Abstract
Many cryptographic protocols based on elliptic curves rely on the possibility of representing integer values or bit strings as elliptic curve points, or vice versa, in an invertible way. The most practical approach proposed to achieve this for an elliptic curve \(E/\mathbb{F}\/_q\) has been the use of (piecewise) algebraic maps \(f\colon \mathbb{F}\/_q\to E(\mathbb{F}\/_q)\) called (deterministic, constant-time) “encoding functions”, for which numerous constructions have been proposed in recent years, starting with the very simple encoding of Boneh and Franklin (CRYPTO 2001), which maps a value \(u\in\mathbb{F}\/_q\) to \(\big((u^2-b)^{1/3}, u\big)\) on the elliptic curve E : y 2 = x 3 + b over \(\mathbb{F}\/_q\), \(q\equiv2\bmod 3\). That encoding is almost a bijection between \(\mathbb{F}\/_q\) and \(E(\mathbb{F}\/_q)\), which makes it very convenient for security proofs, as well as for applications like covertness, but it is only defined for a very limited class of elliptic curves, all of them supersingular, and hence quite inefficient.
Since then, many other encoding functions have been proposed, and constructions are known for all elliptic curves. They fit into two broad families: Icart-like encodings, which are generalizations of the original Boneh–Franklin encoding starting with a construction due to Icart (CRYTPO 2009), and SWU-like encodings, related to the Shallue–van de Woestijne construction (ANTS 2006). So far, however, almost none of these numerous encodings has replicated the very useful bijectivity property of the Boneh–Franklin encoding.
In this paper, we focus on Icart-like encodings, and investigate the possibility of constructing such encodings \(f\colon \mathbb{F}\/_q\to E(\mathbb{F}\/_q)\) that are almost bijective like Boneh and Franklin’s, or achieve a weaker property like “almost surjectivity” (in the sense that \(\#f(\mathbb{F}\/_q) = q + o(q)\)). And we show that the lack of such constructions is no wonder: almost surjective Icart-like encoding cannot exist to non-supersingular elliptic curves.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Baek, J., Zheng, Y.: Identity-based threshold decryption. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 262–276. Springer, Heidelberg (2004)
Bernstein, D.J., Hamburg, M., Krasnova, A., Lange, T.: Elligator: Elliptic-curve points indistinguishable from uniform random strings. In: Gligor, V., Yung, M. (eds.) ACM CCS (2013)
Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the Gap-Diffie-Hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2002)
Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)
Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 416–432. Springer, Heidelberg (2003)
Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)
Boyen, X.: Multipurpose identity-based signcryption (a swiss army knife for identity-based cryptography). In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 383–399. Springer, Heidelberg (2003)
Boyko, V., MacKenzie, P.D., Patel, S.: Provably secure password-authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)
Brier, E., Coron, J.-S., Icart, T., Madore, D., Randriam, H., Tibouchi, M.: Efficient indifferentiable hashing into ordinary elliptic curves. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 237–254. Springer, Heidelberg (2010)
Cha, J.C., Cheon, J.H.: An identity-based signature from Gap Diffie-Hellman groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2003)
Chevallier-Mames, B.: An efficient CDH-based signature scheme with a tight security reduction. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 511–526. Springer, Heidelberg (2005)
Couveignes, J.M., Kammerer, J.-G.: The geometry of flex tangents to a cubic curve and its parameterizations. J. Symb. Comput. 47(3), 266–281 (2012)
Couveignes, J.-M., Lercier, R.: The geometry of some parameterizations and encodings. arXiv:1310.1013 (2013)
Farashahi, R.R.: Hashing into Hessian curves. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 278–289. Springer, Heidelberg (2011)
Farashahi, R.R., Fouque, P.-A., Shparlinski, I., Tibouchi, M., Voloch, J.F.: Indifferentiable deterministic hashing to elliptic and hyperelliptic curves. Math. Comp. 82(281), 491–512 (2013)
Farashahi, R.R., Shparlinski, I.E., Voloch, J.F.: On hashing into elliptic curves. J. Math. Cryptology 3, 353–360 (2010)
Fouque, P.-A., Joux, A., Tibouchi, M.: Injective encodings to elliptic curves. In: Boyd, C., Simpson, L. (eds.) ACISP 2013. LNCS, vol. 7959, pp. 203–218. Springer, Heidelberg (2013)
