In this paper, discrete log-based public-key cryptography is explored. Specifically, we first examine the Discrete Log Problem over a general cyclic group and algorithms that attempt to solve it. This leads us to an investigation of the security of cryptosystems based over certain specific cyclic groups: Fp, Fp , and the cyclic subgroup generated by a point on an elliptic curve; we ultimately s...

We construct new families of elliptic curves over Fp2 with efficiently computable endomorphisms, which can be used to accelerate elliptic curvebased cryptosystems in the sameway asGallant–Lambert–Vanstone (GLV) and Galbraith–Lin–Scott (GLS) endomorphisms. Our construction is based on reducingQ-curves—curves over quadratic number fields without complex multiplication, butwith isogenies to their ...

We construct new families of elliptic curves over Fp2 with efficiently computable endomorphisms, which can be used to accelerate elliptic curvebased cryptosystems in the same way as Gallant–Lambert–Vanstone (GLV) and Galbraith–Lin–Scott (GLS) endomorphisms. Our construction is based on reducing Q-curves—curves over quadratic number fields without complex multiplication, but with isogenies to th...

Elliptic Curve Cryptography (ECC) can be used as a tool for encrypting data, creating digital signatures or performing key exchanges. Regarding the encryption procedure, the schemes currently used are known as hybrid cryptosystems, as they use both symmetric and asymmetric techniques. Among those hybrid cryptosystems based on ECC, the Elliptic Curve Integrated Encryption Scheme (ECIES) is the b...

Hoffstein and Silverman suggested a use of Low Hamming Weight Product (LHWP) to compute a random power in a group or a multiple of an element in a ring. It reduces the computation of powers in a group with fast endomorphisms such as the Galois field F2n and Koblitz elliptic curves. In this paper, we introduce a reduced representation of LHWP and apply them to attack the relevant cryptosystems.

Pairing-based cryptosystems have been developing very fast in the last few years. As the key primitive, pairing is also the heaviest operation in these systems. The performance of pairing affects the application of the schemes in practice. In this report, we summarise the formulas of the Tate pairing operation on elliptic curves in different coordinate systems and describe a few observations of...

The Weil and Tate pairings have found several new applications in cryptography. To eÆciently implement these cryptosystems it is necessary to optimise the computation time for the Tate pairing. This paper provides methods to achieve fast computation of the Tate pairing. We also give division-free formulae for point tripling on a family of elliptic curves in characteristic three. Examples of the...

As Elliptic Curve Cryptosystems are becoming more and more popular and are included in many standards, an increasing demand has appeared for secure implementations that are not vulnerable to sidechannel attacks. To achieve this goal, several generic countermeasures against Power Analysis have been proposed in recent years. In particular, to protect the basic scalar multiplication – on an ellipt...

The paper gives a formula for the probability that a randomly chosen elliptic curve over a nite eld has a prime number of points. Two heuristic arguments in support of the formula are given as well as experimental evidence. The paper also gives a formula for the probability that a randomly chosen elliptic curve over a nite eld has kq points where k is a small number and where q is a prime. 1. I...

It is known that the security of Public Key Cryptosystems can be based on Vector Decomposition Problem (VDP). In this paper, we analyze this problem. In practice, it was shown that the Computational DiffieHellmann Problem (CDHP) is equivalent to VDP for supersingular elliptic curves. Moreover, VDP on a higher genus curve is hard if CDHP is hard on its one dimensional subspace. We propose an enc...