Abstract
Using Semaev’s summation polynomials, we derive a new equation for the \({\mathbb {F}_q}\)-rational points of the trace zero variety of an elliptic curve defined over \({\mathbb {F}_q}\). Using this equation, we produce an optimal-size representation for such points. Our representation is compatible with scalar multiplication. We give a point compression algorithm to compute the representation and a decompression algorithm to recover the original point (up to some small ambiguity). The algorithms are efficient for trace zero varieties coming from small degree extension fields. We give explicit equations and discuss in detail the practically relevant cases of cubic and quintic field extensions.
Similar content being viewed by others
References
Avanzi R.M., Cesena E.: Trace zero varieties over fields of characteristic 2 for cryptographic applications. In: Proceedings of the First Symposium on Algebraic Geometry and Its Applications (SAGA ’07), pp. 188–215 (2007).
Barbulescu R., Bouvier C., Detrey J., Gaudry P., Jeljeli H., Thomé E., Videau M., Zimmermann P.: Discrete logarithm in GF(\(2^{809}\)) with FFS. http://hal.inria.fr/hal-00818124/.
Barbulescu R., Gaudry P., Joux A., Thomé E.: A quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. http://arxiv.org/abs/1306.4244 (2013).
Bernstein D.J., Duif N., Lange T., Schwabe P., Yang B.Y.: High-speed high-security signatures. J. Cryptogr. Eng. 2(2), 77–89 (2012).
Blady G.: Die Weil-Restriktion elliptischer Kurven in der Kryptographie. Master’s thesis, Univerität GHS Essen, Dresden (2002).
Bos J.W., Costello C., Hisil H., Lauter K.: High-performance scalar multiplication using 8-dimensional GLV/GLS decomposition. http://eprint.iacr.org/2013/146 (2013).
Bosma W., Cannon J., Playoust C.: The Magma algebra system. I. The user language. J. Symb. Comput. 24, 235–265 (1997).
Cesena E.: Trace zero varieties in pairing-based cryptography. Ph.D. thesis, Università degli studi Roma Tre, Roma. http://ricerca.mat.uniroma3.it/dottorato/Tesi/tesicesena.pdf (2010).
Diem C.: The GHS attack in odd characteristic. Ramanujan Math. Soc. 18(1), 1–32 (2003).
Diem C.: An index calculus algorithm for plane curves of small degree. In: Hess F., Pauli S., Pohst M. (eds.) Algorithmic Number Theory (ANTS VII), LNCS, vol. 4076, pp. 543–557. Springer, Berlin (2006).
Diem C., Kochinke S.: Computing discrete logarithms with special linear systems. http://www.math.uni-leipzig.de/diem/preprints/dlp-linear-systems.pdf (2013).
Diem C., Scholten J.: An attack on a trace-zero cryptosystem. http://www.math.uni-leipzig.de/diem/preprints.
Eagle P.N.J., Galbraith S.D., Ong J.: Point compression for Koblitz curves. Adv. Math. Commun. 5(1), 1–10 (2011).
Faz-Hernández A., Longa P., Sánchez A.H.: Efficient and secure algorithms for GLV-based scalar multiplication and their implementation on GLV–GLS curves. http://eprint.iacr.org/2013/158 (2013).
Frey G.: Applications of arithmetical geometry to cryptographic constructions. In: Proceedings of the 5th International Conference on Finite Fields and Applications, pp. 128–161. Springer, Berlin (1999).
Galbraith S.D., Lin X.: Computing pairings using \(x\)-coordinates only. Des. Codes Crytogr. 50(3), 305–324 (2009).
Galbraith S.D., Lin X., Scott M.: Endomorphisms for faster elliptic curve cryptography on a large class of curves. J. Cryptol. 24(3), 446–469 (2011).
Galbraith S.D., Smith B.A.: Discrete logarithms in generalized Jacobians. http://uk.arxiv.org/abs/math.NT/0610073 (2006).
Gallant R.P., Lambert R.J., Vanstone S.A.: Faster point multiplication on elliptic curves with efficient endomorphisms. In: Kilian J. (ed.) Advances in Cryptology: Proceedings of CRYPTO ’01. LNCS, vol. 2139, pp. 190–200. Springer, Berlin (2001).
Gaudry P.: Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem. J. Symb. Comput. 44(12), 1690–1702 (2009).
Gaudry P., Hess F., Smart N.: Constructive and destructive facets of Weil descent. J. Cryptol. 15(1), 19–46 (2002).
Gerhard J., von zur Gathen J.: Modern Computer Algebra. Cambridge University Press, Cambridge (1999).
Göloğlu F., Granger R., McGuire G., Zumbrägel J.: On the function field sieve and the impact of higher splitting probabilities: application to discrete logarithms in \({\mathbb{F}}_{2^{1971}}\). http://eprint.iacr.org/2013/074 (2013).
Göloğlu F., Granger R., McGuire, G., Zumbrägel J.: Solving a 6120-bit DLP on a desktop computer. http://eprint.iacr.org/2013/306 (2013).
