论文信息 - Guide to Elliptic Curve Cryptography

Guide to Elliptic Curve Cryptography

After two decades of research and development, elliptic curve cryptography now has widespread exposure and acceptance. Industry, banking, and government standards are in place to facilitate extensive deployment of this efficient public-key mechanism. Anchored by a comprehensive treatment of the practical aspects of elliptic curve cryptography (ECC), this guide explains the basic mathematics, describes state-of-the-art implementation methods, and presents standardized protocols for public-key encryption, digital signatures, and key establishment. In addition, the book addresses some issues that arise in software and hardware implementation, as well as side-channel attacks and countermeasures. Readers receive the theoretical fundamentals as an underpinning for a wealth of practical and accessible knowledge about efficient application. Features & Benefits: * Breadth of coverage and unified, integrated approach to elliptic curve cryptosystems * Describes important industry and government protocols, such as the FIPS 186-2 standard from the U.S. National Institute for Standards and Technology * Provides full exposition on techniques for efficiently implementing finite-field and elliptic curve arithmetic* Distills complex mathematics and algorithms for easy understanding* Includes useful literature references, a list of algorithms, and appendices on sample parameters, ECC standards, and software toolsThis comprehensive, highly focused reference is a useful and indispensable resource for practitioners, professionals, or researchers in computer science, computer engineering, network design, and network data security.

[1] Edlyn Teske,et al. Speeding Up Pollard's Rho Method for Computing Discrete Logarithms , 1998, ANTS.

[2] Arjen K. Lenstra,et al. The XTR Public Key System , 2000, CRYPTO.

[3] Joe Suzuki,et al. Elliptic Curve Discrete Logarithms and the Index Calculus , 1998, ASIACRYPT.

[4] David Brumley,et al. Remote timing attacks are practical , 2003, Comput. Networks.

[5] Silvio Micali,et al. Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[6] Jacques Stern,et al. Signing on a Postcard , 2000, Financial Cryptography.

[7] Nigel P. Smart,et al. Constructive and destructive facets of Weil descent on elliptic curves , 2002, Journal of Cryptology.

[8] S. C. Shantz. From Euclid's GCD to Montgomery Multiplication to the Great Divide , 2001 .

[9] Michael Wiener,et al. Advances in Cryptology — CRYPTO’ 99 , 1999 .

[10] Seigo Arita,et al. Weil Descent of Elliptic Curves over Finite Fields of Characteristic Three , 2000, ASIACRYPT.

[11] Christof Paar,et al. Cryptographic Hardware and Embedded Systems: First InternationalWorkshop, CHES’99 Worcester, MA, USA, August 12–13, 1999 Proceedings , 1999, Lecture Notes in Computer Science.

[12] Sorin A. Huss,et al. A Reconfigurable System on Chip Implementation for Elliptic Curve Cryptography over GF(2n) , 2002, CHES.

[13] Alfred Menezes,et al. Progress in Cryptology — INDOCRYPT 2002 , 2002, Lecture Notes in Computer Science.

[14] Chris J. Skinner,et al. A Public-Key Cryptosystem and a Digital Signature System BAsed on the Lucas Function Analogue to Discrete Logarithms , 1994, ASIACRYPT.

[15] Gilles Brassard,et al. Advances in Cryptology , 1990 .

[16] Paul Montague,et al. A New Elliptic Curve Scalar Multiplication Algorithm to Resist Simple Power Analysis , 2002, ACISP.

[17] Volker Müller. Fast Multiplication on Elliptic Curves over Small Fields of Characteristic Two , 1998, Journal of Cryptology.

[18] Antoine Joux,et al. A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[19] W. Waterhouse,et al. Abelian varieties over finite fields , 1969 .

[20] Johannes A. Buchmann,et al. A key-exchange system based on imaginary quadratic fields , 1988, Journal of Cryptology.

[21] Matthew K. Franklin,et al. Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[22] Igor A. Semaev,et al. Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p , 1998, Math. Comput..

[23] Gerald E. Sobelman,et al. Elliptic Curve Scalar Multiplier Design Using FPGAs , 1999, CHES.

[24] Daniel J. Bernstein,et al. Circuits for Integer Factorization: A Proposal , 2001 .

[25] Steven D. Galbraith,et al. A Cryptographic Application of Weil Descent , 1999, IMACC.

[26] J. Silverman,et al. Rational Points on Elliptic Curves , 1992 .

[27] Rainer A. Rueppel. Advances in Cryptology — EUROCRYPT’ 92 , 2001, Lecture Notes in Computer Science.

[28] Paul Dischamp,et al. Power Analysis, What Is Now Possible , 2000, ASIACRYPT.

[29] Pil Joong Lee,et al. Fast Implementation of Elliptic Curve Defined over GF(pm) on CalmRISC with MAC2424 Coprocessor , 2000, CHES.

[30] Hilarie K. Orman,et al. Fast Key Exchange with Elliptic Curve Systems , 1995, CRYPTO.

[31] David A. Umphress,et al. Information leakage from optical emanations , 2002, TSEC.

[32] Ken Frazer,et al. Building secure software: how to avoid security problems the right way , 2002, SOEN.

[33] Marc Joye,et al. Weierstraß Elliptic Curves and Side-Channel Attacks , 2002, Public Key Cryptography.

