Results 1 
5 of
5
Short signatures from the Weil pairing
, 2001
"... Abstract. We introduce a short signature scheme based on the Computational DiffieHellman assumption on certain elliptic and hyperelliptic curves. The signature length is half the size of a DSA signature for a similar level of security. Our short signature scheme is designed for systems where signa ..."
Abstract

Cited by 560 (31 self)
 Add to MetaCart
Abstract. We introduce a short signature scheme based on the Computational DiffieHellman assumption on certain elliptic and hyperelliptic curves. The signature length is half the size of a DSA signature for a similar level of security. Our short signature scheme is designed for systems where signatures are typed in by a human or signatures are sent over a lowbandwidth channel. 1
Smooth Orders and Cryptographic Applications
 Lecture Notes in Comptuer Science
, 2002
"... We obtain rigorous upper bounds on the number of primes x for which p1 is smooth or has a large smooth factor. Conjecturally these bounds are nearly tight. As a corollary, we show that for almost all primes p the multiplicative order of 2 modulo p is not smooth, and we prove a similar but weaker re ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
We obtain rigorous upper bounds on the number of primes x for which p1 is smooth or has a large smooth factor. Conjecturally these bounds are nearly tight. As a corollary, we show that for almost all primes p the multiplicative order of 2 modulo p is not smooth, and we prove a similar but weaker result for almost all odd numbers n. We also discuss some cryptographic applications.
Linear Complexity of the Discrete Logarithm
, 2002
"... We obtain new lower bounds on the linear complexity of several consecutive values of the discrete logarithm modulo a prime p. These bounds generalize and improve several previous results. Keywords: Discrete logarithm, Linear recurrence sequences, Linear complexity 1 1 ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We obtain new lower bounds on the linear complexity of several consecutive values of the discrete logarithm modulo a prime p. These bounds generalize and improve several previous results. Keywords: Discrete logarithm, Linear recurrence sequences, Linear complexity 1 1
A General Polynomial Sieve
 Designs, Codes and Crpyotgraphy
, 1999
"... An important component of the index calculus methods for finding discrete logarithms is the acquisition of smooth polynomial relations. Gordon and McCurley (1992) developed a sieve to aid in finding smooth Coppersmith polynomials for use in the index calculus method. We discuss their approach and so ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
An important component of the index calculus methods for finding discrete logarithms is the acquisition of smooth polynomial relations. Gordon and McCurley (1992) developed a sieve to aid in finding smooth Coppersmith polynomials for use in the index calculus method. We discuss their approach and some of the difficulties they found with their sieve. We present a new sieving method that can be applied to any affine subspace of polynomials over a finite field.
Optimizing the MenezesOkamotoVanstone (MOV) Algorithm for NonSupersingular Elliptic Curves
, 1999
"... . We address the MenezesOkamotoVanstone (MOV) algorithm for attacking elliptic curve cryptosystems which is completed in subexponential time for supersingular elliptic curves. There exist two hurdles to clear, from an algorithmic point of view, in applying the MOV reduction to general elliptic cur ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
. We address the MenezesOkamotoVanstone (MOV) algorithm for attacking elliptic curve cryptosystems which is completed in subexponential time for supersingular elliptic curves. There exist two hurdles to clear, from an algorithmic point of view, in applying the MOV reduction to general elliptic curves: the problem of explicitly determining the minimum extension degree k such that E[n] E(F q^k) and that of efficiently finding an ntorsion point needed to evaluate the Weil pairing, where n is the order of a cyclic group of the elliptic curve discrete logarithm problem. We can find an answer to the first problem in a recent paper by Balasubramanian and Koblitz. On the other hand, the second problem is important as well, since the reduction might require exponential time even for small k. In this paper, we actually construct a method of efficiently finding an ntorsion point, which leads to a solution of the second problem. In addition, our contribution allows us to draw the conclusion that the ...