1. Fuw-Yi Yang1 Textbook: Introduction to Cryptography 2nd ed. By J.A. Buchmann Chap 13 Other Systems Department of Computer Science and Information Engineering, Chaoyang University of Technology 朝陽科技大學資工系 Speaker: Fuw-Yi Yang 楊伏夷 伏夷非征番, 道德經 察政章 (Chapter 58) 伏 者潛藏也 道紀章 (Chapter 14) 道無形象, 視之不可見者曰 夷

2. Fuw-Yi Yang2 Contents Finite Fields DL Problem Elliptic Curves

3. Fuw-Yi Yang3 13.1 Finite Fields This chapter show that the ElGamal algorithms can be implemented in the unit group (the invertible elements of a commutative ring with unit element form a group) of any finite field, not only of the prime field Z/pZ for a prime p.

4. Fuw-Yi Yang4 13.1 Finite Fields 13.1.1 DL problem Let p be a prime number and let n be a positive integer. In Theorem 2.21.1, we have shown that the unit group of the finite field GF(p n ) is cyclic. Its order is p n - 1. If this order has only small prime factors, then the Pohlig-Hellman DL algorithm will efficiently compute discrete logarithms in this group (see Section 10.5). Otherwise, an index calculus algorithm can be applied (Section 10.6). For fixed n, the number field sieve can be applied. For fixed p and growing n, the function field sieve is used. Both algorithms have running time L q [1/3, c+o(1)]. See next page.

5. Fuw-Yi Yang5 13.1 Finite Fields 9.4 Analysis of the quadratic sieve Let n, u, v be real numbers and let n be greater than the Euler constant e = 2.718. L n [u, v] = e v(log n) u (log log n) 1-u. L n [0, v] = e v(log n) 0 (log log n) 1 = e v(log log n) = (log n ) v //polynomial time L n [1, v] = e v(log n) u (log log n) 1-u = e v(log n) //exponential time 0 < u < 1 : subexponential time

6. Fuw-Yi Yang6 13.2 Elliptic Curves 13.2.1 Definition Elliptic curves can be defined over any field. This section only describe elliptic curves over prime fields. Let p be a prime number, p > 3 and let a, b  GF(p). be a positive integer.