Results 1  10
of
24
Towards the Equivalence of Breaking the DiffieHellman Protocol and Computing Discrete Logarithms
, 1994
"... Let G be an arbitrary cyclic group with generator g and order jGj with known factorization. G could be the subgroup generated by g within a larger group H. Based on an assumption about the existence of smooth numbers in short intervals, we prove that breaking the DiffieHellman protocol for G and ..."
Abstract

Cited by 69 (6 self)
 Add to MetaCart
Let G be an arbitrary cyclic group with generator g and order jGj with known factorization. G could be the subgroup generated by g within a larger group H. Based on an assumption about the existence of smooth numbers in short intervals, we prove that breaking the DiffieHellman protocol for G and base g is equivalent to computing discrete logarithms in G to the base g when a certain side information string S of length 2 log jGj is given, where S depends only on jGj but not on the definition of G and appears to be of no help for computing discrete logarithms in G. If every prime factor p of jGj is such that one of a list of expressions in p, including p \Gamma 1 and p + 1, is smooth for an appropriate smoothness bound, then S can efficiently be constructed and therefore breaking the DiffieHellman protocol is equivalent to computing discrete logarithms.
The Relationship Between Breaking the DiffieHellman Protocol and Computing Discrete Logarithms
, 1998
"... Both uniform and nonuniform results concerning the security of the DiffieHellman keyexchange protocol are proved. First, it is shown that in a cyclic group G of order jGj = Q p e i i , where all the multiple prime factors of jGj are polynomial in log jGj, there exists an algorithm that re ..."
Abstract

Cited by 37 (3 self)
 Add to MetaCart
Both uniform and nonuniform results concerning the security of the DiffieHellman keyexchange protocol are proved. First, it is shown that in a cyclic group G of order jGj = Q p e i i , where all the multiple prime factors of jGj are polynomial in log jGj, there exists an algorithm that reduces the computation of discrete logarithms in G to breaking the DiffieHellman protocol in G and has complexity p maxf(p i )g \Delta (log jGj) O(1) , where (p) stands for the minimum of the set of largest prime factors of all the numbers d in the interval [p \Gamma 2 p p+1; p+2 p p+ 1]. Under the unproven but plausible assumption that (p) is polynomial in log p, this reduction implies that the DiffieHellman problem and the discrete logarithm problem are polynomialtime equivalent in G. Second, it is proved that the DiffieHellman problem and the discrete logarithm problem are equivalent in a uniform sense for groups whose orders belong to certain classes: there exists a p...
The DiffieHellman Protocol
 DESIGNS, CODES, AND CRYPTOGRAPHY
, 1999
"... The 1976 seminal paper of Diffie and Hellman is a landmark in the history of cryptography. They introduced the fundamental concepts of a trapdoor oneway function, a publickey cryptosystem, and a digital signature scheme. Moreover, they presented a protocol, the socalled DiffieHellman protoco ..."
Abstract

