A survey of public-key cryptosystems

SIAM Review

Volumn 46, Issue 4, 2004, Pages 599-634

  Koblitz, Neal ^a   Menezes, Alfred J ^b  

^a UNIVERSITY OF WASHINGTON   (United States)

^b UNIVERSITY OF WATERLOO   (Canada)

Author keywords

Cryptography; Elliptic curve; Public key

Indexed keywords

ALGORITHMS; COMPUTERS; MATRIX ALGEBRA; POLYNOMIALS; QUANTUM CRYPTOGRAPHY; SECURITY OF DATA;

DIGITAL SIGNAL ALGORITHM; ELLIPTIC CURVE;

PUBLIC KEY CRYPTOGRAPHY;

EID: 11344267619     PISSN: 00361445     EISSN: None     Source Type: Journal    
DOI: 10.1137/S0036144503439190     Document Type: Article

References (124)

1. L. Adleman, J. Demarrais, and M. Huang, A subexponential algorithm for discrete logarithms over the rational subgroup of the Jacobians of large genus hyperelliptic curves over finite fields, in Algorithmic Number Theory: First International Symposium, Lecture Notes in Comput. Sci. 877, Springer-Verlag, Berlin, 1994, pp. 28-40.
2. D. Agrawal, B. Archambeault, J. Rao, and P. Rohatgi, The EM side-channel(s), in Cryptographic Hardware and Embedded Systems - CHES 2002, Lecture Notes in Comput. Sci. 2523, Springer-Verlag, Berlin, 2002, pp. 29-45.
3. I. Anshel, M. Anshel, and D. Goldfeld, An algebraic method for public-key cryptography, Math. Res. Lett., 6 (1999), pp. 1-5.
4. I. Anshel, M. Anshel, and D. Goldfeld, New key agreement protocol in braid group cryptography, in Topics in Cryptogrgphy - CT-RSA 2001, Lecture Notes in Comput. Sci. 2020, Springer-Verlag, Berlin, 2001, pp. 13-27.
5. R. Avanzi, Aspects of hyperelliptic curves over large prime fields in software implementations, in Cryptographic Hardware and Embedded Systems - CHES 2004, Lecture in Comput. Sci. 3156, Springer-Verlag, Berlin, 2004, pp. 148-162.
6. R. Balasubramanian and N. Koblitz, The improbability that an elliptic curve has subexponential discrete log problem under the Menezes-Okamoto-Vanstone algorithm, J. Cryptology, 11 (1998), pp. 141-145.
7. M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, Relations among notions of security for public-key encryption schemes, in Advances in Cryptology - CRYPTO '98, Lecture Notes in Comput. Sci. 1462, Springer-Verlag, Berlin, 1998, pp. 26-45.
8. C. H. Bennett and G. Brassard, Quantum cryptography: Public key distribution and coin tossing, in Proceedings of the IEEE International Conference on Computer Systems and Signal Processing, Bangalore, India, 1984, pp. 175-179.
9. C. H. Bennett, G. Brassard, S. Breidbart, and S. Wiesner, Quantum cryptography, or unforgeable subway tokens, in Advances in Cryptology - CRYPTO '82, Plenum, New York, 1983, pp. 267-275.
10. D. Bernstein, Circuits for Integer Factorization: A Proposal, preprint, 2001.
11. I. Biehl, J. Buchmann, and C. Thiel, Cryptographic protocols based on the discrete logarithm problem in real quadratic number fields, in Advances in Cryptology - CRYPTO '94, Lecture Notes in Comput. Sci. 839, Springer-Verlag, Berlin, 1994, pp. 56-60.
12. J. Birman, Braids, Links, and Mapping Class Groups, Princeton University Press, Princeton, NJ, 1975.
13. I. Blake, G. Seroussi, and N. Smart, Elliptic Curves in Cryptography Cambridge University Press, Cambridge, UK, 1999.
14. D. Bleichenbacher, Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1, in Advances in Cryptology - CRYPTO '98, Lecture Notes in Comput. Sci. 1462, Springer-Verlag, Berlin, 1998, pp. 1-12.
15. D. Boneh, Twenty years of attacks on the RSA cryptosystem, Notices Amer. Math. Soc., 46 (1999), pp. 203-213.
