Skip to main content
SpringerLink
Log in

Point compression for the trace zero subgroup over a small degree extension field

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

Using Semaev’s summation polynomials, we derive a new equation for the \({\mathbb {F}_q}\)-rational points of the trace zero variety of an elliptic curve defined over \({\mathbb {F}_q}\). Using this equation, we produce an optimal-size representation for such points. Our representation is compatible with scalar multiplication. We give a point compression algorithm to compute the representation and a decompression algorithm to recover the original point (up to some small ambiguity). The algorithms are efficient for trace zero varieties coming from small degree extension fields. We give explicit equations and discuss in detail the practically relevant cases of cubic and quintic field extensions.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Avanzi R.M., Cesena E.: Trace zero varieties over fields of characteristic 2 for cryptographic applications. In: Proceedings of the First Symposium on Algebraic Geometry and Its Applications (SAGA ’07), pp. 188–215 (2007).

  2. Barbulescu R., Bouvier C., Detrey J., Gaudry P., Jeljeli H., Thomé E., Videau M., Zimmermann P.: Discrete logarithm in GF(\(2^{809}\)) with FFS. http://hal.inria.fr/hal-00818124/.

  3. Barbulescu R., Gaudry P., Joux A., Thomé E.: A quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. http://arxiv.org/abs/1306.4244 (2013).

  4. Bernstein D.J., Duif N., Lange T., Schwabe P., Yang B.Y.: High-speed high-security signatures. J. Cryptogr. Eng. 2(2), 77–89 (2012).

    Google Scholar 

  5. Blady G.: Die Weil-Restriktion elliptischer Kurven in der Kryptographie. Master’s thesis, Univerität GHS Essen, Dresden (2002).

  6. Bos J.W., Costello C., Hisil H., Lauter K.: High-performance scalar multiplication using 8-dimensional GLV/GLS decomposition. http://eprint.iacr.org/2013/146 (2013).

  7. Bosma W., Cannon J., Playoust C.: The Magma algebra system. I. The user language. J. Symb. Comput. 24, 235–265 (1997).

    Google Scholar 

  8. Cesena E.: Trace zero varieties in pairing-based cryptography. Ph.D. thesis, Università degli studi Roma Tre, Roma. http://ricerca.mat.uniroma3.it/dottorato/Tesi/tesicesena.pdf (2010).

  9. Diem C.: The GHS attack in odd characteristic. Ramanujan Math. Soc. 18(1), 1–32 (2003).

    Google Scholar 

  10. Diem C.: An index calculus algorithm for plane curves of small degree. In: Hess F., Pauli S., Pohst M. (eds.) Algorithmic Number Theory (ANTS VII), LNCS, vol. 4076, pp. 543–557. Springer, Berlin (2006).

  11. Diem C., Kochinke S.: Computing discrete logarithms with special linear systems. http://www.math.uni-leipzig.de/diem/preprints/dlp-linear-systems.pdf (2013).

  12. Diem C., Scholten J.: An attack on a trace-zero cryptosystem. http://www.math.uni-leipzig.de/diem/preprints.

  13. Eagle P.N.J., Galbraith S.D., Ong J.: Point compression for Koblitz curves. Adv. Math. Commun. 5(1), 1–10 (2011).

    Google Scholar 

  14. Faz-Hernández A., Longa P., Sánchez A.H.: Efficient and secure algorithms for GLV-based scalar multiplication and their implementation on GLV–GLS curves. http://eprint.iacr.org/2013/158 (2013).

  15. Frey G.: Applications of arithmetical geometry to cryptographic constructions. In: Proceedings of the 5th International Conference on Finite Fields and Applications, pp. 128–161. Springer, Berlin (1999).

  16. Galbraith S.D., Lin X.: Computing pairings using \(x\)-coordinates only. Des. Codes Crytogr. 50(3), 305–324 (2009).

  17. Galbraith S.D., Lin X., Scott M.: Endomorphisms for faster elliptic curve cryptography on a large class of curves. J. Cryptol. 24(3), 446–469 (2011).

    Google Scholar 

  18. Galbraith S.D., Smith B.A.: Discrete logarithms in generalized Jacobians. http://uk.arxiv.org/abs/math.NT/0610073 (2006).

  19. Gallant R.P., Lambert R.J., Vanstone S.A.: Faster point multiplication on elliptic curves with efficient endomorphisms. In: Kilian J. (ed.) Advances in Cryptology: Proceedings of CRYPTO ’01. LNCS, vol. 2139, pp. 190–200. Springer, Berlin (2001).

  20. Gaudry P.: Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem. J. Symb. Comput. 44(12), 1690–1702 (2009).

    Google Scholar 

  21. Gaudry P., Hess F., Smart N.: Constructive and destructive facets of Weil descent. J. Cryptol. 15(1), 19–46 (2002).

    Google Scholar 

  22. Gerhard J., von zur Gathen J.: Modern Computer Algebra. Cambridge University Press, Cambridge (1999).

  23. Göloğlu F., Granger R., McGuire G., Zumbrägel J.: On the function field sieve and the impact of higher splitting probabilities: application to discrete logarithms in \({\mathbb{F}}_{2^{1971}}\). http://eprint.iacr.org/2013/074 (2013).

  24. Göloğlu F., Granger R., McGuire, G., Zumbrägel J.: Solving a 6120-bit DLP on a desktop computer. http://eprint.iacr.org/2013/306 (2013).

