Results 11  20
of
695
Software Implementation of the NIST Elliptic Curves Over Prime Fields
 TOPICS IN CRYPTOLOGY – CTRSA 2001, VOLUME 2020 OF LNCS
, 2001
"... ..."
Efficient Algorithms for Elliptic Curve Cryptosystems
, 1997
"... Elliptic curves are the basis for a relative new class of publickey schemes. It is predicted that elliptic curves will replace many existing schemes in the near future. It is thus of great interest to develop algorithms which allow efficient implementations of elliptic curve crypto systems. This th ..."
Abstract

Cited by 72 (9 self)
 Add to MetaCart
Elliptic curves are the basis for a relative new class of publickey schemes. It is predicted that elliptic curves will replace many existing schemes in the near future. It is thus of great interest to develop algorithms which allow efficient implementations of elliptic curve crypto systems. This thesis deals with such algorithms. Efficient algorithms for elliptic curves can be classified into lowlevel algorithms, which deal with arithmetic in the underlying finite field and highlevel algorithms, which operate with the group operation. This thesis describes three new algorithms for efficient implementations of elliptic curve cryptosystems. The first algorithm describes the application of the KaratsubaOfman Algorithm to multiplication in composite fields GF ((2 n ) m ). The second algorithm deals with efficient inversion in composite Galois fields of the form GF ((2 n ) m ). The third algorithm is an entirely new approach which accelerates the multiplication of points which i...
Evaluation of discrete logarithms in a group of ptorsion points of an elliptic curve in characteristic p
 Mathematics of Computation
, 1998
"... Abstract. We show that to solve the discrete log problem in a subgroup of order p of an elliptic curve over the finite field of characteristic p one needs O(ln p) operations in this field. Let Fq be the finite field of q = p l elements. We define an elliptic curve E over Fq to be an equation of the ..."
Abstract

Cited by 72 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We show that to solve the discrete log problem in a subgroup of order p of an elliptic curve over the finite field of characteristic p one needs O(ln p) operations in this field. Let Fq be the finite field of q = p l elements. We define an elliptic curve E over Fq to be an equation of the form y 2 = x 3 + Ax + B. We suppose p ̸ = 2,3. Let E(Fq) bethesetofpointsErational over Fq. Itisknown that Nq − q − 1  ≤2q 1/2 with Nq = E(Fq). The set E(Fq) is a finite abelian group with the “infinite point ” P ∞ as the identity element. The discrete logarithm problem is to compute an integer n such that Q = nP, where Q, P ∈ E(Fq), if such an n exists. This problem is of great significance in cryptology [1], [2]. Suppose that the point P generates a subgroup 〈P 〉 of order m. If (m, p) = 1, then the subgroup 〈P 〉 is isomorphic to some multiplicative subgroup of an extension F q k where q k ≡ 1(modm). The values of the isomorphism from 〈P 〉 to F ∗ q can be evaluated in a very simple manner. The complexity of the algorithm is
Sizzle: A standardsbased endtoend security architecture for the embedded internet
, 2005
"... According to popular perception, publickey cryptography is beyond the capabilities of highly constrained, “mote”like, embedded devices. We show that elliptic curve cryptography not only makes publickey cryptography feasible on these devices, it allows one to create a complete secure web server st ..."
Abstract

Cited by 69 (0 self)
 Add to MetaCart
(Show Context)
According to popular perception, publickey cryptography is beyond the capabilities of highly constrained, “mote”like, embedded devices. We show that elliptic curve cryptography not only makes publickey cryptography feasible on these devices, it allows one to create a complete secure web server stack that runs efficiently within very tight resource constraints. Our smallfootprint HTTPS stack, nicknamed Sizzle, has been implemented on multiple generations of the Berkeley/Crossbow motes where it runs in less than 4KB of RAM, completes a full SSL handshake in 1 second (session reuse takes 0.5 seconds) and transfers 1 KB of application data over SSL in 0.4 seconds. Sizzle is the world’s smallest secure web server and can be embedded inside home appliances, personal medical devices, etc., allowing them to be monitored and controlled remotely via a web browser without sacrificing endtoend security.
A survey of algebraic properties used in cryptographic protocols
 JOURNAL OF COMPUTER SECURITY
"... Cryptographic protocols are successfully analyzed using formal methods. However, formal approaches usually consider the encryption schemes as black boxes and assume that an adversary cannot learn anything from an encrypted message except if he has the key. Such an assumption is too strong in general ..."
Abstract

Cited by 68 (20 self)
 Add to MetaCart
(Show Context)
Cryptographic protocols are successfully analyzed using formal methods. However, formal approaches usually consider the encryption schemes as black boxes and assume that an adversary cannot learn anything from an encrypted message except if he has the key. Such an assumption is too strong in general since some attacks exploit in a clever way the interaction between protocol rules and properties of cryptographic operators. Moreover, the executability of some protocols relies explicitly on some algebraic properties of cryptographic primitives such as commutative encryption. We give a list of some relevant algebraic properties of cryptographic operators, and for each of them, we provide examples of protocols or attacks using these properties. We also give an overview of the existing methods in formal approaches for analyzing cryptographic proto
A General Framework for Subexponential Discrete Logarithm Algorithms in Groups of Unknown Order
, 2000
"... We develop a generic framework for the computation of logarithms in nite class groups. The model allows to formulate a probabilistic algorithm based on collecting relations in an abstract way independently of the specific type of group to which it is applied, and to prove a subexponential running ti ..."
Abstract

