Efficient Implementation of Schoof's Algorithm in Case of Characteristic 2

In order to choose a secure elliptic curve for Elliptic Curve Cryptosystems, it is necessary to count the order of a randomly selected elliptic curve. Schoof’s algorithm and its variants by Elkies and Atkin are known as efficient methods to count the orders of elliptic curves. Intelligent Choice System(ICS) was proposed to combine these methods efficiently. In this paper, we propose an improvement on the ICS. Further, we propose several implementation techniques in the characteristic 2 case.

[1]  J. M. Couveignes,et al.  "Computing 〓-isogenies using the p-torsion," ANTS-II , 1996 .

[2]  Igor A. Semaev,et al.  Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p , 1998, Math. Comput..

[3]  R. Schoof Elliptic Curves Over Finite Fields and the Computation of Square Roots mod p , 1985 .

[4]  R. Schoof Journal de Theorie des Nombres de Bordeaux 7 (1995), 219{254 , 2022 .

[5]  Reynald Lercier,et al.  Finding Good Random Elliptic Curves for Cryptosystems Defined over F2n , 1997, EUROCRYPT.

[6]  Jeffrey Shallit,et al.  Algorithmic Number Theory , 1996, Lecture Notes in Computer Science.

[7]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[8]  K. Brown,et al.  Graduate Texts in Mathematics , 1982 .

[9]  R. Lercier,et al.  "Counting the number of points on elliptic curves over finite fields: strategy and performances," EUROCRYPT '95 , 1995 .

[10]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[11]  J. Couveignes Isogeny cycles and the Schoof-Elkies-Atkin algorithm , 1996 .

[12]  L. Dewaghe,et al.  Remarks on the Schoof-Elkies-Atkin algorithm , 1998, Math. Comput..

[13]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1993, IEEE Trans. Inf. Theory.

[14]  Kazuhiro Yokoyama,et al.  Order counting of elliptic curves defined over finite fields of characteristic 2 , 2002 .

[15]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[16]  Nigel P. Smart,et al.  The Discrete Logarithm Problem on Elliptic Curves of Trace One , 1999, Journal of Cryptology.

[17]  R. Lercier,et al.  "Finding good random elliptic curves for cryptosystems defined over F_ ," EUROCRYPT '97 , 1997 .

[18]  Jean Marc Couveignes,et al.  Computing l-Isogenies Using the p-Torsion , 1996, ANTS.

[19]  Masayuki Noro,et al.  Risa/Asir—a computer algebra system , 1992, ISSAC '92.

[20]  Jean-Jacques Quisquater,et al.  Advances in Cryptology — EUROCRYPT ’95 , 2001, Lecture Notes in Computer Science.

[21]  H. W. Lenstra,et al.  Factoring integers with elliptic curves , 1987 .

[22]  Carlo Traverso,et al.  “One sugar cube, please” or selection strategies in the Buchberger algorithm , 1991, ISSAC '91.

[23]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[24]  Reynald Lercier,et al.  Algorithmique des courbes elliptiques dans les corps finis. (Algorithms for elliptic curves over finite fields) , 1997 .

[25]  Walter Fumy,et al.  Advances in Cryptology — EUROCRYPT ’97 , 2001, Lecture Notes in Computer Science.

[26]  Kazuhiro Yokoyama,et al.  Efficient Implementation of Schoof's Algorithm , 1998, ASIACRYPT.

[27]  Christof Paar,et al.  Optimal Extension Fields for Fast Arithmetic in Public-Key Algorithms , 1998, CRYPTO.

[28]  Alfred Menezes,et al.  Elliptic curve public key cryptosystems , 1993, The Kluwer international series in engineering and computer science.

[29]  Takakazu Satoh,et al.  Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves , 1998 .

[30]  R. Lercier,et al.  "Computing isogenies in F_ ," ANTS-II , 1996 .

[31]  T. Izu "Efficient Implementation of Schoof's Algorithm," ASIACRYPT'98 , 1998 .

[32]  Kazuo Ohta,et al.  Advances in Cryptology — ASIACRYPT’98 , 2002, Lecture Notes in Computer Science.