Results 1  10
of
122
Chinese Remaindering Based Cryptosystems in the Presence of Faults
 Journal of Cryptology
"... . We present some observations on publickey cryptosystems that use the Chinese remaindering algorithm. Our results imply that careless implementations of such systems could be vulnerable. Only one faulty signature, in some explained context, is enough to recover the secret key. Keywords. Publicke ..."
Abstract

Cited by 27 (3 self)
 Add to MetaCart
. We present some observations on publickey cryptosystems that use the Chinese remaindering algorithm. Our results imply that careless implementations of such systems could be vulnerable. Only one faulty signature, in some explained context, is enough to recover the secret key. Keywords. Publickey cryptosystems, Faulty computations, Chinese remaindering. 1 Introduction In publickey cryptosystems two distinct computations can be distinguished: the computation that makes use of the secret, public key pair, and the one that only makes use of the public key. The former usually corresponds to the secret decryption or to the signature generation operation, the latter to the public encryption or to the signature verification operation. In this paper we restrict our attention to public key cryptosystems in which the former computation can be sped up using the Chinese remaindering algorithm. Examples of such cryptosystems are: RSA [16], LUC [19], KMOV [11], and Demytko's cryptosystem [6]. ...
Ternary Diophantine equations via Galois representations and modular forms
 CANAD J. MATH
, 2004
"... In this paper, we develop techniques for solving ternary Diophantine equations of the shape Ax n + By n = Cz 2, based upon the theory of Galois representations and modular forms. We subsequently utilize these methods to completely solve such equations for various choices of the parameters A, B and C ..."
Abstract

Cited by 26 (3 self)
 Add to MetaCart
In this paper, we develop techniques for solving ternary Diophantine equations of the shape Ax n + By n = Cz 2, based upon the theory of Galois representations and modular forms. We subsequently utilize these methods to completely solve such equations for various choices of the parameters A, B and C. We conclude with an application of our results to certain classical polynomialexponential equations, such as those of Ramanujan–Nagell type.
Elliptic Curve Discrete Logarithms and the Index Calculus
"... . The discrete logarithm problem forms the basis of numerous cryptographic systems. The most effective attack on the discrete logarithm problem in the multiplicative group of a finite field is via the index calculus, but no such method is known for elliptic curve discrete logarithms. Indeed, Miller ..."
Abstract

Cited by 23 (4 self)
 Add to MetaCart
. The discrete logarithm problem forms the basis of numerous cryptographic systems. The most effective attack on the discrete logarithm problem in the multiplicative group of a finite field is via the index calculus, but no such method is known for elliptic curve discrete logarithms. Indeed, Miller [23] has given a brief heuristic argument as to why no such method can exist. IN this note we give a detailed analysis of the index calculus for elliptic curve discrete logarithms, amplifying and extending miller's remarks. Our conclusions fully support his contention that the natural generalization of the index calculus to the elliptic curve discrete logarithm problem yields an algorithm with is less efficient than a bruteforce search algorithm. 0. Introduction The discrete logarithm problem for the multiplicative group F q of a finite field can be solved in subexponential time using the Index Calculus method, which appears to have been first discovered by Kraitchik [14, 15] in the 192...
Elliptic Curves with Complex Multiplication and the Conjecture of Birch and SwinnertonDyer
 Birch and SwinnertonDyer, Invent. Math
, 1981
"... A stronger version of (ii) (with no assumption that E have good reduction above p) was proved in [Ru2]. The program to prove (ii) was also begun by Coates and Wiles; it can ? Partially supported by the National Science Foundation. The author also gratefully acknowledges the CIME for its hospitality ..."
Abstract

Cited by 22 (0 self)
 Add to MetaCart
A stronger version of (ii) (with no assumption that E have good reduction above p) was proved in [Ru2]. The program to prove (ii) was also begun by Coates and Wiles; it can ? Partially supported by the National Science Foundation. The author also gratefully acknowledges the CIME for its hospitality. ?? current address: Department of Mathematics, Stanford University, Stanford, CA 94305 USA, rubin@math.stanford.edu now be completed thanks to the recent Euler system machinery of Kolyvagin [Ko]. This proof will be given in x12, Corollary 12.13 and Theorem 12.19. The material through x4 is background which was not in the Cetraro lectures but is included here for completeness. In those sections we summarize, generally with references to [Si] instead of proofs, the basic properties of elliptic curves that will be needed later. For more details, including proofs, see Silverman's b
Primes Generated by Elliptic Curves
, 2003
"... For a rational elliptic curve in Weierstrass form, Chudnovsky and Chudnovsky considered the likelihood that the denominators of the xcoordinates of the multiples of a rational point are squares of primes. Assuming the point is the image of a rational point under an isogeny, we use Siegel’s Theorem t ..."
Abstract

