Results 1  10
of
49
Guide to Elliptic Curve Cryptography
, 2004
"... Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves ..."
Abstract

Cited by 382 (17 self)
 Add to MetaCart
Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves also figured prominently in the recent proof of Fermat's Last Theorem by Andrew Wiles. Originally pursued for purely aesthetic reasons, elliptic curves have recently been utilized in devising algorithms for factoring integers, primality proving, and in publickey cryptography. In this article, we aim to give the reader an introduction to elliptic curve cryptosystems, and to demonstrate why these systems provide relatively small block sizes, highspeed software and hardware implementations, and offer the highest strengthperkeybit of any known publickey scheme.
An algorithm for solving the discrete log problem on hyperelliptic curves
, 2000
"... Abstract. We present an indexcalculus algorithm for the computation of discrete logarithms in the Jacobian of hyperelliptic curves defined over finite fields. The complexity predicts that it is faster than the Rho method for genus greater than 4. To demonstrate the efficiency of our approach, we de ..."
Abstract

Cited by 80 (6 self)
 Add to MetaCart
Abstract. We present an indexcalculus algorithm for the computation of discrete logarithms in the Jacobian of hyperelliptic curves defined over finite fields. The complexity predicts that it is faster than the Rho method for genus greater than 4. To demonstrate the efficiency of our approach, we describe our breaking of a cryptosystem based on a curve of genus 6 recently proposed by Koblitz. 1
A General Framework for Subexponential Discrete Logarithm Algorithms in Groups of Unknown Order
, 2000
"... We develop a generic framework for the computation of logarithms in nite class groups. The model allows to formulate a probabilistic algorithm based on collecting relations in an abstract way independently of the specific type of group to which it is applied, and to prove a subexponential running ti ..."
Abstract

Cited by 56 (9 self)
 Add to MetaCart
We develop a generic framework for the computation of logarithms in nite class groups. The model allows to formulate a probabilistic algorithm based on collecting relations in an abstract way independently of the specific type of group to which it is applied, and to prove a subexponential running time if a certain smoothness assumption is verified. The algorithm proceeds in two steps: First, it determines the abstract group structure as a product of cyclic groups; second, it computes an explicit isomorphism, which can be used to extract discrete logarithms.
A Subexponential Algorithm for the Determination of Class Groups and Regulators of Algebraic Number Fields
, 1990
"... A new probabilistic algorithm for the determination of class groups and regulators of an algebraic number field F is presented. Heuristic evidence is given which shows that the expected running time of the algorithm is exp( p log D log log D) c+o(1) where D is the absolute discriminant of F , wh ..."
Abstract

Cited by 51 (5 self)
 Add to MetaCart
A new probabilistic algorithm for the determination of class groups and regulators of an algebraic number field F is presented. Heuristic evidence is given which shows that the expected running time of the algorithm is exp( p log D log log D) c+o(1) where D is the absolute discriminant of F , where c 2 R?0 is an absolute constant, and where the o(1)function depends on the degree of F . 1 Introduction Computing the class group and the regulator of an algebraic number field F are two major tasks of algorithmic algebraic number theory. In the last decade, several regulator and class group algorithms have been suggested (e.g. [16],[17],[18],[3]). In [2] the problem of the computational complexity of those algorithms was adressed for the first time. This question was then studied in [2] in great detail. The theoretical results and the computational experience show that computing class groups and regulators is a very difficult problem. More precisely, it turns out that even under the a...
Algorithms in algebraic number theory
 Bull. Amer. Math. Soc
, 1992
"... Abstract. In this paper we discuss the basic problems of algorithmic algebraic number theory. The emphasis is on aspects that are of interest from a purely mathematical point of view, and practical issues are largely disregarded. We describe what has been done and, more importantly, what remains to ..."
Abstract

Cited by 42 (4 self)
 Add to MetaCart
Abstract. In this paper we discuss the basic problems of algorithmic algebraic number theory. The emphasis is on aspects that are of interest from a purely mathematical point of view, and practical issues are largely disregarded. We describe what has been done and, more importantly, what remains to be done in the area. We hope to show that the study of algorithms not only increases our understanding of algebraic number fields but also stimulates our curiosity about them. The discussion is concentrated of three topics: the determination of Galois groups, the determination of the ring of integers of an algebraic number field, and the computation of the group of units and the class group of that ring of integers. 1.
Near Optimal Algorithms for Computing Smith Normal Forms of Integer Matrices
, 1996
"... We present new algorithms for computing Smith normal forms of matrices over the integers and over the integers modulo d. For the case of matrices over ZZ d , we present an algorithm that computes the Smith form S of an A 2 ZZ n\Thetam d in only O(n `\Gamma1 m) operations from ZZ d . Here, ` is t ..."
Abstract

