C ab, Algorithms for computations in Jacobian group of C ab curve and their application to discrete-log based public key cryptosystems.

Σχετικά έγγραφα
IUTeich. [Pano] (2) IUTeich

Implementation of Index Calculus Attack for Hyperelliptic Curves of High Genera

Re-Pair n. Re-Pair. Re-Pair. Re-Pair. Re-Pair. (Re-Merge) Re-Merge. Sekine [4, 5, 8] (highly repetitive text) [2] Re-Pair. Blocked-Repair-VF [7]

11 Drinfeld. k( ) = A/( ) A K. [Hat1, Hat2] k M > 0. Γ 1 (M) = γ SL 2 (Z) f : H C. ( ) az + b = (cz + d) k f(z) ( z H, γ = cz + d Γ 1 (M))

EE512: Error Control Coding

On the Galois Group of Linear Difference-Differential Equations

Quick algorithm f or computing core attribute

ΓΡΑΜΜΙΚΟΣ & ΔΙΚΤΥΑΚΟΣ ΠΡΟΓΡΑΜΜΑΤΙΣΜΟΣ

GPU. CUDA GPU GeForce GTX 580 GPU 2.67GHz Intel Core 2 Duo CPU E7300 CUDA. Parallelizing the Number Partitioning Problem for GPUs

Table 1. morphism U P 1 dominant (MMP) 2. dim = 3 (MMP) 3. (cf. [Ii77], [Miy01]) (Table 1) 3.

Optimization, PSO) DE [1, 2, 3, 4] PSO [5, 6, 7, 8, 9, 10, 11] (P)

CCA. Simple CCA-Secure Public Key Encryption from Any Non-Malleable ID-based Encryption

Bundle Adjustment for 3-D Reconstruction: Implementation and Evaluation

SCHOOL OF MATHEMATICAL SCIENCES G11LMA Linear Mathematics Examination Solutions

FX10 SIMD SIMD. [3] Dekker [4] IEEE754. a.lo. (SpMV Sparse matrix and vector product) IEEE754 IEEE754 [5] Double-Double Knuth FMA FMA FX10 FMA SIMD

Yoshifumi Moriyama 1,a) Ichiro Iimura 2,b) Tomotsugu Ohno 1,c) Shigeru Nakayama 3,d)

New bounds for spherical two-distance sets and equiangular lines

Stabilization of stock price prediction by cross entropy optimization

Supplementary Materials for Evolutionary Multiobjective Optimization Based Multimodal Optimization: Fitness Landscape Approximation and Peak Detection

GPGPU. Grover. On Large Scale Simulation of Grover s Algorithm by Using GPGPU

Nowhere-zero flows Let be a digraph, Abelian group. A Γ-circulation in is a mapping : such that, where, and : tail in X, head in

ΛΥΜΕΝΕΣ ΑΣΚΗΣΕΙΣ ΠΡΟΓΡΑΜΜΑΤΙΣΜΟΥ-ΓΛΩΣΣΑ C ΑΤΕΙ (ΝΑ ΕΚΤΕΛΕΣΤΟΥΝ ΤΑ ΠΑΡΑΚΑΤΩ ΜΕ ΧΡΗΣΗ ΤΟΥ LCC COMPILER)

Finite Field Problems: Solutions

A research on the influence of dummy activity on float in an AOA network and its amendments

A Complete Divisor Class Halving Algorithm for Hyperelliptic Curve Cryptosystems of Genus Two

Higher order nonlinearity of some cryptographic functions

Congruence Classes of Invertible Matrices of Order 3 over F 2

ΑΛΓΟΡΙΘΜΟΙ Άνοιξη I. ΜΗΛΗΣ

Aquinas College. Edexcel Mathematical formulae and statistics tables DO NOT WRITE ON THIS BOOKLET

Equations. BSU Math 275 sec 002,003 Fall 2018 (Ultman) Final Exam Notes 1. du dv. FTLI : f (B) f (A) = f dr. F dr = Green s Theorem : y da

Οικονομικό Πανεπιστήμιο Αθηνών Τμήμα Πληροφορικής ΠΜΣ στα Πληροφοριακά Συστήματα Κρυπτογραφία και Εφαρμογές Διαλέξεις Ακ.