Fouque, P.-A., Tibouchi, M.: Deterministic encoding and hashing to odd hyperelliptic curves. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 265–277. Springer, Heidelberg (2010)
Fouque, P.-A., Tibouchi, M.: Estimating the size of the image of deterministic hash functions to elliptic curves. In: Abdalla, M., Barreto, P.S.L.M. (eds.) LATINCRYPT 2010. LNCS, vol. 6212, pp. 81–91. Springer, Heidelberg (2010)
Fouque, P.-A., Tibouchi, M.: Indifferentiable hashing to Barreto-Naehrig curves. In: Hevia, A., Neven, G. (eds.) LATINCRYPT 2012. LNCS, vol. 7533, pp. 1–17. Springer, Heidelberg (2012)
Fried, M.D.: Global construction of general exceptional covers. In: Mullen, G.L., Shiue, P.J. (eds.) Finite Fields: Theory, Applications, and Algorithms. Contemporary Mathematics, vol. 168, pp. 69–100. American Mathematical Society (1994)
Fried, M.D., Guralnick, R.M., Saxl, J.: Schur covers and Carlitz’s conjecture. Israel J. Math. 82, 157–225 (1993)
Gentry, C., Silverberg, A.: Hierarchical ID-based cryptography. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 548–566. Springer, Heidelberg (2002)
Guralnick, R.M.: Rational maps and images of rational points of curves over finite fields. Irish Math. Soc. Bull. 50, 71–95 (2003)
Guralnick, R.M., Tucker, T.J., Zieve, M.E.: Exceptional covers and bijections on rational points. Int. Math. Res. Not., Article ID 004, 19 pages (2007)
Guralnick, R.M., Wan, D.: Bounds for fixed point free elements in a transitive group and applications to curves over finite fields. Israel J. Math. 101, 255–287 (1997)
Horwitz, J., Lynn, B.: Toward hierarchical identity-based encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 466–481. Springer, Heidelberg (2002)
Icart, T.: How to hash into elliptic curves. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 303–316. Springer, Heidelberg (2009)
Jablon, D.P.: Strong password-only authenticated key exchange. SIGCOMM Comput. Commun. Rev. 26, 5–26 (1996)
Kammerer, J.-G., Lercier, R., Renault, G.: Encoding points on hyperelliptic curves over finite fields in deterministic polynomial time. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 278–297. Springer, Heidelberg (2010)
Kumar Murty, V., Scherk, J.: Effective versions of the Chebotarev density theorem for function fields. C. R. Acad. Sci. Paris 319, 523–528 (1994)
Libert, B., Quisquater, J.-J.: Efficient signcryption with key privacy from Gap Diffie-Hellman groups. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 187–200. Springer, Heidelberg (2004)
Menezes, A., Okamoto, T., Vanstone, S.A.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Transactions on Information Theory 39(5), 1639–1646 (1993)
Sato, H., Hakuta, K.: An efficient method of generating rational points on elliptic curves. J. Math.-for-Industry 1(A), 33–44 (2009)
Serre, J.-P.: On a theorem of Jordan. Bull. Amer. Math. Soc. 40(4), 429–440 (2003)
Shallue, A., van de Woestijne, C.E.: Construction of rational points on elliptic curves over finite fields. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 510–524. Springer, Heidelberg (2006)
Skałba, M.: Points on elliptic curves over finite fields. Acta Arith. 117, 293–301 (2005)
Tibouchi, M.: Hachage vers les courbes elliptiques et cryptanalyse de schémas RSA. PhD thesis, Univ. Paris 7 and Univ. Luxembourg (2011), Introduction in French, main matter in English
Tibouchi, M.: Indifferentiable deterministic hashing to elliptic and hyperelliptic curves. In: Batina, L., et al. (eds.) ECC 2013 (2013)
Tibouchi, M.: Elligator Squared: Uniform points on elliptic curves of prime order as uniform random strings. In: Christin, N., Safavi-Naini, R. (eds.) Financial Cryptography (to appear, 2014), http://eprint.iacr.org/2014/043
Ulas, M.: Rational points on certain hyperelliptic curves over finite fields. Bull. Pol. Acad. Sci. Math. 55(2), 97–104 (2007)
Zhang, F., Kim, K.: ID-based blind signature and ring signature from pairings. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 533–547. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Tibouchi, M. (2014). Impossibility of Surjective Icart-Like Encodings. In: Chow, S.S.M., Liu, J.K., Hui, L.C.K., Yiu, S.M. (eds) Provable Security. ProvSec 2014. Lecture Notes in Computer Science, vol 8782. Springer, Cham. https://doi.org/10.1007/978-3-319-12475-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-12475-9_3
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-12474-2
Online ISBN: 978-3-319-12475-9
eBook Packages: Computer ScienceComputer Science (R0)