Results 1 
5 of
5
Asymptotically optimal communication for torusbased cryptography
 In Advances in Cryptology (CRYPTO 2004), Springer LNCS 3152
, 2004
"... Abstract. We introduce a compact and efficient representation of elements of the algebraic torus. This allows us to design a new discretelog based publickey system achieving the optimal communication rate, partially answering the conjecture in [4]. For n the product of distinct primes, we construct ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
Abstract. We introduce a compact and efficient representation of elements of the algebraic torus. This allows us to design a new discretelog based publickey system achieving the optimal communication rate, partially answering the conjecture in [4]. For n the product of distinct primes, we construct efficient ElGamal signature and encryption schemes in a subgroup of F ∗ qn in which the number of bits exchanged is only a φ(n)/n fraction of that required in traditional schemes, while the security offered remains the same. We also present a DiffieHellman key exchange protocol averaging only φ(n) log2 q bits of communication per key. For the cryptographically important cases of n = 30 and n = 210, we transmit a 4/5 and a 24/35 fraction, respectively, of the number of bits required in XTR [14] and recent CEILIDH [24] cryptosystems. 1
On the reduction of composed relations from the number field sieve (Extended Abstract)
, 1995
"... ) Thomas F. Denny Universitat des Saarlandes FB 14 Informatik Postfach 15 11 50 66041 Saarbrucken Germany Volker Muller Department of C & O University of Waterloo Waterloo, Ontario Canada N2L 3G1 4th December 1995 Abstract In this paper we will present an algorithm which reduces the weight (t ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
) Thomas F. Denny Universitat des Saarlandes FB 14 Informatik Postfach 15 11 50 66041 Saarbrucken Germany Volker Muller Department of C & O University of Waterloo Waterloo, Ontario Canada N2L 3G1 4th December 1995 Abstract In this paper we will present an algorithm which reduces the weight (the number of non zero elements) of the matrices that arise from the number field sieve (NFS) for factoring integers [9] and computing discrete logarithm in IF p , where p is a prime ([3], [13]). In the so called Quadruple Large Prime Variation of NFS a graph algorithm computes sets of partial relations (relations with up to 4 large primes) that can each be combined to ordinary relations. The cardinality of these sets is not as low as possible due to time and place requirements. The algorithm presented in this paper reduces the cardinality of these sets up to 30 %. The resulting system of linear equations is therefore more sparse as before, which leads to significant improvements in the runni...
Computing Discrete Logarithms with the General Number Field Sieve
, 1996
"... . The difficulty in solving the discrete logarithm problem is of extreme cryptographic importance since it is widely used in signature schemes, message encryption, key exchange, authentication and so on ([15], [17], [21], [29] etc.). The General Number Field Sieve (GNFS) is the asymptotically fastes ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
. The difficulty in solving the discrete logarithm problem is of extreme cryptographic importance since it is widely used in signature schemes, message encryption, key exchange, authentication and so on ([15], [17], [21], [29] etc.). The General Number Field Sieve (GNFS) is the asymptotically fastest known method to compute discrete logs mod p [18]. With the first implementation of the GNFS for discrete logs by using Schirokauer's improvement [27] we were able to show its practicability [31]. In this report we write about a new record in computing discrete logarithms mod p and some experimental data collected while finishing the precomputation step for breaking K. McCurley's 129digit challenge [10]. 1 Introduction Let p be a prime number and IF p (\Delta) be the cyclic multiplicative group of the prime field of p elements, which has order p \Gamma 1. Let a 2 IF p . In the case of b 2 hai, the multiplicative subgroup generated by a, there exist infinitely many x 2 IN 0 such th...
An Implementation of the General Number Field Sieve to Compute Discrete Logarithms mod p
 Advances in Cryptology, EUROCRYPT '95, Lecture Notes in Computer Science
, 1994
"... . There are many cryptographic protocols the security of which depends on the difficulty of solving the discrete logarithm problem ( [8], [9], [14], etc.). In [10] and [18] it was described how to apply the number field sieve algorithm to the discrete logarithm problem in prime fields. This resulted ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
. There are many cryptographic protocols the security of which depends on the difficulty of solving the discrete logarithm problem ( [8], [9], [14], etc.). In [10] and [18] it was described how to apply the number field sieve algorithm to the discrete logarithm problem in prime fields. This resulted in the asymptotically fastest known discrete log algorithm for finite fields of p elements. Very little is known about the behaviour of this algorithm in practice. In this report we write about our practical experience with our implementation of their algorithm whose first version was completed in October 1994 at the Department of Computer Science at the Universitat des Saarlandes. 1 Introduction The importance of the Discrete Logarithm Problem has its roots in its cryptographic significance. Many protocols in cryptography, for example the Digital Signature Standard [14], are secure if the underlying Discrete Logarithm Problem is difficult to solve. A lot of algorithms have already been c...
Factoring via Strong Lattice Reduction Algorithms
, 1997
"... We address to the problem to factor a large composite number by lattice reduction algorithms. Schnorr [Sc93] has shown that under a reasonable number theoretic assumptions this problem can be reduced to a simultaneous diophantine approximation problem. The latter in turn can be solved by finding suf ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
We address to the problem to factor a large composite number by lattice reduction algorithms. Schnorr [Sc93] has shown that under a reasonable number theoretic assumptions this problem can be reduced to a simultaneous diophantine approximation problem. The latter in turn can be solved by finding sufficiently many ` 1 short vectors in a suitably defined lattice. Using lattice basis reduction algorithms Schnorr and Euchner applied the reduction technique of [Sc93] to 40bit long integers. Their implementation needed several hours to compute a 5% fraction of the solution, i.e., 6 out of 125 congruences which are necessary to factorize the composite. In this report we describe a more efficient implementation using stronger lattice basis reduction techniques incorporating ideas of [SH95] and [R97]. For 60bit long integers our algorithm yields a complete factorization in less than 3 hours. 1 Introduction The security of many public key cryptosystems relies on the hardness of factoring ...