ebook img

Advances in Elliptic Curve Cryptography PDF

299 Pages·2005·4.658 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Advances in Elliptic Curve Cryptography

P1:GCV CY546/Blake-FM 052160415X October19,2004 14:14 This page intentionally left blank viii P1:GCV CY546/Blake-FM 052160415X October19,2004 14:14 LONDONMATHEMATICALSOCIETYLECTURENOTESERIES ManagingEditor:ProfessorN.J.Hitchin,MathematicalInstitute, UniversityofOxford,24–29StGiles,OxfordOX13LB,UnitedKingdom Thetitlesbelowareavailablefrombooksellers,orfromCambridgeUniversityPressatwww.cambridge.org 152 Oligomorphicpermutationgroups, P.CAMERON 153 L-functionsandarithmetic, J.COATES&M.J.TAYLOR(eds) 155 Classificationtheoriesofpolarizedvarieties, TAKAOFUJITA 158 GeometryofBanachspaces, P.F.X.MU¨LLER&W.SCHACHERMAYER(eds) 159 GroupsStAndrews1989volume1, C.M.CAMPBELL&E.F.ROBERTSON(eds) 160 GroupsStAndrews1989volume2, C.M.CAMPBELL&E.F.ROBERTSON(eds) 161 Lecturesonblocktheory, BURKHARDKU¨LSHAMMER 163 Topicsinvarietiesofgrouprepresentations, S.M.VOVSI 164 Quasi-symmetricdesigns, M.S.SHRIKANDE&S.S.SANE 166 Surveysincombinatorics,1991, A.D.KEEDWELL(ed) 168 Representationsofalgebras, H.TACHIKAWA&S.BRENNER(eds) 169 Booleanfunctioncomplexity, M.S.PATERSON(ed) 170 ManifoldswithsingularitiesandtheAdams-Novikovspectralsequence, B.BOTVINNIK 171 Squares, A.R.RAJWADE 172 Algebraicvarieties, GEORGER.KEMPF 173 Discretegroupsandgeometry, W.J.HARVEY&C.MACLACHLAN(eds) 174 Lecturesonmechanics, J.E.MARSDEN 175 Adamsmemorialsymposiumonalgebraictopology1, N.RAY&G.WALKER(eds) 176 Adamsmemorialsymposiumonalgebraictopology2, N.RAY&G.WALKER(eds) 177 Applicationsofcategoriesincomputerscience, M.FOURMAN,P.JOHNSTONE&A.PITTS(eds) 178 LowerK-andL-theory, A.RANICKI 179 Complexprojectivegeometry, G.ELLINGSRUDetal 180 LecturesonergodictheoryandPesintheoryoncompactmanifolds, M.POLLICOTT 181 GeometricgrouptheoryI, G.A.NIBLO&M.A.ROLLER(eds) 182 GeometricgrouptheoryII, G.A.NIBLO&M.A.ROLLER(eds) 183 Shintanizetafunctions, A.YUKIE 184 Arithmeticalfunctions, W.SCHWARZ&J.SPILKER 185 Representationsofsolvablegroups, O.MANZ&T.R.WOLF 186 Complexity:knots,colouringsandcounting, D.J.A.WELSH 187 Surveysincombinatorics,1993, K.WALKER(ed) 188 Localanalysisfortheoddordertheorem, H.BENDER&G.GLAUBERMAN 189 Locallypresentableandaccessiblecategories, J.ADAMEK&J.ROSICKY 190 Polynomialinvariantsoffinitegroups, D.J.BENSON 191 Finitegeometryandcombinatorics, F.DECLERCKetal 192 Symplecticgeometry, D.SALAMON(ed) 194 Independentrandomvariablesandrearrangementinvariantspaces, M.BRAVERMAN 195 Arithmeticofblowupalgebras, WOLMERVASCONCELOS 196 Microlocalanalysisfordifferentialoperators, A.GRIGIS&J.SJO¨STRAND 197 Two-dimensionalhomotopyandcombinatorialgrouptheory, C.HOG-ANGELONIetal 198 Thealgebraiccharacterizationofgeometric4-manifolds, J.A.HILLMAN 199 