L. M., Adleman, A Subexponential Algorithm for the Discrete Logarithm Problem with Applications to Cryptography, Proceedings of the 20th Annual Symposium on the Foundations of Computer Science, 55–60, 1979.Google Scholar

L. M., Adleman, On Breaking Generalized Knapsack Public Key Cryptosystems, Proceedings of the 15th Annual ACM Symposium on the Theory of Computing, 402–112, 1983.Google Scholar

L. M., Adleman, The Function Field Sieve, Algorithmic Number Theory, Lecture Notes in Computer Science, vol. 877, L. M., Adleman and M.-D., Huang, editors, pp. 108–121, New York, Springer, 1994.Google Scholar

L. M., Adleman and J., DeMarrais, A Subexponential Algorithm for Discrete Logarithms over All Finite Fields, Mathematics of Computation, 61, 1–15, 1993.Google Scholar

L. M., Adleman and M.-D., Huang, Counting Rational Points on Curves and Abelian Varieties over Finite Fields, Algorithmic Number Theory, Lecture Notes in Computer Science, vol. 1122, H., Cohen, editor, pp. 1–16, Springer, 1996.Google Scholar

L. M., Adleman, J., DeMarrais, and M.-D., Huang, A Subexponential Algorithm for Discrete Logarithms over the Rational Subgroup of the Jacobians of Large Genus Hyperelliptic Curves over Finite Fields, Algorithmic Number Theory, Lecture Notes in Computer Science, vol. 877, pp. 28–10, New York, Springer, 1994.Google Scholar

M., Ajtai, Generating Hard Instances of Lattice Problems, Proceedings of the 28th Annual ACM Symposium on the Theory of Computing, 99–108, 1996.Google Scholar

M., Ajtai, The Shortest Vector Problem in NP-Hard for Randomized Reductions, Proceedings of the 30th Annual ACM Symposium on Theory of Computing, 10–19, 1998.Google Scholar

M., Ajtai and C., Dwork, A Public-Key Cryptosystem with Worst-Case/Average-Case Equivalence, Proceedings of the 29th Annual ACM Symposium on the Theory of Computing, 284–293, 1997.Google Scholar

W., Alford, A., Granville, and C., Pomerance, There Are Infinitely Many Carmichael Numbers, Annals of Mathematics, 140, 703–722, 1994.Google Scholar

T. M., Apostol, Introduction to Analytic Number Theory, New York, Springer, 1976.Google Scholar

D. F., Aranha, K., Karabina, P., Longa, C. H., Gebotys, and J., Lopez, Faster Explicit Formulas for Computing Pairings over Ordinary Curves, Advances in Cryptology, EUROCRYPT11, T., Rabin, editor, pp. 48–68, New York, Springer, 2011.Google Scholar

M., Artin, Algebra, Englewood Cliffs, NJ, Prentice Hall, 1991.Google Scholar

D. W., Ash, I. F., Blake, and S. A., Vanstone, Low Complexity Normal Bases, Discrete Applied Mathematics, 25, 191–210, 1989.Google Scholar

C., Asmuth and J., Bloom, A Modular Approach to Key Safeguarding, IEEE Transactions on Information Theory, IT-28, 208–210, 1983.Google Scholar

A. O. L., Atkin, The Number of Points on an Elliptic Curve Modulo a Prime, (unpublished) 1988.Google Scholar

A. O. L., Atkin and F., Morain, Elliptic Curves and Primality Testing, Mathematics of Computation, 61, 29–68, 1993.Google Scholar

L., Babai and S., Moran, Arthur-Merlin Games: A Randomized Proof System, and a Hierarchy of Complexity Class, Journal of Computer and System Sciences, 36, 254–276, 1988.Google Scholar

E., Bach, Explicit Bounds for Primality Testing and Related Problems, Mathematics of Computation, 55, 355–380, 1990.Google Scholar

E., Bach and K., Huber, Note on Taking Square-Roots Modulo N, IEEE Transactions on Information Theory, IT-45, 807–808, 1999.Google Scholar

R., Balasubramanian and N., Koblitz, The Improbability that an Elliptic Curve has a Subexponential Discrete Log Problem Using the Menezes-Okamoto-Vanstone Algorithm, Journal of Cryptology, 11, 141–145, 1998.Google Scholar

T. H., Barr, Invitation to Cryptology, Upper Saddle River, NJ, Prentice Hall, 2002.Google Scholar

P. S. L. M., Barreto and M., Naehrig, Pairing-Friendly Elliptic Curves of Prime Order, Selected Areas of Cryptography 05, Lecture Notes in Computer Science, vol. 3897, B., Prennel and S., Tavares, editors, pp. 319–331, New York, Springer, 2006.Google Scholar

P. S. L. M., Barreto and J. F., Voloch, Efficient Computation of Roots in Finite Fields, Design, Codes, and Cryptography, 39, 275–280, 2006.Google Scholar

P. S. L. M., Barreto, S., Galbraith, C., OhEigeartaigh, and M., Scott, Efficient Pairing Computation on Supersingular Abelian Varieties, Designs, Codes, and Cryptography, 42, 239–271, 2007.Google Scholar

P. S. L. M., Barreto, H., Kim, B., Lynn, and M., Scott, Efficient Algorithms for Pairing-Based Cryptosystems, Advances in Cryptology, CRYPTO02, M., Yung, editor, pp. 354–368, New York, Springer, 2002.Google Scholar

P. S. L. M., Barreto, B., Lynn, and M., Scott, Efficient Implementation of Pairing-Based Cryptosystems, Journal of Cryptology, 17, 321–334, 2004.Google Scholar

P., Barrett, Implementing the Rivest, Shamir, and Adleman Public Key Encryption Algorithm on a Standard Digital Processor, Advances in Cryptology, CRYPTO86, A. M., Odlyzko, editor, pp. 311–323, New York, Springer, 1986.Google Scholar

M., Bauer, A Subexponential Algorithm for Solving the Discrete Logarithm Problem in the Jacobian of High Genus Hyperelliptic Curves over Arbitrary Finite Fields, (preprint) 1999.

I., Ben-Aroya and E., Biham, Differential Cryptanalysis of Lucifer, Journal of Cryptology, 9, 21–34, 1996.Google Scholar

C. H., Bennett, G., Brassard, and A. K., Ekert, Quantum Cryptography, Scientific American, 10, 132–134, 1992.Google Scholar

N., Berger and M., Scott, Constructing Tower Extensions of Finite Fields for Implementation of Pairing-Based Cryptography, Arithmetic of Finite Fields, WAIFI2010, Lecture Notes on Computer Science, vol. 6087, M. A., Hasan and T., Helleseth, editors, pp. 180–195, 2010.Google Scholar

E. R., Berlekamp, Algebraic Coding Theory, New York, McGraw-Hill, 1968.Google Scholar

E. R., Berlekamp, Bit Serial Reed-Solomon Encoders, IEEE Transactions on Information Theory, IT-28, 869–874, 1982.Google Scholar

E. R., Berlekamp, Factoring Polynomials over Finite Fields, Bell System Technical Journal, 46, 1853–1859, 1967.Google Scholar

E. R., Berlekamp, Factoring Polynomials over Large Finite Fields, Mathematics of Computation, 24, 713–735, 1970.Google Scholar

E. R., Berlekamp, R. J., McEliece, and H. C. A., van Tilborg, On the Inherent Intractability of Certain Coding Problems, IEEE Transactions on Information Theory, IT-24, 203–207, 1978.Google Scholar

D., Bernstein and T., Lange, Faster Addition and Doubling on Elliptic Curves, Advances in Cryptology, Asiacrypt07, K., Kurosawa, editor, pp. 29–50, New York, Springer, 2007.Google Scholar

T., Beth and F., Piper, The Stop and Go Generator, Advances in Cryptology, EUROCRYPT84, T., Beth, N., Cot, and I., Ingemarsson, editors, pp. 88–92, New York, Springer, 1984.Google Scholar

E., Biham and A., Shamir, Differential Cryptanalysis of DES-Like Cryptosystems, Journal of Cryptology, 4, 3–72, 1991.Google Scholar

E., Biham and A., Shamir, Differential Cryptanalysis of the Data Encryption Standard, NewYork, Springer, 1993.Google Scholar

R. E., Blahut, Algebraic Codes on Lines, Planes, and Curves, Cambridge University Press, 2008.Google Scholar

R. E., Blahut, Transform Techniques for Error Control Codes, IBM Journal of Research and Development, 23, 299–315, 1979.Google Scholar

I. F., Blake, Curves, Codes and Cryptography, Codes, Curves, andSignals, A., Vardy, editor, pp. 63–75, Boston, MA, Kluwer, 1998.Google Scholar

I. F., Blake, Lattices and Cryptography, Codes, Graphs, and Systems, R. E., Blahut and R., Koetter, editors, pp. 317–332, Boston, MA, Kluwer, 2002.Google Scholar

I. F., Blake, R., Fuji-Hara, R. C., Mullin, and S. A., Vanstone, Computing Logarithms in Finite Fields of Characteristic Two, SIAM Journal on Algebraic and Discrete Methods, 5, 276–285, 1984.Google Scholar

I. F., Blake, V. K., Murty, and G., Xu, Refinements of Miller's Algorithm for Computing the Tate/Weil Pairing, Journal of Algorithms, 58, 134–149, 2006.Google Scholar