[34] V. Nechaev. Complexity of a determinate algorithm for the discrete logarithm , 1994 .

[35] Everett W. Howe. On the group orders of elliptic curves over finite fields , 2001, math/0110262.

[36] Andreas Enge,et al. Elliptic Curves and Their Applications to Cryptography , 1999, Springer US.

[37] Joe Kilian. Advances in Cryptology — CRYPTO 2001 , 2001, Lecture Notes in Computer Science.

[38] L. Washington. Elliptic Curves: Number Theory and Cryptography , 2003 .

[39] Walter Fumy,et al. Advances in Cryptology — EUROCRYPT ’97 , 2001, Lecture Notes in Computer Science.

[40] Alfred Menezes,et al. The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[41] Emmanuel Thomé,et al. Computation of Discrete Logarithms in F2607 , 2001, ASIACRYPT.

[42] M. Anwar Hasan. Power Analysis Attacks and Algorithmic Approaches to their Countermeasures for Koblitz Curve Cryptosystems , 2000, CHES.

[43] Scott A. Vanstone,et al. Improving the parallelized Pollard lambda search on anomalous binary curves , 2000, Math. Comput..

[44] Mihir Bellare. Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[45] R. Balasubramanian,et al. The Improbability That an Elliptic Curve Has Subexponential Discrete Log Problem under the Menezes—Okamoto—Vanstone Algorithm , 1998, Journal of Cryptology.

[46] ÇETIN K. KOÇ,et al. Montgomery Multiplication in GF(2k) , 1998, Des. Codes Cryptogr..

[47] Bruce Schneier,et al. Practical cryptography , 2003 .

[48] Christof Paar,et al. Elliptic Curve Cryptography on Smart Cards without Coprocessors , 2001, CARDIS.

[49] H. W. Lenstra,et al. Factoring integers with elliptic curves , 1987 .

[50] Moni Naor,et al. Non-malleable cryptography , 1991, STOC '91.

[51] Catherine H. Gebotys,et al. Secure Elliptic Curve Implementations: An Analysis of Resistance to Power-Attacks in a DSP Processor , 2002, CHES.

[52] Takakazu Satoh,et al. Fast computation of canonical lifts of elliptic curves and its application to point counting , 2003 .

[53] Johann Großschädl,et al. A Bit-Serial Unified Multiplier Architecture for Finite Fields GF(p) and GF(2m) , 2001, CHES.

[54] Alfred Menezes,et al. Software Implementation of the NIST Elliptic Curves Over Prime Fields , 2001, CT-RSA.

[55] Joe Kilian,et al. Almost all primes can be quickly certified , 1986, STOC '86.

[56] Richard Gerber. The Software Optimization Cookbook: High-Performance Recipes for the Intel Architecture , 2002 .

[57] David Naccache,et al. Topics in Cryptology — CT-RSA 2001 , 2001, Lecture Notes in Computer Science.

[58] Christof Paar,et al. Fast Arithmetic Architectures for Public-Key Algorithms over Galois Fields GF((2n)m) , 1997, EUROCRYPT.

[59] Alfred Menezes,et al. Validation of Elliptic Curve Public Keys , 2003, Public Key Cryptography.

[60] Scott A. Vanstone,et al. Postal Revenue Collection in the Digital Age , 2000, Financial Cryptography.

[61] Anatolij A. Karatsuba,et al. Multiplication of Multidigit Numbers on Automata , 1963 .

[62] Henk L. Muller,et al. Cryptographic Hardware and Embedded Systems — CHES 2001 , 2001, Lecture Notes in Computer Science.

[63] Iwan M. Duursma,et al. Speeding up the Discrete Log Computation on Curves with Automorphisms , 1999, ASIACRYPT.

[64] Igor E. Shparlinski,et al. On the Unpredictability of Bits of the Elliptic Curve Diffie--Hellman Scheme , 2001, CRYPTO.

[65] Gordon B. Agnew,et al. An implementation for a fast public-key cryptosystem , 2004, Journal of Cryptology.

[66] Marc Joye,et al. Protections against Differential Analysis for Elliptic Curve Cryptography , 2001, CHES.

[67] Don Coppersmith,et al. Fast evaluation of logarithms in fields of characteristic two , 1984, IEEE Trans. Inf. Theory.

[68] Willi Meier,et al. Efficient Multiplication on Certain Nonsupersingular Elliptic Curves , 1992, CRYPTO.

[69] Kazuhiro Yokoyama,et al. Efficient Implementation of Schoof's Algorithm , 1998, ASIACRYPT.

[70] Gustavus J. Simmons,et al. Contemporary Cryptology: The Science of Information Integrity , 1994 .

[71] Christof Paar,et al. Optimal Extension Fields for Fast Arithmetic in Public-Key Algorithms , 1998, CRYPTO.

[72] R. Schoof. Elliptic Curves Over Finite Fields and the Computation of Square Roots mod p , 1985 .

[73] Rainer Steinwandt,et al. A Dedicated Sieving Hardware , 2003, Public Key Cryptography.

[74] Jacques Stern,et al. Flaws in Applying Proof Methodologies to Signature Schemes , 2002, CRYPTO.

[75] Henri Cohen,et al. A course in computational algebraic number theory , 1993, Graduate texts in mathematics.

