Results 11  20
of
32
Weak Fields for ECC
, 2003
"... We demonstrate that some finite fields, including F 2 210 , are weak for elliptic curve cryptography in the sense that any instance of the elliptic curve discrete logarithm problem for any elliptic curve over these fields can be solved in significantly less time than it takes Pollard's rho method to ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
We demonstrate that some finite fields, including F 2 210 , are weak for elliptic curve cryptography in the sense that any instance of the elliptic curve discrete logarithm problem for any elliptic curve over these fields can be solved in significantly less time than it takes Pollard's rho method to solve the hardest instances. We discuss the implications of our observations to elliptic curve cryptography, and list some open problems.
A Comparison of CEILIDH and XTR
 IN ALGORITHMIC NUMBER THEORY SYMPOSIUM (ANTS), SPRINGERVERLAG LNCS 3076
, 2004
"... We give a comparison of the performance of the recently proposed torusbased public key cryptosystem CEILIDH, and XTR. Underpinning both systems is the mathematics of the two dimensional algebraic torus T6(Fp). However, while they both attain the same discrete logarithm security and each achieve ..."
Abstract

Cited by 7 (6 self)
 Add to MetaCart
We give a comparison of the performance of the recently proposed torusbased public key cryptosystem CEILIDH, and XTR. Underpinning both systems is the mathematics of the two dimensional algebraic torus T6(Fp). However, while they both attain the same discrete logarithm security and each achieve a compression factor of three for all data transmissions, the arithmetic performed in each is fundamentally different. In its inception, the designers of CEILIDH were reluctant to claim it offers any particular advantages over XTR other than its exact compression and decompression technique. From both an algorithmic and arithmetic perspective, we develop an e#cientversion of CEILIDH and show that while it seems bound to be inherently slower than XTR, the difference in performance is much smaller than what one might infer from the original description. Also, thanks to CEILIDH's simple group law, it provides a greater flexibility for applications, and maythus be considered a worthwhile alternative to XTR.
The parallelized Pollard kangaroo method in real quadratic function
 Mathematics of Computation
"... Abstract. We show how to use the parallelized kangaroo method for computing invariants in real quadratic function fields. Specifically, we show how to apply the kangaroo method to the infrastructure in these fields. We also show how to speed up the computation by using heuristics on the distribution ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
Abstract. We show how to use the parallelized kangaroo method for computing invariants in real quadratic function fields. Specifically, we show how to apply the kangaroo method to the infrastructure in these fields. We also show how to speed up the computation by using heuristics on the distribution of the divisor class number, and by using the relatively inexpensive baby steps in the real quadratic model of a hyperelliptic function field. Furthermore, we provide examples for regulators and class numbers of hyperelliptic function fields of genus 3 that are larger than those ever reported before. 1.
Catching Kangaroos in Function Fields
, 1999
"... this paper we generalize the parallelized lambda method for computing invariants in real quadratic function fields. ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
this paper we generalize the parallelized lambda method for computing invariants in real quadratic function fields.
