Generation Methods of Elliptic Curves


Let q be a prime power, and let E be an elliptic curve over the field F q of q elements. As usual we associate to E a finite set called the set of rational points of E over F q. We denote this set by E(F q). We will explain these terms in Chapter 2. Once we know that E(F q) actually is a finite Abelian group, we may define the discrete logarithm problem in E(F q) as usual. However, since the use of elliptic curves in cryptography, various algorithms to solve the discrete logarithm problem in the group of rational points of an elliptic curve have been found. Hence, in order to keep the discrete logarithm problem intractable, we have to choose the elliptic curve diligently. As of today the security of an elliptic curve cryptosystem is determined by the cardinality of E(F q). Thus in order to decide whether a group of rational points is suitable for use in cryptography, we have to know its group order. It turns out that in general this is a burdensome and nontrivial task. The following methods are known to find a suitable group. The first approach, mostly referred to as the random approach, first chooses a random curve E. Using point counting algorithms, the group order of E(F q) is determined. Once the cardinality is known, we can decide whether the group is suitable for use in cryptography or not. If it turns out that the curve does not yield a secure cryptosystem, a new elliptic curve is chosen. The second method makes use of the theory of complex multiplication. It is therefore referred to as the complex multiplication method. We abbreviate this method by CM-method. Its proceeding is quite different from the random approach. In the complex multiplication method one first searches for candidates of a suitable group cardinality. This can be done without knowing the corresponding elliptic curves. Once a suitable cardinality is found, the elliptic curve is determined using complex multiplication. Finally, let q = p n be a prime power with n > 1. In addition, let m be a positive divisor of

Extracted Key Phrases

8 Figures and Tables

Cite this paper

@inproceedings{Buchmann2002GenerationMO, title={Generation Methods of Elliptic Curves}, author={Johannes Buchmann}, year={2002} }