scholarly journals SUPERSINGULAR EDWARDS CURVES AND EDWARDS CURVE POINTS COUNTING METHOD OVER FINITE FIELD

2020 ◽  
pp. 68-88
Author(s):  
Ruslan Skuratovskii
Keyword(s):  
Finite Field ◽  
Elliptic Curves ◽  
Algebraic Curves ◽  
Discrete Logarithm ◽  
Edwards Curves ◽  
Projective Curves ◽  
Birational Equivalence ◽  
Supersingular Curves ◽  
Edwards Curve ◽  
Embedding Degree

We consider problem of order counting of algebraic affine and projective curves of Edwards [2, 8] over the finite field $F_{p^n}$. The complexity of the discrete logarithm problem in the group of points of an elliptic curve depends on the order of this curve (ECDLP) [4, 20] depends on the order of this curve [10]. We research Edwards algebraic curves over a finite field, which are one of the most promising supports of sets of points which are used for fast group operations [1]. We construct a new method for counting the order of an Edwards curve over a finite field. It should be noted that this method can be applied to the order of elliptic curves due to the birational equivalence between elliptic curves and Edwards curves. We not only find a specific set of coefficients with corresponding field characteristics for which these curves are supersingular, but we additionally find a general formula by which one can determine whether a curve $E_d [F_p]$ is supersingular over this field or not. The embedding degree of the supersingular curve of Edwards over $F_{p^n}$ in a finite field is investigated and the field characteristic, where this degree is minimal, is found. A birational isomorphism between the Montgomery curve and the Edwards curve is also constructed. A one-to-one correspondence between the Edwards supersingular curves and Montgomery supersingular curves is established. The criterion of supersingularity for Edwards curves is found over $F_{p^n}$.

scholarly journals Edwards Curve Points Counting Method and Supersingular Edwards and Montgomery Curves. (Cryptosystems, Cryptology and Theoretical Computer Science)

2020 ◽  
Vol 17 ◽  
Keyword(s):  
Finite Field ◽  
Computer Science ◽  
Elliptic Curves ◽  
Algebraic Curves ◽  
Theoretical Computer Science ◽  
Theoretical Computer ◽  
Edwards Curves ◽  
Projective Curves ◽  
Supersingular Curves ◽  
Edwards Curve

In this paper, an algebraic affine and projective curves of Edwards [3, 9] over the finite field Fpn . In the theory of Cryptosystems, Cryptology and Theoretical Computer Science it is well known that many modern cryptosystems [11] can be naturally transformed into elliptic curves [5]. Here we study Edwards algebraic curves over a finite field, which are one of the most promising supports of sets of points which are used for fast group operations [1]. We construct a new method for counting the order of an Edwards curve over a finite field. It should be noted that this method can be applied to the order of elliptic curves due to the birational equivalence between elliptic curves and Edwards curves. We not only find a specific set of coefficients with corresponding field characteristics for which these curves are supersingular, but we additionally find a general formula by which one can determine whether a curve [ ] d p E F is supersingular over this field or not. The embedding degree of the supersingular curve of Edwards over pn F in a finite field is investigated and the field characteristic, where this degree is minimal, is found. A birational isomorphism between the Montgomery curve and the Edwards curve is also constructed. A one-to-one correspondence between the Edwards supersingular curves and Montgomery supersingular curves is established. The criterion of supersingularity for Edwards curves is found over pn F .

scholarly journals Elliptic and Edwards Curves Order Counting Method

2021 ◽  
Vol 15 ◽  
pp. 52-62
Author(s):  
Ruslan Skuratovskii ◽  
Volodymyr Osadchyy
Keyword(s):  
Normal Form ◽  
Finite Field ◽  
Elliptic Curves ◽  
Algebraic Curves ◽  
Basic Algorithm ◽  
Edwards Curves ◽  
Projective Curves ◽  
Edwards Curve ◽  
Embedding Degree ◽  
Fast Arithmetic

