Abstract. It has become increasingly common to implement discrete-logarithm based public-key protocols on elliptic curves over finite fields. The basic operation is scalar multiplication: taking a given integer multiple of a given point on the curve. The cost of the protocols depends on that of the elliptic scalar multiplication operation. Koblitz introduced a family of curves which admit especially fast elliptic scalar multiplication. His algorithm was later modified by Meier and Staffelbach. We give an improved version of the algorithm which runs 50 % faster than any previous version. It is based on a new kind of representation of an integer, analogous to certain kinds of binary expansions. We also outline further speedups using precomputation and storage.

The main construction for resilient functions uses linear error-correcting codes; a resilient function constructed in this way is said to be linear. It has been conjectured that if there exists a resilient function, then there exists a linear function with the same parameters. In this note, we construct infinite classes of non-linear resilient functions from the Kerdock and Preparata codes. We also show that there do not exist linear resilient functions having the same parameters as the functions that we construct from the Kerdock codes. Thus, the aforementioned conjecture is disproved.

. It has become increasingly common to implement discretelogarithm based public-key protocols on elliptic curves over finite fields. The basic operation is scalar multiplication: taking a given integer multiple of a given point on the curve. The cost of the protocols depends on that of the elliptic scalar multiplication operation. Koblitz introduced a family of curves which admit especially fast elliptic scalar multiplication. His algorithm was later modified by Meier and Staffelbach. We give an improved version of the algorithm which runs 50% faster than any previous version. It is based on a new kind of representation of an integer, analogous to certain kinds of binary expansions. We also outline further speedups using precomputation and storage. Keywords: elliptic curves, exponentiation, public-key cryptography. 1 Introduction It has become increasingly common to implement discrete-logarithm based public-key protocols on elliptic curves over finite fields. More precisely, one work...

These are the notes for a set of lectures delivered by the two authors at the Les Houches Summer School on ‘Complex Systems’ in July 2006. They provide an introduction to the basic concepts in modern (probabilistic) coding theory, highlighting connections with statistical mechanics. We also stress common concepts with other disciplines dealing with similar problems that can be generically referred to as ‘large graphical models’. While most of the lectures are devoted to the classical channel coding problem over simple memoryless channels, we present a discussion of more complex channel models. We conclude with an overview of the main open challenges in the field.

1.4 Simple XOR

Euclid’s method for finding the greatest common divisor (GCD) of two integers was first described around the year 300 B.C. This simple iterative method is often regarded as the grandfather of all algorithms in Number Theory today. Many advances have been made since then—for example, Berlekamp’s algorithm for multiplicative inverse and Montgomery’s technique for modular multiplication. These binary add-andshift algorithms for efficient finite field arithmetic operations have played important roles in today’s publickey cryptographic systems. Yet, two thousand three hundred years after Euclid’s GCD, one algorithm remained missing—division. For many decades we did not tackle modular division problems directly. Instead, we relied on the Extended Euclidean algorithm for calculating inversion and we computed division in a two-step process—inversion followed by multiplication. This practice is so deeply rooted in our teachings and doings today that we have neglected to ask whether the idea underlying the binary Extended Euclidean algorithm can also be applied to finding a general solution for field division. This paper describes such a solution: a binary add-and-shift algorithm for modular division in a residue class. This technique for fast computation of divisions in GF(2 m) is the key to a highly efficient implementation of elliptic curve cryptosystems.