Results 1  10
of
42
Towards the Equivalence of Breaking the DiffieHellman Protocol and Computing Discrete Logarithms
, 1994
"... Let G be an arbitrary cyclic group with generator g and order jGj with known factorization. G could be the subgroup generated by g within a larger group H. Based on an assumption about the existence of smooth numbers in short intervals, we prove that breaking the DiffieHellman protocol for G and ..."
Abstract

Cited by 78 (6 self)
 Add to MetaCart
Let G be an arbitrary cyclic group with generator g and order jGj with known factorization. G could be the subgroup generated by g within a larger group H. Based on an assumption about the existence of smooth numbers in short intervals, we prove that breaking the DiffieHellman protocol for G and base g is equivalent to computing discrete logarithms in G to the base g when a certain side information string S of length 2 log jGj is given, where S depends only on jGj but not on the definition of G and appears to be of no help for computing discrete logarithms in G. If every prime factor p of jGj is such that one of a list of expressions in p, including p \Gamma 1 and p + 1, is smooth for an appropriate smoothness bound, then S can efficiently be constructed and therefore breaking the DiffieHellman protocol is equivalent to computing discrete logarithms.
The Relationship Between Breaking the DiffieHellman Protocol and Computing Discrete Logarithms
, 1998
"... Both uniform and nonuniform results concerning the security of the DiffieHellman keyexchange protocol are proved. First, it is shown that in a cyclic group G of order jGj = Q p e i i , where all the multiple prime factors of jGj are polynomial in log jGj, there exists an algorithm that re ..."
Abstract

Cited by 49 (3 self)
 Add to MetaCart
Both uniform and nonuniform results concerning the security of the DiffieHellman keyexchange protocol are proved. First, it is shown that in a cyclic group G of order jGj = Q p e i i , where all the multiple prime factors of jGj are polynomial in log jGj, there exists an algorithm that reduces the computation of discrete logarithms in G to breaking the DiffieHellman protocol in G and has complexity p maxf(p i )g \Delta (log jGj) O(1) , where (p) stands for the minimum of the set of largest prime factors of all the numbers d in the interval [p \Gamma 2 p p+1; p+2 p p+ 1]. Under the unproven but plausible assumption that (p) is polynomial in log p, this reduction implies that the DiffieHellman problem and the discrete logarithm problem are polynomialtime equivalent in G. Second, it is proved that the DiffieHellman problem and the discrete logarithm problem are equivalent in a uniform sense for groups whose orders belong to certain classes: there exists a p...
The DiffieHellman Protocol
 DESIGNS, CODES, AND CRYPTOGRAPHY
, 1999
"... The 1976 seminal paper of Diffie and Hellman is a landmark in the history of cryptography. They introduced the fundamental concepts of a trapdoor oneway function, a publickey cryptosystem, and a digital signature scheme. Moreover, they presented a protocol, the socalled DiffieHellman protoco ..."
Abstract

