On Small Characteristic Algebraic Tori in Pairing-Based Cryptography

The value ot the late pairing on an elliptic curve over a finite field may be viewed as an element of an algebraic torus. Using this simple observation, we transfer techniques recently developed for torus-based cryptography to pairing-based cryptography, resulting in more efficient computations, and lower bandwidth requirements. To illustrate the efficacy of this approach, we apply the method to pairings on supersingular elliptic curves in characteristic three.

Download Full-text

Generalized Artin'S Conjecture for Primitive Roots and Cyclicity Mod of Elliptic Curves Over Function Fields

Canadian Mathematical Bulletin ◽

10.4153/cmb-1995-023-2 ◽

1995 ◽

Vol 38 (2) ◽

pp. 167-173 ◽

Cited By ~ 5

Author(s):

David A. Clark ◽

Masato Kuwata

Keyword(s):

Finite Field ◽

Prime Ideal ◽

Elliptic Curve ◽

Elliptic Curves ◽

Function Field ◽

Function Fields ◽

Artin's Conjecture ◽

Primitive Roots

AbstractLet k = Fq be a finite field of characteristic p with q elements and let K be a function field of one variable over k. Consider an elliptic curve E defined over K. We determine how often the reduction of this elliptic curve to a prime ideal is cyclic. This is done by generalizing a result of Bilharz to a more general form of Artin's primitive roots problem formulated by R. Murty.

Download Full-text

Constructing supersingular elliptic curves with a given endomorphism ring

LMS Journal of Computation and Mathematics ◽

10.1112/s1461157014000254 ◽

2014 ◽

Vol 17 (A) ◽

pp. 71-91 ◽

Cited By ~ 4

Author(s):

Ilya Chevyrev ◽

Steven D. Galbraith

Keyword(s):

Elliptic Curve ◽

Elliptic Curves ◽

Endomorphism Ring ◽

Quaternion Algebra ◽

Maximal Order ◽

Running Time ◽

Successive Minima ◽

Supersingular Elliptic Curves ◽

Class Polynomials ◽

Theoretical Results

AbstractLet $\def \xmlpi #1{}\def \mathsfbi #1{\boldsymbol {\mathsf {#1}}}\let \le =\leqslant \let \leq =\leqslant \let \ge =\geqslant \let \geq =\geqslant \def \Pr {\mathit {Pr}}\def \Fr {\mathit {Fr}}\def \Rey {\mathit {Re}}\mathcal{O}$ be a maximal order in the quaternion algebra $B_p$ over $\mathbb{Q}$ ramified at $p$ and $\infty $. The paper is about the computational problem: construct a supersingular elliptic curve $E$ over $\mathbb{F}_p$ such that ${\rm End}(E) \cong \mathcal{O}$. We present an algorithm that solves this problem by taking gcds of the reductions modulo $p$ of Hilbert class polynomials.New theoretical results are required to determine the complexity of our algorithm. Our main result is that, under certain conditions on a rank three sublattice $\mathcal{O}^T$ of $\mathcal{O}$, the order $\mathcal{O}$ is effectively characterized by the three successive minima and two other short vectors of $\mathcal{O}^T\! .$ The desired conditions turn out to hold whenever the $j$-invariant $j(E)$, of the elliptic curve with ${\rm End}(E) \cong \mathcal{O}$, lies in $\mathbb{F}_p$. We can then prove that our algorithm terminates with running time $O(p^{1+\varepsilon })$ under the aforementioned conditions.As a further application we present an algorithm to simultaneously match all maximal order types with their associated $j$-invariants. Our algorithm has running time $O(p^{2.5 + \varepsilon })$ operations and is more efficient than Cerviño’s algorithm for the same problem.

Download Full-text

Bilinear character sums and sum-product problems on elliptic curves

Proceedings of the Edinburgh Mathematical Society ◽

10.1017/s0013091508000771 ◽

2010 ◽

Vol 53 (1) ◽

pp. 1-12 ◽

Cited By ~ 4

Author(s):

Omran Ahmadi ◽

Igor Shparlinski

Keyword(s):

Finite Field ◽

Elliptic Curve ◽

Elliptic Curves ◽

Character Sums ◽

Multiplicative Character ◽

Additive Character ◽

Product Problem ◽

Multiplicative Character Sums

AbstractLet E be an ordinary elliptic curve over a finite field q of q elements. We improve a bound on bilinear additive character sums over points on E, and obtain its analogue for bilinear multiplicative character sums. We apply these bounds to some variants of the sum-product problem on E.

