Results 11  20
of
45
Index Calculus for Abelian Varieties and the Elliptic Curve Discrete Logarithm Problem
, 2004
"... We propose an index calculus algorithm for the discrete logarithm problem on general abelian varieties. The main difference with the previous approaches is that we do not make use of any embedding into the Jacobian of a wellsuited curve. We apply this algorithm to the Weil restriction of elliptic c ..."
Abstract

Cited by 24 (3 self)
 Add to MetaCart
We propose an index calculus algorithm for the discrete logarithm problem on general abelian varieties. The main difference with the previous approaches is that we do not make use of any embedding into the Jacobian of a wellsuited curve. We apply this algorithm to the Weil restriction of elliptic curves and hyperelliptic curves over small degree extension fields. In particular, our attack can solve all elliptic curve discrete logarithm problems defined over F q 3 in time O(q ), with a reasonably small constant; and an elliptic problem over F q 4 or a genus 2 problem over F p 2 in time O(q ) with a larger constant.
A reconfigurable system on chip implementation for elliptic curve cryptography over GF(2^n)
, 2002
"... The performance of elliptic curve based public key cryptosystems is mainly appointed by the efficiency of the underlying finite field arithmetic. This work describes two generic and scalable architectures of finite field coprocessors, which are implemented within the latest family of Field Programm ..."
Abstract

Cited by 23 (2 self)
 Add to MetaCart
(Show Context)
The performance of elliptic curve based public key cryptosystems is mainly appointed by the efficiency of the underlying finite field arithmetic. This work describes two generic and scalable architectures of finite field coprocessors, which are implemented within the latest family of Field Programmable System Level Integrated Circuits FPSLIC from Atmel, Inc. The HW architectures are adapted from Karatsuba’s divide and conquer algorithm and allow for a reasonable speedup of the toplevel elliptic curve algorithms. The VHDL hardware models are automatically generated based on an eligible operand size, which permits the optimal utilization of a particular FPSLIC device.
Solving Elliptic Curve Discrete Logarithm Problems Using Weil Descent
 JOURNAL OF THE RAMANUJAN MATHEMATICAL SOCIETY
, 2001
"... We provide the first cryptographically interesting instance of the elliptic curve discrete logarithm problem which resists all previously known attacks, but which can be solved with modest computer resources using the Weil descent attack methodology of Frey. We report on our implementation of index ..."
Abstract

Cited by 19 (3 self)
 Add to MetaCart
We provide the first cryptographically interesting instance of the elliptic curve discrete logarithm problem which resists all previously known attacks, but which can be solved with modest computer resources using the Weil descent attack methodology of Frey. We report on our implementation of indexcalculus methods for hyperelliptic curves over characteristic two finite fields, and discuss the cryptographic implications of our results.
An Elliptic Curve Processor Suitable For RFID Tags
"... RFIDTags are small devices used for identification purposes in many applications nowadays. It is expected that they will enable many new applications and link the physical and the virtual world in the near future. Since the processing power of these devices is low, they are often in the line of re ..."
Abstract

Cited by 19 (1 self)
 Add to MetaCart
RFIDTags are small devices used for identification purposes in many applications nowadays. It is expected that they will enable many new applications and link the physical and the virtual world in the near future. Since the processing power of these devices is low, they are often in the line of re when their security and privacy is concerned. It is widely believed that devices with such constrained resources can not carry out sufficient cryptographic operations to guarantee security in new applications. In this paper, we show that identification of RFIDTags can reach high security levels. In particular, we show how secure identification protocols based on the DL problem on elliptic curves are implemented on a constrained device such as an RFIDTag requiring between 8,500 and 14,000 gates, depending on the implementation characteristics. We investigate the case of elliptic curves over F2p with p prime and over composite fields F22p. The implementations in this paper make RFIDTags suitable for anticounterfeiting purposes even in the offline setting.
Fast Hashing Onto Elliptic Curves Over Fields of Characteristic 3
, 2001
"... We describe a fast hash algorithm that maps arbitrary messages onto points of an elliptic curve defined over a finite field of characteristic 3. Our new scheme runs in time O(m²) for curves over F3 m . The best previous algorithm for this task runs in time O(m³). Experimental data confirms the speed ..."
Abstract

