Designs, Codes and Cryptography

, Volume 49, Issue 1–3, pp 171–186 | Cite as

Extractors for binary elliptic curves

  • Reza Rezaeian Farashahi
  • Ruud Pellikaan
  • Andrey Sidorenko
Open Access


We propose a simple and efficient deterministic extractor for an ordinary elliptic curve E, defined over \(\mathbb{F}_{2^n}\) , where n = 2ℓ and ℓ is a positive integer. Our extractor, for a given point P on E, outputs the first \({\mathbb{F}}_{2^\ell}\) -coefficient of the abscissa of the point P. We also propose a deterministic extractor for the main subgroup G of E, where E has minimal 2-torsion. We show that if a point P is chosen uniformly at random in G, the bits extracted from the point P are indistinguishable from a uniformly random bit-string of length ℓ.


Elliptic curve Deterministic extractor Randomness 

AMS Classifications

14H52 14G50 94A60 


Open Access

This article is distributed under the terms of the Creative Commons Attribution Noncommercial License which permits any noncommercial use, distribution,and reproduction in any medium, provided the original author(s) and source are credited.


  1. Barker E., Kelsey J.: Recommendation for Random Number Generation Using Deterministic Random Bit Generators, December 2005. NIST Special Publication (SP) 800–90 (2005).Google Scholar
  2. Beelen P., Doumen J.M.: Pseudorandom sequences from elliptic curves. In: Finite Fields with Applications to Coding Theory, Cryptography and Related Areas, pp. 37–52. Springer-Verlag (2002).Google Scholar
  3. Beelen P., Pellikaan R. (2000). The Newton Polygon of plane curves with many rational points. Des. Codes Cryptogr. 21: 41–67zbMATHCrossRefMathSciNetGoogle Scholar
  4. Brown D., Gjøsteen K.: A security analysis of the NIST SP 800-90 elliptic curve random number generator. In: Advances in Cryptology–Crypto 2007. Lecture Notes in Computer Science, vol. 4622, pp. 466–481. Springer (2007).Google Scholar
  5. Chevassut O., Fouque P., Gaudry P., Pointcheval D.: The twist-augmented technique for key exchange. In: Public Key Cryptography–PKC 2006. Lecture Notes in Computer Science, vol. 3958, pp. 410–426. Springer-Verlag (2006).Google Scholar
  6. Ciet M., Quisquater J., Sica F.: A secure family of composite finite fields suitable for fast implementation of elliptic curve cryptography. In: INDOCRYPT2001. Lecture Notes in Computer Science, vol. 2247, pp. 108–116. Springer (2001).Google Scholar
  7. Farashahi R.R., Pellikaan R.: The quadratic extension extractor for (hyper) elliptic curves in odd characteristic. In: International workshop on the arithmetic of finite fields–WAIFI 2007. Lecture Notes in Computer Science, vol. 4547, pp. 219–236. Springer-Verlag (2007).Google Scholar
  8. Farashahi R.R., Schoenmakers B., Sidorenko A.: Efficient pseudorandom generators based on the DDH assumption. In: Public Key Cryptography–PKC 2007. Lecture Notes in Computer Science, vol. 4450, pp. 426–441. Springer-Verlag (2007).Google Scholar
  9. Fulton W.: Algebraic Curves: An Introduction to Algebraic Geometry. Addison-Wesley (1969).Google Scholar
  10. Galbraith S., Hess F., Smart N.P. (2002). Constructive and destructive facets of Weil descent on elliptic curves. J. Cryptol. 15(1): 19–46CrossRefGoogle Scholar
  11. Galbraith S., Hess F., Smart N.P.: Extending the GHS Weil descent attack. In: Advances in Cryptology–Eurocrypt. Lecture Notes in Computer Science, vol. 2332, pp. 29–44. Springer-Verlag (2002).Google Scholar
  12. Gong G., Berson T.A., Stinson D.R.: Elliptic curve pseudorandom sequence generators. In: Selected Areas in Cryptography–SAC 1999. Lecture Notes in Computer Science, vol. 1758, pp. 34–48. Springer-Verlag (2000).Google Scholar
  13. Gürel N.: Extracting bits from coordinates of a point of an elliptic curve. Cryptology ePrint Archive, Report 2005/324 (2005).
  14. Hankerson D., Menezes A., Vanstone S. (2004). Guide to Elliptic Curve Cryptography. Springer-Verlag, New York, USAzbMATHGoogle Scholar
  15. Hartshorne R. (1977). Algebraic Geometry. Grad. Texts Math, vol. 52. Springer-Verlag, New York, USAGoogle Scholar
