Results 11  20
of
27
Solving Elliptic Curve Discrete Logarithm Problems Using Weil Descent
 JOURNAL OF THE RAMANUJAN MATHEMATICAL SOCIETY
, 2001
"... We provide the first cryptographically interesting instance of the elliptic curve discrete logarithm problem which resists all previously known attacks, but which can be solved with modest computer resources using the Weil descent attack methodology of Frey. We report on our implementation of index ..."
Abstract

Cited by 18 (3 self)
 Add to MetaCart
We provide the first cryptographically interesting instance of the elliptic curve discrete logarithm problem which resists all previously known attacks, but which can be solved with modest computer resources using the Weil descent attack methodology of Frey. We report on our implementation of indexcalculus methods for hyperelliptic curves over characteristic two finite fields, and discuss the cryptographic implications of our results.
A reconfigurable system on chip implementation for elliptic curve cryptography over GF(2^n)
, 2002
"... The performance of elliptic curve based public key cryptosystems is mainly appointed by the efficiency of the underlying finite field arithmetic. This work describes two generic and scalable architectures of finite field coprocessors, which are implemented within the latest family of Field Programm ..."
Abstract

Cited by 18 (0 self)
 Add to MetaCart
The performance of elliptic curve based public key cryptosystems is mainly appointed by the efficiency of the underlying finite field arithmetic. This work describes two generic and scalable architectures of finite field coprocessors, which are implemented within the latest family of Field Programmable System Level Integrated Circuits FPSLIC from Atmel, Inc. The HW architectures are adapted from Karatsuba’s divide and conquer algorithm and allow for a reasonable speedup of the toplevel elliptic curve algorithms. The VHDL hardware models are automatically generated based on an eligible operand size, which permits the optimal utilization of a particular FPSLIC device.
An Elliptic Curve Processor Suitable For RFIDTags
, 2006
"... RFIDTags are small devices used for identification purposes in many applications nowadays. ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
RFIDTags are small devices used for identification purposes in many applications nowadays.
Fast Hashing Onto Elliptic Curves Over Fields of Characteristic 3
, 2001
"... We describe a fast hash algorithm that maps arbitrary messages onto points of an elliptic curve de ned over a nite eld of characteristic 3. Our new scheme runs in time O(m 2 ) for curves over F3 m . The best previous algorithm for this task runs in time O(m 3 ). Experimental data con rms the speedup ..."
Abstract

Cited by 14 (0 self)
 Add to MetaCart
We describe a fast hash algorithm that maps arbitrary messages onto points of an elliptic curve de ned over a nite eld of characteristic 3. Our new scheme runs in time O(m 2 ) for curves over F3 m . The best previous algorithm for this task runs in time O(m 3 ). Experimental data con rms the speedup by a factor O(m), or approximately a hundred times for practical m values. Our results apply for both standard and normal basis representations of F3 m . 1
Fast Normal Basis Multiplication Using General Purpose Processors
 IEEE Transaction on Computers
, 2001
"... Abstract For cryptographic applications, normal bases have received considerable attention, especially for hardware implementation. In this document, we consider fast software algorithms for normal basis multiplication over the extended binary o/eld GF(2m). We present a vectorlevel algorithm which ..."
Abstract

