14 research outputs found
Lazy Random Walk Efficient for Pollard’s Rho Method Attacking on G3 over Barreto-Naehrig Curve (Corrected)
Pairing–based cryptosystems are well implemented with Ate–type pairing over Barreto–Naehrig (BN)
curve. Then, for instance, their securities depend on the difficulty of Discrete Logarithm Problem (DLP)
on the so–denoted G3 over BN curve. This paper, in order to faster solve the DLP, first proposes to
utilize Gauss period Normal Basis (GNB) for Pollard’s rho method, and then considers to accelerate the
solving by an adoption of lazy random walk, namely tag tracing technique proposed by Cheon et al
Computing Discrete Logarithms in the Jacobian of High-Genus Hyperelliptic Curves over Even Characteristic Finite Fields
We describe improved versions of index-calculus algorithms for solving discrete logarithm problems in Jacobians of high-genus hyperelliptic curves defined over even characteristic fields. Our first improvement is to incorporate several ideas for the low-genus case by Gaudry and Theriault, including the large prime variant and using a smaller factor base, into the large-genus algorithm of Enge and Gaudry. We extend the analysis in [24] to our new algorithm, allowing us to predict accurately the number of random walk steps required to find all relations, and to select optimal degree bounds for the factor base. Our second improvement is the adaptation of sieving techniques from Flassenberg and Paulus, and Jacobson to our setting. The new algorithms are applied to concrete problem instances arising from the Weil descent attack methodology for solving the elliptic curve discrete logarithm problem, demonstrating significant improvements in practice
Factoring by electronic mail
Describes a distributed implementation of two factoring algorithms, the elliptic curve method (ECM) and the multiple polynomial quadratic sieve algorithm (MPQS). The authors' ECM-implementation on a network of DEC MicroVAX processors has factored several numbers from the Cunningham project. The authors have also implemented the multiple polynomial quadratic sieve algorithm on the same network. On this network alone, they are now able to factor any 100 digit integer, or to find 35 digit factors of numbers up to 150 digits long within one month. To allow an even wider distribution of their programs they made use of electronic mail networks for the distribution of the programs and for inter-processor communication. Even during the initial stage of this experiment, machines all over the United States and at various places in Europe and Australia contributed 15 percent of the total factorization effort. At all the sites where the program is running, the authors only use cycles that would otherwise have been idle. This shows that the enormous computational task of factoring 100 digit integers with the current algorithms can be completed almost for free. Since they use a negligible fraction of the idle cycles of all the machines on the worldwide electronic mail networks, the authors could factor 100 digit integers within a few days with a little more hel
Theoretical and practical efficiency aspects in cryptography
EThOS - Electronic Theses Online ServiceGBUnited Kingdo
The zheng-seberry public key cryptosystem and signcryption
In 1993 Zheng-Seberry presented a public key cryptosystem that was considered efficient and secure in the sense of indistinguishability of encryptions (IND) against an adaptively chosen ciphertext adversary (CCA2). This thesis shows the Zheng-Seberry scheme is not secure as a CCA2 adversary can break the scheme in the sense of IND. In 1998 Cramer-Shoup presented a scheme that was secure against an IND-CCA2 adversary and whose proof relied only on standard assumptions. This thesis modifies this proof and applies it to a modified version of the El-Gamal scheme. This resulted in a provably secure scheme relying on the Random Oracle (RO) model, which is more efficient than the original Cramer-Shoup scheme. Although the RO model assumption is needed for security of this new El-Gamal variant, it only relies on it in a minimal way