Exponentiating faster with addition chains
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Algorithms in number theory
Fair Cryptosystems, Revisited: A Rigorous Approach to Key-Escrow (Extended Abstract)
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Analysis of Low Hamming Weight Products
Discrete Applied Mathematics
On diffie-hellman key agreement with short exponents
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Batch Diffie-Hellmam key agreement systems and their application to portable communications
EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
A note on discrete logarithms with special structure
EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
Hi-index | 0.00 |
Many key distribution systems axe based on the assumption that the Discrete-Log (DL) problem is hard. The implementations could be more efficient if a significantly smaller exponent could be used, without lowering the complexity of the DL problem. When the exponent is known to reside in interval of size w, the DL problem can be computed in time O(驴w), using Pollard's "Lambda method for catching Kangaroos".Suppose we want a level of security of 300 years on a 1 MIP machine, with 1K bit operations per instruction. Then w = 2127 currently seems sufficient (with 512 bit modulus). It is not clear, however, whether methods other than "Kangaroo" exist, with lower complexity.Let s and m denote the number of squarings and multiplications, respectively, required to exponentiate. It is well known that s roughly equals the size in bits of the exponent (L), and m is roughly 1.5 驴 L/lg2(L), for the most efficient methods, in the practical range.We show that by using an exponent which is known to be compressible by a factor 驴, using the Ziv-Lempel method, we reduce m exponentially in 驴, on the average (integer multiplications may be more than twice as expensive as squarings, hence this is not negligible).This can be used to speed up cryptographic key distribution systems of the Diffie-Hellman family. However, it is not clear how safe compressible exponents are.