Results 1 
7 of
7
On the Discrete Logarithm Problem on Algebraic Tori
 In Advances in Cryptology (CRYPTO 2005), Springer LNCS 3621, 66–85
, 2005
"... Abstract. Using a recent idea of Gaudry and exploiting rational representations of algebraic tori, we present an index calculus type algorithm for solving the discrete logarithm problem that works directly in these groups. Using a prototype implementation, we obtain practical upper bounds for the di ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
Abstract. Using a recent idea of Gaudry and exploiting rational representations of algebraic tori, we present an index calculus type algorithm for solving the discrete logarithm problem that works directly in these groups. Using a prototype implementation, we obtain practical upper bounds for the difficulty of solving the DLP in the tori T2(Fpm)and T6(Fpm) for various p and m. Our results do not affect the security of the cryptosystems LUC, XTR, or CEILIDH over prime fields. However, the practical efficiency of our method against other methods needs further examining, for certain choices of p and m in regions of cryptographic interest. 1
Practical Cryptography in High Dimensional Tori
 In Advances in Cryptology (EUROCRYPT 2005), Springer LNCS 3494
, 2004
"... At Crypto 2004, van Dijk and Woodruff introduced a new way of using the algebraic tori Tn in cryptography, and obtained an asymptotically optimal n/φ(n) savings in bandwidth and storage for a number of cryptographic applications. However, the computational requirements of compression and decompr ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
At Crypto 2004, van Dijk and Woodruff introduced a new way of using the algebraic tori Tn in cryptography, and obtained an asymptotically optimal n/φ(n) savings in bandwidth and storage for a number of cryptographic applications. However, the computational requirements of compression and decompression in their scheme were impractical, and it was left open to reduce them to a practical level. We give a new method that compresses orders of magnitude faster than the original, while also speeding up the decompression and improving on the compression factor (by a constant term). Further, we give the first efficient implementation that uses T30 , compare its performance to XTR, CEILIDH, and ECC, and present new applications. Our methods achieve better compression than XTR and CEILIDH for the compression of as few as two group elements. This allows us to apply our results to ElGamal encryption with a small message domain to obtain ciphertexts that are 10% smaller than in previous schemes.
COMPRESSION IN FINITE FIELDS AND TORUSBASED CRYPTOGRAPHY
"... This paper is dedicated to the memory of the cat Ceilidh. Abstract. We present efficient compression algorithms for subgroups of multiplicative groups of finite fields, we use our compression algorithms to construct efficient public key cryptosystems called T2 and CEILIDH, we disprove some conjectur ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
This paper is dedicated to the memory of the cat Ceilidh. Abstract. We present efficient compression algorithms for subgroups of multiplicative groups of finite fields, we use our compression algorithms to construct efficient public key cryptosystems called T2 and CEILIDH, we disprove some conjectures, and we use the theory of algebraic tori to give a better understanding of our cryptosystems, the Lucasbased, XTR and GongHarn cryptosystems, and conjectured generalizations. 1.
FACTOR4 AND 6 COMPRESSION OF CYCLOTOMIC Subgroups Of . . .
, 2009
"... Bilinear pairings derived from supersingular elliptic curves of embedding degrees 4 and 6 over finite fields F2 m and F3m, respectively, have been used to implement pairingbased cryptographic protocols. The pairing values lie in certain primeorder subgroups of the cyclotomic subgroups of orders ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
Bilinear pairings derived from supersingular elliptic curves of embedding degrees 4 and 6 over finite fields F2 m and F3m, respectively, have been used to implement pairingbased cryptographic protocols. The pairing values lie in certain primeorder subgroups of the cyclotomic subgroups of orders 22m + 1 and 32m − 3m + 1, respectively, of the multiplicative groups F ∗ 24m and F ∗ 36m. It was previously known how to compress the pairing values over characteristic two fields by a factor of 2, and the pairing values over characteristic three fields by a factor of 6. In this paper, we show how the pairing values over characteristic two fields can be compressed by a factor of 4. Moreover, we present and compare several algorithms for performing exponentiation in the primeorder subgroups using the compressed representations. In particular, in the case where the base is fixed, we expect to gain at least a 54 % speed up over the fastest previously known exponentiation algorithm that uses factor6 compressed representations.
DOUBLEEXPONENTIATION IN FACTOR4 GROUPS AND ITS APPLICATIONS
"... Abstract. In previous work we showed how to compress certain primeorder subgroups of the cyclotomic subgroups of orders 22m + 1 of the multiplicative groups of F ∗ 24m by a factor of 4. We also showed that singleexponentiation can be efficiently performed using compressed representations. In this ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
Abstract. In previous work we showed how to compress certain primeorder subgroups of the cyclotomic subgroups of orders 22m + 1 of the multiplicative groups of F ∗ 24m by a factor of 4. We also showed that singleexponentiation can be efficiently performed using compressed representations. In this paper we show that doubleexponentiation can be efficiently performed using factor4 compressed representation of elements. In addition to giving a considerable speed up to the previously known fastest singleexponentiation algorithm for general bases, doubleexponentiation can be used to adapt our compression technique to ElGamal type signature schemes. 1.
NORMAL ELLIPTIC BASES AND TORUSBASED CRYPTOGRAPHY
, 909
"... Abstract. We consider representations of algebraic tori Tn(Fq) over finite fields. We make use of normal elliptic bases to show that, for infinitely many squarefree integers n and infinitely many values of q, we can encode m torus elements, to a small fixed overhead and to m ϕ(n)tuples of Fq elemen ..."
Abstract
 Add to MetaCart
Abstract. We consider representations of algebraic tori Tn(Fq) over finite fields. We make use of normal elliptic bases to show that, for infinitely many squarefree integers n and infinitely many values of q, we can encode m torus elements, to a small fixed overhead and to m ϕ(n)tuples of Fq elements, in quasilinear time in log q. This improves upon previously known algorithms, which all have a quasiquadratic complexity. As a result, the cost of the encoding phase is now negligible in DiffieHellman cryptographic schemes. 1.
FACTOR4 AND 6 COMPRESSION OF CYCLOTOMIC
"... Abstract. Bilinear pairings derived from supersingular elliptic curves of embedding degrees 4 and 6 over finite fields F2 m and F3m, respectively, have been used to implement pairingbased cryptographic protocols. The pairing values lie in certain primeorder subgroups of the cyclotomic subgroups of ..."
Abstract
 Add to MetaCart
Abstract. Bilinear pairings derived from supersingular elliptic curves of embedding degrees 4 and 6 over finite fields F2 m and F3m, respectively, have been used to implement pairingbased cryptographic protocols. The pairing values lie in certain primeorder subgroups of the cyclotomic subgroups of orders 22m + 1 and 32m − 3m + 1, respectively, of the multiplicative groups F ∗ 24m and F ∗ 36m. It was previously known how to compress the pairing values over characteristic two fields by a factor of 2, and the pairing values over characteristic three fields by a factor of 6. In this paper, we show how the pairing values over characteristic two fields can be compressed by a factor of 4. Moreover, we present and compare several algorithms for performing exponentiation in the primeorder subgroups using the compressed representations. In particular, in the case where the base is fixed, we expect to gain at least a 54 % speed up over the fastest previously known exponentiation algorithm that uses factor6 compressed representations. 1.