new tab<\/span><\/p>\n<!-- \/wp:freeform --><!-- \/wp:msr\/content-tab --><!-- wp:msr\/content-tab {\"title\":\"Titles and Abstracts\"} --><!-- wp:freeform --><ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/cr.yp.to\/djb.html\">Daniel J. Bernstein<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Illinois at Chicago, USA)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Bernstein.pdf\">Algorithms for primes<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>This talk will consist of a series of light mini-talks inspired by Atkin&#8217;s papers on recognizing primes (1982, &#8220;On a primality test of Solovay and Strassen&#8221;; 1995, &#8220;Intelligent primality test offer&#8221;), proving primes to be prime (1993, &#8220;Elliptic curves and primality proving&#8221;), factoring integers into primes (1993, &#8220;Finding suitable curves for the elliptic curve method of factorization&#8221;), and enumerating primes (2004, &#8220;Prime sieves using binary quadratic forms&#8221;).<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/en.wikipedia.org\/wiki\/Bryan_Birch\">Bryan Birch<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Oxford, UK)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/birch-atkintribute.txt\">A Tribute to Oliver Atkin<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>As a tribute to Oliver Atkin, I will be surveying his work; I will also be including some biographical details. As that would be far too much to talk about, I will be forced to be selective, and will mainly concentrate on work he did in his earlier years, including a bit about what may have influenced him to do that work, and what his work led to.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/wis.kuleuven.be\/algebra\/castryck\/\">Wouter Castryck<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (K.U.Leuven, Belgium)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Castryck.pdf\">The probability of primality of the order of a genus 2 curve Jacobian<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>In 2000, Galbraith and McKee conjectured a formula estimating the probability of primality of the number of rational points on an elliptic curve over a finite field. Their heuristic derivation was based on an analytic class number formula counting bivariate quadratic forms up to equivalence. We will give alternative heuristics in favor of the conjecture, based on a random matrix model. This approach seems better-suited for generalizing the conjecture to curves of higher genus. We will then elaborate this in genus 2.\u00a0This is joint work with Hendrik Hubrechts and Alessandra Rigato.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"https:\/\/research.microsoft.com\/en-us\/um\/people\/melissac\/\">Melissa Chase<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Microsoft Research, USA)<br \/>\nPairing-based proof systems and applications to anonymous credentials<br \/>\nPairing based cryptography has resulted in a number of breakthrough results, including some major developments in the area of zero knowledge proof systems. A zero knowledge proof system allows a party to prove that a statement is true without revealing any other information. Zero knowledge proofs are used in everything from identification protocols (allowing a party to prove that he is who he claims to be) and encryption schemes with stronger security properties, to securing protocols against malicious adversaries, and constructing privacy preserving systems. It has been shown that zero knowledge proofs can be constructed from a variety of number theoretic assumptions (or, more generally from any trapdoor permutation); however most of these constructions are complex and inefficient. In &#8217;06 Groth, Ostrovsky, an Sahai showed how to construct proof systems based on pairings which have much more structure than traditional constructions; this structure in turn has since been shown to result in proof systems with greater efficiency, stronger security, and more functionality. This talk will describe at a high level how pairings allows us to construct zero knowledge proofs with more structure than traditional tools, and then discuss some of the applications that take advantage of this structure, focusing on applications to privacy and anonymity.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.u-bordeaux1.fr\/~enge\/\">Andreas Enge<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (INRIA Bordeaux &#8211; Sud-Ouest and IMB, France)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Enge.pdf\">Class polynomials by Chinese remaindering<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>Polynomials generating ring class fields of imaginary-quadratic number fields are the main ingredient for obtaining elliptic curves with prescribed complex multiplication. In recent years, algorithms computing such class polynomials by Chinese remaindering have been found which are faster (both in theory and practice) than the classical complex analytic approach. I will give an overview of the algorithms and concentrate on how the last stumbling block could be overcome, the use of alternative class invariants that lead to smaller polynomials.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/homes.esat.kuleuven.be\/~jfan\/\">Junfeng Fan<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (K.U.Leuven, Belgium)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Fan.pdf\">ECC on constrained devices<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>The embedded security community has been looking at the ECC ever since it was introduced. Hardware designers are now challenged by limited area (&lt;15k Gates), low power budget (&lt;100uw) and sophisticated physical attacks. This talk will report the stateof-the-art ECC implementations for ultra-constrained devices. We take a passive RFID tag as our potential target. We will discuss the known techniques to realize ECC on such kind of devices, and what are the challenges we face now and in the near future.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/en.wikipedia.org\/wiki\/Gerhard_Frey\">Gerhard Frey<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Institute for Experimental Mathematics, Germany)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Frey.pdf\">Elliptic Curves: Facts, Conjectures and Applications<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>Elliptic curves E can be given by plane projective cubic curves and so seem to be very simple objects. A first hint for more structure is that there is an algebraic addition law for the rational points. In fact, there is a natural isomorphism of E with its Jacobian variety, and so E is at the same time a curve of low degree and an abelian variety of smallest possible dimension. This is the reason for a very rich and deep theory behind making elliptic curves to ideal objects for both theoretical and experimental investigations, always with a strong algorithmic aspect. As outcome we find an abundance of key conjectures of arithmetic geometry inspired (and even proven) by elliptic curves. It will be the purpose of the talk to explain some of these conjectures and results and, as important and rather astonishing side effect, state why these properties of elliptic curves make them to a most efficient and secure tool for public key crypto systems based on discrete logarithms.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/people.csail.mit.edu\/shafi\/\">Shafi Goldwasser<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (MIT, USA and Weizmann Institute of Science, Israel)<br \/>\nPast and Present: Primes and Cryptography<br \/>\nThe talk will be composed of two parts: (1) We will present an open problem in primality testing (yes &#8211; they still exist) and (2) we will describe some current trends in designing public key encryption schemes (designing schemes which are circular secure, resistant to leakage about secret keys, and secure even when auxiliary input is known about secret keys), with an eye toward an elliptic curve based crypto system with these stronger properties.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.dcu.ie\/info\/staff_member.php?id_no=3620\">Rob Granger<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Claude Shannon Institute, Ireland)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Granger.pdf\">On the Static Diffie<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Granger.pdf\">&#8211;<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Granger.pdf\">Hellman Problem on Elliptic Curves over Extension Fields<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> Recent work by Koblitz and Menezes has highlighted the existence, in some cases, of apparent separations between the hardness of breaking discrete logarithms in a particular group, and the hardness of solving in that group problems to which the security of certain cryptosystems are provably related. We consider one such problem in the context of elliptic curves over extension fields, and report potential weaknesses of the GalbraithLin-Scott curves from EUROCRYPT 2009, as well as a practical attack on some legacy curves.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.dms.auburn.edu\/faculty\/hankerson\/index.html\">Darrel Hankerson<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Auburn University, USA)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Hankerson.pdf\">Software implementation of pairings at the 128<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Hankerson.pdf\">&#8211;<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Hankerson.pdf\">bit security level<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>Security and efficiency issues for pairings derived from supersingular curves are discussed, in particular for genus-2 curves. Parallelization and new hardware features significantly accelerate such pairings, and we examine the competitiveness against asymmetric pairings. For the genus-2 case, we consider implications for certain protocols when attempting to choose parameters favorable to speed.<br \/>\nThis talk samples recent work with D. Aranha, S. Chatterjee, J. L\u00f3pez, and A. Menezes.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/cims.nyu.edu\/~harvey\/\">David Harvey<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Courant Institute of Mathematical Sciences, USA)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Harvey.pdf\">Counting points on projective hypersurfaces<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>I will discuss recent progress on a new algorithm for computing the Zeta function of a projective hypersurface over a finite field.