[76] J. van Leeuwen,et al. Selected Areas in Cryptography , 2001, Lecture Notes in Computer Science.

[77] Chae Hoon Lim,et al. More Flexible Exponentiation with Precomputation , 1994, CRYPTO.

[78] R. Harley,et al. An extension of Satoh's algorithm and its implementation , 2000 .

[79] Daniel M. Gordon,et al. Discrete Logarithms in GF(P) Using the Number Field Sieve , 1993, SIAM J. Discret. Math..

[80] R. McEliece. Finite Fields for Computer Scientists and Engineers , 1986 .

[81] Israel Koren. Computer arithmetic algorithms , 1993 .

[82] I. Chuang,et al. Experimental realization of Shor's quantum factoring algorithm using nuclear magnetic resonance , 2001, Nature.

[83] Bert den Boer. Diffie-Hellman is as Strong as Discrete Log for Certain Primes , 1988, CRYPTO.

[84] Mihir Bellare,et al. Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[85] Kristin E. Lauter,et al. Fast Elliptic Curve Arithmetic and Improved Weil Pairing Evaluation , 2003, CT-RSA.

[86] Jerome A. Solinas. An Improved Algorithm for Arithmetic on a Family of Elliptic Curves , 1997, CRYPTO.

[87] Markus G. Kuhn,et al. Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[88] N. Koblitz. Elliptic curve cryptosystems , 1987 .

[89] Ronald C. Mullin,et al. Optimal normal bases in GF(pn) , 1989, Discret. Appl. Math..

[90] Moti Yung,et al. Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[91] A. P. Chandrakasan,et al. An energy-efficient reconfigurable public-key cryptography processor , 2001, IEEE J. Solid State Circuits.

[92] H. C. Williams,et al. Advances in Cryptology — CRYPTO ’85 Proceedings , 2000, Lecture Notes in Computer Science.

[93] 黒沢馨,et al. Low exponent attack against elliptic curve RSA , 1995 .

[94] Helger Lipmaa,et al. IDEA: A Cipher For Multimedia Architectures? , 1998, Selected Areas in Cryptography.

[95] Ronald Cramer,et al. A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[96] Marc Joye,et al. Hessian Elliptic Curves and Side-Channel Attacks , 2001, CHES.

[97] Adi Shamir,et al. A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[98] Paul C. Kocher,et al. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[99] Ian F. Blake,et al. Elliptic curves in cryptography , 1999 .

[100] David Lubicz,et al. Counting Points on Elliptic Curves over Finite Fields of Small Characteristic in Quasi Quadratic Time , 2003, EUROCRYPT.

[101] Khawaja Amer Hayat,et al. Password Interception in a SSL/TLS Channel , 2004 .

[102] D. H. Lehmer. Euclid's Algorithm for Large Numbers , 1938 .

[103] Alfred Menezes,et al. Solving Elliptic Curve Discrete Logarithm Problems Using Weil Descent , 2001, IACR Cryptol. ePrint Arch..

[104] Steven D. Galbraith,et al. Supersingular Curves in Cryptography , 2001, ASIACRYPT.

[105] Hans-Georg Rück. On the discrete logarithm in the divisor class group of curves , 1999, Math. Comput..

[106] Hilarie K. Orman,et al. The OAKLEY Key Determination Protocol , 1997, RFC.

[107] Daniel R. L. Brown. Generic Groups, Collision Resistance, and ECDSA , 2002, Des. Codes Cryptogr..

[108] Martin E. Hellman,et al. Hiding information and signatures in trapdoor knapsacks , 1978, IEEE Trans. Inf. Theory.

[109] Berk Sunar,et al. An Efficient Optimal Normal Basis Type II Multiplier , 2001, IEEE Trans. Computers.

[110] Paul G. Comba,et al. Exponentiation Cryptosystems on the IBM PC , 1990, IBM Syst. J..

[111] Ran Canetti,et al. The random oracle methodology, revisited , 2000, JACM.

[112] Gustavus J. Simmons,et al. The First Ten Years of Public Key Cryptology , 1992 .

[113] J. Stein. Computational problems associated with Racah algebra , 1967 .

[114] Kouichi Itoh,et al. Implementation of Elliptic Curve Cryptographic Coprocessor over GF(2m) on an FPGA , 2000, CHES.

[115] Craig Gentry,et al. Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[116] Richard P. Brent,et al. An improved Monte Carlo factorization algorithm , 1980 .

[117] Paul Barrett,et al. Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor , 1986, CRYPTO.

[118] Guang Gong,et al. Public-key cryptosystems based on cubic finite field extensions , 1999, IEEE Trans. Inf. Theory.

[119] Dakshi Agrawal,et al. The EM Side-Channel(s) , 2002, CHES.

[120] Hugo Krawczyk,et al. Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[121] K. Kedlaya. Counting Points on Hyperelliptic Curves using Monsky-Washnitzer Cohomology , 2001, math/0105031.

[122] D. Hasan Jamak. DIGITAL SIGNATURE ALGORITHM (DSA) , 2006 .

[123] J. Olivos,et al. Speeding up the computations on an elliptic curve using addition-subtraction chains , 1990, RAIRO Theor. Informatics Appl..

