Overview of elliptic curve cryptography

  • Kiyomichi Araki
  • Takakazu Satoh
  • Shinji Miura
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1431)

Abstract

In this article, we look at the elliptic curve cryptography, which is believed to be one of the most promising candidates for the next generation cryptographic tool. The following issues are addressed here;
  1. 1.

    Discrete Logarithm Problem in finite fields

     
  2. 2.

    Elliptic Curve Discrete Logs

     
  3. 3.

    Implementation of ECDLP Cryptographic Schemes

     
  4. 4.

    Attacks on EC Cryptosystems

     
  5. 5.

    Minimum Requirement for Secure EC Cryptosystems

     
  6. 6.

    Standardization and Commercialization of EC Cryptosystems

     
  7. 7.

    Construction of Elliptic Curves

     

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [Adl79]
    L. M. Adleman: A subexponential algorithm for the discrete logarithm problem with applications to cryptography, Proc. of FOCS, pp.56–60(1979)Google Scholar
  2. [ADH94]
    L. M. Adleman, J. DeMarrais, M.-D. Huang: A subexponential algorithm for discrete logarithms over the rational subgroup of the Jacobians of large genus hyper-elliptic curves over finite fields, in Algorithmic number theory (Ithaca, NY, 1994), Lecture Notes in Comput. Sci., 877(1994), 28–40, Springer: Berlin.Google Scholar
  3. [AM93]
    A.O.L. Atkin, F. Morain: Elliptic curves and primality proving, Math. Comp. 61(1993), 29–68.CrossRefMathSciNetMATHGoogle Scholar
  4. [Art24]
    E. Artin: Quadratische Körper im Gebiet der höheren Kongruenzen, Math. Z., 19(1924) 153–246.MATHCrossRefMathSciNetGoogle Scholar
  5. [BK96]
    R. Balasubramanian, N. Koblitz: The improbability that an elliptic curve has subexponential discrete log problem under the Menezes-Okamoto-Vanstone algorithm, preprint (1996), to appear in J. Cryptology.Google Scholar
  6. [Ber70]
    E. Berlekamp: Factoring polynomials over large finite fields, Math. Comp. 24(1970), 713–735.CrossRefMathSciNetGoogle Scholar
  7. [BS91]
    T. Beth, F. Schaefer: Non supersingular elliptic curves for public key cryptosystems, Proc. EUROCRYPT'91, Lect. Notes in Comput. Sci. vol.547(1991), 316–327.MathSciNetGoogle Scholar
  8. [Cas66]
    J.W.S. Cassels: Diophantine equations with special reference to elliptic curves, J. London Math. Soc, 41(1966) 193–291. Corrigenda: ibid, 42(1967) 183.MathSciNetGoogle Scholar
  9. [Cas91]
    J.W.S. Cassels: Lectures on elliptic curves, London Math. Soc. student texts vol.24(1991), Cambridge UP: Cambridge.Google Scholar
  10. [CM94]
    J.-M. Couveignes, F. Morain: Schoof's algorithm and isogeny cycles, in Algorithmic number theory (Ithaca, NY, 1994), Lecture Notes in Comput. Sci., 877(1994), 43–58, Springer: Berlin.Google Scholar
  11. [Coh93]
    H. Cohen: A course in computational algebraic number theory, GTM vol.138(1993) Springer: Berlin.Google Scholar
  12. [Cop84]
    D. Coppersmith: Fast evalution of logarithms in fields of characteristics two, IEEE Trans. Info. Theory, IT-30(1984), 587–594CrossRefMathSciNetGoogle Scholar
  13. [CZ81]
    D. Cantor, H. Zassenhaus: A new algorithm for factoring polynomials over finite fields, Math. Comp. 36(1981), 587–592.CrossRefMathSciNetMATHGoogle Scholar
  14. [Del74]
    P. Deligne: La conjecture de Weil, I. Publ. IHES, 43(1974) 273–307.MathSciNetGoogle Scholar
  15. [Del80]
    P. Deligne: La conjecture de Weil, II. Publ. IHES, 52(1980) 137–252.MATHMathSciNetGoogle Scholar
  16. [Deu41]
    M. Deuring: Die Typen der Multiplikatorenringe elliptischer Funktionenkörper, Abh. Math. Sem. Hamburg, 14(1941) 197–272MATHMathSciNetGoogle Scholar