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/huseyinhisil.net\/\">Huseyin Hisil<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Turkey)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Hisil.pdf\">Faster formulas for elliptic curves<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>The talk is about the derivation of the addition law on an arbitrary elliptic curve and efficiently adding points on this elliptic curve using the derived addition law. The outcomes of this work guarantee practical speedups in higher level operations which depend on point additions. In particular, the contributions immediately find applications in cryptology.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.washington.edu\/~koblitz\/\">Neal Koblitz<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Washington, Seattle, USA)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Koblitz.pdf\">My Last 24 Years in Crypto: A Few Good Judgments and Many Bad Ones<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>After describing some joint work with Menezes in which isogenies are used to show that conventional wisdom about parameter selection might sometimes be wrong, I&#8217;ll shift gears and make some comments on how easy it is to get things badly wrong in cryptography. I&#8217;ll illustrate by giving a brief survey of some of the many misjudgments I&#8217;ve made over the years.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/iml.univ-mrs.fr\/~kohel\/\">David Kohel<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Institut de Math\u00e9matiques de Luminy, France)<br \/>\nEndomorphisms, isogeny graphs, and moduli<br \/>\nI will present a retrospective of aspects of my thesis, in light of applications in the last 14 years since its birth. In particular, I will focus on explicit isogenies, moduli of elliptic curves and CM structure, the &#8220;local&#8221; Galois module structures of l-torsion and l-isogeny graphs, and &#8220;global&#8221; structure of action visa class groups and isogenies. The focus will be directed principally towards ordinary elliptic curves over finite fields, but I will discuss briefly the supersingular case and generalizations to higher dimension.<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/hyperelliptic.org\/tanja\/\">Tanja Lange<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Technische Universiteit Eindhoven, Netherlands)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Lange.pdf\">Breaking ECC2K<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Lange.pdf\">&#8211;<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Lange.pdf\">130<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>ECC2K-130 is the smallest unsolved Certicom discrete-logarithm challenge. Certicom originally stated that breaking ECC2K-130 was &#8220;infeasible&#8221; and would require 2700000000 machine days.<br \/>\nThis talk reports on an ongoing joint project by researchers from 12 different universities to break ECC2K-130. The project has increased our knowledge of the mathematical speedups for attacking elliptic-curve cryptosystems, has led to a new representation for finite fields in &#8216;optimal polynomial bases&#8217;, and has led to a better understanding of the randomness of pseudorandom walks used in Pollard&#8217;s rho method. The project has produced optimized implementations of a highly tuned iteration function for different platforms ranging from standard CPUs to customized FPGA clusters.These optimizations have moved the ECC2K-130 computation to the range of feasibility.The computation would finish in only two years using 1595 standard PCs, or 1231 PlayStation 3 game consoles, or 534 GTX 295 graphics cards, or 308 XC3S5000 FPGAs, or any combination of the above. We are now actively performing the computations. See our <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/x.com\/eccchallenge\">twitter page<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> for updates.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/research.microsoft.com\/en-us\/people\/klauter\/default.aspx\">Kristin Lauter<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Microsoft Research, USA)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Lauter.pdf\">Computing genus 2 curves from invariants on the Hilbert moduli space<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> Joint work with <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.wisc.edu\/~thyang\/\">Tonghai Yang<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Wisconsin USA); he was originally scheduled to present this work.<br \/>\nWe give a new method for generating genus 2 curves over a finite field with a given number of points on the Jacobian of the curve. We define two new invariants for genus 2 curves as values of modular functions on the Hilbert moduli space and show how to compute them. We relate them to the usual three Igusa invariants on the Siegel moduli space and give an algorithm to construct curves using these new invariants. Our approach simplifies the complex analytic method for computing genus 2 curves for cryptography and reduces the amount of computation required.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.psu.edu\/wli\/\">Winnie Li<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Penn State, USA and National Center for Theoretical Sciences, Taiwan)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Li.pdf\">Atkin<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Li.pdf\">&#8211;<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Li.pdf\">Swinnerton<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Li.pdf\">&#8211;<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Li.pdf\">Dyer congruences on noncongruence modular forms<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>The understanding for the arithmetic of modular forms for noncongruence subgroups pales when compared to that for congruence subgroups. In large part, this is due to the lack of effective Hecke operators. The first pioneering work on noncongruence modular forms was done by Atkin and Swinnerton-Dyer in 1971. Based on a handful numerical data they gathered, Atkin and Swinnerton-Dyer proposed p-adic congruence relations, similar to the recursive relation satisfied by Hecke eigenforms, to be satisfied by a basis of a given space of noncongruence cusp forms. In this talk we shall survey subsequent developments and the current status of the ASD congruences.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/en.wikipedia.org\/wiki\/Victor_S._Miller\">Victor Miller<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Institute for Defense Analyses, USA)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Miller.pdf\">Elliptic Curves, Cryptography and Computation<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>Much of the research in number theory, like mathematics as a whole, has been inspired by hard problems which are easy to state. A famous example is &#8220;Fermat&#8217;s Last Theorem&#8221;. Starting in the 1970&#8217;s number theoretic problems have been suggested as the basis for cryptosystems, such as RSA and Diffie-Hellman. In 1985 Koblitz and Miller independently suggested that the discrete logarithm problem on elliptic curves might be more secure than the &#8220;conventional&#8221; discrete logarithm on multiplicative groups of finite fields. Since then it has inspired a great deal of research in number theory and geometry in an attempt to understand its security.\u00a0I&#8217;ll give a brief historical tour concerning the elliptic curve discrete logarithm problem, and the closely connected Weil Pairing algorithm.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/en.wikipedia.org\/wiki\/Peter_Montgomery\">Peter Montgomery<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Microsoft Research, USA)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Montgomery.pdf\">ECM <span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Montgomery.pdf\">&#8212; <span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Montgomery.pdf\">Then and Now<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>This presentation has two parts. The first half discusses the major factorization algorithms when ECM was discovered in 1985, stressing the similarities between ECM and P +- 1. The second half describes the recent discoveries of six large Mersenne factors using ECM on a network of PlayStations.\u00a0This is joint work with Joppe W. Bos, Thorsten Kleinjung, and Arjen K. Lenstra from EPFL.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/www.lix.polytechnique.fr\/~morain\/\">Francois Morain<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (LIX \u00c9cole Polytechnique, France)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Morain.pdf\">Elliptic curves with complex multiplication: history and perspectives<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>The theory of complex multiplication on curves is very old and rich, going back at least to Gauss. Since then, many authors have been developing the theory, in parallel with quite a heavy load of computations and formulas (by hand!). Soon after Schoof&#8217;s 1985 major article, reduction of curves with complex multiplication over finite fields were used to prove the primality of special or general numbers, and the corresponding algorithms are still in use today. As a result, this led to the emergence of the so-called CM-method to build curves with prescribed properties. The talk will present some parts of this history, concentrating on explicit computations and applications of the CM theory to some old and new problems.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.cryptojedi.org\/users\/michael\/\">Michael Naehrig<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Microsoft Research, USA)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Naehrig.pdf\">Pairings on elliptic curves <span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Naehrig.pdf\">&#8211; <span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Naehrig.pdf\">parameter selection and efficient computation<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> This talk is about efficient pairing computation on elliptic curves. I will discuss particularly implementation-friendly curves, the use of the polynomial parameter representation to compute pairings on BN curves, and reasons to use affine coordinates for pairings at high security levels.