Elliptic Curves with Low Embedding Degree

Miyaji, Nakabayashi and Takano have recently suggested a construction of the so-called MNT elliptic curves with low embedding degree, which are also of importance for pairing-based cryptography. We give some heuristic arguments which suggest that there are only about z1/2+ o(1) of MNT curves with complex multiplication discriminant up to z. We also show that there are very few finite fields over which elliptic curves with small embedding degree and small complex multiplication discriminant may exist (regardless of the way they are constructed).

[1]  A. Miyaji,et al.  New Explicit Conditions of Elliptic Curve Traces for FR-Reduction , 2001 .

[2]  Eric R. Verheul,et al.  Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems , 2001, Journal of Cryptology.

[3]  R. Balasubramanian,et al.  The Improbability That an Elliptic Curve Has Subexponential Discrete Log Problem under the Menezes—Okamoto—Vanstone Algorithm , 1998, Journal of Cryptology.

[4]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[5]  Paulo S. L. M. Barreto,et al.  Constructing Elliptic Curves with Prescribed Embedding Degrees , 2002, SCN.

[6]  Joseph H. Silverman,et al.  The arithmetic of elliptic curves , 1986, Graduate texts in mathematics.

[7]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[8]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[9]  Antoine Joux,et al.  The Weil and Tate Pairings as Building Blocks for Public Key Cryptosystems , 2002, ANTS.

[10]  Igor E. Shparlinski,et al.  On the exponent of the group of points on elliptic curves in extension fields , 2005 .

[11]  Steven D. Galbraith,et al.  Ordinary abelian varieties having small embedding degree , 2007, Finite Fields Their Appl..

[12]  Helmut Hasse,et al.  Number Theory , 2020, An Introduction to Probabilistic Number Theory.

[13]  Alice Silverberg,et al.  Supersingular Abelian Varieties in Cryptology , 2002, CRYPTO.

[14]  Annegret Weng,et al.  Elliptic Curves Suitable for Pairing Based Cryptography , 2005, Des. Codes Cryptogr..

[15]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[16]  J. K. Lenstra,et al.  Solving the Pell equation , 2002 .

[17]  Paulo S. L. M. Barreto,et al.  Generating More MNT Elliptic Curves , 2006, Des. Codes Cryptogr..

[18]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[19]  Andreas Enge,et al.  Building Curves with Arbitrary Small MOV Degree over Finite Prime Fields , 2004, Journal of Cryptology.

[20]  William Duke,et al.  Equidistribution of roots of a quadratic congruence to prime moduli , 1995 .

[21]  Igor E. Shparlinski,et al.  MOV attack in various subgroups on elliptic curves , 2004 .

[22]  G. Tenenbaum Introduction to Analytic and Probabilistic Number Theory , 1995 .

[23]  Paulo S. L. M. Barreto,et al.  Efficient Implementation of Pairing-Based Cryptosystems , 2004, Journal of Cryptology.