Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves also figured prominently in the recent proof of Fermat's Last Theorem by Andrew Wiles. Originally pursued for purely aesthetic reasons, elliptic curves have recently been utilized in devising algorithms for factoring integers, primality proving, and in public-key cryptography. In this article, we aim to give the reader an introduction to elliptic curve cryptosystems, and to demonstrate why these systems provide relatively small block sizes, high-speed software and hardware implementations, and offer the highest strength-per-key-bit of any known public-key scheme.

The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the Digital Signature Algorithm (DSA). It was accepted in 1999 as an ANSI standard, and was accepted in 2000 as IEEE and NIST standards. It was also accepted in 1998 as an ISO standard, and is under consideration for inclusion in some other ISO standards. Unlike the ordinary discrete logarithm problem and the integer factorization problem, no subexponential-time algorithm is known for the elliptic curve discrete logarithm problem. For this reason, the strength-per-key-bit is substantially greater in an algorithm that uses elliptic curves. This paper describes the ANSI X9.62 ECDSA, and discusses related security, implementation, and interoperability issues. Keywords: Signature schemes, elliptic curve cryptography, DSA, ECDSA.

Security issues will play an important role in the majority of communication and computer networks of the future. As the Internet becomes more and more accessible to the public, security measures will have to be strengthened. Elliptic curve cryptosystems allow for shorter operand lengths than other public-key schemes based on the discrete logarithm in finite fields and the integer factorization problem and are thus attractive for many applications. This thesis describes an implementation of a crypto engine based on elliptic curves. The underlying algebraic structures are composite Galois fields GF((2 n) m) in a standard base representation. As a major new feature, the system is developed for a reconfigurable platform based on Field Programmable Gate Arrays (FPGAs). FPGAs combine the flexibility of software solutions with the security of traditional hardware implementations. In particular, it is possible to easily change all algorithm parameters such as curve coefficients, field order, or field representation. The thesis deals with the design and implementation of elliptic curve point multiplicationarchitectures. The architectures are described in VHDL and mapped to Xilinx FPGA devices. Architectures over Galois fields of different order and representation were implemented and compared. Area and timing measurements are provided for all architectures. It is shown that a full point multiplication on elliptic curves of real-world size can be implemented on commercially available FPGAs.

We present a new type of fault attacks on elliptic curve scalar multiplications: Sign Change Attacks. These attacks exploit di#erent number representations as they are often employed in modern cryptographic applications. Previously, fault attacks on elliptic curves aimed to force a device to output points which are on a cryptographically weak curve. Such attacks can easily be defended against. Our attack produces points which do not leave the curve and are not easily detected. The paper also presents a revised scalar multiplication algorithm that provably protects against Sign Change Attacks.

Abstract. In this paper, we present a design strategy of elliptic curves whose extension degrees needed for reduction attacks have a controllable lower boundary, based on the complex multiplication fields method of Atkin and Morain over prime fields. 1

This report is a survey on public key cryptosystems that use the theory of elliptic curves. A considerable part will be about the theory of elliptic curves. Encryption systems, digital signature schemes and key agreement schemes using elliptic curves will be described. Their workload and bandwidth will be addressed and some attacks will be described. For all systems the security is based either on the elliptic curve discrete logarithm problem or on the difficulty of factorization. The differences between conventional and elliptic curve systems shall be addressed. Systems based on the elliptic curve discrete logarithm problem can be used with shorter keys to provide the same security, compared to similar conventional systems. Elliptic curve systems based on factoring are slightly more resistant as conventional systems against some attacks.

A method is described to represent points on elliptic curves over F 2 n , in the context of elliptic curve cryptosystems, using n bits. The method allows for full recovery of the x and y components of the point. This improves on the naive representation using 2n bits, and on a previously known compressed representation using n+ 1 bits. Since n bits are necessary to represent a point in the general case of a cryptosystem over F 2 n , the representation described in this note is minimal. Keywords: finite fields, elliptic curves, cryptography. 1 Background Elliptic curve (EC) cryptography is gaining favor as an efficient and attractive alternative to the more conventional public key schemes, e.g., RSA. EC cryptosystems are based on operations involving points on an elliptic curve over a finite field. Popular choices for the underlying finite field are F p , the integers modulo p for a (large) prime number p, and F 2 n , a finite field of characteristic two and dimension n. Thi...

Contents 1 Preliminaries 1 1.1 Repetition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2 Elliptic curve cryptography 3 2.1 Elliptic curves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2 The size of an elliptic curve . . . . . . . . . . . . . . . . . . . . . 8 2.3 Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.4 Discrete logarithms and Pollard's rho method . . . . . . . . . . . 13 2.5 Synopsis elliptic curves . . . . . . . . . . . . . . . . . . . . . . . . 15 3 Pseudorandom generators 17 3.1 Pseudorandom generators . . . . . . . . . . . . . . . . . . . . . . 17 3.2 Distinguishers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.3 Predictors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 3.4 The NisanWigderson generator . . . . . . . . . . . . . . . . . . . 26 3.5 Construction of good designs . . . . . . . . . . . . . . . . . . . . . 29 3.6 Deter

The theory of elliptic curves is a classical topic in many branches of algebra and number theory, but recently it is receiving more attention in cryptography. An elliptic curve is a two-dimensional (planar) curve defined by an equation involving a cubic power of coordinate x and a square power of coordinate y. One class of these curves is

Abstract not found