\u00a0This contains joint work with P. Barreto, G. Pereira, M. Simpl\u00edcio Jr, P. Schwabe, R. Niederhagen, K. Lauter, and P. Montgomery.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.normalesup.org\/~robert\/pro\/index.html\">Damien Robert<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (INRIA Bordeaux &#8211; Sud-Ouest, France)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Robert.pdf\">Generalizing V\u00e9lu&#8217;s formulas and some applications<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>V\u00e9lu&#8217;s formulas allow to compute an isogeny between elliptic curves from the coordinates of the points in the kernel. In this talk, I describe an algorithm using theta functions to compute an isogeny from its kernel on any abelian variety. I will give specific timings of a genus 2 implementation, and describe some applications. This is a joint work with Romain Cosset and David Lubicz.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/delta.cs.cinvestav.mx\/~francisco\/\">Francisco Rodriguez<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/delta.cs.cinvestav.mx\/~francisco\/\">&#8211;<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/delta.cs.cinvestav.mx\/~francisco\/\">Henriquez<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Centro de investigaci\u00f3n y de Estudios Avanzados del\u00a0I.P.N., Mexico)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/FRH.pdf\">Faster Implementation of Pairings<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>This talk gives an overview of the design of a fast hardware accelerator and a software\u00a0library for the computation of symmetric and asymmetric cryptographic pairings. The first half of this talk is devoted to describe the architecture of two hardware accelerators that compute the \u03b7T pairing over F2m and F3m. This accelerator implements Miller&#8217;s algorithm using a parallel pipelined Karatsuba multiplier, and takes advantage of a dedicated coprocessor responsible for computing the final exponentiation.\u00a0The second half discusses the design of fast software libraries for the computation of both symmetric and asymmetric pairings. First, a brief description of the design of a fast multicore library for the cryptographic Tate pairing over supersingular elliptic curves is given. Then, the efficient computation of the optimal ate pairing on a Barreto-Naehrig elliptic curve is explained in detail.<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.uci.edu\/~krubin\/\">Karl Rubin<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of California at Irvine, USA)<br \/>\nSelmer ranks of elliptic curves in families of quadratic twists<br \/>\nThis talk will report on ongoing work with Barry Mazur that studies 2-Selmer ranks in the family of all quadratic twists of a fixed elliptic curve over a number field. Our goal is to compute the density of twists with a given 2-Selmer rank r, for every r. This has been done by Heath-Brown, Swinnerton-Dyer, and Kane for elliptic curves over Q with all 2torsion rational. Our methods are different and work best for curves with no rational points of order 2. So far we can prove under certain hypotheses that E has &#8220;many&#8221; twists of every 2-Selmer rank, but not that the set of such twists has positive density. In this talk I will describe these results and the methods involved, and discuss a basic question about algebraic number fields that arises in trying to improve our results.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.mat.uniroma2.it\/~schoof\/\">Rene Schoof<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Universita di Roma &#8220;Tor Vergata&#8221;, Italy)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Schoof.pdf\">Counting points on elliptic curves over finite fields and beyond<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.uci.edu\/~asilverb\/\">Alice Silverberg<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of California at Irvine, USA)<br \/>\nOn elliptic curves with an isogeny of degree 7<br \/>\nThis talk is about joint work with Ralph Greenberg and Karl Rubin. Given a group C of order 7 with a Galois action (in characteristic not 7), we construct the family of all elliptic curves with a rational subgroup Galois-isomorphic to C. As an application, we show that the images of 7-adic representations of elliptic curves over Q with a rational subgroup of order 7 are as large as they can be, with at most one exception (counted suitably). Whether the exception occurs depends on whether a certain genus 12 curve with 6 &#8220;obvious&#8221; rational points has any additional rational solutions. We use work of Poonen and Schaefer along with Stoll&#8217;s version of the method of Chabauty to show that the curve has either 6 or 12 rational points.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/modular.math.washington.edu\/\">William Stein<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Washington, Seattle, USA)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Stein.pdf\">Elliptic Curves in Sage<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>Sage (http:\/\/sagemath.org) is the most feature rich general purpose free open source software for computing with elliptic curves. In this talk, I&#8217;ll describe what Sage can compute about elliptic curves and how it does some of these computation, then discuss what Sage currently can&#8217;t compute but should be able to (e.g., because Magma can).<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/math.brown.edu\/~bviray\/\">Bianca Viray<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Brown University, USA)<br \/>\nIgusa class polynomials, embeddings of quartic CM fields, and arithmetic intersection\u00a0theory<br \/>\nCurrently, one of the best ways of computing genus 2 curves that can be used in cryptographic systems is via computation of Igusa class polynomials. Unfortunately Igusa class polynomials (the genus 2 analogue of Hilbert class polynomials) can be difficult to compute, mostly because recovering the coefficients from approximations requires a bound on the denominators. We will sketch how the denominators can be related both to the number of embeddings of quartic CM fields into certain endomorphism rings and to a conjectural formula of Bruinier and Yang for certain intersection numbers. We will present computations of these three values for 13 different CM fields and, in the cases in which the values are not what we might expect, we point to explanations for the differences. Joint work with H. Grundman, J. Johnson-Leung, K. Lauter, A. Salerno, E. Wittenborn<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/vvitse.free.fr\/\">Vanessa Vitse<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Universit\u00e9 de Versailles Saint-Quentin-en-Yvelines, France)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Vitse.pdf\">F4 traces and index calculus on elliptic curves over extension fields<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>Recently, Gaudry and Diem have proposed an index calculus method for the resolution of the DLP on elliptic curves defined over extension fields. In this talk, I will first present a variant of this method that enables to decrease the asymptotic complexity of the DLP on E(Fqn) for a large range of q and n, then introduce a second improvement provided by the use of F4 traces for polynomial system solving. Finally, I will give a practical example of our index calculus variant to the oracle-assisted Static Diffie-Hellman Problem. This is a joint work with Antoine Joux.<\/li>\n<\/ul>\n<ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/math.stanford.edu\/~mwood\/\">Melanie Matchett Wood<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (American Institute of Mathematics, USA)<br \/>\n<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/2010.eccworkshop.org\/slides\/Wood.pdf\">Composition Laws<br \/>\n<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>The group laws on elliptic curves, Jacobians of hyperelliptic curves, and ideal class groups of quadratic number fields are all examples of group laws that can be computed explicitly via composition on various types of binary quadratic forms. We will discuss how these examples fit into a larger picture of class groups of quadratic extensions of any base space or ring, which can all be given explicitly by composition on generalized binary quadratic forms. Further, we will discuss how this is the degree 2 piece of a larger story, in which class groups of all cubic extensions and even some degree n extensions (for n&gt;3) can be given in terms of composition laws on trilinear forms. For example, one can compute Jacobians of trigonal curves via composition on certain trilinear forms.<\/li>\n<\/ul>\n<p>&nbsp;<span id=\"label-external-link\" class=\"sr-only\" aria-hidden=\"true\">Opens in a new tab<\/span><\/p>\n<!-- \/wp:freeform --><!-- \/wp:msr\/content-tab --><!-- wp:msr\/content-tab {\"title\":\"Invited Speakers\"} --><!