16. D. Boneh, R. Demillo, and R. Lipton, On the importance of checking cryptographic protocols for faults, in Advances in Cryptology - EUROCRYPT '97, Lecture Notes in Comput. Sci. 1233, Springer-Verlag, Berlin, 1997, pp. 37-51.
17. 0.292, IEEE Trans. Inform. Theory, 46 (2000), pp. 1339-1349.
18. D. Boneh and M. Franklin, Identity-based encryption from the Weil pairing, SIAM J. Comput., 32 (2003), pp. 586-615.
19. D. Boneh and R. Lipton, Algorithms for black-box fields and their applications to cryptography, in Advances in Cryptology - CRYPTO '96, Lecture Notes in Comput. Sci. 1109, Springer-Verlag, Berlin, 1996, pp. 283-297.
20. D. Boneh, B. Lynn, and H. Shacham, Short signatures from the Weil pairing, in Advances in Cryptology - ASIACRYPT 2001, Lecture Notes in Comput. Sci. 2248, Springer-Verlag, Berlin, 2001, pp. 514-532.
21. D. Boneh and R. Venkatesan, Breaking RSA may not be equivalent to factoring, in Advances in Cryptology - EUROCRYPT '98, Lecture Notes in Comput. Sci. 1403, Springer-Verlag, Berlin, 1998, pp. 59-71.
22. E. Brickell, Breaking iterated knapsacks, in Advances in Cryptology - CRYPTO '84, Lecture Notes in Comput. Sci. 196, Springer-Verlag, Berlin, 1985, pp. 342-358.
23. E. Brickell and A. Odlyzko, Cryptanalysis: A survey of recent results Proc. IEEE, 76 (1988), pp. 578-593.
24. J. Buchmann and S. Hamdy, A survey on IQ cryptography, in Public-Key Cryptography and Computational Number Theory, Walter de Gruyter, Berlin, 2001, pp. 1-15.
25. J. Buchmann, R. Scheidler, and H. C. Williams, A key exchange protocol using real quadratic fields, J. Cryptology, 7 (1994), pp. 171-199.
26. J. Buchmann and H. C. Williams, A key exchange system based on imaginary quadratic fields, J. Cryptology, 1 (1988), pp. 107-118.
27. B. Chor and R. Rivest, A knapsack-type public key cryptosystem based on arithmetic in finite fields, IEEE Trans. Inform. Theory, 34 (1988), pp. 901-909.
28. H. Cohen, A Course in Computational Algebraic Number Theory, Springer-Verlag, Berlin, 1993.
29. D. Coppersmith, Fast evaluation of logarithms in fields of characteristic two, IEEE Trans. Inform. Theory, 30 (1984), pp. 587-594.
30. D. Coppersmith and A. Shamir, Lattice attacks on NTRU, in Advances in Cryptology - EUROCRYPT '97, Lecture Notes in Comput. Sci. 1233, Springer-Verlag, Berlin, 1997, pp. 52-61.
31. R. Crandall and C. Pomerance, Prime Numbers: A Computational Perspective, Springer-Verlag, Berlin, 2001.
32. W. Diffie AND M. Hellman, New directions in cryptography, IEEE Trans. Inform. Theory, 22 (1976), pp. 644-654.
33. T. Elgamal, A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Trans. Inform. Theory, 31 (1985), pp. 469-472.
34. M. Fellows and N. Koblitz, Combinatorial cryptosystems galore!, Contemp. Math., 168 (1994), pp. 51-61.
35. M. Fouquet, P. Gaudry, and R. Harley, An extension of Satoh's algorithm and its implementation, J. Ramanujan Math. Soc., 15 (2000), pp. 281-318.
36. G. Frey and H. Rück, A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves, Math. Comp., 62 (1994), pp. 865-874.
37. P. Gaudry, An algorithm for solving the discrete log problem on hyperelliptic curves, in Advances in Cryptology - EUROCRYPT 2000, Lecture Notes in Comput. Sci. 1807, Springer-Verlag, Berlin, 2000, pp. 19-34.
38. P. Gaudry, A comparison and a combination of SST and AGM algorithms for counting points of elliptic curves in characteristic 2, in Advances in Cryptology - EUROCRYPT 2003, Lecture Notes in Comput. Sci. 2656, Springer-Verlag, Berlin, 2003, pp. 311-327.