Homomorphism in Intuitionistic Fuzzy Automata

Cyclic or elementary abelian Covers of K 4

ΚΡΥΠΤΟΓΡΑΦΙΑ ΚΑΙ ΑΣΦΑΛΕΙΑ ΥΠΟΛΟΓΙΣΤΩΝ. Δ Εξάμηνο

7. O κβαντικός αλγόριθμος του Shor

Εισαγωγή στις Ελλειπτικές Καµπύλες

Wavelet based matrix compression for boundary integral equations on complex geometries

Ordinal Arithmetic: Addition, Multiplication, Exponentiation and Limit

ΑΠΟΔΟΤΙΚΗ ΑΠΟΤΙΜΗΣΗ ΕΡΩΤΗΣΕΩΝ OLAP Η ΜΕΤΑΠΤΥΧΙΑΚΗ ΕΡΓΑΣΙΑ ΕΞΕΙΔΙΚΕΥΣΗΣ. Υποβάλλεται στην

The q-commutators of braided groups

Πανεπιζηήμιο Πειπαιώρ Τμήμα Πληποθοπικήρ

Second Order Partial Differential Equations

ΗΜΥ 325: Επαναληπτικές Μέθοδοι. Διδάσκων: Χρίστος Παναγιώτου

: Monte Carlo EM 313, Louis (1982) EM, EM Newton-Raphson, /. EM, 2 Monte Carlo EM Newton-Raphson, Monte Carlo EM, Monte Carlo EM, /. 3, Monte Carlo EM

CRASH COURSE IN PRECALCULUS

Blum Complexity. Αλγόριθμοι και Πολυπλοκότητα ΙΙ. Παναγιώτης Γροντάς. Δεκέμβριος

Επιθέσεις και Ασφάλεια Κρυπτοσυστημάτων

ΚΥΠΡΙΑΚΗ ΕΤΑΙΡΕΙΑ ΠΛΗΡΟΦΟΡΙΚΗΣ CYPRUS COMPUTER SOCIETY ΠΑΓΚΥΠΡΙΟΣ ΜΑΘΗΤΙΚΟΣ ΔΙΑΓΩΝΙΣΜΟΣ ΠΛΗΡΟΦΟΡΙΚΗΣ 24/3/2007

, Evaluation of a library against injection attacks

Heisenberg Uniqueness pairs

1 Advanced Encryption Standard (AES)

Kenta OKU and Fumio HATTORI

Partial Differential Equations in Biology The boundary element method. March 26, 2013

ER-Tree (Extended R*-Tree)

Applying Markov Decision Processes to Role-playing Game

An Automatic Modulation Classifier using a Frequency Discriminator for Intelligent Software Defined Radio

Cable Systems - Postive/Negative Seq Impedance

The Jordan Form of Complex Tridiagonal Matrices

Toward a SPARQL Query Execution Mechanism using Dynamic Mapping Adaptation -A Preliminary Report- Takuya Adachi 1 Naoki Fukuta 2.

Reminders: linear functions

Bounding Nonsplitting Enumeration Degrees

Filter Diagonalization Method which Constructs an Approximation of Orthonormal Basis of the Invariant Subspace from the Filtered Vectors

[4] 1.2 [5] Bayesian Approach min-max min-max [6] UCB(Upper Confidence Bound ) UCT [7] [1] ( ) Amazons[8] Lines of Action(LOA)[4] Winands [4] 1

C++ 78 (478) A Parallel Skeleton Library in C++ with Optimization

Lattice-based (Post Quantum) Cryptography

FORTRAN & Αντικειμενοστραφής Προγραμματισμός ΣΝΜΜ 2017

Orthogonalization Library with a Numerical Computation Policy Interface

{takasu, Conditional Random Field

Discriminantal arrangement

Solving an Air Conditioning System Problem in an Embodiment Design Context Using Constraint Satisfaction Techniques

