Characterization of Elliptic Curve Traces Under FR-Reduction

  • Atsuko Miyaji
  • Masaki Nakabayashi
  • Shunzo Takano
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2015)


Elliptic curve cryptosystems([19],[25]) are based on the elliptic curve discrete logarithm problem(ECDLP). If elliptic curve cryptosystems avoid FR-reduction([11],[17]) and anomalous elliptic curve over Fq ([34],[3],[36]), then with current knowledge we can construct elliptic curve cryptosystems over a smaller definition field. ECDLP has an interesting property that the security deeply depends on elliptic curve traces rather than definition fields, which does not occur in the case of the discrete logarithm problem(DLP). Therefore it is important to characterize elliptic curve traces explicitly from the security point of view. As for FR-reduction, supersingular elliptic curves or elliptic curve E=Fq with trace 2 have been reported to be vulnerable. However unfortunately these have been only results that characterize elliptic curve traces explicitly for FR- or MOV-reductions. More importantly, the secure trace against FR- reduction has not been reported at all. Elliptic curves with the secure trace means that the reduced extension degree is always higher than a certain level.

In this paper, we aim at characterizing elliptic curve traces by FR- reduction and investigate explicit conditions of traces vulnerable or secure against FR-reduction. We show new explicit conditions of elliptic curve traces for FR-reduction. We also present algorithms to construct such elliptic curves, which have relation to famous number theory problems.