We consider the algebraic affine and projective curves of Edwards over the finite field Fpn. It is well known that many modern cryptosystems can be naturally transformed into elliptic curves. In this paper, we extend our previous research into those Edwards algebraic curves over a finite field. We propose a novel effective method of point counting for both Edwards and elliptic curves. In addition to finding a specific set of coefficients with corresponding field characteristics for which these curves are supersingular, we also find a general formula by which one can determine whether or not a curve Ed[Fp] is supersingular over this field. The method proposed has complexity O ( p log2 2 p ) . This is an improvement over both Schoof’s basic algorithm and the variant which makes use of fast arithmetic (suitable for only the Elkis or Atkin primes numbers) with complexities O(log8 2 pn) and O(log4 2 pn) respectively. The embedding degree of the supersingular curve of Edwards over Fpn in a finite field is additionally investigated. Due existing the birational isomorphism between twisted Edwards curve and elliptic curve in Weierstrass normal form the result about order of curve over finite field is extended on cubic in Weierstrass normal form.

scholarly journals The Order of Edwards and Montgomery Curves

2020 ◽  
Vol 19 ◽  
Keyword(s):  
Finite Field ◽  
Elliptic Curve ◽  
Elliptic Curves ◽  
Digital Signature ◽  
Discrete Logarithm ◽  
Log P ◽  
Edwards Curves ◽  
Digital Signature Algorithm ◽  
Supersingular Curves ◽  
Edwards Curve

The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the Digital Signature Algorithm (DSA) [2]. It is well known that the problem of discrete logarithm is NP-hard on group on elliptic curve (EC) [5]. The orders of groups of an algebraic affine and projective curves of Edwards [3, 9] over the finite field Fpn is studied by us. We research Edwards algebraic curves over a finite field, which are one of the most promising supports of sets of points which are used for fast group operations [1]. We construct a new method for counting the order of an Edwards curve [F ] d p E over a finite field Fp . It should be noted that this method can be applied to the order of elliptic curves due to the birational equivalence between elliptic curves and Edwards curves. The method we have proposed has much less complexity 22 O p log p at not large values p in comparison with the best Schoof basic algorithm with complexity 8 2 O(log pn ) , as well as a variant of the Schoof algorithm that uses fast arithmetic, which has complexity 42O(log pn ) , but works only for Elkis or Atkin primes. We not only find a specific set of coefficients with corresponding field characteristics for which these curves are supersingular, but we additionally find a general formula by which one can determine whether a curve [F ] d p E is supersingular over this field or not. The symmetric of the Edwards curve form and the parity of all degrees made it possible to represent the shape curves and apply the method of calculating the residual coincidences. A birational isomorphism between the Montgomery curve and the Edwards curve is also constructed. A oneto- one correspondence between the Edwards supersingular curves and Montgomery supersingular curves is established. The criterion of supersingularity for Edwards curves is found over F pn .

scholarly journals Criterions of Supersinguliarity and Groups of Montgomery and Edwards Curves in Cryptography

2021 ◽  
Vol 19 ◽  
pp. 709-722
Author(s):  
Ruslan Skuratovskii ◽  
Volodymyr Osadchyy
Keyword(s):  
Normal Form ◽  
Finite Field ◽  
Elliptic Curves ◽  
Algebraic Curves ◽  
Minimum Degree ◽  
Basic Algorithm ◽  
Edwards Curves ◽  
Edwards Curve ◽  
Birational Isomorphism ◽  
Twisted Edwards Curve

We consider the algebraic affine and projective curves of Edwards over the finite field Fpn. It is well known that many modern cryptosystems can be naturally transformed into elliptic curves. The criterions of the supersingularity of Montgomery and Edwards curves are found. In this paper, we extend our previous research into those Edwards algebraic curves over a finite field and we construct birational isomorphism of them with cubic in Weierstrass normal form. One class of twisted Edwards is researched too. We propose a novel effective method of point counting for both Edwards and elliptic curves. In addition to finding a specific set of coefficients with corresponding field characteristics for which these curves are supersingular, we also find a general formula by which one can determine whether or not a curve Ed[Fp] is supersingular over this field. The method proposed has complexity O( p log2 2 p ) . This is an improvement over both Schoof’s basic algorithm and the variant which makes use of fast arithmetic (suitable for only the Elkis or Atkin primes numbers) with complexities O(log8 2 pn) and O(log4 2 pn) respectively. The embedding degree of the supersingular curve of Edwards over Fpn in a finite field is additionally investigated. Singular points of twisted Edwards curve are completely described. Due existing the birational isomorphism between twisted Edwards curve and elliptic curve in Weierstrass normal form the result about order of this curve over finite field is extended on cubic in Weierstrass normal form. Also it is considered minimum degree of an isogeny (distance) between curves of this two classes when such isogeny exists. We extend the existing isogenous of elliptic curves.

