Overview of elliptic curve cryptography

  • Kiyomichi Araki
  • Takakazu Satoh
  • Shinji Miura
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1431)


In this article, we look at the elliptic curve cryptography, which is believed to be one of the most promising candidates for the next generation cryptographic tool. The following issues are addressed here;
  1. 1.

    Discrete Logarithm Problem in finite fields

  2. 2.

    Elliptic Curve Discrete Logs

  3. 3.

    Implementation of ECDLP Cryptographic Schemes

  4. 4.

    Attacks on EC Cryptosystems

  5. 5.

    Minimum Requirement for Secure EC Cryptosystems

  6. 6.

    Standardization and Commercialization of EC Cryptosystems

  7. 7.

    Construction of Elliptic Curves



Elliptic Curve Finite Field Elliptic Curf Abelian Variety Discrete Logarithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [Adl79]
    L. M. Adleman: A subexponential algorithm for the discrete logarithm problem with applications to cryptography, Proc. of FOCS, pp.56–60(1979)Google Scholar
  2. [ADH94]
    L. M. Adleman, J. DeMarrais, M.-D. Huang: A subexponential algorithm for discrete logarithms over the rational subgroup of the Jacobians of large genus hyper-elliptic curves over finite fields, in Algorithmic number theory (Ithaca, NY, 1994), Lecture Notes in Comput. Sci., 877(1994), 28–40, Springer: Berlin.Google Scholar
  3. [AM93]
    A.O.L. Atkin, F. Morain: Elliptic curves and primality proving, Math. Comp. 61(1993), 29–68.CrossRefMathSciNetzbMATHGoogle Scholar
  4. [Art24]
    E. Artin: Quadratische Körper im Gebiet der höheren Kongruenzen, Math. Z., 19(1924) 153–246.zbMATHCrossRefMathSciNetGoogle Scholar
  5. [BK96]
    R. Balasubramanian, N. Koblitz: The improbability that an elliptic curve has subexponential discrete log problem under the Menezes-Okamoto-Vanstone algorithm, preprint (1996), to appear in J. Cryptology.Google Scholar
  6. [Ber70]
    E. Berlekamp: Factoring polynomials over large finite fields, Math. Comp. 24(1970), 713–735.CrossRefMathSciNetGoogle Scholar
  7. [BS91]
    T. Beth, F. Schaefer: Non supersingular elliptic curves for public key cryptosystems, Proc. EUROCRYPT'91, Lect. Notes in Comput. Sci. vol.547(1991), 316–327.MathSciNetGoogle Scholar
  8. [Cas66]
    J.W.S. Cassels: Diophantine equations with special reference to elliptic curves, J. London Math. Soc, 41(1966) 193–291. Corrigenda: ibid, 42(1967) 183.MathSciNetGoogle Scholar
  9. [Cas91]
    J.W.S. Cassels: Lectures on elliptic curves, London Math. Soc. student texts vol.24(1991), Cambridge UP: Cambridge.Google Scholar
  10. [CM94]
    J.-M. Couveignes, F. Morain: Schoof's algorithm and isogeny cycles, in Algorithmic number theory (Ithaca, NY, 1994), Lecture Notes in Comput. Sci., 877(1994), 43–58, Springer: Berlin.Google Scholar
  11. [Coh93]
    H. Cohen: A course in computational algebraic number theory, GTM vol.138(1993) Springer: Berlin.Google Scholar
  12. [Cop84]
    D. Coppersmith: Fast evalution of logarithms in fields of characteristics two, IEEE Trans. Info. Theory, IT-30(1984), 587–594CrossRefMathSciNetGoogle Scholar
  13. [CZ81]
    D. Cantor, H. Zassenhaus: A new algorithm for factoring polynomials over finite fields, Math. Comp. 36(1981), 587–592.CrossRefMathSciNetzbMATHGoogle Scholar
  14. [Del74]
    P. Deligne: La conjecture de Weil, I. Publ. IHES, 43(1974) 273–307.MathSciNetGoogle Scholar
  15. [Del80]
    P. Deligne: La conjecture de Weil, II. Publ. IHES, 52(1980) 137–252.zbMATHMathSciNetGoogle Scholar
  16. [Deu41]
    M. Deuring: Die Typen der Multiplikatorenringe elliptischer Funktionenkörper, Abh. Math. Sem. Hamburg, 14(1941) 197–272zbMATHMathSciNetGoogle Scholar
