Results 1  10
of
11
Guide to Elliptic Curve Cryptography
, 2004
"... Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves ..."
Abstract

Cited by 369 (17 self)
 Add to MetaCart
Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves also figured prominently in the recent proof of Fermat's Last Theorem by Andrew Wiles. Originally pursued for purely aesthetic reasons, elliptic curves have recently been utilized in devising algorithms for factoring integers, primality proving, and in publickey cryptography. In this article, we aim to give the reader an introduction to elliptic curve cryptosystems, and to demonstrate why these systems provide relatively small block sizes, highspeed software and hardware implementations, and offer the highest strengthperkeybit of any known publickey scheme.
Extending the GHS Weil descent attack
 Advances in CryptologyEUROCRYPT 2002, LNCS 2332
, 2002
"... Abstract. In this paper we extend the Weil descent attack due to Gaudry, Hess and Smart (GHS) to a much larger class of elliptic curves. This extended attack applies to fields of composite degree over F2. The principle behind the extended attack is to use isogenies to find an elliptic curve for whic ..."
Abstract

Cited by 38 (1 self)
 Add to MetaCart
Abstract. In this paper we extend the Weil descent attack due to Gaudry, Hess and Smart (GHS) to a much larger class of elliptic curves. This extended attack applies to fields of composite degree over F2. The principle behind the extended attack is to use isogenies to find an elliptic curve for which the GHS attack is effective. The discrete logarithm problem on the target curve can be transformed into a discrete logarithm problem on the isogenous curve. A further contribution of the paper is to give an improvement to an algorithm of Galbraith for constructing isogenies between elliptic curves, and this is of independent interest in elliptic curve cryptography. We show that a larger proportion than previously thought of elliptic curves over F 2 155 should be considered weak. 1
A generalized method for constructing subquadratic complexity GF(2 k ) multipliers
 IEEE Transactions on Computers
, 2004
"... We introduce a generalized method for constructing subquadratic complexity multipliers for even characteristic field extensions. The construction is obtained by recursively extending short convolution algorithms and nesting them. To obtain the short convolution algorithms the Winograd short convolu ..."
Abstract