scholarly journals Improved lower bound for Diffie–Hellman problem using multiplicative group of a finite field as auxiliary group

2018 ◽  
Vol 12 (2) ◽  
pp. 101-118 ◽  
Author(s):  
Prabhat Kushwaha
Keyword(s):  
Lower Bound ◽  
Finite Field ◽  
Elliptic Curves ◽  
Multiplicative Group ◽  
Discrete Logarithm ◽  
Discrete Logarithm Problem ◽  
Reduction Algorithm ◽  
Practical Applications ◽  
Diffie Hellman ◽  
Estimate Lower

Abstract In 2004, Muzereau, Smart and Vercauteren [A. Muzereau, N. P. Smart and F. Vercauteren, The equivalence between the DHP and DLP for elliptic curves used in practical applications, LMS J. Comput. Math. 7 2004, 50–72] showed how to use a reduction algorithm of the discrete logarithm problem to Diffie–Hellman problem in order to estimate lower bound for the Diffie–Hellman problem on elliptic curves. They presented their estimates on various elliptic curves that are used in practical applications. In this paper, we show that a much tighter lower bound for the Diffie–Hellman problem on those curves can be achieved if one uses the multiplicative group of a finite field as auxiliary group. The improved lower bound estimates of the Diffie–Hellman problem on those recommended curves are also presented. Moreover, we have also extended our idea by presenting similar estimates of DHP on some more recommended curves which were not covered before. These estimates of DHP on these curves are currently the tightest which lead us towards the equivalence of the Diffie–Hellman problem and the discrete logarithm problem on these recommended elliptic curves.

scholarly journals CALCULATION OF PARAMETERS OF CRYPTIC CRIVIAE EDWARDS OVER THE FIELDS OF CHARACTERISTICS 5 AND 7

2018 ◽  
pp. 94-104 ◽  
Author(s):  
Anatoliy V. Bessalov
Keyword(s):  
Prime Order ◽  
Discrete Logarithm ◽  
Problem Solution ◽  
Characteristic P ◽  
System Parameters ◽  
Calculation Of Parameters ◽  
Edwards Curves ◽  
Primitive Polynomials ◽  
Prime Fields ◽  
Edwards Curve

The method of search of cryptographic strong elliptic curves in the Edwards form (where parameter d is non square in the field) over the extended finite fields of small characteristics p ≠ 2.3 is proposed. For these curves is performed the completeness of the points addition law, so they are called as complete Edwards curve. In the first stage over a small prime fields and we find the parameters d of complete Edwards curves who have minimum orders . For both curves we obtain the same values d = 3, which are non square in the fields and . Next with help recurrent formulae for both curves we calculated the orders (where n is odd) of these curves over the extended fields with prime degrees of extension m within known cryptographic standards (with the same bit-length field module 200 ... 600 bits). The calculated values n are tested on primelity. The extensions m, which provide a psevdoprime order 4n of curve with a prime value n, are selected. This provides the highest cryptographic stability of curve by the discrete logarithm problem solution. As a result, over the fields of the characteristic p = 5 we obtain two curves with degrees of expansion m = 181 and m = 277, and over the fields of the characteristic p = 7 one curve with the degree m = 127. For them, the corresponding large prime values of n are determined. The next stage is the calculation of other system-parameters of cryptographic systems based on complete Edwards curves. over the fields of characteristics 5 and 7. The arithmetic of extended fields is based on irreducible primitive polynomials P (z) of degree m. The search and construction of polynomial tables P (z) (for 10 different polynomials for each value m, respectively, for the values of the characteristics p = 5 and p = 7) has been performed. On the basis of each polynomial according to the developed method, the coordinates of the random point P of the curve are calculated. The possible order of this point is the value of 4n, 2n or n. The double doubling of this point is the coordinates and for 30 different generators G = 4P cryptosystems that have a prime order n. The set of parameters that satisfy the standard cryptographic requirements and can be recommended in projecting cryptosystems is obtained.

scholarly journals CERTAIN VALUES OF GAUSSIAN HYPERGEOMETRIC SERIES AND A FAMILY OF ALGEBRAIC CURVES

2012 ◽  
Vol 08 (04) ◽  
pp. 945-961 ◽  
Author(s):  
RUPAM BARMAN ◽  
GAUTAM KALITA
Keyword(s):  
Finite Field ◽  
Elliptic Curves ◽  
Algebraic Curve ◽  
Hypergeometric Series ◽  
Algebraic Curves ◽  
Alternate Proof ◽  
Special Values ◽  
Gaussian Hypergeometric Series

