CM-Curves with Good Cryptographic Properties

نویسنده

  • Neal Koblitz
چکیده

Our purpose is to describe elliptic curves with complex multiplication which in characteristic 2 have the following useful properties for constructing Diffie-HeUman type cryptosystems: (1) they are nonsupersingular (so that one cannot use the Menezes-Okamoto-Vanstone reduction of discrete log from elliptic curves to finite fields); (2) the order of the group h a s a large prime factor (so that discrete logs cannot be computed by giant-step/baby-step or the PolIard rho method); (3) doubling of points can be carried out almost as efficiently as in the case of the supersingular curves used by Vanstone; (4) the curves are easy to find. 1 Introduction In Atkin's version of the Goldwasser-Kilian primality test ([l], [9]) one starts with a quadratic imaginary field Ii' = Q(m) and then constructs an elliptic curve over a finite field which is the reduction of an elliptic curve with complex multiplication by K. This idea can also be applied to the search for elliptic curvea which are suitable for the type of cryptosystem described in [3], [8]. 4 s in the primality test, we are looking for elliptic curves whose number of points is equal to a large prime number times a small factor. However, unlike in the prirnality test, where the curves are defined over very large prime fields. our curves will be defined over small fields. Morcover, we shall be interested in an additional property of the curves, the property of having a small trace of Frobenius. In particular, we shall stirdy curves over small fields of characteristic 2 for which the trace of the Frobenius map is kl, i.e., for which the complexmultiplicationfield is Q(m) for D = 2'+2-1 a Mersenne number. Such curves lend themselves to particularly efficient computation, since the doubling of points (more precisely, multiplying points by 2 k) can be speeded up when this condition holds.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

ar X iv : 0 81 1 . 34 34 v 1 [ m at h . A G ] 2 0 N ov 2 00 8 CM construction of genus 2 curves with p - rank 1 Laura

We present an algorithm for constructing cryptographic hyperelliptic curves of genus 2 and p-rank 1, using the CM method. We also present an algorithm for constructing such curves that, in addition, have a prescribed small embedding degree. We describe the algorithms in detail, and discuss other aspects of p-rank 1 curves too, including the reduction of the class polynomials modulo p.

متن کامل

On a new generalization of Huff curves

Recently two kinds of Huff curves were introduced as elliptic curves models and their arithmetic was studied. It was also shown that they are suitable for cryptographic use such as Montgomery curves or Koblitz curves (in Weierstrass form) and Edwards curves. In this work, we introduce the new generalized Huff curves ax(y − c) = by(x−d) with abcd(ac−bd) 6= 0, which contains the generalized Huff’...

متن کامل

Constructing Abelian Surfaces for Cryptography via Rosenhain Invariants

This paper presents an algorithm to construct cryptographically strong genus 2 curves and their Kummer surfaces via Rosenhain invariants and related Kummer parameters. The most common version of the complex multiplication (CM) algorithm for constructing cryptographic curves in genus 2 relies on the well-studied Igusa invariants and Mestre’s algorithm for reconstructing the curve. On the other h...

متن کامل

Diversity and Transparency for ECC

Generating and standardizing elliptic curves to use them in a cryptographic context is a hard task. There have been several attempts to define public elliptic curves for a general cryptographic use, such as NIST FIPS 186–2 curves [53], Brainpool curves [47], SECG curves [58], ANSSI FRP256v1 [41], Curve25519 [7], and OSCCA SM2 [54]. Recent years have seen some distrust cast on previously standar...

متن کامل

Theoretical and Structural Relationship Study of Electrochemical Properties of p- Sulfonated Calix[Slarene Macrocycles with Fullerenes as lp-Sulfonated Calliplarenesi@iCsl Supramolecular Complexes

Up to now, various empty carbon fullerenes with different magic number "n", such as C10, Cow Cm, Cso,Cis** Cm and so on. have been obtained. The calix[n]arenes are a class of chalice-like rnacrocyclicmolecules that have attracted widespread attention as complex molecules with liquid crystal behaviors.These classes of compounds are cyclic ohgomers synthessid by condensation of a para-alkylated p...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 1991