Skip to main content
SpringerLink
Log in

The State of Elliptic Curve Cryptography

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

Since the introduction of public-key cryptography by Diffie and Hellman in 1976, the potential for the use of the discrete logarithm problem in public-key cryptosystems has been recognized. Although the discrete logarithm problem as first employed by Diffie and Hellman was defined explicitly as the problem of finding logarithms with respect to a generator in the multiplicative group of the integers modulo a prime, this idea can be extended to arbitrary groups and, in particular, to elliptic curve groups. The resulting public-key systems provide relatively small block size, high speed, and high security. This paper surveys the development of elliptic curve cryptosystems from their inception in 1985 by Koblitz and Miller to present day implementations.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. L. Adleman, J. DeMarrais and M. Huang, A subexponential algorithm for discrete logarithms over the rational subgroup of the jacobians of large genus hyperelliptic curves over finite fields, Algorithmic Number Theory, Lecture Notes in Computer Science, Springer-Verlag, 877 (1994) pp. 28–40.

  2. G. Agnew, R. Mullin, I. Onyszchuk and S. Vanstone, An implementation for a fast public-key cryptosystem, Journal of Cryptology, Vol. 3 (1991) pp. 63–79.

    Google Scholar 

  3. G. Agnew, R. Mullin and S. Vanstone, An implementation of elliptic curve cryptosystems over F 2 155, IEEE Journal on Selected Areas in Communications, Vol. 11 (1993) pp. 804–813.

    Google Scholar 

  4. D. Bailey C. Paar, Optimal extension fields for fast arithmetic in public-key algorithms, Advances in Cryptology-CRYPTO '98, Lecture Notes in Computer Science, Springer-Verlag, 1462 (1998) pp. 472–485.

  5. R. Balasubramanian and N. Koblitz, The improbability that an elliptic curve has subexponential discrete log problem under the Menezes-Okamoto-Vanstone algorithm, Journal of Cryptology, Vol. 11 (1998) pp. 141–145.

    Google Scholar 

  6. M. Blaze, W. Diffie, R. Rivest, B. Schneier, T. Shimomura, E. Thompson, and M. Wiener, Minimal key lengths for symmetric ciphers to provide adequate commercial security, January 1996, available from http://theory.lcs.mit.edu/»rivest/publications.html.

  7. D. Bleichenbacher, On the security of the KMOV public key cryptosystem, Advances in Cryptology-CRYPTO '97, Lecture Notes in Computer Science, Springer-Verlag, 1294 (1997) pp. 235–248.

  8. D. Boneh and R. Lipton, Algorithms for black-box fields and their applications to cryptography, Advances in Cryptology-CRYPTO '96, Lecture Notes in Computer Science, Springer-Verlag, 1109 (1996) pp. 283–297.

  9. J. Buchmann and H. Williams, A key-exchange system based on imaginary quadratic fields, Journal of Cryptology, Vol. 1 (1988) pp. 107–118.

    Google Scholar 

  10. L. Charlap and D. Robbins, An Elementary Introduction to Elliptic Curves, CRD Expository Report No. 31, Institute for Defense Analysis, Princeton (December 1988).

    Google Scholar 

  11. L. Charlap and D. Robbins, An Elementary Introduction to Elliptic Curves II, CRD Expository Report No. 34, Institute for Defense Analysis, Princeton (December 1988).

    Google Scholar 

  12. D. Coppersmith, Fast evaluation of logarithms in fields of characteristic two, IEEE Transactions on Information Theory, Vol. 30 (1984) pp. 587–594.

    Google Scholar 

  13. R. Crandall, Method and apparatus for public key exchange in a cryptographic system, U.S. patent number 5,159,632 (October 1992).

  14. W. Diffie and M. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, Vol. 22 (1976) pp. 644–654.

    Google Scholar 

  15. Y. Driencourt and J. Michon, Elliptic codes over a field of characteristic 2, Journal of Pure and Applied Algebra, Vol. 45 (1987) pp. 15–39.

    Google Scholar 

  16. T. ElGamal, A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Transactions on Information Theory, Vol. 31 (1985) pp. 469–472.

    Google Scholar 

  17. G. Frey and H. Rück, A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves, Mathematics of Computation, Vol. 62 (1994) pp. 865–874.

    Google Scholar 

  18. R. Gallant, R. Lambert and S. Vanstone, Improving the parallelized Pollard lambda search on binary anomalous curves, to appear in Mathematics of Computation.

