Results 1 
5 of
5
On some computational problems in finite abelian groups
 Mathematics of Computation
, 1997
"... Abstract. We present new algorithms for computing orders of elements, discrete logarithms, and structures of finite abelian groups. We estimate the computational complexity and storage requirements, and we explicitly determine the Oconstants and Ωconstants. We implemented the algorithms for class ..."
Abstract

Cited by 23 (7 self)
 Add to MetaCart
Abstract. We present new algorithms for computing orders of elements, discrete logarithms, and structures of finite abelian groups. We estimate the computational complexity and storage requirements, and we explicitly determine the Oconstants and Ωconstants. We implemented the algorithms for class groups of imaginary quadratic orders and present a selection of our experimental results. Our algorithms are based on a modification of Shanks ’ babystep giantstep strategy, and have the advantage that their computational complexity and storage requirements are relative to the actual order, discrete logarithm, or size of the group, rather than relative to an upper bound on the group order. 1.
Cryptographic Protocols Based on Discrete Logarithms in Realquadratic Orders
 Advances in Cryptology — CRYPTO ’94, Lecture Notes in Computer Science
, 1994
"... . We generalize and improve the schemes of [4]. We introduce analogues of exponentiation and discrete logarithms in the principle cycle of real quadratic orders. This enables us to implement many cryptographic protocols based on discrete logarithms, e.g. a variant of the signature scheme of ElGamal ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
. We generalize and improve the schemes of [4]. We introduce analogues of exponentiation and discrete logarithms in the principle cycle of real quadratic orders. This enables us to implement many cryptographic protocols based on discrete logarithms, e.g. a variant of the signature scheme of ElGamal [8]. 1 Introduction 1.1 Motivation The security of many cryptographic protocols (see for example [7], [8], [12]) is based on the difficulty of solving the discrete logarithm problem (DLproblem) in the multiplicative group GF (p) of prime fields GF (p) of characteristic p ? 0. Recently, Gordon [9] has shown that under reasonable assumptions the discrete DLproblem in GF(p) can be solved in expected time L p [1=3; c] = exp((c + o(1)) \Delta (log p) 1=3 \Delta (log log p) 2=3 ) by means of the number field sieve (NFS), thereby lowering the best known asymptotically upper bound considerably. Experience with similar integer factoring algorithms shows that the NFS can be expected to ...
On the implementation of cryptosystems based on real quadratic number fields
 Seventh Annual Workshop on Selected Areas in Cryptography  SAC2000, Lecture Notes in Computer Science
, 2000
"... Abstract. Cryptosystems based on the discrete logarithm problem in the infrastructure of a real quadratic number eld [7, 19, 2] are very interesting from a theoretical point of view, because this problem is known to be at least as hard as, and when considering todays algorithms { as in [11] { much ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
Abstract. Cryptosystems based on the discrete logarithm problem in the infrastructure of a real quadratic number eld [7, 19, 2] are very interesting from a theoretical point of view, because this problem is known to be at least as hard as, and when considering todays algorithms { as in [11] { much harder than, factoring integers. However it seems that the cryptosystems sketched in [2] have not been implemented yet and consequently it is hard to evaluate the practical relevance of these systems. Furthermore as [2] lacks any proofs regarding the involved approximation precisions, it was not clear whether the second communication round, as required in [7, 19], really could be avoided without substantial slowdown. In this work we will prove a bound for the necessary approximation precision of an exponentiation using quadratic numbers in power product representation and show that the precision given in [2] can be lowered considerably. As the highly space consuming power products can not be applied in environments with limited RAM, we will propose a simple (CRIAD 1) arithmetic which entirely avoids these power products. Beside the obvious savings in terms of space this method is also about 30% faster. Furthermore one may apply more sophisticated exponentiation techniques, which nally result in a tenfold speedup compared to [2]. 1
Quadratic orders for NESSIE  Overview and parameter sizes of three public key families
, 2000
"... . In the scope of the European project NESSIE 1 there was issued a Call for Cryptographic Primitives [NESSIE] soliciting proposals for block ciphers, stream ciphers, hash functions, pseudorandom functions and public key primitives for digital signatures, encryption and identification. Since ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
. In the scope of the European project NESSIE 1 there was issued a Call for Cryptographic Primitives [NESSIE] soliciting proposals for block ciphers, stream ciphers, hash functions, pseudorandom functions and public key primitives for digital signatures, encryption and identification. Since the security of all popular puplic key cryptosystems is based on unproven assumptions and therefore nobody can guarantee that schemes based on factoring or the computation of discrete logarithms in some group, like the multiplicative group of a finite field or the jacobian of (hyper) elliptic curves over finite fields, will stay secure forever, it is especially important to provide a variety of different primitives and groups which may be utilized if a popular class of cryptosystems gets broken. In this work we propose three different public key families based on the discrete logarithm problem in quadratic orders to be considered for NESSIE. The two families based on (maximal) real...