A Taxonomy of Pairing-Friendly Elliptic Curves (original) (raw)

References

1. A.O.L. Atkin, F. Morain, Elliptic curves and primality proving. Math. Comput. 61, 29–68 (1993)
   Article MATH MathSciNet Google Scholar
2. D. Bailey, C. Paar, Efficient arithmetic in finite field extensions with application in elliptic curve cryptography. J. Cryptol. 14, 153–176 (2001)
   MATH MathSciNet Google Scholar
3. R. Balasubramanian, N. Koblitz, The improbability that an elliptic curve has subexponential discrete log problem under the Menezes–Okamoto–Vanstone algorithm. J. Cryptol. 11, 141–145 (1998)
   Article MATH MathSciNet Google Scholar
4. P.S.L.M. Barreto, M. Naehrig, Pairing-friendly elliptic curves of prime order, in Selected Areas in Cryptography—SAC 2005. Lecture Notes in Computer Science, vol. 3897 (Springer, Berlin, 2006), pp. 319–331
   Chapter Google Scholar
5. P.S.L.M. Barreto, B. Lynn, M. Scott, Constructing elliptic curves with prescribed embedding degrees, in Security in Communication Networks—SCN 2002. Lecture Notes in Computer Science, vol. 2576 (Springer, Berlin, 2002), pp. 263–273
   Google Scholar
6. P.S.L.M. Barreto, H.Y. Kim, B. Lynn, M. Scott, Efficient algorithms for pairing-based cryptosystems, in Advances in Cryptology—Crypto 2002. Lecture Notes in Computer Science, vol. 2442 (Springer, Berlin, 2002), pp. 354–368
   Chapter Google Scholar
7. P.S.L.M. Barreto, B. Lynn, M. Scott, On the selection of pairing-friendly groups, in Selected Areas in Cryptography—SAC 2003. Lecture Notes in Computer Science, vol. 3006 (Springer, Berlin, 2003), pp. 17–25
   Google Scholar
8. P.S.L.M. Barreto, S. Galbraith, C. O’hEigeartaigh, M. Scott, Efficient pairing computation on supersingular abelian varieties. Des. Codes Cryptogr. 42, 239–271 (2007)
   Article MATH MathSciNet Google Scholar
9. P. Bateman, R. Horn, A heuristic asymptotic formula concerning the distribution of prime numbers. Math. Comput. 16, 363–367 (1962)
   Article MATH MathSciNet Google Scholar
10. N. Benger, M. Charlemagne, D. Freeman, On the security of pairing-friendly abelian varieties over non-prime fields, in Pairing-Based Cryptography—Pairing 2009, to appear. Preprint available at: http://eprint.iacr.org/2008/417/
11. I.F. Blake, G. Seroussi, N.P. Smart (eds.), Advances in Elliptic Curve Cryptography (Cambridge University Press, Cambridge, 2005)
    MATH Google Scholar
12. D. Boneh, M. Franklin, Identity-based encryption from the Weil pairing, in Advances in Cryptology—Crypto 2001. Lecture Notes in Computer Science, vol. 2139 (Springer, Berlin, 2001), pp. 213–229. Full version: SIAM J. Comput. 32(3), 586–615 (2003)
    Chapter Google Scholar
13. D. Boneh, B. Lynn, H. Shacham, Short signatures from the Weil pairing, in Advances in Cryptology—Asiacrypt 2001. Lecture Notes in Computer Science, vol. 2248 (Springer, Berlin, 2002), pp. 514–532. Full version: J. Cryptol. 17, 297–319 (2004)
    Chapter Google Scholar
14. D. Boneh, E.-J. Goh, K. Nissim, Evaluating 2-DNF formulas on ciphertexts, in Theory of Cryptography Conference—TCC 2005. Lecture Notes in Computer Science, vol. 3378 (Springer, Berlin, 2005), pp. 325–341
    Google Scholar
15. W. Bosma, J. Cannon, C. Playoust, The Magma algebra system. I. The user language. J. Symb. Comput. 24(3–4), 235–265 (1997)
    Article MATH MathSciNet Google Scholar
