This paper presents a new password authentication and key-exchange protocol suitable for authenticating users and exchanging keys over an untrusted network. The new protocol resists dictionary attacks mounted by either passive or active network intruders, allowing, in principle, even weak passphrases to be used safely. It also o ers perfect forward secrecy, which protects past sessions and passwords against future compromises. Finally, user passwords are stored in a form that is not plaintext-equivalent to the password itself, so an attacker who captures the password database cannot use it directly to compromise security and gain immediate access to the host. This new protocol combines techniques of zero-knowledge proofs with asymmetric key exchange protocols and o ers signi cantly improved performance over comparably strong extended methods that resist stolen-veri er attacks such as Augmented EKE or B-SPEKE. 1

Elliptic curves are the basis for a relative new class of public-key schemes. It is predicted that elliptic curves will replace many existing schemes in the near future. It is thus of great interest to develop algorithms which allow efficient implementations of elliptic curve crypto systems. This thesis deals with such algorithms. Efficient algorithms for elliptic curves can be classified into low-level algorithms, which deal with arithmetic in the underlying finite field and high-level algorithms, which operate with the group operation. This thesis describes three new algorithms for efficient implementations of elliptic curve cryptosystems. The first algorithm describes the application of the Karatsuba-Ofman Algorithm to multiplication in composite fields GF ((2 n ) m ). The second algorithm deals with efficient inversion in composite Galois fields of the form GF ((2 n ) m ). The third algorithm is an entirely new approach which accelerates the multiplication of points which i...

Elliptic curve cryptography (ECC) was introduced by Victor Miller and Neal Koblitz in 1985. ECC proposed as an alternative to established public-key systems such as DSA and RSA, have recently gained a lot attention in industry and academia. The main reason for the attractiveness of ECC is the fact that there is no sub-exponential algorithm known to solve the discrete logarithm problem on a properly chosen elliptic curve. This means that significantly smaller parameters can be used in ECC than in other competitive systems such RSA and DSA, but with equivalent levels of security. Some benefits of having smaller key sizes include faster computations, and reductions in processing power, storage space and bandwidth. This makes ECC ideal for constrained environments such as pagers, PDAs, cellular phones and smart cards. The implementation of ECC, on the other hand, requires several choices such as the type of the underlying finite field, algorithms for implementing the finite field arithmetic and so on. In this paper we give we presen an selective overview of the main methods.

. In this article we survey recent developments concerning the discrete logarithm problem. Both theoretical and practical results are discussed. We emphasize the case of finite fields, and in particular, recent modifications of the index calculus method, including the number field sieve and the function field sieve. We also provide a sketch of the some of the cryptographic schemes whose security depends on the intractibility of the discrete logarithm problem. 1 Introduction Let G be a cyclic group generated by an element t. The discrete logarithm problem in G is to compute for any b 2 G the least non-negative integer e such that t e = b. In this case, we write log t b = e. Our purpose, in this paper, is to survey recent work on the discrete logarithm problem. Our approach is twofold. On the one hand, we consider the problem from a purely theoretical perspective. Indeed, the algorithms that have been developed to solve it not only explore the fundamental nature of one of the basic s...

Security issues will play an important role in the majority of communication and computer networks of the future. As the Internet becomes more and more accessible to the public, security measures will have to be strengthened. Elliptic curve cryptosystems allow for shorter operand lengths than other public-key schemes based on the discrete logarithm in finite fields and the integer factorization problem and are thus attractive for many applications. This thesis describes an implementation of a crypto engine based on elliptic curves. The underlying algebraic structures are composite Galois fields GF((2 n) m) in a standard base representation. As a major new feature, the system is developed for a reconfigurable platform based on Field Programmable Gate Arrays (FPGAs). FPGAs combine the flexibility of software solutions with the security of traditional hardware implementations. In particular, it is possible to easily change all algorithm parameters such as curve coefficients, field order, or field representation. The thesis deals with the design and implementation of elliptic curve point multiplicationarchitectures. The architectures are described in VHDL and mapped to Xilinx FPGA devices. Architectures over Galois fields of different order and representation were implemented and compared. Area and timing measurements are provided for all architectures. It is shown that a full point multiplication on elliptic curves of real-world size can be implemented on commercially available FPGAs.