ES440/ES911: CFD. Chapter 5. Solution of Linear Equation Systems

Public Key Cryptography. Dimitris Mitropoulos

Optimal Impartial Selection


Υπολογιστική Θεωρία Αριθμών και Κρυπτογραφία

page: 2 (2.1) n + 1 n {n} N 0, 1, 2

GÖKHAN ÇUVALCIOĞLU, KRASSIMIR T. ATANASSOV, AND SINEM TARSUSLU(YILMAZ)

Homework 8 Model Solution Section

A summation formula ramified with hypergeometric function and involving recurrence relation

SOME INTUITIONISTIC FUZZY MODAL OPERATORS OVER INTUITIONISTIC FUZZY IDEALS AND GROUPS

APPENDICES APPENDIX A. STATISTICAL TABLES AND CHARTS 651 APPENDIX B. BIBLIOGRAPHY 677 APPENDIX C. ANSWERS TO SELECTED EXERCISES 679

ANSWERSHEET (TOPIC = DIFFERENTIAL CALCULUS) COLLECTION #2. h 0 h h 0 h h 0 ( ) g k = g 0 + g 1 + g g 2009 =?

EM Baum-Welch. Step by Step the Baum-Welch Algorithm and its Application 2. HMM Baum-Welch. Baum-Welch. Baum-Welch Baum-Welch.

Arithmetical applications of lagrangian interpolation. Tanguy Rivoal. Institut Fourier CNRS and Université de Grenoble 1

SOLUTIONS TO MATH38181 EXTREME VALUES AND FINANCIAL RISK EXAM

College of Life Science, Dalian Nationalities University, Dalian , PR China.

Οικονομικό Πανεπιστήμιο Αθηνών Τμήμα Πληροφορικής ΠΜΣ στα Πληροφοριακά Συστήματα Κρυπτογραφία και Εφαρμογές Διαλέξεις Ακ.

EE434 ASIC & Digital Systems Arithmetic Circuits

SUPPLEMENTARY INFORMATION

High order interpolation function for surface contact problem

Main source: "Discrete-time systems and computer control" by Α. ΣΚΟΔΡΑΣ ΨΗΦΙΑΚΟΣ ΕΛΕΓΧΟΣ ΔΙΑΛΕΞΗ 4 ΔΙΑΦΑΝΕΙΑ 1

DiracDelta. Notations. Primary definition. Specific values. General characteristics. Traditional name. Traditional notation

Expansion formulae of sampled zeros and a method to relocate the zeros

Wishart α-determinant, α-hafnian

Fourier Series. MATH 211, Calculus II. J. Robert Buchanan. Spring Department of Mathematics

BMI/CS 776 Lecture #14: Multiple Alignment - MUSCLE. Colin Dewey

ITU-R SA (2010/01)! " # $% & '( ) * +,

Intuitionistic Fuzzy Ideals of Near Rings

Transcript:

C ab Algorithms for computations in Jacobian group of C ab curve and their application to discrete-log based public key cryptosystems Seigo ARITA C ab C ab C ab C ab C ab 1 RSA 2 C 2 (1) [4] [5] 97 9 98 7 (2) [6] [7] [11] [8] C ab [1] [3] [12] C ab C ab (1) C ab C ab C 2 Gröbner 3 C ab 4 NEC C&C C&C Media Research Laboratories NEC 1-1 Miyakzaki 4- chome Miyamae-ku Kawasaki Kanagawa 216 Japan 1 C C ab 5 4 A Vol J82 A No 8 pp 1 9 1999 8 1

