Results 21  30
of
151
Shor's Discrete Logarithm Quantum Algorithm for Elliptic Curves
, 2003
"... We show in some detail how to implement Shor's e#cient quantum algorithm for discrete logarithms for the particular case of elliptic curve groups. It turns out that for this problem a smaller quantum computer can solve problems further beyond current computing than for integer factorisation. A 1 ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
We show in some detail how to implement Shor's e#cient quantum algorithm for discrete logarithms for the particular case of elliptic curve groups. It turns out that for this problem a smaller quantum computer can solve problems further beyond current computing than for integer factorisation. A 160 bit elliptic curve cryptographic key could be broken on a quantum computer using around 1000 qubits while factoring the securitywise equivalent 1024 bit RSA modulus would require about 2000 qubits. In this paper we only consider elliptic curves over GF(p) and not yet the equally important ones over GF(2 ) or other finite fields. The main technical di#culty is to implement Euclid's gcd algorithm to compute multiplicative inverses modulo p. As the runtime of Euclid's algorithm depends on the input, one di#culty encountered is the "quantum halting problem". On an (even) more theoretical note we also point out that there are quantum circuits which make the discrete logarithm algorithm exact.
Implementing Network Security Protocols based on Elliptic CurveCryptog y
 Proceedings of the Fourth Symposium on Computer Networks
, 1999
"... Ellipticcurv cryptography prov a methodology for obtaining highspeed, efficient, and scalable implementations of network security protocols. In this paper, we describe in detail three protocols based on ellipticcurv cryptographic techniques, and the results of our implementation of the ellipticcurv ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
Ellipticcurv cryptography prov a methodology for obtaining highspeed, efficient, and scalable implementations of network security protocols. In this paper, we describe in detail three protocols based on ellipticcurv cryptographic techniques, and the results of our implementation of the ellipticcurv cryptographyovy the Galois field GF (2 k ), where k is a composite number. 1 EllipticCui e Cryptography E7qq7E curve cryptography [9, 5, 8, 6] provides a methodology for obtaining highspeed, e#cient, and scalable implementations of network security protocols. The security of these protocols depends on the di#culty of computing ellipticcurv e discrete logarithm in the elliptic curve group. The group operations utilize the arithmetic of points which are elements of the set of solutions of an elliptic curve equation defined over a finite field. The arithmetic of elliptic curve operations depend on the arithmetic on the underlying finite field. The standards suggest the use of GF (p) and GF (2 k ). Below, we define the nomenclature and then provide a general overview of security protocols based on elliptic curve cryptography. . Scalar: An element belonging to either one of the fields GF (p)orGF (2 k ) is called a scalar. Scalars are named with lowercase letters: r, s, t, etc. . Scalar Addition: Two or more scalar can be added to obtain another scalar. In the GF (p) case, this is the ordinary integer addition modulo p. When GF (2 k )is used, this is equivalent to polynomial addition modulo an irreducible polynomial of degree k, generating the field GF (2 k ). We will denote the scalar addition of r and s giving the result e by e = r + s. # Thisre109 h was supp in part bySe103 Information Te chnology, Inc. + Proceeding of the Fourth Symposium on Computer Netw...
Application of discrete chaotic dynamical systems in cryptography
 DCC method, Int. J. Bifurcation and Chaos
, 1999
"... Abstract. In the paper we present some methods of constructing cryptosystems utilising chaotic dynamical systems that has been extensively developed last years. We start with a brief review of algorithms based on both the theory of continuous and discrete systems. Then we show our approach where the ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
Abstract. In the paper we present some methods of constructing cryptosystems utilising chaotic dynamical systems that has been extensively developed last years. We start with a brief review of algorithms based on both the theory of continuous and discrete systems. Then we show our approach where the essence of chaos (that is the sensitivity of the trajectories of discrete chaotic dynamical systems to the small changes of initial conditions) is exploited for secure communication.
Algorithm Exploration for Efficient PublicKey Security Processing on Wireless Handsets
 in Proc. Design, Automation, and Test in Europe (DATE) Designers Forum
, 2002
"... Security protocols are critical to enabling the growth of a wide range of wireless data services and applications. However, they impose a high computational burden that is mismatched with the modest processing capabilities and battery resources available on wireless clients. In this work, we conside ..."
