Results 1  10
of
12
Guide to Elliptic Curve Cryptography
, 2004
"... Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves ..."
Abstract

Cited by 593 (18 self)
 Add to MetaCart
Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves also figured prominently in the recent proof of Fermat's Last Theorem by Andrew Wiles. Originally pursued for purely aesthetic reasons, elliptic curves have recently been utilized in devising algorithms for factoring integers, primality proving, and in publickey cryptography. In this article, we aim to give the reader an introduction to elliptic curve cryptosystems, and to demonstrate why these systems provide relatively small block sizes, highspeed software and hardware implementations, and offer the highest strengthperkeybit of any known publickey scheme.
Arithmetic On Superelliptic Curves
 Math. Comp
, 2000
"... This paper is concerned with algorithms for computing in the divisor class group of a nonsingular plane curve of the form y n = c(x) which has only one point at infinity. Divisors are represented as ideals and an ideal reduction algorithm based on lattice reduction is given. We obtain a unique repre ..."
Abstract

Cited by 46 (4 self)
 Add to MetaCart
(Show Context)
This paper is concerned with algorithms for computing in the divisor class group of a nonsingular plane curve of the form y n = c(x) which has only one point at infinity. Divisors are represented as ideals and an ideal reduction algorithm based on lattice reduction is given. We obtain a unique representative for each divisor class and the algorithms for addition and reduction of divisors run in polynomial time. An algorithm is also given for solving the discrete logarithm problem when the curve is defined over a finite field.
A cryptographic application of Weil descent
 CODES AND CRYPTOGRAPHY, LNCS 1746
, 1999
"... ..."
(Show Context)
On the performance of hyperelliptic cryptosystems
, 1999
"... In this paper we discuss various aspects of cryptosystems based on hyperelliptic curves. In particular we cover the implementation of the group law on such curves and how to generate suitable curves for use in cryptography. This paper presents a practical comparison between the performance of ellip ..."
Abstract

Cited by 30 (4 self)
 Add to MetaCart
(Show Context)
In this paper we discuss various aspects of cryptosystems based on hyperelliptic curves. In particular we cover the implementation of the group law on such curves and how to generate suitable curves for use in cryptography. This paper presents a practical comparison between the performance of elliptic curve based digital signature schemes and schemes based on hyperelliptic curves. We conclude that, at present, hyperelliptic curves offer no performance advantage over elliptic curves.
Applying sieving to the computation of quadratic class groups
 Math. Comp
, 1999
"... Abstract. We present a new algorithm for computing the ideal class group of an imaginary quadratic order which is based on the multiple polynomial version of the quadratic sieve factoring algorithm. Although no formal analysis is given, we conjecture that our algorithm has subexponential complexity ..."
Abstract

Cited by 10 (2 self)
 Add to MetaCart
Abstract. We present a new algorithm for computing the ideal class group of an imaginary quadratic order which is based on the multiple polynomial version of the quadratic sieve factoring algorithm. Although no formal analysis is given, we conjecture that our algorithm has subexponential complexity, and computational experience shows that it is significantly faster in practice than existing algorithms. 1.
Sieving in Function Fields
 Experimental Mathematics
, 1997
"... We present the first implementation of sieving techniques in the context of function fields. More precisely, we compute in class groups of quadratic congruence function fields by combining the Algorithm of Hafner and McCurley with sieving ideas known from factoring. We apply our methods to compute g ..."
Abstract

Cited by 10 (2 self)
 Add to MetaCart
(Show Context)
We present the first implementation of sieving techniques in the context of function fields. More precisely, we compute in class groups of quadratic congruence function fields by combining the Algorithm of Hafner and McCurley with sieving ideas known from factoring. We apply our methods to compute generators and relations of the Jacobian variety of hyperelliptic curves over finite fields. 1 Introduction Jacobian varieties of hyperelliptic curves over finite fields can be (under some condition) interpreted as class groups of imaginary quadratic congruence function fields; the algorithm of Hafner and McCurley [8] known to compute the class group of imaginary quadratic number fields and having subexponential running time in the size of the discriminant can be applied. This idea is realized (with a slight modification) in [1] by Adleman, DeMarrais and Huang who claim this algorithm to be of subexponential running time in the genus, believing in some heuristical evidence. An unconditional p...
Computing Discrete Logarithms in Quadratic Orders
, 2000
"... We present efficient algorithms for computing discrete logarithms in the class group of a quadratic order and for principality testing in a real quadratic order, based on the work of Düllmann and Abel. We show how the idea of generating relations with sieving can be applied to improve the performan ..."
Abstract

