Results 1  10
of
10
Efficient Pairing Computation on Supersingular Abelian Varieties
 Designs, Codes and Cryptography
, 2004
"... We present a general technique for the efficient computation of pairings on supersingular Abelian varieties. As particular cases, we describe efficient pairing algorithms for elliptic and hyperelliptic curves in characteristic 2. The latter is faster than all previously known pairing algorithms, and ..."
Abstract

Cited by 130 (23 self)
 Add to MetaCart
We present a general technique for the efficient computation of pairings on supersingular Abelian varieties. As particular cases, we describe efficient pairing algorithms for elliptic and hyperelliptic curves in characteristic 2. The latter is faster than all previously known pairing algorithms, and as a bonus also gives rise to faster conventional Jacobian arithmetic.
Asymptotically optimal communication for torusbased cryptography
 In Advances in Cryptology (CRYPTO 2004), Springer LNCS 3152
, 2004
"... Abstract. We introduce a compact and efficient representation of elements of the algebraic torus. This allows us to design a new discretelog based publickey system achieving the optimal communication rate, partially answering the conjecture in [4]. For n the product of distinct primes, we construct ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
Abstract. We introduce a compact and efficient representation of elements of the algebraic torus. This allows us to design a new discretelog based publickey system achieving the optimal communication rate, partially answering the conjecture in [4]. For n the product of distinct primes, we construct efficient ElGamal signature and encryption schemes in a subgroup of F ∗ qn in which the number of bits exchanged is only a φ(n)/n fraction of that required in traditional schemes, while the security offered remains the same. We also present a DiffieHellman key exchange protocol averaging only φ(n) log2 q bits of communication per key. For the cryptographically important cases of n = 30 and n = 210, we transmit a 4/5 and a 24/35 fraction, respectively, of the number of bits required in XTR [14] and recent CEILIDH [24] cryptosystems. 1
On the Discrete Logarithm Problem on Algebraic Tori
 In Advances in Cryptology (CRYPTO 2005), Springer LNCS 3621, 66–85
, 2005
"... Abstract. Using a recent idea of Gaudry and exploiting rational representations of algebraic tori, we present an index calculus type algorithm for solving the discrete logarithm problem that works directly in these groups. Using a prototype implementation, we obtain practical upper bounds for the di ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
Abstract. Using a recent idea of Gaudry and exploiting rational representations of algebraic tori, we present an index calculus type algorithm for solving the discrete logarithm problem that works directly in these groups. Using a prototype implementation, we obtain practical upper bounds for the difficulty of solving the DLP in the tori T2(Fpm)and T6(Fpm) for various p and m. Our results do not affect the security of the cryptosystems LUC, XTR, or CEILIDH over prime fields. However, the practical efficiency of our method against other methods needs further examining, for certain choices of p and m in regions of cryptographic interest. 1
Practical Cryptography in High Dimensional Tori
 In Advances in Cryptology (EUROCRYPT 2005), Springer LNCS 3494
, 2004
"... At Crypto 2004, van Dijk and Woodruff introduced a new way of using the algebraic tori Tn in cryptography, and obtained an asymptotically optimal n/φ(n) savings in bandwidth and storage for a number of cryptographic applications. However, the computational requirements of compression and decompr ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
At Crypto 2004, van Dijk and Woodruff introduced a new way of using the algebraic tori Tn in cryptography, and obtained an asymptotically optimal n/φ(n) savings in bandwidth and storage for a number of cryptographic applications. However, the computational requirements of compression and decompression in their scheme were impractical, and it was left open to reduce them to a practical level. We give a new method that compresses orders of magnitude faster than the original, while also speeding up the decompression and improving on the compression factor (by a constant term). Further, we give the first efficient implementation that uses T30 , compare its performance to XTR, CEILIDH, and ECC, and present new applications. Our methods achieve better compression than XTR and CEILIDH for the compression of as few as two group elements. This allows us to apply our results to ElGamal encryption with a small message domain to obtain ciphertexts that are 10% smaller than in previous schemes.
Hyperelliptic pairings
 IN PAIRING 2007
, 2007
"... We survey recent research on pairings on hyperelliptic curves and present a comparison of the performance characteristics of pairings on elliptic curves and hyperelliptic curves. Our analysis indicates that hyperelliptic curves are not more efficient than elliptic curves for general pairing applicat ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
We survey recent research on pairings on hyperelliptic curves and present a comparison of the performance characteristics of pairings on elliptic curves and hyperelliptic curves. Our analysis indicates that hyperelliptic curves are not more efficient than elliptic curves for general pairing applications.
