Results 1  10
of
65
Guide to Elliptic Curve Cryptography
, 2004
"... Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves ..."
Abstract

Cited by 369 (17 self)
 Add to MetaCart
Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves also figured prominently in the recent proof of Fermat's Last Theorem by Andrew Wiles. Originally pursued for purely aesthetic reasons, elliptic curves have recently been utilized in devising algorithms for factoring integers, primality proving, and in publickey cryptography. In this article, we aim to give the reader an introduction to elliptic curve cryptosystems, and to demonstrate why these systems provide relatively small block sizes, highspeed software and hardware implementations, and offer the highest strengthperkeybit of any known publickey scheme.
Design and Analysis of Practical PublicKey Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack
 SIAM Journal on Computing
, 2001
"... A new public key encryption scheme, along with several variants, is proposed and analyzed. The scheme and its variants are quite practical, and are proved secure against adaptive chosen ciphertext attack under standard intractability assumptions. These appear to be the first publickey encryption sc ..."
Abstract

Cited by 189 (11 self)
 Add to MetaCart
A new public key encryption scheme, along with several variants, is proposed and analyzed. The scheme and its variants are quite practical, and are proved secure against adaptive chosen ciphertext attack under standard intractability assumptions. These appear to be the first publickey encryption schemes in the literature that are simultaneously practical and provably secure.
An algorithm for solving the discrete log problem on hyperelliptic curves
, 2000
"... Abstract. We present an indexcalculus algorithm for the computation of discrete logarithms in the Jacobian of hyperelliptic curves defined over finite fields. The complexity predicts that it is faster than the Rho method for genus greater than 4. To demonstrate the efficiency of our approach, we de ..."
Abstract

Cited by 78 (6 self)
 Add to MetaCart
Abstract. We present an indexcalculus algorithm for the computation of discrete logarithms in the Jacobian of hyperelliptic curves defined over finite fields. The complexity predicts that it is faster than the Rho method for genus greater than 4. To demonstrate the efficiency of our approach, we describe our breaking of a cryptosystem based on a curve of genus 6 recently proposed by Koblitz. 1
Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms
, 2001
"... The fundamental operation in elliptic curve cryptographic schemes is that of point multiplication of an elliptic curve point by an integer. This paper describes a new method for accelerating this operation on classes of elliptic curves that have efficientlycomputable endomorphisms. One advantage of ..."
Abstract

Cited by 68 (0 self)
 Add to MetaCart
The fundamental operation in elliptic curve cryptographic schemes is that of point multiplication of an elliptic curve point by an integer. This paper describes a new method for accelerating this operation on classes of elliptic curves that have efficientlycomputable endomorphisms. One advantage of the new method is that it is applicable to a larger class of curves than previous such methods.
Constructing Isogenies Between Elliptic Curves Over Finite Fields
 LMS J. Comput. Math
, 1999
"... Let E 1 and E 2 be ordinary elliptic curves over a finite field Fp such that #E1 (Fp ) = #E2 (Fp ). Tate's isogeny theorem states that there is an isogeny from E1 to E2 which is defined over Fp . The goal of this paper is to describe a probabilistic algorithm for constructing such an isogeny. ..."
Abstract

Cited by 31 (4 self)
 Add to MetaCart
Let E 1 and E 2 be ordinary elliptic curves over a finite field Fp such that #E1 (Fp ) = #E2 (Fp ). Tate's isogeny theorem states that there is an isogeny from E1 to E2 which is defined over Fp . The goal of this paper is to describe a probabilistic algorithm for constructing such an isogeny.
Analysis of the Weil Descent Attack of Gaudry, Hess and Smart
, 2000
"... . We analyze the Weil descent attack of Gaudry, Hess and Smart [12] on the elliptic curve discrete logarithm problem for elliptic curves dened over F2 n , where n is prime. 1 Introduction Let E be an elliptic curve dened over a nite eld F q . The elliptic curve discrete logarithm problem (ECDLP) ..."
Abstract

Cited by 30 (5 self)
 Add to MetaCart
. We analyze the Weil descent attack of Gaudry, Hess and Smart [12] on the elliptic curve discrete logarithm problem for elliptic curves dened over F2 n , where n is prime. 1 Introduction Let E be an elliptic curve dened over a nite eld F q . The elliptic curve discrete logarithm problem (ECDLP) in E(F q ) is the following: given E, P 2 E(F q ), r = ord(P ) and Q 2 hP i, nd the integer s 2 [0; r 1] such that Q = sP . The ECDLP is of interest because its apparent intractability forms the basis for the security of elliptic curve cryptographic schemes. The elliptic curve parameters have to be carefully chosen in order to circumvent some known attacks on the ECDLP. In order to avoid the PohligHellman [19] and Pollard's rho [20, 17] attacks, r should be a large prime number, say r > 2 160 . To avoid the Weil pairing [15] and Tate pairing [8] attacks, r should not divide q k 1 for each 1 k C, where C is large enough so that it is computationally infeasible to nd discrete ...
On the performance of hyperelliptic cryptosystems
, 1999
"... In this paper we discuss various aspects of cryptosystems based on hyperelliptic curves. In particular we cover the implementation of the group law on such curves and how to generate suitable curves for use in cryptography. This paper presents a practical comparison between the performance of ellip ..."
Abstract

