Results 1  10
of
37
The Elliptic Curve Digital Signature Algorithm (ECDSA)
, 1999
"... The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the Digital Signature Algorithm (DSA). It was accepted in 1999 as an ANSI standard, and was accepted in 2000 as IEEE and NIST standards. It was also accepted in 1998 as an ISO standard, and is under consideratio ..."
Abstract

Cited by 104 (5 self)
 Add to MetaCart
The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the Digital Signature Algorithm (DSA). It was accepted in 1999 as an ANSI standard, and was accepted in 2000 as IEEE and NIST standards. It was also accepted in 1998 as an ISO standard, and is under consideration for inclusion in some other ISO standards. Unlike the ordinary discrete logarithm problem and the integer factorization problem, no subexponentialtime algorithm is known for the elliptic curve discrete logarithm problem. For this reason, the strengthperkeybit is substantially greater in an algorithm that uses elliptic curves. This paper describes the ANSI X9.62 ECDSA, and discusses related security, implementation, and interoperability issues. Keywords: Signature schemes, elliptic curve cryptography, DSA, ECDSA.
Separating Decision DiffieHellman from DiffieHellman in cryptographic groups
, 2001
"... In many cases, the security of a cryptographic scheme based on DiffieHellman does in fact rely on the hardness of... ..."
Abstract

Cited by 65 (0 self)
 Add to MetaCart
In many cases, the security of a cryptographic scheme based on DiffieHellman does in fact rely on the hardness of...
Constructing Elliptic Curves with Prescribed Embedding Degrees
, 2002
"... Pairingbased cryptosystems depend on the existence of groups where the Decision DiffieHellman problem is easy to solve, but the Computational DiffieHellman problem is hard. Such is the case of elliptic curve groups whose embedding degree is large enough to maintain a good security level, but smal ..."
Abstract

Cited by 52 (16 self)
 Add to MetaCart
Pairingbased cryptosystems depend on the existence of groups where the Decision DiffieHellman problem is easy to solve, but the Computational DiffieHellman problem is hard. Such is the case of elliptic curve groups whose embedding degree is large enough to maintain a good security level, but small enough for arithmetic operations to be feasible. However, the embedding degree is usually enormous, and the scarce previously known suitable elliptic groups had embedding degree k <= 6. In this note, we examine criteria for curves with larger k that generalize prior work by Miyaji et al. based on the properties of cyclotomic polynomials, and propose efficient representations for the underlying algebraic structures.
Authenticated IDbased key exchange and remote login with insecure token and PIN number. Cryptology ePrint Archive, Report 2002/164
, 2002
"... Abstract. Authenticated key exchange protocols tend to be either token based or password based. Token based schemes are often based on expensive (and irreplaceable) smartcard tokens, while passwordonly schemes require that a unique password is shared between every pair of correspondents. The magne ..."
Abstract

Cited by 45 (1 self)
 Add to MetaCart
Abstract. Authenticated key exchange protocols tend to be either token based or password based. Token based schemes are often based on expensive (and irreplaceable) smartcard tokens, while passwordonly schemes require that a unique password is shared between every pair of correspondents. The magnetic strip swipe card and associated PIN number is a familiar and convenient format that motivates a combined “twofactor ” approach. Finally we suggest an extension of the scheme for use in a clientserver scenario.
The Relationship Between Breaking the DiffieHellman Protocol and Computing Discrete Logarithms
, 1998
"... Both uniform and nonuniform results concerning the security of the DiffieHellman keyexchange protocol are proved. First, it is shown that in a cyclic group G of order jGj = Q p e i i , where all the multiple prime factors of jGj are polynomial in log jGj, there exists an algorithm that re ..."
Abstract

Cited by 37 (3 self)
 Add to MetaCart
Both uniform and nonuniform results concerning the security of the DiffieHellman keyexchange protocol are proved. First, it is shown that in a cyclic group G of order jGj = Q p e i i , where all the multiple prime factors of jGj are polynomial in log jGj, there exists an algorithm that reduces the computation of discrete logarithms in G to breaking the DiffieHellman protocol in G and has complexity p maxf(p i )g \Delta (log jGj) O(1) , where (p) stands for the minimum of the set of largest prime factors of all the numbers d in the interval [p \Gamma 2 p p+1; p+2 p p+ 1]. Under the unproven but plausible assumption that (p) is polynomial in log p, this reduction implies that the DiffieHellman problem and the discrete logarithm problem are polynomialtime equivalent in G. Second, it is proved that the DiffieHellman problem and the discrete logarithm problem are equivalent in a uniform sense for groups whose orders belong to certain classes: there exists a p...
DiffieHellman Oracles
 ADVANCES IN CRYPTOLOGY  CRYPTO '96 , LECTURE NOTES IN COMPUTER SCIENCE
, 1996
"... This paper consists of three parts. First, various types of DiffieHellman oracles for a cyclic group G and subgroups of G are defined and their equivalence is proved. In particular, the security of using a subgroup of G instead of G in the DiffieHellman protocol is investigated. Second, we derive ..."
Abstract

