Results 1  10
of
34
Short signatures from the Weil pairing
, 2001
"... Abstract. We introduce a short signature scheme based on the Computational DiffieHellman assumption on certain elliptic and hyperelliptic curves. The signature length is half the size of a DSA signature for a similar level of security. Our short signature scheme is designed for systems where signa ..."
Abstract

Cited by 743 (28 self)
 Add to MetaCart
Abstract. We introduce a short signature scheme based on the Computational DiffieHellman assumption on certain elliptic and hyperelliptic curves. The signature length is half the size of a DSA signature for a similar level of security. Our short signature scheme is designed for systems where signatures are typed in by a human or signatures are sent over a lowbandwidth channel. 1
The XTR public key system
, 2000
"... This paper introduces the XTR public key system. XTR is based on a new method to represent elements of a subgroup of a multiplicative group of a finite field. Application of XTR in cryptographic protocols leads to substantial savings both in communication and computational overhead without compromis ..."
Abstract

Cited by 93 (12 self)
 Add to MetaCart
(Show Context)
This paper introduces the XTR public key system. XTR is based on a new method to represent elements of a subgroup of a multiplicative group of a finite field. Application of XTR in cryptographic protocols leads to substantial savings both in communication and computational overhead without compromising security.
Smooth orders and cryptographic applications
 Lect. Notes in Comp. Sci
"... Abstract. We obtain rigorous upper bounds on the number of primes p ≤ x for which p−1 is smooth or has a large smooth factor. Conjecturally these bounds are nearly tight. As a corollary, we show that for almost all primes p the multiplicative order of 2 modulo p is not smooth, and we prove a similar ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We obtain rigorous upper bounds on the number of primes p ≤ x for which p−1 is smooth or has a large smooth factor. Conjecturally these bounds are nearly tight. As a corollary, we show that for almost all primes p the multiplicative order of 2 modulo p is not smooth, and we prove a similar but weaker result for almost all odd numbers n. We also discuss some cryptographic applications. 1
Oneway signature chaining: a new paradigm for group cryptosystems
 International Journal of Information and Computer Security
"... In this paper, we describe a new cryptographic primitive called (OneWay) Signature Chaining. Signature chaining is essentially a method of generating a chain of signatures on the same message by different users. Each signature acts as a “link ” of the chain. The onewayness implies that the chaini ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
(Show Context)
In this paper, we describe a new cryptographic primitive called (OneWay) Signature Chaining. Signature chaining is essentially a method of generating a chain of signatures on the same message by different users. Each signature acts as a “link ” of the chain. The onewayness implies that the chaining process is oneway in the sense that more links can be easily added to the chain. However, it is computationally infeasible to remove any intermediate links without removing all the links. The signatures so created are called chain signatures (CS). We give precise definitions of chain signatures and discuss some applications in trust transfer. We then present a practical construction of a CS scheme that is secure (in the random oracle model) under the Computational DiffieHellman (CDH) assumption in bilinear maps.
Signature calculus and discrete logarithm problems
 In Proc. ANTS VII, LNCS 4076
, 2006
"... This is the third in a series of papers in which we develop a unified method for treating the discrete logarithm problem (DLP) in various contexts. In [HR1], we described a formalism using global duality for a unified approach to the DLP for the multiplicative group and for elliptic ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
This is the third in a series of papers in which we develop a unified method for treating the discrete logarithm problem (DLP) in various contexts. In [HR1], we described a formalism using global duality for a unified approach to the DLP for the multiplicative group and for elliptic
MOV attack in various subgroups on elliptic curves
 Illinois Journal of Mathematics
"... ..."
(Show Context)
A SIMPLE GENERALIZATION OF THE ELGAMAL CRYPTOSYSTEM TO NONABELIAN GROUPS II
"... Abstract. In this paper I study the MOR cryptosystem using the special linear group over finite fields. At our current state of knowledge, I show that the MOR cryptosystem is more secure than the ElGamal cryptosystem over finite fields. 1. ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper I study the MOR cryptosystem using the special linear group over finite fields. At our current state of knowledge, I show that the MOR cryptosystem is more secure than the ElGamal cryptosystem over finite fields. 1.
Isomorphism Classes of Genus2 Hyperelliptic Curves Over Finite Fields
"... We propose a reduced equation for hyperelliptic curves of genus 2 over finite fields F q of q elements with characteristic different from 2 and 5. We determine the number of isomorphism classes of genus2 hyperelliptic curves having an F q rational Weierstrass point. These results have applications ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We propose a reduced equation for hyperelliptic curves of genus 2 over finite fields F q of q elements with characteristic different from 2 and 5. We determine the number of isomorphism classes of genus2 hyperelliptic curves having an F q rational Weierstrass point. These results have applications to hyperelliptic curve cryptography.
Discrete logarithm computations over finite fields using ReedSolomon codes
, 2012
"... Abstract. Cheng and Wan have related the decoding of ReedSolomon codes to the computation of discrete logarithms over finite fields, with the aim of proving the hardness of their decoding. In this work, we experiment with solving the discrete logarithm over F qh using ReedSolomon decoding. For fix ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Abstract. Cheng and Wan have related the decoding of ReedSolomon codes to the computation of discrete logarithms over finite fields, with the aim of proving the hardness of their decoding. In this work, we experiment with solving the discrete logarithm over F qh using ReedSolomon decoding. For fixed h and q going to infinity, we introduce an algorithm (RSDL) needing Õ(h! · q2) operations over Fq, operating on a q × q matrix with (h+ 2)q nonzero coefficients. We give faster variants including an incremental version and another one that uses auxiliary finite fields that need not be subfields of F qh this variant is very practical for moderate values of q and h. We include some numerical results of our first implementations. 1.