Advertisement

Generating Prime Order Elliptic Curves: Difficulties and Efficiency Considerations

  • Elisavet Konstantinou
  • Aristides Kontogeorgis
  • Yannis C. Stamatiou
  • Christos Zaroliagis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3506)

Abstract

We consider the generation of prime order elliptic curves (ECs) over a prime field \(\mathbb{F}_p\) using the Complex Multiplication (CM) method. A crucial step of this method is to compute the roots of a special type of class field polynomials with the most commonly used being the Hilbert and Weber ones, uniquely determined by the CM discriminant D. In attempting to construct prime order ECs using Weber polynomials two difficulties arise (in addition to the necessary transformations of the roots of such polynomials to those of their Hilbert counterparts). The first one is that the requirement of prime order necessitates that D ≡ 3 (mod 8), which gives Weber polynomials with degree three times larger than the degree of their corresponding Hilbert polynomials (a fact that could affect efficiency). The second difficulty is that these Weber polynomials do not have roots in \(\mathbb{F}_p\). In this paper we show how to overcome the above difficulties and provide efficient methods for generating ECs of prime order supported by a thorough experimental study. In particular, we show that such Weber polynomials have roots in \(\mathbb{F}_{p^3}\) and present a set of transformations for mapping roots of Weber polynomials in \(\mathbb{F}_{p^3}\) to roots of their corresponding Hilbert polynomials in \(\mathbb{F}_{p}\). We also show how a new class of polynomials, with degree equal to their corresponding Hilbert counterparts (and hence having roots in \(\mathbb{F}_{p}\)), can be used in the CM method to generate prime order ECs. Finally, we compare experimentally the efficiency of using this new class against the use of the aforementioned Weber polynomials.