InvariantpotentialtheoryintheunitballofCn, MANFREDSTOLL 200 TheGrothendiecktheoryofdessinsd’enfant, L.SCHNEPS(ed) 201 Singularities, JEAN-PAULBRASSELET(ed) 202 Thetechniqueofpseudodifferentialoperators, H.O.CORDES 203 HochschildcohomologyofvonNeumannalgebras, A.SINCLAIR&R.SMITH 204 Combinatorialandgeometricgrouptheory, A.J.DUNCAN,N.D.GILBERT&J.HOWIE(eds) 205 Ergodictheoryanditsconnectionswithharmonicanalysis, K.PETERSEN&I.SALAMA(eds) 207 GroupsofLietypeandtheirgeometries, W.M.KANTOR&L.DIMARTINO(eds) 208 Vectorbundlesinalgebraicgeometry, N.J.HITCHIN,P.NEWSTEAD&W.M.OXBURY(eds) 209 Arithmeticofdiagonalhypersurfacesoverfinitefields, F.Q.GOUVE´A&N.YUI 210 HilbertC*-modules, E.C.LANCE 211 Groups93Galway/StAndrewsI, C.M.CAMPBELLetal(eds) 212 Groups93Galway/StAndrewsII, C.M.CAMPBELLetal(eds) 214 GeneralisedEuler-Jacobiinversionformulaandasymptoticsbeyondallorders, V.KOWALENKOetal 215 Numbertheory1992–93, S.DAVID(ed) 216 Stochasticpartialdifferentialequations, A.ETHERIDGE(ed) 217 Quadraticformswithapplicationstoalgebraicgeometryandtopology, A.PFISTER 218 Surveysincombinatorics,1995, PETERROWLINSON(ed) 220 Algebraicsettheory, A.JOYAL&I.MOERDIJK 221 Harmonicapproximation, S.J.GARDINER 222 Advancesinlinearlogic, J.-Y.GIRARD,Y.LAFONT&L.REGNIER(eds) 223 Analyticsemigroupsandsemilinearinitialboundaryvalueproblems, KAZUAKITAIRA 224 Computability,enumerability,unsolvability, S.B.COOPER,T.A.SLAMAN&S.S.WAINER(eds) 225 Amathematicalintroductiontostringtheory, S.ALBEVERIOetal 226 Novikovconjectures,indextheoremsandrigidityI, S.FERRY,A.RANICKI&J.ROSENBERG(eds) 227 Novikovconjectures,indextheoremsandrigidityII, S.FERRY,A.RANICKI&J.ROSENBERG(eds) 228 ErgodictheoryofZdactions, M.POLLICOTT&K.SCHMIDT(eds) 229 Ergodicityforinfinitedimensionalsystems, G.DAPRATO&J.ZABCZYK 230 Prolegomenatoamiddlebrowarithmeticofcurvesofgenus2, J.W.S.CASSELS&E.V.FLYNN i P1:GCV CY546/Blake-FM 052160415X October19,2004 14:14 231 Semigrouptheoryanditsapplications, K.H.HOFMANN&M.W.MISLOVE(eds) 232 ThedescriptivesettheoryofPolishgroupactions, H.BECKER&A.S.KECHRIS 233 Finitefieldsandapplications, S.COHEN&H.NIEDERREITER(eds) 234 Introductiontosubfactors, V.JONES&V.S.SUNDER 235 Numbertheory1993–94, S.DAVID(ed) 236 TheJamesforest, H.FETTER&B.GAMBOADEBUEN 237 Sievemethods,exponentialsums,andtheirapplicationsinnumbertheory, G.R.H.GREAVESetal 238 Representationtheoryandalgebraicgeometry, A.MARTSINKOVSKY&G.TODOROV(eds) 240 Stablegroups, FRANKO.WAGNER 241 Surveysincombinatorics,1997, R.A.BAILEY(ed) 242 GeometricGaloisactionsI, L.SCHNEPS&P.LOCHAK(eds) 243 GeometricGaloisactionsII, L.SCHNEPS&P.LOCHAK(eds) 244 Modeltheoryofgroupsandautomorphismgroups, D.EVANS(ed) 245 Geometry,combinatorialdesignsandrelatedstructures, J.W.P.HIRSCHFELDetal 246 p-Automorphismsoffinitep-groups, E.I.KHUKHRO 247 Analyticnumbertheory, Y.MOTOHASHI(ed) 248 Tametopologyando-minimalstructures, LOUVANDENDRIES 