Results 1  10
of
104
Constructing Elliptic Curves with Prescribed Embedding Degrees
, 2002
"... Pairingbased cryptosystems depend on the existence of groups where the Decision DiffieHellman problem is easy to solve, but the Computational DiffieHellman problem is hard. Such is the case of elliptic curve groups whose embedding degree is large enough to maintain a good security level, but smal ..."
Abstract

Cited by 51 (16 self)
 Add to MetaCart
Pairingbased cryptosystems depend on the existence of groups where the Decision DiffieHellman problem is easy to solve, but the Computational DiffieHellman problem is hard. Such is the case of elliptic curve groups whose embedding degree is large enough to maintain a good security level, but small enough for arithmetic operations to be feasible. However, the embedding degree is usually enormous, and the scarce previously known suitable elliptic groups had embedding degree k <= 6. In this note, we examine criteria for curves with larger k that generalize prior work by Miyaji et al. based on the properties of cyclotomic polynomials, and propose efficient representations for the underlying algebraic structures.
Computational Strategies for the Riemann Zeta Function
 Journal of Computational and Applied Mathematics
, 2000
"... We provide a compendium of evaluation methods for the Riemann zeta function, presenting formulae ranging from historical attempts to recently found convergent series to curious oddities old and new. We concentrate primarily on practical computational issues, such issues depending on the domain of th ..."
Abstract

Cited by 46 (9 self)
 Add to MetaCart
We provide a compendium of evaluation methods for the Riemann zeta function, presenting formulae ranging from historical attempts to recently found convergent series to curious oddities old and new. We concentrate primarily on practical computational issues, such issues depending on the domain of the argument, the desired speed of computation, and the incidence of what we call "value recycling".
The Montgomery Powering Ladder
, 2002
"... This paper gives a comprehensive analysis of Montgomery powering ladder. Initially developed for fast scalar multiplication on elliptic curves, we extend the scope of Montgomery ladder to any exponentiation in an abelian group. Computationally, the Montgomery ladder has the triple advantage of prese ..."
Abstract

Cited by 30 (3 self)
 Add to MetaCart
This paper gives a comprehensive analysis of Montgomery powering ladder. Initially developed for fast scalar multiplication on elliptic curves, we extend the scope of Montgomery ladder to any exponentiation in an abelian group. Computationally, the Montgomery ladder has the triple advantage of presenting a Lucas chain structure, of being parallelized, and of sharing a common operand. Furthermore, contrary to the classical binary algorithms, it behaves very regularly, which makes it naturally protected against a large variety of implementation attacks.
Implementing the asymptotically fast version of the elliptic curve primality proving algorithm
 Math. Comp
"... Abstract. The elliptic curve primality proving (ECPP) algorithm is one of the current fastest practical algorithms for proving the primality of large numbers. Its running time cannot be proven rigorously, but heuristic arguments show that it should run in time Õ((log N)5) to prove the primality of N ..."
Abstract

Cited by 27 (1 self)
 Add to MetaCart
Abstract. The elliptic curve primality proving (ECPP) algorithm is one of the current fastest practical algorithms for proving the primality of large numbers. Its running time cannot be proven rigorously, but heuristic arguments show that it should run in time Õ((log N)5) to prove the primality of N. An asymptotically fast version of it, attributed to J. O. Shallit, runs in time Õ((log N)4). The aim of this article is to describe this version in more details, leading to actual implementations able to handle numbers with several thousands of decimal digits. 1.
Harald Cramér and the distribution of prime numbers
 Scandanavian Actuarial J
, 1995
"... “It is evident that the primes are randomly distributed but, unfortunately, we don’t know what ‘random ’ means. ” — R. C. Vaughan (February 1990). After the first world war, Cramér began studying the distribution of prime numbers, guided by Riesz and MittagLeffler. His works then, and later in the ..."
Abstract

Cited by 20 (1 self)
 Add to MetaCart
“It is evident that the primes are randomly distributed but, unfortunately, we don’t know what ‘random ’ means. ” — R. C. Vaughan (February 1990). After the first world war, Cramér began studying the distribution of prime numbers, guided by Riesz and MittagLeffler. His works then, and later in the midthirties, have had a profound influence on the way mathematicians think about the distribution of prime numbers. In this article, we shall focus on how Cramér’s ideas have directed and motivated research ever since. One can only fully appreciate the significance of Cramér’s contributions by viewing his work in the appropriate historical context. We shall begin our discussion with the ideas of the ancient Greeks, Euclid and Eratosthenes. Then we leap in time to the nineteenth century, to the computations and heuristics of Legendre and Gauss, the extraordinarily analytic insights of Dirichlet and Riemann, and the crowning glory of these ideas, the proof the “Prime Number Theorem ” by Hadamard and de la Vallée Poussin in 1896. We pick up again in the 1920’s with the questions asked by Hardy and Littlewood,
Faster Pairings using an Elliptic Curve with an Efficient Endomorphism
 IN INDOCRYPT 2005
, 2005
"... The most significant pairingbased cryptographic protocol to be proposed so far is undoubtedly the IdentityBased Encryption (IBE) protocol of Boneh and Franklin. In their paper [6] they give details of how their scheme might be implemented in practise on certain supersingular elliptic curves of ..."
Abstract

