Results 1  10
of
269
Guide to Elliptic Curve Cryptography
, 2004
"... Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves ..."
Abstract

Cited by 382 (17 self)
 Add to MetaCart
Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves also figured prominently in the recent proof of Fermat's Last Theorem by Andrew Wiles. Originally pursued for purely aesthetic reasons, elliptic curves have recently been utilized in devising algorithms for factoring integers, primality proving, and in publickey cryptography. In this article, we aim to give the reader an introduction to elliptic curve cryptosystems, and to demonstrate why these systems provide relatively small block sizes, highspeed software and hardware implementations, and offer the highest strengthperkeybit of any known publickey scheme.
Improved Decoding of ReedSolomon and AlgebraicGeometry Codes
 IEEE TRANSACTIONS ON INFORMATION THEORY
, 1999
"... Given an errorcorrecting code over strings of length n and an arbitrary input string also of length n, the list decoding problem is that of finding all codewords within a specified Hamming distance from the input string. We present an improved list decoding algorithm for decoding ReedSolomon codes ..."
Abstract

Cited by 249 (42 self)
 Add to MetaCart
Given an errorcorrecting code over strings of length n and an arbitrary input string also of length n, the list decoding problem is that of finding all codewords within a specified Hamming distance from the input string. We present an improved list decoding algorithm for decoding ReedSolomon codes. The list decoding problem for ReedSolomon codes reduces to the following "curvefitting" problem over a field F : Given n points f(x i :y i )g i=1 , x i
Constructive And Destructive Facets Of Weil Descent On Elliptic Curves
 JOURNAL OF CRYPTOLOGY
, 2000
"... In this paper we look in detail at the curves which arise in the method of Galbraith and Smart for producing curves in the Weil restriction of an elliptic curve over a finite field of characteristic two of composite degree. We explain how this method can be used to construct hyperelliptic cryptosys ..."
Abstract

Cited by 140 (12 self)
 Add to MetaCart
In this paper we look in detail at the curves which arise in the method of Galbraith and Smart for producing curves in the Weil restriction of an elliptic curve over a finite field of characteristic two of composite degree. We explain how this method can be used to construct hyperelliptic cryptosystems which could be as secure as a cryptosystems based on the original elliptic curve. On the other hand, we show that this may provide a way of attacking the original elliptic curve cryptosystem using recent advances in the study of the discrete logarithm problem on hyperelliptic curves. We examine the resulting higher genus curves in some detail and propose an additional check on elliptic curve systems defined over fields of characteristic two so as to make them immune from the methods in this paper. 1. Introduction In this paper we address two problems: How to construct hyperelliptic cryptosystems and how to attack elliptic curve cryptosystems defined over fields of even characteristic ...
Supersingular curves in cryptography
, 2001
"... Frey and Rück gave a method to map the discrete logarithm problem in the divisor class group of a curve over ¢¡ into a finite field discrete logarithm problem in some extension. The discrete logarithm problem in the divisor class group can therefore be solved as long ¥ as is small. In the elliptic ..."
Abstract

Cited by 87 (8 self)
 Add to MetaCart
Frey and Rück gave a method to map the discrete logarithm problem in the divisor class group of a curve over ¢¡ into a finite field discrete logarithm problem in some extension. The discrete logarithm problem in the divisor class group can therefore be solved as long ¥ as is small. In the elliptic curve case it is known that for supersingular curves one ¥§¦© ¨ has. In this paper curves of higher genus are studied. Bounds on the possible values ¥ for in the case of supersingular curves are given. Ways to ensure that a curve is not supersingular are also given. 1.
Formulae for Arithmetic on Genus 2 Hyperelliptic Curves
 Applicable Algebra in Engineering, Communication and Computing
, 2003
"... The ideal class group of hyperelliptic curves can be used in cryptosystems based on the discrete logarithm problem. In this article we present explicit formulae to perform the group operations for genus 2 curves. The formulae are completely general but to achieve the lowest number of operations we t ..."
Abstract

Cited by 49 (3 self)
 Add to MetaCart
The ideal class group of hyperelliptic curves can be used in cryptosystems based on the discrete logarithm problem. In this article we present explicit formulae to perform the group operations for genus 2 curves. The formulae are completely general but to achieve the lowest number of operations we treat odd and even characteristic separately. We present 3 different coordinate systems which are suitable for different environments, e. g. on a smart card we should avoid inversions while in software a limited number is acceptable. The presented formulae render genus two hyperelliptic curves very useful in practice. The first system are affine coordinates where each group operation needs one inversion. Then we consider projective coordinates avoiding inversions on the cost of more multiplications and a further coordinate. Finally, we introduce a new system of coordinates and state algorithms showing that doublings are comparably cheap and no inversions are needed. A comparison between the systems concludes the paper.
Arithmetic On Superelliptic Curves
 Math. Comp
, 2000
"... This paper is concerned with algorithms for computing in the divisor class group of a nonsingular plane curve of the form y n = c(x) which has only one point at infinity. Divisors are represented as ideals and an ideal reduction algorithm based on lattice reduction is given. We obtain a unique repre ..."
Abstract

