Abstract
In many cryptographic applications it is necessary to generate elliptic curves (ECs) whose order possesses certain properties. The method that is usually employed for the generation of such ECs is the so-called Complex Multiplication method. This method requires the use of the roots of certain class field polynomials defined on a specific parameter called the discriminant. The most commonly used polynomials are the Hilbert and Weber ones. The former can be used to generate directly the EC, but they are characterized by high computational demands. The latter have usually much lower computational requirements, but they do not directly construct the desired EC. This can be achieved if transformations of their roots to the roots of the corresponding (generated by the same discriminant) Hilbert polynomials are provided. In this paper we present a variant of the Complex Multiplication method that generates ECs of cryptographically strong order. Our variant is based on the computation of Weber polynomials. We present in a simple and unifying manner a complete set of transformations of the roots of a Weber polynomial to the roots of its corresponding Hilbert polynomial for all values of the discriminant. In addition, we prove a theoretical estimate of the precision required for the computation of Weber polynomials for all values of the discriminant. We present an extensive experimental assessment of the computational efficiency of the Hilbert and Weber polynomials along with their precision requirements for various discriminant values and we compare them with the theoretical estimates. We further investigate the time efficiency of the new Complex Multiplication variant under different implementations of a crucial step of the variant. Our results can serve as useful guidelines to potential implementers of EC cryptosystems involving generation of ECs of a desirable order on resource limited hardware devices or in systems operating under strict timing response constraints.
Similar content being viewed by others
References
Argyroudis P.: NTRG ECC-LIB WINCE—a WinCE port of ECC-LIB, available at: http://www.ntrg.cs.tcd.ie/~argp/ software/ntrg-ecc-lib-wince.html (2004)
Atkin A.O.L. and Morain F. (1993). Elliptic curves and primality proving. Math. Comput. 61: 29–67
Baier, H. (2002). Efficient algorithms for generating elliptic curves over finite fields suitable for use in cryptography. PhD Thesis, Deptartment of Computer Science, Technical University of Darmstadt
Baier, H., Buchmann, J.: Efficient construction of cryptographically strong elliptic curves. In: Progress in Cryptology—INDOCRYPT 2000, LNCS, vol. 1977, pp. 191–202. Springer, Berlin Heidelberg New York (2000)
Berlekamp E.R. (1970). Factoring polynomials over large finite fields. Math Comput 24: 713–735
Blake I., Seroussi G. and Smart N. (1999). Elliptic curves in cryptography London Mathematical Society, Lecture Note Series 265. Cambridge University Press, Cambridge
Burton, D.: Elementary Number Theory, 4th edn. McGraw-Hill, New York (1998)
Cornacchia, G.: Su di un metodo per la risoluzione in numeri interi dell’ equazione \(\sum_{h=0}^{n} C_{h}x^{n-h}y^h = P\)Giornale di Matematiche di Battaglini 46, 33–90 (1908)
Enge, A., Morain, F.: Comparing invariants for class fields of imaginary quadratic fields. In: Algorithmic Number Theory—-ANTS-V. Lecture Notes in Computer Science, vol. 2369, pp. 252–266. Springer, Berlin Heidelberg New York (2002)
Enge, A., Schertz, R.: Constructing elliptic curves from modular curves of positive genus. (preprint 2003)
Frey G. and Rück H.G. (1994). A remark concerning m-divisibility and the discrete logarithm problem in the divisor class group of curves. Math Comput 62: 865–874
GNU multiple precision library, 3.1.1. edn. Available at: http://www.swox.com/gmp (2000)
Gura, N., Eberle, H., Shantz, S.C.: Generic implementations of elliptic curve cryptography using partial reduction. In: Proceedings of the 9th ACM Conference on Computer and Communications Security—CCS’02, pp. 108–116
Hankerson D., Menezes A. and Vanstone S. (2004). Guide to elliptic curve cryptography. Springer, Berlin Heidelberg New York
Herzberg, A., Jakobsson, M., Jarecki, S., Krawczyk, H., Yung, M.: Proactive public key and signature systems. In: Proceedings of the 4th ACM Conference on Computer and Communications Security—CCS’97, pp. 100–110
