A faster pseudo-primality test

We propose a pseudo-primality test using cyclic extensions of $\mathbb Z/n \mathbb Z$. For every positive integer $k \leq \log n$, this test achieves the security of $k$ Miller-Rabin tests at the cost of $k^{1/2+o(1)}$ Miller-Rabin tests.Comment: Published in Rendiconti del Circolo Matematico di Palermo Journal, Springe

Fast construction of irreducible polynomials over finite fields

International audienceWe present a randomized algorithm that on input a finite field $K$ with $q$ elements and a positive integer $d$ outputs a degree $d$ irreducible polynomial in $K[x]$. The running time is $d^{1+o(1)} \times (\log q)^{5+o(1)}$ elementary operations. The $o(1)$ in $d^{1+o(1)}$ is a function of $d$ that tends to zero when $d$ tends to infinity. And the $o(1)$ in $(\log q)^{5+o(1)}$ is a function of $q$ that tends to zero when $q$ tends to infinity. In particular, the complexity is quasi-linear in the degree $d$

Algorithms For Computing Isogenies Between Elliptic Curves

. The efficient implementation of Schoof's algorithm for computing the cardinality of elliptic curves over finite fields requires the computation of isogenies between elliptic curves. We make a survey of algorithms used for accomplishing this task. When the characteristic of the field is large, Weierstrass's functions can be used. When the characteristic of the field is small, we now have three algorithms at our disposal, two due to Couveignes and one to the first author. We treat the same example using these three algorithms and make some comparisons between them. 1. Introduction The motivation for this article is the so-called Schoof-Elkies-Atkin algorithm that computes the cardinality of an elliptic curve over any finite field. The improvements due to Elkies and Atkin require the ability to compute isogenies of prime degree ` between elliptic curves. The first method for doing this uses the Weierstrass's parametrization of elliptic curves and cannot work when the characteristic p ..

A Memory Efficient Version of Satoh’s Algorithm

Abstract. In this paper we present an algorithm for counting points on elliptic curves over a finite field Fpn of small characteristic, based on Satoh’s algorithm. The memory requirement of our algorithm is O(n 2), where Satoh’s original algorithm needs O(n 3) memory. Furthermore, our version has the same run time complexity of O(n 3+ε) bit operations, but is faster by a constant factor. We give a detailed description of the algorithm in characteristic 2 and show that the amount of memory needed for the generation of a secure 200-bit elliptic curve is within the range of current smart card technology. Keywords: elliptic curve, finite field, order counting, Satoh’s algorithm

Optimizing the Menezes-Okamoto-Vanstone (MOV) Algorithm for Non-Supersingular Elliptic Curves

. We address the Menezes-Okamoto-Vanstone (MOV) algorithm for attacking elliptic curve cryptosystems which is completed in subexponential time for supersingular elliptic curves. There exist two hurdles to clear, from an algorithmic point of view, in applying the MOV reduction to general elliptic curves: the problem of explicitly determining the minimum extension degree k such that E[n] E(F q^k) and that of efficiently finding an n-torsion point needed to evaluate the Weil pairing, where n is the order of a cyclic group of the elliptic curve discrete logarithm problem. We can find an answer to the first problem in a recent paper by Balasubramanian and Koblitz. On the other hand, the second problem is important as well, since the reduction might require exponential time even for small k. In this paper, we actually construct a method of efficiently finding an n-torsion point, which leads to a solution of the second problem. In addition, our contribution allows us to draw the conclusion that the ..

Robotics and computer-integrated manufacturing : an international journal

A prohibitive barrier faced by elliptic curve users is the difficulty of computing the curves' cardinalities. Despite recent theoretical breakthroughs, point counting still remains very cumbersome and intensively time consuming. In thi