CONSTRUCTING PAIRINGFRIENDLY HYPERELLIPTIC CURVES USING WEIL RESTRICTION
"... Abstract. A pairingfriendly curve is a curve over a finite field whose Jacobian has small embedding degree with respect to a large primeorder subgroup. In this paper we construct pairingfriendly genus 2 curves over finite fields Fq whose Jacobians are ordinary and simple, but not absolutely simpl ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
Abstract. A pairingfriendly curve is a curve over a finite field whose Jacobian has small embedding degree with respect to a large primeorder subgroup. In this paper we construct pairingfriendly genus 2 curves over finite fields Fq whose Jacobians are ordinary and simple, but not absolutely simple. We show that constructing such curves is equivalent to constructing elliptic curves over Fq that become pairingfriendly over a finite extension of Fq. Our main proof technique is Weil restriction of elliptic curves. We describe adaptations of the CocksPinch and BrezingWeng methods that produce genus 2 curves with the desired properties. Our examples include a parametric family of genus 2 curves whose Jacobians have the smallest recorded ρvalue for simple, nonsupersingular abelian surfaces. 1.
Public key cryptography based on semigroup actions, Adv
 in Math. of Communications
"... (Communicated by Andreas Stein) Abstract. A generalization of the original DiffieHellman key exchange in (Z/pZ) ∗ found a new depth when Miller [27] and Koblitz [16] suggested that such a protocol could be used with the group over an elliptic curve. In this paper, we propose a further vast general ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
(Communicated by Andreas Stein) Abstract. A generalization of the original DiffieHellman key exchange in (Z/pZ) ∗ found a new depth when Miller [27] and Koblitz [16] suggested that such a protocol could be used with the group over an elliptic curve. In this paper, we propose a further vast generalization where abelian semigroups act on finite sets. We define a DiffieHellman key exchange in this setting and we illustrate how to build interesting semigroup actions using finite (simple) semirings. The practicality of the proposed extensions rely on the orbit sizes of the semigroup actions and at this point it is an open question how to compute the sizes of these orbits in general and also if there exists a square root attack in general. In Section 5 a concrete practical semigroup action built from simple semirings is presented. It will require further research to analyse this system. 1.
Compression for trace zero subgroups of elliptic curves
 Trends in Mathematics 8, 93–100 (2005) Pairings 131
, 2004
"... Abstract. We give details of a compression/decompression algorithm for points in trace zero subgroups of elliptic curves over Fqr, for r = 3 and 5. 1. ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Abstract. We give details of a compression/decompression algorithm for points in trace zero subgroups of elliptic curves over Fqr, for r = 3 and 5. 1.
Twisting commutative algebraic groups
 Journal of Algebra
"... Abstract. If V is a commutative algebraic group over a field k, O is a commutative ring that acts on V, and I is a finitely generated free Omodule with a right action of the absolute Galois group of k, then there is a commutative algebraic group I ⊗O V over k, which is a twist of a power of V. Thes ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Abstract. If V is a commutative algebraic group over a field k, O is a commutative ring that acts on V, and I is a finitely generated free Omodule with a right action of the absolute Galois group of k, then there is a commutative algebraic group I ⊗O V over k, which is a twist of a power of V. These group varieties have applications to cryptography (in the cases of abelian varieties and algebraic tori over finite fields) and to the arithmetic of abelian varieties over number fields. For purposes of such applications we devote this article to making explicit this tensor product construction and its basic properties.
PRIME ORDER PRIMITIVE SUBGROUPS IN TORUSBASED CRYPTOGRAPHY
"... Abstract. We use the BatemanHorn conjecture to study the order of the set of Fqrational points of primitive subgroups that arise in torusbased cryptography. We provide computational evidence to support the heuristics and make some suggestions regarding parameter selection for torusbased cryptogr ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. We use the BatemanHorn conjecture to study the order of the set of Fqrational points of primitive subgroups that arise in torusbased cryptography. We provide computational evidence to support the heuristics and make some suggestions regarding parameter selection for torusbased cryptography. 1. Background 1.1. Algebraic Tori and Primitive Subgroups. Let L/K be a finite and separable field extension with [L: K] = n. Let Gm be the multiplicative algebraic group defined by the following property: Over any field F, the set of Frational points of Gm, denoted Gm(F), is the multiplicative group F × of nonzero elements of the field F. The Weil restriction of scalars of Gm from L down to K, denoted Res L/KGm, enjoys the following property: (Res L/KGm)(K) ∼ = Gm(L) = L ×, where the equality comes from the definition of Gm. In other words the set of Krational points of ResL/KGm is isomorphic to L ×. The algebraic group ResL/KGm is a nontrivial example of an algebraic torus defined over K; that is, an algebraic group T defined over K that over some finite extension field is isomorphic to (Gm) d, where d is the dimension of T. For any field F with K ⊂ F � L, let NL/F: L − → F denote the usual norm map defined by NL/F (α) = � σ∈Gal(L/F) σ(α). Associated with each norm map NL/F there exists a map NL/F: ResL/KGm − → ResF/KGm such that the following diagram commutes. (Res (ResL/KGm)(K) L/KGm)(K) �� (Res (ResF/KGm)(K)