# Generating Elliptic Curves of Prime Order

## Abstract

A variation of the Complex Multiplication (CM) method for generating elliptic curves of known order over finite fields is proposed. We give heuristics and timing statistics in the mildly restricted setting of prime curve order. These may be seen to corroborate earlier work of Koblitz in the class number one setting. Our heuristics are based upon a recent conjecture by R. Gross and J. Smith on numbers of twin primes in algebraic number fields.

Our variation precalculates class polynomials as a separate off-line process. Unlike the standard approach, which begins with a prime *p* and searches for an appropriate discriminant *D*, we choose a discriminant and then search for appropriate primes. Our on-line process is quick and can be compactly coded.

In practice, elliptic curves with near prime order are used. Thus, our timing estimates and data can be regarded as upper estimates for practical purposes.

### References

- 1.A. O. L. Atkin and F. Morain. Elliptic curves and primality proving.
*Mathematics of Computation*, 61(203):29–68, July 1993.Google Scholar - 2.H. Cohen.
*A Course in Computational Algebraic Number Theory*. Springer, Berlin, Germany, 1997.Google Scholar - 3.H. Cohn.
*Advanced Number Theory*. Dover Publications, New York, NY, 1980.MATHGoogle Scholar - 4.D. A. Cox.
*Primes of the Form*x^{2}*+*ny^{2}:*Fermat, Class Field Theory and Complex Multiplication*. John Wiley & Sons, New York, NY, 1989.Google Scholar - 5.R. Gross and J. H. Smith. A generalization of a conjecture of hardy and littlewood to algebraic number fields.
*Rocky Mountain J. Math*, 30(1):195–215, 2000.MathSciNetMATHCrossRefGoogle Scholar - 6.G. H. Hardy and J. E. Littlewood. Some problems of’ partitio numerorum’ iii: On the expression of a number as a sum of primes.
*Acta. MAth*, 44:1–70, 1922.MathSciNetCrossRefGoogle Scholar - 7.IEEE. P1363: Standard specifications for public-key cryptography. Draft Version 13, November 12, 1999.Google Scholar
- 8.N. Koblitz. Primality of the number of points on an elliptic curve over a finite field.
*Pacific J. Math.*, 131(1):157–165, 1988.MathSciNetMATHGoogle Scholar - 9.N. Koblitz, A. Menezes, and S. Vanstone. The state of elliptic curve cryptography, towards a quarter-century of public key cryptography.
*Designs, Codes and Cryptography*, 19(2–3):173–193, 2000.MathSciNetMATHCrossRefGoogle Scholar - 10.G.-H. Lay and H. G. Zimmer. Constructing elliptic curves with given group order over large finite fields.
*Algorithmic number theory (Ithaca, NY, 1994)*, pages 157–165, 1994.Google Scholar - 11.A. K. Lenstra. Efficient identity based parameter selection for elliptic curve cryp-tosystems.
*Information Security and Privacy—ACISP’ 99 (Wollongong)*, pages 294–302, 1999.Google Scholar - 12.H. W. Lenstra Jr. Factoring integers with elliptic curves.
*Annals of Mathematics*, 126(3):649–673, 1987.MathSciNetCrossRefGoogle Scholar - 13.A. Miyaji. Elliptic curves over
*F*_{p}suitable for cryptosystems. In J. Seberry and Y. Zheng, editors,*Advances in Cryptology-AUSCRYPT 92*, Lecture Notes in Computer Science, No. 718, pages 492–504. Springer, Berlin, Germany, 1992.Google Scholar - 14.T. Satoh and K. Araki. Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves.
*Commentarii Math. Univ. St. Pauli*, 47:81–92, 1998.MathSciNetMATHGoogle Scholar - 15.M. Scott. A C++ implementation of the complex cultiplication (CM) elliptic curve generation algorithm from Annex A. http://grouper.ieee.org/groups/1363/P1363/implementations.html March 14, 2000.
- 16.I. A. Semaev. Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic
*p. Mathematics of Computation*, 67(221):353–356, January 1998.Google Scholar - 17.V. Shoup. NTL: A Library for doing Number Theory (version 5.0c). http://shoup.net/ntl/, 2001.
- 18.J. H. Silverman.
*The Arithmetic of Elliptic Curves*. Springer, Berlin, Germany, 1986.MATHGoogle Scholar - 19.N.P. Smart. The discrete logarithm problem on elliptic curves of trace one.
*Journal of Cryptography*, 12:193–196, 1999.MathSciNetMATHGoogle Scholar