Results 1  10
of
13
Discrete Logarithms in Finite Fields and Their Cryptographic Significance
, 1984
"... Given a primitive element g of a finite field GF(q), the discrete logarithm of a nonzero element u GF(q) is that integer k, 1 k q  1, for which u = g k . The wellknown problem of computing discrete logarithms in finite fields has acquired additional importance in recent years due to its appl ..."
Abstract

Cited by 87 (6 self)
 Add to MetaCart
Given a primitive element g of a finite field GF(q), the discrete logarithm of a nonzero element u GF(q) is that integer k, 1 k q  1, for which u = g k . The wellknown problem of computing discrete logarithms in finite fields has acquired additional importance in recent years due to its applicability in cryptography. Several cryptographic systems would become insecure if an efficient discrete logarithm algorithm were discovered. This paper surveys and analyzes known algorithms in this area, with special attention devoted to algorithms for the fields GF(2 n ). It appears that in order to be safe from attacks using these algorithms, the value of n for which GF(2 n ) is used in a cryptosystem has to be very large and carefully chosen. Due in large part to recent discoveries, discrete logarithms in fields GF(2 n ) are much easier to compute than in fields GF(p) with p prime. Hence the fields GF(2 n ) ought to be avoided in all cryptographic applications. On the other hand, ...
The index calculus method using nonsmooth polynomials
 Mathematics of Computation
, 2001
"... Abstract. We study a generalized version of the index calculus method for the discrete logarithm problem in Fq, whenq = p n, p is a small prime and n →∞. The database consists of the logarithms of all irreducible polynomials of degree between given bounds; the original version of the algorithm uses ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
Abstract. We study a generalized version of the index calculus method for the discrete logarithm problem in Fq, whenq = p n, p is a small prime and n →∞. The database consists of the logarithms of all irreducible polynomials of degree between given bounds; the original version of the algorithm uses lower bound equal to one. We show theoretically that the algorithm has the same asymptotic running time as the original version. The analysis shows that the best upper limit for the interval coincides with the one for the original version. The lower limit for the interval remains a free variable of the process. We provide experimental results that indicate practical values for that bound. We also give heuristic arguments for the running time of the Waterloo variant and of the Coppersmith method with our generalized database. 1.
Elliptic Curves and their use in Cryptography
 DIMACS Workshop on Unusual Applications of Number Theory
, 1997
"... The security of many cryptographic protocols depends on the difficulty of solving the socalled "discrete logarithm" problem, in the multiplicative group of a finite field. Although, in the general case, there are no polynomial time algorithms for this problem, constant improvements are being ma ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
The security of many cryptographic protocols depends on the difficulty of solving the socalled "discrete logarithm" problem, in the multiplicative group of a finite field. Although, in the general case, there are no polynomial time algorithms for this problem, constant improvements are being made  with the result that the use of these protocols require much larger key sizes, for a given level of security, than may be convenient. An abstraction of these protocols shows that they have analogues in any group. The challenge presents itself: find some other groups for which there are no good attacks on the discrete logarithm, and for which the group operations are sufficiently economical. In 1985, the author suggested that the groups arising from a particular mathematical object known as an "elliptic curve" might fill the bill. In this paper I review the general cryptographic protocols which are involved, briefly describe elliptic curves and review the possible attacks again...
Directed Threshold MultiSignature Scheme without SDC
"... In this paper, we propose a Directed threshold multisignature scheme without SDC. This signature scheme is applicable when the message is sensitive to the signature receiver; and the signatures are generated by the cooperation of a number of people from a given group of senders. In this scheme, any ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
In this paper, we propose a Directed threshold multisignature scheme without SDC. This signature scheme is applicable when the message is sensitive to the signature receiver; and the signatures are generated by the cooperation of a number of people from a given group of senders. In this scheme, any malicious set of signers cannot impersonate any other set of signers to forge the signatures. In case of forgery, it is possible to trace the signing set.
WEAKNESS OF F 3 6·509 FOR DISCRETE LOGARITHM CRYPTOGRAPHY
"... new algorithms for computing discrete logarithms in finite fields of small and medium characteristic. We show that these new algorithms render the finite field F 3 6·509 = F 3 3054 weak for discrete logarithm cryptography in the sense that discrete logarithms in this field can be computed significan ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
new algorithms for computing discrete logarithms in finite fields of small and medium characteristic. We show that these new algorithms render the finite field F 3 6·509 = F 3 3054 weak for discrete logarithm cryptography in the sense that discrete logarithms in this field can be computed significantly faster than with the previous fastest algorithms. Our concrete analysis shows that the supersingular elliptic curve over F 3 509 with embedding degree 6 that had been considered for implementing pairingbased cryptosystems at the 128bit security level in fact provides only a significantly lower level of security. Our work provides a convenient framework and tools for performing a concrete analysis of the new discrete logarithm algorithms and their variants. 1.
Discrete Logarithms in Finite Fields
, 1996
"... Given a finite field F q of order q, and g a primitive element of F q , the discrete logarithm base g of an arbitrary, nonzero y 2 F q is that integer x, 0 x q \Gamma 2, such that g x = y in F q . The security of many realworld cryptographic schemes depends on the difficulty of computing discr ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Given a finite field F q of order q, and g a primitive element of F q , the discrete logarithm base g of an arbitrary, nonzero y 2 F q is that integer x, 0 x q \Gamma 2, such that g x = y in F q . The security of many realworld cryptographic schemes depends on the difficulty of computing discrete logarithms in large finite fields. This thesis is a survey of the discrete logarithm problem in finite fields, including: some cryptographic applications (password authentication, the DiffieHellman key exchange, and the ElGamal publickey cryptosystem and digital signature scheme); Niederreiter's proof of explicit formulas for the discrete logarithm; and algorithms for computing discrete logarithms (especially Shank's algorithm, Pollard's aemethod, the PohligHellman algorithm, Coppersmith's algorithm in fields of order 2 n , and the Gaussian integers method for fields of prime order).
A Cryptosystem Based on the Symmetric Group Sn
"... This paper proposes a public key cryptosystem based on the symmetric group Sn, and validates its theoretical foundation. The proposed system benefits from the algebraic properties of Sn such as non commutative, high computational speed and high flexibility in selecting keys which make the Discrete L ..."
Abstract
 Add to MetaCart
This paper proposes a public key cryptosystem based on the symmetric group Sn, and validates its theoretical foundation. The proposed system benefits from the algebraic properties of Sn such as non commutative, high computational speed and high flexibility in selecting keys which make the Discrete Logarithm Problem (DLP) resistant to attacks by algorithms such as PohligHellman. Against these properties, the only disadvantage of the scheme is its relative large memory and bandwidth requirements. Due to the similarities in the algebraic structures, many other cryptosystems can be translated to their symmetric group analogs, and the proposed cryptosystem is in fact the Generalized ElGamal cryptosystem which is based on Sn instead of GF(p). Key words:
A Registration Scheme to Allocate a Unique Identification Number Manoj Kumar Department of Mathematics,
"... Abstract. Identification is always a necessity of human life. Currently, our government has decided to allocate a unique identity to every Indian. This paper proposed a registration scheme, in which a controlling agency can generate a unique identification number in such a way that registration numb ..."
Abstract
 Add to MetaCart
Abstract. Identification is always a necessity of human life. Currently, our government has decided to allocate a unique identity to every Indian. This paper proposed a registration scheme, in which a controlling agency can generate a unique identification number in such a way that registration number cannot be forged and misused. In the proposed scheme, only the number holder can use his number and he/she can prove its validity to any third party, whenever necessary. 1.