Results 1  10
of
27
Proving in ZeroKnowledge that a Number is the Product of Two Safe Primes
, 1998
"... This paper presents the first efficient statistical zeroknowledge protocols to prove statements such as: A committed number is a pseudoprime. ..."
Abstract

Cited by 121 (13 self)
 Add to MetaCart
This paper presents the first efficient statistical zeroknowledge protocols to prove statements such as: A committed number is a pseudoprime.
LUC: A New Public Key System
"... We describe public key cryptosystems and analyse the RSA cryptosystem, pointing out a weakness (already known) of the RSA system. We define Lucas functions and derive some of their properties. Then we introduce a public key system based on Lucas functions instead of exponentiation. The computational ..."
Abstract

Cited by 31 (0 self)
 Add to MetaCart
We describe public key cryptosystems and analyse the RSA cryptosystem, pointing out a weakness (already known) of the RSA system. We define Lucas functions and derive some of their properties. Then we introduce a public key system based on Lucas functions instead of exponentiation. The computational requirements of the new system are only a little greater than those for the RSA system, and we prove that the new system is cryptographically stronger than the RSA system. Finally, we present a Lucas function equivalent of the DiffieHellman key negotiation method. Keyword Codes: E.3; K.4.2; K.6.5 Keywords: Data Encryption; Social Issues; Security and Protection 1. Public Key Encryption Publickey encryption was first discussed by Diffie and Hellman [1] as a general principle. The new concept which they introduced was the use of trapdoor functions for cryptography. A trapdoor function is a computable function whose inverse can be computed in a reasonable amount of time only if a (small) amou...
Finding Suitable Curves For The Elliptic Curve Method Of Factorization
 Math. Comp
, 1993
"... Using the parametrizations of Kubert, we show how to produce infinite families of elliptic curves which have prescribed nontrivial torsion over Q and rank at least one. These curves can be used to speed up the ECM factorization algorithm of Lenstra. We also briefly discuss curves with complex multip ..."
Abstract

Cited by 30 (2 self)
 Add to MetaCart
Using the parametrizations of Kubert, we show how to produce infinite families of elliptic curves which have prescribed nontrivial torsion over Q and rank at least one. These curves can be used to speed up the ECM factorization algorithm of Lenstra. We also briefly discuss curves with complex multiplication in this context. 1 Introduction 1.1 The ECM method of Lenstra [5] for finding a prime factor p of a number N uses a "random" elliptic curve E : y 2 = f(x) = x 3 + ax + b: If the number k of points on E modulo p is smooth, the method succeeds. Suyama [9] and Montgomery [7] developed infinite classes of curves E for which k has some prescribed small factors; on reasonable probabilistic assumptions (borne out in practice) this should lead to a slight improvement in the method. Specifically, Montgomery and Suyama each force a factor of 12 in k, and Montgomery forces a factor of 16 but only on the assumption that p is congruent to 1 modulo 4. In this paper, we show how to force a...
TorusBased Cryptography
 In Advances in Cryptology (CRYPTO 2003), Springer LNCS 2729
, 2003
"... We introduce cryptography based on algebraic tori, give a new public key system called CEILIDH, and compare it to other discrete log based systems including LUC and XTR. Like those systems, we obtain small key sizes. While LUC and XTR are essentially restricted to exponentiation, we are able to perf ..."
Abstract

Cited by 26 (2 self)
 Add to MetaCart
We introduce cryptography based on algebraic tori, give a new public key system called CEILIDH, and compare it to other discrete log based systems including LUC and XTR. Like those systems, we obtain small key sizes. While LUC and XTR are essentially restricted to exponentiation, we are able to perform multiplication as well. We also disprove the open conjectures from [2], and give a new algebrogeometric interpretation of the approach in that paper and of LUC and XTR.
20 years of ECM
 In Proceedings of the 7th Algorithmic Number Theory Symposium (ANTS VII
, 2006
"... Abstract. The Elliptic Curve Method for integer factorization (ECM) was invented by H. W. Lenstra, Jr., in 1985 [14]. In the past 20 years, many improvements of ECM were proposed on the mathematical, algorithmic, and implementation sides. This paper summarizes the current stateoftheart, as implem ..."
Abstract

Cited by 14 (1 self)
 Add to MetaCart
Abstract. The Elliptic Curve Method for integer factorization (ECM) was invented by H. W. Lenstra, Jr., in 1985 [14]. In the past 20 years, many improvements of ECM were proposed on the mathematical, algorithmic, and implementation sides. This paper summarizes the current stateoftheart, as implemented in the GMPECM software.
A Survey of Modern Integer Factorization Algorithms
 CWI Quarterly
, 1994
"... Introduction An integer n ? 1 is said to be a prime number (or simply prime) if the only divisors of n are \Sigma1 and \Sigman. There are infinitely many prime numbers, the first four being 2, 3, 5, and 7. If n ? 1 and n is not prime, then n is said to be composite. The integer 1 is neither prime ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
Introduction An integer n ? 1 is said to be a prime number (or simply prime) if the only divisors of n are \Sigma1 and \Sigman. There are infinitely many prime numbers, the first four being 2, 3, 5, and 7. If n ? 1 and n is not prime, then n is said to be composite. The integer 1 is neither prime nor composite. The Fundamental Theorem of Arithmetic states that every positive integer can be expressed as a finite (perhaps empty) product of prime numbers, and that this factorization is unique except for the ordering of the factors. Table 1.1 has some sample factorizations. 1990 = 2 \Delta 5 \Delta 199 1995 = 3 \Delta 5 \Delta 7 \Delta 19 2000 = 2 4 \Delta 5 3 2005 = 5 \Delta 401
Using Primitive Subgroups to Do More with Fewer Bits
, 2004
"... This paper gives a survey of some ways to improve the ef ciency of discrete logbased cryptography by using the restriction of scalars and the geometry and arithmetic of algebraic tori and abelian varieties. ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
This paper gives a survey of some ways to improve the ef ciency of discrete logbased cryptography by using the restriction of scalars and the geometry and arithmetic of algebraic tori and abelian varieties.
On using Carmichael numbers for public key encryption systems
, 1997
"... We show that the inadvertent use of a Carmichael number instead of a prime factor in the modulus of an RSA cryptosystem is likely to make the system fatally vulnerable, but that such numbers may be detected. ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We show that the inadvertent use of a Carmichael number instead of a prime factor in the modulus of an RSA cryptosystem is likely to make the system fatally vulnerable, but that such numbers may be detected.
Digital signature schemes based on Lucas functions
, 1995
"... In 1993 Lennon and Smith proposed to use Lucas functions instead of the exponentiation function as a oneway function in cryptographic mechanisms. Recently Smith and Skinner presented an ElGamal signature scheme based on Lucas functions. In this paper we point out the weakness in this approach and p ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
In 1993 Lennon and Smith proposed to use Lucas functions instead of the exponentiation function as a oneway function in cryptographic mechanisms. Recently Smith and Skinner presented an ElGamal signature scheme based on Lucas functions. In this paper we point out the weakness in this approach and present our version of an ElGamal signature scheme based on Lucas functions. Furthermore we outline how to apply the ideas of the MetaElGamal signature scheme to Lucas functions. As a result we get various new signature schemes. Unfortunately the new schemes are slightly less efficient than the schemes in finite fields and additionally  in contradiction to a conjecture by Smith and Skinner  the security of the schemes isn't increased: It can be proved that a variant of the signature schemes based on Lucas functions can be universally forged iff a related signature scheme in GF(p) can be universally forged.