### Abstract

Recent efficient pairings such as Ate pairing use two efficient subgroups of rational point such that π(P) = P and π(Q) = [p]Q, where π, p, P, and Q are the Frobenius map for rational point, the characteristic of definition field, and torsion points for pairing, respectively. This relation accelerates not only pairing but also pairing–related operations such as scalar multiplications. It holds in the case that the embedding degree k divides r − 1, where r is the order of torsion rational points. Thus, such a case has been well studied. Alternatively, this paper focuses on the case that the degree divides r +1 but not r −1. First, this paper shows a transitive representation for r–torsion points based on the fact that the characteristic polynomial f(π) becomes irreducible over Fr for which π also plays a role of variable. In other words, this paper proposes an elliptic curve discrete logarithm on such a torsion group. After that, together with some example parameters, it is shown how to prepare such pairing–friendly elliptic curves.

Original language | English |
---|---|

Title of host publication | Information Security and Cryptology - ICISC 2014 - 17th International Conference, Revised Selected Papers |

Publisher | Springer Verlag |

Pages | 69-83 |

Number of pages | 15 |

Volume | 8949 |

ISBN (Print) | 9783319159423 |

DOIs | |

Publication status | Published - 2014 |

Event | 17th International Conference on Information Security and Cryptology, ICISC 2014 - Seoul, Korea, Republic of Duration: Dec 3 2014 → Dec 5 2014 |

### Publication series

Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|

Volume | 8949 |

ISSN (Print) | 03029743 |

ISSN (Electronic) | 16113349 |

### Other

Other | 17th International Conference on Information Security and Cryptology, ICISC 2014 |
---|---|

Country | Korea, Republic of |

City | Seoul |

Period | 12/3/14 → 12/5/14 |

### Fingerprint

### Keywords

- Group structure
- Pairing–friendly curve
- Torsion point

### ASJC Scopus subject areas

- Computer Science(all)
- Theoretical Computer Science

### Cite this

*Information Security and Cryptology - ICISC 2014 - 17th International Conference, Revised Selected Papers*(Vol. 8949, pp. 69-83). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8949). Springer Verlag. https://doi.org/10.1007/978-3-319-15943-0_5

**Discrete logarithms for torsion points on elliptic curve of embedding degree 1.** / Nogami, Yasuyuki; Seo, Hwajeong.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

*Information Security and Cryptology - ICISC 2014 - 17th International Conference, Revised Selected Papers.*vol. 8949, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8949, Springer Verlag, pp. 69-83, 17th International Conference on Information Security and Cryptology, ICISC 2014, Seoul, Korea, Republic of, 12/3/14. https://doi.org/10.1007/978-3-319-15943-0_5

}

TY - GEN

T1 - Discrete logarithms for torsion points on elliptic curve of embedding degree 1

AU - Nogami, Yasuyuki

AU - Seo, Hwajeong

PY - 2014

Y1 - 2014

N2 - Recent efficient pairings such as Ate pairing use two efficient subgroups of rational point such that π(P) = P and π(Q) = [p]Q, where π, p, P, and Q are the Frobenius map for rational point, the characteristic of definition field, and torsion points for pairing, respectively. This relation accelerates not only pairing but also pairing–related operations such as scalar multiplications. It holds in the case that the embedding degree k divides r − 1, where r is the order of torsion rational points. Thus, such a case has been well studied. Alternatively, this paper focuses on the case that the degree divides r +1 but not r −1. First, this paper shows a transitive representation for r–torsion points based on the fact that the characteristic polynomial f(π) becomes irreducible over Fr for which π also plays a role of variable. In other words, this paper proposes an elliptic curve discrete logarithm on such a torsion group. After that, together with some example parameters, it is shown how to prepare such pairing–friendly elliptic curves.

AB - Recent efficient pairings such as Ate pairing use two efficient subgroups of rational point such that π(P) = P and π(Q) = [p]Q, where π, p, P, and Q are the Frobenius map for rational point, the characteristic of definition field, and torsion points for pairing, respectively. This relation accelerates not only pairing but also pairing–related operations such as scalar multiplications. It holds in the case that the embedding degree k divides r − 1, where r is the order of torsion rational points. Thus, such a case has been well studied. Alternatively, this paper focuses on the case that the degree divides r +1 but not r −1. First, this paper shows a transitive representation for r–torsion points based on the fact that the characteristic polynomial f(π) becomes irreducible over Fr for which π also plays a role of variable. In other words, this paper proposes an elliptic curve discrete logarithm on such a torsion group. After that, together with some example parameters, it is shown how to prepare such pairing–friendly elliptic curves.

KW - Group structure

KW - Pairing–friendly curve

KW - Torsion point

UR - http://www.scopus.com/inward/record.url?scp=84925273642&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84925273642&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-15943-0_5

DO - 10.1007/978-3-319-15943-0_5

M3 - Conference contribution

AN - SCOPUS:84925273642

SN - 9783319159423

VL - 8949

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 69

EP - 83

BT - Information Security and Cryptology - ICISC 2014 - 17th International Conference, Revised Selected Papers

PB - Springer Verlag

ER -