Designs, Codes and Cryptography

, Volume 49, Issue 1–3, pp 171–186 | Cite as

Extractors for binary elliptic curves

  • Reza Rezaeian Farashahi
  • Ruud Pellikaan
  • Andrey Sidorenko
Open Access


We propose a simple and efficient deterministic extractor for an ordinary elliptic curve E, defined over \(\mathbb{F}_{2^n}\) , where n = 2ℓ and ℓ is a positive integer. Our extractor, for a given point P on E, outputs the first \({\mathbb{F}}_{2^\ell}\) -coefficient of the abscissa of the point P. We also propose a deterministic extractor for the main subgroup G of E, where E has minimal 2-torsion. We show that if a point P is chosen uniformly at random in G, the bits extracted from the point P are indistinguishable from a uniformly random bit-string of length ℓ.


Elliptic curve Deterministic extractor Randomness 

AMS Classifications

14H52 14G50 94A60 


Open Access

This article is distributed under the terms of the Creative Commons Attribution Noncommercial License which permits any noncommercial use, distribution,and reproduction in any medium, provided the original author(s) and source are credited.


  1. Barker E., Kelsey J.: Recommendation for Random Number Generation Using Deterministic Random Bit Generators, December 2005. NIST Special Publication (SP) 800–90 (2005).Google Scholar
  2. Beelen P., Doumen J.M.: Pseudorandom sequences from elliptic curves. In: Finite Fields with Applications to Coding Theory, Cryptography and Related Areas, pp. 37–52. Springer-Verlag (2002).Google Scholar
  3. Beelen P., Pellikaan R. (2000). The Newton Polygon of plane curves with many rational points. Des. Codes Cryptogr. 21: 41–67MATHCrossRefMathSciNetGoogle Scholar
  4. Brown D., Gjøsteen K.: A security analysis of the NIST SP 800-90 elliptic curve random number generator. In: Advances in Cryptology–Crypto 2007. Lecture Notes in Computer Science, vol. 4622, pp. 466–481. Springer (2007).Google Scholar
  5. Chevassut O., Fouque P., Gaudry P., Pointcheval D.: The twist-augmented technique for key exchange. In: Public Key Cryptography–PKC 2006. Lecture Notes in Computer Science, vol. 3958, pp. 410–426. Springer-Verlag (2006).Google Scholar
  6. Ciet M., Quisquater J., Sica F.: A secure family of composite finite fields suitable for fast implementation of elliptic curve cryptography. In: INDOCRYPT2001. Lecture Notes in Computer Science, vol. 2247, pp. 108–116. Springer (2001).Google Scholar
  7. Farashahi R.R., Pellikaan R.: The quadratic extension extractor for (hyper) elliptic curves in odd characteristic. In: International workshop on the arithmetic of finite fields–WAIFI 2007. Lecture Notes in Computer Science, vol. 4547, pp. 219–236. Springer-Verlag (2007).Google Scholar
  8. Farashahi R.R., Schoenmakers B., Sidorenko A.: Efficient pseudorandom generators based on the DDH assumption. In: Public Key Cryptography–PKC 2007. Lecture Notes in Computer Science, vol. 4450, pp. 426–441. Springer-Verlag (2007).Google Scholar
  9. Fulton W.: Algebraic Curves: An Introduction to Algebraic Geometry. Addison-Wesley (1969).Google Scholar
  10. Galbraith S., Hess F., Smart N.P. (2002). Constructive and destructive facets of Weil descent on elliptic curves. J. Cryptol. 15(1): 19–46CrossRefGoogle Scholar
  11. Galbraith S., Hess F., Smart N.P.: Extending the GHS Weil descent attack. In: Advances in Cryptology–Eurocrypt. Lecture Notes in Computer Science, vol. 2332, pp. 29–44. Springer-Verlag (2002).Google Scholar
  12. Gong G., Berson T.A., Stinson D.R.: Elliptic curve pseudorandom sequence generators. In: Selected Areas in Cryptography–SAC 1999. Lecture Notes in Computer Science, vol. 1758, pp. 34–48. Springer-Verlag (2000).Google Scholar
  13. Gürel N.: Extracting bits from coordinates of a point of an elliptic curve. Cryptology ePrint Archive, Report 2005/324 (2005).
  14. Hankerson D., Menezes A., Vanstone S. (2004). Guide to Elliptic Curve Cryptography. Springer-Verlag, New York, USAMATHGoogle Scholar
  15. Hartshorne R. (1977). Algebraic Geometry. Grad. Texts Math, vol. 52. Springer-Verlag, New York, USAGoogle Scholar
