Standards

• ISO/IEC FDIS 15946-1, Information technology - Security techniques - Cryptographic techniques based on elliptic curves - Part 1: General
• ISO/IEC FDIS 15946-2, Information technology - Security techniques - Cryptographic techniques based on elliptic curves - Part 2: Digital signatures
• ISO/IEC FCD 15946-3, Information technology - Security techniques - Cryptographic techniques based on elliptic curves - Part 3: Key establishment
• ISO/IEC FCD 15946-4, Information technology - Security techniques - Cryptographic techniques based on elliptic curves - Part 4: Digital signatures giving message recovery
  
  
• IEEE P1363, included ECDSA, ECNR, ECDH and ECMQV. Draft Version D13(1999,11,12) (local copy)
• IEEE P1363a, included ECDSA, ECNR, ECNR2, ECPV, ECDH and ECMQV. Draft Version D9(2001.6.13) (local copy)
  *Diagrams for P1363a(GIF format) (local copy)
  
  
• ANSI X9.62, Public Key Cryptography for the Financial Services Industry : The Elliptic Curve Digital Signature Algorithm (ECDSA), approved January 1999. previous draft(Sep. 1998)
• ANSI X9.63, Public Key Cryptography For The Financial Services Industry: Key Agreement and Key Transport Using Elliptic Curve Cryptography, Working Draft ver. 1999,1,8. (local copy)
  
  
• SEC1 of Certicom Research, Elliptic Curve Cryptography, v1.0 (2000,9,20) (local copy)
  
• SEC2 of Certicom Research, Recommended Elliptic Curve Cryptography Domain Parameters, v1.0 (2000,9,20) (local copy)
• GEC2, Test Vectors for SEC1 ver. 0.3 (1999,9,29) (local copy)
  
• Draft ECC X.509 Specification, Working Draft ver. 0.2 (1999,8,26) (local copy)
  

• PKCS#11 v2.10 Amendment 1:ECC, Working Draft2 (2000,11,30) (local copy)
• PKCS #13: Elliptic Curve Cryptography Standard
  Presentation of v1.0 proposal (PowerPoint) from the '98 Workshop
  
  
  
• FIPS 186-2 of NIST, included DSA and ECDSA. 2000,1,27 (local copy)
  *Recommanded Elliptic Curve for Federal Government Use (local copy)
  
  
• ECC Cipher Suites For TLS, TLS WG draft, March 2001.
• Additional ECC Groups For IKE, IPsec WG draft, March 2001.
• Use of ECC Algorithms in CMS, S/MIME WG draft, May 2001.
• Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and CRL Profile, PKIX WG draft, July 2001.
  
  
• Wireless Transport Layer Security Specification, approved version (WAP 2.0), WAP Forum, 2001,4,6 (local copy)

Overview/General

• The Group Law on Elliptic Curves on Hesse form, Hege R. Frium, CACR(Univ. of Waterloo) Technical Report, CORR 2001-09, 2001. (local copy)
• Elliptic Curve Cryptosystems An Overview, Leonard Jacobs, SANS, March 24, 2001.
• An Overview of Elliptic Curve Cryptography, Julio Lopez, et al, 2000. (local copy)
• Elliptic Curves and Their Applications to Cryptography : An Introduction, A. Enge, Kluwer Academic Publishers, 1999.
• Elliptic Curve in Cryptography, I.F.Bake, G.Seroussi and N.Smart, Cambridze University Press, 1999.
• Elliptic curve public-key cryptosystems - an introduction, E. De Win and B. Preneel, State of the Art in Applied Cryptography, Springer-Verlag, LNCS 1528, pp.131-141, 1998. (local copy)
• Overview of elliptic curve cryptography, T. Satoh, K. Araki and S. Miura, Proc. of PKC'98, Springer-Verlag, LNCS 1431, pp.29-49, 1998.
• Elliptic Curve and their Use in Cryptography, V. Miller, Proc. of PKC'97, Springer-Verlag, 1997.
• The Arithmetic of Elliptic Curves, J. Silverman, Graduate Texts in Mathematics 106, Springer-Verlag, 1991.
• Elliptic Curve Cryptosystems, N. Koblitz, Mathematics of Computation, Vol.48, No.177, pp.203-209, 1987
  
  
• Practical comparison of Fast Public-key Cryptosystems, P. Karu, J. Loikkanen, Telecommunications Software and Multimedia Lab. at Helsinki Univ. of Technology, 2001. (local copy)
  