39. P. Gaudry, Index Calculus for Abelian Varieties and the Elliptic Curve Discrete Logarithm Problem, preprint, 2004.
40. P. Gaudry, F. Hess, and N. Smart, Constructive and destructive facets of Weil descent on elliptic curves, J. Cryptology, 15 (2002), pp. 19-34.
41. W. Geiselmann and R. Steinwandt, Cryptanalysis of Polly Cracker, IEEE Trans. Inform. Theory, 48 (2002), pp. 2990-2991.
42. C. Gentry, J. Jonsson, M. Szydlo, and J. Stern, Cryptanalysis of the NTRU signature scheme (NSS) from Eurocrypt 2001, in Advances in Cryptology - ASIACRYPT 2001, Lecture Notes in Comput. Sci. 2248, Springer-Verlag, Berlin, 2001, pp. 1-20.
43. C. Gentry and M. Szydlo, Analysis of the revised NTRU signature scheme R-NSS, in Advances in Cryptology - EUROCRYPT 2002, Lecture Notes in Comput. Sci. 2332, Springer-Verlag, Berlin, 2002, pp. 299-320.
44. S. Goldwasser and S. Micali, Probabilistic encryption, J. Comput. System Sci., 29 (1984), pp. 270-299.
45. G. Gong and L. Harn, Public-key cryptosystems based on cubic finite field extensions, IEEE Trens. Inform. Theory, 45 (1999), pp. 2601-2605.
46. D. M. Gordon, Discrete logarithms in GF(p) using the number field sieve, SIAM J. Discrete Math., 6 (1993), pp. 124-138.
47. J. L. Hafner and K. S. McCurley, A rigorous subexponential algorithm for computation of class groups, J. Amer. Math. Soc., 2 (1989), pp. 839-850.
48. D. Hankerson, A. Menezes, and S. Vanstone, Guide to Elliptic Curve Cryptography, Springer-Verlag, New York, 2003.
49. J. Håstad, Solving simultaneous modular equations of low degree SIAM J. Comput., 17 (1988), pp. 336-341.
50. M. E. Hellman and R. C. Merkle, Hiding information and signatures in trapdoor knapsacks, IEEE Trans. Inform. Theory, 24 (1978), pp. 525-530.
51. F. Hess, The GHS attack revisited, in Advances in Cryptology - EUROCRYPT 2003, Lecture Notes in Comput. Sci. 2656, Springer-Verlag, Berlin, 2003, pp. 374-387.
52. J. Hoffstein, J. Pipher, and J. Silverman, NTRU: A ring-based public key cryptosystem, in Algorithmic Number Theory: Third International Symposium, Lecture Notes in Comput. Sci. 1423, Springer-Verlag, Berlin, 1998, pp. 267-288.
53. J. Hoffstein, J. Pipher, and J. Silverman, NSS: An NTRU lattice-based signature scheme, in Advances in Cryptology - EUROCRYPT 2001, Lecture Notes in Comput. Sci. 2045, Springer-Verlag, Berlin, 2001, pp. 211-228.
54. N. Howgrave-Graham, P. Nguyen, D. Pointcheval, J. Proos, J. Silverman, A. Singer, and W. Whyte, The impact of decryption failures on the security of NTRU encryption, in Advances in Cryptology - CRYPTO 2003, Lecture Notes in Comput. Sci. 2729, Springer-Verlag, Berlin, 2003, pp. 226-246.
55. J. Hughes, A linear algebraic attack on the AAFG1 braid group cryptosystem, in Proceedings of the 7th Australian Conference on Information Security and Privacy ACISP 2002, Lecture Notes in Comput. Sci. 2384, Springer-Verlag, Berlin, 2002, pp. 176-189.
56. T. Izu, J. Kogure, M. Noro, and K. Yokoyama, Efficient implementation of Schoof's algorithm, in Advances in Cryptology - ASIACRYPT '98, Lecture Notes in Comput. Sci. 1514, Springer-Verlag, Berlin, 1998, pp. 66-79.
57. M. Jacobson, N. Koblitz, J. Silverman, A. Stein, and E. Teske, Analysis of the xedni calculus attack, Des. Codes Cryptogr., 20 (2000), pp. 41-64.
58. M. Jacobson, A. Menezes, and A. Stein, Solving elliptic curve discrete logarithm problems using Weil descent, J. Ramanujan Math. Soc., 16 (2001), pp. 231-260.
