Results 1  10
of
22
The XTR public key system
, 2000
"... This paper introduces the XTR public key system. XTR is based on a new method to represent elements of a subgroup of a multiplicative group of a finite field. Application of XTR in cryptographic protocols leads to substantial savings both in communication and computational overhead without compromis ..."
Abstract

Cited by 85 (13 self)
 Add to MetaCart
(Show Context)
This paper introduces the XTR public key system. XTR is based on a new method to represent elements of a subgroup of a multiplicative group of a finite field. Application of XTR in cryptographic protocols leads to substantial savings both in communication and computational overhead without compromising security.
Doing more with fewer bits
 Proceedings Asiacrypt99, LNCS 1716, SpringerVerlag
, 1999
"... Abstract. We present a variant of the DiffieHellman scheme in which the number of bits exchanged is one third of what is used in the classical DiffieHellman scheme, while the offered security against attacks known today is the same. We also give applications for this variant and conjecture a exten ..."
Abstract

Cited by 28 (4 self)
 Add to MetaCart
(Show Context)
Abstract. We present a variant of the DiffieHellman scheme in which the number of bits exchanged is one third of what is used in the classical DiffieHellman scheme, while the offered security against attacks known today is the same. We also give applications for this variant and conjecture a extension of this variant further reducing the size of sent information. 1
Signcryption and its applications in efficient public key solutions
 In Proceedings of ISW ’97, volume 1396 of LNCS
, 1997
"... Abstract. Signcryption is a new paradigm in public key cryptography that simultaneously fulfills both the functions of digital signature and public key encryption in a logically single step, and with a cost significantly lower than that required by the traditional “signature followed by encryption ” ..."
Abstract

Cited by 18 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Signcryption is a new paradigm in public key cryptography that simultaneously fulfills both the functions of digital signature and public key encryption in a logically single step, and with a cost significantly lower than that required by the traditional “signature followed by encryption ” approach. This paper summarizes currently known construction methods for signcryption, carries out a comprehensive comparison between signcryption and “signature followed by encryption”, and suggests a number of applications of signcryption in the search of efficient security solutions based on public key cryptography.
Key improvements to XTR
 PROCEEDINGS OF ASIACRYPT 2000, LNCS 1976
, 2000
"... This paper describes improved methods for XTR key representation and parameter generation (cf. [4]). If the field characteristic is properly chosen, the size of the XTR public key for signature applications can be reduced by a factor of three at the cost of a small one time computation for the reci ..."
Abstract