16. A. Bostan, F. Morain, B. Salvy, É. Schost, Fast algorithms for computing isogenies between elliptic curves. Math. Comput. 77, 1755–1778 (2008)
    Article MathSciNet Google Scholar
17. F. Brezing, A. Weng, Elliptic curves suitable for pairing based cryptography. Des. Codes Cryptogr. 37, 133–141 (2005)
    Article MATH MathSciNet Google Scholar
18. R. Bröker, Constructing elliptic curves of prescribed order. Ph.D. thesis, Dept. of Mathematics, Leiden University, 2006. Available at: http://www.math.leidenuniv.nl/~reinier/thesis.pdf
19. J.C. Cha, J.H. Cheon, An identity-based signature from gap Diffie–Hellman groups, in Public-Key Cryptography—PKC 2003. Lecture Notes in Computer Science, vol. 2567 (Springer, Berlin, 2003), pp. 18–30
    Google Scholar
20. D. Charles, On the existence of distortion maps on ordinary elliptic curves, Cryptology ePrint Archive Report 2006/128. Available at: http://eprint.iacr.org/2006/128/
21. L. Chen, Z. Cheng, N. Smart, Identity-based key agreement protocols from pairings. Int. J. Inf. Secur. 6, 213–241 (2007)
    Article Google Scholar
22. C. Cocks, R.G.E. Pinch, Identity-based cryptosystems based on the Weil pairing. Unpublished manuscript, 2001
23. A. Comuta, M. Kawazoe, T. Takahashi, Pairing-friendly elliptic curves with small security loss by Cheon’s algorithm, in Information Security and Cryptography—ICISC 2007. Lecture Notes in Computer Science, vol. 4817 (Springer, Berlin, 2007), pp. 297–308
    Chapter Google Scholar
24. D. Coppersmith, Fast evaluation of logarithms in fields of characteristic two. IEEE Trans. Inf. Theory 30, 587–594 (1984)
    Article MATH MathSciNet Google Scholar
25. G. Cornell, J. Silverman (eds.), Arithmetic Geometry (Springer, New York, 1986)
    MATH Google Scholar
26. P. Duan, S. Cui, C.W. Chan, Effective polynomial families for generating more pairing-friendly elliptic curves, Cryptology ePrint Archive Report 2005/236. Available at: http://eprint.iacr.org/2005/236/
27. R. Dupont, A. Enge, F. Morain, Building curves with arbitrary small MOV degree over finite prime fields. J. Cryptol. 18, 79–89 (2005)
    Article MATH MathSciNet Google Scholar
28. I. Duursma, P. Gaudry, F. Morain, Speeding up the discrete log computation on curves with automorphisms, in Advances in Cryptology—Asiacrypt 1999. Lecture Notes in Computer Science, vol. 1716 (Springer, Berlin, 1999), pp. 103–121
    Google Scholar
29. A. Enge, The complexity of class polynomial computation via floating point approximations. Math. Comput. 78, 1089–1107 (2009)
    MathSciNet Google Scholar
30. D. Freeman, Constructing pairing-friendly elliptic curves with embedding degree 10, in Algorithmic Number Theory Symposium—ANTS-VII. Lecture Notes in Computer Science, vol. 4076 (Springer, Berlin, 2006), pp. 452–465
    Chapter Google Scholar
31. D. Freeman, Constructing pairing-friendly genus 2 curves with ordinary Jacobians, in Pairing-Based Cryptography—Pairing 2007. Lecture Notes in Computer Science, vol. 4575 (Springer, Berlin, 2007), pp. 152–176
    Chapter Google Scholar
32. D. Freeman, A generalized Brezing–Weng method for constructing pairing-friendly ordinary abelian varieties, in Pairing-Based Cryptography—Pairing 2008. Lecture Notes in Computer Science, vol. 5209 (Springer, Berlin, 2008), pp. 146–163
    Chapter Google Scholar
