Results 1  10
of
21
Guide to Elliptic Curve Cryptography
, 2004
"... Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves ..."
Abstract

Cited by 369 (17 self)
 Add to MetaCart
Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves also figured prominently in the recent proof of Fermat's Last Theorem by Andrew Wiles. Originally pursued for purely aesthetic reasons, elliptic curves have recently been utilized in devising algorithms for factoring integers, primality proving, and in publickey cryptography. In this article, we aim to give the reader an introduction to elliptic curve cryptosystems, and to demonstrate why these systems provide relatively small block sizes, highspeed software and hardware implementations, and offer the highest strengthperkeybit of any known publickey scheme.
Elliptic Curves And Primality Proving
 Math. Comp
, 1993
"... The aim of this paper is to describe the theory and implementation of the Elliptic Curve Primality Proving algorithm. ..."
Abstract

Cited by 162 (22 self)
 Add to MetaCart
The aim of this paper is to describe the theory and implementation of the Elliptic Curve Primality Proving algorithm.
Constructing hyperelliptic curves of genus 2 suitable for cryptography
 Math. Comp
, 2003
"... Abstract. In this article we show how to generalize the CMmethod for elliptic curves to genus two. We describe the algorithm in detail and discuss the results of our implementation. 1. ..."
Abstract

Cited by 29 (2 self)
 Add to MetaCart
Abstract. In this article we show how to generalize the CMmethod for elliptic curves to genus two. We describe the algorithm in detail and discuss the results of our implementation. 1.
Fast Generation of Prime Numbers and Secure PublicKey Cryptographic Parameters
, 1995
"... A very efficient recursive algorithm for generating nearly random provable primes is presented. The expected time for generating a prime is only slightly greater than the expected time required for generating a pseudoprime of the same size that passes the MillerRabin test for only one base. The ..."
Abstract

Cited by 21 (0 self)
 Add to MetaCart
A very efficient recursive algorithm for generating nearly random provable primes is presented. The expected time for generating a prime is only slightly greater than the expected time required for generating a pseudoprime of the same size that passes the MillerRabin test for only one base. Therefore our algorithm is even faster than presentlyused algorithms for generating only pseudoprimes because several MillerRabin tests with independent bases must be applied for achieving a sufficient confidence level. Heuristic arguments suggest that the generated primes are close to uniformly distributed over the set of primes in the specified interval. Security constraints on the prime parameters of certain cryptographic systems are discussed, and in particular a detailed analysis of the iterated encryption attack on the RSA publickey cryptosystem is presented. The prime generation algorithm can easily be modified to generate nearly random primes or RSAmoduli that satisfy t...
Constructing Elliptic Curve Cryptosystems in Characteristic 2
, 1998
"... Since the group of an elliptic curve defined over a finite field F_q... The purpose of this paper is to describe how one can search for suitable elliptic curves with random coefficients using Schoof's algorithm. We treat the important special case of characteristic 2, where one has certain simplific ..."
Abstract

Cited by 17 (1 self)
 Add to MetaCart
Since the group of an elliptic curve defined over a finite field F_q... The purpose of this paper is to describe how one can search for suitable elliptic curves with random coefficients using Schoof's algorithm. We treat the important special case of characteristic 2, where one has certain simplifications in some of the algorithms.
Cyclicity of elliptic curves modulo p and elliptic curve analogues of Linnik’s problem
, 2001
"... 1 Let E be an elliptic curve defined over Q and of conductor N. For a prime p ∤ N, we denote by E the reduction of E modulo p. We obtain an asymptotic formula for the number of primes p ≤ x for which E(Fp) is cyclic, assuming a certain generalized Riemann hypothesis. The error terms that we get are ..."
Abstract

