## Abstract

In recent years one-way functions have been shown to have important applications in cryptography, especially one-way functions that are also permutations. But even with the generality of this research, no function is known to be one-way and the few specific permutations believed to be one-way are all invertible in subexponential time. Elliptic curves offer new permutations that appear to require exponential time for inversion. The permutations are essentially generalizations of discrete exponentiation that rely on newly demonstrated correspondences between elements of elliptic curves and the integers.

## References

L. Adleman, A subexponential algorithm for the discrete logarithm problem with applications to cryptography,

*Proceedings of the 20th Annual Symposium on Foundations of Computer Science*, IEEE, New York, 1979, pp. 55–60.L. Adleman and M. Huang, Recognizing primes in random polynomial time,

*Proceedings of the 19th Annual ACM Symposium on Theory of Computing*, ACM, New York, 1987, pp. 462–470.E. Bach, How to generate factored random numbers,

*SIAM Journal on Computing*, vol. 17 (1988), pp. 179–193. Previously appeared in*Proceedings of the 15th Annual ACM Symposium on Theory of Computing*, ACM, New York, 1983, pp. 184–188.M. Blum, Coin flipping by telephone,

*Proceedings of IEEE Spring COMPCON*, 1982, pp. 133–137.M. Blum and S. Micali, How to generate cryptographically strong sequences of pseudo-random bits,

*SIAM Journal on Computing*, vol. 13 (1984), pp. 850–864. Previously appeared in*Proceedings of the*23rd*Annual Symposium on Foundations of Computer Science*, IEEE, New York, 1982, pp. 112–117.R. Boppana and R. Hirschfeld, Pseudorandom generators and compexity classes,

*Advances in Computing Research*, vol. 5 (1989), pp. 1–26.D. V. Chudnovsky and G. V. Chudnovsky, Sequences of numbers generated by additions in formal groups and new primality and factorization tests,

*Advances in Applied Mathematics*, vol. 7 (1986), pp. 385–434.D. Coppersmith, A. M. Odlyzko, and R. Schroeppel, Discrete logarithms in GF(p),

*Algorithmica*, vol. 1 (1986), pp. 1–15.W. Diffie and M. E. Hellman, New directions in cryptography,

*IEEE Transactions on Information Theory*, vol. 22 (1976), pp. 644–654.O. Goldreich, H. Krawczyk, and M. Luby, On the existence of pseudorandom generators,

*Proceedings of the 29th Annual Symposium on Foundations of Computer Science*, IEEE, New York, 1988, pp. 12–24.O. Goldreich and L. Levin, A hard-core predicate for all one-way functions,

*Proceedings of the*21st*Annual ACM Symposium on Theory of Computing*, ACM, New York, 1989, pp. 25–32.S. Goldwasser and J. Kilian, Almost all primes can be quickly certified,

*Proceedings of the*18th*Annual ACM Symposium on Theory of Computing*, ACM, New York, 1986, pp. 316–329.R. Impagliazzo, L. Levin, and M. Luby, Pseudo-random generation from one-way functions,

*Proceedings of the 21st Annual ACM Symposium on Theory of Computing*, ACM, New York, 1989, pp. 12–24.R. Impagliazzo and S. Rudich, Limits on the provable consequences of one-way permutations,

*Proceedings of the 21st Annual ACM Symposium on Theory of Computing*, ACM, New York, 1989, pp. 44–61.B. S. Kaliski, Jr., A pseudo-random bit generator based on elliptic logarithms,

*Advances in Cryptology: Proceedings of Crypto*'86 (Lecture Notes in Computer Science, vol. 263), Springer-Verlag, New York, 1987, pp. 84–103.B. S. Kaliski, Jr., Elliptic Curves and Cryptography: A Pseudorandom Bit Generator and Other Tools, Ph.D. thesis, MIT/LCS/TR-411, Department of EECS, MIT, Cambridge, MA, 1988.

N. Koblitz, Elliptic curve cryptosystems,

*Mathematics of Computation*, vol. 48 (1987), pp. 203–209.A. K. Lenstra and H. W. Lenstra, Jr., Algorithms in number theory, in J. van Leeuwen, ed.,

*Handbook of Theoretical Computer Science*, vol. A,*Algorithms and Complexity*, Elsevier, Amsterdam, and MIT Press, Cambridge, MA, 1990, pp. 673–715.H. W. Lenstra, Jr., Factoring integers with elliptic curves,

*Annual of Mathematics*, vol. 126 (1987), pp. 649–673.L. Levin, One-way functions and pseudorandom generators,

*Combinatorica*, vol. 7 (1987), pp. 357–363. Previously appeared in*Proceedings of the*17th*Annual ACM Symposium on Theory of Computing*, ACM, New York, 1985, pp. 363–365.A. Menezes and S. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field, talk presented at Crypto '90 (Santa Barbara, CA, August 12–15, 1990).

V. Miller, Use of elliptic curves in cryptography,

*Advances in Cryptology: Proceedings of Crypto*'85 (Lecture Notes in Computer Science, vol. 218), Springer-Verlag, New York, 1986, pp. 417–426.S. C. Pohlig and M. Hellman, An improved algorithm for computing logarithms over

*GF(p)*and its cryptographic significance,*IEEE Transactions on Information Theory*, vol. 24 (1978), pp. 106–110.C. Pomerance, Fast, rigorous factorization and discrete logarithm algorithms, in D. S. Johnson

*et al.*, eds.,*Discrete Algorithms and Complexity (Kyoto*, 1986) (Perspectives in Computing, vol. 15), Academic Press, Boston, 1987, pp. 119–143.M. O. Rabin, Digital Signatures and Public Key Functions as Intractable as Factorization, MIT/LCS/TR-212, MIT, Cambridge, MA, 1979.

R. Rivest, A. Shamir, and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems,

*Communications of the ACM*, vol. 21 (1978), pp. 120–126.R. J. Schoof, Elliptic curves over finite fields and the computation of square roots and mod

*p*,*Mathematics of Computation*, vol. 44 (1985), pp. 483–494.J. Silverman,

*The Arithmetic of Elliptic Curves*(Graduate Texts in Mathematics, vol. 106), Springer-Verlag, New York, 1986.A. Yao, Theory and applications of trapdoor functions, in

*Proceedings of the 23rd Annual Symposium on Foundations of Computer Science*, IEEE, New York, 1982, pp. 80–91.

## Author information

### Authors and Affiliations

## Additional information

Support for this research was provided in part by the National Science Foundation under Contract Number MCS-8006938. A preliminary version appeared as part of an MIT Ph.D. thesis [16]. Part of this work was done while the author was visiting Rochester Institute of Technology.

## Rights and permissions

## About this article

### Cite this article

Kaliski, B.S. One-way permutations on elliptic curves.
*J. Cryptology* **3, **187–199 (1991). https://doi.org/10.1007/BF00196911

Received:

Revised:

Issue Date:

DOI: https://doi.org/10.1007/BF00196911

### Key words

- Cryptography
- Discrete logarithms
- Elliptic curves
- One-way functions