Abstract
We consider the generation of prime-order elliptic curves (ECs) over a prime field \(\mathbb{F}_{p}\) using the Complex Multiplication (CM) method. A crucial step of this method is to compute the roots of a special type of class field polynomials with the most commonly used being the Hilbert and Weber ones. These polynomials are uniquely determined by the CM discriminant D. In this paper, we consider a variant of the CM method for constructing elliptic curves (ECs) of prime order using Weber polynomials. In attempting to construct prime-order ECs using Weber polynomials, two difficulties arise (in addition to the necessary transformations of the roots of such polynomials to those of their Hilbert counterparts). The first one is that the requirement of prime order necessitates that D≡3mod8), which gives Weber polynomials with degree three times larger than the degree of their corresponding Hilbert polynomials (a fact that could affect efficiency). The second difficulty is that these Weber polynomials do not have roots in \(\mathbb{F}_{p}\) .
In this work, we show how to overcome the above difficulties and provide efficient methods for generating ECs of prime order focusing on their support by a thorough experimental study. In particular, we show that such Weber polynomials have roots in the extension field \(\mathbb{F}_{p^{3}}\) and present a set of transformations for mapping roots of Weber polynomials in \(\mathbb{F}_{p^{3}}\) to roots of their corresponding Hilbert polynomials in \(\mathbb{F}_{p}\) . We also show how an alternative class of polynomials, with degree equal to their corresponding Hilbert counterparts (and hence having roots in \(\mathbb{F}_{p}\) ), can be used in the CM method to generate prime-order ECs. We conduct an extensive experimental study comparing the efficiency of using this alternative class against the use of the aforementioned Weber polynomials. Finally, we investigate the time efficiency of the CM variant under four different implementations of a crucial step of the variant and demonstrate the superiority of two of them.
Article PDF
Similar content being viewed by others
References
A.O.L. Atkin, F. Morain, Elliptic curves and primality proving. Math. Comput. 61, 29–67 (1993)
H. Baier, Elliptic curves of prime order over optimal extension fields for use in cryptography, in Progress in Cryptology—INDOCRYPT 2001. Lecture Notes in Computer Science, vol. 2247 (Springer, Berlin, 2001), pp. 99–107
H. Baier, Efficient algorithms for generating elliptic curves over finite fields suitable for use in cryptography. PhD Thesis, Dept. of Computer Science, Technical Univ. of Darmstadt, May 2002
H. Baier, J. Buchmann, Efficient construction of cryptographically strong elliptic curves, in Progress in Cryptology—INDOCRYPT 2000. Lecture Notes in Computer Science, vol. 1977 (Springer, Berlin, 2000), pp. 191–202
E.R. Berlekamp, Factoring polynomials over large finite fields. Math. Comput. 24, 713–735 (1970)
I. Blake, G. Seroussi, N. Smart, Elliptic Curves in Cryptography. London Mathematical Society Lecture Note Series, vol. 265 (Cambridge University Press, Cambridge, 1999)
D. Boneh, B. Lynn, H. Shacham, Short signatures from the Weil pairing, in ASIACRYPT 2001. Lecture Notes in Computer Science, vol. 2248 (Springer, Berlin, 2001), pp. 514–532
H. Cohen, A Course in Computational Algebraic Number Theory. Graduate Texts in Mathematics, vol. 138 (Springer, Berlin, 1993)
G. Cornacchia, Su di un metodo per la risoluzione in numeri interi dell’ equazione ∑ nh=0 C h x n−h y h=P. G. Mat. Battaglini 46, 33–90 (1908)
D.A. Cox, Primes of the Form x 2+ny 2 (Wiley, New York, 1989)
A. Enge, F. Morain, Comparing invariants for class fields of imaginary quadratic fields, in Algebraic Number Theory—ANTS V. Lecture Notes in Computer Science, vol. 2369 (Springer, Berlin, 2002), pp. 252–266
A. Enge, R. Schertz, Constructing elliptic curves from modular curves of positive genus. Preprint (2003)
A. Enge, R. Schertz, Modular curves of composite level. Acta Arith. 118(2), 129–141 (2005)
G. Frey, H.G. Rück, A remark concerning m-divisibility and the discrete logarithm problem in the divisor class group of curves. Math. Comput. 62, 865–874 (1994)
S. Galbraith, J. McKee, The probability that the number of points on an elliptic curve over a finite field is prime. J. Lond. Math. Soc. 62(3), 671–684 (2000)
GNU multiple precision library, edition 3.1.1, September 2000. Available at: http://www.swox.com/gmp
IEEE P1363/D13, Standard Specifications for Public-Key Cryptography, 1999. http://grouper.ieee.org/groups/1363/tradPK/draft.html