  16. Hess F. (2004). Generalising the GHS attack on the elliptic curve discrete logarithm problem. LMS J. Comput. Math. 7: 167–192zbMATHMathSciNetGoogle Scholar
  17. Hess F., Shparlinski I.E. (2005). On the linear complexity and multidimensional distribution of congruential generators over elliptic curves. Des. Codes Cryptogr. 35(1): 111–117zbMATHCrossRefMathSciNetGoogle Scholar
  18. Itoh T., Tsujii S. (1989). Structure of parallel multipliers for a class of fields GF(2m). Inform. Comput. 83: 21–40zbMATHCrossRefMathSciNetGoogle Scholar
  19. Kaliski B.S.: A pseudo-random bit generator based on elliptic logarithms. In: Advances in Cryptology–Crypto 1986. Lecture Notes in Computer Science, vol. 263, pp. 84–103. Springer-Verlag (1987).Google Scholar
  20. Knudsen E.W.: Elliptic scalar multiplication using point halving. In: Advances in Cryptology–Asiacrypt 1999. Lecture Notes in Computer Science, vol. 1716, pp. 135–149. Springer-Verlag (1999).Google Scholar
  21. Kresch A., Wetherell J.L., Zieve M.E. (2002). Curves of every genus with many points, I: Abelian and toric families. J. Algebra 250: 353–370zbMATHCrossRefMathSciNetGoogle Scholar
  22. Lange T., Shparlinski I.E. (2005). Certain exponential sums and random walks on elliptic curves. Can. J. Math. 57(2): 338–350zbMATHMathSciNetGoogle Scholar
  23. Lange T., Shparlinski I.E. (2007). Distribution of some sequences of points on elliptic curves. J. Math. Crypt. 1: 1–11zbMATHCrossRefMathSciNetGoogle Scholar
  24. Lidl R., Niederreiter H.: Introduction to Finite Fields and Their Applications. Cambridge University Press (1994).Google Scholar
  25. Luby M. (1994). Pseudorandomness and Cryptographic Applications. Princeton University Press, USAGoogle Scholar
  26. Maurer M., Menezes A., Teske E. (2002). Analysis of the GHS Weil descent attack on the ECDLP over characteristic two finite fields of composite degree. LMS J. Comput. Math. 5: 127–174zbMATHMathSciNetGoogle Scholar
  27. Menezes A., Teske E. (2006). Cryptographic implications of Hess’ generalized GHS attack. Appl. Algebra Eng. Commun. Comput.—AAECC 16(6): 439–460zbMATHCrossRefMathSciNetGoogle Scholar
  28. Menezes A., Okamoto T., Vanstone S. (1993). Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Inform. Theory 39: 1639–1646zbMATHCrossRefMathSciNetGoogle Scholar
  29. Schoenmakers B., Sidorenko A.: Cryptanalysis of the dual elliptic curve pseudorandom generator. Cryptology ePrint Archive, Report 2006/190 (2006).
  30. Schroeppel R.: Elliptic curves: twice as fast!, 2000. Presentation at the Crypto 2000 Rump Session.Google Scholar
  31. Seroussi G.: Compact representation of elliptic curve points over F2n. Tech. Report HPL-98-94R1, Hewlett–Packard Laboratories (1998).Google Scholar
  32. Shaltiel R. (2002). Recent developments in explicit constructions of extractors. Bull. EATCS 77: 67–95zbMATHMathSciNetGoogle Scholar
  33. Shparlinski I.E. (2000). On the Naor-Reingold pseudo-random function from elliptic curves. Appl. Algebra Engrg. Comm. Comput.—AAECC 11(1): 27–34zbMATHCrossRefMathSciNetGoogle Scholar
  34. Silverman J.H.: Fast multipication in finite fields GF(2N). In: Cryptographic Hardware and Embedded Systems–CHES 1999. Lecture Notes in Computer Science, vol. 1717, pp. 122–134. Springer-Verlag (1999).Google Scholar
  35. Solinas J.A. (2000). Efficient arithmetic on Koblitz curves. Des. Codes Cryptogr. 19: 195–249zbMATHCrossRefMathSciNetGoogle Scholar
  36. Trevisan L., Vadhan S.: Extracting randomness from samplable distributions. In: IEEE Symposium on Foundations of Computer Science, 2000, pp. 32–42.Google Scholar

Copyright information

© The Author(s) 2008

Authors and Affiliations

  • Reza Rezaeian Farashahi
    • 1
    • 2
  • Ruud Pellikaan
    • 1
  • Andrey Sidorenko
    • 3
  1. 1.Department of Mathematics and Computer ScienceTU EindhovenEindhovenThe Netherlands
  2. 2.Department of Mathematical SciencesIsfahan University of TechnologyIsfahanIran
  3. 3.Brightsight BVDelftThe Netherlands

Personalised recommendations