Scott A. Vanstone

Optimal normal bases in GF( p n )

Abstract In this paper the use of normal bases for multiplication in the finite fields GF(pn) is examined. We introduce the concept of an optimal normal basis in order to reduce the hardware complexity of multiplying field elements. Constructions for these bases in GF(2n) and extensions of the results to GF(pn) are presented. This work has applications in crytography and coding theory since a reduction in the complexity of multiplying and exponentiating elements of GF(2n) is achieved for many values of n, some prime.

Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms

The fundamental operation in elliptic curve cryptographic schemes is the multiplication of an elliptic curve point by an integer. This paper describes a new method for accelerating this operation on classes of elliptic curves that have efficiently-computable endomorphisms. One advantage of the new method is that it is applicable to a larger class of curves than previous such methods. For this special class of curves, a speedup of up to 50% can be expected over the best general methods for point multiplication.

An implementation of elliptic curve cryptosystems over F/sub 2/155

The authors describe a VLSI Galois field processor and how it can be applied to the implementation of elliptic curve groups. They demonstrate the feasibility of constructing very fast, and very secure, public key systems with a relatively simple device, and the possibility of putting such a system on a smart card. The registers necessary to implement the elliptic curve system will require less than 1 mm/sup 2/ (or less than 4%) of the area available on the card. >

Reducing elliptic curve logarithms to logarithms in a finite field

Abstruct- Elliptic cuwe cryptosystems have the potential to provide relatively small block size, high-security public key schemes that can be efficiently implemented. As with other known public key schemes, such as RSA and discrete exponentiation in a finite field, some care must be exercised when selecting the parameters involved, in this case the elliptic curve and the underlying field. Specific classes of cuwes that give little or no advantage over previously known schemes are discussed. The main result of the paper is to demonstrate the reduction of the elliptic curve logarithm problem to the logarithm problem in the multiplicative group of an extension of the underlying finite field. For the class of supersingular elliptic curves, the reduction takes probabilistic polynomial time, thus providing a probabilistic subexponential time algorithm for the former problem. Index Tem- Discrete logarithms, elliptic curves, public key CryPtOSraPhY.

New Public-Key Schemes Based on Elliptic Curves over the Ring Zn

Three new trapdoor one-way functions are proposed that are based on elliptic curves over the ring Zn. The first class of functions is a naive construction, which can be used only in a digital signature scheme, and not in a public-key cryptosystem. The second, preferred class of function, does not suffer from this problem and can be used for the same applications as the RSA trapdoor one-way function, including zero-knowledge identification protocols. The third class of functions has similar properties to the Rabin trapdoor one-way functions. Although the security of these proposed schemes is based on the difficulty of factoring n, like the RSA and Rabin schemes, these schemes seem to be more secure than those schemes from the viewpoint of attacks without factoring such as low multiplier attacks. The new schemes are somewhat less efficient than the RSA and Rabin schemes.

Elliptic curve cryptosystems and their implementation

Elliptic curves have been extensively studied for many years. Recent interest has revolved around their applicability to factoring integers, primality testing, and to cryptography. In this paper we explore the feasibility of implementing in hardware an arithmetic processor for doing elliptic curve computations over finite fields. Of special interest, for practical reasons, are the curves over fields of characteristic 2. The elliptic curve analogue of the ElGamal cryptosystem is also analyzed.

Improving the parallelized Pollard lambda search on anomalous binary curves

The best algorithm known for finding logarithms on an elliptic curve (E) is the (parallelized) Pollard lambda collision search. We show how to apply a Pollard lambda search on a set of equivalence classes derived from E, which requires fewer iterations than the standard approach. In the case of anomalous binary curves over F 2 m, the new approach speeds up the standard algorithm by a factor of √2m.

Public-key cryptosystems with very small key lengths

In some applications of public-key cryptography it is desirable, and perhaps even necessary, that the key size be as small as possible. Moreover, the cryptosystem just needs to be secure enough so that breaking it is not cost-effective. The purpose of this paper is to hivestigate the security and practicality of elliptic curve cryptosystems with small key sizes of about 100 bits.

A combinatorial approach to threshold schemes

We investigate the combinatorial properties of threshold schemes. Informally, a (t, w)-threshold scheme is a way of distributing partial information (shadows) to w participants, so that any t of them can easily calculate a key, but no subset of fewer than t participants can determine the key. Our interest is in perfect threshold schemes: no subset of fewer than t participants can determine any partial information regarding the key. We give a combinatorial characterization of a certain type of perfect threshold scheme. We also investigate the maximum number of keys which a perfect (t, w)-threshold scheme can incorporate, as a function of t, w, and the total number of possible shadows, v. This maximum can be attained when there is a Steiner system S(t, w, v) which can be partitioned into Steiner systems S(t − 1. w, v). Using known constructions for such Steiner systems, we present two new classes of perfect threshold schemes, and discuss their implementation.

Postal Revenue Collection in the Digital Age

In recent years postal revenue collection underwent a major transformation due to widespread transition to digital methods of communication. This transition directly affected not only telecommunications which form an integral part of the postal revenue collection but also, and in a much more profound way, postage evidencing. Traditional postage evidencing remained unchanged for several dozens years until the introduction of digital printing which drastically changed all its security related aspects and considerations. This paper defines conceptual foundations of the postal revenue collection system (which is simultaneously a payment system for mailers), fundamental requirements imposed by the nature of hardcopy-based communication and suggests what the authors believe to be an optimal solution for public key-based postage evidencing founded on elliptic-curve cryptography.