Cited by 22 (0 self)
 Add to MetaCart
We introduce a generalized method for constructing subquadratic complexity multipliers for even characteristic field extensions. The construction is obtained by recursively extending short convolution algorithms and nesting them. To obtain the short convolution algorithms the Winograd short convolution algorithm is reintroduced and analyzed in the context of polynomial multiplication. We present a recursive construction technique that extends any d point multiplier into an n = d k point multiplier with area that is subquadratic and delay that is logarithmic in the bitlength n. We present a thorough analysis that establishes the exact space and time complexities of these multipliers. Using the recursive construction method we obtain six new constructions, among which one turns out to be identical to the Karatsuba multiplier. All six algorithms have subquadratic space complexities and two of the algorithms have significantly better time complexities than the Karatsuba algorithm. Keywords: Bitparallel multipliers, finite fields, Winograd convolution 1
An Elliptic Curve Processor Suitable For RFIDTags
, 2006
"... RFIDTags are small devices used for identification purposes in many applications nowadays. ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
RFIDTags are small devices used for identification purposes in many applications nowadays.
Weak Fields for ECC
, 2003
"... We demonstrate that some finite fields, including F 2 210 , are weak for elliptic curve cryptography in the sense that any instance of the elliptic curve discrete logarithm problem for any elliptic curve over these fields can be solved in significantly less time than it takes Pollard's rho method to ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
We demonstrate that some finite fields, including F 2 210 , are weak for elliptic curve cryptography in the sense that any instance of the elliptic curve discrete logarithm problem for any elliptic curve over these fields can be solved in significantly less time than it takes Pollard's rho method to solve the hardest instances. We discuss the implications of our observations to elliptic curve cryptography, and list some open problems.
Constructing composite field representations for efficient conversion
 IEEE Transactions on Computers
, 2003
"... Abstract—This paper describes a method of construction of a composite field representation from a given binary field representation. We derive the conversion (change of basis) matrix. The special case of when the degree of the ground field is relatively prime to the extension degree, where the irred ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract—This paper describes a method of construction of a composite field representation from a given binary field representation. We derive the conversion (change of basis) matrix. The special case of when the degree of the ground field is relatively prime to the extension degree, where the irreducible polynomial generating the composite field has its coefficients from the binary prime field rather than the ground field, is also treated. Furthermore, certain generalizations of the proposed construction method, e.g., the use of nonprimitive elements and the construction of composite fields with special irreducible polynomials, are also discussed. Finally, we give storageefficient conversion algorithms between the binary and composite fields when the degree of the ground field is relatively prime to the extension degree. Index Terms—Composite and binary fields, primitive element, change of basis, AES. 1
Elliptic Curve Cryptography (ECC) for Host Identity Protocol (HIP)
"... Abstract—We compare computational resources required for handling control plane of the Host Identity Protocol (HIP) using RivestShamirAdleman (RSA) versus Elliptic Curve Cryptography (ECC) encryption algorithms with keys of equivalent strength. We show that servers would establish almost three tim ..."
Abstract
 Add to MetaCart
Abstract—We compare computational resources required for handling control plane of the Host Identity Protocol (HIP) using RivestShamirAdleman (RSA) versus Elliptic Curve Cryptography (ECC) encryption algorithms with keys of equivalent strength. We show that servers would establish almost three times more HIP connections per second when ECC is used for generating the session key. For devices with low computational power such as Nokia N810 Internet Tablet, the use of ECC would notably reduce the delay to establish a HIP association. Unless compatibility with legacy RSA/DSAonly systems is needed, the Host Identity may be an ECC key as well, but such a modification would bring only 50 percent additional performance with the current default keys. However the situation becomes different under higher security requirements when employing ECC for the host identification boosts the performance more than four times, and we consider ECC Host Identities desirable in that case. I.
Weil descent attack for Kummer extensions
"... In this paper, we show how the Weil descent attack of Gaudry, Hess and Smart can be adapted to work for some hyperelliptic curves defined over fields of odd characteristic. This attack applies to a family of hyperelliptic and superelliptic curves over quadratic field extensions, as well as two famil ..."
Abstract
 Add to MetaCart
In this paper, we show how the Weil descent attack of Gaudry, Hess and Smart can be adapted to work for some hyperelliptic curves defined over fields of odd characteristic. This attack applies to a family of hyperelliptic and superelliptic curves over quadratic field extensions, as well as two families of hyperelliptic curves defined over cubic extensions. We also show that those are the only families of nonsingular curves defining Kummer extensions for which this method will work. 1
Cover Attacks
, 2003
"... In this report, we give an overview of a certain class of attacks on elliptic and hyperelliptic curve cryptography. The attacks we will discuss are only applicable if one considers discrete logarithms in class groups of elliptic or hyperelliptic curves over finite nonprime fields. ..."
Abstract
 Add to MetaCart
In this report, we give an overview of a certain class of attacks on elliptic and hyperelliptic curve cryptography. The attacks we will discuss are only applicable if one considers discrete logarithms in class groups of elliptic or hyperelliptic curves over finite nonprime fields.
Weil Descent Attack for ArtinSchreier Curves
"... In this paper, we show how the method introduced by Gaudry, Hess and Smart can be extended to a family of algebraic curves using ArtinSchreier extensions. This family also extends the number of hyperelliptic curves in characteristic 2 vulnarable to the Weil decent attack obtained by Galbraith. We a ..."
Abstract
 Add to MetaCart
In this paper, we show how the method introduced by Gaudry, Hess and Smart can be extended to a family of algebraic curves using ArtinSchreier extensions. This family also extends the number of hyperelliptic curves in characteristic 2 vulnarable to the Weil decent attack obtained by Galbraith. We also show that the genus of the resulting curve will be one of two easily computable values. 1