  [related to Hyperelliptic curves]
• Isomorphism classes of genus-2 hyperelliptic curves over finite fields, L. Encinas, A. Menezes and J. Masque, CACR(Univ. of Waterloo) Technical Report, CORR 2001-26, 2001. (local copy)
• Construction of Hyperelliptic Curves with CM and its Application to Cryptosystems, J. Chao, K. Matsuo, H. Kawashiro and S. Tsujii, Proc. of ASIACRYPT'00, Springer-Verlag, LNCS 1976, pp.259-273, 2000
• Two Topics in Hyperelliptic Cryptography, Florian Hess, Gadiel Seroussi and Nigel Smart, HP Labs Technical Reports HPL-2000-118, 2000. (local copy)
• Cryptography in Quadratic Function Fields, R. Scheidler, CACR(Univ. of Waterloo) Technical Report, CORR 99-53, 1999. (local copy)
• Ideal Arithmetic and Infrastructure in Purely Cubic Function Fields, R. Scheidler , CACR(Univ. of Waterloo) Technical Report, CORR 99-45, 1999. (local copy)
• Real and Imaginary Quadratic Representations of Hyperelliptic Function Fields, A. Paulus and H. Ruck, Mathematics of Computation, Vol.68, No.227, pp.1233 - 1241, 1999
• An Elementary Introduction to Hyperelliptic Curves, A. Menezes, Y. Wu and R. Zuccherato, CACR(Univ. of Waterloo) Technical Report, CORR 96-19, 1996. (local copy)
• Computing a Hyperelliptic Integral Using Arithmetic in the Jacobian of the Curve, L. Bertrand, Applicable Algebra in Engineering, Communication and Computing, vol.6, pp.275-298, 1995
• Efficient algorithms for the construction of hyperelliptic cryptosystems, T. Okamoto, K. Sakurai, Proc. of Crypto'91, Springer Verlag, pp.267-278, 1992
• Hyperelliptic cryptosystems, N. Koblitz, Journal of Cryptology, Vol.1(3):139-150, 1989.
  
  [related to supersingular curves]
• Arithmetic on superelliptic curves, S.D. Galbraith, S. Paulus, N. Smart, to appear in Mathematics of Computation, 2000
• Supersingular curves in cryptography, S. Galbraith, Preprint 2000. (local copy)

Security/Analysis

• How Secure Are Elliptic Curves over Composite Extension Fields?, Nigel P. Smart, Proc. of Eurocrypto'2001, Springer-Verlag, LNCS 2045, pp.30-39, 2001. (local copy)
• The exact security of ECDSA, Daniel R.L. Brown, IEEE P1363: Research Contributions, January 16, 2001. (local copy)
• On the Complexity of Constructing an Elliptic Curve of a Given Order, M. Yamamichi, M. Mambo and H. Shizuya, IEICE Trans. Fundamentals, vol.E84-A(1):140-145, 2001.1 (local copy)
• Power Analysis Breaks Elliptic Curve Cryptosystem even Secure against Timing Attack, K. Okeya and K. Sakurai, Proc. of Indocrypt'2000.
• Differential Fault Attacks on Elliptic Curve Cryptosystems, I. Biehl, B. Meyer and V. Muller, Proc. of Crypto'2000, Springer-Verlag, LNCS 1880, pp.131-146, 2000.
• The Insecurity of the Digital Signature Algorithm with Partially Known Nonces, Phong Q. Nguyen and Igor E. Shparlinski, Submission to a journal in progress, 2000. (local copy)
• Remarks on Elliptic Cureve Discrete Logarithm Problems, N. Kanayama, T. Kobayashi, T. Saito and S. Uchiyama, IEICE Trans. Fundamentals, Vol.E83-A, No.1, pp.17-22, 2000. (local copy)
• Remarks on the Security of the Elliptic Curve Cryptosystem, A Certicom Whitepaper, Updated July 2000. (local copy)
• PSEC-3: Provably Secure Elliptic Curve Encryption Scheme (Version 2), T. Okamoto and D. Pointcheval, Contribution to IEEE P1363a, 2000. (local copy)
• Faster Attacks on Elliptic Curve Cryptosystems, Michael Wiener and Robert Zuccherato, IEEE P1363: Research Contributions, 1999. (local copy)
• Elliptic curve discrete logarithms and the index calculus, Joseph H. Silverman and Joe Suzuki, Proc. of Asiscrypt'98, Springer-Verlag, LNCS 1514, pp.110-125, 1998 (local copy)
• Speeding Up Pollard's Rho Method for Computing Discrete Logarithms, E. Teske, Proc. of ANTS III, Springer-Verlag, LNCS 1423, pp.541-554, 1998.
• The Improbability that an Elliptic Curve Has Sub-Exponential Discrete Log Problem under the Menezes-Okamoto-Vanstone Algorithm, R. Balasubramanian and N. Koblitz, Journal of Cryptology, Vol.11, pp.141-145, 1998.
  