  17. [DH76]
    D.E. Diffie and M. Hellman: New directions in cryptography, IEEE Trans. Info. Theory, IT-22(1976), 644–654CrossRefMathSciNetGoogle Scholar
  18. [Dwo60]
    B. Dwork: On the rationality of the zeta-function of an algebraic variety. Amer. J. Math., 82(1960) 631–648.MATHMathSciNetGoogle Scholar
  19. [ElG85]
    T. El Gamal: A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Trans. Info. Theory, IT-31(1985), 469–472Google Scholar
  20. [Fal83]
    G. Faltings: EndlichkeitssÄtze für Abelsche VarietÄten über Zahlkörpern, Invent. Math., 73(1983), 349–366.MATHCrossRefMathSciNetGoogle Scholar
  21. [FR94]
    G. Frey, H.-G. Rück: A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Math. Comp. 62(1994) 865–874.CrossRefMathSciNetMATHGoogle Scholar
  22. [Ful69]
    W. Fulton: Algebraic curves (1969), Benjamin: Menlo Park.MATHGoogle Scholar
  23. [Gor92]
    D. M. Gordon: Designing and detecting trapdoors for discrete log cryptosystems, Proc. of CRYPTO'92, LNCS 740(1992), pp. 66–75.Google Scholar
  24. [Gro77]
    A. Grothendieck: Cohomologie l-adique et fonctions L (SGA5), Lect. Notes in Math. vol. 589, Springer-Verlag: Berlin. (1977)Google Scholar
  25. [Har77]
    R. Hartshorne: Algebraic geometry, GTM vol.52(1977), Springer-Verlag: Berlin.Google Scholar
  26. [Has36]
    H. Hasse: Zur Theorie der abstrakten elliptischen Funktionenkörper, III, J. Reine Angew. Math., 175(1936), 193–208.MATHGoogle Scholar
  27. [Hon69]
    T. Honda: Isogeny classes of abelian varieties over finite fields, J. Math. Soc. Japan, 20(1968), 83–95.MATHMathSciNetCrossRefGoogle Scholar
  28. [IEEE98]
    IEEE P1363 Annex A/Editorial Contribution: Standard Specifications For Public Key Cryptography, available at http://grouper.ieee.org/groups/1363/Google Scholar
  29. [Iha67]
    Y. Ihara: Hecke polynomials as congruence ζ functions in elliptic modular case, Ann. Math. 85(1967), 267–295.MATHCrossRefMathSciNetGoogle Scholar
  30. [Iha92]
    Y. Ihara: On Fermat quotients and “the differential of numbers”, in: Algebraic analysis and number theory Koukyuuroku vol.810(1992), 324–341, RIMS, Kyoto Univ:Kyoto, (in Japanese).Google Scholar
  31. [Kat76]
    N. Katz: An overview of Deligne's proof of the Riemann hypothesis for varieties over finite fields, Proc. Symp. Pure Math. 28(1976) 275–305.MATHGoogle Scholar
  32. [Knu81]
    D.E. Knuth: The art of computer programming. Vol.2 Seminumerical algorithms, 2nd ed. Addison wesley:Reading, Mass., 1981.MATHGoogle Scholar
  33. [Kob87]
    N. Koblitz: Elliptic curve cryptosystems, Math. Comp. 48(1987) 203–209MATHCrossRefMathSciNetGoogle Scholar
  34. [Kob92]
    N. Koblitz: CM-curves with good cryptographic properties, in Advances in cryptology—CRYPTO '91 (Santa Barbara, CA, 1991), 279–287, Lecture Notes in Comput. Sci., vol.576(1992) Springer-Verlag:Berlin.Google Scholar
  35. [Kob95]
    N. Koblitz: A course in number theory and cryptography (Second edition). Graduate Texts in Mathematics, vol.114(1994). Springer-Verlag:Berlin.Google Scholar
  36. [Kob98]
    N. Koblitz: Algebraic aspects of cryptography. Algorithms and Compuation in Math. vol.3(1998)Google Scholar
  37. [Kor19]
    H. Kornblum: über die Primfunktionen in einer arithmetischen Progression. Math. Z., 5(1919) 100–111.MATHCrossRefMathSciNetGoogle Scholar
  38. [Kra22]
    M. Kraitchik: Théorie des nombres, vol.1 Gauthier-Villars: Paris, 1922Google Scholar
  39. [Lan87]
    S. Lang: Elliptic functions (2nd ed.), GTM vol.112(1987), Springer-Verlag:Berlin.Google Scholar
  40. [Ler05]