99/8 Vol J82 A No 8 deg(d) + 1 g [10] [18] 6 5 2 2 Gröbner Z> = 0 n x α = x α 1 1 xα n n n 7 C ab α = (α 1 α n ) Z n > = 0 multi-degree / MD(x α ) Z n > = 0 < γ Z n > 2 = 0 α < β α + γ < β + γ < < multi-degree n Gröbner n f 2 1 f leading monomial K C K LM(f) f K m i C K ( ) i D = G n m i i 0 m i D = g 1 g m m i i m = m i D = g 1 g m m i i K[x 1 x n] I deg(d) C G = {g 1 g m} g 1 g m D 0 leading monomial I D 0 leading monomial Gal(K K) D D 0 LM(I) = LM(g 1 ) LM(g m ) D K DK 0 D K G I Gröbner K I Gröbner G = {g 1 g m } I C f :I = g 1 g m K[x 1 x n ] n (or ) v (f) = n(or n) Gröbner f (f) := v (f) 0 leading monomial multi-degree f (f) (f) 0 := α Z n > = 0 I v (f)> v = 0 (f) f (f) := (I) : v (f)< v = 0 (f) f (f) = (f) 0 (f) C (I) = {α Z n > = 0 x α LM(I)} {(f) f K(C)} D 0 (I) δ(i) C J(C) D 0 G = {g 1 g m } Gal(K K) K D g Riemann dim L(D) > = I I J K (C) K δ(g 1 g m ) := (Z n > = 0 m i=1(md(lm(g i )) + Z n > = 0)) J K (C) ( S S ) δ(i) I G = {g 1 g m } L(D) = {f K(C) (f) + D > = 0} {0} G I Gröbner basis δ(i) = δ(g 1 g m)(1) K C 2

C ab Gröbner n C ab (C ) f I f I Gröbner 0 C ab (a 1)(b 1)/2 I Gröbner C ab reduced Gröbner I C ab Gröbner reduced 1) G C ab > cab p LM(p) 1 2) G 2 C ab α = (α 1 α 2) β = p p (β 1 β 2) Z 2 > = 0 (i) (ii) LM(G {p}) α > cab β [17] 3 C ab [9] C ab X α Y β C ab C ab K K 1 X α Y β C C 1 v (x α y β ) = aα + bβ C X L( ) L( ) = {f K(C) v Q (f) > = 0 ( Q = )} L( ) f M [13] [14] Noether Residue Divisor Theorem [15] M = { v (f) f L( )} M ( ) 1 C ab M 2 a b (C ) C ab (C ) C ab C ab a x L( ) b y L( ) x y C ab C ab 0< = i< = b0< = j< = aai+bj< = ab α ijx i y j = 0 (2) α ij K α b0 α 0a 0 (2) C ab (C ) C ab J K (C) DK/ 0 K C j [D] α b0 α 0a 0 (2) C 23 C 2b (i) aα 1 + bα 2 > aβ 1 + bβ 2 (ii) aα 1 + bα 2 = aβ 1 + bβ 2 α 1 < β 1 4 K C ab C C g = (a 1)(b 1)/2 D K DK 0 K C K 0 C J K (C) = DK/ 0 K j D DK 0 j = [D] 3 E g n D = E n 0 D 3

semi-normal 4 J K (C) j 99/8 Vol J82 A No 8 semi-normal 7 [D] Riemann dim L(D + g ) > = g + 1 g = 1 0 D + g + (f) > = 0 E = D + g + (f) j = [E g ] f E 1 n 1 D 2 = E 2 n 2 4 semi- 1 D 1 + D 2 = (E 1 + E 2) (n 1 + n 2) normal semi- 1 normal D = E n normal 2 normal D = E n 1 1 0 D = E n E D semi-normal G 1 (f) 0 > = E L( ) f v (f) f 2 G D + (f) Algorithm1 j J K (C) 1 2 5 5 semi-normal 1 D 1 = E 1 n D 2 = E 2 n C ab semi-normal 1 0 λ E 1 n 1 = E 2 2 n 2 + (λ) D 1 5 1 1 Supp((f 1) ) = { } (f 1) 0 > = K F (X Y ) = E 1 f 1 ( Supp(D) 0< = i< = b0< = j< = aai+bj< = ab αijxi Y j = 0 C ab D ) (f 1λ 1 ) = (f 1) (λ) = (f 1) 0 E 1 + E 2 + (n 1 k 1 n 2) (f 1) 0 C C ab C K[x y] K[X Y ]/(F (X Y )) E 1 + E 2 > = E 2 f 2 = f 1λ 1 f 2 Supp((f 2 ) ) = { } (f 2 ) 0 > = E 2 λ f 1 A K f 2 f 1 f 2 = C J K (C) f 1 λ 1 A K H(A K ) [16] E 2 + n 2 + (f 2 ) = E 2 + n 2 + C ab C Φ (f 1 ) E 1 + E 2 + (n 1 n 2 ) = E 1 + n 1 + (f 1 ) D 1 D 2 1 Φ : 6 1 (semi-normal ) normal Φ normal 1-1 normal (A K 2 semi-normal normal C ab 4 5 7 normal 0 D j = 4 2 semi-normal D 1 = D 1 + D 2 normal D 3 = E 3 n 3 normal D 3 = E 3 n 3 1 2 J K (C) H(A K ) [ n n ] [L( n )] C ab