I. F., Blake, G., Seroussi, and N., Smart, Elliptic Curves in Cryptography, Cambridge University Press, 1999.Google Scholar

G. R., Blakley, Safeguarding Cryptographic Keys, Proceedings of the National Computer Conference, 48, 313–317, 1979.Google Scholar

D., Bleichenbacher, A Chosen Ciphertext Attack against Protocols Based on the RSA Encryption Standard PKCS #1, Advances in Cryptology, CRYPTO98, H., Krawczyk, editor, pp. 1–12, New York, Springer, 1998.Google Scholar

M., Blum and S., Micali, How to Generate Cryptographically Strong Sequences of Pseudo-Random Bits, SIAM Journal of Computing, 13, 850–864, 1984.Google Scholar

D., Boneh, The Decision Diffie-Hellman Problem, Proceedings of the 3rd Algorithmic Number Theory Symposium, Lecture Notes in Computer Science, vol. 1423, pp. 48–63, New York, Springer, 1998.Google Scholar

D., Boneh, Twenty Years of Attacks on the RSA Cryptosystem, Notices of the American Mathematics Society, 46, 203–213, 1999.Google Scholar

D., Boneh and M., Franklin, Identity-Based Encryption from the Weil Pairing, Advances in Cryptology, CRYPTO01, J., Kilian, editor, pp. 213–229, New York, Springer, 2001.Google Scholar

D., Boneh and M., Franklin, Identity-Based Encryption from the Weil Pairing, SIAM Journal of Computing, 32, 586–615, 2003.Google Scholar

D., Boneh and R., Venkatesan, Breaking RSA May Not Be Equivalent to Factoring, Advances in Cryptology, EUROCRYPT98, K., Nyberg, editor, pp. 59–71, New York, Springer, 1998.Google Scholar

D., Boneh, R., DeMillo, and R., Lipton, On the Importance of Checking Cryptographic Protocols for Faults, Advances in Cryptology, EUROCRYPT97, W., Fumy, editor, pp. 37–51, New York, Springer, 1997.Google Scholar

D., Boneh, B., Lynn, and H., Shacham, Short Signatures from the Weil Pairing, Advances in Cryptology, Asiacrypt01, C., Boyd, editor, pp. 514–532, New York, Springer, 2001.Google Scholar

N., Boston and M., Darnall, Elliptic and Hyperelliptic Curve Cryptography, Cryptographic Engineering, C. K., Koc, editor, pp. 171–189, New York, Springer, 2009.Google Scholar

L., Breiman, The Individual Ergodic Theorem of Information Theory, Annals of Mathematical Statistics, 28 (correction in vol. 31), pp. 809–811, 1957.Google Scholar

R. P., Brent and P., Zimmermann, Ten New Primitive Binary Trinomials, Mathematics of Computation, 78, 1197–1199, 2009.Google Scholar

F., Brezing and A., Weng, Elliptic Curves Suitable for Pairing-Based Cryptography, Designs, Codes, and Cryptography, 37, 133–141, 2005.Google Scholar

E. F., Brickell, Breaking Iterated Knapsacks, Advances in Cryptology, CRYPTO84, G. R., BlakleyandD., Chaum, editors, pp. 342–358, New York, Springer, 1984.Google Scholar

E. F., Brickell and A. M., Odlyzko, Cryptanalysis, a Survey of Recent Results, Proceedings of the IEEE, 76, 578–593, 1988.Google Scholar

M. E., Briggs, An Introduction to the General Number Field Sieve, M.S. Thesis, Virginia Polytechnic Institute, 1998.Google Scholar

L., Brynielsson, On the Linear Complexity of Combined Shift Register Sequences, Advances in Cryptology, EUROCRYPT85, H. C., Williams, editor, pp. 156–160, New York, Springer, 1985.Google Scholar

D. G., Cantor, Computing in the Jacobian of a Hyperelliptic Curve, Mathematics of Computation, 48, 95–101, 1987.Google Scholar

D. G., Cantor and H., Zassenhaus, A New Algorithm for Factoring Polynomials over Finite Fields, Mathematics of Computation, 36, 587–592, 1981.Google Scholar

C., Carlet, On Cryptographic Complexity of Boolean Functions, Proceedings of the 6th Conference on Finite Fields and Applications to Coding Theory, Cryptography and Related Articles, G. L., Mullen, H., Stichtenoth, and H., Tapia-Recillas, editors, pp. 53–69, New York, Springer, 2002.Google Scholar

R. D., Carmichael, Note on a New Number Theory Function, Bulletin of the American Mathematical Society, 16, 232–238, 1910.Google Scholar

R. D., Carmichael, On Composite Numbers which Satisfy the Fermat Congruence, American Mathematical Monthly, 19, 22–27, 1912.Google Scholar

R. D., Carmichael, On Sequences of Integers Defined by Recurrence Relations, Quarterly Journal of Pure and Applied Mathematics, 48, 343–372, 1920.Google Scholar

A., Chan and R. A., Games, On the Quadratic Spans of Periodic Sequences, Advances in Cryptology, CRYPTO89, G., Brassard, editor, pp. 82–89, New York, Springer, 1989.Google Scholar

A. H., Chan, R. A., Games, and E. L., Key, On the Complexities of deBruijn Sequences, Journal of Combinational Theory, Series A, 33, 233–246, 1982.Google Scholar

A. H., Chan, M., Goresky, and A., Klapper, On the Linear Complexity of Feedback Registers, IEEE Transactions on Information Theory, IT-36, 640–644, 1990.Google Scholar

D., Chaum, E., van Heijst, and B., Pfitzmann, Cryptographically Strong Undeniable Signatures, Unconditionally Secure for the Signer, Advances in Cryptology, CRYPTO91, J., Feigenbaum, editor, pp. 470–484, New York, Springer, 1991.Google Scholar

C., Cocks, Split Knowledge Generation of RSA Parameters, Proceedings of the 6th IMA International Conference, M., Darnell, editor, pp. 89–95, New York, Springer, 1997.Google Scholar

C., Cocks and R. G. E., Pinch, Identity-Based Cryptosystems Based on Weil Pairing, (unpublished) 2001.Google Scholar

D., Coppersmith, Fast Evaluation of Logarithms in Fields of Characteristic Two, IEEE Transactions on Information Theory, IT-30, 587–594, 1984.Google Scholar

D., Coppersmith, Modifications to the Number Field Sieve, Journal of Cryptology, 6, 169–180, 1993a.Google Scholar

D., Coppersmith, Solving Linear Equations over GF(2): Block Lanczos Algorithms, Linear Algebra and its Applications, 192, 33–60, 1993b.Google Scholar

D., Coppersmith, Solving Homogeneous Linear Equations over GF(2) via Block Wiedemann Algorithms, Mathematics of Computation, 62, 333–350, 1994a.Google Scholar

D., Coppersmith, The Data Encryption Standard (DES) and Its Strength against Attacks, IBM Journal of Research and Development, 38, 243–250, 1994b.Google Scholar

D., Coppersmith, Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities, Journal of Cryptology, 10, 233–260, 1997.Google Scholar

D., Coppersmith and A., Shamir, Lattice Attacks on NTRU, Advances in Cryptology, EUROCRYPT97, W., Fumy, editor, pp. 52–61, New York, Springer, 1997.Google Scholar

D., Coppersmith, M., Franklin, J., Patarin, and M., Reiter, Low-Exponent RSA with Related Messages, Advances in Cryptology, EUROCRYPT96, U., Maurer, editor, pp. 1–9, New York, Springer, 1996.Google Scholar

D., Coppersmith, H., Krawczyk, and Y., Mansour, The Shrinking Generator, Advances in Cryptology, CRYPTO93, D. R., Stinson, editor, pp. 22–39, 1993.Google Scholar

D., Coppersmith, A. M., Odlyzko, and R., Schroeppel, Discrete Logarithms in GF (p), Algorithmica, 1, 1–15, 1986.Google Scholar

T. H., Cormen, C. E., Leiserson, and R. L., Rivest, Introduction to Algorithms, Cambridge, MA, Massachusetts Institute of Technology Press, 1990.Google Scholar

G., Cornacchia, Su di un Metodo per la Risoluzione in Numeri Interi dell Equazione, Giomale di Mathematiche di Battaglini, 46, 33–90, 1908.Google Scholar

D., Cox, J., Little, and D., O'Shea, Ideals, Varieties, and Algorithms, New York, Springer, 1992.Google Scholar

R., Cramer and V., Shoup, A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext Attack, Advances in Cryptology, CRYPTO98, H., Krawczyk, editor, pp. 13–25, New York, Springer, 1998.Google Scholar

I., Csiszar and J., Korner, Broadcast Channels with Confidential Messages, IEEE Transactions on Information Theory, IT-24, 339–348, 1978.Google Scholar

J., Daemen and V., Rijmen, The Block Cipher Rijndael, Smart Card Research and Applications, J.-J., Quisquater and B., Schneier, editors, pp. 288–296, New York, Springer, 2000.Google Scholar

J., Daemen and V., Rijmen, Rijndael, the Advanced Encryption Standard, Dr. Dobb's Journal, 26(3), 137–139, 2001.Google Scholar

I. B., Damgaard, A Design Principle for Hash Functions, Advances in Cryptology, EUROCRYPT89, J.-J., Quisquater and J., Vandewalle, editors, pp. 416–427, New York, Springer, 1989.Google Scholar

Data Encryption Standard (DES), National Bureau of Standards FIPS Publication 46, 1977.