Download Full-text

Construction of metrics on the set of elliptic curves over a finite field

Publications de l Institut Mathematique ◽

10.2298/pim2123125h ◽

2021 ◽

Vol 109 (123) ◽

pp. 125-141

Author(s):

Keisuke Hakuta

Keyword(s):

Finite Field ◽

Elliptic Curves ◽

Multiplicative Group ◽

Supersingular Elliptic Curves ◽

Characteristic Two

We consider metrics on the set of elliptic curves in short Weierstrass form over a finite field of characteristic greater than three. The metrics have been first found by Mishra and Gupta (2008). Vetro (2011) constructs other metrics which are independent on the choice of a generator of the multiplicative group of the underlying finite field, whereas the metrics found by Mishra and Gupta, are dependent on the choice of a generator of the multiplicative group of the underlying finite field. Hakuta (2015, 2018) constructs metrics on the set of non-supersingular elliptic curves in shortWeierstrass form over a finite field of characteristic two and three, respectively. The aim of this paper is to point out that the metric found by Mishra and Gupta is in fact not a metric. We also construct new metrics which are slightly modified versions of the metric found by Mishra and Gupta.

Download Full-text

Elliptic curves over the ring R

Boletim da Sociedade Paranaense de Matemática ◽

10.5269/bspm.v38i3.39868 ◽

2019 ◽

Vol 38 (3) ◽

pp. 193-201 ◽

Cited By ~ 1

Author(s):

A. Boulbot ◽

Abdelhakim Chillali ◽

A. Mouhib

Keyword(s):

Finite Field ◽

Elliptic Curve ◽

Elliptic Curves ◽

Prime Number ◽

Canonical Projection ◽

First Time ◽

Weierstrass Equation

Let Fq be a ﬁnite ﬁeld of q elements, where q is a power of a prime number p greater than or equal to 5. In this paper, we study the elliptic curve denoted Ea,b(Fq[e]) over the ring Fq[e], where e2 = e and (a,b) ∈ (Fq[e])2. In a ﬁrst time, we study the arithmetic of this ring. In addition, using the Weierstrass equation, we deﬁne the elliptic curve Ea,b(Fq[e]) and we will show that Eπ0(a),π0(b)(Fq) and Eπ1(a),π1(b)(Fq) are two elliptic curves over the ﬁeld Fq, where π0 and π1 are respectively the canonical projection and the sum projection of coordinates of X ∈Fq[e]. Precisely, we give a bijection between the sets Ea,b(Fq[e]) and Eπ0(a),π0(b)(Fq)×Eπ1(a),π1(b)(Fq).

Download Full-text

The Order of Edwards and Montgomery Curves

WSEAS TRANSACTIONS ON MATHEMATICS ◽

10.37394/23206.2020.19.25 ◽

2020 ◽

Vol 19 ◽

Keyword(s):

Finite Field ◽

Elliptic Curve ◽

Elliptic Curves ◽

Digital Signature ◽

Discrete Logarithm ◽

Log P ◽

Edwards Curves ◽

Digital Signature Algorithm ◽

Supersingular Curves ◽

Edwards Curve

The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the Digital Signature Algorithm (DSA) [2]. It is well known that the problem of discrete logarithm is NP-hard on group on elliptic curve (EC) [5]. The orders of groups of an algebraic affine and projective curves of Edwards [3, 9] over the finite field Fpn is studied by us. We research Edwards algebraic curves over a finite field, which are one of the most promising supports of sets of points which are used for fast group operations [1]. We construct a new method for counting the order of an Edwards curve [F ] d p E over a finite field Fp . It should be noted that this method can be applied to the order of elliptic curves due to the birational equivalence between elliptic curves and Edwards curves. The method we have proposed has much less complexity 22 O p log p at not large values p in comparison with the best Schoof basic algorithm with complexity 8 2 O(log pn ) , as well as a variant of the Schoof algorithm that uses fast arithmetic, which has complexity 42O(log pn ) , but works only for Elkis or Atkin primes. We not only find a specific set of coefficients with corresponding field characteristics for which these curves are supersingular, but we additionally find a general formula by which one can determine whether a curve [F ] d p E is supersingular over this field or not. The symmetric of the Edwards curve form and the parity of all degrees made it possible to represent the shape curves and apply the method of calculating the residual coincidences. A birational isomorphism between the Montgomery curve and the Edwards curve is also constructed. A oneto- one correspondence between the Edwards supersingular curves and Montgomery supersingular curves is established. The criterion of supersingularity for Edwards curves is found over F pn .

