277 research outputs found
Algorithms and cryptographic protocols using elliptic curves
En els darrers anys, la criptografia amb corbes el.lĂptiques ha
adquirit una importĂ ncia creixent, fins a arribar a formar part en
la actualitat de diferents estĂ ndards industrials. Tot i que s'han
dissenyat variants amb corbes el.lĂptiques de criptosistemes
clà ssics, com el RSA, el seu mà xim interès rau en la seva
aplicaciĂł en criptosistemes basats en el Problema del Logaritme
Discret, com els de tipus ElGamal. En aquest cas, els
criptosistemes el.lĂptics garanteixen la mateixa seguretat que els
construïts sobre el grup multiplicatiu d'un cos finit primer, però
amb longituds de clau molt menor.
Mostrarem, doncs, les bones propietats d'aquests criptosistemes,
aixĂ com els requeriments bĂ sics per a que una corba
sigui criptogrĂ ficament Ăştil, estretament relacionat amb la seva
cardinalitat. Revisarem alguns mètodes que permetin descartar
corbes no criptogrĂ ficament Ăştils, aixĂ com altres que permetin
obtenir corbes bones a partir d'una de donada. Finalment,
descriurem algunes aplicacions, com sĂłn el seu Ăşs en Targes
Intel.ligents i sistemes RFID, per concloure amb alguns avenços
recents en aquest camp.The relevance of elliptic curve cryptography has grown in recent
years, and today represents a cornerstone in many industrial
standards. Although elliptic curve variants of classical
cryptosystems such as RSA exist, the full potential of elliptic
curve cryptography is displayed in cryptosystems based on the
Discrete Logarithm Problem, such as ElGamal. For these, elliptic
curve cryptosystems guarantee the same security levels as their
finite field analogues, with the additional advantage of using
significantly smaller key sizes.
In this report we show the positive properties of elliptic curve
cryptosystems, and the requirements a curve must meet to be
useful in this context, closely related to the number of points.
We survey methods to discard cryptographically uninteresting
curves as well as methods to obtain other useful curves from
a given one. We then describe some real world applications
such as Smart Cards and RFID systems and conclude with a
snapshot of recent developments in the field
Computing Hilbert class polynomials with the Chinese Remainder Theorem
We present a space-efficient algorithm to compute the Hilbert class
polynomial H_D(X) modulo a positive integer P, based on an explicit form of the
Chinese Remainder Theorem. Under the Generalized Riemann Hypothesis, the
algorithm uses O(|D|^(1/2+o(1))log P) space and has an expected running time of
O(|D|^(1+o(1)). We describe practical optimizations that allow us to handle
larger discriminants than other methods, with |D| as large as 10^13 and h(D) up
to 10^6. We apply these results to construct pairing-friendly elliptic curves
of prime order, using the CM method.Comment: 37 pages, corrected a typo that misstated the heuristic complexit
Pairing the Volcano
Isogeny volcanoes are graphs whose vertices are elliptic curves and whose
edges are -isogenies. Algorithms allowing to travel on these graphs were
developed by Kohel in his thesis (1996) and later on, by Fouquet and Morain
(2001). However, up to now, no method was known, to predict, before taking a
step on the volcano, the direction of this step. Hence, in Kohel's and
Fouquet-Morain algorithms, many steps are taken before choosing the right
direction. In particular, ascending or horizontal isogenies are usually found
using a trial-and-error approach. In this paper, we propose an alternative
method that efficiently finds all points of order such that the
subgroup generated by is the kernel of an horizontal or an ascending
isogeny. In many cases, our method is faster than previous methods. This is an
extended version of a paper published in the proceedings of ANTS 2010. In
addition, we treat the case of 2-isogeny volcanoes and we derive from the group
structure of the curve and the pairing a new invariant of the endomorphism
class of an elliptic curve. Our benchmarks show that the resulting algorithm
for endomorphism ring computation is faster than Kohel's method for computing
the -adic valuation of the conductor of the endomorphism ring for small
Efficient supersingularity testing over F_p and CSIDH key validation
International audienceMany public-key cryptographic protocols, notably non-interactive key exchange (NIKE), require incoming public keys to be validated to mitigate some adaptive attacks. In CSIDH, an isogeny-based post-quantum NIKE, a key is deemed legitimate if the given Montgomery coefficient specifies a supersingular elliptic curve over the prime field. In this work, we survey the current supersingularity tests used for CSIDH key validation, and implement and measure two new alternative algorithms. Our implementation shows that we can determine supersingularity substantially faster, and using less memory, than the state-of-the-art
Survey for Performance & Security Problems of Passive Side-channel Attacks Countermeasures in ECC
The main objective of the Internet of Things is to interconnect everything around us to obtain information which was unavailable to us before, thus enabling us to make better decisions. This interconnection of things involves security issues for any Internet of Things key technology. Here we focus on elliptic curve cryptography (ECC) for embedded devices, which offers a high degree of security, compared to other encryption mechanisms. However, ECC also has security issues, such as Side-Channel Attacks (SCA), which are a growing threat in the implementation of cryptographic devices. This paper analyze the state-of-the-art of several proposals of algorithmic countermeasures to prevent passive SCA on ECC defined over prime fields. This work evaluates the trade-offs between security and the performance of side-channel attack countermeasures for scalar multiplication algorithms without pre-computation, i.e. for variable base point.
