Arithmetic of Elliptic Curves

Elliptic curves constitute one of the main topics of this book. They have been proposed for applications in cryptography due to their fast group law and because so far no subexponential attack on their discrete logarithm problem (cf. Section 1.5) is known. We deal with security issues in later chapters and concentrate on the group arithmetic here. In an actual implementation this needs to be built on an efficient implementation of finite field arithmetic (cf. Chapter 11). In the sequel we first review the background on elliptic curves to the extent needed here. For a more general presentation of elliptic curves, see Chapter 4. Then we address the question of efficient implementation in large odd and in even characteristics. We refer mainly to [HAME+ 2003] for these sections. Note that there are several softwares packages or libraries able to work on elliptic curves, for example PARI/GP [PARI] and apecs [APECS]. The former is a linkable library that also comes with an interactive shell, whereas the latter is a Maple package. Both come with full sources. The computer algebra systems Magma [MAGMA] and SIMATH [SIMATH] can deal with elliptic curves, too. Elliptic curves have received a lot of attention throughout the past almost 20 years and many papers report experiments and timings for various field sizes and coordinates. We do not want to repeat the results but refer to [AVA 2004a, COMI+ 1998] and Section 14.7 for odd characteristic and [HALO+ 2000, LODA 1998, LODA 1999] for even characteristic. Another excellent and comprehensive reference comparing point multiplication costs and implementation results is [HAME+ 2003, Tables 3.12, 3.13 and 3.14 and Chap. 5].