TY - GEN
T1 - Discrete logarithms for torsion points on elliptic curve of embedding degree 1
AU - Nogami, Yasuyuki
AU - Seo, Hwajeong
N1 - Funding Information:
This work was partially supported by JSPS KAKENHI Grant Number 25280047.
Publisher Copyright:
© Springer International Publishing Switzerland 2015.
PY - 2014
Y1 - 2014
N2 - Recent efficient pairings such as Ate pairing use two efficient subgroups of rational point such that π(P) = P and π(Q) = [p]Q, where π, p, P, and Q are the Frobenius map for rational point, the characteristic of definition field, and torsion points for pairing, respectively. This relation accelerates not only pairing but also pairing–related operations such as scalar multiplications. It holds in the case that the embedding degree k divides r − 1, where r is the order of torsion rational points. Thus, such a case has been well studied. Alternatively, this paper focuses on the case that the degree divides r +1 but not r −1. First, this paper shows a transitive representation for r–torsion points based on the fact that the characteristic polynomial f(π) becomes irreducible over Fr for which π also plays a role of variable. In other words, this paper proposes an elliptic curve discrete logarithm on such a torsion group. After that, together with some example parameters, it is shown how to prepare such pairing–friendly elliptic curves.
AB - Recent efficient pairings such as Ate pairing use two efficient subgroups of rational point such that π(P) = P and π(Q) = [p]Q, where π, p, P, and Q are the Frobenius map for rational point, the characteristic of definition field, and torsion points for pairing, respectively. This relation accelerates not only pairing but also pairing–related operations such as scalar multiplications. It holds in the case that the embedding degree k divides r − 1, where r is the order of torsion rational points. Thus, such a case has been well studied. Alternatively, this paper focuses on the case that the degree divides r +1 but not r −1. First, this paper shows a transitive representation for r–torsion points based on the fact that the characteristic polynomial f(π) becomes irreducible over Fr for which π also plays a role of variable. In other words, this paper proposes an elliptic curve discrete logarithm on such a torsion group. After that, together with some example parameters, it is shown how to prepare such pairing–friendly elliptic curves.
KW - Group structure
KW - Pairing–friendly curve
KW - Torsion point
UR - http://www.scopus.com/inward/record.url?scp=84925273642&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84925273642&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-15943-0_5
DO - 10.1007/978-3-319-15943-0_5
M3 - Conference contribution
AN - SCOPUS:84925273642
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 69
EP - 83
BT - Information Security and Cryptology - ICISC 2014 - 17th International Conference, Revised Selected Papers
A2 - Kim, Jongsung
A2 - Lee, Jooyoung
PB - Springer Verlag
T2 - 17th International Conference on Information Security and Cryptology, ICISC 2014
Y2 - 3 December 2014 through 5 December 2014
ER -