N. G., deBruijn, A Combinatorial Problem, Indagationes Mathematicae, 8, 461–467, 1946.Google Scholar

N. G., deBruijn, On the Number of Positive Integers < x and Free of Prime Factors >y, Indagationes Mathematicae, 13, 50–60, 1951.Google Scholar

J. M., DeLaurentis, A Further Weakness in the Common Modulus Protocol for the RSA Cryptoalgo-rithm, Cryptologia, 8, 253–259, 1984.Google Scholar

K., Dickman, On the Frequency of Numbers Containing Prime Factors of a Certain Relative Magnitude, Arkiv for Matematik Astronomi och Fysic, 10, 1–14, 1930.Google Scholar

W., Diffie and M. E., Hellman, New Directions in Cryptography, IEEE Transactions on Information Theory, IT-22, 644–654, 1976a.Google Scholar

W., Diffie and M. E., Hellman, Multiuser Crytographic Techniques, Federal Information Processing Standard Conference Proceedings, 45, 109–112, 1976b.Google Scholar

W., Diffie and M. E., Hellman, Privacy and Authentication: An Introduction to Cryptography, Proceedings of the IEEE, 67, 397–427, 1979.Google Scholar

V. S., Dimitrov and T., Cooklev, Hybrid Algorithm for the Computation of the Matrix Polynomial I + A + … + AN-1, IEEE Transactions on Circuits and Systems, CS-42, 377–380, 1995.Google Scholar

J. D., Dixon, Asymptotically Fast Factorization of Integers, Mathematics of Computation, 36, 255–260, 1981.Google Scholar

E., Dubrova, Finding Matching Initial States for Equivalent NLFSRs in the Fibonacci and the Galois Configurations, IEEE Transactions on Information Theory, IT-56, 2961–2966, 2010.Google Scholar

R., Dupont, A., Enge, and F., Moran, Building Curves with Arbitrary Small MOV Degree over Finite Prime Fields, Journal of Cryptology, 18, 79–89, 2005.Google Scholar

I. M., Duursma and N., Kiyavash, The Vector Decomposition Problem for Elliptic and Hyperelliptic Curves, Journal of the Ramanujan Mathematics Society, 20, 59–76, 2005.Google Scholar

I. M., Duursma and H.-S., Lee, Tate Pairing Implementation for Hyperelliptic Curves y2 = xp − x + d, Advances in Cryptology, Asiacrypt03, C.-S., Laih, editor, pp. 111–123, New York, Springer, 2003.Google Scholar

H. M., Edwards, A Normal Form for Elliptic Curves, Bulletin of the American Mathematics Society, 44, 393–422, 2007.Google Scholar

K., Eisenträger, K., Lauter, and P. L., Montgomery, Improved Weil and Tate Pairings for Elliptic and Hyperelliptic Curves, Algebraic Number Theory, Lecture Notes in Computer Science, vol. 3076, pp. 169–183, 2004.

P., Ekdahl and T., Johansson, Another Attack on A5/1, IEEE Transactions on Information Theory, IT-49, 284–289, 2003.Google Scholar

A. K., Ekert, Quantum Cryptography Based on Bell's Theorem, Physics Review Letters, 67(6), 661–663, 1991.Google Scholar

T., Elgamal, A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms, IEEE Transactions on Information Theory, IT-31, 469–472, 1985a.Google Scholar

T., Elgamal, A Subexponential-Time Algorithm for Computing Discrete Logarithms over GF(p2), IEEE Transactions on Information Theory, IT-31, 473–481, 1985b.Google Scholar

N., D. Elkies, Explicit Isogenics, (unpublished) 1991.Google Scholar

N. D., Elkies, Elliptic and Modular Curves over Finite Fields and Related Computational Issues, Advances in Cryptology, Asiacrypt98, K., Ohta and D., Pei, editors, pp. 21–76, New York, Springer, 1998.Google Scholar

A., Enge, Elliptic Curves and Their Application to Cryptography: An Introduction, Dordrecht, Kluwer, 1999.Google Scholar

T., Etzion, Linear Complexity of deBruijn Sequences: Old and New Results, IEEE Transactions on Information Theory, IT-45, 693–698, 1999.Google Scholar

U., Feige, A., Fiat, and A., Shamir, Zero-Knowledge Proofs of Identity, Journal of Cryptology, 1, 77–94, 1988.Google Scholar

H., Feistel, Cryptographic Coding for Data-Bank Privacy, RC2827, Yorktown Heights, NY, IBM Research, 1970.Google Scholar

H., Feistel, Block Cipher Cryptographic System, US Patent #3,798,359 (filed June 1971) March 1974.Google Scholar

H., Feistel, Cryptography and Computer Privacy, Scientific American, 228, 15–23, 1973.Google Scholar

A., Fiat and M., Naor, Rigorous Time/Space Trade-Offs for Inverting Functions, Proceedings of the 23rd Annual ACM Symposium on the Theory of Computing, 534–541, 1991.Google Scholar

A., Fiat and A., Shamir, How to Prove Yourself: Practical Solutions to Identification and Signature Problems, Advances in Cryptology, CRYPTO86, A. M., Odlyzko, editor, pp. 186–194, New York, Springer, 1986.Google Scholar

C., FlyeSainte-Marie, Solution to Question No. 48, Intermediare des Mathématiciens, 1, 107–110, 1894.Google Scholar

K., Fong, D., Hankerson, J., Lopez, and A., Menezes, Field Inversion and Point Halving Revisited, IEEE Transactions on Computers, C-53, 1047–1059, 2004.Google Scholar

D., Freeman, Constructing Pairing-Friendly Elliptic Curves with Embedding Degree 10, Algorithmic Number Theory, Lecture Notes in Computer Science, vol. 4076, 2006.Google Scholar

D., Freeman, M., Scott, and E., Teske, A Taxonomy of Pairing-Friendly Curves, Journal of Cryptology, 23, 224–280, 2010.Google Scholar

G., Frey and H. G., Rück, A Remark Concerning m-divisibility and the Discrete Logarithm Problem in the Divisor Class Group of Curves, Mathematics of Computation, 62, 865–874, 1994.Google Scholar

G., Frey, M., Miller, and H. G., Rück, The Tate Pairing and the Discrete Logarithm Applied to Elliptic Curve Cryptosystems, IEEE Transactions on Information Theory, IT-45, 1717–1719, 1999.Google Scholar

S. D., Galbraith, Supersingular Curves in Cryptography, Advances in Cryptology, Asiacrypt01, C., Boyd, editor, pp. 495–513, New York, Springer, 2001.Google Scholar

S. D., Galbraith, Mathematics of Public-Key Cryptography, Cambridge University Press, 2012.Google Scholar

S. D., Galbraith, K., Harrison, and D., Soldera, Implementing the Tate Pairing, Algorithmic Number Theory, Lecture Notes in Computer Science, vol. 2369, C., Fieker and D., Kohel, editors, pp. 324–337, Springer, 2002.Google Scholar

S. D., Galbraith, F., Hess, and F., Vercauteren, Aspects of Pairing Inversion, IEEE Transactions on Information Theory, IT-54, 5719–5728, 2008.Google Scholar

S. D., Galbraith, F., McKee, and P. C., Valenca, Ordinary Abelian Varieties Having Small Embedding Degrees, Finite Fields and Their Applications, 13, 800–814, 2007.Google Scholar

S. D., Galbraith, K., Paterson, and N., Smart, Pairing for Cryptographers, Discrete Applied Mathematics, 156, 3113–3121, 2008.Google Scholar

S., Gao and H. W., Lenstra Jr., Optimal Normal Bases, Designs, Codes, and Cryptography, 2, 315–323, 1992.Google Scholar

S., Gao and J., von zur Gathen, Berlekamp's and Niederreiter's Polynomial Factorization Algorithms, Contemporary Mathematics, 168, 101–116, 1994.Google Scholar

P., Garrett, Making, Breaking Codes: An Introduction to Cryptology, Upper Saddle River, NJ, Prentice Hall, 2001.Google Scholar

P., Gaudry, An Algorithm for Solving the Discrete Log Problem on Hyperelliptic Curves, Advances in Cryptology, EUROCRYPT00, B., Preneel, editor, pp. 19–34, New York, Springer, 2000.Google Scholar

P., Gaudry, E., Thome, N., Theriault, and C., Diem, A Double Large Prime Variation for Small Genus Hyperelliptic Index Calculus, Mathematics of Computation, 76, 475–492, 2007.Google Scholar

P. R., Geffe, How to Protect Data with Ciphers that Are Really Hard to Break, Electronics, 46, 99–101, 1973.Google Scholar

C., Gentry, A Fully Homomorphic Encryption System, Ph.D. Thesis, Stanford University, 2009.Google Scholar

C., Gentry, Fully Homomorphic Encryption Using Ideal Lattices, Proceedings of the 41st Annual ACM Symposium on the Theory of Computing, 169–178, 2009.Google Scholar

J. K., Gibson, Discrete Logarithm Hash Function that Is Collision Free and One Way, IEEE Proceedings, 138, 407–410, 1991.Google Scholar

R., Gold, Optimal Binary Sequences for Spread Spectrum Multiplexing, IEEE Transactions on Information Theory, IT-13, 619–621, 1967.Google Scholar

