#### Filter Results:

- Full text PDF available (36)

#### Publication Year

1991

2017

- This year (2)
- Last 5 years (12)
- Last 10 years (22)

#### Publication Type

#### Co-author

#### Journals and Conferences

#### Key Phrases

Learn More

- Arjen K. Lenstra, Eric R. Verheul
- Journal of Cryptology
- 2000

In this article we offer guidelines for the determination of key sizes for symmetric cryptosystems, RSA, and discrete logarithm-based cryptosystems both over finite fields and over groups of elliptic curves over prime fields. Our recommendations are based on a set of explicitly formulated parameter settings, combined with existing data points about the… (More)

- Arjen K. Lenstra, Eric R. Verheul
- CRYPTO
- 2000

This paper introduces the XTR public key system. XTR is based on a new method to represent elements of a subgroup of a multiplicative group of a finite field. Application of XTR in cryptographic protocols leads to substantial savings both in communication and computational overhead without compromising security.

- Eric R. Verheul, Henk C. A. van Tilborg
- Des. Codes Cryptography
- 1997

The idea of visual k out of n secret sharing schemes was introduced in [?]. Explicit constructions for k = 2 and k = n can be found there. For general k out of n schemes bounds have been described. Here, two general k out of n constructions are presented. Their parameters are related to those of maximum size arcs or MDS codes. Further, results on the… (More)

- Eric R. Verheul
- Journal of Cryptology
- 2001

We show that finding an efficiently computable injective homomorphism from the XTR subgroup into the group of points over GF(p2) of a particular type of supersingular elliptic curve is at least as hard as solving the Diffie–Hellman problem in the XTR subgroup. This provides strong evidence for a negative answer to the question posed by Vanstone and Menezes… (More)

- Eric R. Verheul, Henk C. A. van Tilborg
- Applicable Algebra in Engineering, Communication…
- 1997

In some applications of RSA, it is desirable to have a short secret exponent d. Wiener [6], describes a technique to use continued fractions (CF) in a cryptanalytic attack on an RSA cryptosystem having a ‘short’ secret exponent. Let n=p ⋅ q be the modulus of the system. In the typical case that G=gcd(p−1, q−1) is small. Wiener’s method will give the secret… (More)

- Andries E. Brouwer, Ruud Pellikaan, Eric R. Verheul
- ASIACRYPT
- 1999

We present a variant of the Diffie-Hellman scheme in which the number of bits exchanged is one third of what is used in the classical Diffie-Hellman scheme, while the offered security against attacks known today is the same. We also give applications for this variant and conjecture a extension of this variant further reducing the size of sent information.

- Eric R. Verheul
- ASIACRYPT
- 2001

We describe two simple, efficient and effective credential pseudonymous certificate systems, which also support anonymity without the need for a trusted third party. The second system provides cryptographic protection against the forgery and transfer of credentials. Both systems are based on a new paradigm, called self-blindable certificates. Such… (More)

XTR is a new method to represent elements of a subgroup of a multiplicative group of a finite field. Application of XTR in cryptographic protocols leads to substantial savings both in communication and computational overhead without compromising security. This paper describes and explains the techniques and properties that are relevant for the XTR… (More)

- Wieb Bosma, James Hutton, Eric R. Verheul
- ASIACRYPT
- 2002

XTR is a general method that can be applied to discrete logarithm based cryptosystems in extension fields of degree six, providing a compact representation of the elements involved. In this paper we present a precise formulation of the Brouwer-Pellikaan-Verheul conjecture, originally posed in [4], concerning the size of XTR-like representations of elements… (More)

- Eric R. Verheul, Henk C. A. van Tilborg
- EUROCRYPT
- 1997

We propose a concept for a worldwide information security infrastructure that protects law-abiding citizens, but not criminals, even if the latter use it fraudulently (i.e. when not complying with the agreed rules). It can be seen as a middle course between the inflexible but fraudresistant KMI-proposal [8] and the flexible but non-fraud-resistant concept… (More)