Results 1  10
of
61
Guide to Elliptic Curve Cryptography
, 2004
"... Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves ..."
Abstract

Cited by 369 (17 self)
 Add to MetaCart
Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves also figured prominently in the recent proof of Fermat's Last Theorem by Andrew Wiles. Originally pursued for purely aesthetic reasons, elliptic curves have recently been utilized in devising algorithms for factoring integers, primality proving, and in publickey cryptography. In this article, we aim to give the reader an introduction to elliptic curve cryptosystems, and to demonstrate why these systems provide relatively small block sizes, highspeed software and hardware implementations, and offer the highest strengthperkeybit of any known publickey scheme.
Software Implementation of Elliptic Curve Cryptography Over Binary Fields
, 2000
"... This paper presents an extensive and careful study of the software implementation on workstations of the NISTrecommended elliptic curves over binary fields. We also present the results of our implementation in C on a Pentium II 400 MHz workstation. ..."
Abstract

Cited by 147 (9 self)
 Add to MetaCart
This paper presents an extensive and careful study of the software implementation on workstations of the NISTrecommended elliptic curves over binary fields. We also present the results of our implementation in C on a Pentium II 400 MHz workstation.
Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms
, 2001
"... The fundamental operation in elliptic curve cryptographic schemes is that of point multiplication of an elliptic curve point by an integer. This paper describes a new method for accelerating this operation on classes of elliptic curves that have efficientlycomputable endomorphisms. One advantage of ..."
Abstract

Cited by 68 (0 self)
 Add to MetaCart
The fundamental operation in elliptic curve cryptographic schemes is that of point multiplication of an elliptic curve point by an integer. This paper describes a new method for accelerating this operation on classes of elliptic curves that have efficientlycomputable endomorphisms. One advantage of the new method is that it is applicable to a larger class of curves than previous such methods.
Software Implementation of the NIST Elliptic Curves Over Prime Fields
 TOPICS IN CRYPTOLOGY – CTRSA 2001, VOLUME 2020 OF LNCS
, 2001
"... ..."
Analysis of the Weil Descent Attack of Gaudry, Hess and Smart
, 2000
"... . We analyze the Weil descent attack of Gaudry, Hess and Smart [12] on the elliptic curve discrete logarithm problem for elliptic curves dened over F2 n , where n is prime. 1 Introduction Let E be an elliptic curve dened over a nite eld F q . The elliptic curve discrete logarithm problem (ECDLP) ..."
Abstract

Cited by 30 (5 self)
 Add to MetaCart
. We analyze the Weil descent attack of Gaudry, Hess and Smart [12] on the elliptic curve discrete logarithm problem for elliptic curves dened over F2 n , where n is prime. 1 Introduction Let E be an elliptic curve dened over a nite eld F q . The elliptic curve discrete logarithm problem (ECDLP) in E(F q ) is the following: given E, P 2 E(F q ), r = ord(P ) and Q 2 hP i, nd the integer s 2 [0; r 1] such that Q = sP . The ECDLP is of interest because its apparent intractability forms the basis for the security of elliptic curve cryptographic schemes. The elliptic curve parameters have to be carefully chosen in order to circumvent some known attacks on the ECDLP. In order to avoid the PohligHellman [19] and Pollard's rho [20, 17] attacks, r should be a large prime number, say r > 2 160 . To avoid the Weil pairing [15] and Tate pairing [8] attacks, r should not divide q k 1 for each 1 k C, where C is large enough so that it is computationally infeasible to nd discrete ...
An Overview of Elliptic Curve Cryptography
, 2000
"... Elliptic curve cryptography (ECC) was introduced by Victor Miller and Neal Koblitz in 1985. ECC proposed as an alternative to established publickey systems such as DSA and RSA, have recently gained a lot attention in industry and academia. The main reason for the attractiveness of ECC is the fact t ..."
Abstract

