Constructing Elliptic Curves with Prescribed Embedding Degrees
Pairing-based cryptosystems depend on the existence of groups where the Decision Diffie-Hellman problem is easy to solve, but the Computational Diffie-Hellman problem is hard. Such is the case of elliptic curve groups whose embedding degree is large enough to maintain a good security level, but small enough for arithmetic operations to be feasible. However, the embedding degree for most elliptic curves is enormous, and the few previously known suitable elliptic curves have embedding degree k ≤ 6. In this paper, we examine criteria for curves with larger k that generalize prior work by Miyaji et al. based on the properties of cyclotomic polynomials, and propose efficient representations for the underlying algebraic structures.
Unable to display preview. Download preview PDF.
- 1.A. Agashe, K. Lauter, R. Venkatesan, “Constructing elliptic curves with a given number of points over a finite field,” Cryptology ePrint Archive, Report 2001/096, http://eprint.iacr.org/2001/096/.
- 3.P. S. L. M. Barreto, H. Y. Kim, B. Lynn, M. Scott, “Efficient Algorithms for Pairing-Based Cryptosystems,” Cryptology ePrint Archive, Report 2002/008, http://eprint.iacr.org/2002/008/.
- 4.I. Blake, G. Seroussi and N. Smart, “Elliptic Curves in Cryptography,” Cambridge University Press, 1999.Google Scholar
- 5.D. Boneh and M. Franklin, “Identity-based encryption from the Weil pairing,” Advances in Cryptology-Crypto’2001, Lecture Notes in Computer Science 2139, pp. 213–229, Springer-Verlag, 2001.Google Scholar
- 6.D. Boneh, B. Lynn, and H. Shacham, “Short signatures from the Weil pairing,” Asiacrypt’2001, Lecture Notes in Computer Science 2248, pp. 514–532, Springer-Verlag, 2002.Google Scholar
- 7.R. Crandall and C. Pomerance, “Prime Numbers: a Computational Perspective,” Springer-Verlag, 2001.Google Scholar
- 8.R. Dupont, A. Enge, F. Morain “Building curves with arbitrary small MOV degree over finite prime fields,” Cryptology ePrint Archive, Report 2002/094, available at http://eprint.iacr.org/2002/094.
- 11.S. D.T Galbraith, K. Harrison, D. Solera, ldImplementing the Tate pairing,“ Algorithmic Number Theory-ANTS” V, 2002, to appear.Google Scholar
- 12.F. Hess, “Exponent Group Signature Schemes and Efficient Identity Based Signature Schemes Based on Pairings,” Cryptology ePrint Archive, Report 2002/012, available at http://eprint.iacr.org/2002/012/.
- 13.IEEE Std 2000-1363, “Standard Specifications for Public Key Cryptography,” 2000.Google Scholar
- 15.A. Joux and K. Nguyen, “Separating Decision Diffie-Hellman from Diffie-Hellman in Cryptographic Groups,” Cryptology ePrint Archive, Report 2001/003, http://eprint.iacr.org/2001/003/.
- 16.G. J. Lay, H. G. Zimmer, “Constructing Elliptic Curves with Given Group Order over Large Finite Fields,” Algorithmic Number Theory Symposium-ANTS I, Lecture Notes in Computer Science 877 (1994), pp. 250–263.Google Scholar
- 17.R. Lidl and H. Niederreiter, “Introduction to finite fields and their applications,” Cambridge University Press, 1986.Google Scholar
- 19.A. Miyaji, M. Nakabayashi, and S. Takano, “New explicit conditions of elliptic curve traces for FR-reduction,” IEICE Trans. Fundamentals, Vol. E84 A, no. 5, May 2001.Google Scholar
- 20.F. Morain, “Building cyclic elliptic curves modulo large primes,” Advances in Cryptology-Eurocrypt’91, Lecture Notes in Computer Science 547 (1991), pp. 328–336.Google Scholar
- 21.T. Nagell, “Introduction to Number Theory,” 2nd reprint edition, Chelsea Publishing, 2001.Google Scholar
- 22.K. G. Paterson, “ID-based signatures from pairings on elliptic curves,” Cryptology ePrint Archive, Report 2002/004, available at http://eprint.iacr.org/2002/004/.
- 23.R. Sakai, K. Ohgishi and M. Kasahara, “Cryptosystems based on pairing,” 2000 Symposium on Cryptography and Information Security (SCIS2000), Okinawa, Japan, Jan. 26–28, 2000.Google Scholar
- 24.O. Schirokauer, D. Weber and T. Denny, “Discrete Logarithms: the Effectiveness of the Index Calculus Method,” ANTS, pp. 337–361, 1996.Google Scholar
- 25.J. H. Silverman, “Elliptic curve discrete logarithms and the index calculus,” Workshop on Elliptic Curve Cryptography (ECC’98), September 14–16, 1998.Google Scholar
- 26.N. P. Smart, “The Algorithmic Resolution of Diophantine Equations,” London Mathematical Society Student Text 41, Cambridge University Press, 1998.Google Scholar
- 27.N. Smart, “An Identity Based Authenticated Key Agreement Protocol Based on the Weil Pairing,” Cryptology ePrint Archive, Report 2001/111, available at http://eprint.iacr.org/2001/111/.