Abstract
One of the main difficulties for implementing cryptographic schemes based on elliptic curves defined over finite fields is the necessary computation of the cardinality of these curves. In the case of finite fields \( \mathbb{F}_{{\text{2}}^n } \), recent theoretical breakthroughs yield a significant speed up of the computations. Once described some of these ideas in the first part of this paper, we show that our current implementation runs from 2 up to 10 times faster than what was done previously. In the second part, we exhibit a slight change of Schoof’s algorithm to choose curves with a number of points “nearly” prime and so construct cryptosystems based on random elliptic curves instead of specific curves as it used to be.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
A. Bender and G. Castagnoli. On the implementation of elliptic curve cryptosystems. In G. Brassard, editor, Advances in Cryptology, volume 435 of Lecture Notes in Comput. Sci., pages 186–192. Springer-Verlag, 1989. Proc. Crypto’ 89, Santa Barbara, August 20–24.
J.-M. Couveignes, L. Dewaghe, and F. Morain. Isogeny cycles and the Schoof-Elkies-Atkin algorithm. Research Report LIX/RR/96/03, LIX, April 1996.
B. W. Char, K. O. Geddes, G. H. Gonnet, and S. M. Watt. MAPLE Reference Manual, Fourth Edition. Symbolic Computation Group, Department of Computer Science, University of Waterloo, 1985.
F. Chabaud and R. Lercier. A new toolbox for finite extensions of finite fields. Rapport technique, Laboratoire d’Informatique de l’École polytechnique (LIX), 1996. In preparation.
F. Chabaud and R. Lercier. ZEN, User Manual. Laboratoire d’Informatique de l’École polytechnique (LIX), 1996. Available at http://lix.polytechnique.fr/~zen/.
J.-M. Couveignes and F. Morain. Schoof’s algorithm and isogeny cycles. In L. Adleman and M.-D. Huang, editors, ANTS-I, volume 877 of Lecture Notes in Comput. Sci., pages 43–58. Springer-Verlag, 1994. 1st Algorithmic Number Theory Symposium — Cornell University, May 6–9, 1994.
J.-M. Couveignes. Quelques calculs en théorie des nombres. Thèse, Université de Bordeaux I, July 1994.
J.-M. Couveignes. Computing l-isogenies with the p-torsion. In H. Cohen, editor, ANTS-II, volume 1122 of Lecture Notes in Comput. Sci., pages 59–65. Springer-Verlag, 1996.
J. M. Couveignes. Isomorphisms between towers of artin-schreier exetensions over a finite fields. Draft, 1997.
J. Chao, K. Tanada, and S. Tsujii. Design of elliptic curves with controllable lower boundary of extension degree for reduction attacks. In Y. Desmedt, editor, Advances in Cryptology — CRYPTO’ 94, volume 839 of Lecture Notes in Comput. Sci., pages 50–55. Springer-Verlag, 1994. Proc. 14th Annual International Cryptology Conference, Santa Barbara, Ca, USA, August 21–25.
G. Harper, A. Menezes, and S. Vanstone. Public-key cryptosystems with very small key length. In R. A. Rueppel, editor, Advances in Cryptology — EUROCRYPT’ 92, volume 658 of Lecture Notes in Comput. Sci., pages 163–173. Springer-Verlag, 1993. Workshop on the Theory and Application of Cryptographic Techniques, Balatonfüred, Hungary, May 24–28, 1992, Proceedings.
E. W. Howe. On the group orders of elliptic curves over finite fields. Compositio Mathematica, 85:229–247, 1993.
B. S. Kaliski, Jr. A pseudo-random bit generator based on elliptic logarithms. In Proc. Crypto 86, volume 263 of Lecture Notes in Comput. Sci., 1986. Proceedings Crypto’ 86, Santa Barbara (USA), August 11–15, 1986.
N. Koblitz. Elliptic curve cryptosystems. Math. Comp., 48(177):203–209, January 1987.
N. Koblitz. Primality of the number of points on an elliptic curve over a finite field. Pacific Journal of Mathematics, 131(1):157–165, 1988.
N. Koblitz. Elliptic curve implementation of zero-knowledge blobs. Journal of Cryptology, 4(3):207–213, 1991.
H. W. Lenstra, Jr. Factoring integers with elliptic curves. Annals of Math., 126:649–673, 1987.
R. Lercier. Computing isogenies in GF(2n). In H. Cohen, editor, ANTS-II, volume 1122 of Lecture Notes in Comput. Sci., pages 197–212. Springer-Verlag, 1996.
R. Lercier. Courbes elliptiques et cryptographie. Thèse, École polytechnique, 1997. Draft.
R. Lercier and F. Morain. Counting the number of points on elliptic curves over finite fields: strategies and performances. In L. C. Guillou and J.-J. Quisquater, editors, Advances in Cryptology — EUROCRYPT’ 95, number 921 in Lecture Notes in Comput. Sci., pages 79–94, 1995. International Conference on the Theory and Application of Cryptographic Techniques, Saint-Malo, France, May 1995, Proceedings.
