Close to Uniform Prime Number Generation With Fewer Random Bits

In this paper, we analyze several variants of a simple method for generating prime numbers with fewer random bits. To generate a prime $p$ less than $x$, the basic idea is to fix a constant $q\propto x^{1-\varepsilon}$, pick a uniformly random $a<q$ coprime to $q$, and choose $p$ of the form $a+t\cdot q$, where only $t$ is updated if the primality test fails. We prove that variants of this approach provide prime generation algorithms requiring few random bits and whose output distribution is close to uniform, under less and less expensive assumptions: first a relatively strong conjecture by H.L. Montgomery, made precise by Friedlander and Granville; then the Extended Riemann Hypothesis; and finally fully unconditionally using the Barban-Davenport-Halberstam theorem. We argue that this approach has a number of desirable properties compared to previous algorithms.Comment: Full version of ICALP 2014 paper. Alternate version of IACR ePrint Report 2011/48

PEKE, Probabilistic Encryption Key Exchange, 10 Years Later, Including the PEKEv1.25 Specifications

This document revisits the PEKE (Probabilistic Encryption Key Exchange) cryptosystem and proposes the enhanced PEKEv1.25 that performs a hash computation on the original PEKE output in order to improve the security assurance and to broaden the field of use. For a key establishment application where only the server side publishes a long-term public key and can adequately protect the private key counterpart from implementation attacks, we claim that PEKE is unsurpassed in security and efficiency, among the finite field arithmetic cryptosystems (e.g. RSA and finite field Diffie-Hellman). We use an original definition for the type of key encapsulation service provided by PEKE, hoping that this abstract definition captures the characteristics of the protocol and usage context. However, we only suggest that related security proofs are encouraging for the security of PEKE

Point Counting On Genus 2 Curves

For cryptographic purposes, counting points on the jacobian variety of a given hyperelliptic curve is of great importance. There has been several approaches to obtain the cardinality of such a group, specially for hyperelliptic curves of genus 2. The best known algorithm for counting points on genus 2 curves over prime fields of large characteristic is a variant of Schoof’s genus 1 algorithm. Following a recent work of Gaudry and Schost, we show how to speed up the current state of the art genus 2 point counting algorithm by proposing various computational improvements to its basic arithmetical ingredients