249 Theatlasoffinitegroups:tenyearson, ROBERTCURTIS&ROBERTWILSON(eds) 250 Charactersandblocksoffinitegroups, G.NAVARRO 251 Gro¨bnerbasesandapplications, B.BUCHBERGER&F.WINKLER(eds) 252 Geometryandcohomologyingrouptheory, P.KROPHOLLER,G.NIBLO,R.STO¨HR(eds) 253 Theq-Schuralgebra, S.DONKIN 254 Galoisrepresentationsinarithmeticalgebraicgeometry, A.J.SCHOLL&R.L.TAYLOR(eds) 255 Symmetriesandintegrabilityofdifferenceequations, P.A.CLARKSON&F.W.NIJHOFF(eds) 256 AspectsofGaloistheory, HELMUTVO¨LKLEINetal 257 Anintroductiontononcommutativedifferentialgeometryanditsphysicalapplications2ed, J.MADORE 258 Setsandproofs, S.B.COOPER&J.TRUSS(eds) 259 Modelsandcomputability, S.B.COOPER&J.TRUSS(eds) 260 GroupsStAndrews1997inBath,I, C.M.CAMPBELLetal 261 GroupsStAndrews1997inBath,II, C.M.CAMPBELLetal 262 Analysisandlogic, C.W.HENSON,J.IOVINO,A.S.KECHRIS&E.ODELL 263 Singularitytheory, BILLBRUCE&DAVIDMOND(eds) 264 Newtrendsinalgebraicgeometry, K.HULEK,F.CATANESE,C.PETERS&M.REID(eds) 265 Ellipticcurvesincryptography, I.BLAKE,G.SEROUSSI&N.SMART 267 Surveysincombinatorics,1999, J.D.LAMB&D.A.PREECE(eds) 268 Spectralasymptoticsinthesemi-classicallimit, M.DIMASSI&J.SJO¨STRAND 269 Ergodictheoryandtopologicaldynamics, M.B.BEKKA&M.MAYER 270 AnalysisonLiegroups, N.T.VAROPOULOS&S.MUSTAPHA 271 Singularperturbationsofdifferentialoperators, S.ALBEVERIO&P.KURASOV 272 Charactertheoryfortheoddordertheorem, T.PETERFALVI 273 Spectraltheoryandgeometry, E.B.DAVIES&Y.SAFAROV(eds) 274 TheMandlebrotset,themeandvariations, TANLEI(ed) 275 Descriptivesettheoryanddynamicalsystems, M.FOREMANetal 276 Singularitiesofplanecurves, E.CASAS-ALVERO 277 Computationalandgeometricaspectsofmodernalgebra, M.D.ATKINSONetal 278 Globalattractorsinabstractparabolicproblems, J.W.CHOLEWA&T.DLOTKO 279 Topicsinsymbolicdynamicsandapplications, F.BLANCHARD,A.MAASS&A.NOGUEIRA(eds) 280 CharactersandautomorphismgroupsofcompactRiemannsurfaces, THOMASBREUER 281 Explicitbirationalgeometryof3-folds, ALESSIOCORTI&MILESREID(eds) 282 Auslander-Buchweitzapproximationsofequivariantmodules, M.HASHIMOTO 283 Nonlinearelasticity, Y.FU&R.W.OGDEN(eds) 284 Foundationsofcomputationalmathematics, R.DEVORE,A.ISERLES&E.SU¨LI(eds) 285 Rationalpointsoncurvesoverfinitefields, H.NIEDERREITER&C.XING 286 Cliffordalgebrasandspinors2ed, P.LOUNESTO 287 TopicsonRiemannsurfacesandFuchsiangroups, E.BUJALANCE,A.F.COSTA&E.MART`INEZ(eds) 288 Surveysincombinatorics,2001, J.HIRSCHFELD(ed) 289 AspectsofSobolev-typeinequalities, L.SALOFF-COSTE 290 QuantumgroupsandLietheory, A.PRESSLEY(ed) 291 Titsbuildingsandthemodeltheoryofgroups, K.TENT(ed) 292 Aquantumgroupsprimer, S.MAJID 293 SecondorderpartialdifferentialequationsinHilbertspaces, G.DAPRATO&J.ZABCZYK 294 Introductiontothetheoryofoperatorspaces, G.PISIER 295 Geometryandintegrability, LIONELMASON&YAVUZNUTKU(eds) 296 Lecturesoninvarianttheory, IGORDOLGACHEV 297 Thehomotopycategoryofsimplyconnected4-manifolds, H.