O., Goldreich, S., Goldwasser, and S., Halevi, Public-Key Cryptosystems from Lattice Reduction Problems, Advances in Cryptology, CRYPTO97, B. S., Kaliski Jr., editor, pp. 112–131, New York, Springer, 1997.Google Scholar

S., Goldwasser, The Search for Provably Secure Cryptosystems, Proceedings of Symposia in Applied Mathematics, vol. 42, Cryptology and Computational Number Theory, pp. 89–113, Providence, RI, American Mathematical Society, 1990.Google Scholar

S., Goldwasser and J., Kilian, Primality Testing Using Elliptic Curves, Journal of the Association for Computing Machinery, 46, 450–452, 1999.Google Scholar

S., Goldwasser, S., Micali, and C., Rackoff, The Knowledge Complexity of Interactive Proof Systems, SIAM Journal of Computing, 18, 186–208, 1989.Google Scholar

J., Dj. Golic and R., Menicocci, Statistical Distinguishers for Irregularly Decimated Linear Recurring Sequences, IEEE Transactions on Information Theory, IT-52, 1153–1159, 2006.Google Scholar

S. W., Golomb, Digital Communications with Space Applications, Englewood Cliffs, NJ, Prentice-Hall, 1964.Google Scholar

S. W., Golomb, Shift Register Sequences, San Francisco, CA, Holden-Day, 1967, 2nd edition, Walnut Creek, CA, Aegean Park Press, 1982.Google Scholar

S. W., Golomb and G., Gong, Signal Design for Good Correlation, Cambridge University Press, 2005.Google Scholar

S. W., Golomb and L. R., Welch, Nonlinear Shift-Register Sequences, JPL Memo No. 20-149, Pasadena, CA, Jet Propulsion Laboratory, 1957.Google Scholar

G., Gong and S. W., Golomb, Transform Domain Analysis of DES, IEEE Transactions on Information Theory, IT-45, 2065–2073, 1999.Google Scholar

D. M., Gordon, Discrete Logarithms in GF(p) Using the Number Field Sieve, SIAM Journal of Discrete Mathematics, 6, 124–138, 1993.Google Scholar

D. M., Gordon, A Survey of Fast Exponentiation Methods, Journal of Algorithms, 27, 129–146, 1998.Google Scholar

M., Goresky and A., Klapper, Algebraic Shift Register Sequences, Cambridge University Press, 2012.Google Scholar

M., Goresky and A., Klapper, Fibonacci and Galois Representations of Feedback-with-Carry Shift Registers, IEEE Transactions on Information Theory, IT-48, 2826–2836, 2002.Google Scholar

R., Granger and F., Vercauteren, On the Discrete Logarithm Problem on Algebraic Tori, Advances in Cryptology, CRYPTO05, V., Shoup, editor, pp. 66–85, New York, Springer, 2005.Google Scholar

R., Granger, D., Page, and M., Stam, Hardware and Software Normal Basis Arithmetic for Pairing-Based Cryptography in Characteristic Three, IEEE Transactions on Computers, C-54, 852–860, 2005.Google Scholar

E. J., Groth, Generation of Binary Sequences with Controllable Complexity, IEEE Transactions on Information Theory, IT-17, 288–296, 1971.Google Scholar

G., Guanella, Means for and Method for Secret Signaling, US Patent #2,405,500, 1946.Google Scholar

L. C., Guillou and J. J., Quisquater, A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory, Advances in Cryptology, EUROCRYPT87, D., Chaum and W. L., Price, editors, pp. 123–128, New York, Springer, 1987.Google Scholar

L. C., Guillou and J. J., Quisquater, Method and Apparatus for Authenticating Accreditations and for Authenticating and Signing Messages, US Patent #5, 140, 634, 1992.Google Scholar

C. G., Günther, Alternating Step Generators Controlled by deBruijn Sequences, Advances in Cryptology, EUROCRYPT87, D., Chaum and W. L., Price, editors, pp. 5–14, New York, Springer, 1987.Google Scholar

T. C., Hales, A Proof of the Kepler Conjecture, Annals of Mathematics, 162, 1065–1185, 2005.Google Scholar

M., Hall, An Isomorphism between Linear Recurring Sequences and Algebraic Rings, Transactions of the American Mathematics Society, 44, 196–218, 1938.Google Scholar

D., Hankerson, A., Menezes, and S., Vanstone, Guide to Elliptic Curve Cryptography, NewYork, Springer, 2004.Google Scholar

R., Hartshorne, Algebraic Geometry, New York, Springer, 1977.Google Scholar

H., Hasse, Theorie der höheren Differentiale in einem algebraischen Funktionenkörper mit vollkommenen Konstantenkörper bei beliebiger Charakteristik, Journal fur die Reine and Angewandte Mathematik, 175, 50–54, 1936.Google Scholar

M. E., Hellman, An Extension of the Shannon Theory Approach to Cryptography, IEEE Transactions on Information Theory, IT-23, 289–294, 1977.Google Scholar

M. E., Hellman, A Cryptanalytic Time-Memory Tradeoff, IEEE Transactions on Information Theory, IT-26, 401–406, 1980.Google Scholar

M. E., Hellman and J. M., Reyneri, Fast Computation of Discrete Logarithms in GF(q), Advances in Cryptology, CRYPTO83, D., Chaum, editor, pp. 3–13, New York, Plenum Press, 1983.Google Scholar

K., Hensel, Uber die Darstellung der Zahlen eines Gattungsbereiches für einen Beliebigen Primdivisor, Journelfür die Reine und Angewandte Mathematik, 103, 230–237, 1888.Google Scholar

T., Herlestam, On Functions of Linear Shift Register Sequences, Advances in Cryptology, EURO-CRYPT85, F., Pichler, editor, pp. 119–129, New York, Springer, 1985.Google Scholar

F., Hess, N. P., Smart, and F., Vercauteren, The Eta Pairing Revisited, IEEE Transactions on Information Theory, IT-52, 4595–4602, 2006.Google Scholar

L. S., Hill, Cryptography in an Algebraic Alphabet, American Mathematical Monthly, 36, 306–312, 1929.Google Scholar

L. S., Hill, Concerning Certain Linear Transformation Apparatus of Cryptography, American Mathematical Monthly, 38, 135–154, 1931.Google Scholar

J., Hoffstein, J., Pipher, and J. H., Silverman, NTRU: A Ring-Based Public Key Cryptosystem, Algorithmic Number Theory, Lecture Notes in Computer Science, vol. 1423, J. P., Buhler, editor, pp. 267–288, New York, Springer, 1998.Google Scholar

J., Hoffstein, J., Pipher, and J. H., Silverman, An Introduction to Mathematical Cryptography, New York, Springer, 2008.Google Scholar

D. A., Huffman, A Method for the Construction of Minimum Redundancy Codes, Proceedings of the IRE, 40, 1091–1101, 1952.Google Scholar

T., Itoh and S., Tsujii, A Fast Algorithm for Computing Multiplicative Inverses in GF (2m) Using Normal Bases, Information and Computation, 78, 171–177, 1988.Google Scholar

M. J., Jacobson, N., Koblitz, J. H., Silverman, A., Stein, and E., Teske, Analysis of the Xedni Calculus Attack, Designs, Codes, and Cryptography, 20, 41–64, 2000.Google Scholar

M., Jacobson Jr., A., Menezes, and A., Stein, Hyperelliptic Curves and Cryptography, High Primes and Misdemeanors: Lectures in Honour of the 60th Birthday of Hugh Cowie Williams, A., van der Poorten and C. M., Ringel, editors, pp. 255–282, Toronto, Fields Institute Communications, 2004.Google Scholar

W. S., Jevons, The Principles of Science, London, Macmillan, 1874.Google Scholar

A., Joux, A One-Round Protocol for Tripartite Diffie-Hellman, Proceedings of the 4th International Symposium on Algorithmic Number Theory, 385–394, New York, Springer, 2000.Google Scholar

A., Juels and M., Sudan, A Fuzzy Vault Scheme, Design, Codes, and Cryptography, 38, 237–257, 2006.Google Scholar

D., Kahn, The Codebreakers: The Story of Secret Writing, London, Macmillan, 1967. Revised edition, New York, Scribner, 1996.Google Scholar

B. S., Kaliski, R. L., Rivest, and A. T., Sherman, Is the Data Encryption Standard a Group?, Advances in Cryptology, EUROCRYPT85, F., Pichler, editors, pp. 81–92, New York, Springer, 1985.Google Scholar

A., Karatsuba and Y., Ofman, Multiplication of Many-Digital Numbers by Automatic Computers, Proceedings of the USSR Academy of Science, 145, 293–294, 1962.Google Scholar

E., Karnin, J., Greene, and M., Hellman, On Secret Sharing Systems, IEEE Transactions on Information Theory, IT-29, 35–41, 1983.Google Scholar

T., Kasami, Weight Distribution Formula for Some Class of Cyclic Code, Technical Report No. R-285, Urbana-Champaign, IL, University of Illinois, 1966.Google Scholar

J., Katz and Y., Lindell, Introduction to Modern Cryptography, Boca Raton, FL, CRC Press, 2007.Google Scholar

K. S., Kedlaya, Counting Points on Hyperelliptic Curves Using Monsky-Washnitzer Cohomology, Journal of the Ramanujan Mathematical Society, 16, 323–338, 2001.Google Scholar

J., Kelsey and T., Kohno, Herding Hash Functions and the Nostradamus Attack, Advances in Cryptology, EUROCRYPT06, S., Vaudenay, editor, pp. 183–200, New York, Springer, 2006.Google Scholar