33. D. Freeman, P. Stevenhagen, M. Streng, Abelian varieties with prescribed embedding degree, in Algorithmic Number Theory Symposium—ANTS-VIII. Lecture Notes in Computer Science, vol. 5011 (Springer, Berlin, 2008), pp. 60–73
    Chapter Google Scholar
34. G. Frey, H. Rück, A remark concerning _m_-divisibility and the discrete logarithm in the divisor class group of curves. Math. Comput. 62, 865–874 (1994)
    Article MATH Google Scholar
35. S. Galbraith, V. Rotger, Easy decision Diffie–Hellman groups. LMS J. Comput. Math. 7, 201–218 (2004)
    MATH MathSciNet Google Scholar
36. S. Galbraith, J. McKee, P. Valença, Ordinary abelian varieties having small embedding degree. Finite Fields Appl. 13, 800–814 (2007)
    Article MATH MathSciNet Google Scholar
37. S. Galbraith, K. Paterson, N. Smart, Pairings for cryptographers. Discrete Appl. Math. 15, 3113–3121 (2008)
    Article MathSciNet Google Scholar
38. R. Gallant, R.J. Lambert, S.A. Vanstone, Faster point multiplication on elliptic curves with efficient endomorphisms, in Advances in Cryptology—Crypto 2001. Lecture Notes in Computer Science, vol. 2139 (Springer, Berlin, 2001), pp. 190–200
    Chapter Google Scholar
39. R. Granger, D. Page, N. Smart, High security pairing-based cryptography revisited, in Algorithmic Number Theory Symposium ANTS-VII. Lecture Notes in Computer Science, vol. 4076 (Springer, Berlin, 2006), pp. 480–494
    Chapter Google Scholar
40. K. Harrison, D. Page, N.P. Smart, Software implementation of finite fields of characteristic three, for use in pairing-based cryptosystems. LMS J. Comput. Math. 5, 181–193 (2002)
    MATH MathSciNet Google Scholar
41. F. Hess, Pairing lattices, in Pairing-Based Cryptography—Pairing 2008. Lecture Notes in Computer Science, vol. 5209 (Springer, Berlin, 2008), pp. 18–38
    Chapter Google Scholar
42. F. Hess, N. Smart, F. Vercauteren, The Eta pairing revisited. IEEE Trans. Inf. Theory 52, 4595–4602 (2006)
    Article MathSciNet Google Scholar
43. L. Hitt, On the minimal embedding field, in Pairing-Based Cryptography—Pairing 2007. Lecture Notes in Computer Science, vol. 4575 (Springer, Berlin, 2007), pp. 294–301
    Chapter Google Scholar
44. A. Joux, A one round protocol for tripartite Diffie–Hellman, in Algorithmic Number Theory Symposium—ANTS-IV. Lecture Notes in Computer Science, vol. 1838 (Springer, Berlin, 2000), pp. 385–393. Full version: J. Cryptol. 17, 263–276 (2004)
    Chapter Google Scholar
45. A. Joux, K. Nguyen, Separating decision Diffie–Hellman from computational Diffie–Hellman in cryptographic groups. J. Cryptol. 16, 239–247 (2003)
    Article MATH MathSciNet Google Scholar
46. E. Kachisa, Constructing Brezing–Weng pairing friendly elliptic curves using elements in the cyclotomic field. M.Sc. dissertation, Mzuzu University, 2007
47. E. Kachisa, E. Schaefer, M. Scott, Constructing Brezing–Weng pairing friendly elliptic curves using elements in the cyclotomic field, in Pairing-Based Cryptography—Pairing 2008. Lecture Notes in Computer Science, vol. 5209 (Springer, Berlin, 2008), pp. 126–135
    Chapter Google Scholar
48. K. Karabina, On prime-order elliptic curves with embedding degrees 3, 4 and 6. M.Math. thesis, Univ. of Waterloo, Dept. of Combinatorics and Optimization, 2006
49. K. Karabina, E. Teske, On prime-order elliptic curves with embedding degrees 3, 4 and 6, in Algorithmic Number Theory Symposium—ANTS-VIII. Lecture Notes in Computer Science, vol. 5011 (Springer, Berlin, 2008), pp. 102–117
