{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T10:39:27Z","timestamp":1777372767873,"version":"3.51.4"},"publisher-location":"Berlin, Heidelberg","reference-count":49,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642041167","type":"print"},{"value":"9783642041174","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-04117-4_3","type":"book-chapter","created":{"date-parts":[[2010,2,22]],"date-time":"2010-02-22T16:44:00Z","timestamp":1266857040000},"page":"35-57","source":"Crossref","is-referenced-by-count":8,"title":["Elliptic Curve Cryptography"],"prefix":"10.1007","author":[{"given":"David","family":"Jao","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"issue":"6","key":"3_CR1","doi-asserted-by":"publisher","first-page":"644","DOI":"10.1109\/TIT.1976.1055638","volume":"IT-22","author":"W. Diffie","year":"1976","unstructured":"W. Diffie, M.E. Hellman: New directions in cryptography, IEEE Trans. Inf. Theory IT-22(6), 644\u2013654 (1976)","journal-title":"IEEE Trans. Inf. Theory"},{"issue":"143","key":"3_CR2","doi-asserted-by":"publisher","first-page":"918","DOI":"10.2307\/2006496","volume":"32","author":"J.M. Pollard","year":"1978","unstructured":"J.M. Pollard: Monte Carlo methods for index computation mod p, Math. Comput. 32(143), 918\u2013924 (1978)","journal-title":"Math. Comput."},{"key":"3_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1007\/11818175_19","volume-title":"Advances in cryptology \u2013 CRYPTO 2006","author":"A. Joux","year":"2006","unstructured":"A. Joux, R. Lercier, N. Smart, F. Vercauteren: The number fieldsieveinthemediumprimecase.In: Advances in cryptology \u2013 CRYPTO 2006, Lecture Notes in Computer Science, Vol.4117, ed. by C. Dwork (Springer, Berlin 2006) pp. 326\u2013344"},{"key":"3_CR4","series-title":"Springer Professional Computing","volume-title":"Guide to elliptic curve cryptography","author":"D. Hankerson","year":"2004","unstructured":"D. Hankerson, A. Menezes, S. Vanstone: Guide to elliptic curve cryptography, Springer Professional Computing (Springer, New York 2004)"},{"key":"3_CR5","series-title":"Discrete Mathematics and its Applications","volume-title":"Handbook of elliptic and hyperelliptic curve cryptography","year":"2006","unstructured":"H. Cohen, G. Frey, R. Avanzi, C. Doche, T. Lange, K. Nguyen, F. Vercauteren (Eds.): Handbook of elliptic and hyperelliptic curve cryptography, Discrete Mathematics and its Applications (Chapman & Hall\/CRC, Boca Raton 2006)"},{"issue":"6","key":"3_CR6","doi-asserted-by":"crossref","first-page":"531","DOI":"10.1051\/ita\/1990240605311","volume":"24","author":"F. Morain","year":"1990","unstructured":"F. Morain, J. Olivos: Speeding up the computations on an elliptic curve using addition-subtraction chains, RAIRO Inform. Th\u00e8or. Appl. 24(6), 531\u2013543 (1990), (English, with French summary)","journal-title":"RAIRO Inform. Th\u00e8or. Appl."},{"issue":"262","key":"3_CR7","doi-asserted-by":"crossref","first-page":"1075","DOI":"10.1090\/S0025-5718-07-02048-0","volume":"77","author":"V. Dimitrov","year":"2008","unstructured":"V. Dimitrov, L. Imbert, P.K. Mishra: The double-base number system and its application to elliptic curve cryptography, Math. Comput. 77(262), 1075\u20131104 (2008)","journal-title":"Math. Comput."