E. L., Key, An Analysis of the Structure and Complexity of Nonlinear Binary Sequence Generators, IEEE Transactions on Information Theory, IT-22, 732–736, 1976.Google Scholar

A., Klapper, The Vulnerability of Geometric Sequences Based on Fields of Odd Characteristic, Journal of Cryptology, 7, 33–51, 1994.Google Scholar

T., Kleinjung, On Polynomial Selection for the General Number Field Sieve, Mathematics of Computation, 75, 2037–2047, 2006.Google Scholar

E., Knudsen, Elliptic Scalar Multiplication Using Point Halving, Advances in Cryptology, Asiacrypt99, K.-Y., Lam, E., Okamoto, and C., Xing, editors, pp. 1351–1491, New York, Springer, 1999.Google Scholar

A. H., Koblitz, N., Koblitz, and A., Menezes, Elliptic Curve Cryptography: The Serpentine Course of a Paradigm Shift, Journal of Number Theory, 131, 781–814, 2011.Google Scholar

N., Koblitz, Elliptic Curve Cryptosystems, Mathematics of Computation, 48, 203–209, 1987.Google Scholar

N., Koblitz, A Family of Jacobians Suitable for Discrete Log Cryptosystems, Advances in Cryptology, CRYPTO88, S., Goldwasser, editor, pp. 94–99, New York, Springer, 1988.Google Scholar

N., Koblitz, Hyperelliptic Cryptosystems, Journal of Cryptology, 1, 139–150, 1989.Google Scholar

N., Koblitz, Jacobi Sums, Irreducible Zeta Polynomials, and Cryptography, Canadian Mathematical Bulletin, 34, 229–235, 1991.Google Scholar

N., Koblitz, Algebraic Aspects and Cryptography, Berlin, Springer, 1998.Google Scholar

N., Koblitz, A., Menezes, and S., Vanstone, The State of Elliptic Curve Cryptography: Towards a Quarter-Century of Public Key Cryptography, Designs, Codes, and Cryptography, 19, 173–193, 2000.Google Scholar

P. C., Kocher, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems, Advances in Cryptology, CRYPTO96, N., Koblitz, editor, pp. 104–113, New York, Springer, 1996.Google Scholar

A. R., Korselt, Probleme chinois, L'Intermediaire des Mathematiciens, 6, 142–143, 1899.Google Scholar

K., Koyama, U., Maurer, T., Okamoto, and S. A., Vanstone, New Public-Key Schemes Based on Elliptic Curves over the RingZn, Advances in Cryptology, CRYPTO91, J., Feigenbaum, editor, pp. 252–266, New York, Springer, 1991.Google Scholar

M., Kraitchik, Theorie des Nombres, vol. 1, Paris, Gauthier-Villars, 1922.Google Scholar

J. C., Lagarias and A. M., Odlyzko, Solving Low-Density Subset Sum Problems, Journal of the Association of Computing Machinery, 32, 229–246, 1985.Google Scholar

X., Lai, J. L., Massey, and S., Murphy, Markov Ciphers and Differential Cryptanalysis, Advances in Cryptology, EUROCRYPT91, D. W., Davies, editor, pp. 17–38, New York, Springer, 1991.Google Scholar

B. A., LaMacchia and A. M., Odlyzko, Computation of Discrete Logarithms in Prime Fields, Design, Codes, and Cryptography, 1, 47–62, 1991.Google Scholar

T., Lange, Fast Arithmetic on Hyperelliptic Curves, Ph.D. Thesis, Institute for Information Security and Cryptography, Ruhr-Universitat Bochum, 2002.Google Scholar

S. K., Langford and M. E., Hellman, Differential-Linear Cryptanalysis, Advances in Cryptology, CRYPTO94, Y., Desmedt, editor, pp. 17–25, New York, Springer, 1994.Google Scholar

E., Lee, H.-S., Lee, and C.-M., Park, Efficient and Generalized Pairing Computation on Abelian Varieties, IEEE Transactions on Information Theory, IT-55, 1793–1803, 2009.Google Scholar

A. K., Lenstra and H. W., Lenstra Jr., Algorithms in Number Theory, Handbook of Theoretical Computer Science, vol. A, Algorithms and Complexity, J., van Leeuwen, editor, pp. 673–715, New York, Elsevier, 1990.Google Scholar

A. K., Lenstra and H. W., Lenstra Jr., The Development of the Number Field Sieve, Lecture Notes in Mathematics, vol. 1554, New York, Springer, 1993.Google Scholar

A. K., Lenstra, H. W., Lenstra Jr., and L., Lovasz, Factoring Polynomials with Rational Coefficients, Mathematische Annalen, 261, 515–534, 1982.Google Scholar

A. K., Lenstra, H. W., Lenstra Jr., M. S., Manasse, and J. M., Pollard, The Number Field Sieve, The Development of the Number Field Sieve, Lecture Notes in Mathematics, A. K., LenstraandH. W., Lenstra Jr., editors, vol. 1554, pp. 11–42, New York, Springer, 1993.Google Scholar

H. W., Lenstra Jr., Primality and Factorization, Proceedings of the 4th Symposium on Information Theory in the Benelux, Acco, Leuven, Belgium, pp. 13–15, 1983.Google Scholar

H. W., Lenstra Jr., Factoring Integers with Elliptic Curves, Annals of Mathematics, 126, 649–673, 1987.Google Scholar

H. W., Lenstra Jr., Rijndael for Algebraists, (unpublished) 2002.Google Scholar

R., Lercier, Computing Isogenies in F2n, Algorithmic Number Theory, Proceedings of the 2nd International Symposium ANTS-II, pp. 197–212, New York, Springer, 1996.Google Scholar

R., Lercier and F., Morain, Counting the Number of Points on Elliptic Curves over Finite Fields: Strategies and Performances, Advances in Cryptology, EUROCRYPT95, L. C., Guillou and J.-J., Quisquater, editors, pp. 79–94, New York, Springer, 1995.Google Scholar

S. K., Leung-Yan-Cheong and M. E., Hellman, The Gaussian Wire-Tap Channel, IEEE Transactions on Information Theory, IT-24, 451–456, 1978.Google Scholar

W. J., LeVeque, Fundamentals of Number Theory, Reading, MA, Addison-Wesley, 1977; republished by Dover, Mineola, NY, 1996.Google Scholar

S., Levy, Crypto: How the Code Rebels Beat the Government – Saving Privacy in the Digital Age, New York, Penguin Books, 2001.Google Scholar

S., Lichtenbaum, Duality Theorems for Curves over P-adic Fields, Inventiones Mathematicae, 7, 120–136, 1969.Google Scholar

R., Lidl and H., Niederreiter, Finite Fields, vol.20 of The Encyclopedia of Mathematics, Cambridge University Press, 1983.Google Scholar

L., Lovasz, An Algorithmic Theory of Number, Graphs, and Convexity, Philadelphia, PA, SIAM Publications, 1986.Google Scholar

M., Luby and C., Rackoff, How to Construct Pseudorandom Permutations and Pseudorandom Functions, SIAM Journal of Computing, 17, 373–386, 1988.Google Scholar

F., Luca, D. J., Mireles, and I. E., Shparlinski, MOV Attack in Various Subgroups on Elliptic Curves, Illinois Journal of Mathematics, 48, 1041–1052, 2004.Google Scholar

J. L., Massey, Shift Register Synthesis and BCH Decoding, IEEE Transactions on Information Theory, IT-15, 122–127, 1969.Google Scholar

J. L., Massey and R.-W., Liu, Equivalence of Nonlinear Shift Registers, IEEE Transactions on Information Theory, IT-10, 378–379, 1964.Google Scholar

J. L., Massey and S., Serconek, A Fourier Transform Approach to the Linear Complexity of Nonlinearly Filtered Sequences, Advances in Cryptology, CRYPTO94, Y., Oesmedt, editor, pp. 332–340, New York, Springer, 1994.Google Scholar

J. L., Massey and S., Serconek, Linear Complexity of Periodic Sequences, Advances in Cryptology, CRYPTO96, N., Koblitz, editor, pp. 358–371, New York, Springer 1996.Google Scholar

M., Matsui, Linear Cryptanalysis Method for the DES Cipher, Advances in Cryptology, EURO-CRYPT93, T., Helleseth, editor, pp. 386–397, New York, Springer, 1993.Google Scholar

M., Matsui, The First Experimental Cryptanalysis of the Data Encryption Standard, Advances in Cryptology, EUROCRYPT94, A., De Santis, editor, pp. 1–11, New York, Springer, 1994.Google Scholar

U. M., Maurer, Conditionally Perfect Secrecy and a Provably Secure Randomized Cipher, Journal of Cryptology, 5, 53–66, 1992.Google Scholar

U. M., Maurer, Secret Key Agreement by Public Discussion from Common Information, IEEE Transactions on Information Theory, IT-39, 733–742, 1993.Google Scholar

U. M., Maurer and J. L., Massey, Cascade Ciphers: The Importance of Being First, Journal of Cryptology, 6, 55–61, 1993.Google Scholar

K., McCurley, The Discrete Logarithm Problem, Proceedings of Symposia in Applied Mathematics, vol. 42, Cryptology and Computational Number Theory, pp. 49–74, Providence, RI, American Mathematical Society, 1990.Google Scholar