[124] Whitfield Diffie,et al. New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[125] Sangjin Lee,et al. An Improved Method of Multiplication on Certain Elliptic Curves , 2002, Public Key Cryptography.

[126] Jonathan P. Sorenson,et al. An analysis of Lehmer's Euclidean GCD algorithm , 1995, ISSAC '95.

[127] Carlisle Adams,et al. Understanding PKI: Concepts, Standards, and Deployment Considerations , 1999 .

[128] Ross J. Anderson,et al. Optical Fault Induction Attacks , 2002, CHES.

[129] R. A. Rueppel,et al. Message recovery for signature schemes based on the discrete logarithm problem , 1994, EUROCRYPT.

[130] Ross J. Anderson. Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[131] Fabian Kuhn,et al. Random Walks Revisited: Extensions of Pollard's Rho Algorithm for Computing Multiple Discrete Logarithms , 2001, Selected Areas in Cryptography.

[132] Andreas Stein,et al. Key-Exchange in Real Quadratic Congruence Function Fields , 1996, Des. Codes Cryptogr..

[133] Serge Vaudenay,et al. Minding your p's and q's , 1996, ASIACRYPT.

[134] Richard J. Lipton,et al. Algorithms for Black-Box Fields and their Application to Cryptography (Extended Abstract) , 1996, CRYPTO.

[135] Bruce Schneier,et al. Applied cryptography (2nd ed.): protocols, algorithms, and source code in C , 1995 .

[136] Ueli Maurer,et al. The Diffie–Hellman Protocol , 2000, Des. Codes Cryptogr..

[137] Reynald Lercier,et al. Finding Good Random Elliptic Curves for Cryptosystems Defined over F2n , 1997, EUROCRYPT.

[138] Bimal Roy,et al. Progress in Cryptology —INDOCRYPT 2000 , 2002, Lecture Notes in Computer Science.

[139] G. Frey. Applications of Arithmetical Geometry to Cryptographic Constructions , 2001 .

[140] Peter W. Shor,et al. Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[141] Stéphane Beauregard. Circuit for Shor's algorithm using 2n+3 qubits , 2003, Quantum Inf. Comput..

[142] Leonard M. Adleman,et al. Algorithmic Number Theory , 1994, Lecture Notes in Computer Science.

[143] Jean-Jacques Quisquater,et al. Analysis of the Gallant-Lambert-Vanstone Method Based on Efficient Endomorphisms: Elliptic and Hyperelliptic Curves , 2002, Selected Areas in Cryptography.

[144] Steven D. Galbraith,et al. Extending the GHS Weil Descent Attack , 2002, EUROCRYPT.

[145] Hovav Shacham,et al. Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[146] Igor E. Shparlinski,et al. The Insecurity of the Digital Signature Algorithm with Partially Known Nonces , 2002, Journal of Cryptology.

[147] Russell Housley,et al. Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure , 2001 .

[148] Christian Wittmann. Group Structure of Elliptic Curves over Finite Fields , 2001 .

[149] T. Itoh,et al. A Fast Algorithm for Computing Multiplicative Inverses in GF(2^m) Using Normal Bases , 1988, Inf. Comput..

[150] Paul C. Kocher,et al. Differential Power Analysis , 1999, CRYPTO.

[151] C. Pandu Rangan,et al. Progress in Cryptology — INDOCRYPT 2001 , 2001, Lecture Notes in Computer Science.

[152] Alfred Menezes,et al. Field inversion and point halving revisited , 2004, IEEE Transactions on Computers.

[153] Alfred Menezes,et al. Analysis of the Weil Descent Attack of Gaudry, Hess and Smart , 2001, CT-RSA.

[154] Ernest F. Brickell,et al. Advances in Cryptology — CRYPTO’ 92 , 2001, Lecture Notes in Computer Science.

[155] Alexander W. Dent,et al. Adapting the Weaknesses of the Random Oracle Model to the Generic Group Model , 2002, ASIACRYPT.

[156] David M'Raïhi,et al. Cryptographic smart cards , 1996, IEEE Micro.

[157] Ingrid Biehl,et al. Differential Fault Attacks on Elliptic Curve Cryptosystems ( Extended Abstract ) , 2000 .

[158] Donald E. Knuth,et al. The art of computer programming. Vol.2: Seminumerical algorithms , 1981 .

[159] Vipul Gupta,et al. An End-to-End Systems Approach to Elliptic Curve Cryptography , 2002, CHES.

[160] Brian Case,et al. SPARC architecture , 1992 .

[161] Philippe Flajolet,et al. Random Mapping Statistics , 1990, EUROCRYPT.

[162] Harald Baier,et al. Elliptic Curves of Prime Order over Optimal Extension Fields for Use in Cryptography , 2001, INDOCRYPT.

[163] Vijay Varadharajan,et al. Information Security and Privacy , 2004, Lecture Notes in Computer Science.

[164] Jongin Lim,et al. An Alternate Decomposition of an Integer for Faster Point Multiplication on Certain Elliptic Curves , 2002, Public Key Cryptography.

[165] Frederik Vercauteren,et al. Computing Zeta Functions of Hyperelliptic Curves over Finite Fields of Characteristic 2 , 2002, CRYPTO.