C ab 1 2 Φ δ(i) 3 4 3 A K I K I normal J E = n I I = Φ(E) = 1 I C ab I n I f( = 0) 2 (f) = I J J 4 A K I 1 dim KA/I n = n I 2 dima/i = n = deg(e) I 1 I 2 normal 8 C ab I 3 1 I 1 I 2 3 normal J 2 J 3 normal C 34 {a 0 +a 1 X+ I 3 4 3 2 C g(c) = (3 1)(4 1)/2 = 3 J K (C) j = [ 1 + 2 + 3 f 3 3 ] C 3 { 1 2 3 } J (f) = I 1 I 2 J C 34 4 X 2 5 3 2 XY 6 Y 2 j g I 3 (g) = J I 3 I 1 I 2 (g) = I 1 I 2 J I 3 = (f) I 3 4 ) δ(x 2 + XY + Y 2 + ) = 3 I 3 I 3 = g/f I 1 I 2 8 δ(i) = deg( 1 + 2 + 3) = 3 C ab 22 (1) {X 2 + XY + 5 Y 2 + } I Gröbner 5 C ab 5 C ab F (X Y ) = 0 : K[X Y ]/(F (X Y )) I 1 I 2 K[X Y ]/(F (X Y )) normal I 3 1 J I 1 I 2 2 f f( = 0) J 3 g g( = 0) st g J = f F 4 I 3 g/f J 5 2 C ab Gröbner 5 C ab ) I = {f 1 = X 2 + 14Y + 4X + 5 f 2 = Gröbner XY + 3Y + 4X + 9 f 3 = Y 2 + 9Y + 16X + 2} ( C ab Gröbner 9 ) 2 8 semi-normal E n Φ I deg(e) = [17]Chap5Sec3rop4 δ(i) = dim K A/I A/I = A/In C ab C Gröbner C 34 9 C 34 C J K(C) a 2 Y +X 2 b 0 +b 1 X +b 2 Y +XY c 0 +c 1 X +c 2 Y +Y 2 } reduced Gröbner I X 2 + XY + Y 2 + 3 ( C 34 normal C ab semi-normal Gröbner C ab Gröbner a 5 3 5 GF (17) F = Y 3 + X 4 + 1 C 34 C J GF (17) (C) ( C 34 1 X Y X 2 XY Y 2 X 3 X 2 Y XY 2 5

