Advertisement

Injective Encodings to Elliptic Curves

  • Pierre-Alain Fouque
  • Antoine Joux
  • Mehdi Tibouchi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7959)

Abstract

For a number of elliptic curve-based cryptographic protocols, it is useful and sometimes necessary to be able to encode a message (a bit string) as a point on an elliptic curve in such a way that the message can be efficiently and uniquely recovered from the point. This is for example the case if one wants to instantiate CPA-secure ElGamal encryption directly in the group of points of an elliptic curve. More practically relevant settings include Lindell’s UC commitment scheme (EUROCRYPT 2011) or structure-preserving primitives.

It turns out that constructing such an encoding function is not easy in general, especially if one wishes to encode points whose length is large relative to the size of the curve. There is a probabilistic, “folklore” method for doing so, but it only provably works for messages of length less than half the size of the curve.

In this paper, we investigate several approaches to injective encoding to elliptic curves, and in particular, we propose a new, essentially optimal geometric construction for a large class of curves, including Edwards curves; the resulting algorithm is also quite efficient, requiring only one exponentiation in the base field and simple arithmetic operations (however, the curves for which the map can be constructed have a point of order two, which may be a limiting factor for possible applications). The new approach is based on the existence of a covering curve of genus 2 for which a bijective encoding is known.

Keywords

Elliptic Curve Cryptography Injective Encoding Algebraic Curves 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abe, M., Fuchsbauer, G., Groth, J., Haralambiev, K., Ohkubo, M.: Structure-preserving signatures and commitments to group elements. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 209–236. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  2. 2.
    Bernstein, D.J., Lange, T.: Faster addition and doubling on elliptic curves. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 29–50. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Bombieri, E.: On exponential sums in finite fields. In: Les Tendances Géom. en Algèbre et Théorie des Nombres, pp. 37–41. Éditions du CNRS (1966)Google Scholar
  4. 4.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Cassels, J., Flynn, E.: Prolegomena to a middlebrow arithmetic of curves of genus 2. London Mathematical Society Lecture Note Series, vol. 230. Cambridge University Press (1996)Google Scholar
  6. 6.
    Drmota, M., Tichy, R.F.: Sequences, discrepancies and applications. Springer (1997)Google Scholar
  7. 7.
    El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31(4), 469–472 (1985)zbMATHCrossRefGoogle Scholar
  8. 8.
    Farashahi, R.R.: Hashing into Hessian curves. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 278–289. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  9. 9.
    Farashahi, R.R., Fouque, P.-A., Shparlinski, I.E., Tibouchi, M., Voloch, J.F.: Indifferentiable deterministic hashing to elliptic and hyperelliptic curves. Math. Comp. 82, 491–512 (2013)MathSciNetzbMATHCrossRefGoogle Scholar
  10. 10.
    Fouque, P.-A., Tibouchi, M.: Deterministic encoding and hashing to odd hyperelliptic curves. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 265–277. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Icart, T.: How to hash into elliptic curves. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 303–316. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Joux, A., Vitse, V.: Cover and decomposition index calculus on elliptic curves made practical. Application to a previously unreachable curve over \(\mathbb{F}_{p^6}\). In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 9–26. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  13. 13.
    Joye, M., Tibouchi, M., Vergnaud, D.: Huff’s model for elliptic curves. In: Hanrot, G., Morain, F., Thomé, E. (eds.) ANTS-IX. LNCS, vol. 6197, pp. 234–250. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Lindell, Y.: Highly-efficient universally-composable commitments based on the DDH assumption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 446–466. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  15. 15.
    Maurer, U.M.: Abstract models of computation in cryptography. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 1–12. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    Paulhus, J.: Decomposing Jacobians of curves with extra automorphisms. Acta Arith. 132(3), 231–244 (2008)MathSciNetzbMATHCrossRefGoogle Scholar
  17. 17.
    Shallue, A., van de Woestijne, C.E.: Construction of rational points on elliptic curves over finite fields. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 510–524. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Pierre-Alain Fouque
    • 1
  • Antoine Joux
    • 2
  • Mehdi Tibouchi
    • 3
  1. 1.University of RennesFrance
  2. 2.CryptoExperts and Université de Versailles–Saint-QuentinFrance
  3. 3.NTT Secure Platform LaboratoriesJapan

Personalised recommendations