    Chapter Google Scholar
50. N. Koblitz, Good and bad uses of elliptic curves in cryptography. Mosc. Math. J. 2, 693–715 (2002) 805–806
    MATH MathSciNet Google Scholar
51. N. Koblitz, A. Menezes, Pairing-based cryptography at high security levels, in Proceedings of Cryptography and Coding: 10th IMA International Conference. Lecture Notes in Computer Science, vol. 3796 (Springer, Berlin, 2005), pp. 13–36
    Google Scholar
52. S. Lang, Elliptic Functions (Springer, Berlin, 1987)
    MATH Google Scholar
53. S. Lang, Algebra, revised 3rd edn. (Springer, Berlin, 2002)
    MATH Google Scholar
54. A.K. Lenstra, Unbelievable security: Matching AES security using public key systems, in Advances in Cryptology—Asiacrypt 2001. Lecture Notes in Computer Science, vol. 2248 (Springer, Berlin, 2001), pp. 67–86
    Chapter Google Scholar
55. R. Lidl, H. Niederreiter, Finite Fields (Cambridge University Press, Cambridge, 1997)
    Google Scholar
56. F. Luca, I. Shparlinski, Elliptic curves with low embedding degree. J. Cryptol. 19, 553–562 (2006)
    Article MATH MathSciNet Google Scholar
57. F. Luca, D. Mireles, I. Shparlinski, MOV attack in various subgroups on elliptic curves. Ill. J. Math. 48, 1041–1052 (2004)
    MATH MathSciNet Google Scholar
58. K. Matthews, The Diophantine equation x 2−Dy 2=N, _D_>0. Expo. Math. 18, 323–331 (2000)
    MATH MathSciNet Google Scholar
59. A. Menezes, Elliptic Curve Public Key Cryptosystems (Kluwer Academic, Dordrecht, 1993)
    MATH Google Scholar
60. A. Menezes, An introduction to pairing-based cryptography. Notes from lectures given in Santander, Spain, 2005. Available at: http://www.cacr.math.uwaterloo.ca/~ajmeneze/publications/pairings.pdf
61. A. Menezes, S. Vanstone, Isomorphism classes of elliptic curves over finite fields of characteristic 2. Util. Math. 38, 135–153 (1990)
    MATH MathSciNet Google Scholar
62. A. Menezes, T. Okamoto, S. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Inf. Theory 39, 1639–1646 (1993)
    Article MATH MathSciNet Google Scholar
63. V. Miller, The Weil pairing, and its efficient calculation. J. Cryptol. 17, 235–261 (2004)
    Article MATH Google Scholar
64. A. Miyaji, M. Nakabayashi, S. Takano, New explicit conditions of elliptic curve traces for FR-reduction. IEICE Trans. Fundam. E84-A(5), 1234–1243 (2001)
    Google Scholar
65. F. Morain, Classes d’isomorphismes des courbes elliptiques supersingulières en caracteristique ≥3. Util. Math. 52, 241–253 (1997)
    MATH MathSciNet Google Scholar
66. A. Murphy, N. Fitzpatrick, Elliptic curves for pairing applications, Cryptology ePrint Archive Report 2005/302. Available at: http://eprint.iacr.org/2005/302
67. M. Naehrig, P.S.L.M. Barreto, P. Schwabe, On compressible pairings and their computation, in Progress in Cryptology—Africacrypt 2008. Lecture Notes in Computer Science, vol. 5023 (Springer, Berlin, 2008), pp. 371–388
    Chapter Google Scholar
68. A. Odlyzko, Discrete logarithms in finite fields and their cryptographic significance, in Advances in Cryptology—Eurocrypt 1984. Lecture Notes in Computer Science, vol. 209 (Springer, Berlin, 1985), pp. 224–314
    Google Scholar
69. D. Page, N. Smart, F. Vercauteren, A comparison of MNT curves and supersingular curves. Appl. Algebra Eng., Commun. Comput. 17, 379–392 (2006)