Cited by 9 (5 self)
 Add to MetaCart
We present efficient algorithms for computing discrete logarithms in the class group of a quadratic order and for principality testing in a real quadratic order, based on the work of Düllmann and Abel. We show how the idea of generating relations with sieving can be applied to improve the performance of these algorithms. Computational results are presented which demonstrate that our new techniques yield a significant increase in the sizes of discriminants for which these discrete logarithm problems can be solved.
NEW QUADRATIC POLYNOMIALS WITH HIGH DENSITIES OF PRIME VALUES
"... Abstract. Hardy and Littlewood’s Conjecture F implies that the asymptotic density of prime values of the polynomials fA(x) =x 2 + x + A, A ∈ Z, is related to the discriminant ∆ = 1 − 4A of fA(x) viaaquantityC(∆). The larger C(∆) is, the higher the asymptotic density of prime values for any quadrati ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Hardy and Littlewood’s Conjecture F implies that the asymptotic density of prime values of the polynomials fA(x) =x 2 + x + A, A ∈ Z, is related to the discriminant ∆ = 1 − 4A of fA(x) viaaquantityC(∆). The larger C(∆) is, the higher the asymptotic density of prime values for any quadratic polynomial of discriminant ∆. A technique of Bach allows one to estimate C(∆) accurately for any ∆ < 0, given the class number of the imaginary quadratic order with discriminant ∆, and for any ∆> 0given the class number and regulator of the real quadratic order with discriminant ∆. The Manitoba Scalable Sieve Unit (MSSU) has shown us how to rapidly generate many discriminants ∆ for which C(∆) is potentially large, and new methods for evaluating class numbers and regulators of quadratic orders allow us to compute accurate estimates of C(∆) efficiently, even for values of ∆ with as many as 70 decimal digits. Using these methods, we were able to find a number of discriminants for which, under the assumption of the Extended Riemann Hypothesis, C(∆) is larger than any previously known examples. 1.
November 2000 CSTR00017
, 2001
"... We compare the method of Weil descent for solving the ECDLP against the standard method of parallelised Pollard rho. We give details of a theoretical and practical comparison and then use this to analyse the di#culty of actually solving the ECDLP for curves of the size needed in a practical cryp ..."
Abstract
 Add to MetaCart
We compare the method of Weil descent for solving the ECDLP against the standard method of parallelised Pollard rho. We give details of a theoretical and practical comparison and then use this to analyse the di#culty of actually solving the ECDLP for curves of the size needed in a practical cryptographic systems. In particular we examine the elliptic curves proposed in the Oakley key determination protocol.
FIELD SIEVE ALGORITHM TO SOLVE THE DISCRETE LOGARITHM PROBLEM IN THE JACOBIANS OF HYPERELLIPTIC CURVES
, 1997
"... discrete logarithm, hyperelliptic curves, cryptography In this paper we report on an implementation of the algorithm of Aldeman, De Marrais and Huang for the solution of the discrete logarithm problem on Jacobians of hyperelliptic curves. The method of Aldeman, De Marrais and Huang is closely relate ..."
Abstract
 Add to MetaCart
(Show Context)
discrete logarithm, hyperelliptic curves, cryptography In this paper we report on an implementation of the algorithm of Aldeman, De Marrais and Huang for the solution of the discrete logarithm problem on Jacobians of hyperelliptic curves. The method of Aldeman, De Marrais and Huang is closely related to the Number Field Sieve factoring method which leads us to consider a “lattice sieve ” version of the original method.