  17. [DH76]
    D.E. Diffie and M. Hellman: New directions in cryptography, IEEE Trans. Info. Theory, IT-22(1976), 644–654CrossRefMathSciNetGoogle Scholar
  18. [Dwo60]
    B. Dwork: On the rationality of the zeta-function of an algebraic variety. Amer. J. Math., 82(1960) 631–648.zbMATHMathSciNetGoogle Scholar
  19. [ElG85]
    T. El Gamal: A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Trans. Info. Theory, IT-31(1985), 469–472Google Scholar
  20. [Fal83]
    G. Faltings: EndlichkeitssÄtze für Abelsche VarietÄten über Zahlkörpern, Invent. Math., 73(1983), 349–366.zbMATHCrossRefMathSciNetGoogle Scholar
  21. [FR94]
    G. Frey, H.-G. Rück: A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Math. Comp. 62(1994) 865–874.CrossRefMathSciNetzbMATHGoogle Scholar
  22. [Ful69]
    W. Fulton: Algebraic curves (1969), Benjamin: Menlo Park.zbMATHGoogle Scholar
  23. [Gor92]
    D. M. Gordon: Designing and detecting trapdoors for discrete log cryptosystems, Proc. of CRYPTO'92, LNCS 740(1992), pp. 66–75.Google Scholar
  24. [Gro77]
    A. Grothendieck: Cohomologie l-adique et fonctions L (SGA5), Lect. Notes in Math. vol. 589, Springer-Verlag: Berlin. (1977)Google Scholar
  25. [Har77]
    R. Hartshorne: Algebraic geometry, GTM vol.52(1977), Springer-Verlag: Berlin.Google Scholar
  26. [Has36]
    H. Hasse: Zur Theorie der abstrakten elliptischen Funktionenkörper, III, J. Reine Angew. Math., 175(1936), 193–208.zbMATHGoogle Scholar
  27. [Hon69]
    T. Honda: Isogeny classes of abelian varieties over finite fields, J. Math. Soc. Japan, 20(1968), 83–95.zbMATHMathSciNetCrossRefGoogle Scholar
  28. [IEEE98]
    IEEE P1363 Annex A/Editorial Contribution: Standard Specifications For Public Key Cryptography, available at Scholar
  29. [Iha67]
    Y. Ihara: Hecke polynomials as congruence ζ functions in elliptic modular case, Ann. Math. 85(1967), 267–295.zbMATHCrossRefMathSciNetGoogle Scholar
  30. [Iha92]
    Y. Ihara: On Fermat quotients and “the differential of numbers”, in: Algebraic analysis and number theory Koukyuuroku vol.810(1992), 324–341, RIMS, Kyoto Univ:Kyoto, (in Japanese).Google Scholar
  31. [Kat76]
    N. Katz: An overview of Deligne's proof of the Riemann hypothesis for varieties over finite fields, Proc. Symp. Pure Math. 28(1976) 275–305.zbMATHGoogle Scholar
  32. [Knu81]
    D.E. Knuth: The art of computer programming. Vol.2 Seminumerical algorithms, 2nd ed. Addison wesley:Reading, Mass., 1981.zbMATHGoogle Scholar
  33. [Kob87]
    N. Koblitz: Elliptic curve cryptosystems, Math. Comp. 48(1987) 203–209zbMATHCrossRefMathSciNetGoogle Scholar
  34. [Kob92]
    N. Koblitz: CM-curves with good cryptographic properties, in Advances in cryptology—CRYPTO '91 (Santa Barbara, CA, 1991), 279–287, Lecture Notes in Comput. Sci., vol.576(1992) Springer-Verlag:Berlin.Google Scholar
  35. [Kob95]
    N. Koblitz: A course in number theory and cryptography (Second edition). Graduate Texts in Mathematics, vol.114(1994). Springer-Verlag:Berlin.Google Scholar
  36. [Kob98]
    N. Koblitz: Algebraic aspects of cryptography. Algorithms and Compuation in Math. vol.3(1998)Google Scholar
  37. [Kor19]
    H. Kornblum: über die Primfunktionen in einer arithmetischen Progression. Math. Z., 5(1919) 100–111.zbMATHCrossRefMathSciNetGoogle Scholar
  38. [Kra22]
    M. Kraitchik: Théorie des nombres, vol.1 Gauthier-Villars: Paris, 1922Google Scholar
  39. [Lan87]
    S. Lang: Elliptic functions (2nd ed.), GTM vol.112(1987), Springer-Verlag:Berlin.Google Scholar
  40. [Ler05]
