Results 1 
2 of
2
Security of an IdentityBased Cryptosystem and the Related Reductions
 In Advances in Cryptology, Eurocrypt'98, LNCS 1403
, 1998
"... Abstract. Recently an efficient solution to the discrete logarithm problem on elliptic curves over F, with p points (p: prime), socalled anornalous curues, was independently discovered by Semaev [14], Smart [17], and Satoh and Araki [12]. Since the solution is very efficient, i.e., 0(lpl3), the S ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
Abstract. Recently an efficient solution to the discrete logarithm problem on elliptic curves over F, with p points (p: prime), socalled anornalous curues, was independently discovered by Semaev [14], Smart [17], and Satoh and Araki [12]. Since the solution is very efficient, i.e., 0(lpl3), the SemaevSmartSatohAraki (SSSA) algorithm implies the possibility of realizing a trapdoor for the discrete logarithm problem, and we have tried to utilize the SSSA algorithm for constructing a cryptographic scheme. One of our trials was to realize an identitybased cryptosystem (keydistribution) which has been proven to be as secure as a primitive problem, called the DiffieHellman problem on an elliptic curve over Z/nZ (n = pq, p and q are primes) where Ep and E, are anomalous curves (anomalous EnDiffieHellman problem). Unfortunately we have found that the anomalous EnDiffieHellman problem is not secure (namely, our scheme is not secure). First, this paper introduces our trial of realizing an identitybased cryptosystem based on the SSSA algorithm, and then shows why the anomalous EnDiffieHellman problem is not secure. In addition, we generalize the observation of our breaking algorithm and present reductions of factoring n to computing the order ’ of an elliptic curve over Z/nZ. (These reductions roughly imply the equivalence of intractability between factoring and computing elliptic curve’s order.) The algorithm of breaking our identitybased cryptosystem is considered to be a special case of these reductions, and the essential reason why our system was broken can be clarified through these reductions: En in our system is a very specific curve such that the order of En (i.e., n) is trivially known.
ECC: Do We Need to Count?
, 1999
"... A prohibitive barrier faced by elliptic curve users is the difficulty of computing the curves' cardinalities. Despite recent theoretical breakthroughs, point counting still remains very cumbersome and intensively time consuming. ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
A prohibitive barrier faced by elliptic curve users is the difficulty of computing the curves' cardinalities. Despite recent theoretical breakthroughs, point counting still remains very cumbersome and intensively time consuming.