Results 1  10
of
11
Guide to Elliptic Curve Cryptography
, 2004
"... Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves ..."
Abstract

Cited by 369 (17 self)
 Add to MetaCart
Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves also figured prominently in the recent proof of Fermat's Last Theorem by Andrew Wiles. Originally pursued for purely aesthetic reasons, elliptic curves have recently been utilized in devising algorithms for factoring integers, primality proving, and in publickey cryptography. In this article, we aim to give the reader an introduction to elliptic curve cryptosystems, and to demonstrate why these systems provide relatively small block sizes, highspeed software and hardware implementations, and offer the highest strengthperkeybit of any known publickey scheme.
Arithmetic On Superelliptic Curves
 Math. Comp
, 2000
"... This paper is concerned with algorithms for computing in the divisor class group of a nonsingular plane curve of the form y n = c(x) which has only one point at infinity. Divisors are represented as ideals and an ideal reduction algorithm based on lattice reduction is given. We obtain a unique repre ..."
Abstract

Cited by 37 (4 self)
 Add to MetaCart
This paper is concerned with algorithms for computing in the divisor class group of a nonsingular plane curve of the form y n = c(x) which has only one point at infinity. Divisors are represented as ideals and an ideal reduction algorithm based on lattice reduction is given. We obtain a unique representative for each divisor class and the algorithms for addition and reduction of divisors run in polynomial time. An algorithm is also given for solving the discrete logarithm problem when the curve is defined over a finite field.
On the performance of hyperelliptic cryptosystems
, 1999
"... In this paper we discuss various aspects of cryptosystems based on hyperelliptic curves. In particular we cover the implementation of the group law on such curves and how to generate suitable curves for use in cryptography. This paper presents a practical comparison between the performance of ellip ..."
Abstract