Cited by 41 (4 self)
 Add to MetaCart
We present new algorithms for computing Smith normal forms of matrices over the integers and over the integers modulo d. For the case of matrices over ZZ d , we present an algorithm that computes the Smith form S of an A 2 ZZ n\Thetam d in only O(n `\Gamma1 m) operations from ZZ d . Here, ` is the exponent for matrix multiplication over rings: two n \Theta n matrices over a ring R can be multiplied in O(n ` ) operations from R. We apply our algorithm for matrices over ZZ d to get an algorithm for computing the Smith form S of an A 2 ZZ n\Thetam in O~(n `\Gamma1 m \Delta M(n log jjAjj)) bit operations (where jjAjj = max jA i;j j and M(t) bounds the cost of multiplying two dtebit integers). These complexity results improve significantly on the complexity of previously best known Smith form algorithms (both deterministic and probabilistic) which guarantee correctness. 1 Introduction The Smith normal form is a canonical diagonal form for equivalence of matrices over a princ...
On the performance of hyperelliptic cryptosystems
, 1999
"... In this paper we discuss various aspects of cryptosystems based on hyperelliptic curves. In particular we cover the implementation of the group law on such curves and how to generate suitable curves for use in cryptography. This paper presents a practical comparison between the performance of ellip ..."
Abstract

Cited by 31 (5 self)
 Add to MetaCart
In this paper we discuss various aspects of cryptosystems based on hyperelliptic curves. In particular we cover the implementation of the group law on such curves and how to generate suitable curves for use in cryptography. This paper presents a practical comparison between the performance of elliptic curve based digital signature schemes and schemes based on hyperelliptic curves. We conclude that, at present, hyperelliptic curves offer no performance advantage over elliptic curves.
Discrete Logarithms: the Effectiveness of the Index Calculus Method
, 1996
"... . In this article we survey recent developments concerning the discrete logarithm problem. Both theoretical and practical results are discussed. We emphasize the case of finite fields, and in particular, recent modifications of the index calculus method, including the number field sieve and the func ..."
Abstract

Cited by 24 (1 self)
 Add to MetaCart
. In this article we survey recent developments concerning the discrete logarithm problem. Both theoretical and practical results are discussed. We emphasize the case of finite fields, and in particular, recent modifications of the index calculus method, including the number field sieve and the function field sieve. We also provide a sketch of the some of the cryptographic schemes whose security depends on the intractibility of the discrete logarithm problem. 1 Introduction Let G be a cyclic group generated by an element t. The discrete logarithm problem in G is to compute for any b 2 G the least nonnegative integer e such that t e = b. In this case, we write log t b = e. Our purpose, in this paper, is to survey recent work on the discrete logarithm problem. Our approach is twofold. On the one hand, we consider the problem from a purely theoretical perspective. Indeed, the algorithms that have been developed to solve it not only explore the fundamental nature of one of the basic s...
Cryptographic hash functions from expander graphs
"... Abstract. We propose constructing provable collision resistant hash functions from expander graphs. As examples, we investigate two specific families of optimal expander graphs for provable hash function constructions: the families of Ramanujan graphs constructed by LubotzkyPhillipsSarnak and Pize ..."
Abstract

Cited by 19 (2 self)
 Add to MetaCart
Abstract. We propose constructing provable collision resistant hash functions from expander graphs. As examples, we investigate two specific families of optimal expander graphs for provable hash function constructions: the families of Ramanujan graphs constructed by LubotzkyPhillipsSarnak and Pizer respectively. When the hash function is constructed from one of Pizer’s Ramanujan graphs, (the set of supersingular elliptic curves over Fp2 with ℓisogenies, ℓ a prime different from p), then collision resistance follows from hardness of computing isogenies between supersingular elliptic curves. We estimate the cost per bit to compute these hash functions, and we implement our hash function for several members of the LPS graph family and give actual timings. 1