Results 1  10
of
18
Curve25519: new DiffieHellman speed records
 In Public Key Cryptography (PKC), SpringerVerlag LNCS 3958
, 2006
"... Abstract. This paper explains the design and implementation of a highsecurity ellipticcurveDiffieHellman function achieving recordsetting speeds: e.g., 832457 Pentium III cycles (with several side benefits: free key compression, free key validation, and stateoftheart timingattack protection) ..."
Abstract

Cited by 58 (20 self)
 Add to MetaCart
Abstract. This paper explains the design and implementation of a highsecurity ellipticcurveDiffieHellman function achieving recordsetting speeds: e.g., 832457 Pentium III cycles (with several side benefits: free key compression, free key validation, and stateoftheart timingattack protection), more than twice as fast as other authors ’ results at the same conjectured security level (with or without the side benefits). 1
Reconciling cooperation with confidentiality in multiprovider distributed systems
, 2004
"... Cooperation and competition are opposing forces in MultiProvider Distributed Systems (MPDSs) such as the Internet routing infrastructure. Often, competitive needs cause providers to keep certain information confidential thereby hindering cooperation and leading to undesirable behavior. For instance ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
Cooperation and competition are opposing forces in MultiProvider Distributed Systems (MPDSs) such as the Internet routing infrastructure. Often, competitive needs cause providers to keep certain information confidential thereby hindering cooperation and leading to undesirable behavior. For instance, recent work has shown that lack of interdomain cooperation in performing intradomain routing changes may cause more congestion. We argue that MPDSs should be designed with mechanisms that enable cooperation without violating confidentiality requirements. We illustrate this design principle by developing such mechanisms to solve wellknown problems in the most successful MPDS, interdomain routing. We also briefly discuss the need for such mechanisms in MPDSs for content distribution and policybased resource allocation. Our mechanisms leverage secure multiparty computation primitives. 1
Slope Packings and Coverings, and Generic Algorithms for the Discrete Logarithm Problem
, 2001
"... We consider the set of slopes of lines formed by joining all pairs of points in some subset S of a Desarguesian ane plane of prime order p. If all the slopes are distinct and noninnite, we have a slope packing; if every possible noninnite slope occurs, then we have a slope covering. We review and ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
We consider the set of slopes of lines formed by joining all pairs of points in some subset S of a Desarguesian ane plane of prime order p. If all the slopes are distinct and noninnite, we have a slope packing; if every possible noninnite slope occurs, then we have a slope covering. We review and unify some results on these problems that can be derived from the study of Sidon sets and sum covers. Then we report some computational results we have obtained for small values of p. Finally, we point out some connections between slope packings and coverings and generic algorithms for the discrete logarithm problem in prime order (sub)groups. Our results provide a combinatorial characterization of such algorithms, in the sense that any generic algorithm implies the existence of a certain slope packing or covering, and conversely. 1
Near Optimal Bounds for Collision in Pollard Rho for Discrete Log
 Proc. of the 48th Annual Symposium on Foundations of Computer Science (FOCS
, 2007
"... We analyze a fairly standard idealization of Pollard’s Rho algorithm for finding the discrete logarithm in a cyclic group G. It is found that, with high probability, a collision occurs in O ( � G  log G  log log G) steps, not far from the widely conjectured value of Θ ( � G). This improves ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
We analyze a fairly standard idealization of Pollard’s Rho algorithm for finding the discrete logarithm in a cyclic group G. It is found that, with high probability, a collision occurs in O ( � G  log G  log log G) steps, not far from the widely conjectured value of Θ ( � G). This improves upon a recent result of Miller–Venkatesan which showed an upper bound of O ( � G  log 3 G). Our proof is based on analyzing an appropriate nonreversible, nonlazy random walk on a discrete cycle of (odd) length G, and showing that the mixing time of the corresponding walk is O(log G  log log G). 1
How Long Does it Take to Catch a Wild Kangaroo?
"... The discrete logarithm problem asks to solve for the exponent x, given the generator g of a cyclic group G and an element h ∈ G such that g x = h. We give the first rigorous proof that Pollard’s Kangaroo method finds the discrete logarithm in expected time (3+o(1)) √ b − a for the worst value of x ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
The discrete logarithm problem asks to solve for the exponent x, given the generator g of a cyclic group G and an element h ∈ G such that g x = h. We give the first rigorous proof that Pollard’s Kangaroo method finds the discrete logarithm in expected time (3+o(1)) √ b − a for the worst value of x ∈ [a, b], and (2 + o(1)) √ b − a when x ∈uar [a, b]. This matches the conjectured time complexity and, rare among the analysis of algorithms based on Markov chains, even the lead constants 2 and 3 are correct.
Mobile privacy in wireless networks revisited,” Manuscript under submission
, 2006
"... Abstract — With the widespread use of mobile devices, the privacy of mobile location information becomes an important issue. In this paper, we present the requirements on protecting mobile privacy in wireless networks, and identify the privacy weakness of the third generation partnership project au ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract — With the widespread use of mobile devices, the privacy of mobile location information becomes an important issue. In this paper, we present the requirements on protecting mobile privacy in wireless networks, and identify the privacy weakness of the third generation partnership project authentication and key agreement (3GPPAKA) by showing a practical attack to it. We then propose a scheme that meets these requirements, and this scheme does not introduce security vulnerability to the underlying authentication scheme. Another feature of the proposed scheme is that on each use of wireless channel, it uses a onetime alias to conceal the real identity of the mobile station with respect to both eavesdroppers and visited (honest or false) location registers. Moreover, the proposed scheme achieves this goal of identity concealment without sacrificing authentication efficiency. Index Terms — mobile privacy, mobile authentication, user untraceability, onetime alias, 3GPPAKA, elliptic curve cryptosystems. I.
for collision in the Pollard Rho Algorithm for Discrete Logarithm
, 712
"... chains, with an optimal bound ..."
complex variable, International Series in Pure and Applied Mathematics.
"... edition, 1978. An introduction to the theory of analytic functions of one ..."
Abstract
 Add to MetaCart
edition, 1978. An introduction to the theory of analytic functions of one
1976. Undergraduate Texts in Mathematics.
"... [2] D. Abramovich. Formal finiteness and the torsion conjecture on elliptic curves. A footnote to a paper: “Rational torsion of prime order in elliptic curves over number fields” [Astérisque No. 228 (1995), 3, 81–100] by S. Kamienny and B. Mazur. Astérisque, ..."
Abstract
 Add to MetaCart
[2] D. Abramovich. Formal finiteness and the torsion conjecture on elliptic curves. A footnote to a paper: “Rational torsion of prime order in elliptic curves over number fields” [Astérisque No. 228 (1995), 3, 81–100] by S. Kamienny and B. Mazur. Astérisque,
Applications of Frobenius Expansions in Elliptic Curve Cryptography
, 2008
"... These doctoral studies were conducted under the supervision of Professor ..."