Cited by 19 (9 self)
 Add to MetaCart
For a rational elliptic curve in Weierstrass form, Chudnovsky and Chudnovsky considered the likelihood that the denominators of the xcoordinates of the multiples of a rational point are squares of primes. Assuming the point is the image of a rational point under an isogeny, we use Siegel’s Theorem to prove that only finitely many primes will arise. The same question is considered for elliptic curves in homogeneous form, prompting a visit to Ramanujan’s famous taxicab equation. Finiteness is provable for these curves with no extra assumptions. Finally, consideration is given to the possibilities for prime generation in higher rank.
The Xedni Calculus And The Elliptic Curve Discrete Logarithm Problem
 Designs, Codes and Cryptography
, 1999
"... . Let E=Fp be an elliptic curve defined over a finite field, and let S ..."
Abstract

Cited by 19 (1 self)
 Add to MetaCart
. Let E=Fp be an elliptic curve defined over a finite field, and let S
A Lower Bound for the Canonical Height on Elliptic Curves over Abelian Extensions
 Duke Math. J
, 2003
"... Let E=K be an elliptic curve de ned over a number eld, let ^ h be the canonical height on E, and let K =K be the maximal abelian extension of K. Extending work of Baker [4], we prove that there is a constant C(E=K) > 0 so that every nontorsion ^ h(P ) > C(E=K). ..."
Abstract

Cited by 17 (2 self)
 Add to MetaCart
Let E=K be an elliptic curve de ned over a number eld, let ^ h be the canonical height on E, and let K =K be the maximal abelian extension of K. Extending work of Baker [4], we prove that there is a constant C(E=K) > 0 so that every nontorsion ^ h(P ) > C(E=K).
Investigations of zeros near the central point of elliptic curve Lfunctions
"... We explore the effect of zeros at the central point on nearby zeros of elliptic curve Lfunctions, especially for oneparameter families of rank r over Q. By the Birch and Swinnerton Dyer Conjecture and Silverman’s Specialization Theorem, for t sufficiently large the Lfunction of each curve Et in t ..."
Abstract

Cited by 16 (5 self)
 Add to MetaCart
We explore the effect of zeros at the central point on nearby zeros of elliptic curve Lfunctions, especially for oneparameter families of rank r over Q. By the Birch and Swinnerton Dyer Conjecture and Silverman’s Specialization Theorem, for t sufficiently large the Lfunction of each curve Et in the family has r zeros (called the family zeros) at the central point. We observe experimentally a repulsion of the zeros near the central point, and the repulsion increases with r. There is greater repulsion in the subset of curves of rank r + 2 than in the subset of curves of rank r in a rank r family. For curves with comparable conductors, the behavior of rank 2 curves in a rank 0 oneparameter family over Q is statistically different from that of rank 2 curves from a rank 2 family. Unlike excess rank calculations, the repulsion decreases markedly as the conductors increase, and we conjecture that the r family zeros do not repel in the limit. Finally, the differences between adjacent normalized zeros near the central point are statistically independent of the repulsion, family rank and rank of the curves in the subset. Specifically, the normalized differences are statistically equal for all curves investigated with rank 0, 2 or 4 and comparable conductors from oneparameter families of rank 0 or 2 over Q. 1
On the surjectivity of the Galois representations associated to nonCM elliptic curves
 Canadian Math. Bulletin
"... 1 Let E be an elliptic curve defined over Q, of conductor N and without complex multiplication. For any positive integer k, let φk be the Galois representation associated to the kdivision points of E. From a celebrated 1972 result of Serre we know that φl is surjective for any sufficiently large pr ..."
Abstract

Cited by 15 (5 self)
 Add to MetaCart
1 Let E be an elliptic curve defined over Q, of conductor N and without complex multiplication. For any positive integer k, let φk be the Galois representation associated to the kdivision points of E. From a celebrated 1972 result of Serre we know that φl is surjective for any sufficiently large prime l. In this paper we find conditional and unconditional upper bounds in terms of N for the primes l for which φl is not surjective. 1
TWISTS OF X(7) AND PRIMITIVE SOLUTIONS TO x 2 + y 3 = z 7
"... Abstract. We find the primitive integer solutions to x 2 + y 3 = z 7. A nonabelian descent argument involving the simple group of order 168 reduces the problem to the determination of the set of rational points on a finite set of twists of the Klein quartic curve X. To restrict the set of relevant t ..."
Abstract

Cited by 14 (9 self)
 Add to MetaCart
Abstract. We find the primitive integer solutions to x 2 + y 3 = z 7. A nonabelian descent argument involving the simple group of order 168 reduces the problem to the determination of the set of rational points on a finite set of twists of the Klein quartic curve X. To restrict the set of relevant twists, we exploit the isomorphism between X and the modular curve X(7), and use modularity of elliptic curves and level lowering. This leaves 10 genus3 curves, whose rational points are found by a combination of methods. 1.