Abstract. We introduce a compact and efficient representation of elements of the algebraic torus. This allows us to design a new discretelog based public-key system achieving the optimal communication rate, partially answering the conjecture in [4]. For n the product of distinct primes, we construct efficient ElGamal signature and encryption schemes in a subgroup of F ∗ qn in which the number of bits exchanged is only a φ(n)/n fraction of that required in traditional schemes, while the security offered remains the same. We also present a Diffie-Hellman key exchange protocol averaging only φ(n) log2 q bits of communication per key. For the cryptographically important cases of n = 30 and n = 210, we transmit a 4/5 and a 24/35 fraction, respectively, of the number of bits required in XTR [14] and recent CEILIDH [24] cryptosystems. 1

Abstract. Recently, Lenstra and Verheul proposed an efficient cryptosystem called XTR. This system represents elements of F ∗ p6 with order dividing p 2 − p + 1 by their trace over Fp2. Compared with the usual representation, this one achieves a ratio of three between security size and manipulated data. Consequently very promising performance compared with RSA and ECC are expected. In this paper, we are dealing with hardware implementation of XTR, and more precisely with Field Programmable Gate Array (FPGA). The intrinsic parallelism of such a device is combined with efficient modular multiplication algorithms to obtain effective implementation(s) of XTR with respect to time and area. We also compare our implementations with hardware implementations of RSA and ECC. This shows that XTR achieves a very high level of speed with small area requirements: an XTR exponentiation is carried out in less than 0.21 ms at a frequency beyond 150 MHz.