Results 1  10
of
1,206
Efficient algorithms for pairingbased cryptosystems
, 2002
"... Abstract. We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable to that of RSA in ..."
Abstract

Cited by 361 (25 self)
 Add to MetaCart
(Show Context)
Abstract. We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable to that of RSA in larger characteristics. We also propose faster algorithms for scalar multiplication in characteristic 3 and square root extraction over Fpm, the latter technique being also useful in contexts other than that of pairingbased cryptography. 1
Improved Decoding of ReedSolomon and AlgebraicGeometry Codes
 IEEE TRANSACTIONS ON INFORMATION THEORY
, 1999
"... Given an errorcorrecting code over strings of length n and an arbitrary input string also of length n, the list decoding problem is that of finding all codewords within a specified Hamming distance from the input string. We present an improved list decoding algorithm for decoding ReedSolomon codes ..."
Abstract

Cited by 343 (42 self)
 Add to MetaCart
Given an errorcorrecting code over strings of length n and an arbitrary input string also of length n, the list decoding problem is that of finding all codewords within a specified Hamming distance from the input string. We present an improved list decoding algorithm for decoding ReedSolomon codes. The list decoding problem for ReedSolomon codes reduces to the following "curvefitting" problem over a field F : Given n points f(x i :y i )g i=1 , x i
Closest Point Search in Lattices
 IEEE TRANS. INFORM. THEORY
, 2000
"... In this semitutorial paper, a comprehensive survey of closestpoint search methods for lattices without a regular structure is presented. The existing search strategies are described in a unified framework, and differences between them are elucidated. An efficient closestpoint search algorithm, ba ..."
Abstract

Cited by 324 (2 self)
 Add to MetaCart
In this semitutorial paper, a comprehensive survey of closestpoint search methods for lattices without a regular structure is presented. The existing search strategies are described in a unified framework, and differences between them are elucidated. An efficient closestpoint search algorithm, based on the SchnorrEuchner variation of the Pohst method, is implemented. Given an arbitrary point x 2 R m and a generator matrix for a lattice , the algorithm computes the point of that is closest to x. The algorithm is shown to be substantially faster than other known methods, by means of a theoretical comparison with the Kannan algorithm and an experimental comparison with the Pohst algorithm and its variants, such as the recent ViterboBoutros decoder. The improvement increases with the dimension of the lattice. Modifications of the algorithm are developed to solve a number of related search problems for lattices, such as finding a shortest vector, determining the kissing number, compu...
An identity based encryption scheme based on quadratic residues
 IN IMA INT. CONF
, 2001
"... We present a novel public key cryptosystem in which the public key of a subscriber can be chosen to be a publicly known value, such as his identity. We discuss the security of the proposed scheme, and show that this is related to the difficulty of solving the quadratic residuosity problem. ..."
Abstract

Cited by 278 (0 self)
 Add to MetaCart
(Show Context)
We present a novel public key cryptosystem in which the public key of a subscriber can be chosen to be a publicly known value, such as his identity. We discuss the security of the proposed scheme, and show that this is related to the difficulty of solving the quadratic residuosity problem.
Compact Proofs of Retrievability
, 2008
"... In a proofofretrievability system, a data storage center must prove to a verifier that he is actually storing all of a client’s data. The central challenge is to build systems that are both efficient and provably secure — that is, it should be possible to extract the client’s data from any prover ..."
Abstract

Cited by 185 (1 self)
 Add to MetaCart
In a proofofretrievability system, a data storage center must prove to a verifier that he is actually storing all of a client’s data. The central challenge is to build systems that are both efficient and provably secure — that is, it should be possible to extract the client’s data from any prover that passes a verification check. All previous provably secure solutions require that a prover send O(l) authenticator values (i.e., MACs or signatures) to verify a file, for a total of O(l 2) bits of communication, where l is the security parameter. The extra cost over the ideal O(l) communication can be prohibitive in systems where a verifier needs to check many files. We create the first compact and provably secure proof of retrievability systems. Our solutions allow for compact proofs with just one authenticator value — in practice this can lead to proofs with as little as 40 bytes of communication. We present two solutions with similar structure. The first one is privately verifiable and builds elegantly on pseudorandom functions (PRFs); the second allows for publicly verifiable proofs and is built from the signature scheme of Boneh, Lynn, and Shacham in bilinear groups. Both solutions rely on homomorphic properties to aggregate a proof into one small authenticator value. 1
Universal SpaceTime Coding
 IEEE Trans. Inform. Theory
, 2003
"... A universal framework is developed for constructing fullrate and fulldiversity coherent spacetime codes for systems with arbitrary numbers of transmit and receive antennas. The proposed framework combines spacetime layering concepts with algebraic component codes optimized for singleinputsi ..."
Abstract

