Discrete logarithms for torsion points on elliptic curve of embedding degree 1

Yasuyuki Nogami, Hwajeong Seo

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Recent efficient pairings such as Ate pairing use two efficient subgroups of rational point such that π(P) = P and π(Q) = [p]Q, where π, p, P, and Q are the Frobenius map for rational point, the characteristic of definition field, and torsion points for pairing, respectively. This relation accelerates not only pairing but also pairing–related operations such as scalar multiplications. It holds in the case that the embedding degree k divides r − 1, where r is the order of torsion rational points. Thus, such a case has been well studied. Alternatively, this paper focuses on the case that the degree divides r +1 but not r −1. First, this paper shows a transitive representation for r–torsion points based on the fact that the characteristic polynomial f(π) becomes irreducible over Fr for which π also plays a role of variable. In other words, this paper proposes an elliptic curve discrete logarithm on such a torsion group. After that, together with some example parameters, it is shown how to prepare such pairing–friendly elliptic curves.

Original languageEnglish
Title of host publicationInformation Security and Cryptology - ICISC 2014 - 17th International Conference, Revised Selected Papers
PublisherSpringer Verlag
Pages69-83
Number of pages15
Volume8949
ISBN (Print)9783319159423
DOIs
Publication statusPublished - 2014
Event17th International Conference on Information Security and Cryptology, ICISC 2014 - Seoul, Korea, Republic of
Duration: Dec 3 2014Dec 5 2014

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8949
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other17th International Conference on Information Security and Cryptology, ICISC 2014
CountryKorea, Republic of
CitySeoul
Period12/3/1412/5/14

Fingerprint

Torsion Points
Discrete Logarithm
Pairing
Torsional stress
Elliptic Curves
Rational Points
Divides
Scalar multiplication
Characteristic polynomial
Frobenius
Polynomials
Accelerate
Torsion
Subgroup

Keywords

  • Group structure
  • Pairing–friendly curve
  • Torsion point

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Nogami, Y., & Seo, H. (2014). Discrete logarithms for torsion points on elliptic curve of embedding degree 1. In Information Security and Cryptology - ICISC 2014 - 17th International Conference, Revised Selected Papers (Vol. 8949, pp. 69-83). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8949). Springer Verlag. https://doi.org/10.1007/978-3-319-15943-0_5

Discrete logarithms for torsion points on elliptic curve of embedding degree 1. / Nogami, Yasuyuki; Seo, Hwajeong.

Information Security and Cryptology - ICISC 2014 - 17th International Conference, Revised Selected Papers. Vol. 8949 Springer Verlag, 2014. p. 69-83 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8949).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Nogami, Y & Seo, H 2014, Discrete logarithms for torsion points on elliptic curve of embedding degree 1. in Information Security and Cryptology - ICISC 2014 - 17th International Conference, Revised Selected Papers. vol. 8949, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8949, Springer Verlag, pp. 69-83, 17th International Conference on Information Security and Cryptology, ICISC 2014, Seoul, Korea, Republic of, 12/3/14. https://doi.org/10.1007/978-3-319-15943-0_5
Nogami Y, Seo H. Discrete logarithms for torsion points on elliptic curve of embedding degree 1. In Information Security and Cryptology - ICISC 2014 - 17th International Conference, Revised Selected Papers. Vol. 8949. Springer Verlag. 2014. p. 69-83. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-15943-0_5
Nogami, Yasuyuki ; Seo, Hwajeong. / Discrete logarithms for torsion points on elliptic curve of embedding degree 1. Information Security and Cryptology - ICISC 2014 - 17th International Conference, Revised Selected Papers. Vol. 8949 Springer Verlag, 2014. pp. 69-83 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{a134d7e8d7184c2c9de273cbd2a515f6,
title = "Discrete logarithms for torsion points on elliptic curve of embedding degree 1",
abstract = "Recent efficient pairings such as Ate pairing use two efficient subgroups of rational point such that π(P) = P and π(Q) = [p]Q, where π, p, P, and Q are the Frobenius map for rational point, the characteristic of definition field, and torsion points for pairing, respectively. This relation accelerates not only pairing but also pairing–related operations such as scalar multiplications. It holds in the case that the embedding degree k divides r − 1, where r is the order of torsion rational points. Thus, such a case has been well studied. Alternatively, this paper focuses on the case that the degree divides r +1 but not r −1. First, this paper shows a transitive representation for r–torsion points based on the fact that the characteristic polynomial f(π) becomes irreducible over Fr for which π also plays a role of variable. In other words, this paper proposes an elliptic curve discrete logarithm on such a torsion group. After that, together with some example parameters, it is shown how to prepare such pairing–friendly elliptic curves.",
keywords = "Group structure, Pairing–friendly curve, Torsion point",
author = "Yasuyuki Nogami and Hwajeong Seo",
year = "2014",
doi = "10.1007/978-3-319-15943-0_5",
language = "English",
isbn = "9783319159423",
volume = "8949",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "69--83",
booktitle = "Information Security and Cryptology - ICISC 2014 - 17th International Conference, Revised Selected Papers",

}

TY - GEN

T1 - Discrete logarithms for torsion points on elliptic curve of embedding degree 1

AU - Nogami, Yasuyuki

AU - Seo, Hwajeong

PY - 2014

Y1 - 2014

N2 - Recent efficient pairings such as Ate pairing use two efficient subgroups of rational point such that π(P) = P and π(Q) = [p]Q, where π, p, P, and Q are the Frobenius map for rational point, the characteristic of definition field, and torsion points for pairing, respectively. This relation accelerates not only pairing but also pairing–related operations such as scalar multiplications. It holds in the case that the embedding degree k divides r − 1, where r is the order of torsion rational points. Thus, such a case has been well studied. Alternatively, this paper focuses on the case that the degree divides r +1 but not r −1. First, this paper shows a transitive representation for r–torsion points based on the fact that the characteristic polynomial f(π) becomes irreducible over Fr for which π also plays a role of variable. In other words, this paper proposes an elliptic curve discrete logarithm on such a torsion group. After that, together with some example parameters, it is shown how to prepare such pairing–friendly elliptic curves.

AB - Recent efficient pairings such as Ate pairing use two efficient subgroups of rational point such that π(P) = P and π(Q) = [p]Q, where π, p, P, and Q are the Frobenius map for rational point, the characteristic of definition field, and torsion points for pairing, respectively. This relation accelerates not only pairing but also pairing–related operations such as scalar multiplications. It holds in the case that the embedding degree k divides r − 1, where r is the order of torsion rational points. Thus, such a case has been well studied. Alternatively, this paper focuses on the case that the degree divides r +1 but not r −1. First, this paper shows a transitive representation for r–torsion points based on the fact that the characteristic polynomial f(π) becomes irreducible over Fr for which π also plays a role of variable. In other words, this paper proposes an elliptic curve discrete logarithm on such a torsion group. After that, together with some example parameters, it is shown how to prepare such pairing–friendly elliptic curves.

KW - Group structure

KW - Pairing–friendly curve

KW - Torsion point

UR - http://www.scopus.com/inward/record.url?scp=84925273642&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84925273642&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-15943-0_5

DO - 10.1007/978-3-319-15943-0_5

M3 - Conference contribution

SN - 9783319159423

VL - 8949

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 69

EP - 83

BT - Information Security and Cryptology - ICISC 2014 - 17th International Conference, Revised Selected Papers

PB - Springer Verlag

ER -