-- wp:freeform --><ul>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/cr.yp.to\/djb.html\">Daniel J. Bernstein<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Illinois at Chicago, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/en.wikipedia.org\/wiki\/Bryan_Birch\">Bryan Birch<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Oxford, UK)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/wis.kuleuven.be\/algebra\/castryck\/\">Wouter Castryck<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (K.U.Leuven, Belgium)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"https:\/\/research.microsoft.com\/en-us\/um\/people\/melissac\/\">Melissa Chase<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Microsoft Research, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.u-bordeaux1.fr\/~enge\/\">Andreas Enge<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (INRIA Bordeaux &#8211; Sud-Ouest and IMB, France)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/homes.esat.kuleuven.be\/~jfan\/\">Junfeng Fan<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (K.U.Leuven, Belgium)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/en.wikipedia.org\/wiki\/Gerhard_Frey\">Gerhard Frey<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Institute for Experimental Mathematics, Germany)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/people.csail.mit.edu\/shafi\/\">Shafi Goldwasser<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (MIT, USA and Weizmann Institute of Science, Israel)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.dcu.ie\/info\/staff_member.php?id_no=3620\">Rob Granger<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Claude Shannon Institute, Ireland)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.dms.auburn.edu\/faculty\/hankerson\/index.html\">Darrel Hankerson<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Auburn University, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/cims.nyu.edu\/~harvey\/\">David Harvey<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Courant Institute of Mathematical Sciences, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/huseyinhisil.net\/\">Huseyin Hisil<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Turkey)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.washington.edu\/~koblitz\/\">Neal Koblitz<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Washington, Seattle, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/iml.univ-mrs.fr\/~kohel\/\">David Kohel<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Institut de Math\u00e9matiques de Luminy, France)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/hyperelliptic.org\/tanja\/\">Tanja Lange<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Technische Universiteit Eindhoven, Netherlands)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/rmc-stage\/en-us\/people\/klauter\/default.aspx\">Kristin Lauter<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Microsoft Research, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.psu.edu\/wli\/\">Winnie Li<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Penn State, USA and National Center for Theoretical Sciences, Taiwan)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/en.wikipedia.org\/wiki\/Victor_S._Miller\">Victor Miller<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Institute for Defense Analyses, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/en.wikipedia.org\/wiki\/Peter_Montgomery\">Peter Montgomery<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Microsoft Research, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.lix.polytechnique.fr\/Labo\/Francois.Morain\/\">Francois Morain<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (LIX \u00c9cole Polytechnique, France)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.cryptojedi.org\/users\/michael\/\">Michael Naehrig<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Microsoft Research, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.normalesup.org\/~robert\/pro\/index.html\">Damien Robert<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (INRIA Bordeaux &#8211; Sud-Ouest, France)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/delta.cs.cinvestav.mx\/~francisco\/\">Francisco Rodriguez-Henriquez<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Centro de investigaci\u00f3n y de Estudios Avanzados del I.P.N., Mexico)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.uci.edu\/~krubin\/\">Karl Rubin<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of California at Irvine, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.mat.uniroma2.it\/~schoof\/\">Rene Schoof<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Universita di Roma &#8220;Tor Vergata&#8221;, Italy)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/www.math.uci.edu\/~asilverb\/\">Alice Silverberg<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of California at Irvine, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/modular.math.washington.edu\/\">William Stein<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (University of Washington, Seattle, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/math.brown.edu\/~bviray\/\">Bianca Viray<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Brown University, USA)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/vvitse.free.fr\/\">Vanessa Vitse<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (Universit\u00e9 de Versailles Saint-Quentin-en-Yvelines, France)<\/li>\n<li><a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" target=\"_blank\" href=\"http:\/\/math.stanford.edu\/~mwood\/\">Melanie Matchett Wood<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (American Institute of Mathematics, USA)<\/li>\n<\/ul>\n<p>&nbsp;<span id=\"label-external-link\" class=\"sr-only\" aria-hidden=\"true\">Opens in a new tab<\/span><\/p>\n<!-- \/wp:freeform --><!-- \/wp:msr\/content-tab --><!-- \/wp:msr\/content-tabs -->","tab-content":[{"id":0,"name":"People","content":"<h3>Main Organizers:<\/h3>\r\n<ul>\r\n \t<li><a href=\"http:\/\/www.math.washington.edu\/~koblitz\/\">Neal Koblitz<\/a> (University of Washington, Seattle, USA)<\/li>\r\n \t<li><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/people\/klauter\/\">Kristin Lauter<\/a> (Microsoft Research, USA)<\/li>\r\n \t<li><a href=\"http:\/\/en.wikipedia.org\/wiki\/Victor_S._Miller\">Victor Miller<\/a> (Institute for Defense Analyses, USA)<\/li>\r\n \t<li><a href=\"http:\/\/modular.math.washington.edu\/\">William Stein<\/a> (University of Washington, Seattle, USA)<\/li>\r\n<\/ul>\r\n<h3>Program Committee:<\/h3>\r\n<ul>\r\n \t<li><a href=\"http:\/\/cr.yp.to\/djb.html\">Daniel J. Bernstein<\/a> (University of Illinois at Chicago, USA)<\/li>\r\n \t<li><a href=\"http:\/\/www.loria.fr\/~gaudry\/index.en.html\">Pierrick Gaudry<\/a> (Loria, France)<\/li>\r\n \t<li><a href=\"http:\/\/www.math.washington.edu\/~koblitz\/\">Neal Koblitz<\/a> (University of Washington, Seattle, USA)<\/li>\r\n \t<li><a href=\"http:\/\/www.hyperelliptic.org\/tanja\">Tanja Lange<\/a> (Technische Universiteit Eindhoven)<\/li>\r\n \t<li><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/people\/klauter\/\">Kristin Lauter<\/a> (Microsoft Research, USA)<\/li>\r\n \t<li><a href=\"http:\/\/en.wikipedia.org\/wiki\/Victor_S._Miller\">Victor Miller<\/a> (Institute for Defense Analyses, USA)<\/li>\r\n \t<li><a href=\"http:\/\/math.ucalgary.ca\/~rscheidl\/\">Renate Scheidler<\/a> (University of Calgary, Canada)<\/li>\r\n \t<li><a href=\"http:\/\/modular.math.washington.edu\/\">William Stein<\/a> (University of Washington, Seattle, USA)<\/li>\r\n \t<li><a href=\"http:\/\/www.certicom.com\/index.php\/about\/9-board-of-directors\/94--founder-a-evp-strategic-technology\">Scott Vanstone<\/a> (University of Waterloo, Canada)<\/li>\r\n<\/ul>"},{"id":1,"name":"Program Agenda","content":"[accordion]\r\n\r\n[panel header=\"Monday\"]\r\n<table>\r\n<tbody>\r\n<tr>\r\n<td colspan=\"3\"><strong>Monday<\/strong><\/td>\r\n<\/tr>\r\n<tr>\r\n<td><\/td>\r\n<td colspan=\"2\">Session chair: Kristin Lauter<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>09:00 - 10:00<\/td>\r\n<td>Gerhard Frey<\/td>\r\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/elliptic-curves-facts-conjectures-and-applications\/\">Elliptic Curves: Facts, Conjectures and Applicationsi<\/a><\/td>\r\n<\/tr>\r\n<tr>\r\n<td>10:00 - 10:30<\/td>\r\n<td><\/td>\r\n<td>Coffee break<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>10:30 - 11:30<\/td>\r\n<td>Victor Miller<\/td>\r\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/elliptic-curves-cryptography-and-computation\/\">Elliptic Curves, Cryptography and Computation<\/a><\/td>\r\n<\/tr>\r\n<tr>\r\n<td>11:30 - 11:45<\/td>\r\n<td><\/td>\r\n<td>Short break<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>11:45 - 12:45<\/td>\r\n<td>Francois Morain<\/td>\r\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/elliptic-curves-with-complex-multiplication-history-and-perspectives\/\">Elliptic curves with complex multiplication: history and perspectives<\/a><\/td>\r\n<\/tr>\r\n<tr>\r\n<td>12:45 - 14:00<\/td>\r\n<td><\/td>\r\n<td>Lunch break<\/td>\r\n<\/tr>\r\n<tr>\r\n<td><\/td>\r\n<td colspan=\"2\">Session chair: Scott Vanstone<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>14:00 - 15:00<\/td>\r\n<td>Ren\u00e9 Schoof<\/td>\r\n<td><a href=\"http:\/\/Counting points on elliptic curves over finite fields and beyond\">Counting points on elliptic curves over finite fields and beyond<\/a><\/td>\r\n<\/tr>\r\n<tr>\r\n<td>15:00 - 15:30<\/td>\r\n<td><\/td>\r\n<td>Coffee break<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>15:30 - 16:30<\/td>\r\n<td>Shafi Goldwasser<\/td>\r\n<td>Past and Present: Primes and Cryptography<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>16:30 - 16:45<\/td>\r\n<td><\/td>\r\n<td>Short break<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>16:45 - 17:45<\/td>\r\n<td>Neal Koblitz<\/td>\r\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/my-last-24-years-in-crypto-a-few-good-judgments-and-many-bad-ones\/\">My Last 24 Years in Crypto: A Few Good Judgments and Many Bad Ones<\/a><\/td>\r\n<\/tr>\r\n<tr>\r\n<td>18:00 -<\/td>\r\n<td><\/td>\r\n<td>Reception<\/td>\r\n<\/tr>\r\n<tr>\r\n<td><\/td>\r\n<td colspan=\"2\">Session chair: Neal Koblitz<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>18:30 - 18:50<\/td>\r\n<td>Scott Vanstone<\/td>\r\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/scott-vanstone-award-lecture-rump-session\/\">Award lecture<\/a>\u00a0(video covers also rump session)<\/td>\r\n<\/tr>\r\n<tr>\r\n<td><\/td>\r\n<td colspan=\"2\">Session chair: Daniel J. Bernstein<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>18:50 - 21:00<\/td>\r\n<td><\/td>\r\n<td><a href=\"http:\/\/hyperelliptic.org\/djb\/ecc2010rump\/submit.php\">Rump session<\/a><\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n[\/panel]\r\n\r\n[panel header=\"Tuesday\"]\r\n<table>\r\n<tbody>\r\n<tr valign=\"top\">\r\n<td colspan=\"3\"><b>Tuesday<\/b><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td><\/td>\r\n<td colspan=\"2\">Session chair: Alfred Menezes<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>09:00 - 10:00<\/td>\r\n<td>Michael Naehrig<\/td>\r\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/pairings-on-elliptic-curves-parameter-selection-and-efficient-computation\/\">Pairings on elliptic curves - parameter selection and efficient computation<\/a><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>10:00 - 10:30<\/td>\r\n<td><\/td>\r\n<td>Coffee break<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>10:30 - 11:30<\/td>\r\n<td>William Stein<\/td>\r\n<td><a