[166] Colin Boyd,et al. Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[167] Kazuo Ohta,et al. Advances in Cryptology — ASIACRYPT’98 , 2002, Lecture Notes in Computer Science.

[168] Marcos A. Kiwi,et al. Strength of two data encryption standard implementations under timing attacks , 1998, TSEC.

[169] Gordon B. Agnew,et al. An Implementation of Elliptic Curve Cryptosystems Over F2155 , 1993, IEEE J. Sel. Areas Commun..

[170] Horst G. Zimmer,et al. Constructing elliptic curves with given group order over large finite fields , 1994, ANTS.

[171] Peter de Rooij,et al. Efficient Exponentiation using Procomputation and Vector Addition Chains , 1994, EUROCRYPT.

[172] Berit Skjernaa,et al. Satoh's algorithm in characteristic 2 , 2003, Math. Comput..

[173] Alfred Menezes,et al. Software Implementation of Elliptic Curve Cryptography over Binary Fields , 2000, CHES.

[174] Dieter Gollmann,et al. Algorithm engineering for public key algorithms , 1989, IEEE J. Sel. Areas Commun..

[175] Yvo Desmedt,et al. Advances in Cryptology — CRYPTO ’94 , 2001, Lecture Notes in Computer Science.

[176] Seongan Lim,et al. Integer Decomposition for Fast Scalar Multiplication on Elliptic Curves , 2002, Selected Areas in Cryptography.

[177] Johan Håstad,et al. Solving Simultaneous Modular Equations of Low Degree , 1988, SIAM J. Comput..

[178] Nigel P. Smart. Topics in Cryptology — CT-RSA 2003 , 2003, Lecture Notes in Computer Science.

[179] Thomas Beth,et al. Arithmetic Operations in GF(2 m ). , 1993 .

[180] Johannes Wolkerstorfer,et al. Dual-Field Arithmetic Unit for GF(p) and GF(2m) , 2002, CHES.

[181] Eli Biham,et al. Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[182] Ernest F. Brickell,et al. Design Validations for Discrete Logarithm Based Signature Schemes , 2000, Public Key Cryptography.

[183] Donald Byron Johnson,et al. Formal Security Proofs for a Signature Scheme with Partial Message Recovery , 2001, CT-RSA.

[184] Henk L. Muller,et al. Non-deterministic Processors , 2001, ACISP.

[185] Hovav Shacham,et al. Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[186] Jongin Lim,et al. Speeding Up Point Multiplication on Hyperelliptic Curves with Efficiently-Computable Endomorphisms , 2002, EUROCRYPT.

[187] Jacques Stern,et al. RSA-OAEP Is Secure under the RSA Assumption , 2001, Journal of Cryptology.

[188] Joos Vandewalle,et al. A Memory Efficient Version of Satoh's Algorithm , 2001, EUROCRYPT.

[189] Alain Durand. Efficient Ways to Implement Elliptic Curve Exponentiation on a Smart Card , 1998, CARDIS.

[190] Jung Hee Cheon,et al. Fast Elliptic Curve Point Counting Using Gaussian Normal Basis , 2002, ANTS.

[191] Ramlan Mahmod,et al. A New Addition Formula for Elliptic Curves over GF(2n) , 2002, IEEE Trans. Computers.

[192] A. K. Lenstra,et al. Multi-exponentiation (cryptographic protocols) , 1994 .

[193] Jean-Sébastien Coron,et al. Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[194] Martin E. Hellman,et al. An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[195] Kouichi Sakurai,et al. Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack , 2000, INDOCRYPT.

[196] Robert H. Deng,et al. Breaking Public Key Cryptosystems on Tamper Resistant Devices in the Presence of Transient Faults , 1997, Security Protocols Workshop.

[197] Johannes A. Buchmann,et al. A key-exchange protocol using real quadratic fields , 1994, Journal of Cryptology.

[198] Kwangjo Kim,et al. Advances in Cryptology — ASIACRYPT '96 , 1996, Lecture Notes in Computer Science.

[199] P. L. Montgomery. Modular multiplication without trial division , 1985 .

[200] Elisabeth Oswald,et al. Enhancing Simple Power-Analysis Attacks on Elliptic Curve Cryptosystems , 2002, CHES.

[201] Christof Paar,et al. Efficient Implementation of Elliptic Curve Cryptosystems on the TI MSP 430x33x Family of Microcontrollers , 2001, Public Key Cryptography.

[202] Carl Pomerance,et al. The Development of the Number Field Sieve , 1994 .

[203] Antoine Joux,et al. Separating Decision Diffie–Hellman from Computational Diffie–Hellman in Cryptographic Groups , 2003, Journal of Cryptology.

[204] Christof Paar,et al. Elliptic Curve Cryptography on a Palm OS Device , 2001, ACISP.

[205] Tanja Lange,et al. Speeding up the Arithmetic on Koblitz Curves of Genus Two , 2000, Selected Areas in Cryptography.

[206] Jean-Jacques Quisquater,et al. A Practical Implementation of the Timing Attack , 1998, CARDIS.

[207] Harald Baier,et al. Efficient Construction of Cryptographically Strong Elliptic Curves , 2000, INDOCRYPT.

[208] Eric R. Verheul,et al. Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems , 2004, Journal of Cryptology.

[209] Nigel P. Smart,et al. Preventing SPA/DPA in ECC Systems Using the Jacobi Form , 2001, CHES.

