Results 1  10
of
10
Discrete Logarithms in Finite Fields and Their Cryptographic Significance
, 1984
"... Given a primitive element g of a finite field GF(q), the discrete logarithm of a nonzero element u GF(q) is that integer k, 1 k q  1, for which u = g k . The wellknown problem of computing discrete logarithms in finite fields has acquired additional importance in recent years due to its appl ..."
Abstract

Cited by 88 (6 self)
 Add to MetaCart
Given a primitive element g of a finite field GF(q), the discrete logarithm of a nonzero element u GF(q) is that integer k, 1 k q  1, for which u = g k . The wellknown problem of computing discrete logarithms in finite fields has acquired additional importance in recent years due to its applicability in cryptography. Several cryptographic systems would become insecure if an efficient discrete logarithm algorithm were discovered. This paper surveys and analyzes known algorithms in this area, with special attention devoted to algorithms for the fields GF(2 n ). It appears that in order to be safe from attacks using these algorithms, the value of n for which GF(2 n ) is used in a cryptosystem has to be very large and carefully chosen. Due in large part to recent discoveries, discrete logarithms in fields GF(2 n ) are much easier to compute than in fields GF(p) with p prime. Hence the fields GF(2 n ) ought to be avoided in all cryptographic applications. On the other hand, ...
On Small Characteristic Algebraic Tori in PairingBased Cryptography
, 2004
"... The output of the Tate pairing on an elliptic curve over a nite eld is an element in the multiplicative group of an extension eld modulo a particular subgroup. One ordinarily powers this element to obtain a unique representative for the output coset, and performs any further necessary arithmet ..."
Abstract

Cited by 31 (3 self)
 Add to MetaCart
The output of the Tate pairing on an elliptic curve over a nite eld is an element in the multiplicative group of an extension eld modulo a particular subgroup. One ordinarily powers this element to obtain a unique representative for the output coset, and performs any further necessary arithmetic in the extension eld. Rather than an obstruction, we show to the contrary that one can exploit this quotient group to eliminate the nal powering, to speed up exponentiations and to obtain a simple compression of pairing values which is useful during interactive identitybased cryptographic protocols. Speci cally we demonstrate that methods available for fast point multiplication on elliptic curves such as mixed addition, signed digit representations and Frobenius expansions, all transfer easily to the quotient group, and provide a signi cant improvement over the arithmetic of the extension eld.
Lecture Notes on Cryptography
, 2001
"... This is a set of lecture notes on cryptography compiled for 6.87s, a one week long course on cryptography taught at MIT by Shafi Goldwasser and Mihir Bellare in the summers of 1996–2001. The notes were formed by merging notes written for Shafi Goldwasser’s Cryptography and Cryptanalysis course at MI ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
This is a set of lecture notes on cryptography compiled for 6.87s, a one week long course on cryptography taught at MIT by Shafi Goldwasser and Mihir Bellare in the summers of 1996–2001. The notes were formed by merging notes written for Shafi Goldwasser’s Cryptography and Cryptanalysis course at MIT with notes written for Mihir Bellare’s Cryptography and network security course at UCSD. In addition, Rosario Gennaro (as Teaching Assistant for the course in 1996) contributed Section 9.6, Section 11.4, Section 11.5, and Appendix D to the notes, and also compiled, from various sources, some of the problems in Appendix E. Cryptography is of course a vast subject. The thread followed by these notes is to develop and explain the notion of provable security and its usage for the design of secure protocols. Much of the material in Chapters 2, 3 and 7 is a result of scribe notes, originally taken by MIT graduate students who attended Professor Goldwasser’s Cryptography and Cryptanalysis course over the years, and later edited by Frank D’Ippolito who was a teaching assistant for the course in 1991. Frank also contributed much of the advanced number theoretic material in the Appendix. Some of the material in Chapter 3 is from the chapter on Cryptography, by R. Rivest, in the Handbook of Theoretical Computer Science. Chapters 4, 5, 6, 8 and 10, and Sections 9.5 and 7.4.6, were written by Professor Bellare for his Cryptography and network security course at UCSD.