R. J., McEliece, A Public-Key Cryptosystem Based on Algebraic Coding Theory, DSN Progress Report No. 42-44, pp. 114–116, Pasadena, CA, Jet Propulsion Laboratory, 1978.Google Scholar

R. J., McEliece and D. V., Sarwate, On Sharing Secrets and Reed-Solomon Codes, Communications of the Association for Computing Machinery, 24, 583–584, 1981.Google Scholar

B., McMillan, The Basic Theorems of Information Theory, Annals of Mathematical Statistics, 24, 196–219, 1953.Google Scholar

B., McMillan, Two Inequalities Implied by Unique Decipherability, IRE Transactions in Information Theory, IT-2, 115–116, 1956.Google Scholar

W., Meier and O., Staffelbach, Fast Correlation Attacks on Stream Ciphers, Advances in Cryptology, EUROCRYPT88, C., Gunther, editor, pp. 301–314, New York, Springer, 1988.Google Scholar

W., Meier and O., Staffelbach, Fast Correlation Attacks on Certain Stream Ciphers, Journal of Cryptography, 1, 159–176, 1989.Google Scholar

A. J., Menezes, Hyperelliptic Cryptosystems, Journal of Cryptology, 1, 139–150, 1989.Google Scholar

A. J., Menezes, Applications of Finite Fields, Dordrecht, Kluwer, 1993.Google Scholar

A. J., Menezes, Elliptic Curve Cryptosystems, Dordrecht, Kluwer, 1997.Google Scholar

A. J., Menezes, An Introduction to Pairing-Based Cryptography, Recent Trends in Cryptography Summer School, I., Luengo, editor, vol. 477, Providence, RI, American Mathematical Society, 2005.Google Scholar

A. J., Menezes and S. A., Vanstone, The Implementation of Elliptic Curve Cryptography, Advances in Cryptology, AUSCRYPT90, J., Seberry and J., Pieprzyk, editors, pp. 2–13, New York, Springer, 1990.Google Scholar

A. J., Menezes, T., Okamoto, and S. A., Vanstone, Reducing Elliptic Curve Logarithms to Logarithms in a Finite Field, IEEE Transactions on Information Theory, IT-39, 1639–1646, 1993.Google Scholar

A. J., Menezes, P., van Oorschot, and S. A., Vanstone, Handbook of Applied Cryptography, New York, CRC Press, 1997.Google Scholar

A. J., Menezes, S. A., Vanstone, and R. J., Zuccherato, Counting Points on Elliptic Curves over F2m, Mathematics of Computation, 60, 407–420, 1993.Google Scholar

A. J., Menezes, Y.-H., Wu, and R. J., Zuccherato, An Elementary Introduction to Hyperelliptic Curves, Appendix in Algebraic Aspects of Cryptography, N., Koblitz, editor, pp. 155–178, New York, Springer, Berlin, 1998.Google Scholar

R. C., Merkle, Secure Communications over Insecure Channels, Communications of the Association for Computing Machinery, 21, 294–299, 1978.Google Scholar

R. C., Merkle, Secrecy, Authentication, and Public-Key Systems, Ph.D. Dissertation, Department of Electrical Engineering, Stanford University, 1979.Google Scholar

R. C., Merkle, One Way Hash Functions and DES, Advances in Cryptology, CRYPTO89, G., Brassard, editor, pp. 428–446, New York, Springer, 1989.Google Scholar

R. C., Merkle, A Fast Software One-Way Hash Function, Journal of Cryptology, 3, 43–58, 1990.Google Scholar

R. C., Merkle and M. E., Hellman, Hiding Information and Signatures in Trapdoor Knapsacks, IEEE Transactions on Information Theory, IT-24, 525–530, 1978.Google Scholar

R. C., Merkle and M. E., Hellman, On the Security of Multiple Encryption, Communications of the Association for Computing Machinery, 24, 465–466, 1981.Google Scholar

D., Micciancio, The Hardness of the Closest Vector Problem with Preprocessing, IEEE Transactions on Information Theory, IT-47, 1212–1215, 2001a.Google Scholar

D., Micciancio, The Shortest Vector Problem is NP-Hard to Approximate to Within Some Constant, SIAM Journal on Computing, 30, 2008–2035, 2001b.Google Scholar

D., Micciancio, Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functions from Worst-Case Complexity Assumptions, Computational Complexity, 16, 365–411, 2007.Google Scholar

D., Micciancio and O., Regev, Lattice-Based Cryptography, Post-Quantum Cryptography, D. J., Bernstein, J., Buchmann, and E., Dahmen, editors, pp. 147–191, New York, Springer, 2009.Google Scholar

F., Miller, Telegraphic Code to Insure Privacy and Secrecy in the Transmission of Telegrams, New York, C. M. Cornwell, 1882.Google Scholar

G. L., Miller, Riemann's Hypothesis and Tests for Primality, Journal of Computer and Systems Science, 13, 300–317, 1976.Google Scholar

V. S., Miller, Short Programs for Functions on Curves, (unpublished) 1986.Google Scholar

V. S., Miller, The Weil Pairing, and its Efficient Calculation, Journal of Cryptology, 17, 235–261, 2004.Google Scholar

V. S., Miller, Uses of Elliptic Curves in Cryptography, Advances in Cryptology, CRYPTO85, H.C., Williams, editors, pp. 417–426, New York, Springer, 1985.Google Scholar

A., Miyaji, M., Nakabayashi, and S., Takano, New Explicit Conditions of Elliptic Curve Traces for FR-Reduction, IEICE Transactions on Fundamentals, E84-A, 1234–1243, 2003.Google Scholar

P. L., Montgomery, Modular Multiplication without Trial Division, Mathematics of Computation, 44, 519–521, 1985.Google Scholar

J. H., Moore, Protocol Failures in Cryptosystems, Contemporary Cryptology: The Science of Infor-mation Integrity, G. J., Simmons, editor, pp. 541–548, New York, IEEE Press, 1992.Google Scholar

L. J., Mordell, Observation on the Minimum of a Positive Quadratic Form in Eight Variables, Journal of the London Mathematical Society, 19, 3–6, 1944.Google Scholar

M. A., Morrison and J., Brillhart, A Method of Factoring and the Factorization of F7, Mathematics of Computation, 29, 183–205, 1975.Google Scholar

P., Moulin and J. A., O'Sullivan, Information-Theoretic Analysis of Information Hiding, IEEE Transactions on Information Theory, IT-49, 563–593, 2003.Google Scholar

R. C., Mullin, I. M., Onyszchuk, S. A., Vanstone, and R. M., Wilson, Optimal Normal Bases in GF(pn), Discrete Applied Mathematics, 22, 149–161, 1989.Google Scholar

D., Mumford, Tate Lectures on Theta II, Boston, MA, Birkhauser, 1984.Google Scholar

B., Murphy and R. P., Brent, On Quadratic Polynomials for the Number Field Sieve, Australian Computer Science Communications, 20, 199–213, 1998.Google Scholar

National Bureau of Standards, Secure Hash Standard, FIBS Publication No. 180, Gaithersburg, MD, NBS, 1993.

P. Q., Nguyen, Cryptanalysis of the Goldreich-Goldwasser-Halevi Cryptosystem from CRYPTO97, Advances in Cryptology, CRYPTO99. M. J., Wiener, editor, pp. 288–304, New York, Springer, 1999.Google Scholar

P. Q., Nguyen and J., Stern, Cryptanalysis of the Ajtai-Dwork Cryptosystem, Advances in Cryptology, CRYPTO98, B. S., Kaliski Jr., editor, pp. 223–242, New York, Springer, 1998.Google Scholar

P. Q., Nguyen and J., Stern, The Two Faces of Lattices in Cryptography, Cryptography and Lattices, Lecture Notes on Computer Science, vol. 2146, pp. 146–180, New York, Springer, 2001.Google Scholar

I., Niven, H. S., Zuckerman, and H. L., Montgomery, An Introduction to the Theory of Numbers, 5th edition, New York, Wiley, 1991.Google Scholar

Y., Nogami and Y., Morikawa, Ordinary Pairing Friendly Elliptic Curve of Embedding Degree 3 whose Order Has Two Large Prime Factors, Memoirs of the Faculty of Engineering, Okayama University, 44, 60–68, 2010.Google Scholar

K., Nyberg and R. A., Rueppel, Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem, Designs, Codes, and Cryptography, 7, 61–81, 1996.Google Scholar

A. M., Odlyzko, Discrete Logarithms in Finite Fields and their Cryptographic Significance, Advances in Cryptology, EUROCRYPT84, T., Beth, N., Cot, and I., Ingemarsson, editors, pp. 224–314, New York, Springer, 1984.Google Scholar

A. M., Odlyzko, The Rise and Fall of Knapsack Cryptosystems, Proceedings of the Symposia on Applied Mathematics, vol. 42, Cryptology and Computational Number Theory, pp. 75–88, Providence, RI, American Mathematical Society, 1990.Google Scholar

T., Okamoto, Provably Secure and Practical Identification and Corresponding Signature Schemes, Advances in Cryptology, CRYPTO92, E. F., Brickell, editor, pp. 31–53, New York, Springer, 1992.Google Scholar

J. K., Omura and J. L., Massey, Computational Method and Apparatus for Finite Field Arithmetic, US Patent 4,587,627, May 6, 1986 (filed September 14, 1982).Google Scholar

C., Paar and C., Pelzl, Understanding Cryptography: A Textbook for Students and Practitioners, New York, Springer, 2009.Google Scholar

