Results 11  20
of
552
An algorithm for solving the discrete log problem on hyperelliptic curves
, 2000
"... Abstract. We present an indexcalculus algorithm for the computation of discrete logarithms in the Jacobian of hyperelliptic curves defined over finite fields. The complexity predicts that it is faster than the Rho method for genus greater than 4. To demonstrate the efficiency of our approach, we de ..."
Abstract

Cited by 80 (6 self)
 Add to MetaCart
Abstract. We present an indexcalculus algorithm for the computation of discrete logarithms in the Jacobian of hyperelliptic curves defined over finite fields. The complexity predicts that it is faster than the Rho method for genus greater than 4. To demonstrate the efficiency of our approach, we describe our breaking of a cryptosystem based on a curve of genus 6 recently proposed by Koblitz. 1
REACT: Rapid Enhancedsecurity Asymmetric Cryptosystem Transform
 CTRSA 2001, volume 2020 of LNCS
, 2001
"... Abstract. Seven years after the optimal asymmetric encryption padding (OAEP) which makes chosenciphertext secure encryption scheme from any trapdoor oneway permutation (but whose unique application is RSA), this paper presents REACT, a new conversion which applies to any weakly secure cryptosystem ..."
Abstract

Cited by 76 (21 self)
 Add to MetaCart
Abstract. Seven years after the optimal asymmetric encryption padding (OAEP) which makes chosenciphertext secure encryption scheme from any trapdoor oneway permutation (but whose unique application is RSA), this paper presents REACT, a new conversion which applies to any weakly secure cryptosystem, in the random oracle model: it is optimal from both the computational and the security points of view. Indeed, the overload is negligible, since it just consists of two more hashings for both encryption and decryption, and the reduction is very tight. Furthermore, advantages of REACT beyond OAEP are numerous: 1. it is more general since it applies to any partially trapdoor oneway function (a.k.a. weakly secure publickey encryption scheme) and therefore provides security relative to RSA but also to the DiffieHellman problem or the factorization; 2. it is possible to integrate symmetric encryption (block and stream ciphers) to reach very high speed rates; 3. it provides a key distribution with session key encryption, whose overall scheme achieves chosenciphertext security even with weakly secure symmetric scheme. Therefore, REACT could become a new alternative to OAEP, and even reach security relative to factorization, while allowing symmetric integration.
Efficient Algorithms for Elliptic Curve Cryptosystems
, 1997
"... Elliptic curves are the basis for a relative new class of publickey schemes. It is predicted that elliptic curves will replace many existing schemes in the near future. It is thus of great interest to develop algorithms which allow efficient implementations of elliptic curve crypto systems. This th ..."
Abstract

Cited by 66 (9 self)
 Add to MetaCart
Elliptic curves are the basis for a relative new class of publickey schemes. It is predicted that elliptic curves will replace many existing schemes in the near future. It is thus of great interest to develop algorithms which allow efficient implementations of elliptic curve crypto systems. This thesis deals with such algorithms. Efficient algorithms for elliptic curves can be classified into lowlevel algorithms, which deal with arithmetic in the underlying finite field and highlevel algorithms, which operate with the group operation. This thesis describes three new algorithms for efficient implementations of elliptic curve cryptosystems. The first algorithm describes the application of the KaratsubaOfman Algorithm to multiplication in composite fields GF ((2 n ) m ). The second algorithm deals with efficient inversion in composite Galois fields of the form GF ((2 n ) m ). The third algorithm is an entirely new approach which accelerates the multiplication of points which i...
Optimal Extension Fields for Fast Arithmetic in PublicKey Algorithms
, 1998
"... Abstract. This contribution introduces a class of Galois field used to achieve fast finite field arithmetic which we call an Optimal Extension Field (OEF). This approach is well suited for implementation of publickey cryptosystems based on elliptic and hyperelliptic curves. Whereas previous reported ..."
Abstract

Cited by 64 (13 self)
 Add to MetaCart
Abstract. This contribution introduces a class of Galois field used to achieve fast finite field arithmetic which we call an Optimal Extension Field (OEF). This approach is well suited for implementation of publickey cryptosystems based on elliptic and hyperelliptic curves. Whereas previous reported optimizations focus on finite fields of the form GF (p) and GF (2 m), an OEF is the class of fields GF (p m), for p a prime of special form and m a positive integer. Modern RISC workstation processors are optimized to perform integer arithmetic on integers of size up to the word size of the processor. Our construction employs wellknown techniques for fast finite field arithmetic which fully exploit the fast integer arithmetic found on these processors. In this paper, we describe our methods to perform the arithmetic in an OEF and the methods to construct OEFs. We provide a list of OEFs tailored for processors with 8, 16, 32, and 64 bit word sizes. We report on our application of this approach to construction of elliptic curve cryptosystems and demonstrate a substantial performance improvement over all previous reported software implementations of Galois field arithmetic for elliptic curves.
Faster Attacks on Elliptic Curve Cryptosystems
 Selected Areas in Cryptography, LNCS 1556
, 1998
"... The previously best attack known on elliptic curve cryptosystems used in practice was the parallel collision search based on Pollard's aemethod. The complexity of this attack is the square root of the prime order of the generating point used. For arbitrary curves, typically defined over GF (p) or G ..."
Abstract

