Tate pairing

This paper presents an implementation of genus 2 and 3 hyperelliptic curves over prime fields, with a comparison with elliptic curves. To achieve a fair comparison, we developed an ad-hoc arithmetic library, designed to remove most of the overheads that penalise implementations of curve-based cryptography over prime fields. These overheads get worse for smaller fields, and thus for large genera. We also use techniques such as "lazy" and "incomplete" modular reduction, originally developed for performing arithmetic in field extensions, to reduce the number of modular reductions occurring in the formulae for the group operations. The result is that the performance of hyperelliptic curves of genus 2 over prime fields is much closer to the performance of elliptic curves than previously thought. For groups of 192 and 256 bits the difference is about 17% and 12% respectively.

Authenticated key agreement protocols have an important role for building secure communications amongst two or more entities over the Internet. In this paper we propose an efficient and secure authenticated key agreement protocol based on Diffie-Hellman key agreement. Our protocol is more efficient than previous authenticated key agreement protocols because it requires only 1 integer multiplication. We show that our protocol meets the security attributes under the assumption that the elliptic curve discrete logarithm problem is secure.

on which the proxy signer can sign. Also, proxy signature schemes can be classified as proxy-unprotected and proxy-protected schemes. In an proxy-protected scheme, the original signer cannot forge a proxy signature in the name of the proxy signer. The proxyprotected schemes provide more security level than the proxy-unprotected signature schemes. A lot of proxy signature schemes [6], [7] and some ID-based proxy signature schemes with special features were proposed, such as identity-based multi-proxy signature [8], [9], identity-based strong designated verifier proxy signature [10], [11]. Cao and Cao [9] claimed that their scheme is provably secure in the random oracle model. However, Xiong et al. [12] proved that their scheme is not secure under their security model. The first proxy signature scheme based on the factoring integer problem is proposed by Shao [13], in 2003. Recently, Zhou et al. [14] proposed two efficient proxy protected signature schemes. Their first scheme is based on RSA [15] assumption and the second scheme is based on the integer factorization problem. Zhou et al. [14] claim that their schemes are more efficient than other schemes. However, Park et al. [16] point out their schemes are insecure. Moreover, Liu et al. [17] point out that Zhou et al.'s [14] schemes are vulnerable to the undelegated proxy signature attack: any attacker without the delegation of the original signer can generate a valid proxy signature. Xue et al. [18] proposed two proxy signature schemes based on the difficulty of factorings of large integers without formal security proofs. Recently, Shao [19] proposed proxy protected signature scheme based on RSA. Also, most proxy signature schemes are based on the difficulty of discrete logarithm problem [20] or elliptic curve discrete logarithm problem [21]. Chen et al. proposed in [20] a proxy signature scheme based on the Digital Signature Algorithm (DSA). Mambo et al. [1], [22] proposed three proxy signature schemes based on ElGamal's signature scheme [23], Schnorr's signature

Pairing-based cryptosystems have been developing very fast in the last few years. The efficiencies of the cryptosystems are determined by the computation of the Tate pairing. In this paper a new efficient algorithm based on double-base chain for computing the Tate pairing is proposed for odd characteristic p > 3. The inherent sparseness of doublebase number system reduces the computational cost for computing the Tate pairing evidently. It is 9% faster than the previous fastest method for MOV degree k=6.

We consider algebraic affine and projective curves of Edwards over the finite field F p n . It is known that many modern cryptosystems can be naturally transformed into elliptic curves . We research Edwards algebraic curves over a finite field, which are one of the most promising supports of sets of points which are used for fast group operations . We construct a new method for counting the order of an Edwards curve over a finite field. It should be noted that this method can be applied to the order of elliptic curves due to the birational equivalence between elliptic curves and Edwards curves. We not only find a specific set of coefficients with corresponding field characteristics for which these curves are supersingular, but we additionally find a general formula by which one can determine whether a curve E d [F p ] is supersingular over this field or not. The method we have proposed has much less complexity O ( p log 2 2 p ) at not large values p in comparison with the best Schoof basic algorithm with complexityO(log 8 2 p n ), as well as a variant of the Schoof algorithm that uses fast arithmetic, which has complexity O(log 4 2 p n ), but works only for Elkis or Atkin primes. The embedding degree of the supersingular curve of Edwards over F p n in a finite field is investigated and the field characteristic, where this degree is minimal, is found. A birational isomorphism between the Montgomery curve and the Edwards curve is also constructed. A one-to-one correspondence between the Edwards supersingular curves and Montgomery supersingular curves is established. The criterion of supersingularity for Edwards curves is found over F p n .