Let λ ∈ ℚ\{0, -1} and l ≥ 2. Denote by Cl, λ the nonsingular projective algebraic curve over ℚ with affine equation given by [Formula: see text] In this paper, we give a relation between the number of points on Cl, λ over a finite field and Gaussian hypergeometric series. We also give an alternate proof of a result of [D. McCarthy, 3F2 Hypergeometric series and periods of elliptic curves, Int. J. Number Theory6(3) (2010) 461–470]. We find some special values of 3F2 and 2F1 Gaussian hypergeometric series. Finally we evaluate the value of 3F2(4) which extends a result of [K. Ono, Values of Gaussian hypergeometric series, Trans. Amer. Math. Soc.350(3) (1998) 1205–1223].

scholarly journals Point Compression and Coordinate Recovery for Edwards Curves over Finite Field

2014 ◽  
Vol 52 (2) ◽  
Author(s):  
Benjamin Justus
Keyword(s):  
Finite Field ◽  
Scalar Multiplication ◽  
Computational Approaches ◽  
Recovery Algorithm ◽  
Edwards Curves ◽  
Addition Chain ◽  
Point Compression ◽  
Edwards Curve

AbstractWe present two computational approaches for the purpose of point compression and decompression on Edwards curves over the finite field Fp where p is an odd prime. The proposed algorithms allow compression and decompression for the x or y affine coordinates. We also present a x-coordinate recovery algorithm that can be used at any stage of a differential addition chain during the scalar multiplication of a point on the Edwards curve.

scholarly journals Generating pairing-friendly elliptic curve parameters using sparse families

2018 ◽  
Vol 12 (2) ◽  
pp. 83-99
Author(s):  
Georgios Fotiadis ◽  
Elisavet Konstantinou
Keyword(s):  
Finite Field ◽  
Elliptic Curve ◽  
Elliptic Curves ◽  
Number Field ◽  
Recent Progress ◽  
Discrete Logarithm ◽  
Numerical Examples ◽  
Field Extensions ◽  
Number Field Sieve ◽  
First Time

Abstract The majority of methods for constructing pairing-friendly elliptic curves are based on representing the curve parameters as polynomial families. There are three such types, namely complete, complete with variable discriminant and sparse families. In this paper, we present a method for constructing sparse families and produce examples of this type that have not previously appeared in the literature, for various embedding degrees. We provide numerical examples obtained by these sparse families, considering for the first time the effect of the recent progress on the tower number field sieve (TNFS) method for solving the discrete logarithm problem (DLP) in finite field extensions of composite degree.

PERSPECTIVES OF ELLIPTICAL CRYPTOGRAPHY TO ENSURE THE INTEGRITY AND CONFIDENTIALITY OF INFORMATION

2019 ◽  
Author(s):  
Anna ILYENKO ◽  
Sergii ILYENKO ◽  
Yana MASUR
Keyword(s):  
Information Systems ◽  
Elliptic Curve ◽  
Elliptic Curves ◽  
Finite Fields ◽  
Computational Efficiency ◽  
Digital Signature ◽  
Discrete Logarithm ◽  
Algebraic Groups ◽  
Schnorr Signature ◽  
Stability Of Algorithms

In this article, the main problems underlying the current asymmetric crypto algorithms for the formation and verification of electronic-digital signature are considered: problems of factorization of large integers and problems of discrete logarithm. It is noted that for the second problem, it is possible to use algebraic groups of points other than finite fields. The group of points of the elliptical curve, which satisfies all set requirements, looked attractive on this side. Aspects of the application of elliptic curves in cryptography and the possibilities offered by these algebraic groups in terms of computational efficiency and crypto-stability of algorithms were also considered. Information systems using elliptic curves, the keys have a shorter length than the algorithms above the finite fields. Theoretical directions of improvement of procedure of formation and verification of electronic-digital signature with the possibility of ensuring the integrity and confidentiality of information were considered. The proposed method is based on the Schnorr signature algorithm, which allows data to be recovered directly from the signature itself, similarly to RSA-like signature systems, and the amount of recoverable information is variable depending on the information message. As a result, the length of the signature itself, which is equal to the sum of the length of the end field over which the elliptic curve is determined, and the artificial excess redundancy provided to the hidden message was achieved.

Sign in / Sign up

Export Citation Format

Share Document