[210] Werner Schindler,et al. A Timing Attack against RSA with the Chinese Remainder Theorem , 2000, CHES.

[211] Alfred Menezes,et al. Authenticated Diffie-Hellman Key Agreement Protocols , 1998, Selected Areas in Cryptography.

[212] Annegret Weng,et al. Constructing hyperelliptic curves of genus 2 suitable for cryptography , 2003, Math. Comput..

[213] Bernard P. Zajac. Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[214] Philip Heng Wai Leong,et al. A microcoded elliptic curve processor using FPGA technology , 2002, IEEE Trans. Very Large Scale Integr. Syst..

[215] Christof Paar,et al. Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[216] Christof Paar,et al. A High Performance Reconfigurable Elliptic Curve Processor for GF(2m) , 2000, CHES.

[217] Hege Reithe Frium. The Group Law on Elliptic Curves on Hesse form , 2002 .

[218] Robert H. Sloan,et al. Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[219] J. Ward,et al. Book Review: Proceedings of the Third International Conference on Spectral and High Order Methods@@@Book Review: An introduction to computational geometry for curves and surfaces@@@Book Review: The mathematics of surfaces@@@Book Review: Algorithmic number theory, Volume I: Efficient algorithms , 1998 .

[220] J. Pollard,et al. Monte Carlo methods for index computation () , 1978 .

[221] André Weimerskirch,et al. Generic GF(2) Arithmetic in Software and Its Application to ECC , 2003, ACISP.

[222] Francis Olivier,et al. Electromagnetic Analysis: Concrete Results , 2001, CHES.

[223] Robert Harley,et al. Counting Points on Hyperelliptic Curves over Finite Fields , 2000, ANTS.

[224] Thomas Jensen,et al. Smart Card Programming and Security , 2001, Lecture Notes in Computer Science.

[225] Victor Shoup,et al. Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[226] Igor E. Shparlinski,et al. The Insecurity of Nyberg-Rueppel and Other DSA-Like Signature Schemes with Partially Known Nonces , 2001, CaLC.

[227] Adi Shamir. Factoring Large Numbers with the Twinkle Device (Extended Abstract) , 1999, CHES.

[228] Neal Koblitz,et al. Good and Bad Uses of Elliptic Curves in Cryptography , 2002 .

[229] Jeff Gilchrist,et al. Factorization of a 512-Bit RSA Modulus , 2000, EUROCRYPT.

[230] YoungJu Choie,et al. Speeding up the Scalar Multiplication in the Jacobians of Hyperelliptic Curves Using Frobenius Map , 2002, INDOCRYPT.

[231] Erkay Savas,et al. Scalable and Unified Hardware to Compute Montgomery Inverse in GF(p) and GF(2) , 2002, CHES.

[232] A. Atkin,et al. ELLIPTIC CURVES AND PRIMALITY PROVING , 1993 .

[233] David Bistry. The Complete Guide to Mmx Technology , 1997 .

[234] Daniel Bleichenbacher. On the Security of the KMOV Public Key Cryptosystem , 1997, CRYPTO.

[235] Louis Goubin,et al. A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems , 2003, Public Key Cryptography.

[236] Harald Niederreiter,et al. Introduction to finite fields and their applications: Preface , 1994 .

[237] Victor S. Miller,et al. Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[238] Dan Harkins,et al. The Internet Key Exchange (IKE) , 1998, RFC.

[239] Taher ElGamal,et al. A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[240] G. Frey,et al. A remark concerning m -divisibility and the discrete logarithm in the divisor class group of curves , 1994 .

[241] Kevin S. McCurley,et al. A key distribution system equivalent to factoring , 1988, Journal of Cryptology.

[242] Christof Zalka,et al. Shor's discrete logarithm quantum algorithm for elliptic curves , 2003, Quantum Inf. Comput..

[243] R.G.E. Pinch. Extending the Wiener attack to RSA-type cryptosystems , 1995 .

[244] Joseph H. Silverman,et al. The arithmetic of elliptic curves , 1986, Graduate texts in mathematics.

[245] Markus G. Kuhn,et al. Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations , 1998, Information Hiding.

[246] Ernest F. Brickell,et al. Fast Exponentiation with Precomputation (Extended Abstract) , 1992, EUROCRYPT.

[247] Takakazu Satoh,et al. Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves , 1998 .

[248] Josep Domingo-Ferrer,et al. Smart Card Research and Advanced Applications , 2000, IFIP — The International Federation for Information Processing.

[249] Steven Levy,et al. Crypto: How the Code Rebels Beat the Government--Saving Privacy in the Digital Age , 2001 .

[250] Russell Miller,et al. A Low-Power Design for an Elliptic Curve Digital Signature Chip , 2002, CHES.

[251] Jean-Jacques Quisquater,et al. ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[252] Hugo Krawczyk,et al. SKEME: a versatile secure key exchange mechanism for Internet , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[253] Kwok-Yan Lam,et al. Advances in Cryptology - ASIACRYPT’99 , 1999, Lecture Notes in Computer Science.

[254] Atsuko Miyaji,et al. Efficient Elliptic Curve Exponentiation Using Mixed Coordinates , 1998, ASIACRYPT.