href=\"http:\/\/rmc-stage\/apps\/video\/dl.aspx?id=140583\">Elliptic Curves in Sage<\/a><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>11:30 - 11:45<\/td>\r\n<td><\/td>\r\n<td>Short break<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>11:45 - 12:45<\/td>\r\n<td>Wouter Castryck<\/td>\r\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/the-probability-of-primality-of-the-order-of-a-genus-2-curve-jacobian\/\">The probability of primality of the order of a genus 2 curve Jacobian<\/a><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>12:45- 14:00<\/td>\r\n<td><\/td>\r\n<td>Lunch break<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td><\/td>\r\n<td colspan=\"2\">Session chair: Peter Stevenhagen<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>14:00 - 15:00<\/td>\r\n<td>David Kohel<\/td>\r\n<td><a href=\"http:\/\/rmc-stage\/apps\/video\/dl.aspx?id=140496\">Endomorphisms, isogeny graphs, and moduli<\/a><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>15:00 - 15:30<\/td>\r\n<td><\/td>\r\n<td>Coffee break<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>15:30 - 16:30<\/td>\r\n<td>Huseyin Hisil<\/td>\r\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/faster-formulas-for-elliptic-curves\/\">Faster formulas for elliptic curves<\/a><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>16:30 - 16:45<\/td>\r\n<td><\/td>\r\n<td>Short break<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>16:45 - 17:45<\/td>\r\n<td>Da<\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n[\/panel]\r\n\r\n[panel header=\"Wednesday\"]\r\n<table>\r\n<tbody>\r\n<tr valign=\"top\">\r\n<td colspan=\"3\"><b>Wednesday<\/b><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td><\/td>\r\n<td colspan=\"2\">Session chair: Pierrick Gaudry<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>09:00 - 10:00<\/td>\r\n<td>Francisco Rodrigues-Henriquez<\/td>\r\n<td>Faster Implementation of Pairings<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>10:00 - 10:30<\/td>\r\n<td><\/td>\r\n<td>Coffee break<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>10:30 - 11:30<\/td>\r\n<td>Bianca Viray<\/td>\r\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/igusa-class-polynomials-embeddings-of-quartic-cm-fields-and-arithmetic-intersection-theory\/\">Igusa class polynomials, embeddings of quartic CM fields, and arithmetic intersection theory<\/a><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>11:30 - 11:45<\/td>\r\n<td><\/td>\r\n<td>Short break<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>11:45 - 12:45<\/td>\r\n<td>Vanessa Vitse<\/td>\r\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/f4-traces-and-index-calculus-on-elliptic-curves-over-extension-fields\/\">F4 traces and index calculus on elliptic curves over extension fields<\/a><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>12:45- 14:00<\/td>\r\n<td><\/td>\r\n<td>Lunch break<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td><\/td>\r\n<td colspan=\"2\">Session chair: Neal Koblitz<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>14:00 - 15:00<\/td>\r\n<td>Darrel Hankerson<\/td>\r\n<td>Software implementation of pairings at the 128-bit security level<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>15:00 - 15:30<\/td>\r\n<td><\/td>\r\n<td>Coffee break<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>15:30 - 16:30<\/td>\r\n<td>Karl Rubin<\/td>\r\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/selmer-ranks-of-elliptic-curves-in-families-of-quadratic-twists\/\">Selmer ranks of elliptic curves in families of quadratic twists<\/a><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>16:30 - 16:45<\/td>\r\n<td><\/td>\r\n<td>Short break<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>16:45 - 17:45<\/td>\r\n<td>Damien Robert<\/td>\r\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/generalizing-velus-formulas-and-some-applications\/\">Generalizing V\u00e9lu's formulas and some applications<\/a><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>18:00 -<\/td>\r\n<td><\/td>\r\n<td>Conference dinner<\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n[\/panel]\r\n\r\n[panel header=\"Thursday\"]\r\n<table>\r\n<tbody>\r\n<tr valign=\"top\">\r\n<td colspan=\"3\"><b>Thursday<\/b><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td><\/td>\r\n<td colspan=\"2\">Session chair: William Stein<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>09:00 - 10:00<\/td>\r\n<td>Junfeng Fan<\/td>\r\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/ecc-on-constrained-devices\/\">ECC on constrained devices<\/a><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>10:00 - 10:30<\/td>\r\n<td><\/td>\r\n<td>Coffee break<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>10:30 - 11:30<\/td>\r\n<td>Melissa Chase<\/td>\r\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/pairing-based-proof-systems-and-applications-to-anonymous-credentials\/\">Pairing-based proof systems and applications to anonymous credentials<\/a><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>11:30 - 11:45<\/td>\r\n<td><\/td>\r\n<td>Short break<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>11:45 - 12:45<\/td>\r\n<td>Kristin Lauter<\/td>\r\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/computing-genus-2-curves-from-invariants-on-the-hilbert-moduli-space\/\">Computing genus 2 curves from invariants on the Hilbert moduli space<\/a><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>12:45- 14:00<\/td>\r\n<td><\/td>\r\n<td>Lunch break<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td><\/td>\r\n<td colspan=\"2\">Session chair: Victor Miller<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>14:00 - 15:00<\/td>\r\n<td>Daniel J. Bernstein<\/td>\r\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/algorithms-for-primes\/\">Algorithms for primes<\/a><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>15:00 - 15:30<\/td>\r\n<td><\/td>\r\n<td>Coffee break<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>15:30 - 16:30<\/td>\r\n<td>Winnie Li<\/td>\r\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/atkin-swinnerton-dyer-congruences-on-noncongruence-modular-forms\/\">Atkin-Swinnerton-Dyer congruences on noncongruence modular forms<\/a><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>16:30 - 16:45<\/td>\r\n<td><\/td>\r\n<td>Short break<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>16:45 - 17:45<\/td>\r\n<td>Bryan Birch<\/td>\r\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/a-tribute-to-oliver-atkin\/\">A Tribute to Oliver Atkin<\/a><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td colspan=\"3\"><b>Friday<\/b><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td><\/td>\r\n<td colspan=\"2\">Session chair: Tanja Lange<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>09:00 - 10:00<\/td>\r\n<td>Andreas Enge<\/td>\r\n<td>Class polynomials by Chinese remaindering<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>10:00 - 10:30<\/td>\r\n<td><\/td>\r\n<td>Coffee break<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>10:30 - 11:30<\/td>\r\n<td>Alice Silverberg<\/td>\r\n<td>On elliptic curves with an isogeny of degree 7<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>11:30 - 11:45<\/td>\r\n<td><\/td>\r\n<td>Short break<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>11:45 - 12:45<\/td>\r\n<td>Melanie Matchett Wood<\/td>\r\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/composition-laws\/\">Composition Laws<\/a><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>12:45- 14:30<\/td>\r\n<td><\/td>\r\n<td>Lunch break in the MS commons<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td><\/td>\r\n<td colspan=\"2\">Session chair: Harold Edwards<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>14:30 - 15:30<\/td>\r\n<td>Peter Montgomery<\/td>\r\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/ecm-then-and-now\/\">ECM -- Then and Now<\/a><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>15:30 - 16:00<\/td>\r\n<td><\/td>\r\n<td>Coffee break<\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>16:00 - 17:00<\/td>\r\n<td>Tanja Lange<\/td>\r\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/research\/video\/breaking-ecc2k-130-2\/\">Breaking ECC2K-130<\/a><\/td>\r\n<\/tr>\r\n<tr valign=\"top\">\r\n<td>17:00 -<\/td>\r\n<td><\/td>\r\n<td>adjourn<\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n[\/panel]\r\n\r\n[\/accordion]"},{"id":2,"name":"Videos","content":"[videos]"},{"id":3,"name":"Titles and Abstracts","content":"<ul>\r\n \t<li><a href=\"http:\/\/cr.yp.to\/djb.html\">Daniel J. Bernstein<\/a> (University of Illinois at Chicago, USA)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/Bernstein.pdf\">Algorithms for primes\r\n<\/a>This talk will consist of a series of light mini-talks inspired by Atkin's papers on recognizing primes (1982, \"On a primality test of Solovay and Strassen\"; 1995, \"Intelligent primality test offer\"), proving primes to be prime (1993, \"Elliptic curves and primality proving\"), factoring integers into primes (1993, \"Finding suitable curves for the elliptic curve method of factorization\"), and enumerating primes (2004, \"Prime sieves using binary quadratic forms\").<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/en.wikipedia.org\/wiki\/Bryan_Birch\">Bryan Birch<\/a> (Oxford, UK)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/birch-atkintribute.txt\">A Tribute to Oliver Atkin\r\n<\/a>As a tribute to Oliver Atkin, I will be surveying his work; I will also be including some biographical details. As that would be far too much to talk about, I will be forced to be selective, and will mainly concentrate on work he did in his earlier years, including a bit about what may have influenced him to do that work, and what his work led to.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/wis.kuleuven.be\/algebra\/castryck\/\">Wouter Castryck<\/a> (K.U.Leuven, Belgium)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/Castryck.pdf\">The probability of primality of the order of a genus 2 curve Jacobian\r\n<\/a>In 2000, Galbraith and McKee conjectured a formula estimating the probability of primality of the number of rational points on an elliptic curve over a finite field. Their heuristic derivation was based on an analytic class number formula counting bivariate quadratic forms up to equivalence. We will give alternative heuristics in favor of the conjecture, based on a random matrix model. This approach seems better-suited for generalizing the conjecture to curves of higher genus. We will then elaborate this in genus 2.