Cited by 37 (4 self)
 Add to MetaCart
This paper is concerned with algorithms for computing in the divisor class group of a nonsingular plane curve of the form y n = c(x) which has only one point at infinity. Divisors are represented as ideals and an ideal reduction algorithm based on lattice reduction is given. We obtain a unique representative for each divisor class and the algorithms for addition and reduction of divisors run in polynomial time. An algorithm is also given for solving the discrete logarithm problem when the curve is defined over a finite field.
The GHS Attack in odd Characteristic
, 2003
"... The GHS attack is originally an approach to attack the discretelogarithm problem (DLP) in the group of rational points of an elliptic curve over a nonprime finite field of characteristic 2. It is a method to transform the original DLP into DLPs in class groups of specific curves of higher genera ov ..."
Abstract

Cited by 37 (6 self)
 Add to MetaCart
The GHS attack is originally an approach to attack the discretelogarithm problem (DLP) in the group of rational points of an elliptic curve over a nonprime finite field of characteristic 2. It is a method to transform the original DLP into DLPs in class groups of specific curves of higher genera over smaller fields. In this article we give a generalization of the attack to degree 0 class groups of (hyper)elliptic curves over nonprime fields of arbitrary characteristic. We solve the problem under which conditions the kernel of the "transformation homomorphism " (GHSconormnorm homomorphism) is small. We then analyze the resulting curves for the case that the characteristic is odd.
Computing discrete logarithms in real quadratic congruence function fields of large genus
 Math. Comp
, 1999
"... Abstract. The discrete logarithm problem in various finite abelian groups is the basis for some well known public key cryptosystems. Recently, real quadratic congruence function fields were used to construct a public key distribution system. The security of this public key system is based on the dif ..."
Abstract

Cited by 36 (8 self)
 Add to MetaCart
Abstract. The discrete logarithm problem in various finite abelian groups is the basis for some well known public key cryptosystems. Recently, real quadratic congruence function fields were used to construct a public key distribution system. The security of this public key system is based on the difficulty of a discrete logarithm problem in these fields. In this paper, we present a probabilistic algorithm with subexponential running time that computes such discrete logarithms in real quadratic congruence function fields of sufficiently large genus. This algorithm is a generalization of similar algorithms for real quadratic number fields. 1.
Coding Constructions for Blacklisting Problems Without Computational Assumptions
, 1999
"... . We consider the broadcast exclusion problem: how to transmit a message over a broadcast channel shared by N = 2 n users so that all but some specified coalition of k excluded users can understand the contents of the message. Using errorcorrecting codes, and avoiding any computational assumpt ..."
Abstract

Cited by 36 (0 self)
 Add to MetaCart
. We consider the broadcast exclusion problem: how to transmit a message over a broadcast channel shared by N = 2 n users so that all but some specified coalition of k excluded users can understand the contents of the message. Using errorcorrecting codes, and avoiding any computational assumptions in our constructions, we construct natural schemes that completely avoid any dependence on n in the transmission overhead. Specifically, we construct: (i) (for illustrative purposes,) a randomized scheme where the server's storage is exponential (in n), but the transmission overhead is O(k), and each user's storage is O(kn); (ii) a scheme based on polynomials where the transmission overhead is O(kn) and each user's storage is O(kn); and (iii) a scheme using algebraicgeometric codes where the transmission overhead is O(k 2 ) and each user is required to store O(kn) keys. In the process of proving these results, we show how to construct very good coverfree set systems and co...
Efficient Arithmetic on Genus 2 Hyperelliptic Curves over Finite Fields via Explicit Formulae
 In Cryptology ePrint archive, Report 2002/121
, 2002
"... We extend the explicit formulae for arithmetic on genus two curves of [13, 21] to fields of even characteristic and to arbitrary equation of the curve. These formulae can be evaluated faster than the more general Cantor algorithm and allow to obtain faster arithmetic on a hyperelliptic genus 2 curve ..."
Abstract

Cited by 30 (4 self)
 Add to MetaCart
We extend the explicit formulae for arithmetic on genus two curves of [13, 21] to fields of even characteristic and to arbitrary equation of the curve. These formulae can be evaluated faster than the more general Cantor algorithm and allow to obtain faster arithmetic on a hyperelliptic genus 2 curve than on elliptic curves. We give timings for implementations using various libraries for the field arithmetic.