IEEE P1363/D13: Standard specifications for public-key cryptography, ballot draft. http://www.grouper.ieee.org/ groups/1363/tradPK/draft.html (1999)
Kaltofen, E., Yui, N.: Explicit construction of the Hilbert class fields of imaginary quadratic fields by integer lattice reduction. Research Report 89-13, Renseelaer Polytechnic Institute (1989)
Kaltofen, E., Valente, T., Yui, N.: An improved Las Vegas primality test. In: Proceedings of the ACM-SIGSAM 1989 International Symposium on Symbolic and Algebraic Computation, pp. 26–33 (1989)
Konstantinou, E., Stamatiou, Y., Zaroliagis, C.: A software library for elliptic curve cryptography. In: Proceedings of the 10th European Symposium on Algorithms—ESA 2002 (Engineering and Applications Track). Lecture Notes in Computer Science, vol. 2461, pp. 625–637. Springer, Berlin Heidelberg New York (2002)
Konstantinou, E., Stamatiou, Y., Zaroliagis, C.: On the efficient generation of elliptic curves over prime fields. In: Cryptographic hardware and embedded systems—CHES 2002. Lecture Notes in Computer Science, vol. 2523, pp. 333–348. Springer, Berlin Heidelberg New York (2002)
Konstantinou, E., Stamatiou, Y., Zaroliagis, C.: On the Use of Weber polynomials in elliptic curve cryptography. In: Public key infrastructure—EuroPKI 2004. Lecture Notes in Computer Science, vol. 3093, pp. 335–349. Springer, Berlin Heidelberg New York, (2003)
Lay, G.J., Zimmer, H.: Constructing elliptic curves with given group order over large finite fields. In: Algorithmic number theory—ANTS-I. Lecture Notes in Computer Science, vol. 877, pp. 250–263. Springer, Berlin Heidelberg New York (1994)
LiDIA: A library for computational number theory, Technical University of Darmstadt. Available from http://www. informatik.tu-darmstadt.de/TI/LiDIA/Welcome.html (2001)
Menezes A.J., Okamoto T. and Vanstone S.A. (1993). Reducing elliptic curve logarithms to a finite field. IEEE Trans. Info. Theory 39: 1639–1646
Müller, V., Paulus, S.: On the generation of cryptographically strong elliptic curves (preprint 1997)
Niven, I., Zuckerman, H.S., Montgomery, H.L.: An introduction to the theory of numbers, 5th edn. Wiley, New York (1991)
Pohlig G.C. and Hellman M.E. (1978). An improved algorithm for computing logarithms over gf(p) and its cryptographic significance. IEEE Trans. Info. Theory 24: 106–110
Satoh T. and Araki K. (1998). Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves. Comm. Math. Univ. Sancti Pauli 47: 81–91
Savas, E., Schmidt, T.A., Koc, C.K.: Generating elliptic curves of prime order. In: Cryptographic hardware and embedded systems—CHES 2001. Lecture Notes in Computer Science, vol. 2162, pp. 145–161. Springer, Berlin Heidelberg New York (2001)
Schertz R. (2002). Weber’s class invariants revisited. J. Théor. Nombres Bordeaux 14: 1
Semaev I.A. (1998). Evaluation of discrete logarithms on some elliptic curves. Math. Comput. 67: 353–356
Silverman J.H. (1986). The arithmetic of elliptic curves, GTM 106. Springer, Berlin Heidelberg New York
Smart N.P. (1999). The discrete logarithm problem on elliptic curves of trace one. J. Cryptogr. 12: 193–196
Spallek, A.-M.: Konstruktion einer elliptischen Kurve über einem endlichen Körper zu gegebener Punktegruppe. Master Thesis, Universität GH Essen (1992)
Valente, T.: A distributed approach to proving large numbers prime. Rensselaer Polytechnic Institute Troy, New York, Thesis (1992)
Washington L.C. (2003). Elliptic curves: number theory and cryptography. Chapman & Hall/CRC, Boca Raton
Weber, H.: Algebra III. Vieweg (1908)
Williams, P.: Available at: http://www.mindspring.com/~pate
Author information
Authors and Affiliations
Corresponding author
Additional information
This work was partially supported by the IST Programme of EC under contract no. IST-2001-33116 (FLAGS), and by the Action IRAKLITOS (Fellowships for Research in the University of Patras) with matching funds from ESF (European Social Fund) and the Greek Ministry of Education.
Rights and permissions
About this article
Cite this article
Konstantinou, E., Stamatiou, Y.C. & Zaroliagis, C. Efficient generation of secure elliptic curves. Int. J. Inf. Secur. 6, 47–63 (2007). https://doi.org/10.1007/s10207-006-0009-3
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-006-0009-3