Small Exponent Point Groups on Elliptic Curves
نویسندگان
چکیده
Let E be an elliptic curve defined over Fq, the finite field of q elements. We show that for some constant η > 0 depending only on q, there are infinitely many positive integers n such that the exponent of E(Fqn), the group of Fqn-rational points on E, is at most q exp ( −n log logn ) . This is an analogue of a result of R. Schoof on the exponent of the group E(Fp) of Fp-rational points, when a fixed elliptic curve E is defined over Q and the prime p tends to infinity.
منابع مشابه
A descent method for explicit computations on curves
It is shown that the knowledge of a surjective morphism $Xto Y$ of complex curves can be effectively used to make explicit calculations. The method is demonstrated by the calculation of $j(ntau)$ (for some small $n$) in terms of $j(tau)$ for the elliptic curve with period lattice $(1,tau)$, the period matrix for the Jacobian of a family of genus-$2$ curves complementing the classi...
متن کاملGeneralized Jacobian and Discrete Logarithm Problem on Elliptic Curves
Let E be an elliptic curve over the finite field F_{q}, P a point in E(F_{q}) of order n, and Q a point in the group generated by P. The discrete logarithm problem on E is to find the number k such that Q = kP. In this paper we reduce the discrete logarithm problem on E[n] to the discrete logarithm on the group F*_{q} , the multiplicative group of nonzero elements of Fq, in the case where n | q...
متن کاملComparing Elliptic Curve Cryptography and RSA on 8-bit CPUs
Strong public-key cryptography is often considered to be too computationally expensive for small devices if not accelerated by cryptographic hardware. We revisited this statement and implemented elliptic curve point multiplication for 160-bit, 192-bit, and 224-bit NIST/SECG curves over GF(p) and RSA-1024 and RSA-2048 on two 8-bit microcontrollers. To accelerate multiple-precision multiplication...
متن کاملPreventing Differential Analysis in GLV Elliptic Curve Scalar Multiplication
In [2], Gallant, Lambert and Vanstone proposed a very efficient algorithm to compute Q = kP on elliptic curves having non-trivial efficiently computable endomorphisms. Cryptographic protocols are sensitive to implementations, indeed as shown in [6, 7] information about the secret can be revealed analysing external leakage of the support, typically a smart card. Several software countermeasures ...
متن کاملProtocol Failures for RSA-Like Functions Using Lucas Sequences and Elliptic Curves
We show that the cryptosystems based on Lucas sequences and on elliptic curves over a ring are insecure when a linear relation is known between two plaintexts that are encrypted with a “small” public exponent. This attack is already known for the classical RSA system, but the proofs and the results here are different.
متن کامل