Cited by 29 (2 self)
 Add to MetaCart
Elliptic curve cryptography (ECC) was introduced by Victor Miller and Neal Koblitz in 1985. ECC proposed as an alternative to established publickey systems such as DSA and RSA, have recently gained a lot attention in industry and academia. The main reason for the attractiveness of ECC is the fact that there is no subexponential algorithm known to solve the discrete logarithm problem on a properly chosen elliptic curve. This means that significantly smaller parameters can be used in ECC than in other competitive systems such RSA and DSA, but with equivalent levels of security. Some benefits of having smaller key sizes include faster computations, and reductions in processing power, storage space and bandwidth. This makes ECC ideal for constrained environments such as pagers, PDAs, cellular phones and smart cards. The implementation of ECC, on the other hand, requires several choices such as the type of the underlying finite field, algorithms for implementing the finite field arithmetic and so on. In this paper we give we presen an selective overview of the main methods.
Algorithms for Multiexponentiation
 In Selected Areas in Cryptography – SAC 2001 (2001
, 2001
"... Abstract. This paper compares different approaches for computing power products � 1≤i≤k ge i i in commutative groups. We look at the conventional simultaneous exponentiation approach and present an alternative strategy, interleaving exponentiation. Our comparison shows that in general groups, someti ..."
Abstract

Cited by 20 (3 self)
 Add to MetaCart
Abstract. This paper compares different approaches for computing power products � 1≤i≤k ge i i in commutative groups. We look at the conventional simultaneous exponentiation approach and present an alternative strategy, interleaving exponentiation. Our comparison shows that in general groups, sometimes the conventional method and sometimes interleaving exponentiation is more efficient. In groups where inverting elements is easy (e.g. elliptic curves), interleaving exponentiation with signed exponent recoding usually wins over the conventional method. 1
Solving Elliptic Curve Discrete Logarithm Problems Using Weil Descent
 JOURNAL OF THE RAMANUJAN MATHEMATICAL SOCIETY
, 2001
"... We provide the first cryptographically interesting instance of the elliptic curve discrete logarithm problem which resists all previously known attacks, but which can be solved with modest computer resources using the Weil descent attack methodology of Frey. We report on our implementation of index ..."
Abstract

Cited by 18 (3 self)
 Add to MetaCart
We provide the first cryptographically interesting instance of the elliptic curve discrete logarithm problem which resists all previously known attacks, but which can be solved with modest computer resources using the Weil descent attack methodology of Frey. We report on our implementation of indexcalculus methods for hyperelliptic curves over characteristic two finite fields, and discuss the cryptographic implications of our results.
Alternative digit sets for nonadjacent representations, Selected areas in cryptography
 Lecture Notes in Comput. Sci
, 2004
"... Abstract. It is known that every positive integer n can be represented as a finite sum of the form n = P ai2 i, where ai ∈ {0, 1, −1} for all i, and no two consecutive ai’s are nonzero. Such sums are called nonadjacent representations. Nonadjacent representations are useful in efficiently implement ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
Abstract. It is known that every positive integer n can be represented as a finite sum of the form n = P ai2 i, where ai ∈ {0, 1, −1} for all i, and no two consecutive ai’s are nonzero. Such sums are called nonadjacent representations. Nonadjacent representations are useful in efficiently implementing elliptic curve arithmetic for cryptographic applications. In this paper, we investigate if other digit sets of the form {0, 1, x}, where x is an integer, provide each positive integer with a nonadjacent representation. If a digit set has this property we call it a nonadjacent digit set (NADS). We present an algorithm to determine if {0, 1, x} is a NADS; and if it is, we present an algorithm to efficiently determine the nonadjacent representation of any positive integer. We also present some necessary and sufficient conditions for {0, 1, x} to be a NADS. These conditions are used to exhibit infinite families of integers x such that {0, 1, x} is a NADS, as well as infinite families of x such that {0, 1, x} is not a NADS. 1