Cited by 14 (0 self)
 Add to MetaCart
The most significant pairingbased cryptographic protocol to be proposed so far is undoubtedly the IdentityBased Encryption (IBE) protocol of Boneh and Franklin. In their paper [6] they give details of how their scheme might be implemented in practise on certain supersingular elliptic curves of prime characteristic. They also point out that the scheme could as easily be implemented on certain special nonsupersingular curves for the same level of security. An obvious question to be answered is  which is most e#cient? Motivated by the work of Gallant, Lambert and Vanstone [12] we demonstrate that, perhaps counter to intuition, certain ordinary curves closely related to the supersingular curves originally recommended by Boneh and Franklin, provide better performance. We illustrate our technique by implementing the fastest pairing algorithm to date (on elliptic curves of prime characteristic) for contemporary levels of security. We also point out that many of the nonsupersingular families of curves recently discovered and proposed for use in pairingbased cryptography can also benefit (to an extent) from the same technique.
VSH, an Efficient and Provable CollisionResistant Hash Function
 OF LECTURE NOTES IN COMPUTER SCIENCE
, 2006
"... We introduce VSH, very smooth hash, a new Sbit hash function that is provably collisionresistant assuming the hardness of finding nontrivial modular square roots of very smooth numbers modulo an Sbit composite. By very smooth, we mean that the smoothness bound is some fixed polynomial function of ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
We introduce VSH, very smooth hash, a new Sbit hash function that is provably collisionresistant assuming the hardness of finding nontrivial modular square roots of very smooth numbers modulo an Sbit composite. By very smooth, we mean that the smoothness bound is some fixed polynomial function of S. We argue that finding collisions for VSH has the same asymptotic complexity as factoring using the Number Field Sieve factoring algorithm, i.e., subexponential in S. VSH is theoretically pleasing because it requires just a single multiplication modulo the Sbit composite per Ω(S) messagebits (as opposed to O(log S) messagebits for previous provably secure hashes). It is relatively practical. A preliminary implementation on a 1GHz Pentium III processor that achieves collision resistance at least equivalent to the difficulty of factoring a 1024bit RSA modulus, runs at 1.1 MegaByte per second, with a moderate slowdown to 0.7MB/s for 2048bit RSA security. VSH can be used to build a fast, provably secure randomised trapdoor hash function, which can be applied to speed up provably secure signature schemes (such as CramerShoup) and designatedverifier signatures.
A GMPbased implementation of SchönhageStrassen’s large integer multiplication algorithm
 In Proceedings of ISSAC’07
, 2007
"... Abstract. SchönhageStrassen’s algorithm is one of the best known algorithms for multiplying large integers. Implementing it efficiently is of utmost importance, since many other algorithms rely on it as a subroutine. We present here an improved implementation, based on the one distributed within th ..."
Abstract

Cited by 12 (4 self)
 Add to MetaCart
Abstract. SchönhageStrassen’s algorithm is one of the best known algorithms for multiplying large integers. Implementing it efficiently is of utmost importance, since many other algorithms rely on it as a subroutine. We present here an improved implementation, based on the one distributed within the GMP library. The following ideas and techniques were used or tried: faster arithmetic modulo 2 n + 1, improved cache locality, Mersenne transforms, Chinese Remainder Reconstruction, the √ 2 trick, Harley’s and Granlund’s tricks, improved tuning. We also discuss some ideas we plan to try in the future.
It Is Easy to Determine Whether a Given Integer Is Prime
, 2004
"... The problem of distinguishing prime numbers from composite numbers, and of resolving the latter into their prime factors is known to be one of the most important and useful in arithmetic. It has engaged the industry and wisdom of ancient and modern geometers to such an extent that it would be super ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
The problem of distinguishing prime numbers from composite numbers, and of resolving the latter into their prime factors is known to be one of the most important and useful in arithmetic. It has engaged the industry and wisdom of ancient and modern geometers to such an extent that it would be superfluous to discuss the problem at length. Nevertheless we must confess that all methods that have been proposed thus far are either restricted to very special cases or are so laborious and difficult that even for numbers that do not exceed the limits of tables constructed by estimable men, they try the patience of even the practiced calculator. And these methods do not apply at all to larger numbers... It frequently happens that the trained calculator will be sufficiently rewarded by reducing large numbers to their factors so that it will compensate for the time spent. Further, the dignity of the science itself seems to require that every possible means be explored for the solution of a problem so elegant and so celebrated... It is in the nature of the problem