See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/267202486

Application of Elliptic Curve Method in Cryptography: A Literature Review

Article

CITATIONS READS

5 261

5 authors, including:

Samta Gajbhiye Manoj Kumar Kowar

SSTC MJ Tech Academy Bhilai
11 PUBLICATIONS 59 CITATIONS 47 PUBLICATIONS 445 CITATIONS

SEE PROFILE SEE PROFILE

All content following this page was uploaded by Samta Gajbhiye on 20 March 2015.

The user has requested enhancement of the downloaded file.

 Samta Gajbhiye et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 3 (3) , 2012,4499 - 4503

Application of Elliptic Curve Method in

Cryptography: A Literature Review
Samta Gajbhiye,Dr. Sanjeev Karmakar,Dr. Monisha Sharma,Dr. Sanjay Sharma,Dr. M K Kowar
Shri Shankaracharya Group of Institutions
Junwani, Bhilai , Distt. Durg, Chattisgarh

Abstract- Application of Elliptic Curve Method (ECM) in 2. HARDNESS OF MATHEMATICAL TECHNIQUES IN PUBLIC
cryptography popularly known as Elliptic Curve Cryptography KEY CRYPTOGRAPHY
(ECC) has been discussed in this paper. Finally the performance PKCs security essentially is based on the difficulty of solving
of ECC in security and moreover, its recent trends has been an integer factorization problem (IFP). Nowadays, there are
discussed.
three shortcomings that are believed to be both secure and
Keywords: Elliptic Curve Cryptography(ECC), Integer
Factorization Problem (IFP) , Finite Field Discrete Logarithm practical after years of intensive studying. They are the (1)
Problem(FFDLP) , Elliptic Curve Discrete Logarithm IFP, (2) Finite Field Discrete Logarithm Problem (FFDLP)
Problem(ECDLP) and the (3) Elliptic Curve Discrete Logarithm Problem
(ECDLP). While this by no means proves that they are
1. INTRODUCTION unbreakable, it is highly unlikely that anyone will find an
Elliptic Curve Method(ECM) was applied on cryptography efficient algorithm to solve them in the near future.
known as ECC was discovered in 1985 by Victor Miller 2.1. IFP
(IBM) and Neil Koblitz (University of Washington) as an Multiplication is easy: Given p and q, it’s easy to find their
alternative mechanism for implementing public-key product, n = pq. There are many efficient ways to multiply
cryptography (PKC) [Vm85]. Elliptic Curve Cryptography two large numbers, starting with the “grade-school” method
(ECC) has the special characteristic that to date, the best that multiplies one number by the other digit-by-digit, and
known algorithm that solves it runs in full exponential time. sums the tableau of intermediate results.
Its security comes from the Elliptic Curve Logarithm, which Factoring is hard: Given such an n, it appears to be quite
is the Discrete Logarithm Problem (DLP) in a group defined hard to recover the prime factors p and q.
by points on an elliptic curve over a finite field. These results Despite hundreds of years of study of the problem, finding
in a dramatic decrease in key size needed to achieve the same the factors of a large number still takes a long time in general.
level of security offered in conventional public key The fastest current methods are much faster than the simple
cryptography schemes. approach of trying all possible factors one at a time. (Such a
In constrained environments such as mobile phones, wireless method would take on the order of n steps.) However, they
pagers or personal digital assistant(PDA), the resources like are still expensive. For instance, it has been estimated
bandwidth, memory and battery life are highly limited. Thus, recently that recovering the prime factors of a 1024-bit
a suitable public key scheme would be one that is efficient in number would take a year on a machine costing US $10
terms of computing costs and key sizes[Dmd04]. To date, the million. A 2048-bit number would require several billion
ECC has the highest strength-per-bit compared to other times more work.
public key cryptosystems. Small key sizes translate into The general integer factorization problem is defined as
savings in bandwidth, memory and processing power. This follows. Given a positive integer n, write n = p1e1p2 e2p3 e3…pk
e
makes ECC the obvious choice in this situation. k , where the pi are pairwise distinct primes and each ei > 1
Examinations of the different mathematical problems that [Mov97]
underlie the majority of the public key cryptosystems in use Factoring algorithms
recently along with the algorithms that are used to overcome A special-purpose factoring algorithm's running time depends
them have been discussed in the following sections. This will on the properties of the number to be factored or on one of its
give us a better understanding of the security on which unknown factors: size, special form, etc. Exactly what the
different types of public key cryptosystems are based. An running time depends on varies between algorithms. Trial
overview of comparisons in the performance of ECC with division, Wheel factorization, Pollard's rho algorithm,
other PKC applications is provided followed by ECC Algebraic-group factorisation algorithms(among which
applications in constrained devices, as well as in powerful are Pollard's p − 1 algorithm, Williams' p + 1 algorithm,
computers. and Lenstra elliptic curve factorization) , Fermat's
Initially, we begin by introducing the three mathematical factorization method, Euler's factorization method, Special
problems and the various algorithms that are used to number field sieve all these are special purpose factoring
overcome them followed by comparisons in the performance algorithms.
of ECC with other PKC applications. Kraitchik family algorithm, general purpose algorithms has
a running time depends solely on the size of the integer to be

4499
 Samta Gajbhiye et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 3 (3) , 2012,4499 - 4503

factored. This is the type of algorithm used to factor RSA Discrete logarithms are perhaps simplest to understand in the
numbers. Most general-purpose factoring algorithms are group (Zp)× . This is the set {1, …, p − 1} of congruence
based on the congruence of squares method. Dixon’s classes under multiplication modulo the prime p.
algorithm, Continued fraction factorization (CFRAC), Discrete exponentiation is finding kth power as an integer of
Quadratic sieve, General number field sieve, Shanks' square the group and then finding the remainder after division by p.
forms factorization (SQUFOF) belongs to the family of For example, consider (Z17)×. To compute 34 in this group,
Kraitchik. Heuristically expected running time of these we first compute 34 = 81, and then we divide 81 by 17,
obtaining a remainder of 13. Thus 34 = 13 in the group (Z17)×.
algorithms is ,1 1 Discrete logarithm is just the inverse operation. For example,
The Schnorr-Seysen-Lenstra probabilistic algorithm has been take the equation 3k ≡ 13 (mod 17) for k. As shown
rigorously proven by Lenstra and Pomerance to have above k=4 is a solution, but it is not the only solution. Since
expected running time , [Len92]. 316 ≡ 1 (mod 17), it also follows that if n is an integer then
General number field sieve (GNFS) is the 34+16 n ≡ 13 ×1n ≡ 13 (mod 17). Hence the equation has
most efficient classical algorithm known for factoring infinitely many solutions of the form 4 + 16n. Moreover,
integers larger than100digits. Heuristically, its complexity since 16 is the smallest positive integer m satisfying 3m ≡ 1
for factoring an integer n (consisting of log2 n bits) is of the (mod 17), i.e. 16 is the order of 3 in (Z17)×, these are the only
form solutions. Equivalently, the solution can be expressed as k ≡ 4
(mod 16).[Wpd12]
More sophisticated algorithms exist like Baby-step giant-step
64 1 64 (The running time of the algorithm and the space complexity
exp 1 log log log ,
9 3 9 is O(√ )), Pollard's rho algorithm(The running time is
approximately O( ) where p is n's smallest prime
On a quantum computer, to factor an integer N, Shor's factor.[Plo78]), Pollard's kangaroo algorithm also known as
algorithm runs in polynomial time .The time taken is Pollard's lambda algorithm (Time complexity of which is
polynomial in log N, which is the size of the input. √ is exponential in the problem
Specifically it takes time O((log N)3), demonstrating that the size[Pka00]). For this reason, Pollard's lambda algorithm is
integer factorization problem can be efficiently solved on a considered an exponential time algorithm. The worst-case
quantum computer. This is exponentially faster than the most
time complexity of the Pohlig–Hellman algorithm is √
efficient known classical factoring algorithm, the general
[Phe78]). Assuming an optimal selection of the factor base,
number field sieve, which works in sub-exponential time—
Index calculus algorithm the expected running time of the
about O(e1.9 (log N)1/3 (log log N)2/3). [Shp97, Shp98]
Typically, in practical cryptographic applications, only two index-calculus algorithm can be stated as , c >0
factors are used for the modulus n. A larger number of [Adl79].The running time of the number field sieve is super-
factors for n does not seem to offer any additional security in polynomial but sub-exponential in the size of the
the IFP. The best-known public key cryptosystem that bases input.[Len92, Len93]. ,Function field sieve inspired by
its security on the difficulty of the IFP is RSA. Named after similar algorithms for integer factorization. These algorithms
its inventors: Ron Rivest, Adi Shamir and Len Adleman who run faster than the naive algorithm, but none of them runs
developed it at MIT in 1978, it was the first practical in polynomial time (in the number of digits in the size of the
implementation of public key cryptography since the group).
introduction of the concept[Rsa79]. Another example is the The origin of using the discrete logarithm problem in
Rabin-Williams cryptosystem. It is similar to RSA, but it cryptographic schemes goes back to the seminal paper of
uses an even public exponent . Diffie and Hellman[Dh76]. It is there that they proposed the
Two of the most extensively used factoring algorithms today discrete logarithm problem as good source for a “one way
are the quadratic sieve (QS) and number field sieve (NFS). function” . Other cryptographic applications that base their
They are both based on the idea of finding a factor base of security on the intractability of the DLP include the ElGamal
primes to generate a system of linear equations[Mov97]. encryption scheme and the digital signature algorithm (DSA).
DLP in a prime field is considered to be harder than DLP in
2.2 FFDLP fields of characteristic two. The current record for computing
In mathematics, specifically in abstract algebra and its discrete logarithms in GF(p) is a 120-digit prime p[Kap99]
applications, discrete logarithms are group- The most powerful algorithm known for computing the DLP
theoretic analogues of ordinary logarithms. In particular, an is the index calculus method. It is a probabilistic algorithm
ordinary logarithm loga(b) is a solution of the that applies only to finite fields. Examples of finite fields that
equation ax = b over the real or complex numbers. Similarly, are commonly used in practical applications are GF(p) and
if g and h are elements of a finite cyclic group G then a GF(2m). The index-calculus method is currently the only
solution x of the equation gx = h is called a discrete logarithm known algorithm that solves the DLP in sub-exponential
to the base g of h in the group G. time, making it the champion of all DL algorithms. All the

4500
 Samta Gajbhiye et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 3 (3) , 2012,4499 - 4503

other Algorithms that solve the DLP for arbitrary groups run elliptic curve analogs of DSA (ECDSA), ElGamal and Diffie-
in full exponential time. Hellman [Dah04].
There exist groups for which computing discrete logarithms
is apparently difficult. In some cases (e.g. large prime order ECDLP algorithms
subgroups of groups (Zp)×) there is not only no efficient The most attractive feature of ECC is that at present, the
algorithm known for the worst case, but the average-case fastest known algorithm that solves it run in full exponential
complexity can be shown to be about as hard as the worst time. Despite the fact that index calculus methods can
case using random self-reducibility. Popular choices for the compute conventional logarithms in sub-exponential time,
group G in discrete logarithm cryptography are the cyclic they cannot be applied to the case of discrete logarithms over
groups (Zp)×; Newer cryptography applications use discrete elliptic curves. This is a claim made by Miller in his 1986
logarithms in cyclic subgroups of elliptic curves over finite paper, which was later backed by theoretical study and
fields[Tel85] computational experiments by J. H. Silverman and Suzuki in
their paper published in 1998.
2.3 ECDLP ECC security consists in the difficulty to calculate logarithms
In 1985, Neal Koblitz and Victor Miller independently in discrete fields (discrete logarithms problem): being given A
proposed the concept of ECC[Kob87,Mv85]. Other work on (an element from a finite field) and Ax, it is practically
the security and implementation of elliptic curve impossible to calculate x when A is big
cryptosystems (ECC) was reported in Menezes, Okamoto and enough.[Kra09,Krb09]
Vanstone [Mov93, Asv93]. It is based on the DLP in a group For elliptic-curve-based protocols, it is assumed that finding
defined by points on an elliptic curve over a finite field. The the discrete logarithm of a random elliptic curve element with
discrete logarithm problem has been adapted to elliptic curves respect to a publicly-known base point is infeasible. The size
in the hopes of providing even more security[Ame93]. The of the elliptic curve determines the difficulty of the problem.
basic idea is that, for any prime p, there is only one field, Fp. The primary benefit promised by ECC is a smaller key size,
For elliptic curves, however, the number of possible elliptic reducing storage and transmission requirements[Ita09]—i.e.,
curves over Fp is extremely large, even for small values of p that an elliptic curve group could provide the same level of
[Mov93]. The security of Elliptic Curve Cryptosystems relies security afforded by an RSA-based system with a large
on the difficulty of the ECDLP[Asv93]. The ECDLP is modulus and correspondingly larger key[Rsh09] —e.g., a
elucidated as follows: 256bit ECC public key should provide comparable security to
Let E (Fp) denote an elliptic curve taking values in finite a 3072bit RSA public key. The entire security of ECC
field Fp, and B Є E (Fp) denote a point on the curve E. Then, depends on the ability to compute a point multiplication and
given the additive structure of the points, and kB = B + B + · · the inability to compute the multiplicand given the original
· + B (k times). ECDLP is defined as : Given a basepoint B, and product points.
and elliptic curve E, and a point P Є E (Fp) such that P = kB Several discrete logarithm-based protocols have been adapted
.Calculate the value of k. While it is customary to use to elliptic curves, replacing the group Zp* with an elliptic
additive notation to describe an elliptic curve group, some curve like the elliptic curve Diffie–Hellman (ECDH) key
insight is provided by using multiplicative notation. agreement scheme is based on the Diffie–Hellman scheme,
Specifically, consider the operation called "scalar the Elliptic Curve Integrated Encryption Scheme (ECIES),
multiplication" under additive notation: that is, computing kB also known as Elliptic Curve Augmented Encryption Scheme
by adding together k copies of the point B. Using or simply the Elliptic Curve Encryption Scheme, the Elliptic
multiplicative notation, this operation consists of multiplying Curve Digital Signature Algorithm (ECDSA) is based on
together k copies of the point B, yielding the point Bk. the Digital Signature Algorithm, the ECMQV key agreement
In the multiplicative group Zp*, the discrete logarithm scheme is based on the MQV key agreement scheme.
problem is: given elements r and q of the group, and a prime the ECQV implicit certificate scheme.
p, find a number k such that r = qk mod p. If the elliptic curve To date the best attack on ECCs are Pollard’s ρ or λ method;
groups is described using multiplicative notation, then the both of which have expected exponential running times and
elliptic curve discrete logarithm problem is: given points P hence are infeasible given today’s technology[Cw97]. This
and Q in the group, find a number that Pk = Q; k is called the suggests that elliptic curve cryptosystems are superior to
discrete logarithm of Q to the base P. When the elliptic curve currently deployed public key cryptosystems since not only
group is described using additive notation, the elliptic curve do they offer a greater level of security when the underlying
discrete logarithm problem is: given points P and Q in the parameters are chosen correctly, but they offer a greater
group, find a number k such that Pk = Q [Mwp09] advantage due to factors including shorter key sizes, faster
The discrete logarithm problem is the basis for the security of generation of systems, smaller space requirements and
many cryptosystems including the ECC. More specifically, efficient implementation techniques. Elliptic curve
the ECC relies upon the difficulty of the ECDLP. The cryptography is vulnerable to a modified Shor's algorithm for
ECDLP is based upon the intractability of scalar solving the discrete logarithm problem on elliptic curves
multiplication products. Implementations of ECC include

4501
 Samta Gajbhiye et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 3 (3) , 2012,4499 - 4503

Weak curves: There are certain types of elliptic curves in lengths of RSA, DSA and ECC are shown in the Figure 1
which a successful attack could take place in sub-exponential [Mov97].
time. If identified, these curves can easily be tested for and Clearly, ECC keys take much more effort to break compared
avoided. So far, several classes of curves have been identified to RSA and DSA keys. Due to this, many people believe that
and prohibited in all drafted standard specifications for public ECDLP is intrinsically harder than the other two problems.
key cryptography such as IEEE P1363, ANSI X9.62 and While this deduction might be true, we have no way of
ANSI X9.63 . Such curves are called the supersingular curves proving it. We do not know if a fast and efficient elliptic
and anomalous curves[Cw97]. curve DL algorithm that runs in sub-exponential time will be
Due to work of Menezes, Okamoto and Vanstone, it is discovered, say, in the next ten years, or if another class of
already known that one must avoid elliptic curves which are weak curves will be identified that could compromise the
supersingular, these are the curves which have trace of security of elliptic curve cryptosystems. But one thing is
frobenius equal to zero. Menezes, Okamoto and Vanstone certain. After years of intensive study, there is currently no
reduce the discrete logarithm problem on supersingular faster way to attack the ECDLP other than fully exponential
elliptic curves to the discrete logarithm problem in a finite algorithms.
field. They hence reduce the problem to one which is known 6000
to have sub-exponential complexity.In practice the method 5000
described means that when choosing elliptic curves to use in
cryptography one has to eliminate all curves whose group 4000
orders are equal to the order of the finite field , in other words 3000
curves for which the trace of Frobenius is equal to ECC
2000
one[Cw97]. To solve the discrete log problem in a subgroup
of order p of an elliptic curve over the finite field of 1000
characteristic p one needs O(ln p) operations in this field. 0 RSA
When time is measured in terms of the number of basic group &
operations , the discrete logarithm problem on this curve runs DSA
in linear time that one must perform.[Mov93]
The other class of curves, the anomalous curves, allows an
even more efficient attack when applicable. Proposed
independently in 1998 by Satoh andAraki, Semaev, and the Figure 1: Comparison of Security levels ECC and RSA &
following year by Smart, this type of curves allow the DSA[Mov97]
ECDLP to be solved in polynomial time by reducing it to the
classical DLP in an additive group GF(p) [Kap99]. Further From the advantages of ECC usage, there can be mentioned:
readings can be found in [Sak98, Sia98, Smn99].  increased security: cryptographic resistance per bit is
NIST-recommended elliptic curves much greater than those of any public-key
NIST recommends fifteen elliptic curves. Specifically, FIPS cryptosystem known at present time;
186-3 has ten recommended finite fields:
 substantial economies in calculus and memory needs
 Five prime fields Fp for certain primes p of sizes 192,
in comparison with other cryptosystems;
224, 256, 384, and 521 bits. For each of the prime fields,
 great encryption and signing speed both in software
one elliptic curve is recommended.
and hardware implementation;
 Five binary fields F2m for m equal 163, 233, 283, 409,
and 571. For each of the binary fields, one elliptic curve  ECC are ideal for small size hardware
and one Koblitz curve is recommended. implementations (as intelligent cards);
The NIST recommendation thus contains a total of five prime  encryption and signing can be done in separate
curves and ten binary curves. The curves were chosen for stages.
optimal security and implementation efficiency[SEC00]
APPLICATIONS OF ECC
THE ECC ADVANTAGE The intense research done on public-key cryptosystems,
It is worthy to note that a 160-bit ECC key has about the based on elliptic curves, demonstrated that ECC are suitable
same level of security as a 1024-bit RSA key. The most for the vast majority of existing applications. The elliptic
important difference between ECC and other conventional curves are suitable in applications where the computing
cryptosystems is that for a well-chosen curve, the best power is limited (intelligent cards, wireless devices, PC
method currently known for solving the ECDLP is fully boards), memory size on integrated circuit is limited, a great
exponential, while sub-exponential algorithms exist for speed of computing is necessary, digital signing and its
conventional cryptosystems. This difference largely verification are used intensively, signed messages have to be
contributes to the huge disparity in their respective running transmitted or memorized, digital bandwidth is limited
times. It also means that ECC keys have much fewer bits (mobile communications, certain computer networks).
than IFP and DLP based applications. The contrast in key

4502
 Samta Gajbhiye et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 3 (3) , 2012,4499 - 4503

CONCLUSIONS AND FUTURE SCOPE [Ame93] A. Menezes, “Elliptic curve public key cryptosystems”, Kluwer
Academic Publishers, Boston, 1993.
ECM belongs to a general class of curves, called hyperelliptic [Mov93] A. Menezes, T. Okamoto and S. Vanstone, “Reducing elliptic
curves, of which elliptic curves is a special case, with genus, curves logarithms to logarithms in a finite field”, IEEE Transactions
g=1. Hyperelliptic curves were initially candidates, to the on Information Theory, 39 , pp.1639 – 1646, (1993).
next progression, or generalizations, to more secure systems, [Asv93] A. Menezes, S. Vanstone, “Elliptic Curve Cryptosystems and Their
Implementation”, Journal of Cryptology, pp. 209-224, 1993.
as they appeared to require even shorter key lengths than [Kra09] K. Rabah, “Using Elliptic Curve Cryptography to Secure Online
elliptic curves for the same level of security. It is found, Data&Content”, Information Security Research Journal, Vol. 1, No.
however, that hyperelliptic curves of genus g=4, or higher, do 1,July 2009.
not have the same level of security, as genus 2 or 3 curves, [Krb09] K. Rabah, “Using Elliptic Curve Cryptography for Information
Security”, Information Security Research, Journal Vol. 1, No. 2, July
where attacks of sub-exponential time algorithms have been. 2009.
Hence elliptic curves are the optimal practical solution from [Itu09] I. Tutănescu, “Applications of Elliptic Curves Cryptosystems”,
this family of curves. MCC’2007 Conference Proceedings, Bonn, Germany, 2007.
A class of curves, known as the Koblitz curves, is particularly [Rsh09] R. Shanmugalakshmi, M. Prabu, “ Research Issues on Elliptic
CurveCryptography and its applications”, IJCSNS International
favorable because it was shown to be very efficient in Journal of Computer Science and Network Security, VOL.9 No.6,
computing ord(P) for arbitrary P on the curve, which can in June 2009.
turn be used to derive #E(Fp) quickly. [Dh76]Diffie. W., and Hellman M. “New directions in cryptography” . IEEE
In this paper, two attacks against improperly chosen elliptic Trans. Inform. Theory IT-22, , 644-654, Nov. 1976.
[Dmd04] de Miguel de Santos, “Elliptic curve cryptography on constraint
curves and their underlying fields, but this by no means an environments”, 38th Annual 2004 International Carnahan
extensive list has been covered. There are multiple other Conference on Security Technology, pg:212 - 220
attacks against curve over prime fields as well as attacks [Len92] H.W. Lenstra, and C. Pomerance, Pomerance, Carl "A
against curves over binary fields. Suffice to say, anyone Rigorous Time Bound for Factoring Integers", Journal of the
American Mathematical Society , vol 5 (3) ,p: 483–516. July 1992.
implementing an ECC needs to be aware of these potentially
[Rsa79]Rivest, R., A. Shamir, and L. Adleman, January 1979, ‘‘On digital
harmful curve choices and correctly mitigate them in their signatures and public-key cryptosystems,’’ MIT Laboratory for
system. Computer Science, Technical Report,MIT/LCS/TR-212
This suggests that ECCs are superior to currently deployed [Shq98]P. Shor, “Quantum computing”, proceedings of the International
Congress of Mathematicians, 1998.