Cited by 143 (7 self)
 Add to MetaCart
(Show Context)
A universal framework is developed for constructing fullrate and fulldiversity coherent spacetime codes for systems with arbitrary numbers of transmit and receive antennas. The proposed framework combines spacetime layering concepts with algebraic component codes optimized for singleinputsingleoutput (SISO) channels. Each component code is assigned to a "thread" in the spacetime matrix, allowing it thus full access to the channel spatial diversity in the absence of the other threads. Diophantine approximation theory is then used in order to make the different threads "transparent" to each other. Within this framework, a special class of signals which uses algebraic numbertheoretic constellations as component codes is thoroughly investigated. The lattice structure of the proposed numbertheoretic codes along with their minimal delay allow for polynomial complexity maximumlikelihood (ML) decoding using algorithms from lattice theory. Combining the design framework with the Cayley transform allows to construct full diversity differential and noncoherent spacetime codes. The proposed framework subsumes many of the existing codes in the literature, extends naturally to timeselective and frequency selective channels, and allows for more flexibility in the tradeoff between power efficiency, bandwidth efficiency, and receiver complexity. Simulation results that demonstrate the significant gains offered by the proposed codes are presented in certain representative scenarios.
Proving in ZeroKnowledge that a Number is the Product of Two Safe Primes
, 1998
"... This paper presents the first efficient statistical zeroknowledge protocols to prove statements such as: A committed number is a pseudoprime. ..."
Abstract

Cited by 142 (15 self)
 Add to MetaCart
(Show Context)
This paper presents the first efficient statistical zeroknowledge protocols to prove statements such as: A committed number is a pseudoprime.
On ideal lattices and learning with errors over rings
 In Proc. of EUROCRYPT, volume 6110 of LNCS
, 2010
"... The “learning with errors ” (LWE) problem is to distinguish random linear equations, which have been perturbed by a small amount of noise, from truly uniform ones. The problem has been shown to be as hard as worstcase lattice problems, and in recent years it has served as the foundation for a pleth ..."
Abstract

Cited by 126 (18 self)
 Add to MetaCart
The “learning with errors ” (LWE) problem is to distinguish random linear equations, which have been perturbed by a small amount of noise, from truly uniform ones. The problem has been shown to be as hard as worstcase lattice problems, and in recent years it has served as the foundation for a plethora of cryptographic applications. Unfortunately, these applications are rather inefficient due to an inherent quadratic overhead in the use of LWE. A main open question was whether LWE and its applications could be made truly efficient by exploiting extra algebraic structure, as was done for latticebased hash functions (and related primitives). We resolve this question in the affirmative by introducing an algebraic variant of LWE called ringLWE, and proving that it too enjoys very strong hardness guarantees. Specifically, we show that the ringLWE distribution is pseudorandom, assuming that worstcase problems on ideal lattices are hard for polynomialtime quantum algorithms. Applications include the first truly practical latticebased publickey cryptosystem with an efficient security reduction; moreover, many of the other applications of LWE can be made much more efficient through the use of ringLWE. 1
Building a better racetrack
 JHEP 0406
"... We find IIb compactifications on CalabiYau orientifolds in which all Kähler moduli are stabilized, along lines suggested by Kachru, Kallosh, Linde and Trivedi. ..."
Abstract

Cited by 118 (8 self)
 Add to MetaCart
(Show Context)
We find IIb compactifications on CalabiYau orientifolds in which all Kähler moduli are stabilized, along lines suggested by Kachru, Kallosh, Linde and Trivedi.
Counting Points on Hyperelliptic Curves using MonskyWashnitzer Cohomology
, 2001
"... We describe an algorithm for counting points on an arbitrary hyperelliptic curve over a finite field Fpn of odd characteristic, using MonskyWashnitzer cohomology to compute a padic approximation to the characteristic polynomial of Frobenius. For fixed p, the asymptotic running time for a curve of ..."
Abstract

Cited by 115 (15 self)
 Add to MetaCart
We describe an algorithm for counting points on an arbitrary hyperelliptic curve over a finite field Fpn of odd characteristic, using MonskyWashnitzer cohomology to compute a padic approximation to the characteristic polynomial of Frobenius. For fixed p, the asymptotic running time for a curve of genus g over Fpn is O(g5+ǫn3+ǫ).