Key pairs for elliptic curve cryptography are associated with a set of domain parameters \(D=(q,\mbox{FR},S,a,b,P,n,h)\) which consist of:
- 1.
The order q of the underlying field .
- 2.
An indication \(\mbox{FR}\) of the representation used for the elements of .
- 3.
A seed S if the elliptic curve was generated verifiably at random using a method such as those described in FIPS 186-2 [1].
- 4.
Two field elements a and b that define the equation of the elliptic curve: \(y^2=x^3+ax+b\) in the case that the characteristic of is not 2 or 3, and \(y^2+xy=x^3+ax^2+b\) if has characteristic 2.
- 5.
A point of prime order.
- 6.
The order n of P.
- 7.
The cofactor .
Domain parameters may either be shared by a group of users, or they may be specific to each user.
Typically the cofactor h is small (e.g., h = 1, 2, 3 or 4). A suitable elliptic curve can be found by randomly selecting elliptic curves E over until is a prime or almost prime. The number of points can be determined using Schoof's algorithm [5]...