article

The $$\mathbb {Q}$$Q-curve Construction for Endomorphism-Accelerated Elliptic Curves

Author:

Benjamin SmithAuthors Info & Claims

Journal of Cryptology, Volume 29, Issue 4

Pages 806 - 832

https://doi.org/10.1007/s00145-015-9210-8

Published: 01 October 2016 Publication History

Abstract

We give a detailed account of the use of $$\mathbb {Q}$$Q-curve reductions to construct elliptic curves over $$\mathbb {F}_{p^2}$$Fp2 with efficiently computable endomorphisms, which can be used to accelerate elliptic curve-based cryptosystems in the same way as Gallant---Lambert---Vanstone (GLV) and Galbraith---Lin---Scott (GLS) endomorphisms. Like GLS (which is a degenerate case of our construction), we offer the advantage over GLV of selecting from a much wider range of curves and thus finding secure group orders when $$p$$p is fixed for efficient implementation. Unlike GLS, we also offer the possibility of constructing twist-secure curves. We construct several one-parameter families of elliptic curves over $$\mathbb {F}_{p^2}$$Fp2 equipped with efficient endomorphisms for every $$p > 3$$p>3, and exhibit examples of twist-secure curves over $$\mathbb {F}_{p^2}$$Fp2 for the efficient Mersenne prime $$p = 2^{127}-1$$p=2127-1.

References

[1]

L. Babai, On Lovasz' lattice reduction and the nearest lattice point problem. Combinatorica 6, 1---13 (1986)

Digital Library

[2]

D.J. Bernstein, Curve25519: newDiffie-Hellman speed records, in PKC2006, LNCS, vol. 3958 (Springer, Berlin, 2006), pp. 207---228

Digital Library

[3]

D.J. Bernstein, P. Birkner, M. Joye, T. Lange, C. Peters, Twisted Edwards curves, in AFRICACRYPT 2008, LNCS, vol. 5023 (Springer, Berlin, 2008), pp. 389---405

Digital Library

[4]

J.W. Bos, C. Costello, H. Hisil, K. Lauter, Fast cryptography in genus 2, in EUROCRYPT 2013, LNCS, vol. 7881 (Springer, Berlin, 2013), pp. 194---210

[5]

C. Boyd, P. Montague, K. Nguyen, Elliptic curve based passworth authenticated key exchange protocols, in ACISP 2001, LNCS, vol. 2119 (Springer, Berlin, 2001), pp. 487---501

Digital Library

[6]

W. Bosma, J.J. Cannon, C. Fieker, A. Steel, (eds.), Handbook of Magma functions. Edition 2.19 (2013)

[7]

O. Chevassut, P.-A. Fouque, P. Gaudry, D. Pointcheval, The twist-augmented technique for key exchange, in PKC 2006, LNCS, vol. 3958 (Springer, Berlin, 2006), pp. 410---426

Digital Library

[8]

H. Cohen, G. Frey (eds.), Handbook of Elliptic and Hyperelliptic Curve Cryptography (Chapman & Hall/CRC, 2006)

Digital Library

[9]

C. Costello, H. Hisil, B. Smith, Faster compact Diffie---Hellman: endomorphisms on the x-line, in EUROCRYPT 2014, LNCS, vol. 8441 (Springer, Berlin, 2014), pp. 183---200

[10]

C. Doche, T. Icart, D.R. Kohel, Efficient scalar multiplication by isogeny decompositions, in PKC 2006, LNCS, vol. 3958 (Springer, Berlin, 2006), pp. 191---206

Digital Library

[11]

N.D. Elkies, On elliptic k-curves. in Modular Curves and Abelian Varieties, eds. by J. Cremona, J.-C. Lario, J. Quer, K. Ribet (Birkhäuser, Basel, 2004), pp. 81---92

[12]

J.S. Ellenberg, in $$\mathbb{Q}$$Q-curves and Galois representations. in Modular Curves and Abelian Varieties, eds. by J. Cremona, J.-C. Lario, J. Quer, K. Ribet, (Birkhäuser, Basel, 2004), pp. 93---103

[13]

P.-A. Fouque, R. Lercier, D. Réal, F. Valette, Fault attack on elliptic curve with Montgomery ladder, in FTDC '08 (IEEE-CS, 2008), pp. 92---98

Digital Library

[14]

G. Frey, M. Müller, H.-G. Rück, The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems. IEEE Trans. Inform. Theory 45(5), 1717---1719, (1999)

Digital Library

[15]

S.D. Galbraith, Mathematics of public key cryptography. (Cambridge University Press, 2012)

Digital Library

[16]

S.D. Galbraith, X. Lin, M. Scott, Endomorphisms for faster elliptic curve cryptography on a large class of curves. J. Crypt. 24(3), 446---469 (2011)

Digital Library

[17]