Proxy signature schemes have been invented to delegate signing rights. The paper proposes a new concept of Identify Based Strong Bi-Designated Verifier threshold proxy signature (ID-SBDVTPS) schemes. Such scheme enables an original signer to delegate the signature authority to a group of 'n' proxy signers with the condition that 't' or more proxy signers can cooperatively sign messages on behalf of the original signer and the signatures can only be verified by any two designated verifiers and that they cannot convince anyone else of this fact.

We present a general technique for the efficient computation of pairings on supersingular Abelian varieties. This formulation, which we call the eta pairing, generalises results of Duursma and Lee for computing the Tate pairing on supersingular elliptic curves in characteristic three. We then show how our general technique leads to a new algorithm which is about twice as fast as the Duursma-Lee method. These ideas are then used for elliptic and hyperelliptic curves in characteristic 2 with very efficient results. In particular, the hyperelliptic case is faster than all previously known pairing algorithms.

This paper proposes an asymmetric physical layer security scheme APLE based on Elliptic curve Diffie Helman (ECDH), channel state information (CSI), and stream cipher to achieve user authenticity, key agreement and confidentiality. Moreover, this work utilizes the most promising wireless communication model and multiple access combination. Multi-Input-Multi-Output (MIMO), and Orthogonal Frequency Division Multiplexing (OFDM) respectively. Unlike other relent schemes this paper considers stationary time selective Rayleigh fading channel. The proposed authentication protocol has been proven. PLE consists of stages; Modulation Encryptor and Crypto Filters based on minimal correlation coefficient have been proposed. The function of the Modulation Encryptor is to provide confusion. However, the function Crypto-Filter provides the diffusion. The proposed PLE scheme has been designed to work with modulation schemes with signal space greater than four. The proposed PLE is simulated based on QPSK and 16QAM, and some numerical results have been drowned. symbol error rate SER as function of signal to noise ration SNR with correlation coefficient have been used to measure security strength. Besides SER and peak signal to noise ratio PSNR used to evaluate the system reliability. The results show this scheme has strong security (SER at eavesdropper rich ninety five percent with correlation coefficient almost zero), and excellent reliability (same performance as no encryption).

For corporations or individuals who wish to protect the confidentiality of their data across computer networks, network-layer encryption offers an efficient and proven method for preserving data privacy. Network layer encryption such as IPSec is more flexible than higher layer solutions since it is not application-dependent and can protect all end-to-end traffics that go between two hosts. Using IPSec, two hosts must first establish a session key through message exchanges before they can communicate. In this paper, we present an Identity Based Encryption (IBE) scheme that allows a host to calculate the per-packet encryption key based on the IP address of the destination host, without going through the expensive key exchange process as in IPSec. Our mechanism is compatible with the current IP protocol and we tested our scheme with live HTTP and ICMP traffic. Our results show that our protocol provides a zero-configuration network layer encryption solution for end-to-end secure communications that is ideal for consumer electronics applications.

For corporations or individuals who wish to protect the confidentiality of their data across computer networks, network-layer encryption offers an efficient and proven method for preserving data privacy. Network layer encryption such as IPSec is more flexible than higher layer solutions since it is not application-dependent and can protect all end-to-end traffics that go between two hosts. Using IPSec, two hosts must first establish a session key through message exchanges before they can communicate. In this paper, we present an Identity Based Encryption (IBE) scheme that allows a host to calculate the per-packet encryption key based on the IP address of the destination host, without going through the expensive key exchange process as in IPSec. Our mechanism is compatible with the current IP protocol and we tested our scheme with live HTTP and ICMP traffic. Our results show that our protocol provides a zero-configuration network layer encryption solution for end-to-end secure communications that is ideal for consumer electronics applications.