E. Kaltofen, N. Yui, Explicit construction of the Hilbert class fields of imaginary quadratic fields by integer lattice reduction. Research Report 89-13, Rensselaer Polytechnic Institute, May 1989
E. Kaltofen, T. Valente, N. Yui, An improved Las Vegas primality test, in Proc. ACM-SIGSAM 1989 International Symposium on Symbolic and Algebraic Computation (1989), pp. 26–33
E. Konstantinou, Y. Stamatiou, C. Zaroliagis, A software library for elliptic curve cryptography, in Proc. 10th European Symposium on Algorithms—ESA 2002 (Engineering and Applications Track). Lecture Notes in Computer Science, vol. 2461 (Springer, Berlin, 2002), pp. 625–637
E. Konstantinou, Y. Stamatiou, C. Zaroliagis, On the efficient generation of elliptic curves over prime fields, in Cryptographic Hardware and Embedded Systems—CHES 2002. Lecture Notes in Computer Science, vol. 2523 (Springer, Berlin, 2002), pp. 333–348
E. Konstantinou, Y.C. Stamatiou, C. Zaroliagis, On the construction of prime order elliptic curves, in Progress in Cryptology—INDOCRYPT 2003. Lecture Notes in Computer Science, vol. 2904 (Springer, Berlin, 2003), pp. 309–322
E. Konstantinou, A. Kontogeorgis, Y. Stamatiou, C. Zaroliagis, Generating prime order elliptic curves: difficulties and efficiency considerations, in International Conference on Information Security and Cryptology—ICISC 2004. Lecture Notes in Computer Science, vol. 3506 (Springer, Berlin, 2005), pp. 261–278
G.J. Lay, H. Zimmer, Constructing elliptic curves with given group order over large finite fields, in Algorithmic Number Theory—ANTS-I. Lecture Notes in Computer Science, vol. 877 (Springer, Berlin, 1994), pp. 250–263
LiDIA. A library for computational number theory. Technical University of Darmstadt. Available from http://www.informatik.tu-darmstadt.de/TI/LiDIA/Welcome.html
A.J. Menezes, T. Okamoto, S.A. Vanstone, Reducing elliptic curve logarithms to a finite field. IEEE Trans. Inf. Theory 39, 1639–1646 (1993)
A. Miyaji, M. Nakabayashi, S. Takano, Characterization of elliptic curve traces under FR-reduction, in International Conference on Information Security and Cryptology—ICISC 2000. Lecture Notes in Computer Science, vol. 2015 (Springer, Berlin, 2001), pp. 90–108
A. Miyaji, M. Nakabayashi, S. Takano, New explicit conditions of elliptic curve traces for FR-reduction. IEICE Trans. Fundam. E84-A(5), 1234–1243 (2001)
F. Morain, Modular curves and class invariants. Preprint, June 2000
F. Morain, Computing the cardinality of CM elliptic curves using torsion points. Preprint, October 2002
Y. Nogami, Y. Morikawa, Fast generation of elliptic curves with prime order over \(F_{p^{2^{c}}}\!\) , in Proc. of the International workshop on Coding and Cryptography, March 2003
G.C. Pohlig, M.E. Hellman, An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Trans. Inf. Theory 24, 106–110 (1978)
T. Satoh, K. Araki, Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves. Comment. Math. Univ. St. Pauli 47, 81–91 (1998)
E. Savaş, T.A. Schmidt, Ç.K. Koç, Generating elliptic curves of prime order, in Cryptographic Hardware and Embedded Systems—CHES 2001. Lecture Notes in Computer Science, vol. 2162 (Springer, Berlin, 2001), pp. 145–161
R. Schertz, Weber’s class invariants revisited. J. Théor. Nr. Bordx. 4, 325–343 (2002)
R. Schoof, Counting points on elliptic curves over finite fields. J. Théor. Nr. Bordx. 7, 219–254 (1995)
M. Scott, P.S.L.M. Barreto, Generating more MNT elliptic curves, Cryptology ePrint Archive, Report 2004/058 (2004)
J.H. Silverman, The Arithmetic of Elliptic Curves (Springer, Berlin, 1986). GTM 106
I. Stewart, Galois Theory, 3rd edn. (Chapman & Hall/CRC, Boca Raton, 2004)
I. Stewart, D. Tall, Algebraic Number Theory, 2nd edn. (Chapman & Hall, London, 1987)
T. Valente, A distributed approach to proving large numbers prime. Rensselaer Polytechnic Institute Troy, New York, PhD Thesis, August 1992
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Johannes Buchmann
This work was partially supported by the IST Programme of EU under contracts no. IST-2001-33116 (FLAGS), and by the Action IRAKLITOS (Fellowships for Research in the University of Patras) with matching funds from ESF (European Social Fund) and the Greek Ministry of Education.
Rights and permissions
About this article
Cite this article
Konstantinou, E., Kontogeorgis, A., Stamatiou, Y.C. et al. On the Efficient Generation of Prime-Order Elliptic Curves. J Cryptol 23, 477–503 (2010). https://doi.org/10.1007/s00145-009-9037-2
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-009-9037-2