Results 1  10
of
92
Short signatures from the Weil pairing
, 2001
"... Abstract. We introduce a short signature scheme based on the Computational DiffieHellman assumption on certain elliptic and hyperelliptic curves. The signature length is half the size of a DSA signature for a similar level of security. Our short signature scheme is designed for systems where signa ..."
Abstract

Cited by 558 (29 self)
 Add to MetaCart
Abstract. We introduce a short signature scheme based on the Computational DiffieHellman assumption on certain elliptic and hyperelliptic curves. The signature length is half the size of a DSA signature for a similar level of security. Our short signature scheme is designed for systems where signatures are typed in by a human or signatures are sent over a lowbandwidth channel. 1
Efficient Arithmetic on Genus 2 Hyperelliptic Curves over Finite Fields via Explicit Formulae
 In Cryptology ePrint archive, Report 2002/121
, 2002
"... We extend the explicit formulae for arithmetic on genus two curves of [13, 21] to fields of even characteristic and to arbitrary equation of the curve. These formulae can be evaluated faster than the more general Cantor algorithm and allow to obtain faster arithmetic on a hyperelliptic genus 2 curve ..."
Abstract

Cited by 30 (4 self)
 Add to MetaCart
We extend the explicit formulae for arithmetic on genus two curves of [13, 21] to fields of even characteristic and to arbitrary equation of the curve. These formulae can be evaluated faster than the more general Cantor algorithm and allow to obtain faster arithmetic on a hyperelliptic genus 2 curve than on elliptic curves. We give timings for implementations using various libraries for the field arithmetic.
An extension of Satoh's algorithm and its implementation
 J. RAMANUJAN MATH. SOC
, 2000
"... We describe a fast algorithm for counting points on elliptic curves defined over finite fields of small characteristic, following Satoh. Our main contribution is an extension to characteristics two and three. We give a detailed description with the optimisations necessary for an efficient implementa ..."
Abstract

Cited by 15 (3 self)
 Add to MetaCart
We describe a fast algorithm for counting points on elliptic curves defined over finite fields of small characteristic, following Satoh. Our main contribution is an extension to characteristics two and three. We give a detailed description with the optimisations necessary for an efficient implementation. Finally we give the number of points we have computed on a "random" curve defined over the field F q with q = 2 8009 .
Power operations in elliptic cohomology and representations of loop groups
 Trans. Amer. Math. Soc
, 2000
"... Abstract. The first part describes power operations in elliptic cohomology in terms of isogenies of the underlying elliptic curve. The second part discusses a relationship between equivariant elliptic cohomology and representations of loop groups. The third part investigates the representation theor ..."
Abstract

Cited by 14 (2 self)
 Add to MetaCart
Abstract. The first part describes power operations in elliptic cohomology in terms of isogenies of the underlying elliptic curve. The second part discusses a relationship between equivariant elliptic cohomology and representations of loop groups. The third part investigates the representation theoretic considerations which give rise to the power operations discussed in the first part. Contents
A Survey of Modern Integer Factorization Algorithms
 CWI Quarterly
, 1994
"... Introduction An integer n ? 1 is said to be a prime number (or simply prime) if the only divisors of n are \Sigma1 and \Sigman. There are infinitely many prime numbers, the first four being 2, 3, 5, and 7. If n ? 1 and n is not prime, then n is said to be composite. The integer 1 is neither prime ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
Introduction An integer n ? 1 is said to be a prime number (or simply prime) if the only divisors of n are \Sigma1 and \Sigman. There are infinitely many prime numbers, the first four being 2, 3, 5, and 7. If n ? 1 and n is not prime, then n is said to be composite. The integer 1 is neither prime nor composite. The Fundamental Theorem of Arithmetic states that every positive integer can be expressed as a finite (perhaps empty) product of prime numbers, and that this factorization is unique except for the ordering of the factors. Table 1.1 has some sample factorizations. 1990 = 2 \Delta 5 \Delta 199 1995 = 3 \Delta 5 \Delta 7 \Delta 19 2000 = 2 4 \Delta 5 3 2005 = 5 \Delta 401
Decoding AlgebraicGeometric Codes Beyond the ErrorCorrection Bound
, 1998
"... Generalizing the highnoise decoding methods of [1, 19] to the class of algebraicgeometric codes, we design the first polynomialtime algorithms to decode algebraicgeometric codes significantly beyond the conventional errorcorrection bound. Applying our results to codes obtained from curves with m ..."
Abstract