  25. Gong G., Harn L.: Public-key cryptosystems based on cubic finite field extensions. IEEE Trans. Inf. Theory 45(7), 2601–2605 (1999).

    Google Scholar 

  26. Gorla E.: Torus-based cryptography. In: Jajodia S., Tilborg H. (eds.) Encyclopedia of Cryptography, 2nd edn., pp. 1306–1308. Springer, Berlin (2011).

  27. Granger R., Vercauteren F.: On the discrete logarithm problem on algebraic tori. In: Shoup V. (ed.) Advances in Cryptology: Proceedings of CRYPTO ’05. LNCS, vol. 3621, pp. 66–85. Springer, Berlin (2005).

  28. Joux A.: A new index calculus algorithm with complexity \({L}(1/4 + o(1))\) in very small characteristic. http://eprint.iacr.org/2013/095 (2013).

  29. Joux A., Vitse V.: Elliptic curve discrete logarithm problem over small degree extension fields. Application to the static Diffie–Hellman problem on \({E}(\mathbb{F}_{q^5})\). J. Cryptol. doi:10.1007/s00145-011-9116-z (2012).

  30. Koblitz N.: CM-curves with good cryptographic properties. In: Feigenbaum J. (ed.) Advances in Cryptology: Proceedings of CRYPTO ’91. LNCS, vol. 576, pp. 179–287. Springer, Berlin (1991).

  31. Lange T.: Efficient arithmetic on hyperelliptic curves. Ph.D. thesis, University of Essen, Essen (2001).

  32. Lange T.: Trace zero subvarieties of genus 2 curves for cryptosystem. Ramanujan Math. Soc. 19(1), 15–33 (2004).

    Google Scholar 

  33. Lenstra A.K., Verheul E.R.: The XTR public key system. In: Bellare M. (ed.) Advances in Cryptology: Proceedings of CRYPTO ’00. LNCS, vol. 1880, pp. 1–19. Springer, Berlin (2000).

  34. Longa P., Sica F.: Four-dimensional Gallant–Lambert–Vanstone scalar multiplication. In: Wang X., Sako K. (eds.) Advances in Cryptology: Proceedings of ASIACRYPT ’12. LNCS, vol. 7658, pp. 718–739. Springer, Berlin (2012).

  35. Naumann N.: Weil-Restriktion abelscher Varietäten. Master’s thesis, Univerität GHS Essen, Dresden. http://web.iem.uni-due.de/ag/numbertheory/dissertationen (1999).

  36. Oliveira T., López J., Aranha D.F., Rodríguez-Henríquez F.: Lambda coordinates for binary elliptic curves. http://eprint.iacr.org/2013/131 (2013).

  37. Rubin K., Silverberg A.: Supersingular abelian varieties in cryptology. In: Yung M. (ed.) Advances in Cryptology: Proceedings of CRYPTO ’02. LNCS, vol. 2442, pp. 336–353. Springer, Berlin (2002).

  38. Rubin K., Silverberg A.: Torus-based cryptography. In: Boneh D. (ed.) Advances in Cryptology: Proceedings of CRYPTO ’03. LNCS, vol. 2729, pp. 349–365. Springer, Berlin (2003).

  39. Rubin K., Silverberg A.: Using primitive subgroups to do more with fewer bits. In: Buell D. (ed.) Algorithmic Number Theory (ANTS VI). LNCS, vol. 3076, pp. 18–41. Springer, Berlin (2004).

  40. Rubin K., Silverberg A.: Using abelian varieties to improve pairing-based cryptography. J. Cryptol. 22(3), 330–364 (2009).

    Google Scholar 

  41. Semaev I.: Summation polynomials of the discrete logarithm problem on elliptic curves. http://eprint.iacr.org/2004/031 (2004).

  42. Silverberg A.: Compression for trace zero subgroups of elliptic curves. Trends Math. 8, 93–100 (2005).

    Google Scholar 

  43. Smith P., Skinner C.: A public-key cryptosystem and a digital signature system based on the Lucas function analogue to discrete logarithms. In: Pieprzyk J., Safavi-Naini R. (eds.) Advances in Cryptology: Proceedings of ASIACRYPT ’94. LNCS, vol. 917, pp. 357–364. Springer, Berlin (1995).

  44. Weimerskirch A.: The application of the Mordell-Weil group to cryptographic systems. Master’s thesis, Worcester Polytechnic Institute, Worcester. http://www.emsec.rub.de/media/crypto/attachments/files/2010/04/ms_weika.pdf (2001).

Download references

Acknowledgments

We thank Pierrick Gaudry and Peter Schwabe for helpful discussions and Tanja Lange for pointing out the work of Naumann. We are grateful to the mathematics department of the Univerity of Zürich for access to their computing facilities. The authors were supported by the Swiss National Science Foundation under Grant No. 123393.

Author information

Authors and Affiliations

  1. Institut de mathématiques, Université de Neuchâtel, Rue Emile-Argand 11, 2000 , Neuchâtel, Switzerland

    Elisa Gorla

  2. Mathematisches Institut, Universität Basel, Rheinsprung 21, 4051 , Basel, Switzerland

    Maike Massierer

Authors
  1. Elisa Gorla
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maike Massierer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Elisa Gorla.

Additional information

Communicated by S. D. Galbraith.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Gorla, E., Massierer, M. Point compression for the trace zero subgroup over a small degree extension field. Des. Codes Cryptogr. 75, 335–357 (2015). https://doi.org/10.1007/s10623-014-9921-0

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-014-9921-0

Keywords

Mathematics Subject Classification

Search

Navigation