59. E. Jaulmes and A. Joux, A chosen ciphertext attack against NTRU, in Advances in Cryptology - CRYPTO 2000, Lecture Notes in Comput. Sci. 1880, Springer-Verlag, Berlin, 2000, pp. 20-35.
60. A. Joux, A one round protocol for tripartite Diffie-Hellman, in Algorithmic Number Theory: Fourth International Symposium, Lecture Notes in Comput. Sci. 1838, Springer-Verlag, Berlin, 2000, pp. 385-393.
61. N. Koblitz, Elliptic curve cryptosystems, Math. Comp., 48 (1987), pp. 203-209.
62. N. Koblitz, Hyperelliptic cryptosystems, J. Cryptology, 1 (1989), pp. 139-150.
63. N. Koblitz, Constructing elliptic curve cryptosystems in characteristic 2, in Advances in Cryptology - CRYPTO '90, Lecture Notes in Comput. Sci. 537, Springer-Verlag, Berlin, 1991, pp. 156-167.
64. N. Koblitz, Elliptic curve implementation of zero-knowledge blobs, J. Cryptology, 4 (1991), pp. 207-213.
65. N. Koblitz, CM-curves with good cryptographic properties, in Advances in Cryptology - CRYPTO '91, Lecture Notes in Comput. Sci. 576, Springer-Verlag, Berlin, 1992, pp. 279-287.
66. N. Koblitz, A Course in Number Theory and Cryptography, 2nd ed., Springer-Verlag, New York, 1994.
67. N. Koblitz and A. Menezes, Another Look at "Provable Security," preprint, 2004.
68. P. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems, in Advances in Cryptology - CRYPTO '96, Lecture Notes in Comput. Sci. 1109, Springer-Verlag, Berlin, 1996, pp. 104-113.
69. P. Kocher, J. Jaffe, and B. Jun, Differential power analysis, in Advances in Cryptology - CRYPTO '99, Lecture Notes in Comput. Sci. 1666, Springer-Verlag, Berlin, 1999, pp. 388-397.
70. G. Lay and H. Zimmer, Constructing elliptic curves with given group order over large finite fields, in Algorithmic Number Theory: First International Symposium, Lecture Notes in Comput. Sci. 877, Springer-Verlag, Berlin, 1994, pp. 250-263.
71. A. K. Lenstra, H. W. Lenstra, Jr., and L. Lovasz, Factoring polynomials with integer coefficients, Math. Ann., 261 (1982), pp. 513-534.
72. A. K. Lenstra and A. Shamir, Analysis and optimization of the TWINKLE factoring device, in Advances in Cryptology - EUROCRYPT 2000, Lecture Notes in Comput. Sci. 1807, Springer-Verlag, Berlin, 2000, pp. 35-52.
73. A. K. Lenstra and E. R. Verheul, The XTR public key system, in Advances in Cryptology - CRYPTO 2000, Lecture Notes in Comput. Sci. 1880, Springer-Verlag, Berlin, 2000, pp. 1-19.
74. H. W. Lenstra, Jr., Factoring integers with elliptic curves, Ann. of Math. (2), 126 (1987), pp. 649-673.
75. M. Magyarik and N. Wagner, A public key cryptosystem based on the word problem, in Advances in Cryptology - CRYPTO '84, Lecture Notes in Comput. Sci. 196, Springer-Verlag, Berlin, 1985, pp. 19-36.
76. J. Manger, A chosen ciphertext attack on RSA optimal asymmetric encryption padding (OAEP) as standardized in PKCS #1 v2.0, in Advances in Cryptology - CRYPTO 2001, Lecture Notes in Comput. Sci. 2139, Springer-Verlag, Berlin, 2001, pp. 230-238.
77. W. Mao, Modern Cryptography: Theory and Practice, Prentice-Hall, Upper Saddle River, NJ, 2003.
78. M. Maurer, A. Menezes, and E. Teske, Analysis of the GHS Weil descent attack on the ECDLP over characteristic two finite fields of composite degree, LMS J. Comput. Math., 5 (2002), pp. 127-174.
79. U. M. Maurer and S. Wolf, The relationship between breaking the Diffie-Hellman protocol and computing discrete logarithms, SIAM J. Comput., 28 (1999), pp. 1689-1721.