For speeding up elliptic curve scalar multiplication and making it secure against side-channel attacks such as timing or power analysis, various methods have been proposed using specifically chosen elliptic curves. We show that both goals can be achieved simultaneously even for conventional elliptic curves over Fp . This result is shown via two facts. First, we recall the known fact that every elliptic curve over Fp admits a scalar multiplication via a (Montgomery ladder) Lucas chain.

This paper describes an algorithm for computing elliptic scalar multiplications on non-supersingular elliptic curves defined over GF(2 m ). The algorithm is an optimized version of a method described in [1], which is based on Montgomery's method [8]. Our algorithm is easy to implement in both hardware and software, works for any elliptic curve over GF(2 m ), requires no precomputed multiples of a point, and is faster on average than the addition-subtraction method described in draft standard IEEE P1363. In addition, the method requires less memory than projective schemes and the amount of computation needed for a scalar multiplication is fixed for all multipliers of the same binary length. Therefore, the improved method possesses many desirable features for implementing elliptic curves in restricted environments.

In this paper, we introduce a new approach to the generation of binary sequences by applying trace functions to elliptic curves over GF(2 m ). We call these sequences elliptic curve pseudorandom sequences (EC-sequence). We determine their periods, distribution of zeros and ones, and linear spans for a class of EC-sequences generated from supersingular curves. We exhibit a class of EC-sequences which has half period as a lower bound for their linear spans. EC-sequences can be constructed algebraically and can be generated efficiently in software or hardware by the same methods that are used for implementation of elliptic curve public-key cryptosystems.

Abstract. This paper proposes a new approach to provide reliable data transmission in MANET with strong adversaries. We combine Elliptic Curve Cryptography and Threshold Cryptosystem to securely deliver messages in n shares. As long as the destination receives at least k shares, it can recover the original message. We explore seven ECC mechanisms, El-Gamal, Massey-Omura, Diffie-Hellman, Menezes-Vanstone, Koyama-Maurer-Okamoto-Vanstone, Ertaul, and Demytko. For secure data forwarding, we consider both splitting plaintext before encryption, and splitting ciphertext after encryption. Also we suggest to exchange keys between a pair of mobile nodes using Elliptic Curve Cryptography Diffie-Hellman. We did performance comparison of ECC and RSA to show ECC is more efficient than RSA. 1

In 1985 Neal Koblitz and V.S. Miller proposed elliptic curves to be used for public key cryptosystems, whereas RSA, a nowadays widely used public key cryptosystem, was developed by Rivest, Shamir, and Adleman almost ten years earlier in 1977. The elliptic curve cryptosystem benefits from smaller key sizes than RSA, which makes its cryptographic operations, encryption, decryption, signing, and signature verification faster than RSA's operations. A smart card is a single-chip microcomputer with a size of 25 mm² at most. Today smart cards are used mainly for electronic identification and storing user information. Smart cards are also used to store private keys and to execute cryptographic operations which use private keys. This Master's thesis examines whether elliptic curve cryptography is better suited to be used on smart cards than the nowadays widely used RSA. It describes the elliptic curve cryptography and RSA implementations used to compare these two cryptosystems, and presents performance comparisons based on these implementations. In addition, this thesis contains security and space requirement comparisons between these two cryptosystems. According to the test results, signing and decryption operations are faster with the elliptic curve cryptosystem than with RSA, but RSA is faster when encrypting messages or verifying signatures. On the other hand, the elliptic curve cryptosystem needs less space to store the private keys than RSA, and is thus well suited to be used on smart cards. The elliptic curve cryptosystem has the disadvantage that the Menezes-Vanstone encryption increases the size of encrypted messages considerably more than RSA encryption does. In addition, because an elliptic curve cryptosystem implementation is more complicated and requires deeper mathematical understanding than an RSA implementation, it is more susceptible to errors which diminishes its security.