  [related to Key length]
• Determining Strengths For Public Keys Used For Exchanging Symmetric Keys, Hilarie Orman and Paul Hoffman, Internet Draft, July 16, 2001. (local copy)
• Selecting Cryptographic Key Sizes, Arjen K. Lenstra and Eric R. Verheul, To appear in Journal of Cryptology. (local copy)
  
  [related to Hyperelliptic curves]
• An Algorithm for Solving the Discrete Logarithm on Hyperelliptic Curves, P. Gaudry, Proc. of Eurocrypt'2000, Springer-Verlag, LNCS 1807, pp.19-34, 2000. (local copy)
• The Parallelized Pollard Kangaroo Method in Real Quadratic Funciton Fields, A. Stein and E. Teske, CACR(Univ. of Waterloo) Technical Report, CORR 2000-35 (local copy).
• Smooth Ideals in Hyperelliptic Function Fields, A. Enge and A. Stein, CACR(Univ. of Waterloo) Technical Report, CORR 2000-08, 2000. (local copy)
• Explicit Bounds and Heuristics on Class Numbers in Hyperelliptic Function Fields, A. Stein and E. Teske, CACR(Univ. of Waterloo) Technical Report, CORR 99-26, 1999. (local copy)
• Sharp Upper Bounds for Arithmetics in Hyperelliptic Function Fields, A. Stein, CACR(Univ. of Waterloo) Technical Report, CORR 99-23, 1999. (local copy)
• Computing Discrete Logarithms in High-Genus Hyperelliptic Jacobians in Provably Subexponential Time, A. Enge, CACR(Univ. of Waterloo) Technical Report, CORR 99-04, 1999. (local copy)
• A Subexponential Algorithm for Solving the Discrete Logarithm Problem in the Jacobian of High Genus Hyperelliptic Curves over Arbitrary Finite Fields, M. Bauer, Preprint, 1998.
  
  [related to Weil Decent]
• Weil Decent Page : devoted to the new technique of Weil descent

• Solving Elliptic Curve Discrete Logarithm Problems Using Weil Descent, Michael Jacobson, Alfred Menezes, Andreas Stein, CACR(Univ. of Waterloo) Technical Report, CORR 2001-31, 2001. (local copy)
• Extending the GHS Weil Descent Attack, S. D. Galbraith, F. Hess and N.P. Smart, ePrint Archive of IACR, 2001. (local copy)
• Limitations of constructive Weil descent, S. Galbraith, To appear in the proceedings of a conference in Warsaw, Poland. (local copy)
• Weil Descent of Jacobians, S. Galbraith, International Workshop on Coding and Cryptology, 2001 (local copy)
• Analysis of the Weil Descent Attack of Gaudry, Hess and Smart, Alfred Menezes and Minghua Qu, Proc. of CT-RSA'2001, Springer-Verlag, LNCS 2020, pp.308-318, 2001.
  -CACR(Univ. of Waterloo) Technical Report, CORR 2000-48, 2000. (local copy)
• Weil Descent of Elliptic Curves over Finite Fields of Characteristic Three, Seigo Arita, Proc. of Asiacrypt'2000, Springer-Verlag, LNCS 1976, pp.248-258, 2000.
• Constructive and destructive facets of Weil decent on elliptic curves, P. Gaudry, F. Hess and N. Smart, To appear in J. Cryptology. (local copy)
• A Cryptographic Application of Weil Descent, Nigel P. Smart and Steve Galbraith, HP Labs Technical Reports HPL-1999-70, 1999. (local copy)
  
  [related to Xedni Calculus]
• Analysis of the Xedni Calculus Attack, M. Jacobson, N. Koblitz, J. Silverman, A. Stein and E. Teske, CACR(Univ. of Waterloo) Technical Report, CORR 99-06, 1999. (local copy)
• The Xedni Calculus and the Elliptic Curve Discrete Logarithm Problem, J. Silverman, CACR(Univ. of Waterloo) Technical Report, CORR 99-05, 1999. (local copy)
• Elliptic curve lifting problem and its applications, H. Kim, J. H. Cheon and S. Hahn, Proc. Japan Academy, Vol.75(A), pp.166-169, 1999. (local copy)
  