-J.BAUES 299 Kleiniangroupsandhyperbolic3-manifolds, Y.KOMORI,V.MARKOVIC,&C.SERIES(eds) 300 IntroductiontoMo¨biusdifferentialgeometry, UDOHERTRICH-JEROMIN 301 StablemodulesandtheD(2)-problem, F.E.A.JOHNSON 302 DiscreteandcontinuousnonlinearSchro¨dingersystems, M.J.ABLOWITZ,B.PRINARI,&A.D.TRUBATCH 303 Numbertheoryandalgebraicgeometry, MILESREID&ALEXEISKOROBOGATOV(eds) 304 GroupsStAndrews2001inOxfordVol.1, COLINCAMPBELL,EDMUNDROBERTSON&GEOFFSMITH(eds) 305 GroupsStAndrews2001inOxfordVol.2, C.M.CAMPBELL,E.F.ROBERTSON&G.C.SMITH(eds) 307 Surveysincombinatorics2003, C.D.WENSLEY(ed) 309 Coringsandcomodules, TOMASZBRZEZINSKI&ROBERTWISBAUER 310 Topicsindynamicsandergodictheory, SERGEYBEZUGLYI&SERGIYKOLYADA(eds) 312 Foundationsofcomputationalmathematics,Minneapolis2002, FELIPECUCKERetal(eds) ii P1:GCV CY546/Blake-FM 052160415X October19,2004 14:14 LondonMathematicalSocietyLectureNoteSeries.317 Advances in Elliptic Curve Cryptography Edited by Ian F. Blake UniversityofToronto Gadiel Seroussi Hewlett-PackardLaboratories Nigel P. Smart UniversityofBristol iii cambridge university press Cambridge, New York, Melbourne, Madrid, Cape Town, Singapore, São Paulo Cambridge University Press The Edinburgh Building, Cambridge cb2 2ru, UK Published in the United States of America by Cambridge University Press, New York www.cambridge.org Information on this title: www.cambridge.org/9780521604154 © Cambridge University Press 2005 This book is in copyright. Subject to statutory exception and to the provision of relevant collective licensing agreements, no reproduction of any part may take place without the written permission of Cambridge University Press. First published in print format 2005 isbn-13 978-0-511-11161-7 eBook (MyiLibrary) isbn-10 0-511-11161-4 eBook (MyiLibrary) isbn-13 978-0-521-60415-4 paperback isbn-10 0-521-60415-x paperback Cambridge University Press has no responsibility for the persistence or accuracy of urls for external or third-party internet websites referred to in this book, and does not guarantee that any content on such websites is, or will remain, accurate or appropriate. P1:GCV CY546/Blake-FM 052160415X October19,2004 14:14 Contents Preface page ix AbbreviationsandStandardNotation xi Authors xv Part1. Protocols ChapterI. EllipticCurveBasedProtocols N.P.Smart 3 I.1. Introduction 3 I.2. ECDSA 4 I.3. ECDH/ECMQV 8 I.4. ECIES 12 I.5. OtherConsiderations 18 ChapterII. OntheProvableSecurityofECDSA D.Brown 21 II.1. Introduction 21 II.2. DefinitionsandConditions 23 II.3. ProvableSecurityResults 32 II.4. ProofSketches 33 II.5. FurtherDiscussion 36 ChapterIII. ProofsofSecurityforECIES A.W.Dent 41 III.1. DefinitionsandPreliminaries 42 III.2. SecurityProofsforECIES 50 III.3. OtherAttacksAgainstECIES 