  19. G. van der Geer, Codes and elliptic curves, Effective Methods in Algebraic Geometry, Birkhäuser (1991) pp. 159–168.

  20. S. Goldwasser and J. Kilian, Almost all primes can be quickly certified, Proceedings of the Eighteenth Annual ACM Symposium on Theory of Computing, (1986) pp. 316–329

  21. D. Gordon, Discrete logarithms in GF(p) using the number field sieve, SIAM Journal on Discrete Mathematics, Vol. 6 (1993) pp. 124–138.

    Google Scholar 

  22. J. Guajardo and C. Paar, Efficient algorithms for elliptic curve cryptosystems, Advances in Cryptology-CRYPTO '97, Lecture Notes in Computer Science, Springer-Verlag, 1294 (1997) pp. 342–356.

  23. G. Harper, A. Menezes and S. Vanstone, Public-key cryptosystems with very small key lengths, Advances in Cryptology-EUROCRYPT '92, Lecture Notes in Computer Science, Springer-Verlag, 658 (1993) pp. 163–173.

  24. P. Ivey, S. Walker, J. Stern and S. Davidson, An ultra-high speed public key encryption processor, Proceedings of IEEE Custom Integrated Circuits Conference, Boston (1992) 19.6.1–19.6.4.

  25. M. Jacobson, N. Koblitz, J. Silverman, A. Stein and E. Teske, Analysis of the xedni calculus attack, to appear in Designs, Codes and Cryptography.

  26. B. Kaliski, A pseudorandom bit generator based on elliptic logarithms, Advances in Cryptology-CRYPTO '86, Lecture Notes in Computer Science, Springer-Verlag, 293 (1987) pp. 84–103.

  27. B. Kaliski, One-way permutations on elliptic curves, Journal of Cryptology, Vol. 3 (1991) pp. 187–199.

    Google Scholar 

  28. B. Kaliski, A chosen message attack on Demytko's elliptic curve cryptosystem, Journal of Cryptology, Vol. 10 (1997) pp. 71–72.

    Google Scholar 

  29. N. Koblitz, Elliptic curve cryptosystems, Mathematics of Computation, Vol. 48 (1987) pp. 203–209.

    Google Scholar 

  30. N. Koblitz, Primality of the number of points on an elliptic curve over a finite field, Pacific Journal of Mathematics, Vol. 131 (1988) pp. 157–165.

    Google Scholar 

  31. N. Koblitz, Hyperelliptic cryptosystems, Journal of Cryptology, Vol. 1 (1989) pp. 139–150.

    Google Scholar 

  32. N. Koblitz, Constructing elliptic curve cryptosystems in characteristic 2, Advances in Cryptology-CRYPTO '90, Lecture Notes in Computer Science, Springer-Verlag, 537 (1991) pp. 156–167.

  33. N. Koblitz, Elliptic curve implementation of zero-knowledge blobs, Journal of Cryptology, Vol. 4 (1991) pp. 207–213.

    Google Scholar 

  34. N. Koblitz, CM-curves with good cryptographic properties, Advances in Cryptology-CRYPTO'91, Lecture Notes in Computer Science, Springer-Verlag, 576 (1992) pp. 279–287.

  35. N. Koblitz, Introduction to Elliptic Curves and Modular Forms, 2nd edition, Springer-Verlag (1993).

  36. N. Koblitz, A Course in Number Theory and Cryptography, 2nd edition, Springer-Verlag (1994).

  37. N. Koblitz, Algebraic Aspects of Cryptography, Springer-Verlag (1998).

  38. K. Koyama, U. Maurer, T. Okamoto and S. Vanstone, New public-key schemes based on elliptic curves over the ring Z n, Advances in Cryptology-CRYPTO '91, Lecture Notes in Computer Science, Springer-Verlag, 576 (1993) pp. 252–266.

  39. K. Kurosawa, K. Okada and S. Tsujii, Low exponent attack against elliptic curve RSA, Advances in Cryptology-ASIACRYPT '94, Lecture Notes in Computer Science, Springer-Verlag, 917 (1995) pp. 376–383.

  40. G. Lay and H. Zimmer, Constructing elliptic curves with given group order over large finite fields, Algorithmic Number Theory, Lecture Notes in Computer Science, Springer-Verlag, 877 (1994) pp. 250–263.

  41. H. W. Lenstra, Factoring integers with elliptic curves, Annals of Mathematics, Vol. 126 (1987) pp. 649–673.

    Google Scholar 

  42. R. Lercier, Computing isogenies in F2 n, Algorithmic Number Theory, Proceedings Second Intern. Symp., ANTS-II, (Henri Cohen, ed.), Lecture Notes in Computer Science, Springer-Verlag, 1122 (1996) pp. 197–212.

  43. R. Lercier, Finding good random elliptic curves for cryptosystems defined F2 n, Advances in Cryptology-EUROCRYPT '97, Lecture Notes in Computer Science, Springer-Verlag, 1233 (1997) pp. 379–392.

