Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults

Elliptic curve cryptosystems in the presence of faults were studied by Biehl et al., Advances in Cryptology CRYPTO 2000, Springer Verlag (2000) pp. 131–146. The first fault model they consider requires that the input point P in the computation of dP is chosen by the adversary. Their second and third fault models only require the knowledge of P. But these two latter models are less practical in the sense that they assume that only a few bits of error are inserted (typically exactly one bit is supposed to be disturbed) either into P just prior to the point multiplication or during the course of the computation in a chosen location.This paper relaxes these assumptions and shows how random (and thus unknown) errors in either coordinates of point P, in the elliptic curve parameters or in the field representation enable the (partial) recovery of multiplier d. Then, from multiple point multiplications, we explain how this can be turned into a total key recovery. Simple precautions to prevent the leakage of secrets are also discussed.communication by : P. WildThe work described in this paper has been supported [in part] by the Commission of the European Communities through the IST Programme under Contract IST-1999-12324, http://www.cryptonessie.org/. The information in this document is provided as is, and no guarantee or warranty is given or implied that the information is fit for any particular purpose. The user thereof uses the information at his sole risk and liability. The views expressed are those of the authors and do not represent an official view/position of the NESSIE project (as a whole)     

How to Choose Secret Parameters for RSA-Type Cryptosystems over Elliptic Curves

Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSA-type cryptosystems over elliptic curves. The analysis is more difficult because the underlying groups are not always cyclic. Previous papers suggested the use of strong primes in order to prevent factoring attacks and cycling attacks. In this paper, we only focus on cycling attacks because for both RSA and its elliptic curve-based analogues, the length of the RSA-modulus n is typically the same. Therefore, a factoring attack will succeed with equal probability against all RSA-type cryptosystems. We also prove that cycling attacks reduce to find fixed points, and derive a factorization algorithm which (most probably) completely breaks RSA-type systems over elliptic curves if a fixed point is found.     

Extending Elliptic Curve Chabauty to higher genus curves

We give a generalization of the method of “Elliptic Curve Chabauty” to higher genus curves and their Jacobians. This method can sometimes be used in conjunction with covering techniques and a modified version of the Mordell–Weil sieve to provide a complete solution to the problem of determining the set of rational points on an algebraic curve Y. We show how to apply these explicitly by using them to prove that the equation y ² = (x ³ + x ² ? 1) Φ₁₁(x) has no rational solutions.     

The State of Elliptic Curve Cryptography

Since the introduction of public-key cryptography by Diffie and Hellman in 1976, the potential for the use of the discrete logarithm problem in public-key cryptosystems has been recognized. Although the discrete logarithm problem as first employed by Diffie and Hellman was defined explicitly as the problem of finding logarithms with respect to a generator in the multiplicative group of the integers modulo a prime, this idea can be extended to arbitrary groups and, in particular, to elliptic curve groups. The resulting public-key systems provide relatively small block size, high speed, and high security. This paper surveys the development of elliptic curve cryptosystems from their inception in 1985 by Koblitz and Miller to present day implementations.     

Some Orthogonal Polynomials Related to Elliptic Functions

We characterize the orthogonal polynomials in a class of polynomials defined through their generating functions. This led to three new systems of orthogonal polynomials whose generating functions and orthogonality relations involve elliptic functions. The Hamburger moment problems associated with these polynomials are indeterminate. We give infinite families of weight functions in each case. The different polynomials treated in this work are also polynomials in a parameter and as functions of this parameter they are orthogonal with respect to unique measures, which we find explicitly. Through a quadratic transformation we find a new exactly solvable birth and death process with quartic birth and death rates.     

Trading Inversions for Multiplications in Elliptic Curve Cryptography

Recently, Eisenträger et al. proposed a very elegant method for speeding up scalar multiplication on elliptic curves. Their method relies on improved formulas for evaluating S=(2P + Q) from given points P and Q on an elliptic curve. Compared to the naive approach, the improved formulas save a field multiplication each time the operation is performed. This paper proposes a variant which is faster whenever a field inversion is more expensive than six field multiplications. We also give an improvement when tripling a point, and present a ternary/binary method to perform efficient scalar multiplication.     

