Results 1  10
of
11
Twisted Edwards Curves
, 2008
"... This paper introduces “twisted Edwards curves,” a generalization of the recently introduced Edwards curves; shows that twisted Edwards curves include more curves over finite fields, and in particular every elliptic curve in Montgomery form; shows how to cover even more curves via isogenies; presents ..."
Abstract

Cited by 65 (6 self)
 Add to MetaCart
(Show Context)
This paper introduces “twisted Edwards curves,” a generalization of the recently introduced Edwards curves; shows that twisted Edwards curves include more curves over finite fields, and in particular every elliptic curve in Montgomery form; shows how to cover even more curves via isogenies; presents fast explicit formulas for twisted Edwards curves in projective and inverted coordinates; and shows that twisted Edwards curves save time for many curves that were already expressible as Edwards curves.
Constructing Isogenies Between Elliptic Curves Over Finite Fields
 LMS J. Comput. Math
, 1999
"... Let E 1 and E 2 be ordinary elliptic curves over a finite field Fp such that #E1 (Fp ) = #E2 (Fp ). Tate's isogeny theorem states that there is an isogeny from E1 to E2 which is defined over Fp . The goal of this paper is to describe a probabilistic algorithm for constructing such an isogeny. ..."
Abstract

Cited by 34 (5 self)
 Add to MetaCart
(Show Context)
Let E 1 and E 2 be ordinary elliptic curves over a finite field Fp such that #E1 (Fp ) = #E2 (Fp ). Tate's isogeny theorem states that there is an isogeny from E1 to E2 which is defined over Fp . The goal of this paper is to describe a probabilistic algorithm for constructing such an isogeny.
A publickey encryption scheme with pseudorandom ciphertexts
 In Computer Security – ESORICS 2004, volume 3193 of LNCS
, 2004
"... ..."
(Show Context)
The distribution of the number of points modulo an integer on elliptic curves over finite fields
, 2009
"... Let Fq be a finite field and let b and N be integers. We study the probability that the number of points on a randomly chosen elliptic curve E over Fq equals b modulo N. We prove explicit formulas for the cases gcd(N, q) = 1 and N = char(Fq). In the former case, these formulas follow from a random ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
(Show Context)
Let Fq be a finite field and let b and N be integers. We study the probability that the number of points on a randomly chosen elliptic curve E over Fq equals b modulo N. We prove explicit formulas for the cases gcd(N, q) = 1 and N = char(Fq). In the former case, these formulas follow from a random matrix theorem for Frobenius acting on the Ntorsion part of E, obtained by applying density results due to Chebotarev to the modular covering X(N) → X(1). As an additional application to this theorem, we estimate the probability that a randomly chosen elliptic curve has a point of order precisely N. 1
Generating Prime Order Elliptic Curves: Difficulties and Efficiency
 Considerations, in International Conference on Information Security and Cryptology – ICISC 2004, Lecture Notes in Computer Science
, 2005
"... Abstract. We consider the generation of prime order elliptic curves (ECs) over a prime field Fp using the Complex Multiplication (CM) method. A crucial step of this method is to compute the roots of a special type of class field polynomials with the most commonly used being the Hilbert and Weber one ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
(Show Context)
Abstract. We consider the generation of prime order elliptic curves (ECs) over a prime field Fp using the Complex Multiplication (CM) method. A crucial step of this method is to compute the roots of a special type of class field polynomials with the most commonly used being the Hilbert and Weber ones, uniquely determined by the CM discriminant D. In attempting to construct prime order ECs using Weber polynomials two difficulties arise (in addition to the necessary transformations of the roots of such polynomials to those of their Hilbert counterparts). The first one is that the requirement of prime order necessitates that D ≡ 3 (mod 8), which gives Weber polynomials with degree three times larger than the degree of their corresponding Hilbert polynomials (a fact that could affect efficiency). The second difficulty is that these Weber polynomials do not have roots in Fp. In this paper we show how to overcome the above difficulties and provide efficient methods for generating ECs of prime order supported by a thorough experimental study. In particular,
Compressing and Disguising Elements in Discrete Logarithm Cryptography
, 2008
"... In the modern world, the ubiquity of digital communication is driven by the constantly evolving world of cryptography. Consequently one must efficiently implement asymmetric cryptography in environments which have limited resources at their disposal, such as smart–cards, ID cards, vehicular microchi ..."
Abstract
 Add to MetaCart
(Show Context)
In the modern world, the ubiquity of digital communication is driven by the constantly evolving world of cryptography. Consequently one must efficiently implement asymmetric cryptography in environments which have limited resources at their disposal, such as smart–cards, ID cards, vehicular microchips and many more. It is the primary purpose of this thesis to investigate methods for reducing the bandwidth required by these devices. Part I of this thesis considers compression techniques for elliptic curve cryptography (ECC). We begin this by analysing how much data is actually required to establish domain parameters for ECC. Following the widely used cryptographic standards (for example: SEC 1), we show that naïvely implemented systems use extensively more data than is actually required and suggest a flexible and compact way to better implement these. This is especially of use in a multi–curve environment. We then investigate methods for reducing the inherent redundancy in the point representation of Koblitz systems; a by–product of the best known Pollard–ρ based attacks by Wiener & Zuccherato and Gallant, Lambert & Vanstone. We present methods which allow such systems to operate (with a high confidence) as efficiently as generic ones whilst maintaining all of their com
A DISCRETE LOGARITHM ATTACK ON ELLIPTIC CURVES
"... ABSTRACT. We give an improved index calculus attack for a large class of elliptic curves. Our algorithm works by efficiently transferring the group structure of an elliptic curve to a weaker group. The running time of our attack poses a significant and realistic threat to the security of the ellipti ..."
Abstract
 Add to MetaCart
(Show Context)
ABSTRACT. We give an improved index calculus attack for a large class of elliptic curves. Our algorithm works by efficiently transferring the group structure of an elliptic curve to a weaker group. The running time of our attack poses a significant and realistic threat to the security of the elliptic curves in this class. As a consequence of our construction, we will also derive entirely new point counting algorithms. These algorithms set new runtime complexity records. We discuss implementations of these algorithms and give examples. 1.
Divisibility, Smoothness and Cryptographic Applications
, 2008
"... This paper deals with products of moderatesize primes, familiarly known as smooth numbers. Smooth numbers play an crucial role in information theory, signal processing and cryptography. We present various properties of smooth numbers relating to their enumeration, distribution and occurrence in var ..."
Abstract
 Add to MetaCart
(Show Context)
This paper deals with products of moderatesize primes, familiarly known as smooth numbers. Smooth numbers play an crucial role in information theory, signal processing and cryptography. We present various properties of smooth numbers relating to their enumeration, distribution and occurrence in various integer sequences. We then turn our attention to cryptographic applications in which smooth numbers play a pivotal role. 1 1
COUNTING THE POINTS OF AN ELLIPTIC CURVE ON A LOWMEMORY DEVICE
"... Abstract. An important but very memory consuming step in elliptic curve cryptography is that of coming up with an elliptic curve where the number of rational points has a large prime factor. This note describes how the Schoof– Elkies–Atkin algorithm can be carried out to count the number of points o ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. An important but very memory consuming step in elliptic curve cryptography is that of coming up with an elliptic curve where the number of rational points has a large prime factor. This note describes how the Schoof– Elkies–Atkin algorithm can be carried out to count the number of points on a given elliptic curve over a (large) prime finite field using little memory. For field sizes between 160 and 256 bits, the process requires between 15 and 50 kilobytes of memory. This will allow for a more complete implementation of elliptic curve cryptography on smart cards and other lowmemory devices. 1.