Results 11  20
of
670
Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms
, 2001
"... The fundamental operation in elliptic curve cryptographic schemes is that of point multiplication of an elliptic curve point by an integer. This paper describes a new method for accelerating this operation on classes of elliptic curves that have efficientlycomputable endomorphisms. One advantage of ..."
Abstract

Cited by 67 (0 self)
 Add to MetaCart
The fundamental operation in elliptic curve cryptographic schemes is that of point multiplication of an elliptic curve point by an integer. This paper describes a new method for accelerating this operation on classes of elliptic curves that have efficientlycomputable endomorphisms. One advantage of the new method is that it is applicable to a larger class of curves than previous such methods.
Mahler's Measure and Special Values of Lfunctions
, 1998
"... this paper is to describe an attempt to understand and generalize a recent formula of Deninger [1997] by means of systematic numerical experiment. This conjectural formula, ..."
Abstract

Cited by 59 (1 self)
 Add to MetaCart
this paper is to describe an attempt to understand and generalize a recent formula of Deninger [1997] by means of systematic numerical experiment. This conjectural formula,
Evaluation of discrete logarithms in a group of ptorsion points of an elliptic curve in characteristic p
 Mathematics of Computation
, 1998
"... Abstract. We show that to solve the discrete log problem in a subgroup of order p of an elliptic curve over the finite field of characteristic p one needs O(ln p) operations in this field. Let Fq be the finite field of q = p l elements. We define an elliptic curve E over Fq to be an equation of the ..."
Abstract

Cited by 58 (0 self)
 Add to MetaCart
Abstract. We show that to solve the discrete log problem in a subgroup of order p of an elliptic curve over the finite field of characteristic p one needs O(ln p) operations in this field. Let Fq be the finite field of q = p l elements. We define an elliptic curve E over Fq to be an equation of the form y 2 = x 3 + Ax + B. We suppose p ̸ = 2,3. Let E(Fq) bethesetofpointsErational over Fq. Itisknown that Nq − q − 1  ≤2q 1/2 with Nq = E(Fq). The set E(Fq) is a finite abelian group with the “infinite point ” P ∞ as the identity element. The discrete logarithm problem is to compute an integer n such that Q = nP, where Q, P ∈ E(Fq), if such an n exists. This problem is of great significance in cryptology [1], [2]. Suppose that the point P generates a subgroup 〈P 〉 of order m. If (m, p) = 1, then the subgroup 〈P 〉 is isomorphic to some multiplicative subgroup of an extension F q k where q k ≡ 1(modm). The values of the isomorphism from 〈P 〉 to F ∗ q can be evaluated in a very simple manner. The complexity of the algorithm is
Arithmetic and Attractors
, 2003
"... We study relations between some topics in number theory and supersymmetric black holes. These relations are based on the “attractor mechanism ” of N = 2 supergravity. In IIB string compactification this mechanism singles out certain “attractor varieties. ” We show that these attractor varieties are ..."
Abstract

Cited by 55 (2 self)
 Add to MetaCart
We study relations between some topics in number theory and supersymmetric black holes. These relations are based on the “attractor mechanism ” of N = 2 supergravity. In IIB string compactification this mechanism singles out certain “attractor varieties. ” We show that these attractor varieties are constructed from products of elliptic curves with complex multiplication for N = 4, 8 compactifications. The heterotic dual theories are related to rational conformal field theories. In the case of N = 4 theories Uduality inequivalent backgrounds with the same horizon area are counted by the class number of a quadratic imaginary field. The attractor varieties are defined over fields closely related to class fields of the quadratic imaginary field. We discuss some extensions to more general CalabiYau compactifications and explore further connections to arithmetic including connections to Kronecker’s Jugendtraum and the theory of modular heights. The paper also includes a short review of the attractor mechanism. A much shorter version of the paper summarizing the main points is the companion note entitled “Attractors and Arithmetic,” hepth/9807056.
Selfblindable credential certificates from the weil pairing
, 2001
"... Abstract. We describe two simple, efficient and effective credential pseudonymous certificate systems, which also support anonymity without the need for a trusted third party. The second system provides cryptographic protection against the forgery and transfer of credentials. Both systems are based ..."
Abstract

