Results 1  10
of
165
Chinese Remaindering Based Cryptosystems in the Presence of Faults
 Journal of Cryptology
"... . We present some observations on publickey cryptosystems that use the Chinese remaindering algorithm. Our results imply that careless implementations of such systems could be vulnerable. Only one faulty signature, in some explained context, is enough to recover the secret key. Keywords. Publicke ..."
Abstract

Cited by 27 (3 self)
 Add to MetaCart
. We present some observations on publickey cryptosystems that use the Chinese remaindering algorithm. Our results imply that careless implementations of such systems could be vulnerable. Only one faulty signature, in some explained context, is enough to recover the secret key. Keywords. Publickey cryptosystems, Faulty computations, Chinese remaindering. 1 Introduction In publickey cryptosystems two distinct computations can be distinguished: the computation that makes use of the secret, public key pair, and the one that only makes use of the public key. The former usually corresponds to the secret decryption or to the signature generation operation, the latter to the public encryption or to the signature verification operation. In this paper we restrict our attention to public key cryptosystems in which the former computation can be sped up using the Chinese remaindering algorithm. Examples of such cryptosystems are: RSA [16], LUC [19], KMOV [11], and Demytko's cryptosystem [6]. ...
Ternary Diophantine equations via Galois representations and modular forms
 CANAD J. MATH
, 2004
"... In this paper, we develop techniques for solving ternary Diophantine equations of the shape Ax n + By n = Cz 2, based upon the theory of Galois representations and modular forms. We subsequently utilize these methods to completely solve such equations for various choices of the parameters A, B and C ..."
Abstract

Cited by 26 (3 self)
 Add to MetaCart
In this paper, we develop techniques for solving ternary Diophantine equations of the shape Ax n + By n = Cz 2, based upon the theory of Galois representations and modular forms. We subsequently utilize these methods to completely solve such equations for various choices of the parameters A, B and C. We conclude with an application of our results to certain classical polynomialexponential equations, such as those of Ramanujan–Nagell type.
Elliptic Curve Discrete Logarithms and the Index Calculus
"... . The discrete logarithm problem forms the basis of numerous cryptographic systems. The most effective attack on the discrete logarithm problem in the multiplicative group of a finite field is via the index calculus, but no such method is known for elliptic curve discrete logarithms. Indeed, Miller ..."
Abstract

Cited by 23 (4 self)
 Add to MetaCart
. The discrete logarithm problem forms the basis of numerous cryptographic systems. The most effective attack on the discrete logarithm problem in the multiplicative group of a finite field is via the index calculus, but no such method is known for elliptic curve discrete logarithms. Indeed, Miller [23] has given a brief heuristic argument as to why no such method can exist. IN this note we give a detailed analysis of the index calculus for elliptic curve discrete logarithms, amplifying and extending miller's remarks. Our conclusions fully support his contention that the natural generalization of the index calculus to the elliptic curve discrete logarithm problem yields an algorithm with is less efficient than a bruteforce search algorithm. 0. Introduction The discrete logarithm problem for the multiplicative group F q of a finite field can be solved in subexponential time using the Index Calculus method, which appears to have been first discovered by Kraitchik [14, 15] in the 192...
Elliptic Curves with Complex Multiplication and the Conjecture of Birch and SwinnertonDyer
 in Arithmetic Theory of Elliptic Curves (ed. C.Viola
, 1999
"... ..."
Primes Generated by Elliptic Curves
, 2003
"... For a rational elliptic curve in Weierstrass form, Chudnovsky and Chudnovsky considered the likelihood that the denominators of the xcoordinates of the multiples of a rational point are squares of primes. Assuming the point is the image of a rational point under an isogeny, we use Siegel’s Theorem t ..."
Abstract

Cited by 19 (9 self)
 Add to MetaCart
For a rational elliptic curve in Weierstrass form, Chudnovsky and Chudnovsky considered the likelihood that the denominators of the xcoordinates of the multiples of a rational point are squares of primes. Assuming the point is the image of a rational point under an isogeny, we use Siegel’s Theorem to prove that only finitely many primes will arise. The same question is considered for elliptic curves in homogeneous form, prompting a visit to Ramanujan’s famous taxicab equation. Finiteness is provable for these curves with no extra assumptions. Finally, consideration is given to the possibilities for prime generation in higher rank.
The Xedni Calculus And The Elliptic Curve Discrete Logarithm Problem
 Designs, Codes and Cryptography
, 1999
"... . Let E=Fp be an elliptic curve defined over a finite field, and let S ..."
Abstract