\u00a0This is joint work with Hendrik Hubrechts and Alessandra Rigato.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"https:\/\/research.microsoft.com\/en-us\/um\/people\/melissac\/\">Melissa Chase<\/a> (Microsoft Research, USA)\r\nPairing-based proof systems and applications to anonymous credentials\r\nPairing based cryptography has resulted in a number of breakthrough results, including some major developments in the area of zero knowledge proof systems. A zero knowledge proof system allows a party to prove that a statement is true without revealing any other information. Zero knowledge proofs are used in everything from identification protocols (allowing a party to prove that he is who he claims to be) and encryption schemes with stronger security properties, to securing protocols against malicious adversaries, and constructing privacy preserving systems. It has been shown that zero knowledge proofs can be constructed from a variety of number theoretic assumptions (or, more generally from any trapdoor permutation); however most of these constructions are complex and inefficient. In '06 Groth, Ostrovsky, an Sahai showed how to construct proof systems based on pairings which have much more structure than traditional constructions; this structure in turn has since been shown to result in proof systems with greater efficiency, stronger security, and more functionality. This talk will describe at a high level how pairings allows us to construct zero knowledge proofs with more structure than traditional tools, and then discuss some of the applications that take advantage of this structure, focusing on applications to privacy and anonymity.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/www.math.u-bordeaux1.fr\/~enge\/\">Andreas Enge<\/a> (INRIA Bordeaux - Sud-Ouest and IMB, France)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/Enge.pdf\">Class polynomials by Chinese remaindering\r\n<\/a>Polynomials generating ring class fields of imaginary-quadratic number fields are the main ingredient for obtaining elliptic curves with prescribed complex multiplication. In recent years, algorithms computing such class polynomials by Chinese remaindering have been found which are faster (both in theory and practice) than the classical complex analytic approach. I will give an overview of the algorithms and concentrate on how the last stumbling block could be overcome, the use of alternative class invariants that lead to smaller polynomials.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/homes.esat.kuleuven.be\/~jfan\/\">Junfeng Fan<\/a> (K.U.Leuven, Belgium)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/Fan.pdf\">ECC on constrained devices\r\n<\/a>The embedded security community has been looking at the ECC ever since it was introduced. Hardware designers are now challenged by limited area (&lt;15k Gates), low power budget (&lt;100uw) and sophisticated physical attacks. This talk will report the stateof-the-art ECC implementations for ultra-constrained devices. We take a passive RFID tag as our potential target. We will discuss the known techniques to realize ECC on such kind of devices, and what are the challenges we face now and in the near future.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/en.wikipedia.org\/wiki\/Gerhard_Frey\">Gerhard Frey<\/a> (Institute for Experimental Mathematics, Germany)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/Frey.pdf\">Elliptic Curves: Facts, Conjectures and Applications\r\n<\/a>Elliptic curves E can be given by plane projective cubic curves and so seem to be very simple objects. A first hint for more structure is that there is an algebraic addition law for the rational points. In fact, there is a natural isomorphism of E with its Jacobian variety, and so E is at the same time a curve of low degree and an abelian variety of smallest possible dimension. This is the reason for a very rich and deep theory behind making elliptic curves to ideal objects for both theoretical and experimental investigations, always with a strong algorithmic aspect. As outcome we find an abundance of key conjectures of arithmetic geometry inspired (and even proven) by elliptic curves. It will be the purpose of the talk to explain some of these conjectures and results and, as important and rather astonishing side effect, state why these properties of elliptic curves make them to a most efficient and secure tool for public key crypto systems based on discrete logarithms.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/people.csail.mit.edu\/shafi\/\">Shafi Goldwasser<\/a> (MIT, USA and Weizmann Institute of Science, Israel)\r\nPast and Present: Primes and Cryptography\r\nThe talk will be composed of two parts: (1) We will present an open problem in primality testing (yes - they still exist) and (2) we will describe some current trends in designing public key encryption schemes (designing schemes which are circular secure, resistant to leakage about secret keys, and secure even when auxiliary input is known about secret keys), with an eye toward an elliptic curve based crypto system with these stronger properties.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/www.dcu.ie\/info\/staff_member.php?id_no=3620\">Rob Granger<\/a> (Claude Shannon Institute, Ireland)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/Granger.pdf\">On the Static Diffie<\/a><a href=\"http:\/\/2010.eccworkshop.org\/slides\/Granger.pdf\">-<\/a><a href=\"http:\/\/2010.eccworkshop.org\/slides\/Granger.pdf\">Hellman Problem on Elliptic Curves over Extension Fields<\/a> Recent work by Koblitz and Menezes has highlighted the existence, in some cases, of apparent separations between the hardness of breaking discrete logarithms in a particular group, and the hardness of solving in that group problems to which the security of certain cryptosystems are provably related. We consider one such problem in the context of elliptic curves over extension fields, and report potential weaknesses of the GalbraithLin-Scott curves from EUROCRYPT 2009, as well as a practical attack on some legacy curves.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/www.dms.auburn.edu\/faculty\/hankerson\/index.html\">Darrel Hankerson<\/a> (Auburn University, USA)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/Hankerson.pdf\">Software implementation of pairings at the 128<\/a><a href=\"http:\/\/2010.eccworkshop.org\/slides\/Hankerson.pdf\">-<\/a><a href=\"http:\/\/2010.eccworkshop.org\/slides\/Hankerson.pdf\">bit security level\r\n<\/a>Security and efficiency issues for pairings derived from supersingular curves are discussed, in particular for genus-2 curves. Parallelization and new hardware features significantly accelerate such pairings, and we examine the competitiveness against asymmetric pairings. For the genus-2 case, we consider implications for certain protocols when attempting to choose parameters favorable to speed.\r\nThis talk samples recent work with D. Aranha, S. Chatterjee, J. L\u00f3pez, and A. Menezes.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/cims.nyu.edu\/~harvey\/\">David Harvey<\/a> (Courant Institute of Mathematical Sciences, USA)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/Harvey.pdf\">Counting points on projective hypersurfaces\r\n<\/a>I will discuss recent progress on a new algorithm for computing the Zeta function of a projective hypersurface over a finite field.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/huseyinhisil.net\/\">Huseyin Hisil<\/a> (Turkey)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/Hisil.pdf\">Faster formulas for elliptic curves\r\n<\/a>The talk is about the derivation of the addition law on an arbitrary elliptic curve and efficiently adding points on this elliptic curve using the derived addition law. The outcomes of this work guarantee practical speedups in higher level operations which depend on point additions. In particular, the contributions immediately find applications in cryptology.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/www.math.washington.edu\/~koblitz\/\">Neal Koblitz<\/a> (University of Washington, Seattle, USA)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/Koblitz.pdf\">My Last 24 Years in Crypto: A Few Good Judgments and Many Bad Ones\r\n<\/a>After describing some joint work with Menezes in which isogenies are used to show that conventional wisdom about parameter selection might sometimes be wrong, I'll shift gears and make some comments on how easy it is to get things badly wrong in cryptography. I'll illustrate by giving a brief survey of some of the many misjudgments I've made over the years.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/iml.univ-mrs.fr\/~kohel\/\">David Kohel<\/a> (Institut de Math\u00e9matiques de Luminy, France)\r\nEndomorphisms, isogeny graphs, and moduli\r\nI will present a retrospective of aspects of my thesis, in light of applications in the last 14 years since its birth. In particular, I will focus on explicit isogenies, moduli of elliptic curves and CM structure, the \"local\" Galois module structures of l-torsion and l-isogeny graphs, and \"global\" structure of action visa class groups and isogenies. The focus will be directed principally towards ordinary elliptic curves over finite fields, but I will discuss briefly the supersingular case and generalizations to higher dimension.<\/li>\r\n \t<li><a href=\"http:\/\/hyperelliptic.org\/tanja\/\">Tanja Lange<\/a> (Technische Universiteit Eindhoven, Netherlands)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/Lange.pdf\">Breaking ECC2K<\/a><a href=\"http:\/\/2010.eccworkshop.org\/slides\/Lange.pdf\">-<\/a><a href=\"http:\/\/2010.eccworkshop.org\/slides\/Lange.pdf\">130\r\n<\/a>ECC2K-130 is the smallest unsolved Certicom discrete-logarithm challenge. Certicom originally stated that breaking ECC2K-130 was \"infeasible\" and would require 2700000000 machine days.