80. A. Menezes, T. Okamoto, and S. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field, IEEE Trans. Inform. Theory, 39 (1993), pp. 1639-1646.
81. A. Menezes and M. Qu, Analysis of the Weil descent attack of Gaudry, Hess and Smart, in Topics in Cryptology - CT-RSA 2001, Lecture Notes in Comput. Sci. 2020, Springer-Verlag, Berlin, 2001, pp. 308-318.
82. A. Menezes, E. Teske, and A. Weng, Weak fields for ECC, in Topics in Cryptology - CT-RSA 2004, Lecture Notes in Comput. Sci. 2964, Springer-Verlag, Berlin, 2004, pp. 366-386.
83. A. Menezes, P. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography, CRC Press, Boca Raton, FL, 1996.
84. V. Miller, Uses of elliptic curves in cryptography, in Advances in Cryptology - CRYPTO '85, Lecture Notes in Comput. Sci. 218, Springer-Verlag, Berlin, 1986, pp. 417-426.
85. V. Miller, Short Programs for Functions on Curves, manuscript, 1986.
86. F. Morain, Building cyclic elliptic curves modulo large primes, in Advances in Cryptology - EUROCRYPT '91, Lecture Notes in Comput. Sci. 547, Springer-Verlag, Berlin, 1991, pp. 328-336.
87. P. S. Novikov, On the algorithmic unsolvability of the word problem in group theory, Trudy Mat. Inst. im. Steklov., 44 (1955), pp. 1-143.
88. A. Odlyzko, The rise and fall of knapsack cryptosystems, in Cryptology and Computational Number Theory, Proc. Sympos. Appl. Math. 42, AMS, Providence, RI, 1990, pp. 75-88.
89. J. Patarin, Cryptanalysis of the Matsumoto and Imai public key scheme of Eurocrypt '88, in Advances in Cryptology - CRYPTO '95, Lecture Notes in Comput. Sci. 963, Springer-Verlag, Berlin, 1995, pp. 248-261.
90. J. Patarin, Hidden fields equations (HFE) and isomorphisms of polynomials (IP): Two new families of asymmetric algorithms, in Advances in Cryptology - EUROCRYPT '96, Lecture Notes in Comput. Sci. 1070, Springer-Verlag, Berlin, 1996, pp. 33-48.
91. J. Patarin, Asymmetric cryptography with a hidden monomial, in Advances in Cryptology - CRYPTO '96, Lecture Notes in Comput. Sci. 1109, Springer-Verlag, Berlin, 1996, pp. 45-60.
92. J. Pelzl, T. Wollinger, J. Guajardo, and C. Paar, Hyperelliptic curve cryptosystems: Closing the performance gap to elliptic curves, in Cryptographic Hardware and Embedded Systems - CHES 2003, Lecture Notes in Comput. Sci. 2779, Springer-Verlag, Berlin, 2003, pp. 351-365.
93. S. Poslig and M. Hellman, An improved algorithm for computing logarithms over GF(p) and its cryptographic significance, IEEE Trans. Inform. Theory, 24 (1978), pp. 106-110.
94. J. Pollard, Monte Carlo methods for index computation mod p, Math. Comp., 32 (1978), pp. 918-924.
95. J. Pollard, Factoring with cubic integers, in The Development of the Number Field Sieve, Lecture Notes in Math. 1554, Springer-Verlag, Berlin, 1993, pp. 4-10.
96. J. Proos and C. Zalka, Shor's discrete logarithm quantum algorithm for elliptic curves, Quantum Inf. Comput., 3 (2003), pp. 317-344.
97. G. Purdy, A high-security log-in procedure, Coram. ACM, 17 (1974), pp. 442-445.
98. R. L. Rivest, A. Shamir, and L. Adleman, A method for obtaining digital signatures and public key cryptosystems, Comm. ACM, 21 (1978), pp. 120-126.
99. R. Sakai, K. Ohgishi, and M. Kasahara, Cryptosystems based on pairings, in Proceedings of the 2000 Symposium on Cryptography and Information Security, Okinawa, 2000.
100. T. Satoh, The canonical lift of an ordinary elliptic curve over a prime field and its point counting, J. Ramanujan Math. Soc., 15 (2000), pp. 247-270.