S. K., Park, Applications of Algebraic Curves to Cryptography, Ph.D. Dissertation, University of Illinois, 2007.Google Scholar

N. J., Patterson, The Algebraic Decoding of Goppa Codes, IEEE Transactions on Information Theory, IT-21, 384–386, 1975.Google Scholar

J., Pila, Frobenius Maps of Abelian Varieties and Finding Roots of Unity in Finite Fields, Mathematics of Computation, 55, 745–763, 1996.Google Scholar

R. G. E., Pinch, The Carmichael Numbers up to 1015, Mathematics of Computation, 61, 381–391, 1993.Google Scholar

J. B., Plumstead, Inferring a Sequence Generated by a Linear Congruence, Proceedings of the 23rd IEEE Symposium on the Foundations of Computer Science, 153–159, 1982.Google Scholar

H. C., Pocklington, The Determination of the Prime or Composite Nature of Large Numbers by Fermat's Theorem, Proceedings of the Cambridge Philosophical Society, 18, 29–30, 1914–1916.Google Scholar

S. C., Pohlig and M. E., Hellman, An Improved Algorithm for Computing Logarithms in GF(p) and its Cryptographic Significance, IEEE Transactions on Information Theory, IT-24, 106–110, 1978.Google Scholar

M., Pohst, A Modification of the LLL Algorithm, Journal of Symbolic Computation, 4, 123–128, 1987.Google Scholar

J. M., Pollard, Theorems on Factorization and Primality Testing, Proceedings of the Cambridge Philosophical Society, 76, 521–528, 1974.Google Scholar

J. M., Pollard, A Monte Carlo Method for Factorization, BIT Numerical Mathematics, 15, 331–334, 1975.Google Scholar

J. M., Pollard, Monte Carlo Methods for Index Computation mod p, Mathematics of Computation, 32, 918–924, 1978.Google Scholar

J. M., Pollard, Factoring with Cubic Integers, The Development of the Number Field Sieve, Lecture Notes in Mathematics, A. K., Lenstra and H. W., Lenstra Jr., editors, vol. 1554, pp. 50–94, New York, Springer, 1993.Google Scholar

J. M., Pollard and C. P., Schnorr, An Efficient Solution of the Congruence x2 + Ky2= m (mod n), IEEE Transactions on Information Theory, IT-33, 702–709, 1987.Google Scholar

C., Pomerance, Recent Developments in Primality Testing, The Mathematical Intelligencer, 3(3), 97–105, 1981.Google Scholar

C., Pomerance, The Quadratic Sieve Factoring Algorithms, Advances in Cryptology, EUROCRYPT84, T., Beth, N., Cot, and I., Ingemarsson, editors, pp. 169–182, New York, Springer, 1984.Google Scholar

C., Pomerance, Fast, Rigorous Factorization and Discrete Logarithm Algorithms, Discrete Algorithms and Complexity, D. S., Johnson, editor, pp. 119–143, New York, Academic Press, 1987.Google Scholar

C., Pomerance, A Tale of Two Sieves, Notices of the American Mathematical Society, 43, 1473–1485, 1996.Google Scholar

C., Pomerance, J. W., Smith, and R., Tuler, A Pipe-line Architecture for Factoring Large Integers with the Quadratic Sieve Algorithm, SIAM Journal on Computing, 17, pp. 387–403, 1988.Google Scholar

B., Preneel, R., Govaerts, and J., Vandewalle, Information Authentication: Hash Functions and Digital Signatures, Computer Security and Industrial Cryptography: State of the Art and Evolution, Lecture Notes in Computer Science, B., Preneel, R., Govaerts, and J., Vandewalle, editors, vol. 741, pp. 87–131, New York, Springer, 1993.Google Scholar

B., Preneel, R., Govaerts, and J., Vandewalle, Hash Functions Based on Block Ciphers: A Synthetic Approach, Advances in Cryptology, CRYPTO93, D. R., Stinson, editor, pp. 368–378, New York, Springer, 1993.Google Scholar

G., Purdy, A High-Security Log-in Procedure, Communications of the Association for Computing Machinery, 17, 442–445, 1974.Google Scholar

M. O., Rabin, Digital Signatures and Public-Key Functions as Intractable as Factorization, Technical Report No. LCS-TR-212, Cambridge, MA, Massachusetts Institute of Technology Laboratory for Computer Science, 1979.Google Scholar

M. O., Rabin, Probabilistic Algorithm for Testing Primality, Journal of Number Theory, 12, 128–138, 1980.Google Scholar

I. S., Reed and G., Solomon, Polynomial Codes over Certain Finite Fields, Journal of the Society of Industrial and Applied Mathematics, vol. 8, pp. 300–304, 1960.Google Scholar

O., Regev, Lattice-Based Cryptography, Advances in Cryptology, CRYPTO06, N., Koblitz, editor, pp. 131–141, New York, Springer, 2006.Google Scholar

B., Riemann, On the Number of Primes Less Than a Given Quantity, Monatsberichte der Berliner Akademie, 1859.Google Scholar

R. L., Rivest, The MD4 Message Digest Algorithm, Advances in Cryptology, CRYPTO90, A., Menezes and S. A., Vanstone, editors, pp. 303–311, New York, Springer, 1990.Google Scholar

R. L., Rivest, A., Shamir, and L., Adleman, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the Associationfor Computing Machinery, 21, 120–126, 1978.Google Scholar

J., Rosenthal, A Polynomial Description of the Rijndael Advanced Encryption Standard, Journal of Algebra and its Applications, 2, 223–236, 2003.Google Scholar

K., Rubin and A., Silverberg, Torus-Based Cryptography, Advances in Cryptology, CRYPTO03, D., Boneh, editor, pp. 349–365, New York, Springer, 2003.Google Scholar

K., Rubin and A., Silverberg, Choosing the Correct Elliptic Curve in the CM Method, Mathematics of Computation, 79, 545–561, 2010.Google Scholar

H. G., Rück, On the Discrete Logarithms in the Divisor Class Group of Curves, Mathematics of Computation, 68, 805–806, 1999.Google Scholar

R. A., Rueppel, Analysis and Design of Stream Ciphers, New York, Springer, 1986.Google Scholar

R. A., Rueppel and O., Staffelbach, Products of Linear Recurring Sequences with Maximum Complexity, IEEE Transactions on Information Theory, IT-33, 124–131, 1987.Google Scholar

R., Sakai, K., Ohgishi, and M., Kasahara, Cryptosystems Based on Pairing, Proceedings of the Symposium on Cryptography and Information Security, Okinawa, Japan, 2000.Google Scholar

D. V., Sarwate and M. B., Pursley, Crosscorrelation Properties of Pseudorandom and Related Sequences, Proceedings of the IEEE, 68, 593–619, 1980.Google Scholar

T., Satoh, On p-adic Point Counting Algorithms for Elliptic Curves over Finite Fields, Journal of the Ramanujan Mathematics Society, 15, 247–270, 2000.Google Scholar

T., Satoh, On p-adic Point Counting Algorithms for Elliptic Curves over Finite Fields, 5th International Symposium on Algorithmic Number Theory V, Lecture Notes in Computer Science, C., FiekerandD. R., Kohel, editors, vol. 2369, pp. 43–66, New York, Springer, 2002.Google Scholar

E., Sava§, T. A., Schmidt, and C. K., Koc, Generating Elliptic Curves of Prime Order, Cryptographic Hardware and Embedded Systems, Lecture Notes in Computer Science, G., Goos, J., Hartmanis, and J., van Leeuwen, editors, vol. 2162, pp. 142–158, 2001.Google Scholar

B., Schneier, Applied Cryptography, New York, Wiley, 1996.Google Scholar

C. P., Schnorr, A Hierarchy of Polynomial Time Lattice Basis Reduction Algorithms, Theoretical Computer Science, 53, 201–224, 1987.Google Scholar

C. P., Schnorr, Efficient Signature Generation by Smart Cards, Journal of Cryptology, 4, 161–174, 1991a.Google Scholar

C. P., Schnorr, Method for Identifying Subscribers and for Generating and Verifying Electronic Signatures in a Data Exchange Signature, US Patent 4,995,082A, February 19, 1996.Google Scholar

R. J., Schoof, Elliptic Curves over Finite Fields and the Computation of Square Roots Mod p, Mathematics of Computation, 44, 483–494, 1985.Google Scholar

R. J., Schoof, Counting Points on Elliptic Curves over Finite Fields, Journal de Theorie des Nombres de Bordeaux, 7, 219–254, 1995.Google Scholar

R., Schroeppel, Elliptic Curve Point Halving Wins Big, Proceedings of 2nd Midwest Arithmetical Geometry in Cryptography Workshop, Urbana, IL, 2000.Google Scholar

E. S., Selmer, Linear Recurrence Relations over Finite Fields, Department of Mathematics, University of Bergen, Norway, 1966.Google Scholar

G., Seroussi, Table of Low-Weight Irreducible Polynomials over F2, Technical Report No. HPL-98-135, Palo Alto, CA, Hewlett-Packard Laboratories, 1998.Google Scholar

A., Shamir, How to Share a Secret, Communications of the Association for Computing Machinery, 22, 612–613, 1979.Google Scholar

A., Shamir, A Polynomial-Time Algorithm for Breaking the Basic Merkle-Hellman Cryptosystem, IEEE Transactions on Information Theory, IT-30, 699–704, 1984a.Google Scholar