Cited by 26 (0 self)
 Add to MetaCart
The 1976 seminal paper of Diffie and Hellman is a landmark in the history of cryptography. They introduced the fundamental concepts of a trapdoor oneway function, a publickey cryptosystem, and a digital signature scheme. Moreover, they presented a protocol, the socalled DiffieHellman protocol, allowing two parties who share no secret information initially, to generate a mutual secret key. This paper summarizes the present knowledge on the security of this protocol.
The Equivalence Between The Dhp And Dlp For Elliptic Curves Used In Practical Applications
, 2004
"... We reexamine the reduction of Maurer and Wolf of the Discrete Logarithm problem to the Di#eHellman problem. We give a precise estimate for the number of operations required in the reduction and use this to estimate the exact security of the elliptic curve variant of the Di#eHellman protocol for ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
We reexamine the reduction of Maurer and Wolf of the Discrete Logarithm problem to the Di#eHellman problem. We give a precise estimate for the number of operations required in the reduction and use this to estimate the exact security of the elliptic curve variant of the Di#eHellman protocol for various elliptic curves defined in standards. 1.
Isogenies Of Supersingular Elliptic Curves Over Finite Fields And Operations In Elliptic Cohomology
"... . In this paper we investigate stable operations in supersingular elliptic cohomology using isogenies of supersingular elliptic curves over finite fields. Our main results provide a framework in which we give a conceptually simple new proof of an elliptic cohomology version of the Morava change of r ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
. In this paper we investigate stable operations in supersingular elliptic cohomology using isogenies of supersingular elliptic curves over finite fields. Our main results provide a framework in which we give a conceptually simple new proof of an elliptic cohomology version of the Morava change of rings theorem and also gives models for explicit stable operations in terms of isogenies and morphisms in certain enlarged isogeny categories. We are particularly inspired by number theoretic work of G. Robert, whose work we reformulate and generalize in our setting. Introduction In previous work we investigated supersingular reductions of elliptic cohomology [5], stable operations and cooperations in elliptic cohomology [3, 4, 6, 8] and in [9, 10] gave some applications to the Adams spectral sequence based on elliptic (co)homology. In this paper we investigate stable operations in supersingular elliptic cohomology using isogenies of supersingular elliptic curves over finite fields; this is ...
Elliptic Curves and their use in Cryptography
 DIMACS Workshop on Unusual Applications of Number Theory
, 1997
"... The security of many cryptographic protocols depends on the difficulty of solving the socalled "discrete logarithm" problem, in the multiplicative group of a finite field. Although, in the general case, there are no polynomial time algorithms for this problem, constant improvements are being ma ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
The security of many cryptographic protocols depends on the difficulty of solving the socalled "discrete logarithm" problem, in the multiplicative group of a finite field. Although, in the general case, there are no polynomial time algorithms for this problem, constant improvements are being made  with the result that the use of these protocols require much larger key sizes, for a given level of security, than may be convenient. An abstraction of these protocols shows that they have analogues in any group. The challenge presents itself: find some other groups for which there are no good attacks on the discrete logarithm, and for which the group operations are sufficiently economical. In 1985, the author suggested that the groups arising from a particular mathematical object known as an "elliptic curve" might fill the bill. In this paper I review the general cryptographic protocols which are involved, briefly describe elliptic curves and review the possible attacks again...
A Supersingular Congruence For Modular Forms
 ACTA ARITHMETICA
, 1998
"... Let p ? 3 be a prime. In the ring of modular forms with qexpansions defined over Z (p) , the Eisenstein function Ep+1 is shown to satisfy (Ep+1) p\Gamma1 j \Gamma ` \Gamma1 p ' \Delta (p 2 \Gamma1)=12 mod (p; Ep\Gamma1 ): This is equivalent to a result conjectured by de Shalit on the po ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
Let p ? 3 be a prime. In the ring of modular forms with qexpansions defined over Z (p) , the Eisenstein function Ep+1 is shown to satisfy (Ep+1) p\Gamma1 j \Gamma ` \Gamma1 p ' \Delta (p 2 \Gamma1)=12 mod (p; Ep\Gamma1 ): This is equivalent to a result conjectured by de Shalit on the polynomial satisfied by all the jinvariants of supersingular elliptic curves over F p . It is also closely related to a result of Gross and Landweber used to define a topological version of elliptic cohomology.
DETERMINING THE 2SYLOW SUBGROUP OF AN ELLIPTIC CURVE OVER A FINITE FIELD
"... Abstract. In this paper we describe an algorithm that outputs the order and the structure, including generators, of the 2Sylow subgroup of an elliptic curve over a finite field. To do this, we do not assume any knowledge of the group order. The results that lead to the design of this algorithm are ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Abstract. In this paper we describe an algorithm that outputs the order and the structure, including generators, of the 2Sylow subgroup of an elliptic curve over a finite field. To do this, we do not assume any knowledge of the group order. The results that lead to the design of this algorithm are of inductive type. Then a right choice of points allows us to reach the end within a linear number of successive halvings. The algorithm works with abscissas, so that halving of rational points in the elliptic curve becomes computing of square roots in the finite field. Efficient methods for this computation determine the efficiency of our algorithm. 1.
Endomorphism Rings and Isogenies Classes for a Drinfeld AModules of Rank 2 over Finite Fields , preprint IML
, 2004
"... Soit Φ un Fq[T]module de Drinfeld de rang 2, sur un corps fini L Fq, une extension de degré n d’un corps fini On abordera plusieurs points d’analogie avec les courbes elliptiques. Nous specifions les conditons de maximalite et de non maximalite pour l’anneau d’endomorphismes EndLΦ en tant que Fq[T] ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Soit Φ un Fq[T]module de Drinfeld de rang 2, sur un corps fini L Fq, une extension de degré n d’un corps fini On abordera plusieurs points d’analogie avec les courbes elliptiques. Nous specifions les conditons de maximalite et de non maximalite pour l’anneau d’endomorphismes EndLΦ en tant que Fq[T]ordre dans l’anneau de division EndLΦ⊗Fq[T]Fq(T), on s’intéressera ensuite aux polynôme caractéristique et par son intermédiaire on calculera le nombre de classes d’iogénies. Let Φ be a Drinfeld Fq[T]module of rank 2, over a finite field L, a finite extension of n degrees of a finite field with q elements Fq. Let m be the extension degrees of L over the field Fq[T]/P, P is the Fq[T]characteristic of L, and d the degree of the polynomial P. We will discuss about a many analogies points with elliptic curves. We start by the endomorphism ring of a Drinfeld Fq[T]module of rank 2, EndLΦ, and we specify the maximality conditions and non maximality conditions as a Fq[T]order in the ring of division EndLΦ⊗Fq[T] Fq(T), in the next point we will interest to the characteristic polynomial of a Drinfeld module of rank 2 and used it to calculate the number of isogeny classes for such module, at last we will interested to the Characteristic of EulerPoincare χΦ and we will calculated the cardinal of this ideals. 1
The equivalence between the DHP and DLP for elliptic curves used in practical applications, revisited
, 2005
"... The theoretical equivalence between the DLP and DHP problems was shown by Maurer in 1994. His work was then reexamined by Muzereau et al. [11] for the special case of elliptic curves used in practical cryptographic applications. This paper improves on the latter and tries to get the tightest possib ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
The theoretical equivalence between the DLP and DHP problems was shown by Maurer in 1994. His work was then reexamined by Muzereau et al. [11] for the special case of elliptic curves used in practical cryptographic applications. This paper improves on the latter and tries to get the tightest possible reduction in terms of computational equivalence, using Maurer’s method.