101. T. satoh and K. Araki, Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves, Comment. Math. Univ. St. Paul., 47 (1998), pp. 81-92.
102. T. Satoh, B. Skjernaa, and Y. Taguchi, Fast computation of canonical lifts of elliptic curves and its application to point counting, Finite Fields Appl., 9 (2003), pp. 89-101.
103. O. Schirokauer, Discrete logarithms and local units, Philos. Trans. Roy. Soc. London Ser. A, 345 (1993), pp. 409-423.
104. R. Schoof, Elliptic curves over finite fields and the computation of square roots mod p, Math. Comp., 44 (1985), pp. 483-494.
105. R. Schoof, Nonsingular plane cubic curves, J. Combin. Theory Ser. A, 46 (1987), pp. 183-211.
106. I. Semaev, Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p, Math. Comp., 67 (1998), pp. 353-356
107. A. Shamir, A polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystem, in Proceedings of the 23rd Annual Symposium on Foundations of Computer Science, IEEE Computer Society Press, New York, 1982, pp. 145-152.
108. A. Shamir and E. Tromer, Factoring large numbers with the TWIRL device, in Advances in Cryptology - CRYPTO 2003, Lecture Notes in Comput. Sci. 2729, Springer-Verlag, Berlin, 2003, pp. 1-26.
109. P. W. Shor, Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer, SIAM J. Comput., 26 (1997), 1484-1509.
110. J. Silverman, The Arithmetic of Elliptic Curves, Springer-Verlag, New York, 1986.
111. J. Silverman, The xedni calculus and the elliptic curve discrete logarithm problem, Des. Codes Cryptogr., 20 (2000), pp. 5-40.
112. J. Silverman and J. Suzuki, Elliptic curve discrete logarithms and the index calculus, Advances in Cryptology - ASIACRYPT '98, Lecture Notes in Comput. Sci. 1514, Springer-Verlag, Berlin, 1998, pp. 110-125.
113. N. Smart, The discrete logarithm problem on elliptic curves of trace one, J. Cryptology, 12 (1999), pp. 193-196.
114. J. Solinas, Efficient arithmetic on Koblitz curves, Des. Codes Cryptogr., 19 (2000), pp. 195-249.
115. D. Stinson, Cryptography: Theory and Practice, 2nd ed., Chapman & Hall/CRC, Boca Raton, FL, 2002.
116. E. Teske, Speeding up Pollard's rho method for computing discrete logarithms, in Algorithmic Number Theory: Third International Symposium, Lecture Notes in Comput. Sci. 1423, Springer-Verlag, Berlin, 1998, pp. 541-554.
117. N. Thériault, Index calculus attack for hyperelliptic curves of small genus, in Advances in Cryptology - ASIACRYPT 2003, Lecture Notes in Comput. Sci. 2894, Springer-Verlag, Berlin, 2003, pp. 75-92.
118. D. L. Van, A. Jeyanthi, R. Siromoney and K. G. Subramanian, Public key cryptosystems based on word problems, in Proceedings of the ICOMIDC Symposium on Mathematics of Computation, Ho Chi Minh City, 1988.
119. S. Vaudenay, Cryptanalysis of the Chor-Rivest cryptosystem, in Advances in Cryptology - CRYPTO '98, Lecture Notes in Comput. Sci. 1462, Springer-Verlag, Berlin, 1998, pp. 243-256.
120. E. Verheul, Evidence that XTR is more secure than supersingular elliptic curve cryptosystems, in Advances in Cryptology - EUROCRYPT 2001, Lecture Notes in Comput. Sci. 2045, Springer-Verlag, Berlin, 2001, pp. 195-210.
121. L. Washington, Elliptic Curves: Number Theory and Cryptography, Chapman & Hall/CRC, Boca Raton, FL, 2003.
122. W. Waterhouse, Abelian varieties over finite fields, Ann. Sci. École Norm. Sup. (4), 2 (1969), pp. 521-560.
123. M. Wiener, Cryptanalysis of short RSA secret exponents, IEEE Trans. Inform. Theory, 36 (1990), pp. 553-558.
124. M. V. Wilkes, Time-Sharing Computer Systems, Elsevier, New York, 1968.