Cited by 19 (1 self)
 Add to MetaCart
. Let E=Fp be an elliptic curve defined over a finite field, and let S
A Lower Bound for the Canonical Height on Elliptic Curves over Abelian Extensions
 Duke Math. J
, 2003
"... Let E=K be an elliptic curve de ned over a number eld, let ^ h be the canonical height on E, and let K =K be the maximal abelian extension of K. Extending work of Baker [4], we prove that there is a constant C(E=K) > 0 so that every nontorsion ^ h(P ) > C(E=K). ..."
Abstract

Cited by 17 (2 self)
 Add to MetaCart
Let E=K be an elliptic curve de ned over a number eld, let ^ h be the canonical height on E, and let K =K be the maximal abelian extension of K. Extending work of Baker [4], we prove that there is a constant C(E=K) > 0 so that every nontorsion ^ h(P ) > C(E=K).
Investigations of zeros near the central point of elliptic curve Lfunctions
"... We explore the effect of zeros at the central point on nearby zeros of elliptic curve Lfunctions, especially for oneparameter families of rank r over Q. By the Birch and Swinnerton Dyer Conjecture and Silverman’s Specialization Theorem, for t sufficiently large the Lfunction of each curve Et in t ..."
Abstract

Cited by 16 (5 self)
 Add to MetaCart
We explore the effect of zeros at the central point on nearby zeros of elliptic curve Lfunctions, especially for oneparameter families of rank r over Q. By the Birch and Swinnerton Dyer Conjecture and Silverman’s Specialization Theorem, for t sufficiently large the Lfunction of each curve Et in the family has r zeros (called the family zeros) at the central point. We observe experimentally a repulsion of the zeros near the central point, and the repulsion increases with r. There is greater repulsion in the subset of curves of rank r + 2 than in the subset of curves of rank r in a rank r family. For curves with comparable conductors, the behavior of rank 2 curves in a rank 0 oneparameter family over Q is statistically different from that of rank 2 curves from a rank 2 family. Unlike excess rank calculations, the repulsion decreases markedly as the conductors increase, and we conjecture that the r family zeros do not repel in the limit. Finally, the differences between adjacent normalized zeros near the central point are statistically independent of the repulsion, family rank and rank of the curves in the subset. Specifically, the normalized differences are statistically equal for all curves investigated with rank 0, 2 or 4 and comparable conductors from oneparameter families of rank 0 or 2 over Q. 1
On the surjectivity of the Galois representations associated to nonCM elliptic curves
 Canadian Math. Bulletin
"... 1 Let E be an elliptic curve defined over Q, of conductor N and without complex multiplication. For any positive integer k, let φk be the Galois representation associated to the kdivision points of E. From a celebrated 1972 result of Serre we know that φl is surjective for any sufficiently large pr ..."
Abstract

Cited by 15 (5 self)
 Add to MetaCart
1 Let E be an elliptic curve defined over Q, of conductor N and without complex multiplication. For any positive integer k, let φk be the Galois representation associated to the kdivision points of E. From a celebrated 1972 result of Serre we know that φl is surjective for any sufficiently large prime l. In this paper we find conditional and unconditional upper bounds in terms of N for the primes l for which φl is not surjective. 1
Cyclicity of elliptic curves modulo p and elliptic curve analogues of Linnik’s problem
, 2001
"... 1 Let E be an elliptic curve defined over Q and of conductor N. For a prime p ∤ N, we denote by E the reduction of E modulo p. We obtain an asymptotic formula for the number of primes p ≤ x for which E(Fp) is cyclic, assuming a certain generalized Riemann hypothesis. The error terms that we get are ..."
Abstract

Cited by 14 (3 self)
 Add to MetaCart
1 Let E be an elliptic curve defined over Q and of conductor N. For a prime p ∤ N, we denote by E the reduction of E modulo p. We obtain an asymptotic formula for the number of primes p ≤ x for which E(Fp) is cyclic, assuming a certain generalized Riemann hypothesis. The error terms that we get are substantial improvements of earlier work of J.P. Serre and M. Ram Murty. We also consider the problem of finding the size of the smallest prime p = pE for which the group E(Fp) is cyclic and we show that, under the generalized Riemann hypothesis, pE = O � (log N) 4+ε � if E is without complex multiplication, and pE = O � (log N) 2+ε � if E is with complex multiplication, for any 0 < ε < 1. 1