58 III.4. ECIES-KEM 61 v P1:GCV CY546/Blake-FM 052160415X October19,2004 14:14 vi Contents Part2. ImplementationTechniques ChapterIV. Side-ChannelAnalysis E.Oswald 69 IV.1. CryptographicHardware 70 IV.2. ActiveAttacks 71 IV.3. PassiveAttacks 72 IV.4. SimpleSCAAttacksonPointMultiplications 77 IV.5. DifferentialSCAAttacksonPointMultiplications 84 ChapterV. DefencesAgainstSide-ChannelAnalysis M.Joye 87 V.1. Introduction 87 V.2. IndistinguishablePointAdditionFormulæ 88 V.3. RegularPointMultiplicationAlgorithms 93 V.4. Base-PointRandomizationTechniques 97 V.5. MultiplierRandomizationTechniques 98 V.6. PreventingSide-ChannelAnalysis 100 Part3. MathematicalFoundations ChapterVI. AdvancesinPointCounting F.Vercauteren 103 VI.1. p-adicFieldsandExtensions 104 VI.2. Satoh’sAlgorithm 105 VI.3. ArithmeticGeometricMean 115 VI.4. GeneralizedNewtonIteration 121 VI.5. NormComputation 128 VI.6. ConcludingRemarks 132 ChapterVII. HyperellipticCurvesandtheHCDLP P.Gaudry 133 VII.1. GeneralitiesonHyperellipticCurves 133 VII.2. AlgorithmsforComputingtheGroupLaw 136 VII.3. ClassicalAlgorithmsforHCDLP 140 VII.4. SmoothDivisors 142 VII.5. Index-CalculusAlgorithmforHyperellipticCurves 144 VII.6. ComplexityAnalysis 146 VII.7. PracticalConsiderations 149 ChapterVIII. WeilDescentAttacks F.Hess 151 VIII.1. Introduction–theWeilDescentMethodology 151 VIII.2. TheGHSAttack 153 VIII.3. ExtendingtheGHSAttackUsingIsogenies 166 P1:GCV CY546/Blake-FM 052160415X October19,2004 14:14 Contents vii VIII.4. SummaryofPracticalImplications 173 VIII.5. FurtherTopics 175 Part4. PairingBasedTechniques ChapterIX. Pairings S.Galbraith 183 IX.1. BilinearPairings 183 IX.2. DivisorsandWeilReciprocity 184 IX.3. DefinitionoftheTatePairing 185 IX.4. PropertiesoftheTatePairing 187 IX.5. TheTatePairingoverFiniteFields 189 IX.6. TheWeilPairing 191 IX.7. Non-degeneracy,Self-pairingsandDistortionMaps 192 IX.8. ComputingtheTatePairingUsingMiller’sAlgorithm 196 IX.9. TheMOV/Frey–Ru¨ckAttackontheECDLP 197 IX.10. SupersingularEllipticCurves 198 IX.11. ApplicationsandComputationalProblemsfromPairings 201 IX.12. ParameterSizesandImplementationConsiderations 203 IX.13. SuitableSupersingularEllipticCurves 204 IX.14. EfficientComputationoftheTatePairing 205 IX.15. UsingOrdinaryCurves 208 Appendix:ProofofWeilReciprocity 212 ChapterX. CryptographyfromPairings K.G.Paterson 215 X.1. Introduction 215 X.2. KeyDistributionSchemes 218 X.3. Identity-BasedEncryption 221 X.4. SignatureSchemes 228 X.5. HierarchicalIdentity-BasedCryptographyandRelatedTopics 235 X.6. MoreKeyAgreementProtocols 240 X.7. ApplicationsandInfrastructures 242 X.8. ConcludingRemarks 250 Bibliography 253 SummaryofMajorLNCSProceedings 271 AuthorIndex 273 SubjectIndex 277 P1:GCV CY546/Blake-FM 052160415X October19,2004 14:14 viii

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.