Abstract

Cited by 11 (6 self)
 Add to MetaCart
Security protocols are critical to enabling the growth of a wide range of wireless data services and applications. However, they impose a high computational burden that is mismatched with the modest processing capabilities and battery resources available on wireless clients. In this work, we consider the task of efficient publickey security processing on wireless handsets. Our approach is based on extensive algorithmic exploration and tuning of the cryptographic algorithms that form the computational core of security protocols. In order to identify the optimum algorithm configuration, we have developed a novel performance estimation methodology based on automatic characterization and macromodeling of software libraries, that enables us to replace target simulation with native execution during algorithm exploration. The proposed methodology results in two to three orders of magnitude speedup in the simulation time required. As a result, identifying the optimal algorithm configuration in the context of the popular SSL Handshake protocol takes less than a day, as opposed to several months using stateoftheart processor models. I.
Complexity and fast algorithms for multiexponentiation
 IEEE Transactions on Computers
, 2000
"... for multiexponentiations ..."
An HighSpeed ECCbased Wireless Authentication Protocol on an ARM Microprocessor
, 2000
"... In this paper, we present the results of our implementation of elliptic curve cryptography (ECC) over the field GF (p) on an 80MHz, 32bit ARM microprocessor. We have produced a practical software library which supports variable length implementation of the elliptic curve digital signature algorith ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
In this paper, we present the results of our implementation of elliptic curve cryptography (ECC) over the field GF (p) on an 80MHz, 32bit ARM microprocessor. We have produced a practical software library which supports variable length implementation of the elliptic curve digital signature algorithm (ECDSA). We implemented the ECDSA and a recently proposed ECCbased wireless authentication protocol using the library. Our timing results show that the 160bit ECDSA signature generation and verification operations take around 46 ms and 94 ms, respectively. With these timings, the execution of the ECCbased wireless authentication protocol takes around 140 ms on the ARM7TDMI processor, which is a widely used, lowpower core processor for wireless applications. 1. Introduction The rapid progress in wireless communication systems, personal communication systems, and smartcard technologies has brought new opportunities and challenges to be met by engineers and researchers working on the se...
Nagaraj, Density of Carmichael numbers with three prime factors
 Math.Comp.66 (1997), 1705–1708. MR 98d:11110
"... Abstract. We get an upper bound of O(x 5/14+o(1) ) on the number of Carmichael numbers ≤ x with exactly three prime factors. 1. ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
Abstract. We get an upper bound of O(x 5/14+o(1) ) on the number of Carmichael numbers ≤ x with exactly three prime factors. 1.
Searching for Elements in Black Box Fields and Applications
 In Advances in CryptologyCrypto’96, LNCS1109
, 1996
"... We introduce the notion of a black box field and discuss the problem of explicitly exposing field elements given in a black box form. We present several subexponential algorithms for this problem using a technique due to Maurer. These algorithms make use of elliptic curves over finite fields in a c ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
We introduce the notion of a black box field and discuss the problem of explicitly exposing field elements given in a black box form. We present several subexponential algorithms for this problem using a technique due to Maurer. These algorithms make use of elliptic curves over finite fields in a crucial way. We present three applications for our results: (1) We show that any algebraically homomorphic encryption scheme can be broken in expected subexponential time. The existence of such schemes has been open for a number of years. (2) We give an expected subexponential time reduction from the problem of finding roots of polynomials over finite fields with low straight line complexity (e.g. sparse polynomials) to the problem of testing whether such polynomials have a root in the field. (3) We show that the hardness of computing discretelog over elliptic curves implies the security of the DiffieHellman protocol over elliptic curves. Finally in the last section of the paper we prove ...
On the importance of securing your bins: The garbagemaninthemiddle attack
, 1997
"... In this paper, we address the following problem: " Is it possible to weaken/attack a scheme when a (provably) secure cryptosystem is used? ". The answer is yes. We exploit weak errorhandling methods. Our attack relies on the cryptanalyst being able to modify some ciphertext and then getting access ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
In this paper, we address the following problem: " Is it possible to weaken/attack a scheme when a (provably) secure cryptosystem is used? ". The answer is yes. We exploit weak errorhandling methods. Our attack relies on the cryptanalyst being able to modify some ciphertext and then getting access to the decryption of this modified ciphertext. Moreover, it applies on many cryptosystems, including RSA, Rabin, LUC, KMOV, Demytko, ElGamal and its analogues, 3pass system, knapsack scheme, etc. . .