Results 1  10
of
127
Elliptic Curves And Primality Proving
 Math. Comp
, 1993
"... The aim of this paper is to describe the theory and implementation of the Elliptic Curve Primality Proving algorithm. ..."
Abstract

Cited by 202 (22 self)
 Add to MetaCart
(Show Context)
The aim of this paper is to describe the theory and implementation of the Elliptic Curve Primality Proving algorithm.
Software Implementation of Elliptic Curve Cryptography Over Binary Fields
, 2000
"... This paper presents an extensive and careful study of the software implementation on workstations of the NISTrecommended elliptic curves over binary fields. We also present the results of our implementation in C on a Pentium II 400 MHz workstation. ..."
Abstract

Cited by 184 (10 self)
 Add to MetaCart
This paper presents an extensive and careful study of the software implementation on workstations of the NISTrecommended elliptic curves over binary fields. We also present the results of our implementation in C on a Pentium II 400 MHz workstation.
Speeding Up The Computations On An Elliptic Curve Using AdditionSubtraction Chains
 Theoretical Informatics and Applications
, 1990
"... We show how to compute x k using multiplications and divisions. We use this method in the context of elliptic curves for which a law exists with the property that division has the same cost as multiplication. Our best algorithm is 11.11% faster than the ordinary binary algorithm and speeds up acco ..."
Abstract

Cited by 109 (4 self)
 Add to MetaCart
We show how to compute x k using multiplications and divisions. We use this method in the context of elliptic curves for which a law exists with the property that division has the same cost as multiplication. Our best algorithm is 11.11% faster than the ordinary binary algorithm and speeds up accordingly the factorization and primality testing algorithms using elliptic curves. 1. Introduction. Recent algorithms used in primality testing and integer factorization make use of elliptic curves defined over finite fields or Artinian rings (cf. Section 2). One can define over these sets an abelian law. As a consequence, one can transpose over the corresponding groups all the classical algorithms that were designed over Z/NZ. In particular, one has the analogue of the p \Gamma 1 factorization algorithm of Pollard [29, 5, 20, 22], the Fermatlike primality testing algorithms [1, 14, 21, 26] and the public key cryptosystems based on RSA [30, 17, 19]. The basic operation performed on an elli...
Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms
, 2001
"... The fundamental operation in elliptic curve cryptographic schemes is that of point multiplication of an elliptic curve point by an integer. This paper describes a new method for accelerating this operation on classes of elliptic curves that have efficientlycomputable endomorphisms. One advantage of ..."
Abstract

Cited by 93 (0 self)
 Add to MetaCart
(Show Context)
The fundamental operation in elliptic curve cryptographic schemes is that of point multiplication of an elliptic curve point by an integer. This paper describes a new method for accelerating this operation on classes of elliptic curves that have efficientlycomputable endomorphisms. One advantage of the new method is that it is applicable to a larger class of curves than previous such methods.
Faster addition and doubling on elliptic curves
 In Asiacrypt 2007 [10
, 2007
"... Abstract. Edwards recently introduced a new normal form for elliptic curves. Every elliptic curve over a nonbinary field is birationally equivalent to a curve in Edwards form over an extension of the field, and in many cases over the original field. This paper presents fast explicit formulas (and r ..."
Abstract

Cited by 85 (10 self)
 Add to MetaCart
(Show Context)
Abstract. Edwards recently introduced a new normal form for elliptic curves. Every elliptic curve over a nonbinary field is birationally equivalent to a curve in Edwards form over an extension of the field, and in many cases over the original field. This paper presents fast explicit formulas (and register allocations) for group operations on an Edwards curve. The algorithm for doubling uses only 3M + 4S, i.e., 3 field multiplications and 4 field squarings. If curve parameters are chosen to be small then the algorithm for mixed addition uses only 9M + 1S and the algorithm for nonmixed addition uses only 10M + 1S. Arbitrary Edwards curves can be handled at the cost of just one extra multiplication by a curve parameter. For comparison, the fastest algorithms known for the popular “a4 = −3 Jacobian ” form use 3M + 5S for doubling; use 7M + 4S for mixed addition; use 11M + 5S for nonmixed addition; and use 10M + 4S for nonmixed addition when one input has been added before. The explicit formulas for nonmixed addition on an Edwards curve can be used for doublings at no extra cost, simplifying protection against sidechannel attacks. Even better, many elliptic curves (approximately 1/4 of all isomorphism classes of elliptic curves over a nonbinary finite field) are birationally equivalent — over the original field — to Edwards curves where this addition algorithm works for all pairs of curve points, including inverses, the neutral element, etc. This paper contains an extensive comparison of different forms of elliptic curves and different coordinate systems for the basic group operations (doubling, mixed addition, nonmixed addition, and unified addition) as well as higherlevel operations such as multiscalar multiplication.
Software Implementation of the NIST Elliptic Curves Over Prime Fields
 TOPICS IN CRYPTOLOGY – CTRSA 2001, VOLUME 2020 OF LNCS
, 2001
"... ..."
(Show Context)
Protections against differential analysis for elliptic curve cryptography: An algebraic approach
 Cryptographic Hardware and Embedded Systems (CHES’01), LNCS2162
"... Abstract. We propose several new methods to protect the scalar multiplication on an elliptic curve against Differential Analysis. The basic idea consists in transforming the curve through various random morphisms to provide a nondeterministic execution of the algorithm. The solutions we suggest co ..."
Abstract

