Results 1  10
of
38
Guide to Elliptic Curve Cryptography
, 2004
"... Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves ..."
Abstract

Cited by 593 (18 self)
 Add to MetaCart
(Show Context)
Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves also figured prominently in the recent proof of Fermat's Last Theorem by Andrew Wiles. Originally pursued for purely aesthetic reasons, elliptic curves have recently been utilized in devising algorithms for factoring integers, primality proving, and in publickey cryptography. In this article, we aim to give the reader an introduction to elliptic curve cryptosystems, and to demonstrate why these systems provide relatively small block sizes, highspeed software and hardware implementations, and offer the highest strengthperkeybit of any known publickey scheme.
Elliptic Curves And Primality Proving
 Math. Comp
, 1993
"... The aim of this paper is to describe the theory and implementation of the Elliptic Curve Primality Proving algorithm. ..."
Abstract

Cited by 201 (22 self)
 Add to MetaCart
(Show Context)
The aim of this paper is to describe the theory and implementation of the Elliptic Curve Primality Proving algorithm.
Constructing hyperelliptic curves of genus 2 suitable for cryptography
 Math. Comp
, 2003
"... Abstract. In this article we show how to generalize the CMmethod for elliptic curves to genus two. We describe the algorithm in detail and discuss the results of our implementation. 1. ..."
Abstract

Cited by 39 (2 self)
 Add to MetaCart
(Show Context)
Abstract. In this article we show how to generalize the CMmethod for elliptic curves to genus two. We describe the algorithm in detail and discuss the results of our implementation. 1.
Fast Generation of Prime Numbers and Secure PublicKey Cryptographic Parameters
, 1995
"... A very efficient recursive algorithm for generating nearly random provable primes is presented. The expected time for generating a prime is only slightly greater than the expected time required for generating a pseudoprime of the same size that passes the MillerRabin test for only one base. The ..."
Abstract

Cited by 29 (0 self)
 Add to MetaCart
(Show Context)
A very efficient recursive algorithm for generating nearly random provable primes is presented. The expected time for generating a prime is only slightly greater than the expected time required for generating a pseudoprime of the same size that passes the MillerRabin test for only one base. Therefore our algorithm is even faster than presentlyused algorithms for generating only pseudoprimes because several MillerRabin tests with independent bases must be applied for achieving a sufficient confidence level. Heuristic arguments suggest that the generated primes are close to uniformly distributed over the set of primes in the specified interval. Security constraints on the prime parameters of certain cryptographic systems are discussed, and in particular a detailed analysis of the iterated encryption attack on the RSA publickey cryptosystem is presented. The prime generation algorithm can easily be modified to generate nearly random primes or RSAmoduli that satisfy t...
Cyclicity of elliptic curves modulo p and elliptic curve analogues of Linnik’s problem
, 2001
"... 1 Let E be an elliptic curve defined over Q and of conductor N. For a prime p ∤ N, we denote by E the reduction of E modulo p. We obtain an asymptotic formula for the number of primes p ≤ x for which E(Fp) is cyclic, assuming a certain generalized Riemann hypothesis. The error terms that we get are ..."
Abstract

Cited by 26 (3 self)
 Add to MetaCart
(Show Context)
1 Let E be an elliptic curve defined over Q and of conductor N. For a prime p ∤ N, we denote by E the reduction of E modulo p. We obtain an asymptotic formula for the number of primes p ≤ x for which E(Fp) is cyclic, assuming a certain generalized Riemann hypothesis. The error terms that we get are substantial improvements of earlier work of J.P. Serre and M. Ram Murty. We also consider the problem of finding the size of the smallest prime p = pE for which the group E(Fp) is cyclic and we show that, under the generalized Riemann hypothesis, pE = O � (log N) 4+ε � if E is without complex multiplication, and pE = O � (log N) 2+ε � if E is with complex multiplication, for any 0 < ε < 1. 1
Constructing Elliptic Curve Cryptosystems in Characteristic 2
, 1998
"... Since the group of an elliptic curve defined over a finite field F_q... The purpose of this paper is to describe how one can search for suitable elliptic curves with random coefficients using Schoof's algorithm. We treat the important special case of characteristic 2, where one has certain simp ..."
Abstract