  44. R. Lercier and F. Morain, Counting the number of points on elliptic curves over finite fields: strategies and performances, Advances in Cryptology-EUROCRYPT '95, Lecture Notes in Computer Science, Springer-Verlag, 921 (1995) pp. 79–94.

  45. B. Mazur, Modular curves and the Eisenstein ideal, Inst. Hautes Études Sci. Publ. Math., Vol. 47 (1977) pp. 33–186.

    Google Scholar 

  46. K. McCurley, A key distribution system equivalent to factoring, Journal of Cryptology, Vol. 1 (1988) pp. 95–105.

    Google Scholar 

  47. W. Meier and O. Staffelbach, Efficient multiplication on certain nonsupersingular elliptic curves, Advances in Cryptology-CRYPTO '92, Lecture Notes in Computer Science, Springer-Verlag, 740 (1993) pp. 333–344.

  48. A. Menezes, it Elliptic Curve Public Key Cryptosystems, Kluwer Academic Publishers, Boston (1993).

    Google Scholar 

  49. A. Menezes, T. Okamoto and S. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field, IEEE Transactions on Information Theory, Vol. 39 (1993) pp. 1639–1646.

    Google Scholar 

  50. A. Menezes and S. Vanstone, Elliptic curve cryptosystems and their implementation, Journal of Cryptology, Vol. 6 (1993) pp. 209–224.

    Google Scholar 

  51. J. F. Mestre, Formules explicites et minoration de conducteurs de variétés algébriques, Compositio Math., Vol. 58 (1986) pp. 209–232.

    Google Scholar 

  52. V. Miller, Uses of elliptic curves in cryptography, Advances in Cryptology-CRYPTO '85, Lecture Notes in Computer Science, Springer-Verlag, 218 (1986) pp. 417–426.

  53. F. Morain, Building cyclic elliptic curves modulo large primes, Advances in Cryptology-EUROCRYPT '91, Lecture Notes in Computer Science, Springer-Verlag, 547 (1991) pp. 328–336.

  54. V. Müller, S. Vanstone and R. Zuccherato, Discrete logarithm based cryptosystems in quadratic function fields of characteristic 2, Designs, Codes and Cryptography, Vol. 14 (1998) pp. 159–178.

    Google Scholar 

  55. R. Mullin, I. Onyszchuk, S. Vanstone and R. Wilson, Optimal normal bases in GF(p n), Discrete Applied Mathematics, Vol. 22 (1988/89) pp. 149–161.

    Google Scholar 

  56. National Institute for Standards and Technology, Digital signature standard, FIPS Publication 186 (1993).

  57. National Institute for Standards and Technology, Secure hash standard, FIPS Publication 180–1 (1995).

  58. A. Odlyzko, The future of integer factorization, CryptoBytes-The Technical Newsletter of RSA Laboratories, Vol. 1, No. 2 (Summer 1995) pp. 5–12.

    Google Scholar 

  59. P. van Oorschot and M. Wiener, Parallel collision search with application to hash functions and discrete logarithms, Proceedings of the 2nd ACM Conference on Computer and Communications Security, Fairfax, Virginia (2–4 November 1994) pp. 210–218.

  60. P. van Oorschot and M. Wiener, Parallel collision search with cryptanalytic applications, Journal of Cryptology, Vol. 12 (1999) pp. 1–28.

    Google Scholar 

  61. R. Pinch, Extending the Wiener attack to RSA-type cryptosystems, Electronics Letters, Vol. 31 (1995) pp. 1736–1738.

    Google Scholar 

  62. S. Pohlig and M. Hellman, An improved algorithm for computing logarithms over GF(p) and its cryptographic significance, IEEE Transactions on Information Theory, Vol. 24 (1978) pp. 106–110.

    Google Scholar 

  63. J. Pollard, Monte Carlo methods for index computation mod p, Mathematics of Computation, Vol. 32 (1978) pp. 918–924.

    Google Scholar 

  64. T. Satoh and K. Araki, Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves, Commentarii Mathematici Universitatis Sancti Pauli, Vol. 47 (1998) pp. 81–92.

    Google Scholar 

  65. R. Scheidler, J. Buchmann and H. Williams, A key-exchange protocol using real quadratic fields, Journal of Cryptology, Vol. 7 (1994) pp. 171–199.

    Google Scholar 

  66. R. Scheidler, A. Stein and H. Williams, Key-exchange in real quadratic congruence function fields, Designs, Codes and Cryptography, Vol. 7 (1996) pp. 153–174.