\r\nThis talk reports on an ongoing joint project by researchers from 12 different universities to break ECC2K-130. The project has increased our knowledge of the mathematical speedups for attacking elliptic-curve cryptosystems, has led to a new representation for finite fields in 'optimal polynomial bases', and has led to a better understanding of the randomness of pseudorandom walks used in Pollard's rho method. The project has produced optimized implementations of a highly tuned iteration function for different platforms ranging from standard CPUs to customized FPGA clusters.These optimizations have moved the ECC2K-130 computation to the range of feasibility.The computation would finish in only two years using 1595 standard PCs, or 1231 PlayStation 3 game consoles, or 534 GTX 295 graphics cards, or 308 XC3S5000 FPGAs, or any combination of the above. We are now actively performing the computations. See our <a href=\"http:\/\/x.com\/eccchallenge\">twitter page<\/a> for updates.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/research.microsoft.com\/en-us\/people\/klauter\/default.aspx\">Kristin Lauter<\/a> (Microsoft Research, USA)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/Lauter.pdf\">Computing genus 2 curves from invariants on the Hilbert moduli space<\/a> Joint work with <a href=\"http:\/\/www.math.wisc.edu\/~thyang\/\">Tonghai Yang<\/a> (University of Wisconsin USA); he was originally scheduled to present this work.\r\nWe give a new method for generating genus 2 curves over a finite field with a given number of points on the Jacobian of the curve. We define two new invariants for genus 2 curves as values of modular functions on the Hilbert moduli space and show how to compute them. We relate them to the usual three Igusa invariants on the Siegel moduli space and give an algorithm to construct curves using these new invariants. Our approach simplifies the complex analytic method for computing genus 2 curves for cryptography and reduces the amount of computation required.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/www.math.psu.edu\/wli\/\">Winnie Li<\/a> (Penn State, USA and National Center for Theoretical Sciences, Taiwan)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/Li.pdf\">Atkin<\/a><a href=\"http:\/\/2010.eccworkshop.org\/slides\/Li.pdf\">-<\/a><a href=\"http:\/\/2010.eccworkshop.org\/slides\/Li.pdf\">Swinnerton<\/a><a href=\"http:\/\/2010.eccworkshop.org\/slides\/Li.pdf\">-<\/a><a href=\"http:\/\/2010.eccworkshop.org\/slides\/Li.pdf\">Dyer congruences on noncongruence modular forms\r\n<\/a>The understanding for the arithmetic of modular forms for noncongruence subgroups pales when compared to that for congruence subgroups. In large part, this is due to the lack of effective Hecke operators. The first pioneering work on noncongruence modular forms was done by Atkin and Swinnerton-Dyer in 1971. Based on a handful numerical data they gathered, Atkin and Swinnerton-Dyer proposed p-adic congruence relations, similar to the recursive relation satisfied by Hecke eigenforms, to be satisfied by a basis of a given space of noncongruence cusp forms. In this talk we shall survey subsequent developments and the current status of the ASD congruences.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/en.wikipedia.org\/wiki\/Victor_S._Miller\">Victor Miller<\/a> (Institute for Defense Analyses, USA)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/Miller.pdf\">Elliptic Curves, Cryptography and Computation\r\n<\/a>Much of the research in number theory, like mathematics as a whole, has been inspired by hard problems which are easy to state. A famous example is \"Fermat's Last Theorem\". Starting in the 1970's number theoretic problems have been suggested as the basis for cryptosystems, such as RSA and Diffie-Hellman. In 1985 Koblitz and Miller independently suggested that the discrete logarithm problem on elliptic curves might be more secure than the \"conventional\" discrete logarithm on multiplicative groups of finite fields. Since then it has inspired a great deal of research in number theory and geometry in an attempt to understand its security.\u00a0I'll give a brief historical tour concerning the elliptic curve discrete logarithm problem, and the closely connected Weil Pairing algorithm.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/en.wikipedia.org\/wiki\/Peter_Montgomery\">Peter Montgomery<\/a> (Microsoft Research, USA)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/Montgomery.pdf\">ECM <\/a><a href=\"http:\/\/2010.eccworkshop.org\/slides\/Montgomery.pdf\">-- <\/a><a href=\"http:\/\/2010.eccworkshop.org\/slides\/Montgomery.pdf\">Then and Now\r\n<\/a>This presentation has two parts. The first half discusses the major factorization algorithms when ECM was discovered in 1985, stressing the similarities between ECM and P +- 1. The second half describes the recent discoveries of six large Mersenne factors using ECM on a network of PlayStations.\u00a0This is joint work with Joppe W. Bos, Thorsten Kleinjung, and Arjen K. Lenstra from EPFL.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/2010.eccworkshop.org\/www.lix.polytechnique.fr\/~morain\/\">Francois Morain<\/a> (LIX \u00c9cole Polytechnique, France)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/Morain.pdf\">Elliptic curves with complex multiplication: history and perspectives\r\n<\/a>The theory of complex multiplication on curves is very old and rich, going back at least to Gauss. Since then, many authors have been developing the theory, in parallel with quite a heavy load of computations and formulas (by hand!). Soon after Schoof's 1985 major article, reduction of curves with complex multiplication over finite fields were used to prove the primality of special or general numbers, and the corresponding algorithms are still in use today. As a result, this led to the emergence of the so-called CM-method to build curves with prescribed properties. The talk will present some parts of this history, concentrating on explicit computations and applications of the CM theory to some old and new problems.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/www.cryptojedi.org\/users\/michael\/\">Michael Naehrig<\/a> (Microsoft Research, USA)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/Naehrig.pdf\">Pairings on elliptic curves <\/a><a href=\"http:\/\/2010.eccworkshop.org\/slides\/Naehrig.pdf\">- <\/a><a href=\"http:\/\/2010.eccworkshop.org\/slides\/Naehrig.pdf\">parameter selection and efficient computation<\/a> This talk is about efficient pairing computation on elliptic curves. I will discuss particularly implementation-friendly curves, the use of the polynomial parameter representation to compute pairings on BN curves, and reasons to use affine coordinates for pairings at high security levels.\u00a0This contains joint work with P. Barreto, G. Pereira, M. Simpl\u00edcio Jr, P. Schwabe, R. Niederhagen, K. Lauter, and P. Montgomery.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/www.normalesup.org\/~robert\/pro\/index.html\">Damien Robert<\/a> (INRIA Bordeaux - Sud-Ouest, France)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/Robert.pdf\">Generalizing V\u00e9lu's formulas and some applications\r\n<\/a>V\u00e9lu's formulas allow to compute an isogeny between elliptic curves from the coordinates of the points in the kernel. In this talk, I describe an algorithm using theta functions to compute an isogeny from its kernel on any abelian variety. I will give specific timings of a genus 2 implementation, and describe some applications. This is a joint work with Romain Cosset and David Lubicz.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/delta.cs.cinvestav.mx\/~francisco\/\">Francisco Rodriguez<\/a><a href=\"http:\/\/delta.cs.cinvestav.mx\/~francisco\/\">-<\/a><a href=\"http:\/\/delta.cs.cinvestav.mx\/~francisco\/\">Henriquez<\/a> (Centro de investigaci\u00f3n y de Estudios Avanzados del\u00a0I.P.N., Mexico)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/FRH.pdf\">Faster Implementation of Pairings\r\n<\/a>This talk gives an overview of the design of a fast hardware accelerator and a software\u00a0library for the computation of symmetric and asymmetric cryptographic pairings. The first half of this talk is devoted to describe the architecture of two hardware accelerators that compute the \u03b7T pairing over F2m and F3m. This accelerator implements Miller's algorithm using a parallel pipelined Karatsuba multiplier, and takes advantage of a dedicated coprocessor responsible for computing the final exponentiation.\u00a0The second half discusses the design of fast software libraries for the computation of both symmetric and asymmetric pairings. First, a brief description of the design of a fast multicore library for the cryptographic Tate pairing over supersingular elliptic curves is given. Then, the efficient computation of the optimal ate pairing on a Barreto-Naehrig elliptic curve is explained in detail.<\/li>\r\n \t<li><a href=\"http:\/\/www.math.uci.edu\/~krubin\/\">Karl Rubin<\/a> (University of California at Irvine, USA)\r\nSelmer ranks of elliptic curves in families of quadratic twists\r\nThis talk will report on ongoing work with Barry Mazur that studies 2-Selmer ranks in the family of all quadratic twists of a fixed elliptic curve over a number field. Our goal is to compute the density of twists with a given 2-Selmer rank r, for every r. This has been done by Heath-Brown, Swinnerton-Dyer, and Kane for elliptic curves over Q with all 2torsion rational. Our methods are different and work best for curves with no rational points of order 2. So far we can prove under certain hypotheses that E has \"many\" twists of every 2-Selmer rank, but not that the set of such twists has positive density. In this talk I will describe these results and the methods involved, and discuss a basic question about algebraic number fields that arises in trying to improve our results.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/www.mat.uniroma2.it\/~schoof\/\">Rene Schoof<\/a> (Universita di Roma \"Tor Vergata\", Italy)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/Schoof.pdf\">Counting points on elliptic curves over finite fields and beyond<\/a><\/li>\r\n \t<li><a href=\"http:\/\/www.math.uci.edu\/~asilverb\/\">Alice Silverberg<\/a> (University of California at Irvine, USA)\r\nOn elliptic curves with an isogeny of degree 7\r\nThis talk is about joint work with Ralph Greenberg and Karl Rubin. Given a group C of order 7 with a Galois action (in characteristic not 7), we construct the family of all elliptic curves with a rational subgroup Galois-isomorphic to C. As an application, we show that the images of 7-adic representations of elliptic curves over Q with a rational subgroup of order 7 are as large as they can be, with at most one exception (counted suitably). Whether the exception occurs depends on whether a certain genus 12 curve with 6 \"obvious\" rational points has any additional rational solutions. We use work of Poonen and Schaefer along with Stoll's version of the method of Chabauty to show that the curve has either 6 or 12 rational points.