  [related to anomalous curves]
• Two Discrete Log Algorithms for Super-Anomalous Elliptic Curves and Their Applications, N. Kunihiro and K. Koyama, IEICE Trans. Fundamentals, vol.E83-A(1):10-16, 2000.1 (local copy)
• Speeding Up the Discrete Log Computaion on Curves with Automorphism, P. Gaudry, F. Morain and I. Duursma, Proc. of Asiacrypt'99, Springer-Verlag, LNCS 1716, pp.103-121, 1999 (local copy)
• On the discrete logarithm in the divisor class group of curves, Hans-Georg Rück, Math. Comp., vol.68, pp.805-806, 1999.
• Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves, T. Satoh and K. Araki, Commentarii Math. Univ. St. Pauli, vol.47, pp.81-92, 1998. (local copy)
• The Discrete Logarithm Problem on Elliptic Curves of Trace One, N. Smart, HP Labs Technical Reports HPL-97-128, 1997. (Journal of Cryptology, vol.12 no.3, pp.193-196, 1999) (local copy)
  
  [related to supersingular curves]
• Reducing elliptic curve logarithms to logarithms in a finite field, A. Menezes, T. Okamoto and S. Vanstone, IEEE Transactions on Information Theory, vol.39, pp.1639-1646, 1993.
  
  [related to MOV and FR reduction]
• A Remark on the MOV Algorithm for Non-supersingular Elliptic Curves, T. Saito and S. Uchiyama, IEICE Trans. Fundamentals, vol.E84-A(5):1266-1268, 2001.5 (local copy)
• Characterization of Elliptic Curve Traces under FR-Reduction, A. Miyaji, M. Nakabayashi and S. Takano, Proc. of ICISC'2000, Springer-Verlag, LNCS 2015, pp.90-108, 2000.
  -New Explicit Conditions of Elliptic Curve Traces for FR-Reduction, IEICE Trans. Fundamentals, Vol.E84-A, No.5, pp.1234-1243, 2001.5 (local copy)
• Realizing the Menezes-Okamoto-Vanstone(MOV) Reduction Efficiently for Ordinary Elliptic Curves, J. Shikata, Y. Zheng, J. Suzuki and H. Imai, IEICE Trans. Fundamentals, vol.E83-A(4):756-763, 2000.4 (local copy)
• Comparing the MOV and FR reductions in Elliptic Curve Cryptography, R. Harasaea, J. Shikata, J. Suzuki and H. Imai, Proc. of Eurocrypto'99, Springer-Verlag, LNCS 1592, pp.190-205, 1999