R.P. Gallant, R.J. Lambert, S.A. Vanstone, Faster point multiplication on elliptic curves with efficient endomorphisms, in CRYPTO 2001, LNCS, vol. 2139 (Springer, Berlin, 2001), pp. 190---200

Digital Library

[18]

J. González, Isogenies of polyquadratic $${\mathbb{Q}}$$Q-curves to their Galois conjugates. Arch. Math. 77, 383---390 (2001)

[19]

A. Guillevic, S. Ionica, Four-dimensional GLV via the Weil restriction, in ASIACRYPT 2013, LNCS, vol. 8269 (Springer, Berlin, 2013), pp. 79---96

Digital Library

[20]

Y. Hasegawa, $$\mathbb{Q}$$Q-curves over quadratic fields. Manuscripta Math. 94(1), 347---364 (1997)

[21]

H. Hisil, K. Wong, G. Carter, E. Dawson, Twisted Edwards curves revisited, in ASIACRYPT 2008, LNCS, vol. 5350 (Springer, Berlin, 2008), pp. 326---343

Digital Library

[22]

M. Kaib, The Gauss lattice basis reduction succeeds with any norm, in FCT'91, LNCS, vol. 529 (Springer, Berlin, 1991), pp. 275---286

Digital Library

[23]

B.S. Kaliski, Jr., A pseudo-random bit generator based on elliptic logarithms, in CRYPTO 1986, LNCS, vol. 263 (Springer, Berlin, 1987), pp. 84---103

Digital Library

[24]

B.S. Kaliski Jr, One-way permutations on elliptic curves. J. Cryptology 3, 187---199 (1991)

Digital Library

[25]

D.R. Kohel, Echidna databases for elliptic curves and higher dimensional analogues. http://echidna.maths.usyd.edu.au/kohel/dbs/

[26]

D.R. Kohel, Endomorphism rings of elliptic curves over finite fields. Ph. D. thesis (University of California at Berkeley 1996)

[27]

D.R. Kohel, B. Smith, Efficiently computable endomorphisms for hyperelliptic curves, in ANTS-VII, LNCS, vol. 4076 (Springer, Berlin, 2006), pp. 495---509

Digital Library

[28]

T. Lange, Efficient arithmetic on hyperelliptic curves. Ph. D. thesis (Universität-Gesamthochschule Essen 2001)

[29]

P. Longa, F. Sica, Four-dimensional Gallant-Lambert-Vanstone scalar multiplication, in ASIACRYPT 2012, LNCS, vol. 7658 (Springer, Berlin, 2012), pp. 718---739. Full version: http://eprint.iacr.org/2011/608

Digital Library

[30]

B. Möller, A public-key encryption scheme with pseudo-random ciphertexts, in ESORICS 2004, LNCS, vol. 3193 (Springer, Berlin, 2004), pp. 335---351

[31]

P.L. Montgomery, Speeding the Pollard and Elliptic Curve Methods of factorization. Math. Comp. 48(177), 243---264 (1987)

[32]

A. Menezes, T. Okamoto, S.A. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Inform. Theory 39(5), 1639---1646 (1993)

Digital Library

[33]

K. Okeya, H. Kurumatani, K. Sakurai, Elliptic curves with the Montgomery-form and their cryptographic applications. in PKC 2000, LNCS, vol. 1751 (Springer, Berlin, 2000), pp. 238---257

Digital Library

[34]

G.C. Pohlig, M.E. Hellman, An improved algorithm for computing logarithms over $$GF(p)$$GF(p) and its cryptographic significance. IEEE Trans. Info. Theory 24, 106---110 (1978)

Digital Library

[35]

J. Quer, Fields of definition of $${\mathbb{Q}}$$Q-curves. J. Théor. Nombres Bordeaux 13(1), 275---285 (2001)

[36]

J. Quer, $$\mathbb{Q}$$Q-curves and abelian varieties of $${\rm GL}_2$$GL2-type Proc. London Math. Soc. 81(2), 285---317 (2000)

[37]

R. Schoof, Elliptic curves over finite fields and the computation of square roots mod $$p$$p. Math. Comp. 44, 735---763 (1985)

[38]

V. Shoup et al., Number Theory Library. http://www.shoup.net/ntl/

[39]

I.E. Shparlinski, D. Sutantyo, Distribution of elliptic twin primes in isogeny and isomorphism classes. J. Number Theory 137, 1---15 (2014)

[40]

F. Sica, M. Ciet, J.J. Quisquater, Analysis of the Gallant-Lambert-Vanstone method based on efficient endomorphisms: elliptic and hyperelliptic curves, in SAC 2002, LNCS, vol. 2595 (Springer, Berlin, 2003), pp. 21---36

Digital Library

[41]

N. Smart, Elliptic curve cryptosystems over small fields of odd characteristic. J. Crypt. 12, 141---151 (1999)

Digital Library

[42]

B. Smith, Easy scalar decompositions for efficient scalar multiplication on elliptic curves and genus 2 Jacobians, in Algorithmic arithmetic, geometry, and coding theory, contemporary mathematics, vol. 637 (Amer. Math. Soc., Providence, RI, 2015), pp. 127---141.

