Results 1  10
of
30
The Elliptic Curve Digital Signature Algorithm (ECDSA)
, 1999
"... The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the Digital Signature Algorithm (DSA). It was accepted in 1999 as an ANSI standard, and was accepted in 2000 as IEEE and NIST standards. It was also accepted in 1998 as an ISO standard, and is under consideratio ..."
Abstract

Cited by 102 (5 self)
 Add to MetaCart
The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the Digital Signature Algorithm (DSA). It was accepted in 1999 as an ANSI standard, and was accepted in 2000 as IEEE and NIST standards. It was also accepted in 1998 as an ISO standard, and is under consideration for inclusion in some other ISO standards. Unlike the ordinary discrete logarithm problem and the integer factorization problem, no subexponentialtime algorithm is known for the elliptic curve discrete logarithm problem. For this reason, the strengthperkeybit is substantially greater in an algorithm that uses elliptic curves. This paper describes the ANSI X9.62 ECDSA, and discusses related security, implementation, and interoperability issues. Keywords: Signature schemes, elliptic curve cryptography, DSA, ECDSA.
An algorithm for solving the discrete log problem on hyperelliptic curves
, 2000
"... Abstract. We present an indexcalculus algorithm for the computation of discrete logarithms in the Jacobian of hyperelliptic curves defined over finite fields. The complexity predicts that it is faster than the Rho method for genus greater than 4. To demonstrate the efficiency of our approach, we de ..."
Abstract

Cited by 78 (6 self)
 Add to MetaCart
Abstract. We present an indexcalculus algorithm for the computation of discrete logarithms in the Jacobian of hyperelliptic curves defined over finite fields. The complexity predicts that it is faster than the Rho method for genus greater than 4. To demonstrate the efficiency of our approach, we describe our breaking of a cryptosystem based on a curve of genus 6 recently proposed by Koblitz. 1
A Fast Software Implementation for Arithmetic Operations in GF(2^n)
, 1996
"... . We present a software implementation of arithmetic operations in a finite field GF(2 n ), based on an alternative representation of the field elements. An important application is in elliptic curve cryptosystems. Whereas previously reported implementations of elliptic curve cryptosystems use a s ..."
Abstract

Cited by 46 (2 self)
 Add to MetaCart
. We present a software implementation of arithmetic operations in a finite field GF(2 n ), based on an alternative representation of the field elements. An important application is in elliptic curve cryptosystems. Whereas previously reported implementations of elliptic curve cryptosystems use a standard basis or an optimal normal basis to perform field operations, we represent the field elements as polynomials with coefficients in the smaller field GF(2 16 ). Calculations in this smaller field are carried out using precalculated lookup tables. This results in rather simple routines matching the structure of computer memory very well. The use of an irreducible trinomial as the field polynomial, as was proposed at Crypto'95 by R. Schroeppel et al., can be extended to this representation. In our implementation, the resulting routines are slightly faster than standard basis routines. 1 Introduction Elliptic curve public key cryptosystems are rapidly gaining popularity [M93]. The use...
Noisy Polynomial Interpolation and Noisy Chinese Remaindering
, 2000
"... Abstract. The noisy polynomial interpolation problem is a new intractability assumption introduced last year in oblivious polynomial evaluation. It also appeared independently in password identification schemes, due to its connection with secret sharing schemes based on Lagrange’s polynomial interpo ..."
Abstract

Cited by 41 (2 self)
 Add to MetaCart
Abstract. The noisy polynomial interpolation problem is a new intractability assumption introduced last year in oblivious polynomial evaluation. It also appeared independently in password identification schemes, due to its connection with secret sharing schemes based on Lagrange’s polynomial interpolation. This paper presents new algorithms to solve the noisy polynomial interpolation problem. In particular, we prove a reduction from noisy polynomial interpolation to the lattice shortest vector problem, when the parameters satisfy a certain condition that we make explicit. Standard lattice reduction techniques appear to solve many instances of the problem. It follows that noisy polynomial interpolation is much easier than expected. We therefore suggest simple modifications to several cryptographic schemes recently proposed, in order to change the intractability assumption. We also discuss analogous methods for the related noisy Chinese remaindering problem arising from the wellknown analogy between polynomials and integers. 1
Algorithms for computing isogenies between elliptic curves
 Math. Comp
, 2000
"... Abstract. The heart of the improvements by Elkies to Schoof’s algorithm for computing the cardinality of elliptic curves over a finite field is the ability to compute isogenies between curves. Elkies ’ approach is well suited for the case where the characteristic of the field is large. Couveignes sh ..."
Abstract