Conditionally Secure Secret Sharing Schemes with Disenrollment Capability
, 1994
"... The paper describes an implementation of Shamir secret sharing schemes based on exponentiation in Galois fields. It is shown how to generate shares so the scheme has the disenrollment capability. Next a family of conditionally secure Shamir schemes is defined and the disenrollment capability is inve ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
The paper describes an implementation of Shamir secret sharing schemes based on exponentiation in Galois fields. It is shown how to generate shares so the scheme has the disenrollment capability. Next a family of conditionally secure Shamir schemes is defined and the disenrollment capability is investigated for the family. The paper also examines a problem of covert channels which are present in any secret sharing scheme. Keywords: Computer Security, Cryptography, Group Oriented Cryptography, Secret Sharing, Threshold Schemes. 1 Introduction A secret sharing scheme allows authorized groups of users to recreate a secret key by pooling their shares (shadows) of the key, but single users or unauthorized groups are unable to recreate the key. The first secret sharing schemes (called threshold schemes) were invented independently by Shamir [17] and Blakley[2]). Secret sharing schemes should be designed so that if some of the shares of the key are lost or stolen  invalidated, the remaini...
Function Field Sieve in Characteristic Three
, 2004
"... In this paper we investigate the e#ciency of the function field sieve to compute discrete logarithms in the finite fields F3 n . Motivated by attacks on identity based encryption systems using supersingular elliptic curves, we pay special attention to the case where n is composite. This allows ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
In this paper we investigate the e#ciency of the function field sieve to compute discrete logarithms in the finite fields F3 n . Motivated by attacks on identity based encryption systems using supersingular elliptic curves, we pay special attention to the case where n is composite. This allows
Cryptology
"... Cryptology has advanced tremendously since 1976; this chapter provides a brief overview of the current stateoftheart in the field. Several major themes predominate in the development. One such theme is the careful elaboration of the definition of security for a cryptosystem. A second theme has be ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Cryptology has advanced tremendously since 1976; this chapter provides a brief overview of the current stateoftheart in the field. Several major themes predominate in the development. One such theme is the careful elaboration of the definition of security for a cryptosystem. A second theme has been the search for provably secure cryptosystems, based on plausible assumptions about the difficulty of specific numbertheoretic problems or on the existence of certain kinds of functions (such as oneway functions). A third theme is the invention of many novel and surprising cryptographic capabilities, such as publickey cryptography, digital signatures, secretsharing, oblivious transfers, and zeroknowledge proofs. These themes have been developed and interwoven so that today theorems of breathtaking generality and power assert the existence of cryptographic techniques capable of solving almost any imaginable cryptographic problem.
Finite fields and cryptology
 COMPUTER SCIENCE JOURNAL OF MOLDOVA, VOL.11, NO.2(32)
, 2003
"... The problem of a computationally feasible method of finding the discrete logarithm in a (large) finite field is discussed, presenting the main algorithms in this direction. Some cryptographic schemes based on the discrete logarithm are presented. Finally, the theory of linear recurring sequences is ..."
Abstract
 Add to MetaCart
The problem of a computationally feasible method of finding the discrete logarithm in a (large) finite field is discussed, presenting the main algorithms in this direction. Some cryptographic schemes based on the discrete logarithm are presented. Finally, the theory of linear recurring sequences is outlined, in relation to its applications in cryptology.
On Small Degree Extension Fields in Cryptology
, 2005
"... that are based in, or map to, the multiplicative group of finite fields with small extension degree. A central observation is that the multiplicative group of extension fields essentially decomposes as a product of algebraic tori, whose properties allow for improved communication efficiency. ..."
Abstract
 Add to MetaCart
that are based in, or map to, the multiplicative group of finite fields with small extension degree. A central observation is that the multiplicative group of extension fields essentially decomposes as a product of algebraic tori, whose properties allow for improved communication efficiency.