Results 1 
7 of
7
High Security PairingBased Cryptography Revisited
 In Algorithmic Number Theory Symposium – ANTS VII, SpringerVerlag LNCS XXXX, XXXX–XXXX
, 2006
"... The security and performance of pairing based cryptography has provoked a large volume of research, in part because of the exciting new cryptographic schemes that it underpins. We reexamine how one should implement pairings over ordinary elliptic curves for various practical levels of security. ..."
Abstract

Cited by 28 (5 self)
 Add to MetaCart
The security and performance of pairing based cryptography has provoked a large volume of research, in part because of the exciting new cryptographic schemes that it underpins. We reexamine how one should implement pairings over ordinary elliptic curves for various practical levels of security. We conclude, contrary to prior work, that the Tate pairing is more e#cient than the Weil pairing for all such security levels. This is achieved by using e#cient exponentiation techniques in the cyclotomic subgroup backed by e#cient squaring routines within the same subgroup.
On the Discrete Logarithm Problem on Algebraic Tori
 In Advances in Cryptology (CRYPTO 2005), Springer LNCS 3621, 66–85
, 2005
"... Abstract. Using a recent idea of Gaudry and exploiting rational representations of algebraic tori, we present an index calculus type algorithm for solving the discrete logarithm problem that works directly in these groups. Using a prototype implementation, we obtain practical upper bounds for the di ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
Abstract. Using a recent idea of Gaudry and exploiting rational representations of algebraic tori, we present an index calculus type algorithm for solving the discrete logarithm problem that works directly in these groups. Using a prototype implementation, we obtain practical upper bounds for the difficulty of solving the DLP in the tori T2(Fpm)and T6(Fpm) for various p and m. Our results do not affect the security of the cryptosystems LUC, XTR, or CEILIDH over prime fields. However, the practical efficiency of our method against other methods needs further examining, for certain choices of p and m in regions of cryptographic interest. 1
M.: Faster squaring in the cyclotomic subgroup of sixth degree extensions. Cryptology ePrint Archive, Report 2009/565
, 2009
"... Abstract. This paper describes an extremely efficient squaring operation in the socalled ‘cyclotomic subgroup ’ of F × q6, for q ≡ 1 mod 6. This result arises from considering the Weil restriction of scalars of this group from Fq6 to Fq2, and provides efficiency improvements for both pairingbased a ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
Abstract. This paper describes an extremely efficient squaring operation in the socalled ‘cyclotomic subgroup ’ of F × q6, for q ≡ 1 mod 6. This result arises from considering the Weil restriction of scalars of this group from Fq6 to Fq2, and provides efficiency improvements for both pairingbased and torusbased cryptographic protocols. Keywords: Pairingbased cryptography, torusbased cryptography, finite field arithmetic. 1
COMPRESSION IN FINITE FIELDS AND TORUSBASED CRYPTOGRAPHY
"... This paper is dedicated to the memory of the cat Ceilidh. Abstract. We present efficient compression algorithms for subgroups of multiplicative groups of finite fields, we use our compression algorithms to construct efficient public key cryptosystems called T2 and CEILIDH, we disprove some conjectur ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
This paper is dedicated to the memory of the cat Ceilidh. Abstract. We present efficient compression algorithms for subgroups of multiplicative groups of finite fields, we use our compression algorithms to construct efficient public key cryptosystems called T2 and CEILIDH, we disprove some conjectures, and we use the theory of algebraic tori to give a better understanding of our cryptosystems, the Lucasbased, XTR and GongHarn cryptosystems, and conjectured generalizations. 1.
FACTOR4 AND 6 COMPRESSION OF CYCLOTOMIC Subgroups Of . . .
, 2009
"... Bilinear pairings derived from supersingular elliptic curves of embedding degrees 4 and 6 over finite fields F2 m and F3m, respectively, have been used to implement pairingbased cryptographic protocols. The pairing values lie in certain primeorder subgroups of the cyclotomic subgroups of orders ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
Bilinear pairings derived from supersingular elliptic curves of embedding degrees 4 and 6 over finite fields F2 m and F3m, respectively, have been used to implement pairingbased cryptographic protocols. The pairing values lie in certain primeorder subgroups of the cyclotomic subgroups of orders 22m + 1 and 32m − 3m + 1, respectively, of the multiplicative groups F ∗ 24m and F ∗ 36m. It was previously known how to compress the pairing values over characteristic two fields by a factor of 2, and the pairing values over characteristic three fields by a factor of 6. In this paper, we show how the pairing values over characteristic two fields can be compressed by a factor of 4. Moreover, we present and compare several algorithms for performing exponentiation in the primeorder subgroups using the compressed representations. In particular, in the case where the base is fixed, we expect to gain at least a 54 % speed up over the fastest previously known exponentiation algorithm that uses factor6 compressed representations.
DOUBLEEXPONENTIATION IN FACTOR4 GROUPS AND ITS APPLICATIONS
"... Abstract. In previous work we showed how to compress certain primeorder subgroups of the cyclotomic subgroups of orders 22m + 1 of the multiplicative groups of F ∗ 24m by a factor of 4. We also showed that singleexponentiation can be efficiently performed using compressed representations. In this ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
Abstract. In previous work we showed how to compress certain primeorder subgroups of the cyclotomic subgroups of orders 22m + 1 of the multiplicative groups of F ∗ 24m by a factor of 4. We also showed that singleexponentiation can be efficiently performed using compressed representations. In this paper we show that doubleexponentiation can be efficiently performed using factor4 compressed representation of elements. In addition to giving a considerable speed up to the previously known fastest singleexponentiation algorithm for general bases, doubleexponentiation can be used to adapt our compression technique to ElGamal type signature schemes. 1.
FACTOR4 AND 6 COMPRESSION OF CYCLOTOMIC
"... Abstract. Bilinear pairings derived from supersingular elliptic curves of embedding degrees 4 and 6 over finite fields F2 m and F3m, respectively, have been used to implement pairingbased cryptographic protocols. The pairing values lie in certain primeorder subgroups of the cyclotomic subgroups of ..."
Abstract
 Add to MetaCart
Abstract. Bilinear pairings derived from supersingular elliptic curves of embedding degrees 4 and 6 over finite fields F2 m and F3m, respectively, have been used to implement pairingbased cryptographic protocols. The pairing values lie in certain primeorder subgroups of the cyclotomic subgroups of orders 22m + 1 and 32m − 3m + 1, respectively, of the multiplicative groups F ∗ 24m and F ∗ 36m. It was previously known how to compress the pairing values over characteristic two fields by a factor of 2, and the pairing values over characteristic three fields by a factor of 6. In this paper, we show how the pairing values over characteristic two fields can be compressed by a factor of 4. Moreover, we present and compare several algorithms for performing exponentiation in the primeorder subgroups using the compressed representations. In particular, in the case where the base is fixed, we expect to gain at least a 54 % speed up over the fastest previously known exponentiation algorithm that uses factor6 compressed representations. 1.