Implementation

1. Software implementation

• Fast simultaneous scalar multiplication on elliptic curve with Montgomery form, T. Akishita, To appear at SAC'2001.
• On the Power of Direct Computations in Speeding Up Elliptic Scalar Multiplication, Y. Sakai, K. Sakurai, To appear at SAC'2001.
• Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms, R. Gallant, R. Lambert and S. Vanstone, To appear at Crypto'2001.
• Finding secure curves with the Satoh-FGH algorithm and an early-abort strategy, M. Fouquet, P. Gaudry and R. Harley, Proc. of Eurocrypt'2001, Springer-Verlag, LNCS 2045, pp.14-29, 2001 (local copy)
• Multiple Scalar-Multiplication Algorithm over Elliptic Curve, K. Kobayashi, H. Morita and M. Hakuta, IEICE Trans. Inf.&Syst., vol.E84-D(2):271-276, 2001.2 (local copy)
• Efficient Scalar Multiplications on Elliptic Curves with Direct Computations of Several Doublings, Y. Sakai and K. Sakurai, IEICE Trans. Fundamentals, vol.E84-A(1):120-129, 2001.1 (local copy)
• Efficient Construction of Cryptographically Strong Elliptic Curves, Harald Baier and Johannes Buchmann, Proc. of Indocrypt'2000. (local copy)
• The Canonical Lift of an Ordinary Elliptic Curve over a Finite Field and its Point Counting, T. Satoh, Journal of Ramanujan Math. Soc., Vol.15, pp.247-270, 2000.
• An extension of Satoh's algorithm and its implementation, M. Fouquet, P. Gaudry and R. Harley, Journal of Ramanujan Math. Soc., Vol.15, pp.281-318. 2000. (local copy)
• Performance of Elliptic Curve Cryptosystems, Julio Lopez, Ricardo Dahab, 2000. (local copy)
• Software Implementation of the NIST Elliptic Curves Over Prime Fields, M. Brown, D. Hankerson, J. Lopez, and A. Menezes, Proc. of CT-RSA'2001, Springer-Verlag, LNCS 2020, pp.250-265, 2001.
  -CACR(Univ. of Waterloo) Technical Report, CORR 2000-56, 2000. (local copy).
• Software Implementation of Elliptic Curve Cryptography Over Binary Fields, Darrel Hankerson, Julio Lopez Hernandez, Alfred Menezes, Cryptographic Hardware and Embedded Systems, CHES'2000, pp.1-24, 2000. (local copy)
• Fast implementation of elliptic curve arithmetic in GF(p^n), C.H.Lim and H.S.Hwang, Proc. of PKC'2000, Springer-Verlag, LNCS 1751, pp.405-421. 2000.
• Elliptic scalar multiplication using point halving, E. Knudsen, Proc. of Asiacrypt'99, Springer-Verlag, LNCS 1716, pp.135-149, 1999. (local copy)
• Speeding up Elliptic Scalar Multiplication with Precomputation, C.H.Lim and H.S.Hwang. Proc. of ICISC'99, Springer-Verlag, LNCS 1787, pp.102-119, 1999
• Implementation options for finite field arithmetic for elliptic curve cryptosystems, M. Fouquet, P. Gaudry and R. Harley, Invited presentation at ECC'99, 1999,11. (local copy)
• Efficient Elliptic Curve Exponentiation Using Mixed Coordinates, H. Cohen, A. Miyaji and T. One, Proc. of Asiscrypt'98, Springer Verlag, LNCS 1514, pp.51-65, 1998
• Efficient Implementation of Schoof's Algorithm, T. Izu, J. Kogure, M. Noro and K. Yokoyama, Proc. of Asiscrypt'98, Springer Verlag, LNCS 1514, pp.66-79, 1998
• On the Performance of Signature Schemes based on Elliptic Curves, E. De Win, S. Mister, B. Preneel and M. Wiener, Proc. of ANTS'98, Springer-Verlag, LNCS 1423, pp.252-266, 1998. (local copy)
• Two efficient algorithms for arithmetic of elliptic curves using Frobenius map, J.H. Cheon, S.M. Park, S.W. Park and D.H. Kim, Proc. of PKC'98, Springer-Verlag, LNCS 1431, pp.195-202, 1998
• Parameters for secure elliptic curve cryptosystem-improvements on Schoof's algorithm, T. Izu, J. Kogure, M. Noro and K. Yokoyama, Proc. of PKC'98, Springer-Verlag, LNCS 1431, pp.253-257, 1998
• On the Generation of Cryptographically Strong Elliptic Curves, V. Muller, Preprint, 1998 (local copy)
• Fast Multiplication on Elliptic Curves over Small Fields of Characteristic Two, V. Muller, Journal of Cryptology, 11 (4), 219 - 234, 1998 (local copy)
• Efficient Algorithms for Elliptic Curve Cryptosystems, Jorge Guajardo and Christof Paar, 1997. (local copy)

  [related to GF(2^n) : Polynomial Basis]