Keywords

Elliptic Curve Cryptosystems Generation of Prime Order Elliptic Curves Complex Multiplication Class Field Polynomials 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Atkin, A.O.L., Morain, F.: Elliptic curves and primality proving. Mathematics of Computation 61, 29–67 (1993)zbMATHMathSciNetCrossRefGoogle Scholar
  2. 2.
    Baier, H.: Elliptic Curves of Prime Order over Optimal Extension Fields for Use in Cryptography. In: Pandu Rangan, C., Ding, C. (eds.) INDOCRYPT 2001. LNCS, vol. 2247, pp. 99–107. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Baier, H.: Efficient Algorithms for Generating Elliptic Curves over Finite Fields Suitable for Use in Cryptography, PhD Thesis, Dept. of Computer Science, Technical Univ. of Darmstadt (May 2002)Google Scholar
  4. 4.
    Berlekamp, E.R.: Factoring polynomials over large finite fields. Mathematics of Computation 24, 713–735 (1970)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Blake, I., Seroussi, G., Smart, N.: Elliptic curves in cryptography. London Mathematical Society Lecture Note Series, vol. 265. Cambridge University Press, Cambridge (1999)zbMATHGoogle Scholar
  6. 6.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Cohen, H.: A Course in Computational Algebraic Number Theory. Graduate Texts in Mathematics, vol. 138. Springer, Berlin (1993)zbMATHGoogle Scholar
  8. 8.
    Cox, D.A.: Primes of the form x 2 + ny 2. John Wiley and Sons, New York (1989)Google Scholar
  9. 9.
    Enge, A., Morain, F.: Comparing invariants for class fields of imaginary quadratic fields. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 252–266. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Enge, A., Schertz, R.: Constructing elliptic curves from modular curves of positive genus, Preprint (2003)Google Scholar
  11. 11.
    Galbraith, S., McKee, J.: The probability that the number of points on an elliptic curve over a finite field is prime. Journal of the London Mathematical Society 62(3), 671–684 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    GNU multiple precision library, edn. 3.1.1 (September 2000), Available at http://www.swox.com/gmp
  13. 13.
    IEEE P1363/D13, Standard Specifications for Public-Key Cryptography (1999), http://grouper.ieee.org/groups/1363/tradPK/draft.html
  14. 14.
    Kaltofen, E., Yui, N.: Explicit construction of the Hilbert class fields of imaginary quadratic fields by integer lattice reduction. Research Report 89-13, Rensselaer Polytechnic Institute (May 1989)Google Scholar
  15. 15.
    Konstantinou, E., Stamatiou, Y., Zaroliagis, C.: On the Efficient Generation of Elliptic Curves over Prime Fields. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 333–348. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Konstantinou, E., Stamatiou, Y.C., Zaroliagis, C.: On the Construction of Prime Order Elliptic Curves. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 309–322. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Lay, G.J., Zimmer, H.: Constructing Elliptic Curves with Given Group Order over Large Finite Fields. In: Huang, M.-D.A., Adleman, L.M. (eds.) ANTS 1994. LNCS, vol. 877, pp. 250–263. Springer, Heidelberg (1994)Google Scholar
  18. 18.
    Menezes, A.J., Okamoto, T., Vanstone, S.A.: Reducing elliptic curve logarithms to a finite field. IEEE Trans. Info. Theory 39, 1639–1646 (1993)zbMATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Miyaji, A., Nakabayashi, M., Takano, S.: Characterization of Elliptic Curve Traces under FR-reduction. In: Won, D. (ed.) ICISC 2000. LNCS, vol. 2015, pp. 90–108. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  20. 20.
    Miyaji, A., Nakabayashi, M., Takano, S.: New explicit conditions of elliptic curve traces for FR-reduction. IEICE Transactions on Fundamentals E84-A(5), 1234-1243 (2001)Google Scholar
  21. 21.
    Morain, F.: Modular curves and class invariants, Preprint (June 2000)Google Scholar
  22. 22.
    Morain, F.: Computing the cardinality of CM elliptic curves using torsion points, Preprint (October 2002)Google Scholar
  23. 23.
    Nogami, Y., Morikawa, Y.: Fast generation of elliptic curves with prime order over \(F_{p^{2^c}}\). In: Proc. of the International workshop on Coding and Cryptography (March 2003)Google Scholar
  24. 24.
    Pohlig, G.C., Hellman, M.E.: An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Trans. Info. Theory 24, 106–110 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  25. 25.
    Satoh, T., Araki, K.: Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves. Comm. Math. Univ. Sancti Pauli 47, 81–91 (1998)zbMATHMathSciNetGoogle Scholar
  26. 26.
    Savaş, E., Schmidt, T.A., Koç, Ç.K.: Generating Elliptic Curves of Prime Order. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 145–161. Springer, Heidelberg (2001)Google Scholar
  27. 27.
    Schertz, R.: Weber’s class invariants revisited. Journal de Théorie des Nombres de Bordeaux 4, 325-343 (2002)Google Scholar
  28. 28.
    Schoof, R.: Counting points on elliptic curves over finite fields. J. Theorie des Nombres de Bordeaux 7, 219–254 (1995)zbMATHMathSciNetGoogle Scholar
  29. 29.
    Scott, M., Barreto, P.S.L.M.: Generating more MNT elliptic curves, Cryptology ePrint Archive, Report 2004/058 (2004)Google Scholar
  30. 30.
    Silverman, J.H.: The Arithmetic of Elliptic Curves. GTM 106. Springer, Heidelberg (1986)zbMATHGoogle Scholar
  31. 31.
    Stewart, I.: Galois Theory, 3rd edn. Chapman & Hall/CRC, Boca Raton (2004)zbMATHGoogle Scholar
  32. 32.
    Stewart, I., Tall, D.: Algebraic Number Theory, 2nd edn. Chapman & Hall, London (1987)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Elisavet Konstantinou
    • 1
    • 2
  • Aristides Kontogeorgis
    • 3
  • Yannis C. Stamatiou
    • 1
    • 3
    • 4
  • Christos Zaroliagis
    • 1
    • 2
  1. 1.Computer Technology InstitutePatrasGreece
  2. 2.Dept of Computer Eng. & InformaticsUniv. of PatrasPatrasGreece
  3. 3.Dept of MathematicsUniv. of the AegeanKarlovassiGreece
  4. 4.Joint Research Group (JRG) on Communications and Information Systems SecurityUniv. of the Aegean and Athens Univ. of Economics and Business 

Personalised recommendations