Abstract not found

We show how the discrete logarithm problem in some finite cyclic groups can easily be reduced to the discrete logarithm problem in a finite field. The cyclic groups that we consider are the set of points on a singular elliptic curve over a finite field, the set of points on a genus 0 curve over a finite field given by the Pell equation, and certain subgroups of the general linear group.

Abstract. Using a recent idea of Gaudry and exploiting rational representations of algebraic tori, we present an index calculus type algorithm for solving the discrete logarithm problem that works directly in these groups. Using a prototype implementation, we obtain practical upper bounds for the difficulty of solving the DLP in the tori T2(Fpm)and T6(Fpm) for various p and m. Our results do not affect the security of the cryptosystems LUC, XTR, or CEILIDH over prime fields. However, the practical efficiency of our method against other methods needs further examining, for certain choices of p and m in regions of cryptographic interest. 1

Abstract not found

Recently, numerous techniques and methods have been proposed to address hard and complex algebraic and number theoretical problems related to cryptography.

Finite fields play an important role for many applications (e.g. coding theory, cryptography). There are different ways to construct a finite field for a given prime power. The paper describes the different constructions implemented in AXIOM. These are polynomial basis representation, cyclic group representation, and normal basis representation. Furthermore, the concept of the implementation, the used algorithms and the various datatype coercions between these representations are discussed. Address of authors: Vangerowstr. 18, Postfach 10 30 68, D-6900 Heidelberg, Germany, email: grabm@dhdibm1.bitnet resp. adscheer@dhdibm1.bitnet Contents 1 Introduction 4 2 Basic theory and notations 5 3 Categories for finite field domains 7 4 General finite field functions 8 4.1 E as an algebra of rank n over F : : : : : : : : : : : : : : : : : : 8 4.2 The F [X]-module structure of E : : : : : : : : : : : : : : : : : : 10 4.3 The cyclic group E : : : : : : : : : : : : : : : : : : : : : : : : ...

Practically all knapsack public key cryptosystems have been broken in the last few years, and so essentially the only public key cryptosystems that still have some credibility and are widely known are those whose security depends on the difficulty of factoring integers (the RSA scheme and its variants) and those whose security depends on the difficulty of computing discrete logarithms in finite fields. Therefore, the computational complexity of these two problems is of great interest. At the time of the workshop, one aspect of the then-current state of knowledge on these two fundamental problems seemed to be highly unsatisfactory. This was the fact that all of the fast algorithms for discrete logarithms and all but one of the fast algorithims for factoring integers had running time estimates that depended on the efficiency with which matrices could be inverted. These algorithms require the solution of a system of linear equations of the form Ax = y, (1) where A is a matrix of size m by n, x and y are column vectors of lengths m and n, respectively, and m is close to n. The interesting ranges of values for n are between 10 3 and 10 7. Ordinary gaussian elimination requires that about n 3 steps for the solution of (1). Strassen’s algorithm, which might be practical for large n, takes about n log 2 7 = n 2. 807... steps. The best general purpose algorithm that is known, due to

Abstract — With the widespread use of mobile devices, the privacy of mobile location information becomes an important issue. In this paper, we present the requirements on protecting mobile privacy in wireless networks, and identify the privacy weakness of the third generation partnership project- authentication and key agreement (3GPP-AKA) by showing a practical attack to it. We then propose a scheme that meets these requirements, and this scheme does not introduce security vulnerability to the underlying authentication scheme. Another feature of the proposed scheme is that on each use of wireless channel, it uses a one-time alias to conceal the real identity of the mobile station with respect to both eavesdroppers and visited (honest or false) location registers. Moreover, the proposed scheme achieves this goal of identity concealment without sacrificing authentication efficiency. Index Terms — mobile privacy, mobile authentication, user untraceability, one-time alias, 3GPP-AKA, elliptic curve cryptosystems. I.

Given a finite field F q of order q, and g a primitive element of F q , the discrete logarithm base g of an arbitrary, non-zero y 2 F q is that integer x, 0 x q \Gamma 2, such that g x = y in F q . The security of many real-world cryptographic schemes depends on the difficulty of computing discrete logarithms in large finite fields. This thesis is a survey of the discrete logarithm problem in finite fields, including: some cryptographic applications (password authentication, the Diffie-Hellman key exchange, and the ElGamal public-key cryptosystem and digital signature scheme); Niederreiter's proof of explicit formulas for the discrete logarithm; and algorithms for computing discrete logarithms (especially Shank's algorithm, Pollard's ae-method, the Pohlig-Hellman algorithm, Coppersmith's algorithm in fields of order 2 n , and the Gaussian integers method for fields of prime order). This abstract accurately represents the content of the candidate's thesis. I recommend its publicat...

Introduction. Let F q [X] be the semigroup of monic polynomials f over a finite field F q having q elements. There exists a fairly extensive bibliography of papers dealing with the value distribution problems of various maps F q [X] ! R when the polynomials f are taken "at random". Usually, the probability measure n (: : : ) := q \Gamman #ff : ffif = n; : : : g; where ffif := deg f , is applied. We mention here the investigations [1], [5], [7--13], [17--20], [25]. On the other hand, there exists a parallel theory investigating the value distribution of the maps Sn ! R, where Sn denotes the symmetric group of order n, when a permutation oe 2 Sn is taken with the equal probability 1=n! (see, for instance, [3], [6], [10], [12], [14], [21], [23], [26]). Observe that despite the fact that the same analytic or probabilistic methods can be applied, the problems arising in these two theories have been considered separately. To demonstrate a new point of view, we quote a corollary