Cited by 61 (1 self)
 Add to MetaCart
The previously best attack known on elliptic curve cryptosystems used in practice was the parallel collision search based on Pollard's aemethod. The complexity of this attack is the square root of the prime order of the generating point used. For arbitrary curves, typically defined over GF (p) or GF (2 m ), the attack time can be reduced by a factor or p 2, a small improvement. For subfield curves, those defined over GF (2 ed ) with coefficients defining the curve restricted to GF (2 e ), the attack time can be reduced by a factor of p 2d. In particular for curves over GF (2 m ) with coefficients in GF (2), called anomalous binary curves or Koblitz curves, the attack time can be reduced by a factor of p 2m. These curves have structure which allows faster cryptosystem computations. Unfortunately, this structure also helps the attacker. In an example, the time required to compute an elliptic curve logarithm on an anomalous binary curve over GF (2 163 ) is reduced from 2 ...
Evaluation of discrete logarithms in a group of ptorsion points of an elliptic curve in characteristic p
 Mathematics of Computation
, 1998
"... Abstract. We show that to solve the discrete log problem in a subgroup of order p of an elliptic curve over the finite field of characteristic p one needs O(ln p) operations in this field. Let Fq be the finite field of q = p l elements. We define an elliptic curve E over Fq to be an equation of the ..."
Abstract

Cited by 58 (0 self)
 Add to MetaCart
Abstract. We show that to solve the discrete log problem in a subgroup of order p of an elliptic curve over the finite field of characteristic p one needs O(ln p) operations in this field. Let Fq be the finite field of q = p l elements. We define an elliptic curve E over Fq to be an equation of the form y 2 = x 3 + Ax + B. We suppose p ̸ = 2,3. Let E(Fq) bethesetofpointsErational over Fq. Itisknown that Nq − q − 1  ≤2q 1/2 with Nq = E(Fq). The set E(Fq) is a finite abelian group with the “infinite point ” P ∞ as the identity element. The discrete logarithm problem is to compute an integer n such that Q = nP, where Q, P ∈ E(Fq), if such an n exists. This problem is of great significance in cryptology [1], [2]. Suppose that the point P generates a subgroup 〈P 〉 of order m. If (m, p) = 1, then the subgroup 〈P 〉 is isomorphic to some multiplicative subgroup of an extension F q k where q k ≡ 1(modm). The values of the isomorphism from 〈P 〉 to F ∗ q can be evaluated in a very simple manner. The complexity of the algorithm is
A General Framework for Subexponential Discrete Logarithm Algorithms in Groups of Unknown Order
, 2000
"... We develop a generic framework for the computation of logarithms in nite class groups. The model allows to formulate a probabilistic algorithm based on collecting relations in an abstract way independently of the specific type of group to which it is applied, and to prove a subexponential running ti ..."
Abstract

Cited by 56 (9 self)
 Add to MetaCart
We develop a generic framework for the computation of logarithms in nite class groups. The model allows to formulate a probabilistic algorithm based on collecting relations in an abstract way independently of the specific type of group to which it is applied, and to prove a subexponential running time if a certain smoothness assumption is verified. The algorithm proceeds in two steps: First, it determines the abstract group structure as a product of cyclic groups; second, it computes an explicit isomorphism, which can be used to extract discrete logarithms.
Software Implementation of the NIST Elliptic Curves Over Prime Fields
 TOPICS IN CRYPTOLOGY – CTRSA 2001, VOLUME 2020 OF LNCS
, 2001
"... ..."
Sizzle: A standardsbased endtoend security architecture for the embedded internet
, 2005
"... According to popular perception, publickey cryptography is beyond the capabilities of highly constrained, “mote”like, embedded devices. We show that elliptic curve cryptography not only makes publickey cryptography feasible on these devices, it allows one to create a complete secure web server st ..."
Abstract

Cited by 50 (0 self)
 Add to MetaCart
According to popular perception, publickey cryptography is beyond the capabilities of highly constrained, “mote”like, embedded devices. We show that elliptic curve cryptography not only makes publickey cryptography feasible on these devices, it allows one to create a complete secure web server stack that runs efficiently within very tight resource constraints. Our smallfootprint HTTPS stack, nicknamed Sizzle, has been implemented on multiple generations of the Berkeley/Crossbow motes where it runs in less than 4KB of RAM, completes a full SSL handshake in 1 second (session reuse takes 0.5 seconds) and transfers 1 KB of application data over SSL in 0.4 seconds. Sizzle is the world’s smallest secure web server and can be embedded inside home appliances, personal medical devices, etc., allowing them to be monitored and controlled remotely via a web browser without sacrificing endtoend security.
A Fast Software Implementation for Arithmetic Operations in GF(2^n)
, 1996
"... . We present a software implementation of arithmetic operations in a finite field GF(2 n ), based on an alternative representation of the field elements. An important application is in elliptic curve cryptosystems. Whereas previously reported implementations of elliptic curve cryptosystems use a s ..."
Abstract

Cited by 46 (2 self)
 Add to MetaCart
. We present a software implementation of arithmetic operations in a finite field GF(2 n ), based on an alternative representation of the field elements. An important application is in elliptic curve cryptosystems. Whereas previously reported implementations of elliptic curve cryptosystems use a standard basis or an optimal normal basis to perform field operations, we represent the field elements as polynomials with coefficients in the smaller field GF(2 16 ). Calculations in this smaller field are carried out using precalculated lookup tables. This results in rather simple routines matching the structure of computer memory very well. The use of an irreducible trinomial as the field polynomial, as was proposed at Crypto'95 by R. Schroeppel et al., can be extended to this representation. In our implementation, the resulting routines are slightly faster than standard basis routines. 1 Introduction Elliptic curve public key cryptosystems are rapidly gaining popularity [M93]. The use...