Elliptic curves with small embedding degree and large prime-order subgroup are key ingredients for implementing pairingbased cryptographic systems. Such "pairing-friendly" curves are rare and thus require specific constructions. In this paper we give a single coherent framework that encompasses all of the constructions of pairing-friendly elliptic curves currently existing in the literature. We also include new constructions of pairing-friendly curves that improve on the previously known constructions for certain embedding degrees. Finally, for all embedding degrees up to 50, we provide recommendations as to which pairing-friendly curves to choose to best satisfy a variety of performance and security requirements.

When using pairing-friendly ordinary elliptic curves over prime fields to implement identity-based protocols, there is often a need to hash identities to points on one or both of the two elliptic curve groups of prime order r involved in the pairing. Of these G1 is a group of points on the base field E(F p) and G 2 is instantiated as a group of points with coordinates on some extension field, over a twisted curve E (F p d), where d divides the embedding degree k. While hashing to G 1 is relatively easy, hashing to G 2 has been less considered, and is regarded as likely to be more expensive as it appears to require a multiplication by a large cofactor. In this paper we introduce a fast method for this cofactor multiplication on G2 which exploits an efficiently computable homomorphism.

When performing a Tate pairing (or a derivative thereof) on an ordinary pairing-friendly elliptic curve, the computation can be looked at as having two stages, the Miller loop and the so-called final exponentiation. As a result of good progress being made to reduce the Miller loop component of the algorithm (particularly with the discovery of "truncated loop" pairings like the Rate pairing [18]), the final exponentiation has become a more significant component of the overall calculation. Here we exploit the structure of pairing-friendly elliptic curves to reduce to a minimum the computation required for the final exponentiation.

One of the challenges in the designing of pairing-based cryptographic protocols is to construct suitable pairing-friendly curves: Curves which would provide efficient implementation without compromising the security of the protocols. These curves have small embedding degree and large prime order subgroup. Random curves are likely to have large embedding degree and hence are not practical for implementation of pairing-based protocols. In this thesis we review some mathematical background on elliptic and hyperelliptic curves in relation to the construction of pairing-friendly hyperelliptic curves. We also present the notion of pairing-friendly curves. Furthermore, we construct new pairing-friendly elliptic curves and Jacobians of genus two hyperelliptic curves which would facilitate an efficient implementation in pairing-based protocols. We aim for curves that have smaller ρ-values than ever before reported for different embedding degrees. We also discuss optimisation of computing pairing in Tate pairing and its variants. Here we show how to efficiently multiply a point in a subgroup defined on a twist curve by a large cofactor. Our approach uses the theory of addition chains. We also show a new method for implementation of the computation of the hard part of the final exponentiation in the calculation of the Tate pairing and its variants.

A Publicly Verifiable Secret Sharing (PVSS) scheme allows anyone to verify the validity of the shares computed and distributed by a dealer. The idea of PVSS was introduced by Stadler in [18] where he presented a PVSS scheme based on Discrete Logarithm. Later, several PVSS schemes were proposed. In [2], Behnad and Eghlidos present an interesting PVSS scheme with explicit membership and disputation processes. In this paper, we present a new PVSS having the advantage of being simpler while offering the same features. 1

For the implementation of error-correcting codes, cryptographic algorithms, and the construction of homomorphic methods for privacy-preserving, there is a need for methods of performing operations on elements GF(2m) that have low computational complexity. This paper analyzes the existing methods of performing operations on the elements GF(2m) and proposes a new method based on the use of a sparse table of elements of this field. The object of research is the processes of operations in information security systems. The subject of research is methods and algorithms for performing operations on elements GF(2m). The purpose of this research is to develop and improve methods and algorithms for performing operations on elements GF(2m) to reduce their computational complexity. Empirical methods and methods of mathematical and software modeling are used in the research. Existing and proposed algorithms are implemented using the C# programming language in the Visual Studio 2015 development environment. Experimental research of existing and developed algorithms was carried out according to the proposed method, which allows to level the influence of additional parameters on the results of the research. The conducted research on methods for performing operations on the elements GF(2m) shows the expediency of using a sparse table of field elements. This approach makes it possible to reduce the amount of RAM required for the software and hardware implementation of the developed method compared to the classical tabular method, which requires storage of a full table of correspondence of the polynomial and index representation of the field elements. In addition, the proposed method gives an increase in speed of more than 4 times for the operations of calculating the multiplicative inverse element and exponentiation. As a result, the proposed method allows to reduce the computational complexity of error-correcting codes, cryptographic algorithms, and the homomorphic methods for privacy-preserving.