Near Optimal Bounds for Collision in Pollard Rho for Discrete Log
 Proc. of the 48th Annual Symposium on Foundations of Computer Science (FOCS
, 2007
"... We analyze a fairly standard idealization of Pollard’s Rho algorithm for finding the discrete logarithm in a cyclic group G. It is found that, with high probability, a collision occurs in O ( � G  log G  log log G) steps, not far from the widely conjectured value of Θ ( � G). This improves ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
We analyze a fairly standard idealization of Pollard’s Rho algorithm for finding the discrete logarithm in a cyclic group G. It is found that, with high probability, a collision occurs in O ( � G  log G  log log G) steps, not far from the widely conjectured value of Θ ( � G). This improves upon a recent result of Miller–Venkatesan which showed an upper bound of O ( � G  log 3 G). Our proof is based on analyzing an appropriate nonreversible, nonlazy random walk on a discrete cycle of (odd) length G, and showing that the mixing time of the corresponding walk is O(log G  log log G). 1
Distributed Asymmetric Verification in Computational Grids
, 2008
"... Lucrative incentives in grid computing do not only attract honest participants, but also cheaters. To prevent selfish behavior, verification mechanisms are required. Today’s solutions mostly base on redundancy and inherently exhibit a considerable overhead. Often, however, the verification of a resu ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
Lucrative incentives in grid computing do not only attract honest participants, but also cheaters. To prevent selfish behavior, verification mechanisms are required. Today’s solutions mostly base on redundancy and inherently exhibit a considerable overhead. Often, however, the verification of a result takes much less time than its computation. In this paper we propose a distributed checking scheme that exploits this asymmetry. Our mechanism detects wrong results and excludes cheaters in a distributed manner and hence disburdens the central grid server. We show how the verification scheme is used in an application which aims at breaking the discrete logarithm problem by a parallel implementation of the Pollardρ algorithm. Our implementation extends the BOINC server software and is robust to various rational attacks even in the presence of colluders.
Random Cayley Digraphs and the Discrete Logarithm
 ANTSV), Lecture Notes in Computer Science
, 2002
"... Abstract. We formally show that there is an algorithm for dlog over all abelian groups that runs in expected optimal time (up to logarithmic factors) and uses only a small amount of space. To our knowledge, this is the first such analysis. Our algorithm is a modification of the classic Pollard rho, ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Abstract. We formally show that there is an algorithm for dlog over all abelian groups that runs in expected optimal time (up to logarithmic factors) and uses only a small amount of space. To our knowledge, this is the first such analysis. Our algorithm is a modification of the classic Pollard rho, introducing explicit randomization of the parameters for the updating steps of the algorithm, and is analyzed using random walks with limited independence over abelian groups (a study which is of its own interest). Our analysis shows that finding cycles in such large graphs over groups that can be efficiently locally navigated is as hard as dlog. 1
Computational Methods in Public Key Cryptology
, 2002
"... These notes informally review the most common methods from computational number theory that have applications in public key cryptology. ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
These notes informally review the most common methods from computational number theory that have applications in public key cryptology.
The Number of Partitions in Pollard Rho
, 2011
"... This technical report was originally a note dated 1 May 1998, not intended for publication. This version is identical to the original, though we’ve taken the opportunity to update references and correct a minor typo. 1 ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
This technical report was originally a note dated 1 May 1998, not intended for publication. This version is identical to the original, though we’ve taken the opportunity to update references and correct a minor typo. 1
Solving Discrete Logarithms in SmoothOrder Groups with CUDA 1
"... This paper chronicles our experiences using CUDA to implement a parallelized variant of Pollard’s rho algorithm to solve discrete logarithms in groups with cryptographically large moduli but smooth order using commodity GPUs. We first discuss some key design constraints imposed by modern GPU archite ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
This paper chronicles our experiences using CUDA to implement a parallelized variant of Pollard’s rho algorithm to solve discrete logarithms in groups with cryptographically large moduli but smooth order using commodity GPUs. We first discuss some key design constraints imposed by modern GPU architectures and the CUDA framework, and then explain how we were able to implement efficient arbitraryprecision modular multiplication within these constraints. Our implementation can execute roughly 51.9 million 768bit modular multiplications per second — or a whopping 840 million 192bit modular multiplications per second — on a single Nvidia Tesla M2050 GPU card, which is a notable improvement over all previous results on comparable hardware. We leverage this fast modular multiplication in our implementation of the parallel rho algorithm, which can solve discrete logarithms modulo a 1536bit RSA number with a 2 55smooth totient in less than two minutes. We conclude the paper by discussing implications to discrete logarithmbased cryptosystems, and by pointing out how efficient implementations of parallel rho (or related algorithms) lead to trapdoor discrete logarithm groups; we also point out two potential cryptographic applications for the latter. Our code is written in C for CUDA and PTX; it is open source and freely available for download online. 1