Results 1  10
of
22
Guide to Elliptic Curve Cryptography
, 2004
"... Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves ..."
Abstract

Cited by 369 (17 self)
 Add to MetaCart
Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang: It is possible to write endlessly on elliptic curves. (This is not a threat.) Elliptic curves also figured prominently in the recent proof of Fermat's Last Theorem by Andrew Wiles. Originally pursued for purely aesthetic reasons, elliptic curves have recently been utilized in devising algorithms for factoring integers, primality proving, and in publickey cryptography. In this article, we aim to give the reader an introduction to elliptic curve cryptosystems, and to demonstrate why these systems provide relatively small block sizes, highspeed software and hardware implementations, and offer the highest strengthperkeybit of any known publickey scheme.
Arithmetic On Superelliptic Curves
 Math. Comp
, 2000
"... This paper is concerned with algorithms for computing in the divisor class group of a nonsingular plane curve of the form y n = c(x) which has only one point at infinity. Divisors are represented as ideals and an ideal reduction algorithm based on lattice reduction is given. We obtain a unique repre ..."
Abstract

Cited by 37 (4 self)
 Add to MetaCart
This paper is concerned with algorithms for computing in the divisor class group of a nonsingular plane curve of the form y n = c(x) which has only one point at infinity. Divisors are represented as ideals and an ideal reduction algorithm based on lattice reduction is given. We obtain a unique representative for each divisor class and the algorithms for addition and reduction of divisors run in polynomial time. An algorithm is also given for solving the discrete logarithm problem when the curve is defined over a finite field.
Computing discrete logarithms in real quadratic congruence function fields of large genus
 Math. Comp
, 1999
"... Abstract. The discrete logarithm problem in various finite abelian groups is the basis for some well known public key cryptosystems. Recently, real quadratic congruence function fields were used to construct a public key distribution system. The security of this public key system is based on the dif ..."
Abstract

Cited by 36 (8 self)
 Add to MetaCart
Abstract. The discrete logarithm problem in various finite abelian groups is the basis for some well known public key cryptosystems. Recently, real quadratic congruence function fields were used to construct a public key distribution system. The security of this public key system is based on the difficulty of a discrete logarithm problem in these fields. In this paper, we present a probabilistic algorithm with subexponential running time that computes such discrete logarithms in real quadratic congruence function fields of sufficiently large genus. This algorithm is a generalization of similar algorithms for real quadratic number fields. 1.
Explicit bounds and heuristics on class numbers in hyperelliptic function fields
 Mathematics of Computation
, 1999
"... Abstract. In this paper, we provide tight estimates for the divisor class number of hyperelliptic function fields. We extend the existing methods to any hyperelliptic function field and improve the previous bounds by a factor proportional to g with the help of new results. We thus obtain a faster me ..."
Abstract

Cited by 13 (6 self)
 Add to MetaCart
Abstract. In this paper, we provide tight estimates for the divisor class number of hyperelliptic function fields. We extend the existing methods to any hyperelliptic function field and improve the previous bounds by a factor proportional to g with the help of new results. We thus obtain a faster method of computing regulators and class numbers. Furthermore, we provide experimental data and heuristics on the distribution of the class number within the bounds on the class number. These heuristics are based on recent results by Katz and Sarnak. Our numerical results and the heuristics imply that our approximation is in general far better than the bounds suggest. 1.
Equivalences Between Elliptic Curves and Real Quadratic Congruence Function Fields
 In preparation
"... In 1994, the wellknown DiffieHellman key exchange protocol was for the first time implemented in a nongroup based setting. Here, the underlying key space was the set of reduced principal ideals of a real quadratic number field. This set does not possess a group structure, but instead exhibits a s ..."
Abstract