},{"key":"3_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1007\/978-3-540-76900-2_3","volume-title":"Advances in cryptology \u2013 ASIACRYPT 2007","author":"D.J. Bernstein","year":"2007","unstructured":"D.J. Bernstein, T. Lange: Faster addition and doubling on elliptic curves. In: Advances in cryptology \u2013 ASIACRYPT 2007, Lecture Notes in Computer Science, Vol.4833, ed. by K. Kurosawa (Springer, Berlin 2007) pp. 29\u201350"},{"key":"3_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"190","DOI":"10.1007\/3-540-44647-8_11","volume-title":"Advances in cryptology \u2013 CRYPTO 2001","author":"R.P. Gallant","year":"2001","unstructured":"R.P. Gallant, R.J. Lambert, S.A. Vanstone: Faster point multiplication on elliptic curves with efficient endomorphisms. In: Advances in cryptology \u2013 CRYPTO 2001, Lecture Notes in Computer Science, Vol.2139, ed. by J. Kilian (Springer, Berlin 2001) pp. 190\u2013200"},{"key":"3_CR10","unstructured":"Certicom Corp.: Certicom ECC Challenge (November 1997), http:\/\/www.certicom.com\/index.php\/the -certicom-ecc-challenge"},{"issue":"1","key":"3_CR11","doi-asserted-by":"publisher","first-page":"106","DOI":"10.1109\/TIT.1978.1055817","volume":"IT-24","author":"S.C. Pohlig","year":"1978","unstructured":"S.C. Pohlig, M.E. Hellman: An improved algorithm for computing logarithms over GF(p) and its cryptographic significance, IEEE Trans. Inf. Theory IT-24(1), 106\u2013110 (1978)","journal-title":"IEEE Trans. Inf. Theory"},{"issue":"3","key":"3_CR12","doi-asserted-by":"publisher","first-page":"649","DOI":"10.2307\/1971363","volume":"126","author":"H.W. Lenstra Jr.","year":"1987","unstructured":"H.W. Lenstra Jr.: Factoring integers with elliptic curves, Ann. Math. (2) 126(3), 649\u2013673 (1987)","journal-title":"Ann. Math. (2)"},{"key":"3_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"276","DOI":"10.1007\/3-540-45455-1_23","volume-title":"Algorithmic number theory (Sydney 2002)","author":"M. Fouquet","year":"2002","unstructured":"M. Fouquet, F. Morain: Isogeny volcanoes and the SEA algorithm. In: Algorithmic number theory (Sydney 2002), Lecture Notes in Computer Science, Vol.2369, ed. by C. Fieker, D.R. Kohel (Springer, Berlin 2002) pp. 276\u2013291"},{"key":"3_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1007\/3-540-49264-X_7","volume-title":"Advances in cryptology \u2013 EUROCRYPT \u201995","author":"R. Lercier","year":"1995","unstructured":"R. Lercier, F. Morain: Counting the number of points on elliptic curves over finite fields: strategies and performances. In: Advances in cryptology \u2013 EUROCRYPT \u201995, Lecture Notes in Computer Science, Vol.921, ed. by L.C. Guillou, J.-J. Quisquater (Springer, Berlin 1995) pp. 79\u201394"},{"issue":"170","key":"3_CR15","doi-asserted-by":"publisher","first-page":"483","DOI":"10.2307\/2007968","volume":"44","author":"R. Schoof","year":"1985","unstructured":"R. Schoof: Elliptic curves over finite fields and the computation of square roots mod p, Math. Comput. 44(170), 483\u2013494 (1985)","journal-title":"Math. Comput."},{"issue":"4","key":"3_CR16","first-page":"247","volume":"15","author":"T. Satoh","year":"2000","unstructured":"T. Satoh: The canonical lift of an ordinary elliptic curve over a finite field and its point counting, J. Ramanujan Math. Soc. 15(4), 247\u2013270 (2000)","journal-title":"J. Ramanujan Math. Soc."},{"key":"3_CR17","unstructured":"National Institute of Standards and Technology: Digital Signature Standard (DSS), Technical Report FIPS PUB 186\u20132 (2000), http:\/\/csrc.nist.gov\/publications\/fips\/fips186-2\/fips186-2-change1.pdf"},{"key":"3_CR18","unstructured":"ANSI Standards Committee X9, Public key cryptography for the financial services industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), ANSI X9.62-2005"},{"key":"3_CR19","unstructured":"G. Seroussi: Compression and decompression of elliptic curve data points, US Patent 6252960 (2001)"},{"key":"3_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1007\/3-540-39568-7_2","volume-title":"Advances in Cryptology 1984","author":"T. Gamal El","year":"1985","unstructured":"T. El Gamal: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Advances in Cryptology 1984, Lecture Notes in Computer Science, Vol.196, ed. by G.R. Blakley, D. Chaum (Springer, Berlin 1985) pp. 10\u201318"},{"issue":"2","key":"3_CR21","doi-asserted-by":"publisher","first-page":"391","DOI":"10.1137\/S0097539795291562","volume":"30","author":"D. Dolev","year":"2000","unstructured":"D. Dolev, C. Dwork, M. Naor: Nonmalleable cryptography, SIAM J. Comput. 30(2), 391\u2013437 (2000)","journal-title":"SIAM J. Comput."},{"key":"3_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"103","DOI":"10.1007\/3-540-69053-0_9","volume-title":"Advances in cryptology \u2013 EUROCRYPT \u201997","author":"R. Cramer","year":"1997","unstructured":"R. Cramer, R. Gennaro, B. Schoenmakers: A secure and optimally efficient multi-authority election scheme. In: Advances in cryptology \u2013 EUROCRYPT \u201997, Lecture Notes in Computer Science, Vol.1233, ed. by W. Fumy (Springer, Berlin 1997) pp. 103\u2013118"},{"key":"3_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/3-540-45353-9_12","volume-title":"Topics in Cryptology \u2013 CT-RSA 2001","author":"M. Abdalla","year":"2001","unstructured":"M. Abdalla, M. Bellare, P. Rogaway: The oracle Diffie\u2013Hellman assumptions and an analysis of DHIES.In:TopicsinCryptology\u2013CT-RSA2001,Lecture Notes in Computer Science, Vol.2020, ed. by D. Naccache (Springer, Berlin 2001) pp. 143\u2013158"},{"key":"3_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1007\/978-3-540-78967-3_8","volume-title":"Advances in cryptology \u2013 EUROCRYPT 2008","author":"D. Cash","year":"2008","unstructured":"D. Cash, E. Kiltz, V. Shoup: The twin Diffie\u2013Hellman problemand applications. In: Advances in cryptology \u2013 EUROCRYPT 2008, Lecture Notes in Computer Science, Vol.4965, ed. by N. Smart (Springer, Berlin 2008) pp. 127\u2013145"},{"key":"3_CR25","unstructured":"ANSI Standards Committee X9, Public key cryptography for the financial services industry: Key agreement and key transport using elliptic curve cryptography, ANSI X9.63-2001"},{"issue":"1\u20133","key":"3_CR26","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1023\/A:1016549024113","volume":"26","author":"I.F. Blake","year":"2002","unstructured":"I.F. Blake, T. Garefalakis: On the security of the digital signature algorithm, Des. Codes Cryptogr. 26(1\u20133), 87\u201396 (2002), In honour of R.C. Mullin","journal-title":"Des. Codes Cryptogr."},{"key":"3_CR27","unstructured":"National Institute of Standards and Technology: Secure Hash Standard (SHS), Technical Report FIPS PUB 180\u20132 (2002), http:\/\/csrc.nist.gov\/publications\/fips\/fips180-2\/fips180-2withchangenotice.pdf"},{"key":"3_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1007\/3-540-36288-6_16","volume-title":"Public key cryptography \u2013 PKC 2003","author":"A. Antipa","year":"2002","unstructured":"A. Antipa, D. Brown, A. Menezes, R. Struik, S. Vanstone: Validation of elliptic curve public keys. In: Public key cryptography \u2013 PKC 2003, Lecture Notes in Computer Science, Vol.2567, ed. by Y.G. Desmedt (Springer, Berlin 2002) pp. 211\u2013223"},{"issue":"16","key":"3_CR29","doi-asserted-by":"publisher","first-page":"3113","DOI":"10.1016\/j.dam.2007.12.010","volume":"156","author":"S.D. Galbraith","year":"2008","unstructured":"S.D. Galbraith, K.G. Paterson, N.P. Smart: Pairings for cryptographers, Discrete Appl. Math. 156(16), 3113\u20133121 (2008)","journal-title":"Discrete Appl. Math."