Cited by 30 (5 self)
 Add to MetaCart
In this paper we discuss various aspects of cryptosystems based on hyperelliptic curves. In particular we cover the implementation of the group law on such curves and how to generate suitable curves for use in cryptography. This paper presents a practical comparison between the performance of elliptic curve based digital signature schemes and schemes based on hyperelliptic curves. We conclude that, at present, hyperelliptic curves offer no performance advantage over elliptic curves.
An Overview of Elliptic Curve Cryptography
, 2000
"... Elliptic curve cryptography (ECC) was introduced by Victor Miller and Neal Koblitz in 1985. ECC proposed as an alternative to established publickey systems such as DSA and RSA, have recently gained a lot attention in industry and academia. The main reason for the attractiveness of ECC is the fact t ..."
Abstract

Cited by 29 (2 self)
 Add to MetaCart
Elliptic curve cryptography (ECC) was introduced by Victor Miller and Neal Koblitz in 1985. ECC proposed as an alternative to established publickey systems such as DSA and RSA, have recently gained a lot attention in industry and academia. The main reason for the attractiveness of ECC is the fact that there is no subexponential algorithm known to solve the discrete logarithm problem on a properly chosen elliptic curve. This means that significantly smaller parameters can be used in ECC than in other competitive systems such RSA and DSA, but with equivalent levels of security. Some benefits of having smaller key sizes include faster computations, and reductions in processing power, storage space and bandwidth. This makes ECC ideal for constrained environments such as pagers, PDAs, cellular phones and smart cards. The implementation of ECC, on the other hand, requires several choices such as the type of the underlying finite field, algorithms for implementing the finite field arithmetic and so on. In this paper we give we presen an selective overview of the main methods.
Index Calculus for Abelian Varieties and the Elliptic Curve Discrete Logarithm Problem
, 2004
"... We propose an index calculus algorithm for the discrete logarithm problem on general abelian varieties. The main difference with the previous approaches is that we do not make use of any embedding into the Jacobian of a wellsuited curve. We apply this algorithm to the Weil restriction of elliptic c ..."
Abstract

Cited by 21 (2 self)
 Add to MetaCart
We propose an index calculus algorithm for the discrete logarithm problem on general abelian varieties. The main difference with the previous approaches is that we do not make use of any embedding into the Jacobian of a wellsuited curve. We apply this algorithm to the Weil restriction of elliptic curves and hyperelliptic curves over small degree extension fields. In particular, our attack can solve all elliptic curve discrete logarithm problems defined over F q 3 in time O(q ), with a reasonably small constant; and an elliptic problem over F q 4 or a genus 2 problem over F p 2 in time O(q ) with a larger constant.
Elliptic curves and related sequences
, 2003
"... A Somos 4 sequence is a sequence (hn) of rational numbers defined by the quadratic recursion hm+2 hm−2 = λ1 hm+1 hm−1 + λ2 h2 m for all m ∈ Z for some rational constants λ1, λ2. Elliptic divisibility sequences or EDSs are an important special case where λ1 = h2 2, λ2 = −h1 h3, the hn are integers ..."
Abstract

Cited by 19 (2 self)
 Add to MetaCart
A Somos 4 sequence is a sequence (hn) of rational numbers defined by the quadratic recursion hm+2 hm−2 = λ1 hm+1 hm−1 + λ2 h2 m for all m ∈ Z for some rational constants λ1, λ2. Elliptic divisibility sequences or EDSs are an important special case where λ1 = h2 2, λ2 = −h1 h3, the hn are integers and hn divides hm whenever n divides m. Somos (4) is the particular Somos 4 sequence whose coefficients λi and initial values are all 1. In this thesis we study the properties of EDSs and Somos 4 sequences reduced modulo a prime power pr. In chapter 2 we collect some results from number theory, and in chapter 3 we give a brief introduction to elliptic curves. In chapter 4 we introduce elliptic divisibility sequences, describe their relationship with elliptic curves, and outline what is known about the properties of an EDS modulo a prime power pr (work by Morgan Ward and Rachel Shipsey). In chapter 5 we extend the EDS “symmetry formulae ” of Ward and Shipsey