[43]

B. Smith, Families of fast elliptic curves from $${\mathbb{Q}}$$Q-curves, in ASIACRYPT 2013, LNCS, vol. 8269 (Springer, Berlin, 2013), pp. 61---78

Digital Library

[44]

W.A. Stein et al., Sage mathematics software (The Sage development team, 2015). http://www.sagemath.org

[45]

H.M. Stark, Class numbers of complex quadratic fields, in Modular functions of one variable I. Lecture Notes in Math. vol. 320, (1973), pp. 153---174

[46]

E.G. Straus, Addition chains of vectors. Amer. Math. Monthly 71(7), 806---808 (1964)

[47]

K. Takashima, A new type of fast endomorphisms on Jacobians of hyperelliptic curves and their cryptographic application. IEICE Trans. Fundamentals E89-A(1), 124---133 (2006)

Digital Library

[48]

The Magma computational algebra system. http://magma.maths.usyd.edu.au

[49]

J. Vélu, Isogénies entre courbes elliptiques. C. R. Math. Acad. Sci. Paris 273, 238---241 (1971)

[50]

Z. Zhou, Z. Hu, M. Xu, W. Song, Efficient 3-dimensional GLV method for faster point multiplication on some GLS elliptic curves. Inf. Proc. Lett. 110(22), 1003---1006 (2010)

Digital Library

[51]

H.J. Zhu, Group structures of elementary supersingular abelian varieties over finite fields. J. Number Theory 81, 292---309 (2000)

Cited By

Li XYu WZhu YPan Z(2022)Efficiently Computable Complex Multiplication of Elliptic CurvesInformation Security and Cryptology10.1007/978-3-031-26553-2_16(305-317)Online publication date: 11-Dec-2022
https://dl.acm.org/doi/10.1007/978-3-031-26553-2_16
Costello CLonga P(2015)Four$$\mathbb {Q}$$Proceedings, Part I, of the 21st International Conference on Advances in Cryptology -- ASIACRYPT 2015 - Volume 945210.1007/978-3-662-48797-6_10(214-235)Online publication date: 29-Nov-2015
https://dl.acm.org/doi/10.1007/978-3-662-48797-6_10

Index Terms

The $$\mathbb {Q}$$Q-curve Construction for Endomorphism-Accelerated Elliptic Curves
1. Theory of computation
  1. Design and analysis of algorithms
  2. Randomness, geometry and discrete structures

Index terms have been assigned to the content through auto-classification.

Recommendations

Families of Fast Elliptic Curves from ℚ-curves
Part I of the Proceedings of the 19th International Conference on Advances in Cryptology - ASIACRYPT 2013 - Volume 8269

We construct new families of elliptic curves over $\mathbb{F}_{p^2}$ with efficiently computable endomorphisms, which can be used to accelerate elliptic curve-based cryptosystems in the same way as Gallant---Lambert---Vanstone GLV and Galbraith---Lin---Scott GLS ...
New Frobenius expansions for elliptic curves with efficient endomorphisms
ICISC'02: Proceedings of the 5th international conference on Information security and cryptology

The Frobenius expansion is a method to speed up scalar multiplication on elliptic curves. Nigel Smart gave a Frobenius expansion method for elliptic curves defined over odd prime fields. Gallant, Lambert and Vanstone suggested that efficiently ...
Optimizing Elliptic Curve Scalar Multiplication with Near-Factorization
ICETE 2014: Proceedings of the 11th International Joint Conference on e-Business and Telecommunications - Volume 4

Elliptic curve scalar multiplication ( [k]P where k is an integer and P is a point on the elliptic curve) is widely used in encryption and signature generation. In this paper, we explore a factorization-based approach called Near-Factorization that can ...

Comments

Information & Contributors

Information

Published In

cover image Journal of Cryptology

Journal of Cryptology Volume 29, Issue 4

October 2016

295 pages

ISSN:0933-2790

Issue’s Table of Contents

Copyright © Copyright © 2016 International Association for Cryptologic Research.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 01 October 2016

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 15 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Li XYu WZhu YPan Z(2022)Efficiently Computable Complex Multiplication of Elliptic CurvesInformation Security and Cryptology10.1007/978-3-031-26553-2_16(305-317)Online publication date: 11-Dec-2022
https://dl.acm.org/doi/10.1007/978-3-031-26553-2_16
Costello CLonga P(2015)Four$$\mathbb {Q}$$Proceedings, Part I, of the 21st International Conference on Advances in Cryptology -- ASIACRYPT 2015 - Volume 945210.1007/978-3-662-48797-6_10(214-235)Online publication date: 29-Nov-2015
https://dl.acm.org/doi/10.1007/978-3-662-48797-6_10

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents