#### Filter Results:

#### Publication Year

2004

2016

#### Publication Type

#### Co-author

#### Publication Venue

#### Key Phrases

Learn More

We prove that if one can predict any of the bits of the input to an elliptic curve based one-way function over a finite field, then we can invert the function. In particular, our result implies that if one can predict any of the bits of the input to a classical pairing-based one-way function with non-negligible advantage over a random guess then one can… (More)

Dimitar Jetchev (joint with Onur¨Ozen and Martijn Stam)

Consider a joint distribution (X, A) on a set X × {0, 1} ℓ. We show that for any family F of distinguishers f : X × {0, 1} ℓ → {0, 1}, there exists a simulator h : X → {0, 1} ℓ such that 1. no function in F can distinguish (X, A) from (X, h(X)) with advantage ǫ, 2. h is only O(2 3ℓ ǫ −2) times less efficient than the functions in F. For the most interesting… (More)

We show that the least significant bits (LSB) of the elliptic curve Diffie–Hellman secret keys are hardcore. More precisely, we prove that if one can efficiently predict the LSB with non-negligible advantage on a polynomial fraction of all the curves defined over a given finite field Fp, then with polynomial factor overhead, one can compute the entire… (More)

We improve Kolyvagin's upper bound on the order of the p-primary part of the Shafarevich-Tate group of an elliptic curve of rank one over a quadratic imaginary field. In many cases, our bound is precisely the one predicted by the Birch and Swinnerton-Dyer conjectural formula.

We study the security of elliptic curve Diffie-Hellman secret keys in the presence of oracles that provide partial information on the value of the key. Unlike the corresponding problem for finite fields, little is known about this problem, and in the case of elliptic curves the difficulty of representing large point multiplications in an algebraic manner… (More)

Kolyvagin used Heegner points to associate a system of cohomology classes to an elliptic curve over Q and conjectured that the system contains a non-trivial class. His conjecture has profound implications on the structure of Selmer groups. We provide new computational and theoretical evidence for Kolyvagin's conjecture. More precisely, we explicitly compute… (More)

We study visibility of Shafarevich–Tate groups of modular abelian varieties in Jacobians of modular curves of higher level. We prove a theorem about the existence of visible elements at a specific higher level under certain hypothesis which can be verified explicitly. We also provide a table of examples of visible subgroups at higher level and state a… (More)

We prove collision bounds for the Pollard rho algorithm to solve the discrete logarithm problem in a general cyclic group G. Unlike the setting studied by Kim et al. we consider additive walks: the setting used in practice to solve the elliptic curve discrete logarithm problem. Our bounds differ from the birthday bound O(|G|) by a factor of log |G| and are… (More)

We present a new construction of a compression function H : {0, 1} 3n → {0, 1} 2n that uses two parallel calls to an ideal primitive (an ideal blockcipher or a public random function) from 2n to n bits. This is similar to the well-known MDC-2 or the recently proposed MJH by Lee and Stam (CT-RSA'11). However, unlike these constructions, we show already in… (More)