    Google Scholar 

  67. O. Schirokauer, Discrete logarithms and local units, Philosophical Transactions of the Royal Society of London A, Vol. 345 (1993) pp. 409–423.

    Google Scholar 

  68. C. Schnorr, Efficient signature generation by smart cards, Journal of Cryptology, Vol. 4 (1991) pp. 161–174.

    Google Scholar 

  69. R. Schoof, Elliptic curves over finite fields and the computation of square roots mod p, Mathematics of Computation, Vol. 44 (1985) pp. 483–494.

    Google Scholar 

  70. R. Schoof, Nonsingular plane cubic curves, Journal of Combinatorial Theory, Series A, Vol. 46 (1987) pp. 183–211.

    Google Scholar 

  71. R. Schroeppel, H. Orman, S. O'Malley and O. Spatscheck, Fast key exchange with elliptic curve systems, Advances in Cryptology-CRYPTO '95, Lecture Notes in Computer Science, Springer-Verlag, 963 (1995) pp. 43–56.

  72. I. Semaev, Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p, Mathematics of Computation, Vol. 67 (1998) pp. 353–356.

    Google Scholar 

  73. J. Silverman, The Arithmetic of Elliptic Curves, Springer-Verlag, New York (1986).

    Google Scholar 

  74. J. Silverman, Advanced Topics in the Arithmetic of Elliptic Curves, Springer-Verlag, New York (1994).

    Google Scholar 

  75. J. Silverman, The xedni calculus and the elliptic curve discrete logarithm problem, to appear in it Designs, Codes and Cryptography.

  76. J. Silverman and J. Suzuki, Elliptic curve discrete logarithms and the index calculus, to appear in Advances in Cryptology-ASIACRYPT '98, Lecture Notes in Computer Science, Springer-Verlag (1998).

  77. N. Smart, The discrete logarithm problem on elliptic curves of trace one, to appear in Journal of Cryptology.

  78. J. Solinas, An improved algorithm for arithmetic on a family of elliptic curves, Advances in Cryptology-CRYPTO '97, Lecture Notes in Computer Science, Springer-Verlag, 1294 (1997) pp. 357–371.

  79. A. Stein, Equivalences between elliptic curves and real quadratic congruence function fields, Journal de Théorie des Nombres de Bordeaux, Vol. 9 (1997) pp. 75–95.

    Google Scholar 

  80. A. Stein, V. Müller and C. Thiel, Computing discrete logarithms in real quadratic congruence function fields of large genus, Mathematics of Computation, Vol. 68 (1999) pp. 807–822.

    Google Scholar 

  81. W. Waterhouse, Abelian varieties over finite fields, Ann. Sci. École Norm. Sup., 4e série, Vol. 2 (1969) pp. 521–560.

    Google Scholar 

  82. M. Wiener and R. Zuccherato, Fast attacks on elliptic curve cryptosystems," to appear in Fifth Annual Workshop on Selected Areas in Cryptography-SAC '98, Lecture Notes in Computer Science, Springer-Verlag (1999).

  83. E. DeWin, A. Bosselaers, S. Vandenberghe, P. De Gersem and J. Vandewalle, A fast software implementation for arithmetic operations inGF(2n), Advances in Cryptology-ASIACRYPT'96, Lecture Notes in Computer Science, Springer-Verlag, 1163 (1996) pp. 65–76.

  84. E. De Win, S. Mister, B. Preneel and M. Wiener, On the performance of signature schemes based on elliptic curves, Algorithmic Number Theory, Proceedings Third Intern. Symp., ANTS-III (J. P. Buhler, ed.), Lecture Notes in Computer Science, Springer-Verlag, 1423 (1998) pp. 252–266.

  85. R. Zuccherato, The equivalence between elliptic curve and quadratic function field discrete logarithms in characteristic 2, Algorithmic Number Theory, Proceedings Third Intern. Symp., ANTS-III (J. P. Buhler, ed.), Lecture Notes in Computer Science, Springer-Verlag, 1423 (1998) pp. 621–638.

Download references

Author information

Authors and Affiliations

  1. Dept. of Mathematics, University of Washington, Box 354350, Seattle, WA, 98195, USA

    Neal Koblitz

  2. Dept. of C&O, University of Waterloo, Waterloo, Ontario, Canada, N2L 3G1

    Alfred Menezes & Scott Vanstone

Authors
  1. Neal Koblitz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alfred Menezes
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Scott Vanstone
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

About this article

Cite this article

Koblitz, N., Menezes, A. & Vanstone, S. The State of Elliptic Curve Cryptography. Designs, Codes and Cryptography 19, 173–193 (2000). https://doi.org/10.1023/A:1008354106356

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1023/A:1008354106356

Search

Navigation