Finding suitable non-supersingular elliptic curves for pairing-based cryptosystems becomes an important issue for the modern public-key cryptography after the proposition of id-based encryption scheme and short signature scheme. In previous work different algorithms have been proposed for finding such elliptic curves when embedding degree k ∈ {3, 4, 6} and cofactor h ∈ {1, 2, 3, 4, 5}. In this ...

In this paper, we give a ‘direct’ construction of the endomorphism ring of supersingular elliptic curves over a prime field Fp from ‘ideal classes’ of Q( √−p). We use the result to prove that the result of Kaneko on ‘minimal’ CM liftings of such supersingular elliptic curves is a best possible result. We also prove that the result of Elkies on ‘minimal’ CM liftings of all supersingular elliptic...

For small odd primes p, we prove that most of the rational points on the modular curve X0(p)/wp parametrize pairs of elliptic curves having infinitely many supersingular primes. This result extends the class of elliptic curves for which the infinitude of supersingular primes is known. We give concrete examples illustrating how these techniques can be explicitly used to construct supersingular p...

Possibility of the emergence of quantum computers in the near future, pose a serious threat against the security of widely-used public key cryptosystems such as RSA or Elliptic Curve Cryptography (ECC). Algorithms involving isogeny computations on supersingular elliptic curves have been shown to be difficult to break, even to quantum computers. Thus, isogeny-based protocols represent promising ...

We revisit theoretical background on OSIDH (Oriented Supersingular Isogeny Diffie-Hellman protocol), which is an isogeny-based key-exchange protocol proposed by Colò and Kohel at NutMiC 2019. give a proof of fundamental theorem for OSIDH. The was stated without proof. Furthermore, we consider parameters OSIDH, sufficient condition the to work, estimate size certain security level.

Self-pairings have found interesting applications in cryptographic schemes, such as ZSS short signatures and so on. In this paper, we present a novel method for constructing a self-pairing on supersingular elliptic curves with even embedding degrees, which we call the Ateil pairing. This pairing improves the efficiency of the self-pairing computation on supersingular curves over finite fields w...

The decision-Diffie-Hellman problem (DDH) is a central computational problem in cryptography. It is already known that the Weil and Tate pairings can be used to solve many DDH problems on elliptic curves. A natural question is whether all DDH problems are easy on supersingular curves. To answer this question it is necessary to have suitable distortion maps. Verheul states that such maps exist, ...

We give an algorithm that constructs, on input of a prime power q and an integer t, a supersingular elliptic curve over Fq with trace of Frobenius t in case such a curve exists. If GRH holds true, the expected run time of our algorithm is e O((log q)). We illustrate the algorithm by showing how to construct supersingular curves of prime order. Such curves can readily be used for pairing based c...

‎In this paper‎, ‎we propose some Diffie-Hellman type key exchange protocols using isogenies of elliptic curves‎. ‎The first method which uses the endomorphism ring of an ordinary elliptic curve $ E $‎, ‎is a straightforward generalization of elliptic curve Diffie-Hellman key exchange‎. ‎The method uses commutativity of the endomorphism ring $ End(E) $‎. ‎Then using dual isogenies‎, ‎we propose...