[255] Douglas R. Stinson,et al. Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[256] Oliver Schirokauer. Discrete logarithms and local units , 1993, Philosophical Transactions of the Royal Society of London. Series A: Physical and Engineering Sciences.

[257] Joos Vandewalle,et al. Comparison of Three Modular Reduction Functions , 1993, CRYPTO.

[258] Richard P. Paul. Sparc Architecture, Assembly Language Programming, and C , 1993 .

[259] Ivan Bjerre Damgård,et al. Advances in Cryptology — EUROCRYPT ’90 , 2001, Lecture Notes in Computer Science.

[260] Scott A. Vanstone,et al. Discrete Logarithm Based Cryptosystems in Quadratic Function Fields of Characteristic 2 , 1998, Des. Codes Cryptogr..

[261] Bodo Möller. Algorithms for Multi-exponentiation , 2001, Selected Areas in Cryptography.

[262] Steven D. Galbraith,et al. Arithmetic on superelliptic curves , 2002 .

[263] J. van Leeuwen,et al. Selected Areas in Cryptography , 2001, Lecture Notes in Computer Science.

[264] Andreas Stein,et al. Analysis of the Xedni Calculus Attack , 2000, Des. Codes Cryptogr..

[265] James Manger,et al. A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0 , 2001, CRYPTO.

[266] David Pointcheval,et al. Chosen-Ciphertext Security for Any One-Way Cryptosystem , 2000, Public Key Cryptography.

[267] Paul C. van Oorschot,et al. On Diffie-Hellman Key Agreement with Short Exponents , 1996, EUROCRYPT.

[268] Arjen K. Lenstra,et al. Unbelievable Security. Matching AES Security Using Public Key Systems , 2001, ASIACRYPT.

[269] Elena Trichina,et al. Implementation of Elliptic Curve Cryptography with Built-In Counter Measures against Side Channel Attacks , 2002, CHES.

[270] Michael J. Wiener,et al. Faster Attacks on Elliptic Curve Cryptosystems , 1998, Selected Areas in Cryptography.

[271] Nicolas Gürel,et al. An Extension of Kedlaya's Point-Counting Algorithm to Superelliptic Curves , 2001, ASIACRYPT.

[272] Florian Hess,et al. The GHS Attack Revisited , 2003, EUROCRYPT.

[273] Andrew Chi-Chih Yao,et al. The Complexity of Finding Cycles in Periodic Functions , 1982, SIAM J. Comput..

[274] Mitsuru Matsui,et al. A Practical Implementation of Elliptic Curve Cryptosystems over GF(p) on a 16-bit Microcomputer , 1998, Public Key Cryptography.

[275] Tsuyoshi Takagi,et al. A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks , 2002, Public Key Cryptography.

[276] Adi Shamir,et al. Analysis and Optimization of the TWINKLE Factoring Device , 2000, EUROCRYPT.

[277] Pankaj Rohatgi,et al. Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[278] Erkay Savas,et al. The Montgomery Modular Inverse-Revisited , 2000, IEEE Trans. Computers.

[279] Frederik Vercauteren,et al. An Extension of Kedlaya's Algorithm to Artin-Schreier Curves in Characteristic 2 , 2002, ANTS.

[280] Eli Biham,et al. Advances in Cryptology — EUROCRYPT 2003 , 2003, Lecture Notes in Computer Science.

[281] Pierrick Gaudry,et al. An Algorithm for Solving the Discrete Log Problem on Hyperelliptic Curves , 2000, EUROCRYPT.

[282] J. Loxton,et al. Number Theory and Cryptography , 1990 .

[283] Erik Woodward Knudsen,et al. Elliptic Scalar Multiplication Using Point Halving , 1999, ASIACRYPT.

[284] Nigel P. Smart,et al. Hardware Implementation of Finite Fields of Characteristic Three , 2002, CHES.

[285] Alfred Menezes,et al. Weak Fields for ECC , 2004, CT-RSA.

[286] Ralph C. Merkle,et al. Secure communications over insecure channels , 1978, CACM.

[287] Claus-Peter Schnorr,et al. Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[288] Serge Vaudenay,et al. Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS , 2002, EUROCRYPT.

[289] Jean-Jacques Quisquater,et al. Advances in Cryptology — EUROCRYPT ’95 , 2001, Lecture Notes in Computer Science.

[290] Dan Boneh,et al. A Secure Signature Scheme from Bilinear Maps , 2003, CT-RSA.

[291] Jean-Pierre Seifert,et al. Information Leakage Attacks against Smart Card Implementations of the Elliptic Curve Digital Signature Algorithm , 2001, E-smart.

[292] Alfred Menezes,et al. Handbook of Applied Cryptography , 2018 .

[293] Daniel R. Simon,et al. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[294] Alfredo De Santis,et al. Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[295] Guido Bertoni,et al. Efficient GF(pm) Arithmetic Architectures for Cryptographic Applications , 2003, CT-RSA.

[296] Colin Boyd,et al. Protocols for Key Establishment and Authentication , 2003 .

[297] Alfred Menezes,et al. Analysis of the GHS Weil Descent Attack on the ECDLP over Characteristic Two Finite Fields of Composite Degree , 2001, INDOCRYPT.

[298] David Pointcheval,et al. The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes , 2001, Public Key Cryptography.