Download Full-text

EMBEDDING FINITE FIELDS INTO ELLIPTIC CURVES

Facta Universitatis Series Mathematics and Informatics ◽

10.22190/fumi1905889y ◽

2019 ◽

pp. 889

Author(s):

Amirmehdi Yazdani Kashani ◽

Hassan Daghigh

Keyword(s):

Finite Field ◽

Elliptic Curve ◽

Elliptic Curves ◽

Finite Fields ◽

Hyperelliptic Curves ◽

Rational Points ◽

Elliptic Curve Cryptosystems ◽

General Elliptic ◽

Genus 2

Many elliptic curve cryptosystems require an encoding function from a ﬁnite ﬁeld Fq into Fq-rational points of an elliptic curve. We propose a uniform encoding to general elliptic curves over Fq. We also discuss about an injective case of SWU encoing for hyperelliptic curves of genus 2. Moreover we discuss about an injective encoding for elliptic curves with a point of order two over a ﬁnite ﬁeld and present a description for these elliptic curves.

Download Full-text

Identifying supersingular elliptic curves

LMS Journal of Computation and Mathematics ◽

10.1112/s1461157012001106 ◽

2012 ◽

Vol 15 ◽

pp. 317-325 ◽

Cited By ~ 12

Author(s):

Andrew V. Sutherland

Keyword(s):

Elliptic Curve ◽

Elliptic Curves ◽

Positive Characteristic ◽

Simple Algorithm ◽

New Approach ◽

Complexity Bounds ◽

Supersingular Elliptic Curves ◽

Structural Differences ◽

Isogeny Graphs ◽

Field Of Positive Characteristic

AbstractGiven an elliptic curve E over a field of positive characteristic p, we consider how to efficiently determine whether E is ordinary or supersingular. We analyze the complexity of several existing algorithms and then present a new approach that exploits structural differences between ordinary and supersingular isogeny graphs. This yields a simple algorithm that, given E and a suitable non-residue in 𝔽p2, determines the supersingularity of E in O(n3log 2n) time and O(n) space, where n=O(log p) . Both these complexity bounds are significant improvements over existing methods, as we demonstrate with some practical computations.

Download Full-text

Finding elliptic curves with a subgroup of prescribed size

International Journal of Number Theory ◽

10.1142/s1793042117500099 ◽

2016 ◽

Vol 13 (01) ◽

pp. 133-152

Author(s):

Igor E. Shparlinski ◽

Andrew V. Sutherland

Keyword(s):

Positive Integer ◽

Finite Field ◽

Elliptic Curve ◽

Elliptic Curves ◽

Riemann Hypothesis ◽

Time Complexity ◽

Rational Functions ◽

Deterministic Algorithm ◽

Probabilistic Algorithm ◽

Almost All

Assuming the Generalized Riemann Hypothesis, we design a deterministic algorithm that, given a prime [Formula: see text] and positive integer [Formula: see text], outputs an elliptic curve [Formula: see text] over the finite field [Formula: see text] for which the cardinality of [Formula: see text] is divisible by [Formula: see text]. The running time of the algorithm is [Formula: see text], and this leads to more efficient constructions of rational functions over [Formula: see text] whose image is small relative to [Formula: see text]. We also give an unconditional version of the algorithm that works for almost all primes [Formula: see text], and give a probabilistic algorithm with subexponential time complexity.

Download Full-text

The Frequency of Elliptic Curve Groups over Prime Finite Fields

Canadian Journal of Mathematics ◽

10.4153/cjm-2015-013-1 ◽

2016 ◽

Vol 68 (4) ◽

pp. 721-761 ◽

Cited By ~ 3

Author(s):

Vorrapan Chandee ◽

Chantal David ◽

Dimitris Koukoulopoulos ◽

Ethan Smith

Keyword(s):

Asymptotic Formula ◽

Finite Field ◽

Elliptic Curve ◽

Elliptic Curves ◽

Finite Fields ◽

Arithmetic Progressions ◽

Constant Multiple ◽

Group Order ◽

Almost All ◽

Candidate Group

AbstractLetting p vary over all primes and E vary over all elliptic curves over the finite field 𝔽p, we study the frequency to which a given group G arises as a group of points E(𝔽p). It is well known that the only permissible groups are of the form Gm,k:=ℤ/mℤ×ℤ/mkℤ. Given such a candidate group, we let M(Gm,k) be the frequency to which the group Gm,karises in this way. Previously, C.David and E. Smith determined an asymptotic formula for M(Gm,k) assuming a conjecture about primes in short arithmetic progressions. In this paper, we prove several unconditional bounds for M(Gm,k), pointwise and on average. In particular, we show thatM(Gm,k) is bounded above by a constant multiple of the expected quantity when m ≤ kA and that the conjectured asymptotic for M(Gm,k) holds for almost all groups Gm,k when m ≤ k1/4-∈. We also apply our methods to study the frequency to which a given integer N arises as a group order #E(𝔽p).

Download Full-text