Public Key Cryptography

Volume 1992 of the series Lecture Notes in Computer Science pp 73-86


Fast Irreducibility and Subgroup Membership Testing in XTR

  • Arjen K. LenstraAffiliated withCitibank, N.A., Technical University Eindhoven
  • , Eric R. VerheulAffiliated withPricewaterhouseCoopers, GRMS Crypto Group


We describe a new general method to perform part of the setup stage of the XTR system introduced at Crypto 2000, namely finding the trace of a generator of the XTR group. Our method is substantially faster than the general method presented at Asiacrypt 2000. As a side result, we obtain an efficient method to test subgroup membership when using XTR.