• An improved implementation of elliptic curves over GF(2^n) when using projective point arithmetic, B. King, To appear at SAC'2001.
• High Speed software multiplication in F(2^m), Lopez Julio Cesar and Ricardo Dahab, Proc. of Indocrypt'2000.
• Itoh-Tsujii Inversion in Standard Basis and Its Application in Cryptography and Codes, J. Guajardo, C. Paar, Proc. of Codes and Cryptography'01, Springer-Verlag, 2001. (local copy)
• Efficient computation of Multiplicative Inverses for Cryptographic Applications, M.A. Hasan, CACR(Univ. of Waterloo) Technical Report, CORR 2001-03, 2001. (local copy)
• Montgomery Multiplier and Squarer in GF(2^m), H. Wu, CACR(Univ. of Waterloo) Technical Report, CORR 2000-28 (local copy).
• On Complexity of Squaring Using Polynomial Basis in GF(2^m), H. Wu, Proc. of SAC'2000, Springer-Verlag, LNCS 2012, pp.118-129, 2000.
  -CACR(Univ. of Waterloo) Technical Report, CORR 2000-27, 2000. (local copy).
• High-speed Software Multiplication in F(2^m), Julio Lopez and Ricardo Dahab, 2000. (local copy)
• Squaring Architecture for GF(2^m) and its Applications in Cryptographic Systems, G. Orlando, C. Paar, Electronic Letters, June 2000, vol.36, no.13, pp.1116-1117 (local copy).
• Storage-Efficient Basis Conversion Techniques, Leo Reyzin and Burt Kaliski, February 18, 2000. (local copy)
• Fast Arithmetic for Public-Key Algorithms in Galois Fields with Composite Exponents. C. Paar, P. Fleischmann and P. Soria-Rodriguez, IEEE Transactions on Computers, October 1999, vol.48, no.10, pp.1025-1034.
• Efficient Finite Field Basis Conversion Techniques, Burt Kaliski, Moses Liskov and Yiqun Lisa Yin, April 1999. (local copy)
• Improved algorithms for elliptic curve arithmetic in GF(2^n), Julio Lopez and R. Dahab, Technical report, IC-98-39, October 1998.
• Compact Representation of Elliptic Curve Points over F(2^n), G. Seroussi, HP Laboratories Technical Report, No. HPL-98-94R1, 1998,9. (local copy).
• Fast Inversion in Composite Galois Fields GF((2^n)^m), J. Guajardo and C. Paar, IEEE International Symposium on Information Theory, Cambridge, MA, USA, 1998.8 (local copy)
• Montgomery multiplication in GF(2^k), C. Koc and T. Acar, Designs, Codes and Cryptography, vol.14, pp.57-69, 1998 (local copy).
• Finding Good Random Elliptic Curves for Cryptosystems Defined Over F(2^n), R. Lercier, Proc. of Eurocrypt'97, Springer-Verlag, pp.379-392, 1997
• A fast software implementation for arithmetic operations in GF(2^n), E. De Win, A. Bosselaers, S. Vandenberghe, P. De Gersem and J. Vandewalle, Proc. of Asiacrypt'96, Springer-Verlag, LNCS 1163, pp.65-76, 1996. (local copy).
• Analysis and implementation of arithmetic operations in GF(2^n), P. De Gersem and E. De Win, Thesis, K.U.Leuven, 1995
  
  [related to GF(2^n) : Normal Basis]
• Fast Normal Basis Multiplication using General Purpose Processors, A. Reyhani-Masoleh and M. A. Hasan, To appear at SAC'2001.
  -CACR(Univ. of Waterloo) Technical Report, CORR 2001-25, 2001. (local copy)
• On Efficient Normal Basis Multiplication, Anwar Hasan and Arash Rathani-Masoleh, Proc. of Inocrypt'2000.
• Efficient Arithmetic in GF (2^n) through Palindromic Representation, Ian F. Blake, Ron M. Roth and Gadiel, Seroussi, Technical Report HPL-98-134, 1998. (local copy)
• Improved normal basis inversion in GF(2^n), S.M. Yen, IEE Electronics Letters, Vol.33, No.3, pp.196-197, Jan. 1997. (local copy)
• Normal Bases over Finite Fields, Shuhong Gao, Thesis of Waterloo Universiy, 1993. (local copy)
• A fast algorithm for computing multiplicative inverses in GF(2^n) using normal bases, T. Itoh and S. Tsujii, Information and Computation, vol 78, pp.171-177, 1988. (Page 1, Page 2, Page 3, Page 4, Page 5, Page 6, Page 7)
  
  [related to Hyperelliptic curves]
• Counting Points on Hyperelliptic Curves over Finite Fields, P. Gaudry and R. Harley, Proc. of ANTS'2000, Springer-Verlag, LNCS 1838, 313-332, 2000. (local copy)
• On the Practical Performance of Hyperelliptic Curve Cryptosystems in Software Implemantation, Y. Sakai, K. Sakurai, IEICE Trans. Fundamentals, vol.E83-A(4):692-703, 2000.4 (local copy)
• On the Performance of Hyperelliptic Cryptosystems, N. Smart, Proc. of Eurocrypto'99, Springer-Verlag, LNCS 1592, pp.165-175, 1999
• Design of Hyperelliptic Cryptosystems in Small Characteristic and a Software Implementation over F(2^n), Y. Sakai and K. Sakurai, Proc. of Asiacrypt'98, Springer-Verlag, LNCS 1514, pp.80-94, 1998
• Secure hyperelliptic cryptosystems and their performance, Y. Sakai, K, Sakurai and H. Ishizuka, Proc. of PKC'98, Springer-Verlag, LNCS 1431, pp.164-181, 1998
  