Cited by 21 (1 self)
 Add to MetaCart
(Show Context)
Since the group of an elliptic curve defined over a finite field F_q... The purpose of this paper is to describe how one can search for suitable elliptic curves with random coefficients using Schoof's algorithm. We treat the important special case of characteristic 2, where one has certain simplifications in some of the algorithms.
Average twin prime conjecture for elliptic curves
, 2007
"... Let E be an elliptic curve over Q. In 1988, Koblitz conjectured a precise asymptotic for the number of primes p up to x such that the order of the group of points of E over Fp is prime. This is an analogue of the Hardy and Littlewood twin prime conjecture in the case of elliptic curves. Koblitz’s co ..."
Abstract

Cited by 21 (7 self)
 Add to MetaCart
(Show Context)
Let E be an elliptic curve over Q. In 1988, Koblitz conjectured a precise asymptotic for the number of primes p up to x such that the order of the group of points of E over Fp is prime. This is an analogue of the Hardy and Littlewood twin prime conjecture in the case of elliptic curves. Koblitz’s conjecture is still widely open. In this paper we prove that Koblitz’s conjecture is true on average over a twoparameter family of elliptic curves. One of the key ingredients in the proof is a short average distribution result in the style of BarbanDavenportHalberstam,
Finding Good Random Elliptic Curves for Cryptosystems Defined over ...
 Advances in Cryptology { EUROCRYPT '97
, 1997
"... . One of the main difficulties for implementing cryptographic schemes based on elliptic curves defined over finite fields is the necessary computation of the cardinality of these curves. In the case of finite fields IF2 n , recent theoretical breakthroughs yield a significant speed up of the comput ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
(Show Context)
. One of the main difficulties for implementing cryptographic schemes based on elliptic curves defined over finite fields is the necessary computation of the cardinality of these curves. In the case of finite fields IF2 n , recent theoretical breakthroughs yield a significant speed up of the computations. Once described some of these ideas in the first part of this paper, we show that our current implementation runs from 2 up to 10 times faster than what was done previously. In the second part, we exhibit a slight change of Schoof's algorithm to choose curves with a number of points "nearly" prime and so construct cryptosystems based on random elliptic curves instead of specific curves as it used to be. 1 Introduction It is well known that the discrete logarithm problem is hard on elliptic curves defined over finite fields IF q . This is due to the fact that the only known attacks (baby steps giant steps [Sha71], Pollard ae [Pol78] and PohligHellman [PH78] methods) are still exponen...
The Probability That The Number Of Points On An Elliptic Curve Over A Finite Field Is Prime
 Journal of the London Mathematical Society
"... . The paper gives a formula for the probability that a randomly chosen elliptic curve over a nite eld has a prime number of points. Two heuristic arguments in support of the formula are given as well as experimental evidence. The paper also gives a formula for the probability that a randomly chosen ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
(Show Context)
. The paper gives a formula for the probability that a randomly chosen elliptic curve over a nite eld has a prime number of points. Two heuristic arguments in support of the formula are given as well as experimental evidence. The paper also gives a formula for the probability that a randomly chosen elliptic curve over a nite eld has kq points where k is a small number and where q is a prime. 1. Introduction Cryptographic and computational applications have recently motivated the study of several questions in the theory of elliptic curves over nite elds. For instance, the analysis of the elliptic curve factoring method leads to estimates ([7], [8]) for the probability that the number of points on an elliptic curve is smooth. In this paper, motivated by the use of elliptic curves in public key cryptosystems, we consider the \opposite" problem. More specically, we ask the question: What is the probability that a randomly chosen elliptic curve over F p has kq points, where k is sm...
GEOMETRY AND ARITHMETIC OF VERBAL DYNAMICAL SYSTEMS ON SIMPLE GROUPS
, 809
"... Abstract. We study dynamical systems arising from word maps on simple groups. We develop a geometric method based on the classical trace map for investigating periodic points of such systems. These results lead to a new approach to the search of Engellike sequences of words in two variables which c ..."
Abstract

Cited by 10 (5 self)
 Add to MetaCart
(Show Context)
Abstract. We study dynamical systems arising from word maps on simple groups. We develop a geometric method based on the classical trace map for investigating periodic points of such systems. These results lead to a new approach to the search of Engellike sequences of words in two variables which characterize finite solvable groups. They also give rise to some new phenomena and concepts in the arithmetic of dynamical systems. �1 Contents