Cited by 18 (0 self)
 Add to MetaCart
We describe a fast hash algorithm that maps arbitrary messages onto points of an elliptic curve defined over a finite field of characteristic 3. Our new scheme runs in time O(m²) for curves over F3 m . The best previous algorithm for this task runs in time O(m³). Experimental data confirms the speedup by a factor O(m), or approximately a hundred times for practical m values. Our results apply for both standard and normal basis representations of F3 m .
Fast Normal Basis Multiplication Using General Purpose Processors
 IEEE Trans. on Computers
, 2003
"... ..."
(Show Context)
Efficient Computation of Multiplicative Inverse for Cryptographic Applications
 Proceeding of the 15th IEEE Symposium on Computer Arithmetic
"... ..."
Weil Descent Of Jacobians
 Discrete Applied Mathematics
, 2001
"... . The technique of Weil restriction of scalars has significant implications for elliptic curve cryptography. In this paper we apply these ideas to the case of the discrete logarithm problem in the Jacobian of a curve of genus greater than one over a finite field F q n where n ? 1. 1. ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
(Show Context)
. The technique of Weil restriction of scalars has significant implications for elliptic curve cryptography. In this paper we apply these ideas to the case of the discrete logarithm problem in the Jacobian of a curve of genus greater than one over a finite field F q n where n ? 1. 1.
Low Complexity WordLevel Sequential Normal Basis Multipliers
 IEEE Trans. Computers
, 2005
"... Abstract—For efficient hardware implementation of finite field arithmetic units, the use of a normal basis is advantageous. In this paper, two classes of architectures for multipliers over the finite field GF ð2mÞ are proposed. These multipliers are of sequential type, i.e., after receiving the coor ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
(Show Context)
Abstract—For efficient hardware implementation of finite field arithmetic units, the use of a normal basis is advantageous. In this paper, two classes of architectures for multipliers over the finite field GF ð2mÞ are proposed. These multipliers are of sequential type, i.e., after receiving the coordinates of the two input field elements, they go through k, 1 k m, iterations (i.e., clock cycles) to finally yield all the coordinates of the product in parallel. The value of k depends on the word size w mk. For w> 1, these multipliers are highly area efficient and require fewer number of logic gates even when compared with the most area efficient multipliers available in the open literature. This makes the proposed multipliers suitable for applications where the value ofm is large but space is of concern, e.g., resource constrained cryptographic systems. Additionally, if the field dimension m is composite, i.e., m kn, then the extension of one class of the architectures yields a highly efficient multiplier over composite fields. Index Terms—Finite field, MasseyOmura multiplier, optimal normal basis. 1
New Paradigms in Signature Schemes
, 2005
"... Digital signatures provide authenticity and nonrepudiation. They are a standard cryptographic primitive with many applications in higherlevel protocols. Groups featuring a computable bilinear map are particularly well suited for signaturerelated primitives. For some signature variants the only con ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
(Show Context)
Digital signatures provide authenticity and nonrepudiation. They are a standard cryptographic primitive with many applications in higherlevel protocols. Groups featuring a computable bilinear map are particularly well suited for signaturerelated primitives. For some signature variants the only construction known uses bilinear maps. Where constructions based on, e.g., RSA are known, bilinearmap–based constructions are simpler, more efficient, and yield shorter signatures. We describe several constructions that support this claim. First, we present the BonehLynnShacham (BLS) short signature scheme. BLS signatures with 1024bit security are 160 bits long, the shortest of any scheme based on standard assumptions. Second, we present BonehGentryLynnShacham (BGLS) aggregate signatures. In an aggregate signature scheme it is possible to combine n signatures on n distinct messages from n distinct users into a single aggregate that provides nonrepudiation for all of them. BGLS aggregates are 160 bits long, regardless of how many signatures are aggregated. No construction is known for aggregate signatures that does not employ bilinear maps. BGLS aggregates give rise to verifiably encrypted signatures, a signature variant with applications in contract signing.