Cited by 64 (11 self)
 Add to MetaCart
We develop a generic framework for the computation of logarithms in nite class groups. The model allows to formulate a probabilistic algorithm based on collecting relations in an abstract way independently of the specific type of group to which it is applied, and to prove a subexponential running time if a certain smoothness assumption is verified. The algorithm proceeds in two steps: First, it determines the abstract group structure as a product of cyclic groups; second, it computes an explicit isomorphism, which can be used to extract discrete logarithms.
Speeding Up Pollard's Rho Method For Computing Discrete Logarithms
, 1998
"... . In Pollard's rho method, an iterating function f is used to define a sequence (y i ) by y i+1 = f(y i ) for i = 0; 1; 2; : : : , with some starting value y 0 . In this paper, we define and discuss new iterating functions for computing discrete logarithms with the rho method. We compare the ..."
Abstract

Cited by 56 (7 self)
 Add to MetaCart
(Show Context)
. In Pollard's rho method, an iterating function f is used to define a sequence (y i ) by y i+1 = f(y i ) for i = 0; 1; 2; : : : , with some starting value y 0 . In this paper, we define and discuss new iterating functions for computing discrete logarithms with the rho method. We compare their performances in experiments with elliptic curve groups. Our experiments show that one of our newly defined functions is expected to reduce the number of steps by a factor of approximately 0:8, in comparison with Pollard's originally used function, and we show that this holds independently of the size of the group order. For group orders large enough such that the run time for precomputation can be neglected, this means a realtime speedup of more than 1:2. 1. Introduction Let G be a finite cyclic group, written multiplicatively, and generated by the group element g. Given an element h in G, we wish to find the least nonnegative number x such that g x = h. This problem is the discre...
Efficient Arithmetic in Finite Field Extensions with Application in Elliptic Curve Cryptography
 Journal of Cryptology
, 2000
"... . This contribution focuses on a class of Galois field used to achieve fast finite field arithmetic which we call an Optimal Extension Field (OEF), first introduced in [3]. We extend this work by presenting an adaptation of Itoh and Tsujii's algorithm for finite field inversion applied to OEF ..."
Abstract

Cited by 54 (9 self)
 Add to MetaCart
(Show Context)
. This contribution focuses on a class of Galois field used to achieve fast finite field arithmetic which we call an Optimal Extension Field (OEF), first introduced in [3]. We extend this work by presenting an adaptation of Itoh and Tsujii's algorithm for finite field inversion applied to OEFs. In particular, we use the facts that the action of the Frobenius map in GF (p m ) can be computed with only m 1 subfield multiplications and that inverses in GF (p) may be computed cheaply using known techniques. As a result, we show that one extension field inversion can be computed with a logarithmic number of extension field multiplications. In addition, we provide new extension field multiplication formulas which give a performance increase. Further, we provide an OEF construction algorithm together with tables of Type I and Type II OEFs along with statistics on the number of pseudoMersenne primes and OEFs. We apply this new work to provide implementation results using these me...
A Fast Software Implementation for Arithmetic Operations in GF(2^n)
, 1996
"... . We present a software implementation of arithmetic operations in a finite field GF(2 n ), based on an alternative representation of the field elements. An important application is in elliptic curve cryptosystems. Whereas previously reported implementations of elliptic curve cryptosystems use a s ..."
Abstract

Cited by 48 (3 self)
 Add to MetaCart
. We present a software implementation of arithmetic operations in a finite field GF(2 n ), based on an alternative representation of the field elements. An important application is in elliptic curve cryptosystems. Whereas previously reported implementations of elliptic curve cryptosystems use a standard basis or an optimal normal basis to perform field operations, we represent the field elements as polynomials with coefficients in the smaller field GF(2 16 ). Calculations in this smaller field are carried out using precalculated lookup tables. This results in rather simple routines matching the structure of computer memory very well. The use of an irreducible trinomial as the field polynomial, as was proposed at Crypto'95 by R. Schroeppel et al., can be extended to this representation. In our implementation, the resulting routines are slightly faster than standard basis routines. 1 Introduction Elliptic curve public key cryptosystems are rapidly gaining popularity [M93]. The use...
Efficient and secure elliptic curve point multiplication using doublebase chains
 In Advances in Cryptology  ASIACRYPT 2005, Lecture Notes in Computer Science 3788
, 2005
"... Abstract. In this paper, we propose a efficient and secure point multiplication algorithm, based on doublebase chains. This is achieved by taking advantage of the sparseness and the ternary nature of the socalled doublebase number system (DBNS). The speedups are the results of fewer point additio ..."
Abstract

Cited by 48 (10 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper, we propose a efficient and secure point multiplication algorithm, based on doublebase chains. This is achieved by taking advantage of the sparseness and the ternary nature of the socalled doublebase number system (DBNS). The speedups are the results of fewer point additions and improved formulæ for point triplings and quadruplings in both even and odd characteristic. Our algorithms can be protected against simple and differential sidechannel analysis by using sidechannel atomicity and classical randomization techniques. Our numerical experiments show that our approach leads to speedups compared to windowing methods, even with window size equal to 4, and other SCA resistant algorithms. 1