Although a number of results are required to study the state-of-the-art of side-channel attack in elliptic curve cryptosystems, the interest of this work is to present explicit solutions that may be used for the future implementation of security mechanisms suitable for embedded devices applied to Internet of Things. In addition security problems for the countermeasures are also analyzed
Keberkesanan program simulasi penapis sambutan dedenyut terhingga (FIR) terhadap kefahaman pelajar kejuruteraan elektrik
Kefahaman merupakan aset bagi setiap pelajar. Ini kerana melalui
kefahaman pelajar dapat mengaplikasikan konsep yang dipelajari di dalam dan di
luar kelas. Kajian ini dijalankan bertujuan menilai keberkesanan program simulasi
penapis sambutan dedenyut terhingga (FIR) terhadap kefahaman pelajar kejuruteraan
elektrik FKEE, UTHM dalam mata pelajaran Pemprosesan Isyarat Digital (DSP)
bagi topik penapis FIR. Metodologi kajian ini berbentuk kaedah reka bentuk kuasi�eksperimental ujian pra-pasca bagi kumpulan-kumpulan tidak seimbang. Seramai 40
responden kajian telah dipilih dan dibahagi secara rawak kepada dua kllmpulan iaitu
kumpulan rawatan yang menggunakan program simulasi penapis FIR dan kumpulan
kawalan yang menggunakan kaedah pembelajaran berorientasikan modul
pembelajaran DSP UTHM. Setiap responden menduduki dua ujian pencapaian iaitu
ujian pra dan ujian pasca yang berbentuk kuiz. Analisis data berbentuk deskriptif
dan inferens dilakllkan dengan menggunakan Peri sian Statistical Package for Social
Science (SPSS) versi 11.0. Dapatan kajian menunjukkan kedua-dua kumpulan
pelajar telah mengalami peningkatan dari segi kefahaman iaitu daripada tahap tidak
memuaskan kepada tahap kepujian selepas menggunakan kaedah pembelajaran yang
telah ditetapkan bagi kumpulan masing-masing. Walaubagaimanapun, pelajar
kumpulan rawatan menunjukkan peningkatan yang lebih tinggi sedikit berbanding
pelajar kumpulan kawalan. Namun begitu, dapatan kajian secara ujian statistik
menunjukkan tidak terdapat perbezaan yang signifikan dari segi pencapaian markah
ujian pasca di antara pelajar kumpulan rawatan dengan pelajar kumpulan kawalan.
Sungguhpun begitu, penggunaan program simulasi penapis FIR telah membantu
dalam peningkatan kefahaman pelajar mengenai topik penapis FIR
On the effectiveness of isogeny walks for extending cover attacks on elliptic curves
Cryptographic systems based on the elliptic curve discrete logarithm problem (ECDLP) are widely deployed in the world today. In order for such a system to guarantee a particular security level, the elliptic curve selected must be such that it avoids a number of well-known attacks. Beyond this, one also needs to be wary of attacks whose reach can be extended via the use of isogenies. It is an open problem as to whether there exists a field for which the isogeny walk strategy can render all elliptic curves unsuitable for cryptographic use.
This thesis provides a survey of the theory of elliptic curves from a cryptographic perspective and overviews a few of the well-known algorithms for computing elliptic curve discrete logarithms. We perform some experimental verification for the assumptions used in the analysis of the isogeny walk strategy for extending Weil descent-type cover attacks, and explore its applicability to elliptic curves of cryptographic size. In particular, we demonstrate for the first time that the field F_2^{150} is partially weak for elliptic curve cryptography
Surveying Position Based Routing Protocols for Wireless Sensor and Ad-hoc Networks
A focus of the scientific community is to design network oriented position-based routing protocols and this has resulted in a very high number of algorithms, different in approach and performance and each suited only to particular applications. However, though numerous, very few position-based algorithms have actually been adopted for commercial purposes. This article is a survey of almost 50 position-based routing protocols and it comes as an aid in the implementation of this type of routing in various applications which may need to consider the advantages and pitfalls of position-based routing. An emphasis is made on geographic routing, whose notion is clarified as a more restrictive and more efficient type of position-based routing. The protocols are therefore divided into geographic and non-geographic routing protocols and each is characterized according to a number of network design issues and presented in a comparative manner from multiple points of view. The main requirements of current general applications are also studied and, depending on these, the survey proposes a number of protocols for use in particular application areas. This aims to help both researchers and potential users assess and choose the protocol best suited to their interest
- …