elliptic curve cryptosystems trace FR-reduction number theory 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    R. Anderson and R. Needham, “Robustness principles for public key protocols ”,Advances in Cryptology-Proceedings of CRYPTO’95, Lecture Notes in Computer Science, 963(1995), Springer-Verlag, 236–247.Google Scholar
  2. 2.
    A. O. L. Atkin and F. Morain, “Elliptic curves and primality proving”, Math. Of Computation, 61(1993), 29–68.zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    K. Araki and T. Satoh “Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves”,Commentarii Math. Univ. St. Pauli., vol. 47 (1998), 81–92.zbMATHMathSciNetGoogle Scholar
  4. 4.
    R. Balasubramanian and N. Koblitz, “The Improbability That an Elliptic Curve Has Subexponential Discrete Log Problem under the Menezes-Okamoto-Vanstone Algorithm”, J. Cryptology, 11 (1998), 141–145.zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    J. Chao, O. Nakamura, K. Sobataka, and S. Tsujii, “ Construction of secure elliptic curves with CM tests and lifting”, Advances in Cryptology-Proceedings of ASIACRYPT’ 98, Lecture Notes in Computer Science, 1514(1998), Springer-Verlag, 95–109.CrossRefGoogle Scholar
  6. 6.
    J. Chao, M. Hosoya, K. Sobataka, and S. Tsujii, “ Construction of Elliptic Cryptosystems Using Ordinary Lifting”, Proceeding of the 1999 Symposium on Cryptography and Information Security, 163–166.Google Scholar
  7. 7.
    J. M. Couveignes and F. Morain, “Schoof’s algorithm and isogeny cycles”, Proceedings of the ANTS-I, Lecture Notes in Compute Science, 877(1994), Springer-Verlag, 43–58.MathSciNetGoogle Scholar
  8. 8.
    T. Denny, O. Schirokauer and D. Weber, “Discrete logarithms: the effectiveness of the index calculus method”, Proceedings of ANTSII, Lecture Notes in Computer Science, 1122(1996), Springer-Verlag, 337–361.Google Scholar
  9. 9.
    M. Deuring, “Die typen der multiplikatorenringe elliptischer funktionenkörper”, Abh. Math. Sem. Hamburg, 14(1941), 197–272.MathSciNetCrossRefGoogle Scholar
  10. 10.
    N. D. Elkies, “Explicit isogenies”, Preprint, 1991Google Scholar
  11. 11.
    G. Frey and H. G. Rück, “A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves”, Mathematics of computation, 62(1994), 865–874.zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    “Proposed federal information processing standard for digital signature standard (DSS) ”, Federal Register, 56 No. 169, 30 Aug 1991, 42980–42982.Google Scholar
  13. 13.
    T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithms”, IEEE Trans. Inform. Theory, IT-31 (1985), 469–472.Google Scholar
  14. 14.
    D. M. Gordon, “Discrete logarithms in GF(p) using the number field sieve”,SIAM J. on Discrete Math., 6(1993), 124–138.zbMATHCrossRefGoogle Scholar
  15. 15.
    R. Harasawa, H. Imai, J. Shikata, J. Suzuki, “Comparing the MOV and FR Reductions in Elliptic Curve Cryptography”, Advances in Cryptology-Proceedings of EUROCRYPT’,99, Lecture notes in Computer Science, 1592(1999), 190–205.Google Scholar
  16. 16.
    K. Ireland and M. Rosen, A classical introduction to modern number theory, GTM 84, Springer-Verlag, New-York, 1982.Google Scholar
  17. 17.
    IEEE P1363 Working Draft, June 16, 1998.Google Scholar
  18. 18.
    N. Kanayama, T. Kobayashi, T. Saito, and S. Uchiyama “Remarks on elliptic curve discrete logarithm problems”,IEICE Trans., Fundamentals. vol. E83-A, No.1(2000), 17–23.Google Scholar
  19. 19.
    N. Koblitz, “Elliptic curve cryptosystems”, Mathematics of Computation, 48 (1987), 203–209.zbMATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    N. Koblitz, “An elliptic curve implementation of the finite field digital signature algotirhm”, Advances in Cryptology-Proceedings of CRYPTO’,98, Lecture Notes in Computer Science, 1462(1998), Springer-Verlag, 327–337.CrossRefGoogle Scholar
  21. 21.
    M. Kasahara, K. Ohgishi, and R. Sakai “Notes on ID-based key sharing systems on elliptic curve”, IEICE Japan Tech. Rep., ISEC99-57(1999-11), 37–42.Google Scholar
  22. 22.
    M. Kasahara, K. Ohgishi, and R. Sakai “Cryptosystems based on pairing”, The 2000 Symposium on Cryptography and Information Security, SCIS2000-C20, Jan. 2000.Google Scholar
  23. 23.
    S. Lang, Elliptic Functions, GTM112, Springer-Verlag, New York, 1987.Google Scholar
  24. 24.
    A. Menezes, T. Okamoto and S. Vanstone, “Reducing elliptic curve logarithms to logarithms in a finite field”, Proceedings of the 22nd Annual ACM Symposium on the Theory of Computing (1991), 80–89.Google Scholar
  25. 25.
    V. S. Miller, “Use of elliptic curves in cryptography”, Advances in Cryptology-Proceedings of Crypto’,85, Lecture Notes in Computer Science, 218 (1986), Springer-Verlag, 417–426.CrossRefGoogle Scholar
  26. 26.
    S. C. Pohlig and M. E. Hellman, “An improved algorithm for computing logarithms over GF(p) and its cryptographic significance”, IEEE Trans. Inf. Theory, IT-24 (1978), 106–110.CrossRefMathSciNetGoogle Scholar
  27. 27.
    J. Pollard, “Monte Carlo methods for index computation (mod p)”, Mathematics of Computation, 32 (1978), 918–924.zbMATHCrossRefMathSciNetGoogle Scholar
  28. 28.
    R. Rivest, A. Shamir and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems”, Communications of the ACM, 21 No. 2 (1978), 120–126.zbMATHCrossRefMathSciNetGoogle Scholar
  29. 29.
    T. Saitoh and S. Uchiyama, “A Note on the Discrete Logarithm Problem on Elliptic Curves of Trace Two”, Technical Report of IEICE, ISEC98-27(1998), 51–57.Google Scholar
  30. 30.
    R. Schoof, “Elliptic Curves Over Finite Fields and the Computation of Square Roots mod p”, Mathematics of computation, 44 (1985), 483–494.Google Scholar
  31. 31.
    R. Schoof, “Nonsingular plane cubic curves over finite fields”, Jornal of Combination Theory, vol. A. 46 (1987), 183–211.zbMATHCrossRefMathSciNetGoogle Scholar
  32. 32.
    R. Schoof, “Counting points on elliptic curve over finite fields”, Journal de Thé,orie des Nombres de Bordeux, 7 (1995), 219–254.zbMATHMathSciNetGoogle Scholar
  33. 33.
    Standards for Efficient Cryptography Group.
  34. 34.
    I. A. Semaev “Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p”, Mathematics of computation, 67 (1998), 353–356.zbMATHCrossRefMathSciNetGoogle Scholar
  35. 35.
    J. H. Silverman, The Arithmetic of Elliptic Curves, GTM 106, Springer-Verlag, New York, 1986.Google Scholar
  36. 36.
    N. P. Smart “The discrete logarithm problem on elliptic curves of trace one”,, J. Cryptology, 12 (1999), 193–196.zbMATHCrossRefMathSciNetGoogle Scholar
  37. 37.
    T. Takagi, Syotou seisuuronn kougi, Kyouritu Syuppan, 1971, (in Japanese).Google Scholar
  38. 38.
    Torbjorn Granlund, THE GNU MP LIBRARY, version 3.1, August 2000.

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Atsuko Miyaji
    • 1
  • Masaki Nakabayashi
    • 1
  • Shunzo Takano
    • 1
  1. 1.Japan Advanced Institute of Science and TechnologyJapan

Personalised recommendations