Applications of Frobenius Expansions in Elliptic Curve Cryptography by Waldyr Dias Benits Junior RHUL-MA-2009-12 Abstract: Recent developments in elliptic curve cryptography have heightened the need for fast scalar point multiplication, specially when working on environments with limited computational power. It is well known that point multiplication on elliptic curves over F_{q^m} (with m > 1) can be accelerated using Frobenius expansions. In practice, the computation is much faster than the standard double-and-add scalar multiplication. An efficient implementation of elliptic curve cryptosystems can use a Koblitz curve and convert integers into Frobenius expansions to perform fast scalar multiplications. However, this conversion of integers to Frobenius expansions would lead to extra code on the device (i.e., silicon area) and extra computational cost. According to N. Koblitz, H. Lenstra suggested that rather than choosing a random integer n and then converting to a Frobenius expansion n(\tau), in certain cryptosystems it might be more efficient to generate a random Frobenius expansion directly. The temptation then is to choose a relatively short and/or sparse value for n(\tau). If this is done then we must re-evaluate the difficulty of the discrete logarithm problem (and other computational problems). A further issue is that the existing security proofs may not directly apply. For some systems it may be necessary to develop bespoke security proofs for the Frobenius expansion case. In this thesis, we analyse the Frobenius expansion DLP and present algorithms to solve it. Furthermore, we propose a variant of a well known identification scheme designed for public key cryptography on very restricted devices. More precisely, we construct the Girault-Poupard-Stern (GPS) identification scheme for Koblitz elliptic curves using Frobenius expansions. The idea is to use Frobenius expansions throughout the protocol, so there is no need to convert between integers and Frobenius expansions. We also give a security analysis of the proposed scheme.