罗尔中值定理的一些新证法(英文)

给出了罗尔微分中值定理的三种新的证明方法,其中第二种很简便的方法仅依赖于大家熟知的Heine-Borel有限覆盖定理.由此可见罗尔微分中值定理可以是实数的完备性的直接推论.     

椭圆曲线上的基的选择与实现

在研究了椭圆曲线y2≡x3+ax+b(modp)上的点的一些性质后,提出了基的计算、验证、选择等算法,同时研究了基的选择、点积效率、安全性三者之间的关系.最后实现了以椭圆曲线基的选择.     

Reducing the Elliptic Curve Cryptosystem of Meyer-Müller to the Cryptosystem of Rabin-Williams

At Eurocrypt '96, Meyer and Müller presented a new Rabin-type cryptosystem based on elliptic curves. In this paper, we will show that this cryptosystem may be reduced to the cryptosystem of Rabin-Williams.     

Rearrangement Optimization for Some Elliptic Equations

We investigate an optimization problem related to an elliptic (linear and nonlinear) boundary-value problem. The competing objects are elements of a rearrangement class generated by a fixed positive function. The popular case where the generator is a characteristic function is also considered. In this case, the method of the domain derivative is used to obtain a free boundary result. This research was initiated when the first author was visiting the Iran University of Science and Technology in Summer of 2005. Behrouz Emamizadeh acknowledges the partial financial support from the Petroleum Institute.     

“三焦点”广义椭圆曲线及其传导特性

提出了三焦点广义椭圆的概念,给出了三焦点广义椭圆的画法及其轨迹方程,建立了三焦点广义椭圆的重心M到三焦点广义椭圆轨迹曲线上动点P的距离d的数学模型,研究了三焦点广义椭圆构件对力与速度的传动特性及其在工业上的应用.     

The Xedni Calculus and the Elliptic Curve Discrete Logarithm Problem

Let be an elliptic curve defined over a finite field, and let be two points on E. The Elliptic Curve Discrete Logarithm Problem (ECDLP) asks that an integer m be found so that S=mT in . In this note we give a new algorithm, termed the Xedni Calculus, which might be used to solve the ECDLP. As remarked by Neal Koblitz, the Xedni method is also applicable to the classical discrete logarithm problem for and to the integer factorization problem.     

罗尔中值定理的一些新证法

给出了罗尔微分中值定理的三种新的证明方法,其中第二种很简便的方法仅依赖于大家熟知的Heine-Borel有限覆盖定理.由此可见罗尔微分中值定理可以是实数的完备性的直接推论.     

非欧椭圆几何的若干度量问题

本文用新方法讨论解决了n维椭圆空间Sⁿ中若干几何问题。给出了关于n维球面单形的余弦定理、高的公式、内切及外接球半径r,R以及内心I与外心Q间的距离公式。同时将著名的欧拉不等式推广到Sⁿ中。     

Some Remarks on the Elliptic Harnack Inequality

Three short results are given concerning the elliptic Harnackinequality, in the context of random walks on graphs. The firstis that the elliptic Harnack inequality implies polynomial growthof the number of points in balls, and the second that the ellipticHarnack inequality is equivalent to an annulus-type Harnackinequality for Green's functions. The third result uses thelamplighter group to give a counter-example concerning the relationof coupling with the elliptic Harnack inequality. 2000 MathematicsSubject Classification 31B05 (primary), 60J35, 31C25 (secondary).     

Multiplicity Results for Some Nonlinear Elliptic Equations

This paper deals with the existence of multiple solutions for some classes of nonlinear elliptic Dirichlet boundary value problems. The interplay of convex and concave nonlinearities is studied both for second order equations and for problems involving thep-Laplacian. The bifurcation of positive solutions for some quasilinear eigenvalue problems is also discussed.     

Some Nonlinear Elliptic Problems in Unbounded Domains

In this paper the results of some investigations concerning nonlinear elliptic problems in unbounded domains are summarized and the main difficulties and ideas related to these researches are described. The model problem

On Some Elliptic Problems in Unbounded Domains

The author presents a method allowing to obtain existence of a solution for some elliptic problems set in unbounded domains, and shows exponential rate of convergence of the approximate solution toward the solution.     

Study of Some Noncooperative Linear Elliptic Systems

Using an approximation method, we show the existence of solutions for some noncooperative elliptic systems defined on an unbounded domain.