    A. M. Lerch: Zur Theorie des Fermatschen Quotienten \(\frac{{a^{p - 1} - 1}}{p} = q(a)\), Math. Ann., 60(1905), 471–490.zbMATHCrossRefMathSciNetGoogle Scholar
  41. [LG88]
    J.H. van Lint, G. van der Geer: Introduction to coding theory and algebraic geometry, DMV seminar vol.12(1988), BirkhÄuser: Basel.Google Scholar
  42. [LZ94]
    G.-J. Lay, H. G. Zimmer: Constructing elliptic curves with given group order over large finite fields, in Algorithmic number theory (Ithaca, NY, 1994), Lecture Notes in Comput. Sci., 877(1994), 250–263, Springer: Berlin.Google Scholar
  43. [Maz72]
    B. Mazur: Rational points of Abelian varieties with values in towers of number fields, Invent. Math., 18(1972), 183–266.zbMATHCrossRefMathSciNetGoogle Scholar
  44. [McC90]
    K. S. McCurley: The discrete logarithm problem, in Cryptology and computational number theory, (Boulder, CO, 1989), Proc. Sympos. Appl. Math. vol.42(1990), 49–74, AMS:Providence, R.I.Google Scholar
  45. [Men93]
    A. Menezes: Elliptic curve public key cryptosystems. Kluwer academic publ.:Boston, 1993zbMATHGoogle Scholar
  46. [Mil86]
    V. S. Miller: Use of elliptic curves in cryptography, in Advances in cryptology-CRYPTO '85 (Santa Barbara, Calif., 1985), Lecture Notes in Comput. Sci. vol. 218(1986), 417–426, Springer: Berlin.Google Scholar
  47. [Mor91]
    F. Morain: Building cyclic elliptic curves modulo large primes, in Advances in cryptology—EUROCRYPT '91 (Brighton, 1991), 328–336, Lecture Notes in Comput. Sci., vol. 547(1991), Springer: Berlin.Google Scholar
  48. [Mor95]
    F. Morain: Calcul du nombre de points sur une curbe elliptique dans un corps fini: aspects algorithmieques, J. Théorie des Nombres de Bordeaux, 7(1995), 255–282.zbMATHMathSciNetGoogle Scholar
  49. [MOV93]
    A.J. Menezes, T. Okamoto and S.A. Vanstone: Reducing elliptic curve logarithms to logarithms in a finite field, The 23rd Annual ACM Symposium on Theory of Computing, New Orleans, LA, May 1991, and also IEEE Trans. Info. Theory, IT-39(1993), 1639–1646.CrossRefMathSciNetGoogle Scholar
  50. [MV90]
    A. Menezes, S. Vanstone: The implementation of elliptic curve cryptosystems, Proc. of AUSCRYPT 90, Lect. Notes in Comput. Science, vol.453(1990), 2–13, Springer:Berlin.Google Scholar
  51. [MWZ98]
    A. Menezes, Y. Wu, R. Zucchertato: Hyperelliptic curves, appendix to Koblitz: Algebraic aspects of cryptography, Springer: Berlin.Google Scholar
  52. [NIST91]
    National Institute for Standards and Technology: Specifications for a digital signature standard. Federal information processing standard publication 186(1991).Google Scholar
  53. [NIST92]
    National Institute for Standards and Technology: The digital signature standard, Comm. of the ACM, 35(1992), No.7, pp. 36–40.Google Scholar
  54. [Odl85]
    A.M. Odlyzko: Discrete logarithm and their cryptographic significance, in Advances in cryptology — EUROCRYPT '84, Lect. Notes in Comput. Sci. vol.209(1985), pp. 224–314zbMATHMathSciNetCrossRefGoogle Scholar
  55. [Odl94]
    A.M. Odlyzko: Discrete logarithms and smooth polynomials, in Finite fields: Theory, applications, and algorithms, Contemp. Math. vol.168(1994), 269–278.zbMATHMathSciNetGoogle Scholar
  56. [OU98a]
    T. Okamoto, S. Uchiyama: A new public-key cryptosystem as secure as factoring, to appear in EUROCRYPT'98.Google Scholar
  57. [OU98b]
    T. Okamoto, S. Uchiyama: Security of an identity-based cryptosystem and the related reductions, to appear in EUROCRYPT'98.Google Scholar
  58. [PH78]
    S.C. Pohlig and M.E. Hellman: An improved algorithm for computing logarithm over GF(p) and its cryptographic significance, IEEE Trans. Info. Theory, IT-24(1978), 106–110.CrossRefMathSciNetGoogle Scholar
  59. [Pol78]
    J. Pollard: Monte Carlo methods for index compuation ((mod p)), Math. Comp., 32(1978), 918–924.zbMATHCrossRefMathSciNetGoogle Scholar
  60. [Rüc97]
    H. G. Rück: On the Discrete Logarithm in the Divisor Class Group of Curves, preprint, (1997).Google Scholar
  61. [SA97]
    T. Satoh, K. Araki: Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves, (1997), preprint, to appear in Commentarii Math. Univ. St. Pauli. [Japanese exposition in: Proc. of algebraic number theory and its related topics, Koukyuuroku vol.1026(1998),.pp. 139–150, RIMS Kyoto Univ.:Kyoto.]Google Scholar
  62. [Schf85]
    R. Schoof: curves over finite fields and the computation of square roots (mod p), Math. Comp., 44(1985), 483–494.zbMATHCrossRefMathSciNetGoogle Scholar
  63. [Schf87]
    R. Schoof: Nonsingular plane cubic curves over finite fields, J. Comb. Theory, A46(1987), 183–211.CrossRefMathSciNetGoogle Scholar
  64. [Schn91]
    C. P. Schnorr: Efficient signature generation by smart cards, J. Cryptology, 4(1991), 161–174.zbMATHCrossRefMathSciNetGoogle Scholar
  65. [Sem96]
    I. A. Semaev: On computing logarithms on elliptic curves. (Russian) Diskret. Mat. 8(1996) 65–71. English translation in Discrete Math. Appl. 6(1996), 69–76.zbMATHMathSciNetGoogle Scholar
  66. [Sem98]
    I. A. Semaev: Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curves in characteristic p, Math. Comp., 67(1998), 353–356.zbMATHCrossRefMathSciNetGoogle Scholar
  67. [Ser58]
    J.-P. Serre: Sur la topologie des variétés algébriques en caractéristique p. Symposium internacional de topología algbraica, 1958, 24–53, Universidad National Autönoma de Mexico and UNESCO: Mexico CityGoogle Scholar
  68. [Ser73]
    J.-P. Serre: A course in arithmetic, GTM vol.7(1973), Springer: Berlin.Google Scholar
  69. [Sha71]
    D. Shanks: Class number, a theory of factorization, and genera, in 1969 Number Theory Institute, Proc. Symp. Pure. Math. vol.20(1971), 415–440 AMS:Providence, R.I.Google Scholar
  70. [Sil86]
    J. H. Silverman: The arithmetic of elliptic curves, GTM vol.l06(1986), Springer-Verlag:Berlin. (2nd printing: 1992)Google Scholar
  71. [Sil94]
    J. H. Silverman: The advanced arithmetic of elliptic curves, GTM vol.151(1994), Springer-Verlag:Berlin.Google Scholar
  72. [Sma97]
    N. P. Smart: The discrete logarithm problem on elliptic curves of trace one, (1997), preprint, to appear in J. Cryptology.Google Scholar
  73. [Tho77]
    A. D. Thomas: Zeta-functions: an introduction to algebraic geometry. Research notes in Math. Vol. 12(1977), Pitman: London.Google Scholar
  74. [Wat69]
    W.C. Waterhouse: Abelian varieties over finite fields, Ann. sci. éc. Norm. Sup., 4ℴsérie, 2(1969), 521–586.zbMATHMathSciNetGoogle Scholar
  75. [Wei48]
    A. Weil: (a) Sur les courbes algébriques et les variétés qui s'en déduisent, (b) Variétés abéliennes et courbes algébriques, Actualités Sci. Ind., Hermann:Paris 1948. [The collected second edition of (a) and (b): Courbes algébriques et variétés abéliennes, ibid, 1971.]Google Scholar
  76. [Wei49]
    A. Weil: Numbers of solutions of equations in finite fields, Bull. Amer. Math. Soc. 55(1949), 497–508.zbMATHMathSciNetCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Kiyomichi Araki
    • 1
  • Takakazu Satoh
    • 2
  • Shinji Miura
    • 3
  1. 1.Dept. Computer Eng.Tokyo Institute of TechnologyTokyoJapan
  2. 2.Dept. MathematicsSaitama UniversitySaitamaJapan
  3. 3.Media Processing Labs.Sony CorporationTokyoJapan

Personalised recommendations