Sequential and dynamic frameproof codes

There are many schemes in the literature for protecting digital data from piracy by the use of digital fingerprinting, such as frameproof codes and traitor-tracing schemes. The concept of traitor-tracing has been applied to a digital broadcast setting in the form of dynamic traitor-tracing schemes and sequential traitor-tracing schemes, which could be used to combat piracy of pay-TV broadcasts, for example. In this paper, we extend the properties of frameproof codes to this dynamic model, defining and constructing both l-sequential c-frameproof codes and l-dynamic c-frameproof codes. We also give bounds on the number of users supported by such schemes.      

Refinements of Miller's algorithm for computing the Weil/Tate pairing

The efficient computation of the Weil and Tate pairings is of significant interest in the implementation of certain recently developed cryptographic protocols. The standard method of such computations has been the Miller algorithm. Three refinements to Miller's algorithm are given in this work. The first refinement is an overall improvement. If the binary expansion of the involved integer has relatively high Hamming weight, the second improvement suggested shows significant gains. The third improvement is especially efficient when the underlying elliptic curve is over a finite field of characteristic three, which is a case of particular cryptographic interest. Comment on the performance analysis and characteristics of the refinements are given.     

A quasi quadratic time algorithm for hyperelliptic curve point counting

We describe an algorithm to compute the cardinality of Jacobians of ordinary hyperelliptic curves of small genus over finite fields with cost . This algorithm is derived from ideas due to Mestre. More precisely, we state the mathematical background behind Mestre’s algorithm and develop from it a variant with quasi-quadratic time complexity. Among others, we present an algorithm to find roots of a system of generalized Artin-Schreier equations and give results that we obtain with an efficient implementation. Especially, we were able to obtain the cardinality of curves of genus one, two or three in finite fields of huge size. 2000 Mathematics Subject Classification Primary—11S40, 14H42, 11G20, 11G15, 94A60     

Inferring sequences produced by a linear congruential generator on elliptic curves missing high-order bits

Let p be a prime and let be an elliptic curve defined over the finite field of p elements. For a given point the linear congruential genarator on elliptic curves (EC-LCG) is a sequence (U _n ) of pseudorandom numbers defined by the relation: where denote the group operation in and is the initial value or seed. We show that if G and sufficiently many of the most significants bits of two consecutive values U _n , U _n+1 of the EC-LCG are given, one can recover the seed U ₀ (even in the case where the elliptic curve is private) provided that the former value U _n does not lie in a certain small subset of exceptional values. We also estimate limits of a heuristic approach for the case where G is also unknown. This suggests that for cryptographic applications EC-LCG should be used with great care. Our results are somewhat similar to those known for the linear and non-linear pseudorandom number congruential generator.      

A sequence approach to linear perfect hash families

A linear (q ^d , q, t)-perfect hash family of size s in a vector space V of order q ^d over a field F of order q consists of a set of linear functionals from V to F with the following property: for all t subsets there exists such that is injective when restricted to F. A linear (q ^d , q, t)-perfect hash family of minimal size d(t − 1) is said to be optimal. In this paper, we extend the theory for linear perfect hash families based on sequences developed by Blackburn and Wild. We develop techniques which we use to construct new optimal linear (q ², q, 5)-perfect hash families and (q ⁴, q, 3)-perfect hash families. The sequence approach also explains a relationship between linear (q ³, q, 3)-perfect hash families and linear (q ², q, 4)-perfect hash families.      

New results on quasi-subfield polynomials

Quasi-subfield polynomials were introduced by Huang et al. together with a new algorithm to solve the Elliptic Curve Discrete Logarithm Problem (ECDLP) over finite fields of small characteristic. In this paper we provide both new quasi-subfield polynomial families and a new theorem limiting their existence. Our results do not allow to derive any speedup for the new ECDLP algorithm compared to previous approaches.     

Achieving Rights Untransferability with Client-Independent Servers

This article presents a scheme for enforcing access rights untransferability in a client-server scenario. Assumptions include a central authority and servers which are trusted and hold no access information about clients. For a client sharing none of her rights, usurpation of a right seems as hard as the discrete logarithm. Also, rights sharing between clients does not compromise their non-shared rights when a sound public-key cryptosystem is used. Transferring rights between clients without the authority's contribution cannot be done if a sound public-key cryptosystem is used. However, only control on partial rights transfers is addressed in this paper, which does not deal with total identity transfer or alienation.     

Parallel Itoh–Tsujii multiplicative inversion algorithm for a special class of trinomials

In this contribution, we derive a novel parallel formulation of the standard Itoh–Tsujii algorithm for multiplicative inverse computation over the field GF(2 ^m ). The main building blocks used by our algorithm are: field multiplication, field squaring and field square root operators. It achieves its best performance when using a special class of irreducible trinomials, namely, P(x) = x ^m  + x ^k  + 1, with m and k odd numbers and when implemented in hardware platforms. Under these conditions, our experimental results show that our parallel version of the Itoh–Tsujii algorithm yields a speedup of about 30% when compared with the standard version of it. Implemented in a Virtex 3200E FPGA device, our design is able to compute multiplicative inversion over GF(2¹⁹³) after 20 clock cycles in about 0.94 μS.      

Group signature schemes with forward secure properties

A group signature scheme allows a group member to sign messages anonymously on behalf of the group. However, in the case of a dispute, the identity of a signature can be revealed by a designated entity. We introduce a forward secure schemes into group signature schemes. When the group public key remains fixed, a group signing key evolves over time. Because the signing key of a group member is evolving at time, the possibility of the signing key being exposed is decreased. We propose a forward secure group signature scheme based on Ateniese and Camenisch et al.’s group signature scheme. The security is analyzed and the comparisons between our scheme with other group signature schemes are made.