  [related to Anomalous Binary Curves]
• Speeding up the Arithmetic on Koblitz Curves of Genus Two, C.Gunther, T. Lange and A. Stein, Proc. of SAC'2000, Springer-Verlag, LNCS 2012, pp.106-117, 2000.
  -CACR(Univ. of Waterloo) Technical Report, CORR 2000-04, 2000. (local copy)
• Efficient arithmetic on Koblitz curves, J. Solinas, Designs, Codes and Cryptography, vol 19 March 2000, pp.195-249, 2000
• Improved Algorithms for Arithmeric on Anomalous Binary Curves, Jerome A. Solinas, CACR(Univ. of Waterloo) Technical Report, CORR 99-46, (Corrected version of Crypto'97). 1999. (local copy)
• Improving the Parallelized Pollard Lambda Search on Binary Anomalous Curves, R. Gallant, R. Lambert, S. Vanstone, CACR(Univ. of Waterloo) Technical Report, CORR 98-15, 1998. (local copy)
• An Improved Algorithm for Arithmetic on a Family of Elliptic Curves, Jerome A. Solinas, Proc. of Crypto' 97, pp.357-371, 1997.
  
  [related to Optimal Extension Fields]
• Fast Computation over Elliptic Curves F(q^n) Based on Optimal Addition Sequences, Y. Tsuruoka and K. Koyama, IEICE Trans. Fundamentals, vol.E84-A(1):114-119, 2001.1 (local copy).
• Efficient Arithmetic in Finite Field Extensions with Application in Elliptic Curve Cryptography, D. Bailey, C. Paar, To appear in the Journal of Cryptology (local copy).
• Computation in Optimal Extension Fields, Daniel V. Bailey, Master Thesis in Worchester Polytechnic Institute, 2000. (local copy)
• Usage of Optimal Extension Fields for Elliptic Curve Cryptosystems, T. Kobayashi, K. Aoki, F. Hoshino, K. Kobayashi and H. Morita, Contribution to IEEE P1363a, 1999. (local copy)
• Fast Elliptic Curve Algorithm Combining Frobenius mapand table Reference to Adapt to Higher characteristic, T. Kobayashi, H. Morita, K. Kobayashi, F. Hoshino, Proc. of Eurocrypto'99, Springer-Verlag, LNCS 1592, pp.176-189, 1999.
  -Base-phi Method for Elliptic Curves over OEF, IEICE Trans. Fundamentals, vol.E83-A(4):679-686, 2000.4 (local copy)
• Optimal Extension Fields for Fast Arithmetic in Public-Key Algorithms, D. Bailey, C. Paar, Proc. of Crypto'98, Springer-Verlag, LNCS 1462, pp.472-485, 1998. (local copy)

2. Hardware implementation

• A Memory Efficient Version of Satoh's Algorithm, F. Vercauteren, B. Preneel and J. Vandewalle, Proc. of Eurocrypt'2001, Springer-Verlag, LNCS 2045, pp.1-13, 2001.
• Elliptic Curve Cryptography on a Palm OS Device, A. Weimerskirch, C. Paar, and S. Chang Shantz, To appear in proc. of ACISP'2001, Springer-Verlag, 2001. (local copy)
• Efficient Implementation of Elliptic Curve Cryptosystems on the TI MSP430x33x Family of Microcontrollers, J. Guajardo, R. Bluemel, U. Krieger and C. Paar, Proc. of PKC'01, Springer-Verlag, LNCS 1992, pp.365-382, 2001.
• Computer Architectures for Cryptosystems Based on Hyperelliptic Curves, Thomas Wollinger, Master's Thesis, Worcester Polytechnic Institute, 2001.4 (local copy)
• High Radix Montgomery Modular Exponentiation on Reconfigurable Hardware, T. Blum, C. Paar, To Appear in the IEEE Transactions on Computers. (local copy)
• An High-Speed ECC-based Wireless Authentication Protocol on an ARM Microprocessor, M. Aydos, T. Yanik and C. K. Koc, 16th Annual Computer Security Applications Conference, December 11-15, 2000 (local copy).
• Elliptic Curve Cryptography on Smart Cards Without Coprocessors, A. Woodbury, D. Bailey, and C. Paar, Presented at the Fourth Smart Card Research and Advanced Applications, CARDIS'2000, September 20-22, 2000, Bristol, UK (local copy).
• A high-performance reconfigurable elliptic curve processor for GF(2^n), G. Orlando and C. Paar, Cryptographic Hardware and Embedded Systems, CHES'2000, August 17-18, 2000, Worcester MA, USA (local copy).
• A practical implementation of elliptic curve cryptosystems over GF(p) on a 16 bit microcomputer, T. Hasegawa, J. Nakajima and M. Matsui, Proc. of PKC'98, Springer-Verlag, LNCS 1431, pp.182-194, 1998.
  -A Small and Fast Software Implementation of Elliptic Curve Cryptosystems over GF(p) on a 16-Bit Microcomputer, IEICE Trans. Fundamentals, vol.E82-A(1):98-106, 1999.1 (local copy)
• Implementation of a Reprogrammable Reed-Solomon Decoder over GF(2^16) on a Digital Signal Processor with External Arithmetic Unit, C. Paar, O. Hooijen, Fourth International European Space Agency (ESA) Workshop on Digital Signal Processing Techniques Applied to Space Communications, King's College, London, 1994.9. (local copy).