A., Shamir, Identity-Based Cryptosystems and Signature Schemes, Advances in Cryptology, CRYPTO84, G. R., Blakly and D., Chaum, editors, pp. 47–53, New York, Springer, 1984b.Google Scholar

D., Shanks, Class Number, a Theory of Factorization, and Genera, Proceedings of the Symposia on Pure Mathematics, 20, 415–440, Providence, RI, American Mathematical Society, 1971.Google Scholar

D., Shanks, Five Number-Theoretic Algorithms, Proceedings of the 2nd Manitoba Conference on Numerical Mathematics, 51–70, 1972.Google Scholar

C. E., Shannon, A Mathematical Theory of Communication, Bell System Technical Journal, 27, 379-423 and 623–656, 1948 (Part I) pp. 623-656 (Part II). Reprinted in book form with postscript by W. Weaver, University of Illinois Press, Urbana, IL, 1949, Anniversary edition 1998.Google Scholar

C. E., Shannon, The Communication Theory of Secrecy Systems, Bell System Technical Journal, 28, 656–715, 1949.Google Scholar

P., Shor, Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer, SIAM Review, 41, 303–332, 1999.Google Scholar

V., Shoup, Lower Bounds for Discrete Logarithms and Related Problems, Advances in Cryptology, EUROCRYPT97, W., Fumy, editor, pp. 256–266, New York, Springer, 1997.Google Scholar

T., Siegenthaler, Correlation-Immunity of Nonlinear Combining Functions for Cryptographic Applications, IEEE Transactions on Information Theory, IT-30, 776–780, 1984.Google Scholar

J., Silverman, Arithmetic of Elliptic Curves, New York, Springer, 1986.Google Scholar

J., Silverman, The Xedni Calculus and the Elliptic Curve Discrete Logarithm Problem, Designs, Codes, and Cryptography, 20, 5–40, 2000.Google Scholar

J., Silverman and J., Tate, Rational Points on Elliptic Curves, New York, Springer, 1992.Google Scholar

D. R., Simon, Finding Collisions on a One-Way Street: Can Secure Hash Functions Be Based on General Assumptions?Advances in Cryptology, EUROCRYPT98, K., Nyberg, editor, pp. 334–345, New York, Springer, 1998.Google Scholar

S., Singh, The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography, New York, Anchor Books, 1999.Google Scholar

B., Smeets, Some Results on Linear Recurring Sequences, Ph.D. Dissertation, University of Lund, Sweden, 1987.Google Scholar

M. E., Smid and D. K., Branstad, The Data Encryption Standard: Past and Future, Contemporary Cryptology: The Science of Information Integrity, G. J., Simmons, editor, pp. 43–64, New York, IEEE Press, 1992.Google Scholar

J., Solinas, Efficient Arithmetic on Koblitz Curves, Designs, Codes, and Cryptography, 19, 195–249, 2000.Google Scholar

R., Solovay and V., Strassen, A Fast Monte Carlo Test for Primality, SIAM Journal on Computing, 6, 84–85, 1977.Google Scholar

A., Sorkin, LUCIFER, A Cryptographic Algorithm, Cryptologia, 8, 22–35, 1984.Google Scholar

M., Steiner, G., Tsudik, and M., Waidner, Key Agreement in Dynamic Peer Groups, IEEE Transactions on Parallel and Distributed Systems, PDS-11, 769–780, 2000.Google Scholar

I. N., Stewart and D. O., Tall, Algebraic Number Theory, London, Chapman and Hall, 1979.Google Scholar

H., Stichtenoth, Algebraic Function Fields and Codes, Berlin, Springer, 1993.Google Scholar

D. R., Stinson, Cryptography: Theory and Practice, 3rd edition, Boca Raton, FL, CRC Press, 2006.Google Scholar

J., Tate, WC-Group over p-adic Fields, Seminaire Bourbaki 10e Annee, Paris, Secretariat Mathématique, 1958.Google Scholar

J., Tate, Duality Theorems in Galois Cohomology over Number Fields, Proceedings of the International Congress on Mathematics, Stockholm, 1962.Google Scholar

J., Tate, Duality Theorems in Galois Cohomology over Number Fields, Proceedings of the International Congress of Mathematicians, pp. 288–295, Djursholm, Sweden, Institut Mittag-Leffler, 1963.Google Scholar

N., Theriault, Index Calculus Attack for Hyperelliptic Curves of Small Genus, Advances in Cryptology, Asiacrypt03, C.-S., Laih, editor, pp. 75-92, New York, Springer, 2003.Google Scholar

M., Tompa and H., Woll, How to Share a Secret with Cheaters, Journal of Cryptology, 1, 133–138, 1988.Google Scholar

A., Tonelli, Bemerkung über die Auflosung quadratischer Congruenzen, UniversitàtzuGottingen Nachrichen, pp. 344–346, 1891.Google Scholar

W., Trappe and L., Washington, Introduction to Cryptography with Coding Theory, New York, Prentice Hall, 2006.Google Scholar

S. M., Turner, Square Roots mod p, American Mathematical Monthly, 101, 443–449, 1994.Google Scholar

B., van der Waerden, Modern Algebra, vol. 2, New York, Frederick Ungar, 1950.Google Scholar

F., Vercauteren, An Extension of Kedlaya's Algorithm to Hyperelliptic Curves in Characteristic 2, Journal of Cryptology, 19, 1–25, 2006.Google Scholar

F., Vercauteren, Pairings on Elliptic Curves, Identity-Based Encryption, M., Joye and G., Neven, editors, Amsterdam, IOS Press, 2009.Google Scholar

F., Vercauteren, Optimal Pairings, IEEE Transactions on Information Theory, IT-56, 455–461, 2010.Google Scholar

G. S., Vernam, Cipher Printing Telegraph Systems for Secret Wise and Radio Telegraphic Communications, Journal of the American Institute of Electrical Engineering, 55, 109–115, 1926.Google Scholar

M., Walker, Information-Theoretic Bounds for Authentication Systems, Journal of Cryptology, 2, 131–143, 1990.Google Scholar

X., Wang and H., Yu, How to Break MD5 and Other Hash Functions, Advances in Cryptology, EUROCRYPT05, R., Cramer, editor, pp. 19–35, New York, Springer, 2005.Google Scholar

X., Wang, X., Lai, D., Feng, H., Chen, and X., Yu, Cryptanalysis of the Hash Functions MD4 and RIPEMD, Advances in Cryptology, EUROCRYPT05, R., Cramer, editor, pp. 1–18, New York, Springer, 2005.Google Scholar

M., Ward, An Arithmetical Theory of Linear Recurring Sequences, Transactions of the American Mathematics Society, 35, 600–628, 1933.Google Scholar

L. C., Washington, Elliptic Curves: Number Theory and Cryptography, 2nd edition, Boca Raton, FL, CRC Press, 2008.Google Scholar

M. N., Wegman and J. L., Carter, Universal Classes of Hash Functions, Journal of Computer and System Sciences, 10, 143–154, 1979.Google Scholar

A., Weil, Courbes Algebraiques et les Varietes Abeliennes, Paris, Hermann, 1948.Google Scholar

A., Weil, Numbers of Solutions of Equations in Finite Fields, Bulletin of the American Mathematics Society, 55, 497–508, 1949.Google Scholar

R., Wernsdorf, The One-Round Functions of the DES Generate the Alternating Group, Advances in Cryptology, EUROCRYPT92, R. A., Rueppel, editors, pp. 99–112, New York, Springer, 1992.Google Scholar

D., Wiedemann, Solving Sparse Linear Equations over Finite Fields, IEEE Transactions on Information Theory, IT-32, 54–62, 1986.Google Scholar

M., Wiener, Cryptanalysis of Short RSA Secret Exponents, IEEE Transactions on Information Theory, IT-36, 553–559, 1990.Google Scholar

M. V., Wilkes, Time-Sharing Computer Systems, Amsterdam, Elsevier, 1968.Google Scholar

T., Wollinger, Computer Architectures for Cryptosystems Based on Hyperelliptic Curves, MSc Thesis, Worcester Polytechnic Institute, 2001.Google Scholar

P. W., Wong and N., Memon, Secret and Public Key Image Watermarking Schemes for Image Authentication and Ownership Verification, IEEE Transactions on Image Processing, IP-10, 1593–1601, 2001.Google Scholar

A., Wyner, The Wire-Tap Channel, Bell System Technical Journal, 54, 1355–1387, 1975.Google Scholar

G.-Z., Xiao and J. L., Massey, A Spectral Approach to Correlation-Immune Combining Functions, IEEE Transactions on Information Theory, IT-34, 569–571, 1988.Google Scholar

M., Yoshida, Inseparable Multiplex Transmission Using the Pairing on Elliptic Curves and its Application in Watermarking, Proceedings of the 5th Conference on Algebraic Geometry, Number Theory, Coding Theory, and Cryptography, University of Tokyo, 2003.Google Scholar

C.-A., Zhao, F., Zhang, and J., Huang, A Note on the Ate Pairing, International Journal of Information Security, 7, 379–382, 2008.Google Scholar

N., Zierler, Linear Recurring Sequences, Journal of the Society of Industrial and Applied Mathematics, 7, 31–48, 1959.Google Scholar

N., Zierler and J., Brillhart, On Primitive Trinomials, Information and Control, 13, 541–544, 1968.Google Scholar