Abstract. We propose methods for mutual authentication and key exchange. Our methods are well suited for applications with strict power consumption restrictions, such as wireless medical implants and contactless smart cards. We prove the security of our schemes based on the discrete log gap problem.

Abstract. We present a new algorithm for computing the structure of a finite abelian group, which has to store only a fixed, small number of group elements, independent of the group order. We estimate the computational complexity by counting the group operations such as multiplications and equality checks. Under some plausible assumptions, we prove that the expected run time is O ( √ n)(withndenoting the group order), and we explicitly determine the Oconstants. We implemented our algorithm for ideal class groups of imaginary quadratic orders and present experimental results. 1.

Abstract. We show how to use the parallelized kangaroo method for computing invariants in real quadratic function fields. Specifically, we show how to apply the kangaroo method to the infrastructure in these fields. We also show how to speed up the computation by using heuristics on the distribution of the divisor class number, and by using the relatively inexpensive baby steps in the real quadratic model of a hyperelliptic function field. Furthermore, we provide examples for regulators and class numbers of hyperelliptic function fields of genus 3 that are larger than those ever reported before. 1.

proefschrift ter verkrijging van de graad van doctor aan de Technische Universiteit Eindhoven, op gezag van de Rector Magnificus, prof.dr. R.A. van Santen, voor een commissie aangewezen door het College voor Promoties in het openbaar te verdedigen op woensdag 4 juni 2003 om 16.00 uur door

In this paper, we present a simple method for generating random-based signatures when random number generators are either unavailable or of suspected quality (malicious or accidental).

Abstract. We provide a number of results that can be used to derive approximations for the Euler product representation of the zeta function of an arbitrary algebraic function field. Three such approximations are given here. Our results have two main applications. They lead to a computationally suitable algorithm for computing the class number of an arbitrary function field. The ideas underlying the class number algorithms in turn can be used to analyze the distribution of the zeros of its zeta function. 1.

We demonstrate the cryptographic usefulness of a small subgroup of Z # n of hidden order. Cryptographic schemes for integer commitment and digital signatures have been suggested over large subgroups of Z # n , by reducing the order of the groups we obtain quite similar but more e#cient schemes. The underlying cryptographic assumption resembles the strong RSA assumption.

We present a detailed analysis of SQUFOF, Daniel Shanks’ Square Form Factorization algorithm. We give the average time and space requirements for SQUFOF. We analyze the effect of multipliers, either used for a single factorization or when racing the algorithm in parallel.

In this paper, we present a simple method for generating random-based signatures when random number generators are either unavailable or of suspected quality (malicious or accidental). By opposition to all past state-machine models, we assume that the signer is a memoryless automaton that starts from some internal state, receives a message, outputs its signature and returns precisely to the same initial state; therefore, the new technique formally converts randomized signatures into deterministic ones. Finally, we show how to translate the random oracle concept required in security proofs into a realistic set of tamper-resistance assumptions.

A secret sharing scheme starts with a secret and then derives from it certain shares (or shadows) which are distributed to users. The secret may be recovered only by certain predetermined groups which belong to the access structure. Secret sharing schemes have been independently introduced by Blakley [12] and Shamir [134] as a solution for safeguarding cryptographic keys. Secret sharing schemes can be used for any situation in which the access to an important resource has to be restricted. We mention here the case of opening bank vaults or launching a nuclear missile. In the first secret sharing schemes only the number of the participants in the reconstruction phase was important for recovering the secret. Such schemes have been referred to as threshold secret sharing schemes. There are secret sharing schemes that deal with more complex access structures than the threshold ones. We mention here the weighted threshold secret sharing schemes in which a positive weight is associated to each user and the secret can be reconstructed if and only if the sum of the weights of the