#### Filter Results:

#### Publication Year

2007

2016

#### Publication Type

#### Co-author

#### Publication Venue

#### Key Phrases

Learn More

Miller's algorithm is at the heart of all pairing-based cryp-tosystems since it is used in the computation of pairing such as that of Weil or Tate and their variants. Most of the optimizations of this algorithm involve elliptic curves of particular forms, or curves with even embedding degree, or having an equation of a special form. Other improvements… (More)

In 1986 Victor Miller described an algorithm for computing the Weil pairing in his unpublished manuscript. This algorithm has then become the core of all pairing-based cryptosystems. Many improvements of the algorithm have been presented. Most of them involve a choice of elliptic curves of a special forms to exploit a possible twist during Tate pairing… (More)

The aim of timestamping systems is to provide a proof-of-existence of a digital document at a given time. Such systems are important to ensure integrity and non-repudiation of digital data over time. Most of the existing timestamping schemes use the notions of round (a period of time) and round token (a single value aggregating the times-tamping requests… (More)

At CT-RSA 2009, a new principle to secure RSA (and mod-ular/group exponentiation) against fault-analysis has been introduced by Rivain. The idea is to perform a so-called double exponentiation to compute a pair (m d , m ϕ(N)−d) and then check that the output pair satisfies the consistency relation: m d · m ϕ(N)−d ≡ 1 mod N. The author then proposed an… (More)

At Pairing 2010, Lauter et al's analysis showed that Ate pairing computation in affine coordinates may be much faster than projective coordinates at high security levels. In this paper, we further investigate techniques to speed up Ate pairing computation in affine coordinates. On the one hand, we improve Ate pairing computation over elliptic curves… (More)

A multisignature scheme allows a group of signers to cooperate to generate a compact signature on a common document. The length of the multisignature depends only on the security parameters of the signature schemes and not on the number of signers involved. The existing state-of-the-art multisignature schemes suffer either from impractical key setup… (More)

Ciet et al. proposed a very elegant method for trading inversions for multiplications when computing 2P + Q from given points P and Q on elliptic curves of Weierstrass form. In this paper we extend their method and present a fast algorithm for computing 4P with only one inversion in affine coordinates. Our algorithm is faster than two repeated doublings… (More)

—Since Edwards curves were introduced to elliptic curve cryptography by Bernstein and Lange in 2007, they have received a lot of attention due to their very fast group law operation. Pairing computation on such curves is slightly slower than on Weierstrass curves. However, in some pairing-based cryptosystems, they might require a number of scalar… (More)

In this paper, we extend the method of Scott and Barreto and present an explicit and simple algorithm to generate families of generalized MNT elliptic curves. Our algorithm allows us to obtain all families of generalized MNT curves with any given cofactor. Then, we analyze the complex multiplication equations of these families of curves and transform them… (More)

Ciet <i>et al</i>. (2006) proposed an elegant method for trading inversions for multiplications when computing [2]<i>P</i>+<i>Q</i> from two given points <i>P</i> and <i>Q</i> on elliptic curves of Weierstrass form. Motivated by their work, this paper proposes a fast algorithm for computing [4]<i>P</i> with only one inversion in affine coordinates. Our… (More)