Related Links

1. Implementation

• The elliptic curve public key encryption package ver. 2.1 by Funet network.
• MIRACLEv4.5 - C/C++ Big Number crypto library included ECC by Shamus Software Ltd. (ftp link)
• Crypto++4.1 - Free crypto library included ECC by Wei Dai.
• LiDIA - C++ library for computational number theory by LiDIA Group at the Darmstadt University of Technology.

2. Research Group

• Centre for Applied Cryptographic Research (CACR) (University of Waterloo)
  : Computationcal number theory(including Elliptic curve, Quantum computing)
• Cryptography and Infomation Security Group (Bristol University)
  : ECC, implemtantation techniques, Quatum computing
• Cryptography and Information Security Research Laboratory (CRIS) (Worcester Polytechnic Institute)
  : Efficient/fast implementation of crytographic algorithm including computation of finite fields
• Information Security Laboratory (ISL) (Oregon State University)
  : Efficient computation of finite fields (Koc's paper)
• Institute of Cryptography, Computer Algebra (Technical University of Darmstadt)
  : Elliptic curve(counting points), Number Field(quadratic field) Cryptography, LiDIA(A C++ Library For Computational Number Theory), LiSP
• Institute for Experimental Mathematics(IEM) (University of Essen)
  : Elliptic curve, Number Theory

3. Cryptographer

• Alfred Menezes, University of Waterloo.
• Gordon B. Agnew, University of Waterloo.
• M. Anwar Hasan, University of Waterloo.
• Neal Koblitz, University of Washington.
• Christof Paar, Worcester Polytechnic Institute(WPI).
• Jorge Guajardo, Worcester Polytechnic Institute(WPI).
• Nigel Smart, University of Bristol.
• Steven Galbraith, University of Bristol.
• Volker Muller, Duta Wacana Christian University.
• Takakazu Satoh, University of Satama.
• John Cremona, University of Nottingham.
• Joseph H. Silverman, University of Brown.
• Claus Diem, University of Essen.
• Pierrick Gaudry, Laboratoire d'Informatique(LIX).
• Francois Morain, Laboratoire d'Informatique(LIX).
• Erik De Win, University of K.Leuven.
• Andrew Odlyzko, University of Minnesota.
• Rich Schroeppel, University of Arizona.
• J.S. Milne, Independent Scholar.

4. Slides from some of the ECC talks

• The 7th workshop on Elliptic Curve Cryptography(ECC 2003), August 11-13, 2003, Waterloo, Ontario, USA.
• The 6th workshop on Elliptic Curve Cryptography(ECC 2002), September 23-25, 2002, University of Essen, Germany.
• The 5th workshop on Elliptic Curve Cryptography(ECC 2001), October 29-31, 2001, University of Waterloo, Canada.
• The 4th workshop on Elliptic Curve Cryptography(ECC 2000), October 4-6, 2000, University of Essen, Germany.
• The 3rd workshop on Elliptic Curve Cryptography (ECC'99), November 1-3, 1999, University of Waterloo, Canada.
• The 2nd workshop on Elliptic Curve Cryptography (ECC'98), September 14-16, 1998, University of Waterloo, Canada.

5. Etc.

• Elliptic Curves and Cryptology by Marc Joye.
• Collection of ECC (research articles, applications, modular forms, FLT) by S. Fermigier.
• Collection of ECC (books, project, links) by Steven Galbraith.
• White Papers by Certicom.
• Online ECC Tutorial by Certicom.