  16. Hess F. (2004). Generalising the GHS attack on the elliptic curve discrete logarithm problem. LMS J. Comput. Math. 7: 167–192MATHMathSciNetGoogle Scholar
  17. Hess F., Shparlinski I.E. (2005). On the linear complexity and multidimensional distribution of congruential generators over elliptic curves. Des. Codes Cryptogr. 35(1): 111–117MATHCrossRefMathSciNetGoogle Scholar
  18. Itoh T., Tsujii S. (1989). Structure of parallel multipliers for a class of fields GF(2m). Inform. Comput. 83: 21–40MATHCrossRefMathSciNetGoogle Scholar
  19. Kaliski B.S.: A pseudo-random bit generator based on elliptic logarithms. In: Advances in Cryptology–Crypto 1986. Lecture Notes in Computer Science, vol. 263, pp. 84–103. Springer-Verlag (1987).Google Scholar
  20. Knudsen E.W.: Elliptic scalar multiplication using point halving. In: Advances in Cryptology–Asiacrypt 1999. Lecture Notes in Computer Science, vol. 1716, pp. 135–149. Springer-Verlag (1999).Google Scholar
  21. Kresch A., Wetherell J.L., Zieve M.E. (2002). Curves of every genus with many points, I: Abelian and toric families. J. Algebra 250: 353–370MATHCrossRefMathSciNetGoogle Scholar
  22. Lange T., Shparlinski I.E. (2005). Certain exponential sums and random walks on elliptic curves. Can. J. Math. 57(2): 338–350MATHMathSciNetGoogle Scholar
  23. Lange T., Shparlinski I.E. (2007). Distribution of some sequences of points on elliptic curves. J. Math. Crypt. 1: 1–11MATHCrossRefMathSciNetGoogle Scholar
  24. Lidl R., Niederreiter H.: Introduction to Finite Fields and Their Applications. Cambridge University Press (1994).Google Scholar
  25. Luby M. (1994). Pseudorandomness and Cryptographic Applications. Princeton University Press, USAGoogle Scholar
  26. Maurer M., Menezes A., Teske E. (2002). Analysis of the GHS Weil descent attack on the ECDLP over characteristic two finite fields of composite degree. LMS J. Comput. Math. 5: 127–174MATHMathSciNetGoogle Scholar
  27. Menezes A., Teske E. (2006). Cryptographic implications of Hess’ generalized GHS attack. Appl. Algebra Eng. Commun. Comput.—AAECC 16(6): 439–460MATHCrossRefMathSciNetGoogle Scholar
  28. Menezes A., Okamoto T., Vanstone S. (1993). Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Inform. Theory 39: 1639–1646MATHCrossRefMathSciNetGoogle Scholar
  29. Schoenmakers B., Sidorenko A.: Cryptanalysis of the dual elliptic curve pseudorandom generator. Cryptology ePrint Archive, Report 2006/190 (2006).
  30. Schroeppel R.: Elliptic curves: twice as fast!, 2000. Presentation at the Crypto 2000 Rump Session.Google Scholar
  31. Seroussi G.: Compact representation of elliptic curve points over F2n. Tech. Report HPL-98-94R1, Hewlett–Packard Laboratories (1998).Google Scholar
  32. Shaltiel R. (2002). Recent developments in explicit constructions of extractors. Bull. EATCS 77: 67–95MATHMathSciNetGoogle Scholar
  33. Shparlinski I.E. (2000). On the Naor-Reingold pseudo-random function from elliptic curves. Appl. Algebra Engrg. Comm. Comput.—AAECC 11(1): 27–34MATHCrossRefMathSciNetGoogle Scholar
  34. Silverman J.H.: Fast multipication in finite fields GF(2N). In: Cryptographic Hardware and Embedded Systems–CHES 1999. Lecture Notes in Computer Science, vol. 1717, pp. 122–134. Springer-Verlag (1999).Google Scholar
  35. Solinas J.A. (2000). Efficient arithmetic on Koblitz curves. Des. Codes Cryptogr. 19: 195–249MATHCrossRefMathSciNetGoogle Scholar
  36. Trevisan L., Vadhan S.: Extracting randomness from samplable distributions. In: IEEE Symposium on Foundations of Computer Science, 2000, pp. 32–42.Google Scholar

Copyright information

© The Author(s) 2008

Authors and Affiliations

  • Reza Rezaeian Farashahi
    • 1
    • 2
  • Ruud Pellikaan
    • 1
  • Andrey Sidorenko
    • 3
  1. 1.Department of Mathematics and Computer ScienceTU EindhovenEindhovenThe Netherlands
  2. 2.Department of Mathematical SciencesIsfahan University of TechnologyIsfahanIran
  3. 3.Brightsight BVDelftThe Netherlands

Personalised recommendations