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/modular.math.washington.edu\/\">William Stein<\/a> (University of Washington, Seattle, USA)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/Stein.pdf\">Elliptic Curves in Sage\r\n<\/a>Sage (http:\/\/sagemath.org) is the most feature rich general purpose free open source software for computing with elliptic curves. In this talk, I'll describe what Sage can compute about elliptic curves and how it does some of these computation, then discuss what Sage currently can't compute but should be able to (e.g., because Magma can).<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/math.brown.edu\/~bviray\/\">Bianca Viray<\/a> (Brown University, USA)\r\nIgusa class polynomials, embeddings of quartic CM fields, and arithmetic intersection\u00a0theory\r\nCurrently, one of the best ways of computing genus 2 curves that can be used in cryptographic systems is via computation of Igusa class polynomials. Unfortunately Igusa class polynomials (the genus 2 analogue of Hilbert class polynomials) can be difficult to compute, mostly because recovering the coefficients from approximations requires a bound on the denominators. We will sketch how the denominators can be related both to the number of embeddings of quartic CM fields into certain endomorphism rings and to a conjectural formula of Bruinier and Yang for certain intersection numbers. We will present computations of these three values for 13 different CM fields and, in the cases in which the values are not what we might expect, we point to explanations for the differences. Joint work with H. Grundman, J. Johnson-Leung, K. Lauter, A. Salerno, E. Wittenborn<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/vvitse.free.fr\/\">Vanessa Vitse<\/a> (Universit\u00e9 de Versailles Saint-Quentin-en-Yvelines, France)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/Vitse.pdf\">F4 traces and index calculus on elliptic curves over extension fields\r\n<\/a>Recently, Gaudry and Diem have proposed an index calculus method for the resolution of the DLP on elliptic curves defined over extension fields. In this talk, I will first present a variant of this method that enables to decrease the asymptotic complexity of the DLP on E(Fqn) for a large range of q and n, then introduce a second improvement provided by the use of F4 traces for polynomial system solving. Finally, I will give a practical example of our index calculus variant to the oracle-assisted Static Diffie-Hellman Problem. This is a joint work with Antoine Joux.<\/li>\r\n<\/ul>\r\n<ul>\r\n \t<li><a href=\"http:\/\/math.stanford.edu\/~mwood\/\">Melanie Matchett Wood<\/a> (American Institute of Mathematics, USA)\r\n<a href=\"http:\/\/2010.eccworkshop.org\/slides\/Wood.pdf\">Composition Laws\r\n<\/a>The group laws on elliptic curves, Jacobians of hyperelliptic curves, and ideal class groups of quadratic number fields are all examples of group laws that can be computed explicitly via composition on various types of binary quadratic forms. We will discuss how these examples fit into a larger picture of class groups of quadratic extensions of any base space or ring, which can all be given explicitly by composition on generalized binary quadratic forms. Further, we will discuss how this is the degree 2 piece of a larger story, in which class groups of all cubic extensions and even some degree n extensions (for n&gt;3) can be given in terms of composition laws on trilinear forms. For example, one can compute Jacobians of trigonal curves via composition on certain trilinear forms.<\/li>\r\n<\/ul>\r\n&nbsp;"},{"id":4,"name":"Invited Speakers","content":"<ul>\r\n \t<li><a href=\"http:\/\/cr.yp.to\/djb.html\">Daniel J. Bernstein<\/a> (University of Illinois at Chicago, USA)<\/li>\r\n \t<li><a href=\"http:\/\/en.wikipedia.org\/wiki\/Bryan_Birch\">Bryan Birch<\/a> (Oxford, UK)<\/li>\r\n \t<li><a href=\"http:\/\/wis.kuleuven.be\/algebra\/castryck\/\">Wouter Castryck<\/a> (K.U.Leuven, Belgium)<\/li>\r\n \t<li><a href=\"https:\/\/research.microsoft.com\/en-us\/um\/people\/melissac\/\">Melissa Chase<\/a> (Microsoft Research, USA)<\/li>\r\n \t<li><a href=\"http:\/\/www.math.u-bordeaux1.fr\/~enge\/\">Andreas Enge<\/a> (INRIA Bordeaux - Sud-Ouest and IMB, France)<\/li>\r\n \t<li><a href=\"http:\/\/homes.esat.kuleuven.be\/~jfan\/\">Junfeng Fan<\/a> (K.U.Leuven, Belgium)<\/li>\r\n \t<li><a href=\"http:\/\/en.wikipedia.org\/wiki\/Gerhard_Frey\">Gerhard Frey<\/a> (Institute for Experimental Mathematics, Germany)<\/li>\r\n \t<li><a href=\"http:\/\/people.csail.mit.edu\/shafi\/\">Shafi Goldwasser<\/a> (MIT, USA and Weizmann Institute of Science, Israel)<\/li>\r\n \t<li><a href=\"http:\/\/www.dcu.ie\/info\/staff_member.php?id_no=3620\">Rob Granger<\/a> (Claude Shannon Institute, Ireland)<\/li>\r\n \t<li><a href=\"http:\/\/www.dms.auburn.edu\/faculty\/hankerson\/index.html\">Darrel Hankerson<\/a> (Auburn University, USA)<\/li>\r\n \t<li><a href=\"http:\/\/cims.nyu.edu\/~harvey\/\">David Harvey<\/a> (Courant Institute of Mathematical Sciences, USA)<\/li>\r\n \t<li><a href=\"http:\/\/huseyinhisil.net\/\">Huseyin Hisil<\/a> (Turkey)<\/li>\r\n \t<li><a href=\"http:\/\/www.math.washington.edu\/~koblitz\/\">Neal Koblitz<\/a> (University of Washington, Seattle, USA)<\/li>\r\n \t<li><a href=\"http:\/\/iml.univ-mrs.fr\/~kohel\/\">David Kohel<\/a> (Institut de Math\u00e9matiques de Luminy, France)<\/li>\r\n \t<li><a href=\"http:\/\/hyperelliptic.org\/tanja\/\">Tanja Lange<\/a> (Technische Universiteit Eindhoven, Netherlands)<\/li>\r\n \t<li><a href=\"http:\/\/rmc-stage\/en-us\/people\/klauter\/default.aspx\">Kristin Lauter<\/a> (Microsoft Research, USA)<\/li>\r\n \t<li><a href=\"http:\/\/www.math.psu.edu\/wli\/\">Winnie Li<\/a> (Penn State, USA and National Center for Theoretical Sciences, Taiwan)<\/li>\r\n \t<li><a href=\"http:\/\/en.wikipedia.org\/wiki\/Victor_S._Miller\">Victor Miller<\/a> (Institute for Defense Analyses, USA)<\/li>\r\n \t<li><a href=\"http:\/\/en.wikipedia.org\/wiki\/Peter_Montgomery\">Peter Montgomery<\/a> (Microsoft Research, USA)<\/li>\r\n \t<li><a href=\"http:\/\/www.lix.polytechnique.fr\/Labo\/Francois.Morain\/\">Francois Morain<\/a> (LIX \u00c9cole Polytechnique, France)<\/li>\r\n \t<li><a href=\"http:\/\/www.cryptojedi.org\/users\/michael\/\">Michael Naehrig<\/a> (Microsoft Research, USA)<\/li>\r\n \t<li><a href=\"http:\/\/www.normalesup.org\/~robert\/pro\/index.html\">Damien Robert<\/a> (INRIA Bordeaux - Sud-Ouest, France)<\/li>\r\n \t<li><a href=\"http:\/\/delta.cs.cinvestav.mx\/~francisco\/\">Francisco Rodriguez-Henriquez<\/a> (Centro de investigaci\u00f3n y de Estudios Avanzados del I.P.N., Mexico)<\/li>\r\n \t<li><a href=\"http:\/\/www.math.uci.edu\/~krubin\/\">Karl Rubin<\/a> (University of California at Irvine, USA)<\/li>\r\n \t<li><a href=\"http:\/\/www.mat.uniroma2.it\/~schoof\/\">Rene Schoof<\/a> (Universita di Roma \"Tor Vergata\", Italy)<\/li>\r\n \t<li><a href=\"http:\/\/www.math.uci.edu\/~asilverb\/\">Alice Silverberg<\/a> (University of California at Irvine, USA)<\/li>\r\n \t<li><a href=\"http:\/\/modular.math.washington.edu\/\">William Stein<\/a> (University of Washington, Seattle, USA)<\/li>\r\n \t<li><a href=\"http:\/\/math.brown.edu\/~bviray\/\">Bianca Viray<\/a> (Brown University, USA)<\/li>\r\n \t<li><a href=\"http:\/\/vvitse.free.fr\/\">Vanessa Vitse<\/a> (Universit\u00e9 de Versailles Saint-Quentin-en-Yvelines, France)<\/li>\r\n \t<li><a href=\"http:\/\/math.stanford.edu\/~mwood\/\">Melanie Matchett Wood<\/a> (American Institute of Mathematics, USA)<\/li>\r\n<\/ul>\r\n&nbsp;"}],"msr_startdate":"2010-10-18","msr_enddate":"2010-10-22","msr_event_time":"","msr_location":"","msr_event_link":"","msr_event_recording_link":"","msr_startdate_formatted":"October 18, 2010","msr_register_text":"Watch now","msr_cta_link":"","msr_cta_text":"","msr_cta_bi_name":"","featured_image_thumbnail":null,"event_excerpt":"Main Organizers: Neal Koblitz (University of Washington, Seattle, USA) Kristin Lauter (Microsoft Research, USA) Victor Miller (Institute for Defense Analyses, USA) William Stein (University of Washington, Seattle, USA) Program Committee: Daniel J. Bernstein (University of Illinois at Chicago, USA) Pierrick Gaudry (Loria, France) Neal Koblitz (University of Washington, Seattle, USA) Tanja Lange (Technische Universiteit Eindhoven) Kristin Lauter (Microsoft Research, USA) Victor Miller (Institute for Defense Analyses, USA) Renate Scheidler (University of Calgary, Canada) William Stein&hellip;","msr_research_lab":[],"related-researchers":[],"msr_impact_theme":[],"related-academic-programs":[],"related-groups":[],"related-projects":[239792,170325],"related-opportunities":[],"related-publications":[],"related-videos":[253649,253652,253661,253667],"related-posts":[],"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-event\/291860","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-event"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/types\/msr-event"}],"version-history":[{"count":2,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-event\/291860\/revisions"}],"predecessor-version":[{"id":1147256,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-event\/291860\/revisions\/1147256"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media?parent=291860"}],"wp:term":[{"taxonomy":"msr-research-area","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/research-area?post=291860"},{"taxonomy":"msr-region","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-region?post=291860"},{"taxonomy":"msr-event-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-event-type?post=291860"},{"taxonomy":"msr-video-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-video-type?post=291860"},{"taxonomy":"msr-locale","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-locale?post=291860"},{"taxonomy":"msr-program-audience","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-program-audience?post=291860"},{"taxonomy":"msr-post-option","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-post-option?post=291860"},{"taxonomy":"msr-impact-theme","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-impact-theme?post=291860"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}