Supersingular Curves in Cryptography
نویسنده
چکیده
Frey and Rück gave a method to transform the discrete logarithm problem in the divisor class group of a curve over Fq into a discrete logarithm problem in some finite field extension Fqk . The discrete logarithm problem can therefore be solved using index calculus algorithms as long as k is small. In the elliptic curve case it was shown by Menezes, Okamoto and Vanstone that for supersingular curves one has k ≤ 6. In this paper curves of higher genus are studied. Bounds on the possible values for k in the case of supersingular curves are given which imply that supersingular curves are weaker than the general case for cryptography. Ways to ensure that a curve is not supersingular are also discussed. A constructive application of supersingular curves to cryptography is given, by generalising an identity-based cryptosystem due to Boneh and Franklin. The generalised scheme provides a significant reduction in bandwidth compared with the original scheme.
منابع مشابه
Project : Supersingular Curves and the Weil Pairing in Elliptic Curve Cryptography
Even first semester calculus students are aware of how calculus, hence analysis, is used to solve problems in engineering. In recent decades the engineering world is gaining more exposure to algebra through the powerful problem solutions it provides. One area that algebra has made significant contributions to is cryptography and, more specifically, public key cryptography. In this paper we aim ...
متن کاملConstructing Supersingular Elliptic Curves
We give an algorithm that constructs, on input of a prime power q and an integer t, a supersingular elliptic curve over Fq with trace of Frobenius t in case such a curve exists. If GRH holds true, the expected run time of our algorithm is e O((log q)). We illustrate the algorithm by showing how to construct supersingular curves of prime order. Such curves can readily be used for pairing based c...
متن کاملFinding More Non-Supersingular Elliptic Curves for Pairing-Based Cryptosystems
Finding suitable non-supersingular elliptic curves for pairing-based cryptosystems becomes an important issue for the modern public-key cryptography after the proposition of id-based encryption scheme and short signature scheme. In previous work different algorithms have been proposed for finding such elliptic curves when embedding degree k ∈ {3, 4, 6} and cofactor h ∈ {1, 2, 3, 4, 5}. In this ...
متن کاملQuantum-Resistant Diffie-Hellman Key Exchange from Supersingular Elliptic Curve Isogenies
Possibility of the emergence of quantum computers in the near future, pose a serious threat against the security of widely-used public key cryptosystems such as RSA or Elliptic Curve Cryptography (ECC). Algorithms involving isogeny computations on supersingular elliptic curves have been shown to be difficult to break, even to quantum computers. Thus, isogeny-based protocols represent promising ...
متن کاملSUPERSINGULAR PRIMES FOR POINTS ON X0(p)/wp
For small odd primes p, we prove that most of the rational points on the modular curve X0(p)/wp parametrize pairs of elliptic curves having infinitely many supersingular primes. This result extends the class of elliptic curves for which the infinitude of supersingular primes is known. We give concrete examples illustrating how these techniques can be explicitly used to construct supersingular p...
متن کامل