    A. M. Lerch: Zur Theorie des Fermatschen Quotienten \(\frac{{a^{p - 1} - 1}}{p} = q(a)\), Math. Ann., 60(1905), 471–490.MATHCrossRefMathSciNetGoogle Scholar
  41. [LG88]
    J.H. van Lint, G. van der Geer: Introduction to coding theory and algebraic geometry, DMV seminar vol.12(1988), BirkhÄuser: Basel.Google Scholar
  42. [LZ94]
    G.-J. Lay, H. G. Zimmer: Constructing elliptic curves with given group order over large finite fields, in Algorithmic number theory (Ithaca, NY, 1994), Lecture Notes in Comput. Sci., 877(1994), 250–263, Springer: Berlin.Google Scholar
  43. [Maz72]
    B. Mazur: Rational points of Abelian varieties with values in towers of number fields, Invent. Math., 18(1972), 183–266.MATHCrossRefMathSciNetGoogle Scholar
  44. [McC90]
    K. S. McCurley: The discrete logarithm problem, in Cryptology and computational number theory, (Boulder, CO, 1989), Proc. Sympos. Appl. Math. vol.42(1990), 49–74, AMS:Providence, R.I.Google Scholar
  45. [Men93]
    A. Menezes: Elliptic curve public key cryptosystems. Kluwer academic publ.:Boston, 1993MATHGoogle Scholar
  46. [Mil86]
    V. S. Miller: Use of elliptic curves in cryptography, in Advances in cryptology-CRYPTO '85 (Santa Barbara, Calif., 1985), Lecture Notes in Comput. Sci. vol. 218(1986), 417–426, Springer: Berlin.Google Scholar
  47. [Mor91]
    F. Morain: Building cyclic elliptic curves modulo large primes, in Advances in cryptology—EUROCRYPT '91 (Brighton, 1991), 328–336, Lecture Notes in Comput. Sci., vol. 547(1991), Springer: Berlin.Google Scholar
  48. [Mor95]
    F. Morain: Calcul du nombre de points sur une curbe elliptique dans un corps fini: aspects algorithmieques, J. Théorie des Nombres de Bordeaux, 7(1995), 255–282.MATHMathSciNetGoogle Scholar
  49. [MOV93]
    A.J. Menezes, T. Okamoto and S.A. Vanstone: Reducing elliptic curve logarithms to logarithms in a finite field, The 23rd Annual ACM Symposium on Theory of Computing, New Orleans, LA, May 1991, and also IEEE Trans. Info. Theory, IT-39(1993), 1639–1646.CrossRefMathSciNetGoogle Scholar
  50. [MV90]
    A. Menezes, S. Vanstone: The implementation of elliptic curve cryptosystems, Proc. of AUSCRYPT 90, Lect. Notes in Comput. Science, vol.453(1990), 2–13, Springer:Berlin.Google Scholar
  51. [MWZ98]
    A. Menezes, Y. Wu, R. Zucchertato: Hyperelliptic curves, appendix to Koblitz: Algebraic aspects of cryptography, Springer: Berlin.Google Scholar
  52. [NIST91]
    National Institute for Standards and Technology: Specifications for a digital signature standard. Federal information processing standard publication 186(1991).Google Scholar
  53. [NIST92]
    National Institute for Standards and Technology: The digital signature standard, Comm. of the ACM, 35(1992), No.7, pp. 36–40.Google Scholar
  54. [Odl85]
    A.M. Odlyzko: Discrete logarithm and their cryptographic significance, in Advances in cryptology — EUROCRYPT '84, Lect. Notes in Comput. Sci. vol.209(1985), pp. 224–314MATHMathSciNetCrossRefGoogle Scholar
  55. [Odl94]
    A.M. Odlyzko: Discrete logarithms and smooth polynomials, in Finite fields: Theory, applications, and algorithms, Contemp. Math. vol.168(1994), 269–278.MATHMathSciNetGoogle Scholar
  56. [OU98a]
    T. Okamoto, S. Uchiyama: A new public-key cryptosystem as secure as factoring, to appear in EUROCRYPT'98.Google Scholar
  57. [OU98b]
    T. Okamoto, S. Uchiyama: Security of an identity-based cryptosystem and the related reductions, to appear in EUROCRYPT'98.Google Scholar
  58. [PH78]
    S.C. Pohlig and M.E. Hellman: An improved algorithm for computing logarithm over GF(p) and its cryptographic significance, IEEE Trans. Info. Theory, IT-24(1978), 106–110.CrossRefMathSciNetGoogle Scholar