},{"issue":"4","key":"3_CR30","doi-asserted-by":"publisher","first-page":"263","DOI":"10.1007\/s00145-004-0312-y","volume":"17","author":"A. Joux","year":"2004","unstructured":"A. Joux: A one round protocol for tripartite Diffie\u2013Hellman, J. Cryptol. 17(4), 263\u2013276 (2004)","journal-title":"J. Cryptol."},{"issue":"3","key":"3_CR31","doi-asserted-by":"publisher","first-page":"586","DOI":"10.1137\/S0097539701398521","volume":"32","author":"D. Boneh","year":"2003","unstructured":"D. Boneh, M. Franklin: Identity-based encryption from the Weil pairing, SIAM J. Comput. 32(3), 586\u2013615 (2003)","journal-title":"SIAM J. Comput."},{"issue":"4","key":"3_CR32","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1007\/s00145-004-0314-9","volume":"17","author":"D. Boneh","year":"2004","unstructured":"D. Boneh, B. Lynn, H. Shacham: Short signatures from the Weil pairing, J. Cryptol. 17(4), 297\u2013319 (2004)","journal-title":"J. Cryptol."},{"key":"3_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1007\/11693383_22","volume-title":"Selected areas in cryptography","author":"P.S.L.M. Barreto","year":"2006","unstructured":"P.S.L.M. Barreto, M. Naehrig: Pairing-friendly elliptic curves of prime order. In: Selected areas in cryptography, Lecture Notes in Computer Science, Vol.3897, ed. by B. Preneel, S. Tavares (Springer, Berlin 2006) pp. 319\u2013331"},{"issue":"2","key":"3_CR34","doi-asserted-by":"publisher","first-page":"141","DOI":"10.1007\/s001459900040","volume":"11","author":"R. Balasubramanian","year":"1998","unstructured":"R. Balasubramanian, N. Koblitz: The improbability that an elliptic curve has subexponential discrete log problem under the Menezes-Okamoto-Vanstone algorithm, J. Cryptol. 11(2), 141\u2013145 (1998)","journal-title":"J. Cryptol."},{"issue":"5","key":"3_CR35","doi-asserted-by":"publisher","first-page":"1639","DOI":"10.1109\/18.259647","volume":"39","author":"A.J. Menezes","year":"1993","unstructured":"A.J. Menezes, T. Okamoto, S.A. Vanstone: Reducing elliptic curve logarithms to logarithms in a finite field, IEEE Trans. Inf. Theory 39(5), 1639\u20131646 (1993)","journal-title":"IEEE Trans. Inf. Theory"},{"issue":"5","key":"3_CR36","doi-asserted-by":"publisher","first-page":"1717","DOI":"10.1109\/18.771254","volume":"45","author":"G. Frey","year":"1999","unstructured":"G. Frey, M. M\u00fcller, H.-G. R\u00fcck: The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems,IEEE Trans.Inf.Theory 45(5),1717\u20131719 (1999)","journal-title":"IEEE Trans.Inf.Theory"},{"key":"3_CR37","unstructured":"D.B. Johnson, A.J. Menezes: Elliptic curve DSA (ECSDA): an enhanced DSA, SSYM\u201998: Proc. 7th Conference on USENIX Security Symposium 1998, USENIX Security Symposium, Vol.7 (USENIX Association, Berkeley 1998) pp. 13\u201313"},{"key":"3_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1007\/3-540-45455-1_3","volume-title":"Algorithmic number theory 2002","author":"A. Joux","year":"2002","unstructured":"A. Joux: The Weil and Tate pairings as building blocks for public key cryptosystems. In: Algorithmic number theory 2002, Lecture Notes in Computer Science, Vol.2369, ed. by C. Fieker, D.R. Kohel (Springer, Berlin 2002) pp. 20\u201332"},{"key":"3_CR39","unstructured":"C.C. Cocks, R.G.E. Pinch: Identity-based cryptosystems based on the Weil pairing (2001), Unpublished manuscript"},{"key":"3_CR40","doi-asserted-by":"crossref","unstructured":"D. Freeman, M. Scott, E. Teske: A taxonomy of pairing-friendly elliptic curves, J. Cryptol., to appear","DOI":"10.1007\/s00145-009-9048-z"},{"issue":"5","key":"3_CR41","first-page":"1234","volume":"E84-A","author":"A. Miyaji","year":"2001","unstructured":"A. Miyaji, M. Nakabayashi, S. Takano: New explicit conditions of elliptic curve traces for FR-reduction, IEICE Trans. Fundam. E84-A(5), 1234\u20131243 (2001)","journal-title":"IEICE Trans. Fundam."