Cited by 13 (4 self)
 Add to MetaCart
In 1994, the wellknown DiffieHellman key exchange protocol was for the first time implemented in a nongroup based setting. Here, the underlying key space was the set of reduced principal ideals of a real quadratic number field. This set does not possess a group structure, but instead exhibits a socalled infrastructure. More recently, the scheme was extended to real quadratic congruence function fields, whose set of reduced principal ideals has a similar infrastructure. As always, the security of the protocol depends on a certain discrete logarithm problem (DLP). In this paper, we show that for real quadratic congruence function fields of genus one, i.e. elliptic congruence function fields, this DLP is equivalent to the DLP for elliptic curves over finite fields. We present the explicit corresponce between the two DLPs and prove some properties which have no analogues for real quadratic number fields. Furthermore, we show that for elliptic congruence function fields, the set of redu...
The efficiency and security of a real quadratic field based key exchange protocol
 DE GRUYTER
, 2001
"... Most cryptographic key exchange protocols make use of the presumed difficulty of solving the discrete logarithm problem (DLP) in a certain finite group as the basis of their security. Recently, real quadratic number fields have been proposed for use in the development of such protocols. Breaking suc ..."
Abstract

Cited by 12 (4 self)
 Add to MetaCart
Most cryptographic key exchange protocols make use of the presumed difficulty of solving the discrete logarithm problem (DLP) in a certain finite group as the basis of their security. Recently, real quadratic number fields have been proposed for use in the development of such protocols. Breaking such schemes is known to be at least as difficult a problem as integer factorization; furthermore, these are the first discrete logarithm based systems to utilize a structure which is not a group, specifically the collection of reduced ideals which belong to the principal class of the number field. For this structure the DLP is essentially that of determining a generator of a given principal ideal. Unfortunately, there are a few implementationrelated disadvantages to these schemes, such as the need for high precision floating point arithmetic and an ambiguity problem that requires a short, second round of communication. In this paper we describe work that has led to the resolution of some of these difficulties. Furthermore, we discuss the security of the system, concentrating on the most recent techniques for solving the DLP in a real quadratic number field.
Smooth ideals in hyperelliptic function fields
 Math.Comp., posted on October 4, 2001, PII
"... Abstract. Recently, several algorithms have been suggested for solving the discrete logarithm problem in the Jacobians of highgenus hyperelliptic curves over finite fields. Some of them have a provable subexponential running time and are using the fact that smooth reduced ideals are sufficiently de ..."
Abstract

Cited by 9 (7 self)
 Add to MetaCart
Abstract. Recently, several algorithms have been suggested for solving the discrete logarithm problem in the Jacobians of highgenus hyperelliptic curves over finite fields. Some of them have a provable subexponential running time and are using the fact that smooth reduced ideals are sufficiently dense. We explicitly show how these density results can be derived. All proofs are purely combinatorial and do not exploit analytic properties of generating functions. 1.
The parallelized Pollard kangaroo method in real quadratic function
 Mathematics of Computation
"... Abstract. We show how to use the parallelized kangaroo method for computing invariants in real quadratic function fields. Specifically, we show how to apply the kangaroo method to the infrastructure in these fields. We also show how to speed up the computation by using heuristics on the distribution ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
Abstract. We show how to use the parallelized kangaroo method for computing invariants in real quadratic function fields. Specifically, we show how to apply the kangaroo method to the infrastructure in these fields. We also show how to speed up the computation by using heuristics on the distribution of the divisor class number, and by using the relatively inexpensive baby steps in the real quadratic model of a hyperelliptic function field. Furthermore, we provide examples for regulators and class numbers of hyperelliptic function fields of genus 3 that are larger than those ever reported before. 1.
CRYPTOGRAPHIC PROTOCOLS ON REAL HYPERELLIPTIC CURVES
"... (Communicated by Edlyn Teske) Abstract. We present publickey cryptographic protocols for key exchange, digital signatures, and encryption whose security is based on the presumed intractability of solving the principal ideal problem, or equivalently, the distance problem, in the real model of a hype ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
(Communicated by Edlyn Teske) Abstract. We present publickey cryptographic protocols for key exchange, digital signatures, and encryption whose security is based on the presumed intractability of solving the principal ideal problem, or equivalently, the distance problem, in the real model of a hyperelliptic curve. Our protocols represent a significant improvement over existing protocols using real hyperelliptic curves. Theoretical analysis and numerical experiments indicate that they are comparable to the imaginary model in terms of efficiency, and hold much more promise for practical applications than previously believed. 1.