We introduce enough group theory and number theory to analyze in detail certain problems in cryptology. In the course of our investigations we comment on the importance of finding efficient algorithms for real world applications. The notes below are from An Invitation to Modern Number Theory, published by Princeton University Press in 2006. For more on the book, see The notes below are Chapter One of the book; as such, there are often references to other parts of the book. These references will look something like ?? in the text. If you want additional information on any of these references, please let me know. I am including the entire bibliography, as well as a subset of the index.

We call a pair of distinct prime powers (q 1 , q 2) = (p a1 1 , p a2 2) a Hasse pair if | √ q 1 − √ q 2 | ≤ 1. For such pairs, we study the relation between the set E 1 of isomorphism classes of elliptic curves defined over F q1 with q 2 points, and the set E 2 of isomorphism classes of elliptic curves over F q2 with q 1 points. When both families E i contain only ordinary elliptic curves, we prove that their isogeny graphs are isomorphic. When supersingular curves are involved, we describe which curves might belong to these sets. We also show that if both the q i 's are odd and E 1 ∪ E 2 = ∅, then E 1 ∪ E 2 always contains an ordinary elliptic curve. Conversely, if q 1 is even, then E 1 ∪ E 2 may contain only supersingular curves precisely when q 2 is a given power of a Fermat or a Mersenne prime. In the case of odd Hasse pairs, we could not rule out the possibility of an empty union E 1 ∪E 2 , but we give necessary conditions for such a case to exist. In an appendix, Moree and Sofos consider how frequently Hasse pairs occur using analytic number theory, making a connection with Andrica's conjecture on the difference between consecutive primes.

We introduce a set of four twisted Edwards curves that satisfy common security requirements and allow for fast implementations of scalar multiplication on 8, 16, and 32-bit processors. Our curves are defined by an equation of the form −x 2 + y 2 = 1 + dx 2 y 2 over a prime field Fp, where d is a small non-square modulo p. The underlying prime fields are based on "pseudo-Mersenne" primes given by p = 2 k − c and have in common that p ≡ 5 mod 8, k is a multiple of 32 minus 1, and c is at most eight bits long. Due to these common features, our primes facilitate a parameterized implementation of the low-level arithmetic so that one and the same arithmetic function is able to process operands of different length. The four twisted Edwards curves we present in this paper are all birationally equivalent to Montgomery curves of the form −(A + 2)y 2 = x 3 + Ax 2 + x where 4/(A + 2) is small. Even though this contrasts with the usual practice of choosing (A + 2)/4 to be small, we show that the Montgomery form of our curves allows for an equally efficient implementation of point doubling as Curve25519. The four curves we put forward roughly match the common symmetric security levels of 80, 96, 112, and 128 bits. Moreover, their Weierstraß representations are isomorphic to curves of the form y 2 = x 3 − 3x + b so as to facilitate inter-operability with TinyECC and other legacy software.

nontrivial divisor for a large number. In 2009, the number RSA-768 was factorized in 2009 within the RSA-competition that was already closed. Specified 768-bit number (232 decimal digits) is currently the largest number, known from public sources, which was factorized. To factorize it, the researchers from 6 countries united; more than 10 20 operations 6

We describe, in detail sufficient for easy implementation, a fast method for calculation of the Tate pairing, as required for pairingbased cryptographic protocols. We point out various optimisations and tricks, and compare timings of a pairing-based Identity Based Encryption scheme with an optimised RSA implementation.

We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable to that of RSA in larger characteristics. We also propose faster algorithms for scalar multiplication in characteristic 3 and square root extraction over Fpm , the latter technique being also useful in contexts other than that of pairing-based cryptography.

In this paper we describe how to efficiently implement pairing calculation on supersingular genus 2 curves over prime fields. We find that, contrary to the results reported in [8], pairing calculation on supersingular genus 2 curves over prime fields is efficient and a viable candidate for the practical implementation of pairing-based cryptosystems. We also show how to eliminate divisions in an efficient manner when computing the Tate pairing, and how this algorithm is useful for curves of genus greater than one.

