Abstract
For pairing based cryptography we need elliptic curves defined over finite fields \(\mathbb{F}_{q}\) whose group order is divisible by some prime \(\ell\) with \(\ell | q^{k-1}\) where k is relatively small. In Barreto et al. and Dupont et al. [Proceedings of the Third Workshop on Security in Communication Networks (SCN 2002), LNCS, 2576, 2003; Building curves with arbitrary small Mov degree over finite fields, Preprint, 2002], algorithms for the construction of ordinary elliptic curves over prime fields \(\mathbb{F}_{p}\) with arbitrary embedding degree k are given. Unfortunately, p is of size \(O(\ell^{2})\).
We give a method to generate ordinary elliptic curves over prime fields with p significantly less than \(\ell^{2}\) which also works for arbitrary k. For a fixed embedding degree k, the new algorithm yields curves with \(p \approx \ell^{s}\) where \(s = 2 - 2/\varphi(k)\) or \(s = 2 - 1/\varphi(k)\) depending on k. For special values of k even better results are obtained.
We present several examples. In particular, we found some curves where \(\ell\) is a prime of small Hamming weight resp. with a small addition chain.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Reference
A.O.L. Atkin F. Morain (1993) ArticleTitleElliptic curves and primality proving Mathematics of Computation 61 29–68
R. Balasubramanian N. Koblitz (1998) ArticleTitleThe improbability that an elliptic curve has subexponential discrete log problem under the Menezes-Okamoto-Vanstone algorithm Journal of Cryptology 11 IssueID2 141–145 Occurrence Handle10.1007/s001459900040
Barreto P., Lynn B., Scott M., (2003) Constructing elliptic curves with prescribed embedding degrees. Proceedings of the Third Workshop on Security in Communication Networks (SCN’2002), LNCS 2576.
P.S.L.M. Barreto H.Y. Kim B. Lynn P. Scott (2002) ArticleTitleEfficient algorithms for pairing based cryptosystems Crypto 2002, LNCS 2442 354–368
D. Boneh B. Lynn H. Shacham (2001) ArticleTitleShort signatures from the Weil pairing Asiacrypt ’01, LNCS 2248 514–532
Dupont R., Enge A., and Morain F., Building curves with arbitrary small MOV degree over finite fields. to appear in Journal of Cryptography 2002.
M. Franklin D. Boneh (2001) ArticleTitleIdentity-based encryption from the Weil pairing Proceedings Crypto ’01, LNCS 2139 213–229
G. Frey M. Müller H.-G. Rück (1999) ArticleTitleThe Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems IEEE Transactions on Information Theory 45 IssueID5 1717–1718 Occurrence Handle10.1109/18.771254
S. Galbraith K. Harrison D. Soldera (2002) ArticleTitleImplementing the Tate pairing ANTS IV, LNCS 2369 324–337
A. Joux (2000) ArticleTitleA one round protocol for tripartite Diffie-Hellman Proceedings of ANTS, LNCS 1838 385–393
A.J. Menezes T. Okamoto S.A. Vanstone (1993) ArticleTitleReducing elliptic curve logarithms to logarithms in a finite field IEEE Transactions on Information Theory 39 IssueID5 1639–1646 Occurrence Handle10.1109/18.259647
E. Verheul (2002) ArticleTitleSelf-blindable credential certificates from the Weil pairing Advances in Cryptology – Asiacrypt 2001, LNCS 2248 533–551
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by: A. Menezes
AMS classification: 14H52, 14G50
Rights and permissions
About this article
Cite this article
Brezing, F., Weng, A. Elliptic Curves Suitable for Pairing Based Cryptography. Des Codes Crypt 37, 133–141 (2005). https://doi.org/10.1007/s10623-004-3808-4
Received:
Revised:
Accepted:
Issue Date:
DOI: https://doi.org/10.1007/s10623-004-3808-4