Cited by 30 (5 self)
 Add to MetaCart
In this paper we discuss various aspects of cryptosystems based on hyperelliptic curves. In particular we cover the implementation of the group law on such curves and how to generate suitable curves for use in cryptography. This paper presents a practical comparison between the performance of elliptic curve based digital signature schemes and schemes based on hyperelliptic curves. We conclude that, at present, hyperelliptic curves offer no performance advantage over elliptic curves.
Applying sieving to the computation of quadratic class groups
 Math. Comp
, 1999
"... Abstract. We present a new algorithm for computing the ideal class group of an imaginary quadratic order which is based on the multiple polynomial version of the quadratic sieve factoring algorithm. Although no formal analysis is given, we conjecture that our algorithm has subexponential complexity ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
Abstract. We present a new algorithm for computing the ideal class group of an imaginary quadratic order which is based on the multiple polynomial version of the quadratic sieve factoring algorithm. Although no formal analysis is given, we conjecture that our algorithm has subexponential complexity, and computational experience shows that it is significantly faster in practice than existing algorithms. 1.
Computing Discrete Logarithms In Quadratic Orders
 J. Cryptology
, 2000
"... . We present efficient algorithms for computing discrete logarithms in the class group of a quadratic order and for principality testing in a real quadratic order, based on the work of Dullmann and Abel. We show how the idea of generating relations with sieving can be applied to improve the performa ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
. We present efficient algorithms for computing discrete logarithms in the class group of a quadratic order and for principality testing in a real quadratic order, based on the work of Dullmann and Abel. We show how the idea of generating relations with sieving can be applied to improve the performance of these algorithms. Computational results are presented which demonstrate that our new techniques yield a significant increase in the sizes of discriminants for which these discrete logarithm problems can be solved. 1. Introduction It is wellknown that finite Abelian groups offer an excellent setting for cryptographic protocols [15], in particular, groups G in which the discrete logarithm problem (DLP) is intractable. That is, given g; a 2 G; it should be beyond the reach of an adversary to recover an integer x such that g x = a; or determine that no such x exists. Several types of finite Abelian groups have been proposed for this purpose, including the original idea of the multipl...
Sieving in Function Fields
 Experimental Mathematics
, 1997
"... We present the first implementation of sieving techniques in the context of function fields. More precisely, we compute in class groups of quadratic congruence function fields by combining the Algorithm of Hafner and McCurley with sieving ideas known from factoring. We apply our methods to compute g ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
We present the first implementation of sieving techniques in the context of function fields. More precisely, we compute in class groups of quadratic congruence function fields by combining the Algorithm of Hafner and McCurley with sieving ideas known from factoring. We apply our methods to compute generators and relations of the Jacobian variety of hyperelliptic curves over finite fields. 1 Introduction Jacobian varieties of hyperelliptic curves over finite fields can be (under some condition) interpreted as class groups of imaginary quadratic congruence function fields; the algorithm of Hafner and McCurley [8] known to compute the class group of imaginary quadratic number fields and having subexponential running time in the size of the discriminant can be applied. This idea is realized (with a slight modification) in [1] by Adleman, DeMarrais and Huang who claim this algorithm to be of subexponential running time in the genus, believing in some heuristical evidence. An unconditional p...
NEW QUADRATIC POLYNOMIALS WITH HIGH DENSITIES OF PRIME VALUES
"... Abstract. Hardy and Littlewood’s Conjecture F implies that the asymptotic density of prime values of the polynomials fA(x) =x 2 + x + A, A ∈ Z, is related to the discriminant ∆ = 1 − 4A of fA(x) viaaquantityC(∆). The larger C(∆) is, the higher the asymptotic density of prime values for any quadrati ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Abstract. Hardy and Littlewood’s Conjecture F implies that the asymptotic density of prime values of the polynomials fA(x) =x 2 + x + A, A ∈ Z, is related to the discriminant ∆ = 1 − 4A of fA(x) viaaquantityC(∆). The larger C(∆) is, the higher the asymptotic density of prime values for any quadratic polynomial of discriminant ∆. A technique of Bach allows one to estimate C(∆) accurately for any ∆ < 0, given the class number of the imaginary quadratic order with discriminant ∆, and for any ∆> 0given the class number and regulator of the real quadratic order with discriminant ∆. The Manitoba Scalable Sieve Unit (MSSU) has shown us how to rapidly generate many discriminants ∆ for which C(∆) is potentially large, and new methods for evaluating class numbers and regulators of quadratic orders allow us to compute accurate estimates of C(∆) efficiently, even for values of ∆ with as many as 70 decimal digits. Using these methods, we were able to find a number of discriminants for which, under the assumption of the Extended Riemann Hypothesis, C(∆) is larger than any previously known examples. 1.
November 2000 CSTR00017
, 2001
"... We compare the method of Weil descent for solving the ECDLP against the standard method of parallelised Pollard rho. We give details of a theoretical and practical comparison and then use this to analyse the di#culty of actually solving the ECDLP for curves of the size needed in a practical cryp ..."
Abstract
 Add to MetaCart
We compare the method of Weil descent for solving the ECDLP against the standard method of parallelised Pollard rho. We give details of a theoretical and practical comparison and then use this to analyse the di#culty of actually solving the ECDLP for curves of the size needed in a practical cryptographic systems. In particular we examine the elliptic curves proposed in the Oakley key determination protocol.
Internal Accession Date Only
, 1998
"... function fields, divisor class group, reduced ideals, cryptography Let F denote a function field of transcendence degree one over a finite field k. We assume that the field is tamely ramified at infinity, that the valuations at infinity of a set of fundamental units are known and we have gcd(f 1, … ..."
Abstract
 Add to MetaCart
function fields, divisor class group, reduced ideals, cryptography Let F denote a function field of transcendence degree one over a finite field k. We assume that the field is tamely ramified at infinity, that the valuations at infinity of a set of fundamental units are known and we have gcd(f 1, … , f s) = 1, where f i denotes the degree of a place at infinity. In such a situation we describe a simple arithmetic in the divisor class group. One draw back of this arithmetic is that we do not obtain a unique representative for each divisor class. The method makes use of multiplication and reduction of reduced fractional ideals.