We describe, in detail sufficient for easy implementation, a fast method for calculation of the Tate pairing, as required for pairingbased cryptographic protocols. We point out various optimisations and tricks, and compare timings of a pairing-based Identity Based Encryption scheme with an optimised RSA implementation.

We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable to that of RSA in larger characteristics. We also propose faster algorithms for scalar multiplication in characteristic 3 and square root extraction over Fpm , the latter technique being also useful in contexts other than that of pairing-based cryptography.

When using pairing-friendly ordinary elliptic curves over prime fields to implement identity-based protocols, there is often a need to hash identities to points on one or both of the two elliptic curve groups of prime order r involved in the pairing. Of these G1 is a group of points on the base field E(F p) and G 2 is instantiated as a group of points with coordinates on some extension field, over a twisted curve E (F p d), where d divides the embedding degree k. While hashing to G 1 is relatively easy, hashing to G 2 has been less considered, and is regarded as likely to be more expensive as it appears to require a multiplication by a large cofactor. In this paper we introduce a fast method for this cofactor multiplication on G2 which exploits an efficiently computable homomorphism.

When performing a Tate pairing (or a derivative thereof) on an ordinary pairing-friendly elliptic curve, the computation can be looked at as having two stages, the Miller loop and the so-called final exponentiation. As a result of good progress being made to reduce the Miller loop component of the algorithm (particularly with the discovery of "truncated loop" pairings like the Rate pairing [18]), the final exponentiation has become a more significant component of the overall calculation. Here we exploit the structure of pairing-friendly elliptic curves to reduce to a minimum the computation required for the final exponentiation.

Pairings on elliptic curves are fast coming of age as cryptographic primitives for deployment in new security applications, particularly in the context of implementations of Identity-Based Encryption (IBE). In this paper we describe the implementation of various pairings on a contemporary 32-bit smart-card, the Philips HiPerSmart TM , an instantiation of the MIPS-32 based SmartMIPS TM architecture. Three types of pairing are considered, first the standard Tate pairing on a nonsupersingular curve E(Fp), second the Ate pairing, also on a nonsupersingular curve E(F p ), and finally the η T pairing on a supersingular curve E(F 2 m ). We demonstrate that pairings can be calculated as efficiently as classic cryptographic primitives on this architecture, with a calculation time of as little as 0.15 seconds.

Pairing-based cryptosystems rely on the existence of bilinear, nondegenerate, efficiently computable maps (called pairings) over certain groups. Currently, all such pairings used in practice are related to the Tate pairing on elliptic curve groups whose embedding degree is large enough to maintain a good security level, but small enough for arithmetic operations to be feasible. In this paper we describe how to construct ordinary (non-supersingular) elliptic curves containing groups with arbitrary embedding degree, and show how to compute the Tate pairing on these groups efficiently.

Elliptic curves with small embedding degree and large prime-order subgroup are key ingredients for implementing pairing-based cryptographic systems. Such "pairing-friendly" curves are rare and thus require specific constructions. In this paper we give a single coherent framework that encompasses all of the constructions of pairing-friendly elliptic curves currently existing in the literature. We also include new constructions of pairing-friendly curves that improve on the previously known constructions for certain embedding degrees. Finally, for all embedding degrees up to 50, we provide recommendations as to which pairing-friendly curves to choose to best satisfy a variety of performance and security requirements.

Tate pairing based cryptosystems have recently emerged as an alternative to traditional public key cryptosystems, because of their ability to be used in multi-party identity-based key management schemes. Due to the inherent parallelism of the existing pairing algorithms, high performance can be achieved via hardware realizations. Three schemes for Tate pairing computations have been proposed in the literature: cubic elliptic, binary elliptic, and binary hyperelliptic. In this paper, we propose a new FPGA-based architecture of the Tate pairing-based computation over binary fields. Even though our field sizes are larger than in the architectures based on cubic elliptic curves or binary hyperelliptic curves with the same security strength, nevertheless fewer multiplications in the underlying field need to be performed. As a result, the computational latency for a pairing computation has been reduced, and our implementation runs 2-to-20 times faster than the equivalent implementations of other pairing-based schemes at the same level of security strength. Furthermore, we ported our pairing designs for 8 field sizes ranging from 239 to 557 bits to the reconfigurable computer, SGI Altix-4700 supported by Silicon Graphics, Inc., and performance and cost are demonstrated.