Cited by 14 (2 self)
 Add to MetaCart
Abstract For cryptographic applications, normal bases have received considerable attention, especially for hardware implementation. In this document, we consider fast software algorithms for normal basis multiplication over the extended binary o/eld GF(2m). We present a vectorlevel algorithm which essentially eliminates the bitwise inner products needed in the conventional approach to the normal basis multiplication. We then present another algorithm which signio/cantly reduces the dynamic instruction counts. Both algorithms utilize the full width of the datapath of the general purpose processor on which the software is to be executed. We also consider composite o/elds and present an algorithm which can provide further speedups and an added AEexibility toward hardwaresoftware codesign of processors for very large o/nite o/elds.
Efficient Computation of Multiplicative Inverses for Cryptographic Applications
, 2001
"... Among the basic arithmetic operations over nite elds, the computation of a multiplicative inverse is the most time consuming operation. In this report, a number of methods are presented to eciently compute the inverse using the extended Euclidean algorithm. The proposed methods can signicantly r ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
Among the basic arithmetic operations over nite elds, the computation of a multiplicative inverse is the most time consuming operation. In this report, a number of methods are presented to eciently compute the inverse using the extended Euclidean algorithm. The proposed methods can signicantly reduce the computation time over large elds where the eld elements are represented using a multiprecision format. A hardware structure for the inverter is also presented. The structure is area ecient and is suitable for resource constrained systems. Index Terms: Computer arithmetic, Galois (or nite) elds, multiplicative inversion, elliptic curve cryptography, Euclidean algorithm. Most of the work was done during the author's sabbatical leave with the Motorola Labs., Schaumburg, IL, USA. The author wishes to thank Larry Puhl for his encouragement to pursue this work. The author is grateful to Ezzy Dabbish and Tom Messerges for their useful comments on the draft of the manuscri...
Weil Descent Of Jacobians
 Discrete Applied Mathematics
, 2001
"... . The technique of Weil restriction of scalars has significant implications for elliptic curve cryptography. In this paper we apply these ideas to the case of the discrete logarithm problem in the Jacobian of a curve of genus greater than one over a finite field F q n where n ? 1. 1. ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
. The technique of Weil restriction of scalars has significant implications for elliptic curve cryptography. In this paper we apply these ideas to the case of the discrete logarithm problem in the Jacobian of a curve of genus greater than one over a finite field F q n where n ? 1. 1.
New Paradigms in Signature Schemes
, 2005
"... Digital signatures provide authenticity and nonrepudiation. They are a standard cryptographic primitive with many applications in higherlevel protocols. Groups featuring a computable bilinear map are particularly well suited for signaturerelated primitives. For some signature variants the only con ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
Digital signatures provide authenticity and nonrepudiation. They are a standard cryptographic primitive with many applications in higherlevel protocols. Groups featuring a computable bilinear map are particularly well suited for signaturerelated primitives. For some signature variants the only construction known uses bilinear maps. Where constructions based on, e.g., RSA are known, bilinearmap–based constructions are simpler, more efficient, and yield shorter signatures. We describe several constructions that support this claim. First, we present the BonehLynnShacham (BLS) short signature scheme. BLS signatures with 1024bit security are 160 bits long, the shortest of any scheme based on standard assumptions. Second, we present BonehGentryLynnShacham (BGLS) aggregate signatures. In an aggregate signature scheme it is possible to combine n signatures on n distinct messages from n distinct users into a single aggregate that provides nonrepudiation for all of them. BGLS aggregates are 160 bits long, regardless of how many signatures are aggregated. No construction is known for aggregate signatures that does not employ bilinear maps. BGLS aggregates give rise to verifiably encrypted signatures, a signature variant with applications in contract signing.
A Weil Descent Attack against Elliptic Curve Cryptosystems over . . .
 In Proc. of SCIS2004
, 2004
"... This paper shows that many of elliptic curve cryptosystems over quartic extension fields of odd characteristics are reduced to genus two hyperelliptic curve cryptosystems over quadratic extension fields. Moreover, it shows that almost all of the genus two hyperelliptic curve cryptosystems over q ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
This paper shows that many of elliptic curve cryptosystems over quartic extension fields of odd characteristics are reduced to genus two hyperelliptic curve cryptosystems over quadratic extension fields. Moreover, it shows that almost all of the genus two hyperelliptic curve cryptosystems over quadratic extension fields of odd characteristics come under Weil descent attack. This means that many of elliptic curve cryptosystems over quartic extension fields of odd characteristics can be attacked by Weil descent uniformly.
Trace Zero Subvariety for Cryptosystems
, 2003
"... We present a kind of group suitable for cryptographic applications: the trace zero subvariety. The construction is based on Weil descent from curves of genus two over extension fields F p n , n = 3. ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
We present a kind of group suitable for cryptographic applications: the trace zero subvariety. The construction is based on Weil descent from curves of genus two over extension fields F p n , n = 3.