Results 1  10
of
13
On the Discrete Logarithm Problem on Algebraic Tori
 In Advances in Cryptology (CRYPTO 2005), Springer LNCS 3621, 66–85
, 2005
"... Abstract. Using a recent idea of Gaudry and exploiting rational representations of algebraic tori, we present an index calculus type algorithm for solving the discrete logarithm problem that works directly in these groups. Using a prototype implementation, we obtain practical upper bounds for the di ..."
Abstract

Cited by 20 (3 self)
 Add to MetaCart
Abstract. Using a recent idea of Gaudry and exploiting rational representations of algebraic tori, we present an index calculus type algorithm for solving the discrete logarithm problem that works directly in these groups. Using a prototype implementation, we obtain practical upper bounds for the difficulty of solving the DLP in the tori T2(Fpm)and T6(Fpm) for various p and m. Our results do not affect the security of the cryptosystems LUC, XTR, or CEILIDH over prime fields. However, the practical efficiency of our method against other methods needs further examining, for certain choices of p and m in regions of cryptographic interest. 1
Practical Cryptography in High Dimensional Tori
 In Advances in Cryptology (EUROCRYPT 2005), Springer LNCS 3494
, 2004
"... At Crypto 2004, van Dijk and Woodruff introduced a new way of using the algebraic tori Tn in cryptography, and obtained an asymptotically optimal n/φ(n) savings in bandwidth and storage for a number of cryptographic applications. However, the computational requirements of compression and dec ..."
Abstract

Cited by 10 (5 self)
 Add to MetaCart
(Show Context)
At Crypto 2004, van Dijk and Woodruff introduced a new way of using the algebraic tori Tn in cryptography, and obtained an asymptotically optimal n/&phi;(n) savings in bandwidth and storage for a number of cryptographic applications. However, the computational requirements of compression and decompression in their scheme were impractical, and it was left open to reduce them to a practical level. We give a new method that compresses orders of magnitude faster than the original, while also speeding up the decompression and improving on the compression factor (by a constant term). Further, we give the first efficient implementation that uses T30 , compare its performance to XTR, CEILIDH, and ECC, and present new applications. Our methods achieve better compression than XTR and CEILIDH for the compression of as few as two group elements. This allows us to apply our results to ElGamal encryption with a small message domain to obtain ciphertexts that are 10% smaller than in previous schemes.
COMPRESSION IN FINITE FIELDS AND TORUSBASED CRYPTOGRAPHY
"... This paper is dedicated to the memory of the cat Ceilidh. Abstract. We present efficient compression algorithms for subgroups of multiplicative groups of finite fields, we use our compression algorithms to construct efficient public key cryptosystems called T2 and CEILIDH, we disprove some conjectur ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
This paper is dedicated to the memory of the cat Ceilidh. Abstract. We present efficient compression algorithms for subgroups of multiplicative groups of finite fields, we use our compression algorithms to construct efficient public key cryptosystems called T2 and CEILIDH, we disprove some conjectures, and we use the theory of algebraic tori to give a better understanding of our cryptosystems, the Lucasbased, XTR and GongHarn cryptosystems, and conjectured generalizations. 1.
FACTOR4 AND 6 COMPRESSION OF CYCLOTOMIC Subgroups Of . . .
, 2009
"... Bilinear pairings derived from supersingular elliptic curves of embedding degrees 4 and 6 over finite fields F2 m and F3m, respectively, have been used to implement pairingbased cryptographic protocols. The pairing values lie in certain primeorder subgroups of the cyclotomic subgroups of orders ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
Bilinear pairings derived from supersingular elliptic curves of embedding degrees 4 and 6 over finite fields F2 m and F3m, respectively, have been used to implement pairingbased cryptographic protocols. The pairing values lie in certain primeorder subgroups of the cyclotomic subgroups of orders 22m + 1 and 32m − 3m + 1, respectively, of the multiplicative groups F ∗ 24m and F ∗ 36m. It was previously known how to compress the pairing values over characteristic two fields by a factor of 2, and the pairing values over characteristic three fields by a factor of 6. In this paper, we show how the pairing values over characteristic two fields can be compressed by a factor of 4. Moreover, we present and compare several algorithms for performing exponentiation in the primeorder subgroups using the compressed representations. In particular, in the case where the base is fixed, we expect to gain at least a 54 % speed up over the fastest previously known exponentiation algorithm that uses factor6 compressed representations.