public key cryptosystems since not only do they offer a http://www.research.att.com/~shor/papers/ICM.pdf
greater level of security when the underlying parameters are [Shp97] P. Shor, “Polynomial-time algorithms for prime factorization and
chosen correctly, but they offer a greater advantage due to its discrete logarithm problems”, SIAM J. Computing 26 , 1484-1509.
shorter key sizes, faster generation of systems, smaller space http://www.research. att.com/ ~shor/papers/QCjournal.pdf, (1997),
[Wpd12 ]http://en.wikipedia.org/wiki/Discrete_logarithm
requirements and efficient implementation techniques. [Plm78]Pollard, J. M., "Monte Carlo methods for index computation
(mod p)". Mathematics of Computation, vol 32 (143): 918–924. ,
REFERENCES (1978).
[Mv85] Miller V , “Uses of elliptic curves in cryptography”., Advances in [Pka00] J. M. Pollard, Kangaroos, “Monopoly and Discrete Logarithms” ,
Cryptology – Crypto ’85, Lecture Notes in Computer Science, vol Journal of Cryptology, Vol 13, pp 437-447, 2000
218. Springer, Berlin Heidelberg New York, pp 417–426, 1986 [Phe78] S. Pohlig and M. Hellman, "An Improved Algorithm for Computing
[Mov97] Menezes, A.., Oorschot, P., and Vanstone, S. “Handbook of Logarithms over GF(p) and its Cryptographic Significance".,
Applied Cryptography”. CRC Press, 1997. IEEE Transactions on Information Theory , vol 24, pp: 106–110,
[Cw97] “Remarks on the Security of the Elliptic Curve Cryptosystem”. 1978.
Certicom, whitepaper. September 1997. [Adl79] L. Adleman, “A subexponential algorithm for the discrete logarithm
[Kap99] Enge, A., “Elliptic curves and their applications to cryptography” . problem with applications to cryptography” ,20th Annual
Kluwer Academic Publishers, 1999. Symposium on Foundations of Computer Science, 1979
[Sak98] Satoh, T. and Araki, K., “Fermat quotients and the polynomial time [Len92] H. W. Lenstra, Jr., “Algorithms in algebraic number theory”, Bull.
discrete log algorithm for anomalous elliptic curves”. Commentarii Amer. Math. Soc. ., vol 26(2), p: 211–244, 1992.
Mathematici Universitatis Sancti Pauli 47, 1998: p 81 – 92. [Lln93] A. K. Lenstra and J. H. W. Lenstra, “The development of the number
[Sia98] Semaev, I. A, “Evaluation of discrete logarithms in a group of p- field sieve”, Lecture Notes in Mathematics 1554, Springer, Berlin,
torsion points of an elliptic curve in characteristic p”, Mathematics 1993.
of Computation 67, p 353 – 356, 1998 [Tel85] Taher ElGamal, "A Public-Key Cryptosystem and a Signature
[Smn99] Smart. N. ,“The discrete logarithm problem on elliptic curves of Scheme Based on Discrete Logarithms", IEEE Transactions on
trace one”, .Journal of Cryptography, vol. 12 no. 3, Springer-Verlag Information Theory, vol 31 (4): 469–472, 1985.
New York,October, p 193 – 196, 1999. [Dah04] Darell Hankerson, Alfred Menezees and Scott Vanston, “ Guide to
[Sma97] N. P. Smart, “The discrete logarithm problem on elliptic curves of Elliptic Curve Cryptography” Springer- Verlag, New York, Inc.
trace one” , October 1999. 2004
[Kob87]N. Koblitz, “Elliptic curve cryptosystems”, Mathematics of [Mwp09]Marisa W. Paryasto, Kuspriyante, Sarwan et al, “Issues in Elliptic
Computation, 48 , pp. 203-209, 1987. Curve Crypyography implementation”, Internetworking Indonesial
Journal, Vol.1(1), 2009.

4503

View publication stats