Cited by 13 (4 self)
 Add to MetaCart
Generalizing the highnoise decoding methods of [1, 19] to the class of algebraicgeometric codes, we design the first polynomialtime algorithms to decode algebraicgeometric codes significantly beyond the conventional errorcorrection bound. Applying our results to codes obtained from curves with many rational points, we construct arbitrarily long, constantrate linear codes over a fixed field F q such that a codeword is efficiently, nonuniquely reconstructible after a majority of its letters have been arbitrarily corrupted. We also construct codes such that a codeword is uniquely and efficiently reconstructible after a majority of its letters have been corrupted by noise which is random in a specified sense. We summarize our results in terms of bounds on asymptotic parameters, giving a new characterization of decoding beyond the errorcorrection bound. 1 Introduction Errorcorrecting codes, originally designed to accommodate reliable transmission of information through unreliable ...
The twistaugmented technique for key exchange
 In PKC ’06, LNCS 3958
, 2006
"... Abstract. Key derivation refers to the process by which an agreed upon large random number, often named master secret, is used to derive keys to encrypt and authenticate data. Practitioners and standardization bodies have usually used the random oracle model to get key material from a DiffieHellman ..."
Abstract

Cited by 13 (7 self)
 Add to MetaCart
Abstract. Key derivation refers to the process by which an agreed upon large random number, often named master secret, is used to derive keys to encrypt and authenticate data. Practitioners and standardization bodies have usually used the random oracle model to get key material from a DiffieHellman key exchange. However, formal proofs in the standard model require randomness extractors to formally extract the entropy of the random master secret into a seed prior to derive other keys. Whereas this is a quite simple tool, it is not easy to use in practice —or it is easy to misuse it—. In addition, in many standards, the acronym PRF (PseudoRandom Functions) is used for several tasks, and namely the randomness extraction. While randomness extractors and pseudorandom functions are a priori distinct tools, we first study whether such an application is correct or not. We thereafter study DHkey exchange, in the cases of prime subgroups of Z ⋆ p (and namely where p is a safeprime) and of elliptic curves, since in IPSec, for example, only these groups are considered. We present very efficient and provable randomness extraction techniques for these groups under the DDH assumption. In the special case of elliptic curves, we present a new technique —the socalled ’TwistAUgmented’ technique — an alternative to randomness extractors which exploits specific properties of some elliptic curves. We finally compare the efficiency of this method with other solutions.
Transcendental lattices and supersingular reduction lattices of a singular K3 surface
, 2006
"... Abstract. A (smooth) K3 surface X defined over a field k of characteristic 0 is called singular if the NéronSeveri lattice NS(X) of X ⊗ k is of rank 20. Let X be a singular K3 surface defined over a number field F. For each embedding σ: F ֒ → C, we denote by T(X σ) the transcendental lattice of the ..."
Abstract

Cited by 11 (5 self)
 Add to MetaCart
Abstract. A (smooth) K3 surface X defined over a field k of characteristic 0 is called singular if the NéronSeveri lattice NS(X) of X ⊗ k is of rank 20. Let X be a singular K3 surface defined over a number field F. For each embedding σ: F ֒ → C, we denote by T(X σ) the transcendental lattice of the complex K3 surface X σ obtained from X by σ. For each prime ideal p of F at which X has a supersingular reduction Xp, we define L(X, p) to be the orthogonal complement of NS(X) in NS(Xp). We investigate the relation between these lattices T(X σ) and L(X, p). As an application, we give a lower bound of the degree of a number field over which a singular K3 surface with a given transcendental lattice can be defined. 1.
A finiteness theorem for canonical heights attached to rational maps over function fields
 J. REINE ANGEW. MATH
, 2007
"... Let K be a function field, let ϕ ∈ K(T) be a rational map of degree d ≥ 2 defined over K, and suppose that ϕ is not isotrivial. In this paper, we show that a point P ∈ P 1 ( ¯ K) has ϕcanonical height zero if and only if P is preperiodic for ϕ. This answers affirmatively a question of Szpiro and T ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
Let K be a function field, let ϕ ∈ K(T) be a rational map of degree d ≥ 2 defined over K, and suppose that ϕ is not isotrivial. In this paper, we show that a point P ∈ P 1 ( ¯ K) has ϕcanonical height zero if and only if P is preperiodic for ϕ. This answers affirmatively a question of Szpiro and Tucker, and generalizes a recent result of Benedetto from polynomials to rational functions. We actually prove the following stronger result, which is a variant of the Northcott finiteness principle: there exists ε> 0 such that the set of points P ∈ P 1 (K) with ϕcanonical height at most ε is finite. Our proof is essentially analytic, making use of potential theory on Berkovich spaces to study the dynamical Green’s functions gϕ,v(x, y) attached to ϕ at each place v of K. For example, we show that every conjugate of ϕ has bad reduction at v if and only if gϕ,v(x, x)> 0 for all x ∈ P 1 Berk,v, where P1 Berk,v denotes the Berkovich projective line over the completion of ¯ Kv. In an appendix, we use a similar method to give a new proof of the MordellWeil theorem for elliptic curves over K.