Cited by 60 (4 self)
 Add to MetaCart
(Show Context)
Abstract. We propose several new methods to protect the scalar multiplication on an elliptic curve against Differential Analysis. The basic idea consists in transforming the curve through various random morphisms to provide a nondeterministic execution of the algorithm. The solutions we suggest complement and improve the stateoftheart, but also provide a practical toolbox of efficient countermeasures. These should suit most of the needs for protecting implementations of cryptoalgorithms based on elliptic curves.
Hessian Elliptic Curves and SideChannel Attacks
 of Lecture Notes in Computer Science
, 2001
"... Sidechannel attacks are a recent class of attacks that have been revealed to be very powerful in practice. By measuring some sidechannel information (running time, power consumption, . . . ), an attacker is able to recover some secret data from a carelessly implemented cryptoalgorithm. ..."
Abstract

Cited by 59 (8 self)
 Add to MetaCart
(Show Context)
Sidechannel attacks are a recent class of attacks that have been revealed to be very powerful in practice. By measuring some sidechannel information (running time, power consumption, . . . ), an attacker is able to recover some secret data from a carelessly implemented cryptoalgorithm.
Some integer factorization algorithms using elliptic curves
 Australian Computer Science Communications
, 1986
"... Lenstra’s integer factorization algorithm is asymptotically one of the fastest known algorithms, and is also ideally suited for parallel computation. We suggest a way in which the algorithm can be speeded up by the addition of a second phase. Under some plausible assumptions, the speedup is of order ..."
Abstract

Cited by 56 (13 self)
 Add to MetaCart
(Show Context)
Lenstra’s integer factorization algorithm is asymptotically one of the fastest known algorithms, and is also ideally suited for parallel computation. We suggest a way in which the algorithm can be speeded up by the addition of a second phase. Under some plausible assumptions, the speedup is of order log(p), where p is the factor which is found. In practice the speedup is significant. We mention some refinements which give greater speedup, an alternative way of implementing a second phase, and the connection with Pollard’s “p − 1” factorization algorithm. 1
Efficient Elliptic Curve Exponentiation
, 1997
"... Elliptic curve cryptosystems, proposed by Koblitz([8]) and Miller([11]), can be constructed over a smaller definition field than the ElGamal cryptosystems([5]) or the RSA cryptosystems([16]). This is why elliptic curve cryptosystems have be un to attract notice. There are mainly two types in ellipti ..."
Abstract

Cited by 46 (1 self)
 Add to MetaCart
Elliptic curve cryptosystems, proposed by Koblitz([8]) and Miller([11]), can be constructed over a smaller definition field than the ElGamal cryptosystems([5]) or the RSA cryptosystems([16]). This is why elliptic curve cryptosystems have be un to attract notice. There are mainly two types in elliptic curve cryptosystems, elliptic curves E over IF 2 r and E over IFp . Some current systems based on ElGamal or RSA may often use modulo arithmetic over IFp . Therefore it is convenient to construct fast elliptic curve cryptosystems over IFp . In this paper, we investi ate how to implement elliptic curve cryptosystems on E/IF p . 1 Introdu1 Koblitz ([8])a8 Miller ([11]) proposeda method by which public key cryptosystemsca be constructed on the groupof points on a elliptic curve over a finite fieldinstea ofa finite field. If elliptic curve cryptosystemsa void the MenezesOkaeneze aeneze reduction ([13]), then the only knownapGS ks ap the PollaS #method ([15]) ap the PohligHellma method ([14]). So upto the present, weca construct elliptic curve cryptosystems overa smaE// definition field tha the discreteloga6paEGpaEGpap////p// cryptosystems likeElGa ma cryptosystems([5]) or DSA([3])aA the RSA cryptosystems([16]). Elliptic curve cryptosystems with 160bit key ha ve the sap securitya s bothElGaD/ cryptosystemsar RSA with 1,024bit key. This is why elliptic curve cryptosystemsha ve been discussed in ISO/IEC CD 148833, ISO/IEC DIS 117703, ANSI ASC X.9, X.9.62,a9 IEEE P1363([7]). AsstaS0LpPL6/0Sp is apapE/E faEimplementalem of elliptic curve cryptosystemsha been reported([6, 20, 22]). Thereae marep two types in elliptic curve cryptosystems, elliptic curves over IF 2 raD elliptic curves over IF p . U to the resent, the study on im lementapDE ha been often atena elli tic cur...