The probability that the number of points on an elliptic curve over a finite field is prime

. The paper gives a formula for the probability that a randomly chosen elliptic curve over a finite field has a prime number of points. Two heuristic arguments in support of the formula are given as well as experimental evidence. The paper also gives a formula for the probability that a randomly chosen elliptic curve over a finite field has kq points where k is a small number and where q is a prime. 1. Introduction Cryptographic and computational applications have recently motivated the study of several questions in the theory of elliptic curves over finite fields. For instance, the analysis of the elliptic curve factoring method leads to estimates ([7], [8]) for the probability that the number of points on an elliptic curve is smooth. In this paper, motivated by the use of elliptic curves in public key cryptosystems, we consider the "opposite" problem. More specifically, we ask the question: What is the probability that a randomly chosen elliptic curve over F p has kq points, where ..

Square Span Programs with Applications to Succinct NIZK Arguments

We use SSPs to construct succinct non-interactive zero-knowledge arguments of knowledge. For performance, our proof system is defined over Type III bilinear groups; proofs consist of just 4 group elements, verified in just 6 pairings. Concretely, using the Pinocchio libraries, we estimate that proofs will consist of 160 bytes verified in less than 6 ms

Efficient Doubling on Genus Two Curves over Binary Fields

In most algorithms involving elliptic and hyperelliptic curves, the costliest part consists in computing multiples of ideal classes. This paper investigates how to compute faster doubling over fields of characteristic two. We derive explicit doubling formulae making strong use of the defining equation of the curve. We analyze how many field operations are needed depending on the curve making clear how much generality one loses by the respective choices. Note, that none of the proposed types is known to be weak – one only could be suspicious because of the more special types. Our results allow to choose curves from a large enough variety which have extremely fast doubling needing only half the time of an addition. Combined with a sliding window method this leads to fast computation of scalar multiples. We also speed up the general case

Counting Points on Genus 2 Curves with Real Multiplication

We present an accelerated Schoof-type point-counting algorithm for curves of genus 2 equipped with an efficiently computable real multiplication endomorphism. Our new algorithm reduces the complexity of genus 2 point counting over a finite field (\F_{q}) of large characteristic from (\widetilde{O}(\log^8 q)) to (\widetilde{O}(\log^5 q)). Using our algorithm we compute a 256-bit prime-order Jacobian, suitable for cryptographic applications, and also the order of a 1024-bit Jacobian

The elliptic curve discrete logarithm problem and equivalent hard problems for elliptic divisibility sequences

We define three hard problems in the theory of elliptic divisibility sequences (EDS Association, EDS Residue and EDS Discrete Log), each of which is solvable in sub-exponential time if and only if the elliptic curve discrete logarithm problem is solvable in sub-exponential time. We also relate the problem of EDS Association to the Tate pairing and the MOV, Frey-R\"{u}ck and Shipsey EDS attacks on the elliptic curve discrete logarithm problem in the cases where these apply.Comment: 18 pages; revised version includes some small mathematical corrections, reformatte

Cryptanalysis of MORUS

Item does not contain fulltextAdvances in Cryptology - ASIACRYPT 2018 - 24th International Conference on the Theory and Application of Cryptology and Information Security, Brisbane, QLD, Australia, December 2-

Tomato: a crop species amenable to improvement by cellular and molecular methods

Tomato is a crop plant with a relatively small DNA content per haploid genome and a well developed genetics. Plant regeneration from explants and protoplasts is feasable which led to the development of efficient transformation procedures. In view of the current data, the isolation of useful mutants at the cellular level probably will be of limited value in the genetic improvement of tomato. Protoplast fusion may lead to novel combinations of organelle and nuclear DNA (cybrids), whereas this technique also provides a means of introducing genetic information from alien species into tomato. Important developments have come from molecular approaches. Following the construction of an RFLP map, these RFLP markers can be used in tomato to tag quantitative traits bred in from related species. Both RFLP's and transposons are in the process of being used to clone desired genes for which no gene products are known. Cloned genes can be introduced and potentially improve specific properties of tomato especially those controlled by single genes. Recent results suggest that, in principle, phenotypic mutants can be created for cloned and characterized genes and will prove their value in further improving the cultivated tomato.