Cited by 29 (0 self)
 Add to MetaCart
(Show Context)
The 1976 seminal paper of Diffie and Hellman is a landmark in the history of cryptography. They introduced the fundamental concepts of a trapdoor oneway function, a publickey cryptosystem, and a digital signature scheme. Moreover, they presented a protocol, the socalled DiffieHellman protocol, allowing two parties who share no secret information initially, to generate a mutual secret key. This paper summarizes the present knowledge on the security of this protocol.
The Equivalence Between The Dhp And Dlp For Elliptic Curves Used In Practical Applications
, 2004
"... We reexamine the reduction of Maurer and Wolf of the Discrete Logarithm problem to the Di#eHellman problem. We give a precise estimate for the number of operations required in the reduction and use this to estimate the exact security of the elliptic curve variant of the Di#eHellman protocol for ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
We reexamine the reduction of Maurer and Wolf of the Discrete Logarithm problem to the Di#eHellman problem. We give a precise estimate for the number of operations required in the reduction and use this to estimate the exact security of the elliptic curve variant of the Di#eHellman protocol for various elliptic curves defined in standards. 1.
Isogenies Of Supersingular Elliptic Curves Over Finite Fields And Operations In Elliptic Cohomology
"... . In this paper we investigate stable operations in supersingular elliptic cohomology using isogenies of supersingular elliptic curves over finite fields. Our main results provide a framework in which we give a conceptually simple new proof of an elliptic cohomology version of the Morava change of r ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
(Show Context)
. In this paper we investigate stable operations in supersingular elliptic cohomology using isogenies of supersingular elliptic curves over finite fields. Our main results provide a framework in which we give a conceptually simple new proof of an elliptic cohomology version of the Morava change of rings theorem and also gives models for explicit stable operations in terms of isogenies and morphisms in certain enlarged isogeny categories. We are particularly inspired by number theoretic work of G. Robert, whose work we reformulate and generalize in our setting. Introduction In previous work we investigated supersingular reductions of elliptic cohomology [5], stable operations and cooperations in elliptic cohomology [3, 4, 6, 8] and in [9, 10] gave some applications to the Adams spectral sequence based on elliptic (co)homology. In this paper we investigate stable operations in supersingular elliptic cohomology using isogenies of supersingular elliptic curves over finite fields; this is ...
Group structures of elliptic curves over finite
"... Abstract. It is wellknown that if E is an elliptic curve over the finite field Fp, then E(Fp) ' Z/mZ × Z/mkZ for some positive integers m, k. Let S(M,K) denote the set of pairs (m, k) with m ≤M and k ≤ K such that there exists an elliptic curve over some prime finite field whose group of poin ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
(Show Context)
Abstract. It is wellknown that if E is an elliptic curve over the finite field Fp, then E(Fp) ' Z/mZ × Z/mkZ for some positive integers m, k. Let S(M,K) denote the set of pairs (m, k) with m ≤M and k ≤ K such that there exists an elliptic curve over some prime finite field whose group of points is isomorphic to Z/mZ × Z/mkZ. Banks, Pappalardi and Shparlinski recently conjectured that if K ≤ (logM)2−, then a density zero proportion of the groups in question actually arise as the group of points on some elliptic curve over some prime finite field. On the other hand, if K ≥ (logM)2+, they conjectured that a density one proportion of the groups in question arise as the group of points on some elliptic curve over some prime finite field. We prove that the first part of their conjecture holds in the full range K ≤ (logM)2−, and we prove that the second part of their conjecture holds in the limited range K ≥M4+. In the wider range K ≥M2, we show that at least a positive density of the groups in question actually occur. 1.
Graphs associated with the map x 7→ x + x−1 in finite fields of characteristic two, arxiv (2011), http://arxiv.org/abs/1107.4565, submitted to the
 Proceedings of “The 10th International Conference on Finite Fields and their Applications
"... ar ..."
GROUPS OF POINTS ON ABELIAN VARIETIES OVER FINITE FIELDS
, 903
"... Abstract. Fix an isogeny class of abelian varieties with commutative endomorphism algebra over a finite field. This isogeny class is determined by a Weil polynomial fA without multiple roots. We give a classification of groups of krational points on varieties from this class in terms of Newton poly ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Fix an isogeny class of abelian varieties with commutative endomorphism algebra over a finite field. This isogeny class is determined by a Weil polynomial fA without multiple roots. We give a classification of groups of krational points on varieties from this class in terms of Newton polygons of fA(1 − t). 1.
Elliptic Curves and their use in Cryptography
 DIMACS Workshop on Unusual Applications of Number Theory
, 1997
"... The security of many cryptographic protocols depends on the difficulty of solving the socalled "discrete logarithm" problem, in the multiplicative group of a finite field. Although, in the general case, there are no polynomial time algorithms for this problem, constant improvements are ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
The security of many cryptographic protocols depends on the difficulty of solving the socalled "discrete logarithm" problem, in the multiplicative group of a finite field. Although, in the general case, there are no polynomial time algorithms for this problem, constant improvements are being made  with the result that the use of these protocols require much larger key sizes, for a given level of security, than may be convenient. An abstraction of these protocols shows that they have analogues in any group. The challenge presents itself: find some other groups for which there are no good attacks on the discrete logarithm, and for which the group operations are sufficiently economical. In 1985, the author suggested that the groups arising from a particular mathematical object known as an "elliptic curve" might fill the bill. In this paper I review the general cryptographic protocols which are involved, briefly describe elliptic curves and review the possible attacks again...
Pairing the volcano
 In Algorithmic Number Theory Symposium—ANTS IX
, 2010
"... Abstract. Isogeny volcanoes are graphs whose vertices are elliptic curves and whose edges are `isogenies. Algorithms allowing to travel on these graphs were developed by Kohel in his thesis (1996) and later on, by Fouquet and Morain (2001). However, up to now, no method was known, to predict, befo ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
Abstract. Isogeny volcanoes are graphs whose vertices are elliptic curves and whose edges are `isogenies. Algorithms allowing to travel on these graphs were developed by Kohel in his thesis (1996) and later on, by Fouquet and Morain (2001). However, up to now, no method was known, to predict, before taking a step on the volcano, the direction of this step. Hence, in Kohel's and FouquetMorain algorithms, we take many steps before choosing the right direction. In particular, ascending or horizontal isogenies are usually found using a trialanderror approach. In this paper, we propose an alternative method that efficiently finds all points P of order ` such that the subgroup generated by P is the kernel of an horizontal or an ascending isogeny. In many cases, our method is faster than previous methods. 1