CM-Curves with Good Cryptographic Properties
- Cite this paper as:
- Koblitz N. (1992) CM-Curves with Good Cryptographic Properties. In: Feigenbaum J. (eds) Advances in Cryptology — CRYPTO ’91. CRYPTO 1991. Lecture Notes in Computer Science, vol 576. Springer, Berlin, Heidelberg
Our purpose is to describe elliptic curves with complex multiplication which in characteristic 2 have the following useful properties for constructing Diffie-Hellman type cryptosystems: (1) they are nonsupersingular (so that one cannot use the Menezes-Okamoto-Vanstone reduction of discrete log from elliptic curves to finite fields); (2) the order of the group has a large prime factor (so that discrete logs cannot be computed by giant-step/baby-step or the Pollard rho method); (3) doubling of points can be carried out almost as efficiently as in the case of the supersingular curves used by Vanstone; (4) the curves are easy to find.