Iwan M. Duursma
ElGamal type signature schemes for n-dimensional vector spaces
We generalize the ElGamal signature scheme for cyclic groups to a signature scheme for n-dimensional vector spaces. The higher dimensional version is based on the untractability of the vector decomposition problem (VDP). Yoshida has shown that under certain conditions, the VDP on a two-dimensional vector space is at least as hard as the computational Diffie-Hellman problem (CDHP) on a one-dimensional subspace. (Added November 19: Steven Galbraith recently showed that for the examples that are used in the paper, the VDP is at most as hard as the Discrete Logarithm problem (DLP) on a one-dimensional subspace. This has as a consequence for the proposed signature scheme that the given examples provide the same security as (ordinary) Elliptic Curve DLP based signature schemes.)
The Vector Decomposition Problem for Elliptic and Hyperelliptic Curves
The group of m-torsion points on an elliptic curve, for a prime number m, forms a two-dimensional vector space. It was suggested and proven by Yoshida that under certain conditions the vector decomposition problem (VDP) on a two-dimensional vector space is at least as hard as the computational Diffie-Hellman problem (CDHP) on a one-dimensional subspace. In this work we show that even though this assessment is true, it applies to the VDP for m-torsion points on an elliptic curve only if the curve is supersingular. But in that case the CDHP on the one-dimensional subspace has a known sub-exponential solution. Furthermore, we present a family of hyperelliptic curves of genus two that are suitable for the VDP.
Tate-pairing implementations for tripartite key agreement
We give a closed formula for the Tate-pairing on the hyperelliptic curve $y^2 = x^p - x + d$ in characteristic $p$. This improves recent implementations by Barreto et.al. and by Galbraith et.al. for the special case $p=3$. As an application, we propose a $n$-round key agreement protocol for up to $3^n$ participants by extending Joux's pairing-based protocol to $n$ rounds.