After Miller's original algorithm for the Tate pairing computation, many improved algorithms have been suggested, to name just a few, by Galbraith et al. and Barreto et al., especially for the flelds with characteristic three. Also Duursma and Lee found a closed formula of the Tate pairing computation for the flelds with characteristic three. In this paper, we show that

Let f ∈ Q[x] be a square-free polynomial of degree ≥ 3 and m ≥ 3 be an odd positive integer. Based on our earlier investigations we prove that there exists a function D 1 ∈ Q(u, v, w) such that the Jacobians of the curves C 1 : D 1 y 2 = f (x), C 2 : y 2 = D 1 x m + b, C 3 : y 2 = D 1 x m + c, have all positive ranks over Q(u, v, w). Similarly, we prove that there exists a function D 2 ∈ Q(u, v, w) such that the Jacobians of the curves C 1 : D 2 y 2 = h(x), C 2 : y 2 = D 2 x m + b, C 3 : y 2 = x m + cD 2 , have all positive ranks over Q(u, v, w). Moreover, if f (x) = x m + a for some a ∈ Z \ {0}, we prove the existence of a function D 3 ∈ Q(u, v, w) such that the Jacobians of the curves C 1 : y 2 = D 3 x m + a, C 2 : y 2 = D 3 x m + b, C 3 : y 2 = x m + cD 3 , have all positive ranks over Q(u, v, w). We present also some applications of these results. Finally, we present some results concerning the torsion parts of the Jacobians of the superelliptic curves y p = x m (x + a) and y p = x m (a − x) k for a prime p and 0 < m < p − 2 and k < p and apply our result in order to prove the existence of a function D ∈ Q(u, v, w, t) such that the Jacobians of the curves C 1 : Dy p = x m (x + a), Dy p = x m (x + b) have both positive rank over Q(u, v, w, t).

We show that for any pair of elliptic curves E 1 , E 2 over ‫ޑ‬ with jinvariant equal to 0, we can find a polynomial D ∈ ‫[ޚ‬u, v] such that the cubic twists of the curves E 1 , E 2 by D(u, v) have positive rank over ‫(ޑ‬u, v). We also prove that for any quadruple of pairwise distinct elliptic curves E i , i = 1, 2, 3, 4, with j-invariant j = 0, there exists a polynomial D ∈ ‫[ޚ‬u] such that the sextic twists of E i , i = 1, 2, 3, 4, by D(u) have positive rank. A similar result is proved for quadruplets of elliptic curves with j-invariant j = 1, 728.

In this paper a system of coordinates for the effective divisors on the Jacobian Variety of a Picard curve is presented. These coordinates possess a nice geometric interpretation and provide us with an unifying environment to obtain an explicit structure of algebraic variety on the Jacobian as well as an efficient algorithm for the addition of divisors.

Blind signature allows one user to get a signature without giving the signer any information about the actual message or the resulting signature. In this paper, we aim to improve the recently proposed Lin et al.'s Self-certified Partially Blind Signature Scheme[1] in order to withstand the security flaw in their scheme. The security of the improved scheme is enhanced in the blind signing phase of the scheme. The analysis shows that the proposed scheme resolves security problem in Lin et al.'s scheme and also meets the aspects of security features needed by a partial blind signature.

Let S be a rational fraction and let f be a polynomial over a finite field. Consider the transform T (f) = numerator(f (S)). In certain cases, the polynomials f , T (f), T (T (f)). .. are all irreducible. For instance, in odd characteristic, this is the case for the rational fraction S = (x 2 + 1)/(2x), known as the R-transform, and for a positive density of all irreducible polynomials f. We interpret these transforms in terms of isogenies of elliptic curves. Using complex multiplication theory, we devise algorithms to generate a large number of other rational fractions S , each of which yields infinite families of irreducible polynomials for a positive density of starting irreducible polynomials f .

