Constructing Elliptic Curves with Prescribed Embedding Degrees

  • Paulo S. L. M. Barreto
  • Ben Lynn
  • Michael Scott
Conference paper

DOI: 10.1007/3-540-36413-7_19

Part of the Lecture Notes in Computer Science book series (LNCS, volume 2576)
Cite this paper as:
Barreto P.S.L.M., Lynn B., Scott M. (2003) Constructing Elliptic Curves with Prescribed Embedding Degrees. In: Cimato S., Persiano G., Galdi C. (eds) Security in Communication Networks. SCN 2002. Lecture Notes in Computer Science, vol 2576. Springer, Berlin, Heidelberg


Pairing-based cryptosystems depend on the existence of groups where the Decision Diffie-Hellman problem is easy to solve, but the Computational Diffie-Hellman problem is hard. Such is the case of elliptic curve groups whose embedding degree is large enough to maintain a good security level, but small enough for arithmetic operations to be feasible. However, the embedding degree for most elliptic curves is enormous, and the few previously known suitable elliptic curves have embedding degree k ≤ 6. In this paper, we examine criteria for curves with larger k that generalize prior work by Miyaji et al. based on the properties of cyclotomic polynomials, and propose efficient representations for the underlying algebraic structures.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Paulo S. L. M. Barreto
    • 1
  • Ben Lynn
    • 2
  • Michael Scott
    • 3
  1. 1.Laboratório de Arquitetura e Redes de Computadores (LARC) Escola PolitécnicaUniversidade de São PauloBrazil
  2. 2.Computer Science DepartmentStanford UniversityUSA
  3. 3.School of Computer ApplicationsDublin City UniversityBallymunIreland

Personalised recommendations