CM-Curves with Good Cryptographic Properties

  • Neal Koblitz
Conference paper

DOI: 10.1007/3-540-46766-1_22

Part of the Lecture Notes in Computer Science book series (LNCS, volume 576)
Cite this paper as:
Koblitz N. (1992) CM-Curves with Good Cryptographic Properties. In: Feigenbaum J. (eds) Advances in Cryptology — CRYPTO ’91. CRYPTO 1991. Lecture Notes in Computer Science, vol 576. Springer, Berlin, Heidelberg


Our purpose is to describe elliptic curves with complex multiplication which in characteristic 2 have the following useful properties for constructing Diffie-Hellman type cryptosystems: (1) they are nonsupersingular (so that one cannot use the Menezes-Okamoto-Vanstone reduction of discrete log from elliptic curves to finite fields); (2) the order of the group has a large prime factor (so that discrete logs cannot be computed by giant-step/baby-step or the Pollard rho method); (3) doubling of points can be carried out almost as efficiently as in the case of the supersingular curves used by Vanstone; (4) the curves are easy to find.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 1992

Authors and Affiliations

  • Neal Koblitz
    • 1
  1. 1.Dept. of Mathematics GN-50University of WashingtonSeattleUSA

Personalised recommendations