scispace - formally typeset
Search or ask a question

Generalized Mersenne Numbers in Pairing-Based Cryptography

01 Jan 2006-
TL;DR: The author’s home country, the United States, and some of the characters from the film adaptation are fictitious.
Abstract: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Chapter

Content maybe subject to copyright    Report

Citations
More filters
References
More filters
Journal ArticleDOI
TL;DR: The variation of the running time with the set of ``jumps'' of the kangaroos is explored, and it is confirmed that powers of two are a good choice (the authors do not claim they are the best choice).
Abstract: The kangaroo method computes a discrete logarithm in an arbitrary cyclic group, given that the value is known to lie in a certain interval. A parallel version has been given by van Oorschot and Wiener with ``linear speed-up''. We improve the analysis of the running time, both for serial and parallel computers. We explore the variation of the running time with the set of ``jumps'' of the kangaroos, and confirm that powers of two are a good choice (we do not claim they are the best choice). We illustrate the theory with some calculations of interest to Monopoly players, and the method itself with a card trick due to Kruskal.

145 citations

Journal ArticleDOI
TL;DR: Results show that OEFs when used with the new inversion and multiplication algorithms provide a substantial performance increase over other reported methods.
Abstract: This contribution focuses on a class of Galois field used to achieve fast finite field arithmetic which we call an Optimal Extension Field (OEF), first introduced in [3]. We extend this work by presenting an adaptation of Itoh and Tsujii's algorithm for finite field inversion applied to OEFs. In particular, we use the facts that the action of the Frobenius map in GF (pm) can be computed with only m-1 subfield multiplications and that inverses in GF (p) may be computed cheaply using known techniques. As a result, we show that one extension field inversion can be computed with a logarithmic number of extension field multiplications. In addition, we provide new extension field multiplication formulas which give a performance increase. Further, we provide an OEF construction algorithm together with tables of Type I and Type II OEFs along with statistics on the number of pseudo-Mersenne primes and OEFs. We apply this new work to provide implementation results using these methods to construct elliptic curve cryptosystems on both DEC Alpha workstations and Pentium-class PCs. These results show that OEFs when used with our new inversion and multiplication algorithms provide a substantial performance increase over other reported methods.

142 citations

Posted Content
TL;DR: In this article, the authors consider the structure of rational points on elliptic curves in Weierstrass form and show that for a fixed power greater than 1, there are only finitely many rational points.
Abstract: We consider the structure of rational points on elliptic curves in Weierstrass form. Let x(P)=A_P/B_P^2 denote the $x$-coordinate of the rational point P then we consider when B_P can be a prime power. Using Faltings' Theorem we show that for a fixed power greater than 1, there are only finitely many rational points. Where descent via an isogeny is possible we show, with no restrictions on the power, that there are only finitely many rational points, these points are bounded in number in an explicit fashion, and that they are effectively computable.

137 citations

Book ChapterDOI
06 May 1994
TL;DR: An heuristic analysis shows that there exists a ce ℜ>0 such that the function field sieve computes discrete logarithms within random time.
Abstract: The fastest method known for factoring integers is the ‘number field sieve’. An analogous method over function fields is developed, the ‘function field sieve’, and applied to calculating discrete logarithms over GF(pn). An heuristic analysis shows that there exists a ce ℜ>0 such that the function field sieve computes discrete logarithms within random time: L p n [1/3, c] when log(p) ≤ n9(n) where g is any function such that g: N → ℜ >0 <.98 approaches zero as n → ∞.

135 citations

Book ChapterDOI
09 Dec 2001
TL;DR: This paper discusses matching public key sizes for RSA and the ElGamal family of protocols and both traditional multiplicative groups of finite fields and elliptic curve groups are considered.
Abstract: The Advanced Encryption Standard (AES) provides three levels of security: 128, 192, and 256 bits. Given a desired level of security for the AES, this paper discusses matching public key sizes for RSA and the ElGamal family of protocols. For the latter both traditional multiplicative groups of finite fields and elliptic curve groups are considered. The practicality of the resulting systems is commented upon. Despite the conclusions, this paper should not be interpreted as an endorsement of any particular public key system in favor of any other.

135 citations