Cited by 14 (3 self)
 Add to MetaCart
1 Let E be an elliptic curve defined over Q and of conductor N. For a prime p ∤ N, we denote by E the reduction of E modulo p. We obtain an asymptotic formula for the number of primes p ≤ x for which E(Fp) is cyclic, assuming a certain generalized Riemann hypothesis. The error terms that we get are substantial improvements of earlier work of J.P. Serre and M. Ram Murty. We also consider the problem of finding the size of the smallest prime p = pE for which the group E(Fp) is cyclic and we show that, under the generalized Riemann hypothesis, pE = O � (log N) 4+ε � if E is without complex multiplication, and pE = O � (log N) 2+ε � if E is with complex multiplication, for any 0 < ε < 1. 1
The Probability That The Number Of Points On An Elliptic Curve Over A Finite Field Is Prime
 Journal of the London Mathematical Society
"... . The paper gives a formula for the probability that a randomly chosen elliptic curve over a nite eld has a prime number of points. Two heuristic arguments in support of the formula are given as well as experimental evidence. The paper also gives a formula for the probability that a randomly chosen ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
. The paper gives a formula for the probability that a randomly chosen elliptic curve over a nite eld has a prime number of points. Two heuristic arguments in support of the formula are given as well as experimental evidence. The paper also gives a formula for the probability that a randomly chosen elliptic curve over a nite eld has kq points where k is a small number and where q is a prime. 1. Introduction Cryptographic and computational applications have recently motivated the study of several questions in the theory of elliptic curves over nite elds. For instance, the analysis of the elliptic curve factoring method leads to estimates ([7], [8]) for the probability that the number of points on an elliptic curve is smooth. In this paper, motivated by the use of elliptic curves in public key cryptosystems, we consider the \opposite" problem. More specically, we ask the question: What is the probability that a randomly chosen elliptic curve over F p has kq points, where k is sm...
Implementation Of The AtkinGoldwasserKilian Primality Testing Algorithm
 Rapport de Recherche 911, INRIA, Octobre
, 1988
"... . We describe a primality testing algorithm, due essentially to Atkin, that uses elliptic curves over finite fields and the theory of complex multiplication. In particular, we explain how the use of class fields and genus fields can speed up certain phases of the algorithm. We sketch the actual impl ..."
Abstract

Cited by 9 (7 self)
 Add to MetaCart
. We describe a primality testing algorithm, due essentially to Atkin, that uses elliptic curves over finite fields and the theory of complex multiplication. In particular, we explain how the use of class fields and genus fields can speed up certain phases of the algorithm. We sketch the actual implementation of this test and its use on testing large primes, the records being two numbers of more than 550 decimal digits. Finally, we give a precise answer to the question of the reliability of our computations, providing a certificate of primality for a prime number. IMPLEMENTATION DU TEST DE PRIMALITE D' ATKIN, GOLDWASSER, ET KILIAN R'esum'e. Nous d'ecrivons un algorithme de primalit'e, principalement du `a Atkin, qui utilise les propri'et'es des courbes elliptiques sur les corps finis et la th'eorie de la multiplication complexe. En particulier, nous expliquons comment l'utilisation du corps de classe et du corps de genre permet d'acc'el'erer les calculs. Nous esquissons l'impl'ementati...
Average twin prime conjecture for elliptic curves
, 2007
"... Let E be an elliptic curve over Q. In 1988, Koblitz conjectured a precise asymptotic for the number of primes p up to x such that the order of the group of points of E over Fp is prime. This is an analogue of the Hardy and Littlewood twin prime conjecture in the case of elliptic curves. Koblitz’s co ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
Let E be an elliptic curve over Q. In 1988, Koblitz conjectured a precise asymptotic for the number of primes p up to x such that the order of the group of points of E over Fp is prime. This is an analogue of the Hardy and Littlewood twin prime conjecture in the case of elliptic curves. Koblitz’s conjecture is still widely open. In this paper we prove that Koblitz’s conjecture is true on average over a twoparameter family of elliptic curves. One of the key ingredients in the proof is a short average distribution result in the style of BarbanDavenportHalberstam,
Generating Elliptic Curves of Prime Order
 in Cryptographic Hardware and Embedded Systems – CHES 2001, LNCS
, 2001
"... Abstract. Avariation of the Complex Multiplication (CM) method for generating elliptic curves of known order over finite fields is proposed. We give heuristics and timing statistics in the mildly restricted setting of prime curve order. These may be seen to corroborate earlier work of Koblitz in the ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
Abstract. Avariation of the Complex Multiplication (CM) method for generating elliptic curves of known order over finite fields is proposed. We give heuristics and timing statistics in the mildly restricted setting of prime curve order. These may be seen to corroborate earlier work of Koblitz in the class number one setting. Our heuristics are based upon a recent conjecture by R. Gross and J. Smith on numbers of twin primes in algebraic number fields. Our variation precalculates class polynomials as a separate offline process. Unlike the standard approach, which begins with a prime p and searches for an appropriate discriminant D, we choose a discriminant and then search for appropriate primes. Our online process is quick and can be compactly coded. In practice, elliptic curves with near prime order are used. Thus, our timing estimates and data can be regarded as upper estimates for practical purposes. 1