Key pairs for elliptic curve cryptography are associated with a set of domain parameters \(D=(q,\mbox{FR},S,a,b,P,n,h)\) which consist of:
- 1.
The order q of the underlying field
. - 2.
An indication \(\mbox{FR}\) of the representation used for the elements of
. - 3.
A seed S if the elliptic curve was generated verifiably at random using a method such as those described in FIPS 186-2 [1].
- 4.
Two field elements a and b that define the equation of the elliptic curve: \(y^2=x^3+ax+b\) in the case that the characteristic of
is not 2 or 3, and \(y^2+xy=x^3+ax^2+b\) if 
has characteristic 2. - 5.
A point
of prime order. - 6.
The order n of P.
- 7.
The cofactor
.
Domain parameters may either be shared by a group of users, or they may be specific to each user.
Typically the cofactor h is small (e.g., h = 1, 2, 3 or 4). A suitable elliptic curve can be found by randomly selecting elliptic curves E over 
until 
is a prime or almost prime. The number of points 
can be determined using Schoof's algorithm [5]...