Dimitri Koshelev

Jointly with Jordi Pujolàs lnkd.in/djnkCrZ8 Quasi-perfect (de)compression of elliptic curve points in the highly 2-adic scenario lnkd.in/dr9tDc8G

Jointly with Antonio Sanso linkedin.com/in/asanso Endomorphisms for faster cryptography on elliptic curves of moderate CM discriminants decifris.it/koine/vol7/W09

[New] Batch subgroup membership testing on pairing-friendly curves (Dimitri Koshelev and Youssef El Housni and Georgios Fotiadis) ia.cr/2025/1311

This talk on EC plonk is wonderful - starting from plonk basics, explaining the main components of ecfft, and then how to get stuff needed for plonk - like a cyclic shift, when working with functions over the curve rather than field youtube.com/watch?v=pHWlRl…

Recommend checking out this interview with Victor Miller open.spotify.com/episode/2sDHST… I knew he was the first to give efficient pairings, but I didn't know he was also one of the first two people (independent works of him and Neal Koblitz) in 85 to suggest using elliptic curves for Diffie Hellman instead of mod p groups.

Quantum computers haven't factored anything interesting yet. Peter Gutmann concludes that quantum computing is "not getting anywhere" (theregister.com/2025/07/17/qua…). The same logic 70 years ago would have said we'll never land on the Moon. More on this analogy: #moon" target="_blank" rel="nofollow noopener">blog.cr.yp.to/20250118-fligh…

I know probably no one care anymore about Bandersnatch curve, but here is a small writeup about subgroup membership on it: @yelhousni/tate-subgroup" target="_blank" rel="nofollow noopener">hackmd.io/@yelhousni/tat…

Simultaneously simple universal and indifferentiable hashing to elliptic curves doi.org/10.1007/978-3-…

🎊 Grant Announcement: Cryptography Research by @DimitriKoshelev! Exploration of isogenies and other cryptographic areas essential to Ethereum's roadmap, working closely with @ethereumfndn researchers to accelerate learning and align efforts with Ethereum's goals.

Application of Mordell–Weil lattices with large kissing numbers to acceleration of multiscalar multiplication on elliptic curves doi.org/10.1515/jmc-20…

We did a little update to eprint.iacr.org/2025/196. Benchmarks show a 30% speedup for MNT curves (originally for Mina) using GLV: github.com/asanso/Endomor…. Good news a few years ago... but yeah, not post-quantum, I know. 😅

Point (de)compression for elliptic curves over highly 2-adic finite fields aimsciences.org/article/doi/10…

And part II that covers also MNT curves.

Just to spell out one way to apply eprint.iacr.org/2022/037 to Curve25519: take point on curve (not twist); check x squareness to see if point is 2*P; compute such a P (exercise: use generic P to avoid roots); do order-4 pairing with (1,...) and 4th-power test to see if P is 4*Q.

This is a great paper "Application of Mordell-Weil lattices with large kissing numbers to acceleration of multi-scalar multiplication on elliptic curves" eprint.iacr.org/2023/1384.pdf ".... this is the first usage of lat- tices with large kissing numbers in cryptography, "

great result indeed!

amazing stuff eprint.iacr.org/2024/1790 "Revisiting subgroup membership testing on pairing-friendly curves via the Tate pairing"

So let me try to give a quick overview of this paper (a thread). Some elliptic curves, like secp256k1 (used in Bitcoin and Ethereum) or Bandersnatch, admit an optimization for scalar multiplication called GLV. This is possible thanks to the fact that those curves are built 1/n

Excited to share our new paper, unleashed in collaboration with @DimitriKoshelev (kudos to him for the brilliant idea behind it!) eprint.iacr.org/2024/1985.pdf