Security in Communication Networks

Volume 2576 of the series Lecture Notes in Computer Science pp 257-267


Constructing Elliptic Curves with Prescribed Embedding Degrees

  • Paulo S. L. M. BarretoAffiliated withLaboratório de Arquitetura e Redes de Computadores (LARC) Escola Politécnica, Universidade de São Paulo
  • , Ben LynnAffiliated withComputer Science Department, Stanford University
  • , Michael ScottAffiliated withSchool of Computer Applications, Dublin City University

* Final gross prices may vary according to local VAT.

Get Access


Pairing-based cryptosystems depend on the existence of groups where the Decision Diffie-Hellman problem is easy to solve, but the Computational Diffie-Hellman problem is hard. Such is the case of elliptic curve groups whose embedding degree is large enough to maintain a good security level, but small enough for arithmetic operations to be feasible. However, the embedding degree for most elliptic curves is enormous, and the few previously known suitable elliptic curves have embedding degree k ≤ 6. In this paper, we examine criteria for curves with larger k that generalize prior work by Miyaji et al. based on the properties of cyclotomic polynomials, and propose efficient representations for the underlying algebraic structures.