Cited by 34 (3 self)
 Add to MetaCart
This paper consists of three parts. First, various types of DiffieHellman oracles for a cyclic group G and subgroups of G are defined and their equivalence is proved. In particular, the security of using a subgroup of G instead of G in the DiffieHellman protocol is investigated. Second, we derive several new conditions for the polynomialtime equivalence of breaking the DiffieHellman protocol and computing discrete logarithms in G which extend former results by den Boer and Maurer. Finally, efficient constructions of DiffieHellman groups with provable equivalence are described.
Constructing Isogenies Between Elliptic Curves Over Finite Fields
 LMS J. Comput. Math
, 1999
"... Let E 1 and E 2 be ordinary elliptic curves over a finite field Fp such that #E1 (Fp ) = #E2 (Fp ). Tate's isogeny theorem states that there is an isogeny from E1 to E2 which is defined over Fp . The goal of this paper is to describe a probabilistic algorithm for constructing such an isogeny. ..."
Abstract

Cited by 30 (3 self)
 Add to MetaCart
Let E 1 and E 2 be ordinary elliptic curves over a finite field Fp such that #E1 (Fp ) = #E2 (Fp ). Tate's isogeny theorem states that there is an isogeny from E1 to E2 which is defined over Fp . The goal of this paper is to describe a probabilistic algorithm for constructing such an isogeny.
The DiffieHellman Protocol
 DESIGNS, CODES, AND CRYPTOGRAPHY
, 1999
"... The 1976 seminal paper of Diffie and Hellman is a landmark in the history of cryptography. They introduced the fundamental concepts of a trapdoor oneway function, a publickey cryptosystem, and a digital signature scheme. Moreover, they presented a protocol, the socalled DiffieHellman protoco ..."
Abstract

Cited by 26 (0 self)
 Add to MetaCart
The 1976 seminal paper of Diffie and Hellman is a landmark in the history of cryptography. They introduced the fundamental concepts of a trapdoor oneway function, a publickey cryptosystem, and a digital signature scheme. Moreover, they presented a protocol, the socalled DiffieHellman protocol, allowing two parties who share no secret information initially, to generate a mutual secret key. This paper summarizes the present knowledge on the security of this protocol.
Computing Hilbert class polynomials with the Chinese Remainder Theorem
, 2010
"... We present a spaceefficient algorithm to compute the Hilbert class polynomial HD(X) modulo a positive integer P, based on an explicit form of the Chinese Remainder Theorem. Under the Generalized Riemann Hypothesis, the algorithm uses O(D  1/2+ɛ log P) space and has an expected running time of O ..."
Abstract

Cited by 18 (1 self)
 Add to MetaCart
We present a spaceefficient algorithm to compute the Hilbert class polynomial HD(X) modulo a positive integer P, based on an explicit form of the Chinese Remainder Theorem. Under the Generalized Riemann Hypothesis, the algorithm uses O(D  1/2+ɛ log P) space and has an expected running time of O(D  1+ɛ). We describe practical optimizations that allow us to handle larger discriminants than other methods, with D  as large as 1013 and h(D) up to 106. We apply these results to construct pairingfriendly elliptic curves of prime order, using the CM method.
Efficient Construction of Cryptographically Strong Elliptic Curves
"... We present a very efficient algorithm which given a negative integer , 1 mod 8, not divisible by 3, finds a prime number p and a cryptographically strong elliptic curve E over the prime field F p whose endomorphism ring is the quadratic order O of discriminant . If the class number of O is 200, then ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
We present a very efficient algorithm which given a negative integer , 1 mod 8, not divisible by 3, finds a prime number p and a cryptographically strong elliptic curve E over the prime field F p whose endomorphism ring is the quadratic order O of discriminant . If the class number of O is 200, then the running time is about half a minute on a SUN UltraSPARCIIi.