[299] Mihir Bellare,et al. The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES , 2001, CT-RSA.

[300] Tatsuaki Okamoto,et al. Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes , 1992, CRYPTO.

[301] Peng Ning,et al. Efficient Software Implementation for Finite Field Multiplication in Normal Basis , 2001, ICICS.

[302] P. Gaudry,et al. A general framework for subexponential discrete logarithm algorithms , 2002 .

[303] Richard J. Lipton,et al. On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[304] Ben Lynn,et al. Toward Hierarchical Identity-Based Encryption , 2002, EUROCRYPT.

[305] Alice Silverberg,et al. The best and worst of supersingular abelian varieties in cryptology , 2002, IACR Cryptol. ePrint Arch..

[306] Mihir Bellare,et al. Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[307] Silvio Micali,et al. A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[308] Tanja Lange,et al. Improved Algorithms for Efficient Arithmetic on Elliptic Curves Using Fast Endomorphisms , 2003, EUROCRYPT.

[309] Lars R. Knudsen,et al. Advances in Cryptology — EUROCRYPT 2002 , 2002, Lecture Notes in Computer Science.

[310] Kazumaro Aoki,et al. Fast Implementations of AES Candidates , 2000, AES Candidate Conference.

[311] Alfred Menezes,et al. Elliptic curve public key cryptosystems , 1993, The Kluwer international series in engineering and computer science.

[312] Jean-François Mestre,et al. Formules explicites et minoration de conducteurs de vari'et'es alg'ebriques , 1986 .

[313] Brian King,et al. An Improved Implementation of Elliptic Curves over GF(2) when Using Projective Point Arithmetic , 2001, Selected Areas in Cryptography.

[314] Adi Shamir,et al. Analysis of Bernstein's Factorization Circuit , 2002, ASIACRYPT.

[315] Antoine Joux,et al. Improvements to the general number field sieve for discrete logarithms in prime fields. A comparison with the gaussian integer method , 2003, Math. Comput..

[316] Burton S. Kaliski,et al. A Cryptographic Library for the Motorola DSP56000 , 1991, EUROCRYPT.

[317] Chae Hoon Lim,et al. Fast Implementation of Elliptic Curve Arithmetic in GF(pn) , 2000, Public Key Cryptography.

[318] Jürgen Teich,et al. Reconfigurable implementation of elliptic curve crypto algorithms , 2002, Proceedings 16th International Parallel and Distributed Processing Symposium.

[319] Kouichi Itoh,et al. Fast Implementation of Public-Key Cryptography ona DSP TMS320C6201 , 1999, CHES.

[320] Bart Preneel,et al. Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[321] Donald E. Knuth. The Art of Computer Programming 2 / Seminumerical Algorithms , 1971 .

[322] Reynald Lercier,et al. Counting the Number of Points on Elliptic Curves over Finite Fields: Strategies and Performance , 1995, EUROCRYPT.

[323] Alfred Menezes,et al. Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[324] Tolga Acar,et al. Analyzing and comparing Montgomery multiplication algorithms , 1996, IEEE Micro.

[325] Bart Preneel,et al. On the Performance of Signature Schemes Based on Elliptic Curves , 1998, ANTS.

[326] Ian F. Blake,et al. Low complexity normal bases , 1989, Discret. Appl. Math..

[327] David L Weaver,et al. The SPARC architecture manual : version 9 , 1994 .

[328] W. Ford,et al. Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption , 2000 .

[329] Tatsuaki Okamoto,et al. New Public-Key Schemes Based on Elliptic Curves over the Ring Zn , 1991, CRYPTO.

[330] Ricardo Dahab,et al. Fast Multiplication on Elliptic Curves over GF(2m) without Precomputation , 1999, CHES.

[331] Ueli Maurer,et al. Towards the Equivalence of Breaking the Diffie-Hellman Protocol and Computing Discrete Logarithms , 1994, CRYPTO.

[332] Silvio Micali,et al. Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements , 2000, EUROCRYPT.

[333] Paul C. van Oorschot,et al. Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[334] D. Chudnovsky,et al. Sequences of numbers generated by addition in formal groups and new primality and factorization tests , 1986 .

[335] M. Anwar Hasan,et al. Fast Normal Basis Multiplication Using General Purpose Processors , 2001, Selected Areas in Cryptography.

[336] Keshab K. Parhi,et al. Low-Energy Digit-Serial/Parallel Finite Field Multipliers , 1998 .

[337] Erkay Savas,et al. A Scalable and Unified Multiplier Architecture for Finite Fields GF(p) and GF(2m) , 2000, CHES.

[338] Christof Paar,et al. Itoh-Tsujii Inversion in Standard Basis and Its Application in Cryptography and Codes , 2002, Des. Codes Cryptogr..

[339] Nigel P. Smart,et al. The Discrete Logarithm Problem on Elliptic Curves of Trace One , 1999, Journal of Cryptology.

[340] Dan Boneh,et al. The Decision Diffie-Hellman Problem , 1998, ANTS.

[341] Burton S. Kaliski,et al. One-way permutations on elliptic curves , 2004, Journal of Cryptology.

[342] Nigel P. Smart,et al. Lattice Attacks on Digital Signature Schemes , 2001, Des. Codes Cryptogr..