Results 1 
4 of
4
TorusBased Cryptography
 In Advances in Cryptology (CRYPTO 2003), Springer LNCS 2729
, 2003
"... We introduce cryptography based on algebraic tori, give a new public key system called CEILIDH, and compare it to other discrete log based systems including LUC and XTR. Like those systems, we obtain small key sizes. While LUC and XTR are essentially restricted to exponentiation, we are able to perf ..."
Abstract

Cited by 28 (2 self)
 Add to MetaCart
(Show Context)
We introduce cryptography based on algebraic tori, give a new public key system called CEILIDH, and compare it to other discrete log based systems including LUC and XTR. Like those systems, we obtain small key sizes. While LUC and XTR are essentially restricted to exponentiation, we are able to perform multiplication as well. We also disprove the open conjectures from [2], and give a new algebrogeometric interpretation of the approach in that paper and of LUC and XTR.
Looking beyond XTR
 IN ADVANCES IN CRYPTOLOGY — ASIACRYPT 2002, LECT. NOTES IN COMP. SCI. 2501
, 2002
"... XTR is a general methodthat can be appliedto discrete logarithm based cryptosystems in extension fields of degree six, providing a compact representation of the elements involved. In this paper we present a precise formulation of the BrouwerPellikaanVerheul conjecture, originally posedin [4], con ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
(Show Context)
XTR is a general methodthat can be appliedto discrete logarithm based cryptosystems in extension fields of degree six, providing a compact representation of the elements involved. In this paper we present a precise formulation of the BrouwerPellikaanVerheul conjecture, originally posedin [4], concerning the size of XTRlike representations of elements in extension fields of arbitrary degree. If true this conjecture wouldprovide even more compact representations of elements than XTR in extension fields of degree thirty. We test the conjecture by experiment, showing that in fact it is unlikely that such a compact representation of elements can be achieved in extension fields of degree thirty.
Asymptotically optimal communication for torusbased cryptography
 In Advances in Cryptology (CRYPTO 2004), Springer LNCS 3152
, 2004
"... Abstract. We introduce a compact and efficient representation of elements of the algebraic torus. This allows us to design a new discretelog based publickey system achieving the optimal communication rate, partially answering the conjecture in [4]. For n the product of distinct primes, we construct ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
Abstract. We introduce a compact and efficient representation of elements of the algebraic torus. This allows us to design a new discretelog based publickey system achieving the optimal communication rate, partially answering the conjecture in [4]. For n the product of distinct primes, we construct efficient ElGamal signature and encryption schemes in a subgroup of F ∗ qn in which the number of bits exchanged is only a φ(n)/n fraction of that required in traditional schemes, while the security offered remains the same. We also present a DiffieHellman key exchange protocol averaging only φ(n) log2 q bits of communication per key. For the cryptographically important cases of n = 30 and n = 210, we transmit a 4/5 and a 24/35 fraction, respectively, of the number of bits required in XTR [14] and recent CEILIDH [24] cryptosystems. 1
REMARKS ON THE NFS COMPLEXITY
"... Abstract. In this contribution we investigate practical issues with implementing the NFS algorithm to solve the DLP arising in XTRbased cryptosystems. We can transform original XTRDLP to a DLP instance in F p 6, where p is a medium sized prime. Unfortunately, for practical ranges of p, the optimal ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. In this contribution we investigate practical issues with implementing the NFS algorithm to solve the DLP arising in XTRbased cryptosystems. We can transform original XTRDLP to a DLP instance in F p 6, where p is a medium sized prime. Unfortunately, for practical ranges of p, the optimal degree of an NFS polynomial is less than the required degree 6. This leads to a problem to find enough smooth equations during the sieve stage of the NFS algorithm. We discuss several techniques that can increase the NFS output, i.e. the number of equations produced during the sieve, without increasing the smoothness bound. 1.