Cited by 47 (0 self)
 Add to MetaCart
Abstract. We describe two simple, efficient and effective credential pseudonymous certificate systems, which also support anonymity without the need for a trusted third party. The second system provides cryptographic protection against the forgery and transfer of credentials. Both systems are based on a new paradigm, called selfblindable certificates. Such certificates can be constructed using the Weil pairing in supersingular elliptic curves. 1
New PublicKey Schemes Based on Elliptic Curves over the Ring Z_n
, 1991
"... Three new trapdoor oneway functions are proposed that are based on elliptic curves over the ring Z_n. The first class of functions is a naive construction, which can be used only in a digital signature scheme, and not in a publickey cryptosystem. The second, preferred class of function, does not s ..."
Abstract

Cited by 46 (0 self)
 Add to MetaCart
Three new trapdoor oneway functions are proposed that are based on elliptic curves over the ring Z_n. The first class of functions is a naive construction, which can be used only in a digital signature scheme, and not in a publickey cryptosystem. The second, preferred class of function, does not suffer from this problem and can be used for the same applications as the RSA trapdoor oneway function, including zeroknowledge identification protocols. The third class of functions has similar properties to the Rabin trapdoor oneway functions. Although the security of these proposed schemes is based on the difficulty of factoring n, like the RSA and Rabin schemes, these schemes seem to be more secure than those schemes from the viewpoint of attacks without factoring such as low multiplier attacks.
Supersingular abelian varieties in cryptology
 Advances in Cryptology  CRYPTO 2002
"... Abstract. For certain security applications, including identity based encryption and short signature schemes, it is useful to have abelian varieties with security parameters that are neither too small nor too large. Supersingular abelian varieties are natural candidates for these applications. This ..."
Abstract

Cited by 45 (7 self)
 Add to MetaCart
Abstract. For certain security applications, including identity based encryption and short signature schemes, it is useful to have abelian varieties with security parameters that are neither too small nor too large. Supersingular abelian varieties are natural candidates for these applications. This paper determines exactly which values can occur as the security parameters of supersingular abelian varieties (in terms of the dimension of the abelian variety and the size of the finite field), and gives constructions of supersingular abelian varieties that are optimal for use in cryptography. 1
Solving elliptic diophantine equations by estimating linear forms in elliptic logarithms
 ACTA ARITHMETICA
, 1994
"... ..."
Speeding Up Pollard's Rho Method For Computing Discrete Logarithms
, 1998
"... . In Pollard's rho method, an iterating function f is used to define a sequence (y i ) by y i+1 = f(y i ) for i = 0; 1; 2; : : : , with some starting value y 0 . In this paper, we define and discuss new iterating functions for computing discrete logarithms with the rho method. We compare their pe ..."
Abstract

Cited by 44 (7 self)
 Add to MetaCart
. In Pollard's rho method, an iterating function f is used to define a sequence (y i ) by y i+1 = f(y i ) for i = 0; 1; 2; : : : , with some starting value y 0 . In this paper, we define and discuss new iterating functions for computing discrete logarithms with the rho method. We compare their performances in experiments with elliptic curve groups. Our experiments show that one of our newly defined functions is expected to reduce the number of steps by a factor of approximately 0:8, in comparison with Pollard's originally used function, and we show that this holds independently of the size of the group order. For group orders large enough such that the run time for precomputation can be neglected, this means a realtime speedup of more than 1:2. 1. Introduction Let G be a finite cyclic group, written multiplicatively, and generated by the group element g. Given an element h in G, we wish to find the least nonnegative number x such that g x = h. This problem is the discre...
Parallel Algorithms for Integer Factorisation
"... The problem of finding the prime factors of large composite numbers has always been of mathematical interest. With the advent of public key cryptosystems it is also of practical importance, because the security of some of these cryptosystems, such as the RivestShamirAdelman (RSA) system, depends o ..."
Abstract

Cited by 41 (17 self)
 Add to MetaCart
The problem of finding the prime factors of large composite numbers has always been of mathematical interest. With the advent of public key cryptosystems it is also of practical importance, because the security of some of these cryptosystems, such as the RivestShamirAdelman (RSA) system, depends on the difficulty of factoring the public keys. In recent years the best known integer factorisation algorithms have improved greatly, to the point where it is now easy to factor a 60decimal digit number, and possible to factor numbers larger than 120 decimal digits, given the availability of enough computing power. We describe several algorithms, including the elliptic curve method (ECM), and the multiplepolynomial quadratic sieve (MPQS) algorithm, and discuss their parallel implementation. It turns out that some of the algorithms are very well suited to parallel implementation. Doubling the degree of parallelism (i.e. the amount of hardware devoted to the problem) roughly increases the size of a number which can be factored in a fixed time by 3 decimal digits. Some recent computational results are mentioned – for example, the complete factorisation of the 617decimal digit Fermat number F11 = 2211 + 1 which was accomplished using ECM.