99/8 Vol J82 A No 8 f G hg 5 hg 4 {f F } 1 I I I I 6 C 34 f G 7 X 3 9 I I = {X 2 + 13Y + 5X + 15 XY + 13Y + 5X + 11 Gröbner {X 3 + X 2 Y + XY 2 + } Y 2 + 5Y + 12X + 6} I 3 Gröbner I I 5 g 1 f1 2 {F } = X 4 + 6 g 2 f 1 f 2 {g 1 F } = X 3 Y + g 3 f 2 2 {g 2 g 1 F } = X 2 Y 2 + g 4 f 1 f 3 {g 3 g 2 g 1 F } = XY 2 + g 5 f 2 f 3 {g 4 g 3 g 2 g 1 F } = X 2 Y + g 6 f 2 3 {g 5 g 4 g 3 g 2 g 1 F } = X 3 + J I I = {g 6 g 5 g 4 } 2 f g 6 = X 3 + 10Y 2 + 5XY + 7Y + 11X + 4 3 h J f F h( = 0) LM(f) = X 3 LM(F ) = Y 3 RETURN I 3 X 2 {ff } g 5 4X 2 Y 2 + leading monomial X 2 Y 2 {ff } Y g 5 X 2 g 5 4Y g 5 + 12Xg 5 + 2g 5 (mod {f F }) h X 2 + 13Y + 5X + 15 4 (h/f) J = (h/f) {g 6 g 5 g 4} = {h (hg 5)/f (hg 4)/f} {a 5 b 5 } {a 4 b 4 } I 3 {h (hg 5)/f (hg 4)/f} {h a 5 a 4} (mod {F }) {{c 1 c 2 c a } r} Division(g G) g G {c 1 c 2 c a } r ( [17] ) {{a 1 a i } r} Coefficients(f r 1 r i ) f r 1 r i {a 1 a i } r ( f = i a k=1 kr k + r) Mono i C ab i (Mono 1 = 1 Mono 2 = J Gröbner X ) 6 algorithm JacobianSum(inputs I 1 I 2 output I 3) I 3 Compose(I 1 I 2) f the minimum element of I 3 I 3 Reduce(f I 3) {f F } f F Gröbner subroutine Compose(inputs I 1 = {f 1 f 2 f a} I 2 = {g 1 g 2 g a} output I g 5 {f F } 3) I 3 {F } FOR i = 1 TO a j = 1 TO a DO I {ff g } 5 = X 2 g f i g 3 j Y + I 3 {g} I 3 {ff } Xg 5 = XY 2 IF δ(i 3 ) > δ(i 1 ) + δ(i 2 ) THEN I 3 Buchberger(δ(I 1 ) + δ(i 2 ) I 3 ) + I 3 the set of the minimum a elements of I 3 {ff } Y g 5 = X 2 Y 2 RETURN I + 3 subroutine Reduce(inputs f I = {f 1 f 2 f a } output J) G {f f y {F } f y a 1{F } F } LABEL(retry) X 2 g 5 4Y g 5 +12XY 2 + J {} a (mod {f F }) XY 2 {ff } h (random number) fi Xg i=1 5 g Divide(G h) leading monomial FOR i = 1 TO a 6 {{c 1 c 2 c a } r} Division(g f i G) IF r = 0 THEN GOTO retry k c 1 + c 2 y + + c a y a 1 J J {k} RETURN J subroutine Divide(inputs G h output s) r 1 Mono 1 h G s 1 Mono 1 i 1 WHILE r i = 0 DO

C ab i i + 1 r i Mono i h G {{A 1 A i 1 } r i } Coefficients(r i {r 1 r i 1 }) s i Mono i i 1 j=1 A js j RETURN s i subroutine Buchberger(inputs m I = {f 1 f s } output G = {g 1 g t }) B {(i j) 1 < = i < j < = s} G F t s WHILE B = φ AND δ(g) > m DO Select (i j) B IF LCM(LT(f i ) LT(f j )) = LT(f i )LT(f j ) THEN S S(f i f j) G IF S = 0 THEN t t + 1; f t S G G {f t} B B {(i t) 1 < = i < = t 1} B B {(i j)} RETURN G B O(g 2 ) O(g 2 ) S G 160 ( SumDoubleScalar )O(g 4 ) 6 simple Y a + αx b + β Buchberger Gröbner C ab random 8 C ab Buchberger G 1 C 35 (ms on 266MHZentiumII) Table 1 erformance for C 35 curve(ms on 266MHZ entiumii) simple random Sum 339 365 Double 376 421 Scalar 862 958 2 C 37 (ms on 266MHZentiumII) Table 2 erformance for C 37 curve(ms on 266MHZ entiumii) simple random Sum 115 124 Double 115 128 Scalar 273 300 S 6 O(g 3 ) 6 subroutine Compose 6 1subroutine Divide 3 subroutine Reduce 4 6 6 C 35 C 37 C 213 6 Buchberger 1 2 3 Buchberger 266MHZentium II millisecond 2 160 m 2 Gröbner 1 23 Buchberger B 160 C 37 (i j) 300ms C 213 167ms O(g) (i j) S G C ab 6 O(g 3 ) 7 / GF (q) C 34 C C / ( 10 F q C 34 C 3 log(q) ) J GF (q) (C) q 3 7