DOUBLEEXPONENTIATION IN FACTOR4 GROUPS AND ITS APPLICATIONS
"... Abstract. In previous work we showed how to compress certain primeorder subgroups of the cyclotomic subgroups of orders 22m + 1 of the multiplicative groups of F ∗ 24m by a factor of 4. We also showed that singleexponentiation can be efficiently performed using compressed representations. In this ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
Abstract. In previous work we showed how to compress certain primeorder subgroups of the cyclotomic subgroups of orders 22m + 1 of the multiplicative groups of F ∗ 24m by a factor of 4. We also showed that singleexponentiation can be efficiently performed using compressed representations. In this paper we show that doubleexponentiation can be efficiently performed using factor4 compressed representation of elements. In addition to giving a considerable speed up to the previously known fastest singleexponentiation algorithm for general bases, doubleexponentiation can be used to adapt our compression technique to ElGamal type signature schemes. 1.
On IdentityBased Cryptosystems from Quadratic Residuosity
, 2014
"... Abstract. Three approaches are currently used for devising identitybased encryption schemes. They build on pairings, quadratic residues (QR), and lattices, respectively. Among them, the QRbased scheme proposed by Cocks in 2001 is notable in that it works in standard RSA groups: its security relies ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Three approaches are currently used for devising identitybased encryption schemes. They build on pairings, quadratic residues (QR), and lattices, respectively. Among them, the QRbased scheme proposed by Cocks in 2001 is notable in that it works in standard RSA groups: its security relies on the standard quadratic residuosity assumption. But is has also a number of deficiencies, some of them have been subsequently addressed in followup works. Currently, one of the main limitations of Cocks ’ scheme resides in its apparent lack of structure. This considerably restricts the range of possible applications. For example, given two Cocks ciphertexts, it is unknown how to evaluate of function thereof. Cocks ’ scheme is believed to be nonhomomorphic. This paper disproves this conjecture and proposes a constructive method for computing over Cocks ciphertexts. The discovery of the hidden algebraic structure behind Cocks encryption is at the core of the method. It offers a better understanding of Cocks ’ scheme. As a further illustration of the importance of the knowledge of the underlying structure, this paper shows how to anonymize Cocks ciphertexts without increasing their size or sacrificing the security. This results for example in the most efficient publickey encryption scheme with keyword search based on the quadratic residuosity.
On Modular Inverses of Cyclotomic Polynomials and the Magnitude of their Coefficients
, 2009
"... Let p and r be two primes and n, m be two distinct divisors of pr. Consider Φn and Φm, the nth and mth cyclotomic polynomials. In this paper, we present lower and upper bounds for the coefficients of the inverse of Φn modulo Φm. ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Let p and r be two primes and n, m be two distinct divisors of pr. Consider Φn and Φm, the nth and mth cyclotomic polynomials. In this paper, we present lower and upper bounds for the coefficients of the inverse of Φn modulo Φm.
On Cryptographic Schemes Based on Discrete Logarithms and Factoring
"... Abstract. At CRYPTO 2003, Rubin and Silverberg introduced the concept of torusbased cryptography over a finite field. We extend their setting to the ring of integers modulo N. We so obtain compact representations for cryptographic systems that base their security on the discrete logarithm proble ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. At CRYPTO 2003, Rubin and Silverberg introduced the concept of torusbased cryptography over a finite field. We extend their setting to the ring of integers modulo N. We so obtain compact representations for cryptographic systems that base their security on the discrete logarithm problem and the factoring problem. This results in smaller key sizes and substantial savings in memory and bandwidth. But unlike the case of finite fields, analogous tracebased compression methods cannot be adapted to accommodate our extended setting when the underlying systems require more than a mere exponentiation. As an application, we present an improved, torusbased implementation of the ACJT group signature scheme.
FACTOR4 AND 6 COMPRESSION OF CYCLOTOMIC
"... Abstract. Bilinear pairings derived from supersingular elliptic curves of embedding degrees 4 and 6 over finite fields F2 m and F3m, respectively, have been used to implement pairingbased cryptographic protocols. The pairing values lie in certain primeorder subgroups of the cyclotomic subgroups of ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Bilinear pairings derived from supersingular elliptic curves of embedding degrees 4 and 6 over finite fields F2 m and F3m, respectively, have been used to implement pairingbased cryptographic protocols. The pairing values lie in certain primeorder subgroups of the cyclotomic subgroups of orders 22m + 1 and 32m − 3m + 1, respectively, of the multiplicative groups F ∗ 24m and F ∗ 36m. It was previously known how to compress the pairing values over characteristic two fields by a factor of 2, and the pairing values over characteristic three fields by a factor of 6. In this paper, we show how the pairing values over characteristic two fields can be compressed by a factor of 4. Moreover, we present and compare several algorithms for performing exponentiation in the primeorder subgroups using the compressed representations. In particular, in the case where the base is fixed, we expect to gain at least a 54 % speed up over the fastest previously known exponentiation algorithm that uses factor6 compressed representations. 1.