R. Lercier and F. Morain. Counting the number of points on elliptic curves over F p n using Couveignes’s algorithm. Rapport de Recherche LIX/RR/95/09, Laboratoire d’Informatique de l’École poly-technique (LIX), 1995. Available at http://lix.polytechnique.fr/~morain/Articles.
G.-J. Lay and H. G. Zimmer. Constructing elliptic curves with given group order over large finite fields. In L. Adleman and M.-D. Huang, editors, ANTS-I, volume 877 of Lecture Notes in Comput. Sci., pages 250–263. Springer-Verlag, 1994. 1st Algorithmic Number Theory Symposium-Cornell University, May 6–9, 1994.
A. J. Menezes. Elliptic curve public key cryptosystems. Kluwer Academic Publishers, 1993.
V. Miller. Use of elliptic curves in cryptography. In A. M. Odlyzko, editor, Advances in Cryptology, volume 263 of Lecture Notes in Comput. Sci., pages 417–426. Springer-Verlag, 1987. Proceedings Crypto’ 86, Santa Barbara (USA), August 11–15, 1986.
A. Miyaji. On ordinary elliptic curve cryptosystems. In Advances in Cryptology — ASIACRYPT’ 91, volume 739 of Lecture Notes in Comput. Sci., pages 50–55. Springer-Verlag, 1991.
A. Miyaji. Elliptic curves over F p suitable for cryptosystems. In J. Seberry and Y. Zheng, editors, Advances in cryptology — AUSCRYPT’ 92, volume 718 of Lecture Notes in Comput. Sci., pages 479–491. Springer-Verlag, 1993. Workshop on the theory and application of cryptographic techniques, Gold Coast, Queensland, Australia, December 13–16, 1992.
F. Morain. Courbes elliptiques et tests de primalité. PhD thesis, Université Claude Bernard-Lyon I, September 1990.
F. Morain. Building cyclic elliptic curves modulo large primes. In D. Davies, editor, Advances in Cryptology — EUROCRYPT’ 91, volume 547 of Lecture Notes in Comput. Sci., pages 328–336. Springer-Verlag, 1991. Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques, Brighton, United Kingdom, April 8–11, 1991.
F. Morain. Classes d’isomorphismes des courbes elliptiques supersingulières en caractéristique ≥ 3. To appear in Utilitas Mathematica. Available at http://lix.polytechnique.fr/~morain/, March 1996.
A. Menezes, T. Okamoto, and S. A. Vanstone. Reducing elliptic curves logarithms to logarithms in a finite field. IEEETIT, 39(5):1639–1646, 1993.
V. Müller. Ein Algorithmus zur Bestimmung der Punktanzahl elliptischer Kurven über endlichen Körpern der Charakteristik größer drei. PhD thesis, Technischen Fakultät der Universität des Saarlandes, 1995.
A. Menezes and S. A. Vanstone. The implementation of elliptic curve cryptosystems. In J. Seberry and J. Pieprzyk, editors, Advances in Cryptology, number 453 in Lecture Notes in Comput. Sci., pages 2–13. Springer-Verlag, 1990. Proceedings Auscrypt’ 90, Sysdney (Australia), January 1990.
A. J. Menezes, S. A. Vanstone, and R. J. Zuccherato. Counting points on elliptic curves over F 2 m. Math. Comp., 60(201):407–420, January 1993.
S. Pohlig and M. Hellman. An improved algorithm for computing logarithms over gf(p) and its cryptographic significance. IEEE Transactions on Information Theory, 24:106–110, 1978.
J. M. Pollard. Monte Carlo methods for index computation (mod p). Math. Comp., 32(143):918–924, July 1978.
R. Schoof. Elliptic curves over finite fields and the computation of square roots mod p. Math. Comp., 44:483–494, 1985.
R. Schoof. Counting points on elliptic curves over finite fields. J. Théor. Nombres Bordeaux, 7:219–254, 1995. Available at http://www.emath.fr/Maths/Jtnb/jtnb1995-1.html.
D. Shanks. Class number, a theory of factorization, and genera. In Proc. Symp. Pure Math. vol. 20, pages 415–440. AMS, 1971.
J. H. Silverman. The arithmetic of elliptic curves, volume 106 of Graduate Texts in Mathematics. Springer, 1986.
R. Schroeppel, H. Orman, S. O’Malley, and O. Spatscheck. Fast key exchange with elliptic curve systems. In Don Coppersmith, editor, Advances in Cryptology — CRYPTO’ 95, volume 963 of Lecture Notes in Comput. Sci., pages 44–56. Springer-Verlag, 1995.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1997 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lercier, R. (1997). Finding Good Random Elliptic Curves for Cryptosystems Defined over \( \mathbb{F}_{{\text{2}}^n } \) . In: Fumy, W. (eds) Advances in Cryptology — EUROCRYPT ’97. EUROCRYPT 1997. Lecture Notes in Computer Science, vol 1233. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-69053-0_26
Download citation
DOI: https://doi.org/10.1007/3-540-69053-0_26
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-62975-7
Online ISBN: 978-3-540-69053-5
eBook Packages: Springer Book Archive