99/8 Vol J82 A No 8 3 C 213 (ms on 266MHZentiumII) Table 3 erformance for C 213 curve(ms on 266MHZ entiumii) simple random Sum 070 073 Double 065 068 Scalar 158 167 C ab 160 C 37 300ms C ab C ab C ab NEC SONY 1 C 34 / Fig 1 Encryption and decryption functions on C 34 curve [1] IASemaev Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curves in characteristic p Math Comp 67 353-356 (1998) [2] TSatoh KAraki Fermat Quotients and the olynomial Time Discrete Log Algorithm for Anomalous Elliptic Curves COMMENTARII MATHEMATICI UNIVERSITATIS SANCTI AULI vol 47 No 1 160 q 53 81-92 1998 [3] NSmart The discrete logarithm problem on elliptic curves of trace one To appear in J Cryptol- 9 J GF (q) (C) ogy {a 0 + a 1 X + a 2 Y + X 2 b 0 + b 1 X + b 2 Y + XY c 0 + [4] DGCantor Computing in the Jacobian of a hy- c 1 X + c 2 Y + Y 2 } perelliptic curve Mathematics of Computation 48(177) pp95-1011987 a 2 = 0 2 a 0 + a 1 X + a 2 Y + X 2 [5] NKoblitz Hyperelliptic cryptosystems JCryptography1(1989) b 0 + b 1 X + b 2 Y + XY pp139-150 a 2 = 0 [6] NKoblitz A Very Easy Way to Generate Curves over rime Fields for Hyperelliptic Cryptosytems 1/q Rump Talk Crypto 97 J GF (q) (C) 6 log 2 (q) [7] NMatsudaJChaoSTsujii Efficient construction (a 0 a 1 a 2 b 0 b 1 b 2 ) algorithms of secure hyperelliptic discrete logarithm problems IEICE ISEC96-18(1996) J GF (q) (C) ( ) j 0 = [8] SMiuraNKamiya Geometric Goppa codes on (a 0 a 1 a 2 b 0 b 1 b 2 ) 6 some maximal curves and their minimum distance C(n) = n j 0 C(n) in roc IEEE Workshop on Information Theory (Susono-shiJapanJune 1993) pp85-86 [9] (A)vol 1 / 1 J81-A No 10 1398-1421 Oct 1998 X j = (a 0 a 1 a 2 b 0 b 1 b 2) J GF (q) (C) [10] JHSilverman The Arithmetic of Elliptic Curves X(j) = a0 a 1 a 2( ) Springer-Verlag [11] A-MSpallek Kurven vom Geshlecht 2 und ihre Anwendung in ublick-key-kryptosystemen Doctor 8 thesis Universität GH Essen 1994 [12] IEICE ISEC98(1998) 8

C ab [13] EJVolcheck Computing in the Jacobian of a plane algebraic curve ANTS-I Lecture Notes in Computer Science vol 877(1994) Springer-Verlag pp 221-233 [14] M-DHuang DIerardi Efficient Algorithms for the Riemann-Roch roblem and for Addition in the Jacobian of a Curve J Symbolic Computation (1994) 18 519-539 [15] WFulton Algebraic Curves Addison-Wesley [16] RHartshorne Algebraic Geometry Springer- Verlag [17] DCox JLittle DO Shea Ideals Varieties and Algorithms Springer-Verlag [18] HStichtenoth Algebraic Function Fields and Codes Springer-Verlag 1990 NEC C&C 9

2025 © DocPlayer.gr Πολιτική Απορρήτου | Όροι Χρήσης | Σχόλια