In the recent years, lattice modelling proved to be a topic of renewed interest. Indeed, fields as distant as chemical modelling and biological tissue modelling use network models that appeal to similar equilibrium laws. In both cases, obtaining an equivalent continuous model allows to simplify numerical procedures. We describe an homogenization technique designed for discrete structures that provides a limit continuum mechanics model and, in the special case of hexagonal lattices, we investigate the symmetry properties of the limit constitutive law.

In MANET environment, the nodes are mobile i.e., nodes move in and out dynamically. This causes difficulty in maintaining a central trusted authority say Certification Authority CA or Key Generation Centre KCG. In addition most of cryptographic techniques need a key to be shared between the two communicating entities. So to introduce security in MANET environment, there is a basic need of sharing a key between the two communicating entities without the use of central trusted authority. So we present a decentralized two-party key agreement protocol using pairings and threshold cryptography ideas. Our model is based on Joux's three-party key agreement protocol which does not authenticate the users and hence is vulnerable to man-in-the-middle attack. This model protects from man-in-the-middle attack using threshold cryptography.

In this paper, we present several improvements on the best known explicit formulae for hyperelliptic curves of genus three and four in characteristic two, including the issue of reducing memory requirements. To show the effectiveness of these improvements and to allow a fair comparison of the curves of different genera, we implement all formulae using a highly optimized software library for arithmetic in binary fields. This library was designed to minimize the impact of a whole series of overheads which have a larger significance as the genus of the curves increases. The current state of the art in attacks against the discrete logarithm problem is taken into account for the choice of the field and group sizes. Performance tests are done on two personal computers with very different architectures. Our results can be shortly summarized as follows: Curves of genus three provide performance similar, or better, to that of curves of genus two, and these two types of curves can perform faster than elliptic curves-indeed on some processors often twice as fast. Curves of genus four attain a performance level comparable to elliptic curves. A large choice of curves is therefore available for the deployment of curve-based cryptography, with curves of genus three and four providing their own advantages as larger cofactors can be allowed for the group order.

Broadcast encryption (BE) deals with secure transmission of a message to a group of receivers such that only an authorized subset of receivers can decrypt the message. The transmission cost of a BE system can be reduced considerably if a limited number of free riders can be tolerated in the system. In this paper, we study the problem of how to optimally place a given number of free riders in a subset-difference (SD)-based BE system, which is currently the most efficient BE scheme in use and has also been incorporated in standards, and we propose a polynomial-time optimal placement algorithm and three more efficient heuristics for this problem. Simulation experiments show that SD-based BE schemes can benefit significantly from the proposed algorithms.

Given a polynomial f with coefficients in a field of prime characteristic p, it is known that there exists a differential operator that raises 1/f to its pth power. We first discuss a relation between the 'level' of this differential operator and the notion of 'stratification' in the case of hyperelliptic curves. Next we extend the notion of level to that of a pair of polynomials. We prove some basic properties and we compute this level in certain special cases. In particular we present examples of polynomials g and f such that there is no differential operator raising g/f to its pth power.

We provide an easy method for the construction of characteristic polynomials of simple ordinary abelian varieties A of dimension g over a finite field Fq, when q ≥ 4 and 2g = ρ b−1 (ρ − 1) for some prime ρ ≥ 5, with b ≥ 1. Moreover, we show that A is absolutely simple if b = 1 and ρ = 5, but A is not absolutely simple for arbitrary ρ with b > 1.

In this paper, we present two efficient algorithms computing scalar multiplications of a point in an elliptic curve defined over a small finite field, the Frobenius map of which has small trace. Both methods use the identity which expresses multiplication-by-m maps by polynomials of Frobenius maps. Both are applicable for a large family of elliptic curves and more efficient than any other methods applicable for the family. More precisely, by Algorithm 1(Frobenius k-ary method), we can compute mP in at most 2l/5 + 28 elliptic additions for arbitrary l bit integer m and a point P on some elliptic curves. For other curves, the number of elliptic additions required is less than l. Algorithm 2(window method) requires at average 2l/3 elliptic additions to compute mP for l bit integer m and a point P on a family of elliptic curves. For some 'good' elliptic curves, it requires 5l/12 + 11 elliptic additions at average.