Cited by 15 (5 self)
 Add to MetaCart
(Show Context)
This paper describes improved methods for XTR key representation and parameter generation (cf. [4]). If the field characteristic is properly chosen, the size of the XTR public key for signature applications can be reduced by a factor of three at the cost of a small one time computation for the recipient of the key. Furthermore, the parameter setup for an XTR system can be simplified because the trace of a proper subgroup generator can, with very high probability, be computed directly, thus avoiding the probabilistic approach from [4]. These nontrivial extensions further enhance the practical potential of XTR.
On the Discrete Logarithm Problem on Algebraic Tori
 In Advances in Cryptology (CRYPTO 2005), Springer LNCS 3621, 66–85
, 2005
"... Abstract. Using a recent idea of Gaudry and exploiting rational representations of algebraic tori, we present an index calculus type algorithm for solving the discrete logarithm problem that works directly in these groups. Using a prototype implementation, we obtain practical upper bounds for the di ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Using a recent idea of Gaudry and exploiting rational representations of algebraic tori, we present an index calculus type algorithm for solving the discrete logarithm problem that works directly in these groups. Using a prototype implementation, we obtain practical upper bounds for the difficulty of solving the DLP in the tori T2(Fpm)and T6(Fpm) for various p and m. Our results do not affect the security of the cryptosystems LUC, XTR, or CEILIDH over prime fields. However, the practical efficiency of our method against other methods needs further examining, for certain choices of p and m in regions of cryptographic interest. 1
Looking beyond XTR
 IN ADVANCES IN CRYPTOLOGY — ASIACRYPT 2002, LECT. NOTES IN COMP. SCI. 2501
, 2002
"... XTR is a general methodthat can be appliedto discrete logarithm based cryptosystems in extension fields of degree six, providing a compact representation of the elements involved. In this paper we present a precise formulation of the BrouwerPellikaanVerheul conjecture, originally posedin [4], con ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
(Show Context)
XTR is a general methodthat can be appliedto discrete logarithm based cryptosystems in extension fields of degree six, providing a compact representation of the elements involved. In this paper we present a precise formulation of the BrouwerPellikaanVerheul conjecture, originally posedin [4], concerning the size of XTRlike representations of elements in extension fields of arbitrary degree. If true this conjecture wouldprovide even more compact representations of elements than XTR in extension fields of degree thirty. We test the conjecture by experiment, showing that in fact it is unlikely that such a compact representation of elements can be achieved in extension fields of degree thirty.
Asymptotically optimal communication for torusbased cryptography
 In Advances in Cryptology (CRYPTO 2004), Springer LNCS 3152
, 2004
"... Abstract. We introduce a compact and efficient representation of elements of the algebraic torus. This allows us to design a new discretelog based publickey system achieving the optimal communication rate, partially answering the conjecture in [4]. For n the product of distinct primes, we construct ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We introduce a compact and efficient representation of elements of the algebraic torus. This allows us to design a new discretelog based publickey system achieving the optimal communication rate, partially answering the conjecture in [4]. For n the product of distinct primes, we construct efficient ElGamal signature and encryption schemes in a subgroup of F ∗ qn in which the number of bits exchanged is only a φ(n)/n fraction of that required in traditional schemes, while the security offered remains the same. We also present a DiffieHellman key exchange protocol averaging only φ(n) log2 q bits of communication per key. For the cryptographically important cases of n = 30 and n = 210, we transmit a 4/5 and a 24/35 fraction, respectively, of the number of bits required in XTR [14] and recent CEILIDH [24] cryptosystems. 1
An Overview of the XTR Public Key System
 IN PUBLICKEY CRYPTOGRAPHY AND COMPUTATIONAL NUMBER THEORY, VERLAGES WALTER DE GRUYTER
, 2000
"... XTR is a new method to represent elements of a subgroup of a multiplicative group of a finite field. Application of XTR in cryptographic protocols leads to substantial savings both in communication and computational overhead without compromising security. This paper describes and explains the techn ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
(Show Context)
XTR is a new method to represent elements of a subgroup of a multiplicative group of a finite field. Application of XTR in cryptographic protocols leads to substantial savings both in communication and computational overhead without compromising security. This paper describes and explains the techniques and properties that are relevant for the XTR cryptosystem and its implementation. It is based on the material from [10,?,?,?].
Generic Efficient Arithmetic Algorithms for PAFFs (Processor Adequate Finite Fields) and Related Algebraic Structures
 In Selected Areas in Cryptology – SAC 2003, SpringerVerlag LNCS 3006
, 2004
"... Abstract. In the past years several authors have considered finite fields extensions of odd characteristic optimised for a given architecture to obtain performance gains. The considered fields were however very specific. We define a Processor Adequate Finite Field (PAFF) as a field of odd characteri ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
(Show Context)
Abstract. In the past years several authors have considered finite fields extensions of odd characteristic optimised for a given architecture to obtain performance gains. The considered fields were however very specific. We define a Processor Adequate Finite Field (PAFF) as a field of odd characteristic p < 2 w where w is a CPU related word length. PAFFs have several attractive properties for cryptography. In this paper we concentrate on arithmetic aspects. We present some algorithms usually providing better performance in PAFFs than in prime fields and in previously proposed instances of extension fields of comparable size.
Key Length
 CONTRIBUTION TO “THE HANDBOOK OF INFORMATION SECURITY"
, 2004
"... The key length used for a cryptographic protocol determines the highest security it can offer. If the key is found or ‘broken’, the security is undermined. Thus, key lengths must be chosen in accordance with the desired security. In practice, key lengths are mostly determined by standards, legacy sy ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
The key length used for a cryptographic protocol determines the highest security it can offer. If the key is found or ‘broken’, the security is undermined. Thus, key lengths must be chosen in accordance with the desired security. In practice, key lengths are mostly determined by standards, legacy system compatibility issues, and vendors. From a theoretical point of view selecting key lengths is more involved. Understanding the relation between security and key lengths and the impact of anticipated and unexpected cryptanalytic progress, requires insight into the design of the cryptographic methods and the mathematics involved in the attempts at breaking them. In this chapter practical and theoretical aspects of key size selection are discussed.