Cited by 31 (6 self)
 Add to MetaCart
Abstract. The heart of the improvements by Elkies to Schoof’s algorithm for computing the cardinality of elliptic curves over a finite field is the ability to compute isogenies between curves. Elkies ’ approach is well suited for the case where the characteristic of the field is large. Couveignes showed how to compute isogenies in small characteristic. The aim of this paper is to describe the first successful implementation of Couveignes’s algorithm. In particular, we describe the use of fast algorithms for performing incremental operations on series. We also insist on the particular case of the characteristic 2. 1.
Speeding Up the Discrete Log Computation on Curves With Automorphisms
, 1999
"... We show how to speed up the discrete log computations on curves having automorphisms of large order, thus generalizing the attacks on ABC elliptic curves. This includes the first known attack on CM (hyper)elliptic curves, as well as most of the hyperelliptic curves described in the literature. ..."
Abstract

Cited by 30 (2 self)
 Add to MetaCart
We show how to speed up the discrete log computations on curves having automorphisms of large order, thus generalizing the attacks on ABC elliptic curves. This includes the first known attack on CM (hyper)elliptic curves, as well as most of the hyperelliptic curves described in the literature.
Computational Aspects of Curves of Genus at Least 2
 Algorithmic number theory. 5th international symposium. ANTSII
, 1996
"... . This survey discusses algorithms and explicit calculations for curves of genus at least 2 and their Jacobians, mainly over number fields and finite fields. Miscellaneous examples and a list of possible future projects are given at the end. 1. Introduction An enormous number of people have per ..."
Abstract

Cited by 14 (3 self)
 Add to MetaCart
. This survey discusses algorithms and explicit calculations for curves of genus at least 2 and their Jacobians, mainly over number fields and finite fields. Miscellaneous examples and a list of possible future projects are given at the end. 1. Introduction An enormous number of people have performed an enormous number of computations on elliptic curves, as one can see from even a perfunctory glance at [29]. A few years ago, the same could not be said for curves of higher genus, even though the theory of such curves had been developed in detail. Now, however, polynomialtime algorithms and sometimes actual programs are available for solving a wide variety of problems associated with such curves. The genus 2 case especially is becoming accessible: in light of recent work, it seems reasonable to expect that within a few years, packages will be available for doing genus 2 computations analogous to the elliptic curve computations that are currently possible in PARI, MAGMA, SIMATH, apec...
Remarks on the SchoofElkiesAtkin algorithm
 Math. Comp
, 1998
"... Abstract. Schoof’s algorithm computes the number m of points on an elliptic curve E defined over a finite field Fq. Schoof determines m modulo small primes ℓ using the characteristic equation of the Frobenius of E and polynomials of degree O(ℓ 2). With the works of Elkies and Atkin, we have just to ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
Abstract. Schoof’s algorithm computes the number m of points on an elliptic curve E defined over a finite field Fq. Schoof determines m modulo small primes ℓ using the characteristic equation of the Frobenius of E and polynomials of degree O(ℓ 2). With the works of Elkies and Atkin, we have just to compute, when ℓ is a “good ” prime, an eigenvalue of the Frobenius using polynomials of degree O(ℓ). In this article, we compute the complexity of Müller’s algorithm, which is the best known method for determining one eigenvalue and we improve the final step in some cases. Finally, when ℓ is “bad”, we describe how to have polynomials of small degree and how to perform computations, in Schoof’s algorithm, on xvalues only. 1.
Elliptic Curve Systems
 IEEE P1363, Part 4: Elliptic Curve Systems
, 1995
"... . This standard describes a method for data encryption and for digital signatures using the elliptic curve analogue of the ElGamal publickey cryptosystem. Elliptic curve systems are publickey (asymmetric) cryptographic algorithms, typically used in conjunction with a hash algorithm to create digit ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
. This standard describes a method for data encryption and for digital signatures using the elliptic curve analogue of the ElGamal publickey cryptosystem. Elliptic curve systems are publickey (asymmetric) cryptographic algorithms, typically used in conjunction with a hash algorithm to create digital signatures, and for the secure distribution of secret keys for use in symmetrickey cryptosystems. Elliptic curve systems may also be used to transmit confidential information. Introduction The algebraic system defined on the points of an elliptic curve provides an alternate means to implement the ElGamal and ElGamallike public key encryption and signature protocols. These protocols are typically described in the literature in the algebraic system Z p , the integers modulo p, where p is a prime. For example, the NIST Digitial Signature Algorithm (DSA) is an ElGamallike signature scheme defined over Z p . Precisely the same protocol for signing could be defined over the points on an ell...
Primality proving using elliptic curves: An update
 In Proceedings of ANTS III
, 1998
"... Abstract. In 1986, following the work of Schoof on counting points on elliptic curves over finite fields, new algorithms for primality proving emerged, due to Goldwasser and Kilian on the one hand, and Atkin on the other. The latter algorithm uses the theory of complex multiplication. The algorithm, ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
Abstract. In 1986, following the work of Schoof on counting points on elliptic curves over finite fields, new algorithms for primality proving emerged, due to Goldwasser and Kilian on the one hand, and Atkin on the other. The latter algorithm uses the theory of complex multiplication. The algorithm, now called ECPP, has been used for nearly ten years. The purpose of this paper is to give an account of the recent theoretical and practical improvements of ECPP, as well as new benchmarks for integers of various sizes and a new primality record. 1