  59. [Pol78]
    J. Pollard: Monte Carlo methods for index compuation ((mod p)), Math. Comp., 32(1978), 918–924.MATHCrossRefMathSciNetGoogle Scholar
  60. [Rüc97]
    H. G. Rück: On the Discrete Logarithm in the Divisor Class Group of Curves, preprint, (1997).Google Scholar
  61. [SA97]
    T. Satoh, K. Araki: Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves, (1997), preprint, to appear in Commentarii Math. Univ. St. Pauli. [Japanese exposition in: Proc. of algebraic number theory and its related topics, Koukyuuroku vol.1026(1998),.pp. 139–150, RIMS Kyoto Univ.:Kyoto.]Google Scholar
  62. [Schf85]
    R. Schoof: curves over finite fields and the computation of square roots (mod p), Math. Comp., 44(1985), 483–494.MATHCrossRefMathSciNetGoogle Scholar
  63. [Schf87]
    R. Schoof: Nonsingular plane cubic curves over finite fields, J. Comb. Theory, A46(1987), 183–211.CrossRefMathSciNetGoogle Scholar
  64. [Schn91]
    C. P. Schnorr: Efficient signature generation by smart cards, J. Cryptology, 4(1991), 161–174.MATHCrossRefMathSciNetGoogle Scholar
  65. [Sem96]
    I. A. Semaev: On computing logarithms on elliptic curves. (Russian) Diskret. Mat. 8(1996) 65–71. English translation in Discrete Math. Appl. 6(1996), 69–76.MATHMathSciNetGoogle Scholar
  66. [Sem98]
    I. A. Semaev: Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curves in characteristic p, Math. Comp., 67(1998), 353–356.MATHCrossRefMathSciNetGoogle Scholar
  67. [Ser58]
    J.-P. Serre: Sur la topologie des variétés algébriques en caractéristique p. Symposium internacional de topología algbraica, 1958, 24–53, Universidad National Autönoma de Mexico and UNESCO: Mexico CityGoogle Scholar
  68. [Ser73]
    J.-P. Serre: A course in arithmetic, GTM vol.7(1973), Springer: Berlin.Google Scholar
  69. [Sha71]
    D. Shanks: Class number, a theory of factorization, and genera, in 1969 Number Theory Institute, Proc. Symp. Pure. Math. vol.20(1971), 415–440 AMS:Providence, R.I.Google Scholar
  70. [Sil86]
    J. H. Silverman: The arithmetic of elliptic curves, GTM vol.l06(1986), Springer-Verlag:Berlin. (2nd printing: 1992)Google Scholar
  71. [Sil94]
    J. H. Silverman: The advanced arithmetic of elliptic curves, GTM vol.151(1994), Springer-Verlag:Berlin.Google Scholar
  72. [Sma97]
    N. P. Smart: The discrete logarithm problem on elliptic curves of trace one, (1997), preprint, to appear in J. Cryptology.Google Scholar
  73. [Tho77]
    A. D. Thomas: Zeta-functions: an introduction to algebraic geometry. Research notes in Math. Vol. 12(1977), Pitman: London.Google Scholar
  74. [Wat69]
    W.C. Waterhouse: Abelian varieties over finite fields, Ann. sci. éc. Norm. Sup., 4ℴsérie, 2(1969), 521–586.MATHMathSciNetGoogle Scholar
  75. [Wei48]
    A. Weil: (a) Sur les courbes algébriques et les variétés qui s'en déduisent, (b) Variétés abéliennes et courbes algébriques, Actualités Sci. Ind., Hermann:Paris 1948. [The collected second edition of (a) and (b): Courbes algébriques et variétés abéliennes, ibid, 1971.]Google Scholar
  76. [Wei49]
    A. Weil: Numbers of solutions of equations in finite fields, Bull. Amer. Math. Soc. 55(1949), 497–508.MATHMathSciNetCrossRefGoogle Scholar

Copyright information

© Springer-Verlag 1998

Authors and Affiliations

  • Kiyomichi Araki
    • 1
  • Takakazu Satoh
    • 2
  • Shinji Miura
    • 3
  1. 1.Dept. Computer Eng.Tokyo Institute of TechnologyTokyoJapan
  2. 2.Dept. MathematicsSaitama UniversitySaitamaJapan
  3. 3.Media Processing Labs.Sony CorporationTokyoJapan

Personalised recommendations