TY - GEN

T1 - Discrete logarithms for torsion points on elliptic curve of embedding degree 1

AU - Nogami, Yasuyuki

AU - Seo, Hwajeong

N1 - Funding Information:
This work was partially supported by JSPS KAKENHI Grant Number 25280047.
Publisher Copyright:
© Springer International Publishing Switzerland 2015.

PY - 2014

Y1 - 2014

N2 - Recent efficient pairings such as Ate pairing use two efficient subgroups of rational point such that π(P) = P and π(Q) = [p]Q, where π, p, P, and Q are the Frobenius map for rational point, the characteristic of definition field, and torsion points for pairing, respectively. This relation accelerates not only pairing but also pairing–related operations such as scalar multiplications. It holds in the case that the embedding degree k divides r − 1, where r is the order of torsion rational points. Thus, such a case has been well studied. Alternatively, this paper focuses on the case that the degree divides r +1 but not r −1. First, this paper shows a transitive representation for r–torsion points based on the fact that the characteristic polynomial f(π) becomes irreducible over Fr for which π also plays a role of variable. In other words, this paper proposes an elliptic curve discrete logarithm on such a torsion group. After that, together with some example parameters, it is shown how to prepare such pairing–friendly elliptic curves.

AB - Recent efficient pairings such as Ate pairing use two efficient subgroups of rational point such that π(P) = P and π(Q) = [p]Q, where π, p, P, and Q are the Frobenius map for rational point, the characteristic of definition field, and torsion points for pairing, respectively. This relation accelerates not only pairing but also pairing–related operations such as scalar multiplications. It holds in the case that the embedding degree k divides r − 1, where r is the order of torsion rational points. Thus, such a case has been well studied. Alternatively, this paper focuses on the case that the degree divides r +1 but not r −1. First, this paper shows a transitive representation for r–torsion points based on the fact that the characteristic polynomial f(π) becomes irreducible over Fr for which π also plays a role of variable. In other words, this paper proposes an elliptic curve discrete logarithm on such a torsion group. After that, together with some example parameters, it is shown how to prepare such pairing–friendly elliptic curves.

KW - Group structure

KW - Pairing–friendly curve

KW - Torsion point

UR - http://www.scopus.com/inward/record.url?scp=84925273642&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84925273642&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-15943-0_5

DO - 10.1007/978-3-319-15943-0_5

M3 - Conference contribution

AN - SCOPUS:84925273642

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 69

EP - 83

BT - Information Security and Cryptology - ICISC 2014 - 17th International Conference, Revised Selected Papers

A2 - Kim, Jongsung

A2 - Lee, Jooyoung

PB - Springer Verlag

T2 - 17th International Conference on Information Security and Cryptology, ICISC 2014

Y2 - 3 December 2014 through 5 December 2014

ER -