This preview shows page 1. Sign up to view the full content.
Unformatted text preview: erties that may facilitate cryptanalysis. For example, there is no good notion of “smooth” with elliptic curves. That is, there is no set of small elements in terms of which a random element has a good chance of being expressed by a simple algorithm. Hence, index calculus discrete logarithm algorithms do not work. See [1095] for more details. Elliptic curves over the finite field GF(2n ) are particularly interesting. The arithmetic processors for the underlying field are easy to construct and are relatively simple to implement for n in the range of 130 to 200. They have the potential to provide faster publickey cryptosystems with smaller key sizes. Many publickey algorithms, like DiffieHellman, ElGamal, and Schnorr, can be implemented in elliptic curves over finite fields. The mathematics here are complex and beyond the scope of this book. Those interested in this topic are invited to read the two references previously mentioned, and the excellent book by Alfred Menezes [1059]. Two analogues of RSA work in elliptic curves [890, 454]. Other papers are [23, 119, 1062, 869, 152, 871, 892, 25, 895, 353, 1061, 26, 913, 914, 915]. Elliptic curve cryptosystems with small key lengths are discussed in [701]. Next Computer Inc.’s Fast Elliptic Encryption (FEE) algorithm also uses elliptic curves [388]. FEE has the nice feature that the private key can be any easytoremember string. There are proposed publickey cryptosystems using hyperelliptic curves [868, 870, 1441, 1214]. 19.9 LUC
Some cryptographers have developed generalizations of RSA that use various permutation polynomials instead of exponentiation. A variation called KravitzReed, using irreducible binary polynomials [898], is insecure [451, 589]. Winfried MŸller and Wilfried Nöbauer use Dickson polynomials [1127, 1128, 965]. Rudolph Lidl and MŸller generalized this approach in [966, 1126] (a variant is called the Réidi scheme), and Nöbauer looked at its security in [1172, 1173]. (Comments on prime generation with Lucas functi...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details