},{"key":"3_CR42","unstructured":"B. Lynn: The Pairing-Based Cryptography Library, http:\/\/crypto.stanford.edu\/pbc\/"},{"key":"3_CR43","series-title":"Graduate Texts in Mathematics","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4757-1920-8","volume-title":"The arithmetic of elliptic curves","author":"J.H. Silverman","year":"1986","unstructured":"J.H. Silverman: The arithmetic of elliptic curves, Graduate Texts in Mathematics, Vol.106 (Springer, New York 1986)"},{"key":"3_CR44","series-title":"London Mathematical Society Lecture Note Series","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9780511546570","volume-title":"Advances in elliptic curve cryptography","author":"I.F. Blake","year":"2005","unstructured":"I.F. Blake, G. Seroussi, N.P. Smart: Advances in elliptic curve cryptography. In: London Mathematical Society Lecture Note Series, Vol.317 (Cambridge University Press, Cambridge 2005)"},{"issue":"4","key":"3_CR45","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1007\/s00145-004-0315-8","volume":"17","author":"V.S. Miller","year":"2004","unstructured":"V.S. Miller: The Weil pairing, and its efficient calculation, J. Cryptol. 17(4), 235\u2013261 (2004)","journal-title":"J. Cryptol."},{"issue":"3","key":"3_CR46","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1007\/s10623-006-9033-6","volume":"42","author":"P.S.L.M. Barreto","year":"2007","unstructured":"P.S.L.M. Barreto, S.D. Galbraith, C. \u00d2\u2019h\u00c8igeartaigh, M. Scott: Efficient pairing computation on supersingular abelian varieties, Des. Codes Cryptogr. 42(3), 239\u2013271 (2007)","journal-title":"Des. Codes Cryptogr."},{"issue":"10","key":"3_CR47","doi-asserted-by":"publisher","first-page":"4595","DOI":"10.1109\/TIT.2006.881709","volume":"52","author":"F. Hess","year":"2006","unstructured":"F. Hess, N.P. Smart, F. Vercauteren: The eta pairing revisited, IEEE Trans. Inf. Theory52(10), 4595\u20134602 (2006)","journal-title":"IEEE Trans. Inf. Theory"},{"issue":"4","key":"3_CR48","doi-asserted-by":"publisher","first-page":"277","DOI":"10.1007\/s00145-004-0313-x","volume":"17","author":"E.R. Verheul","year":"2004","unstructured":"E.R. Verheul: Evidence that XTR is more secure than supersingular elliptic curve cryptosystems, J. Cryptol. 17(4), 277\u2013296 (2004)","journal-title":"J. Cryptol."},{"key":"3_CR49","series-title":"London Mathematical Society Lecture Note Series","volume-title":"Elliptic curves in cryptography","author":"I.F. Blake","year":"2000","unstructured":"I.F. Blake, G. Seroussi, N.P. Smart: Elliptic curves in cryptography. In: London Mathematical Society Lecture Note Series, Vol.265 (Cambridge University Press, Cambridge 2000), reprint of the 1999 original"}],"container-title":["Handbook of Information and Communication Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-04117-4_3.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,30]],"date-time":"2021-04-30T10:57:26Z","timestamp":1619780246000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-04117-4_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642041167","9783642041174"],"references-count":49,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-04117-4_3","relation":{},"subject":[],"published":{"date-parts":[[2010]]}}}