Gong G., Harn L.: Public-key cryptosystems based on cubic finite field extensions. IEEE Trans. Inf. Theory 45(7), 2601–2605 (1999).
Gorla E.: Torus-based cryptography. In: Jajodia S., Tilborg H. (eds.) Encyclopedia of Cryptography, 2nd edn., pp. 1306–1308. Springer, Berlin (2011).
Granger R., Vercauteren F.: On the discrete logarithm problem on algebraic tori. In: Shoup V. (ed.) Advances in Cryptology: Proceedings of CRYPTO ’05. LNCS, vol. 3621, pp. 66–85. Springer, Berlin (2005).
Joux A.: A new index calculus algorithm with complexity \({L}(1/4 + o(1))\) in very small characteristic. http://eprint.iacr.org/2013/095 (2013).
Joux A., Vitse V.: Elliptic curve discrete logarithm problem over small degree extension fields. Application to the static Diffie–Hellman problem on \({E}(\mathbb{F}_{q^5})\). J. Cryptol. doi:10.1007/s00145-011-9116-z (2012).
Koblitz N.: CM-curves with good cryptographic properties. In: Feigenbaum J. (ed.) Advances in Cryptology: Proceedings of CRYPTO ’91. LNCS, vol. 576, pp. 179–287. Springer, Berlin (1991).
Lange T.: Efficient arithmetic on hyperelliptic curves. Ph.D. thesis, University of Essen, Essen (2001).
Lange T.: Trace zero subvarieties of genus 2 curves for cryptosystem. Ramanujan Math. Soc. 19(1), 15–33 (2004).
Lenstra A.K., Verheul E.R.: The XTR public key system. In: Bellare M. (ed.) Advances in Cryptology: Proceedings of CRYPTO ’00. LNCS, vol. 1880, pp. 1–19. Springer, Berlin (2000).
Longa P., Sica F.: Four-dimensional Gallant–Lambert–Vanstone scalar multiplication. In: Wang X., Sako K. (eds.) Advances in Cryptology: Proceedings of ASIACRYPT ’12. LNCS, vol. 7658, pp. 718–739. Springer, Berlin (2012).
Naumann N.: Weil-Restriktion abelscher Varietäten. Master’s thesis, Univerität GHS Essen, Dresden. http://web.iem.uni-due.de/ag/numbertheory/dissertationen (1999).
Oliveira T., López J., Aranha D.F., Rodríguez-Henríquez F.: Lambda coordinates for binary elliptic curves. http://eprint.iacr.org/2013/131 (2013).
Rubin K., Silverberg A.: Supersingular abelian varieties in cryptology. In: Yung M. (ed.) Advances in Cryptology: Proceedings of CRYPTO ’02. LNCS, vol. 2442, pp. 336–353. Springer, Berlin (2002).
Rubin K., Silverberg A.: Torus-based cryptography. In: Boneh D. (ed.) Advances in Cryptology: Proceedings of CRYPTO ’03. LNCS, vol. 2729, pp. 349–365. Springer, Berlin (2003).
Rubin K., Silverberg A.: Using primitive subgroups to do more with fewer bits. In: Buell D. (ed.) Algorithmic Number Theory (ANTS VI). LNCS, vol. 3076, pp. 18–41. Springer, Berlin (2004).
Rubin K., Silverberg A.: Using abelian varieties to improve pairing-based cryptography. J. Cryptol. 22(3), 330–364 (2009).
Semaev I.: Summation polynomials of the discrete logarithm problem on elliptic curves. http://eprint.iacr.org/2004/031 (2004).
Silverberg A.: Compression for trace zero subgroups of elliptic curves. Trends Math. 8, 93–100 (2005).
Smith P., Skinner C.: A public-key cryptosystem and a digital signature system based on the Lucas function analogue to discrete logarithms. In: Pieprzyk J., Safavi-Naini R. (eds.) Advances in Cryptology: Proceedings of ASIACRYPT ’94. LNCS, vol. 917, pp. 357–364. Springer, Berlin (1995).
Weimerskirch A.: The application of the Mordell-Weil group to cryptographic systems. Master’s thesis, Worcester Polytechnic Institute, Worcester. http://www.emsec.rub.de/media/crypto/attachments/files/2010/04/ms_weika.pdf (2001).
Acknowledgments
We thank Pierrick Gaudry and Peter Schwabe for helpful discussions and Tanja Lange for pointing out the work of Naumann. We are grateful to the mathematics department of the Univerity of Zürich for access to their computing facilities. The authors were supported by the Swiss National Science Foundation under Grant No. 123393.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by S. D. Galbraith.
Rights and permissions
About this article
Cite this article
Gorla, E., Massierer, M. Point compression for the trace zero subgroup over a small degree extension field. Des. Codes Cryptogr. 75, 335–357 (2015). https://doi.org/10.1007/s10623-014-9921-0
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-014-9921-0
Keywords
- Elliptic curve cryptography
- Pairing-based cryptography
- Discrete logarithm problem
- Trace zero variety
- Efficient representation
- Point compression
- Summation polynomials