    Article MATH MathSciNet Google Scholar
70. K. Paterson, ID-based signatures from pairings on elliptic curves. Electron. Lett. 38, 1025–1026 (2002)
    Article Google Scholar
71. S. Pohlig, M. Hellman, An improved algorithm for computing discrete logarithms over GF(p) and its cryptographic significance. IEEE Trans. Inf. Theory 24, 106–110 (1978)
    Article MATH MathSciNet Google Scholar
72. J. Pollard, Monte Carlo methods for index computation (mod p). Math. Comput. 32, 918–924 (1978)
    Article MATH MathSciNet Google Scholar
73. J. Robertson, Solving the generalized Pell equation x 2−Dy 2=N. Unpublished manuscript, 2004. Available at: http://hometown.aol.com/jpr2718/pell.pdf
74. K. Rubin, A. Silverberg, Finding composite order ordinary elliptic curves using the Cocks–Pinch method, in preparation
75. R. Sakai, K. Ohgishi, M. Kasahara, Cryptosystems based on pairings, in 2000 Symposium on Cryptography and Information Security—SCIS 2000, Okinawa, Japan, 2000
76. E. Schaefer, A new proof for the non-degeneracy of the Frey–Rück pairing and a connection to isogenies over the base field, in Computational Aspects of Algebraic Curves. Lecture Notes Ser. Comput., vol. 13 (World Scientific, Singapore, 2005), pp. 1–12
    Chapter Google Scholar
77. O. Schirokauer, The number field sieve for integers of low weight. Math. Comput. to appear. Preprint available at: http://eprint.iacr.org/2006/107/
78. M. Scott, Computing the Tate pairing, in Topics in Cryptology—CT-RSA 2005. Lecture Notes in Computer Science, vol. 3376 (Springer, Berlin, 2005), pp. 293–304
    Google Scholar
79. M. Scott, Implementing cryptographic pairings, in Pairing-Based Cryptography—Pairing 2007. Lecture Notes in Computer Science, vol. 4575 (Springer, Berlin, 2007), pp. 177–196
    Google Scholar
80. M. Scott, P.S.L.M. Barreto, Compressed pairings, in Advances in Cryptology—Crypto 2004. Lecture Notes in Computer Science, vol. 3152 (Springer, Berlin, 2004), pp. 140–156
    Google Scholar
81. M. Scott, P.S.L.M. Barreto, Generating more MNT elliptic curves. Des. Codes Cryptogr. 38, 209–217 (2006)
    Article MATH MathSciNet Google Scholar
82. J. Silverman, The Arithmetic of Elliptic Curves (Springer, Berlin, 1986)
    MATH Google Scholar
83. A. Sutherland, Computing Hilbert class polynomials with the Chinese remainder theorem. Preprint, 2009. Available at http://arxiv.org/abs/0903.2785
84. S. Tanaka, K. Nakamula, Constructing pairing-friendly elliptic curves using factorization of cyclotomic polynomials, in Pairing-Based Cryptography—Pairing 2008. Lecture Notes in Computer Science, vol. 5209 (Springer, Berlin, 2008), pp. 136–145
    Chapter Google Scholar
85. J. Tate, Endomorphisms of abelian varieties over finite fields. Invent. Math. 2, 134–144 (1966)
    Article MATH MathSciNet Google Scholar
86. P.C. van Oorschot, M.J. Wiener, Parallel collision search with cryptanalytic applications. J. Cryptol. 12, 1–18 (1999)
    Article MATH Google Scholar
87. E. Verheul, Evidence that XTR is more secure than supersingular elliptic curve cryptosystems. J. Cryptol. 17, 277–296 (2004)
    Article MATH MathSciNet Google Scholar
88. W. Waterhouse, Abelian varieties over finite fields. Ann. Sci. École Norm. Sup. (IV) 2, 521–560 (1969)
    MATH MathSciNet Google Scholar

Download references