We present an algorithm for generating elliptic curves of prime order over Optimal Extension Fields suitable for use in cryptography. The algorithm is based on the theory of Complex Multiplication. Furthermore, we demonstrate the efficiency of the algorithm in practice by giving practical running times. In addition, we present statistics on the number of cryptographically strong elliptic curves...

This handout discusses finite fields: how to construct them, properties of elements in a finite field, and relations between different finite fields (including their Galois groups). We write Z/(p) and Fp interchangeably for the field of size p. Here is an executive summary of the main results. • Every finite field has prime power order. • For every prime power, there is a finite field of that o...

It is of interest in cryptographic applications to obtain practical performance improvements for the discrete logarithm problem over prime fields Fp with p of size ≤ 500 bits. The linear sieve and the cubic sieve methods described in Coppersmith, Odlyzko and Schroeppel’s paper [3] are two practical algorithms for computing discrete logarithms over prime fields. The cubic sieve algorithm is asym...

Let {Km} be a parametrized family of real abelian number fields of known regulators, e.g. the simplest cubic fields associated with the Q-irreducible cubic polynomials Pm(x) = x −mx2 − (m+ 3)x− 1. We develop two methods for computing the class numbers of these Km’s. As a byproduct of our computation, we found 32 cyclotomic fields Q(ζp) of prime conductors p < 10 for which some prime q ≥ p divid...

Elliptic curve cryptosystems are usually implemented over fields of characteristic two or over (large) prime fields. For large prime fields, projective coordinates are more suitable as they reduce the computational workload in a point multiplication. In this case, choosing for parameter a the value −3 further reduces the workload. Over Fp, not all elliptic curves can be rescaled through isomorp...

We quantify a recent theorem of Wiles on class numbers of imaginary quadratic fields by proving an estimate for the number of negative fundamental discriminants down to −X whose class numbers are indivisible by a given prime and whose imaginary quadratic fields satisfy any given set of local conditions. This estimate matches the best results in the direction of the Cohen–Lenstra heuristics for ...

We determine the conditions under which singular values of multiple η-quotients of square-free level, not necessarily prime to 6, yield class invariants, that is, algebraic numbers in ring class fields of imaginary-quadratic number fields. We show that the singular values lie in subfields of the ring class fields of index 2 ′ −1 when k > 2 primes dividing the level are ramified in the imaginary...

In this paper, we study several variations of the number field sieve to compute discrete logarithms in finite fields of the form Fpn , with p a medium to large prime. We show that when n is not too large, this yields a Lpn(1/3) algorithm with efficiency similar to that of the regular number field sieve over prime fields. This approach complements the recent results of Joux and Lercier on the fu...

We consider the problem of finding cryptographically suitable Jacobians. By applying a probabilistic generic algorithm to compute the zeta functions of low genus curves drawn from an arbitrary family, we can search for Jacobians containing a large subgroup of prime order. For a suitable distribution of curves, the complexity is subexponential in genus 2, and O(N1/12) in genus 3. We give example...

Creating efficient finite field implementations has been an active research topic for several decades. Many applications in areas such as cryptography, signal processing, erasure coding and now also network coding depend on this research to deliver satisfactory performance. In this paper we investigate the use of prime fields with a field size of 2 − 5, as this allows implementations which comb...