Families of fast elliptic curves from Q-curves

We construct new families of elliptic curves over $\mathbb{F}_{p^2}$ with efficiently computable endomorphisms, which can be used to accelerate elliptic curve-based cryptosystems in the same way as Gallant---Lambert---Vanstone GLV and Galbraith---Lin---Scott GLS endomorphisms. Our construction is based on reducing quadratic i¾?-curves curves defined over quadratic number fields, without complex multiplic'ation, but with isogenies to their Galois conjugates modulo inert primes. As a first application of the general theory we construct, for every prime pi¾?>i¾?3, two one-parameter families of elliptic curves over $\mathbb{F}_{p^2}$ equipped with endomorphisms that are faster than doubling. Like GLS which appears as a degenerate case of our construction, we offer the advantage over GLV of selecting from a much wider range of curves, and thus finding secure group orders when p is fixed. Unlike GLS, we also offer the possibility of constructing twist-secure curves. Among our examples are prime-order curves over $\mathbb{F}_{p^2}$ , equipped with fast endomorphisms, and with almost-prime-order twists, for the particularly efficient primes pi¾?=i¾?2127i¾?-i¾?1 and pi¾?=i¾?2255i¾?-i¾?19.

[1]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[2]  Jordan S. Ellenberg Q-curves and Galois representations , 2003 .

[3]  Craig Costello,et al.  Fast Cryptography in Genus 2 , 2013, Journal of Cryptology.

[4]  Noam D. Elkies,et al.  On Elliptic K-curves , 2004 .

[5]  J. González Isogenies of polyquadratic $ \mathbb{Q} $-curves to their Galois conjugates , 2001 .

[6]  Josef Pieprzyk,et al.  Advances in Cryptology - ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, December 7-11, 2008. Proceedings , 2008, ASIACRYPT.

[7]  Kouichi Sakurai,et al.  Elliptic Curves with the Montgomery-Form and Their Cryptographic Applications , 2000, Public Key Cryptography.

[8]  Jordi Quer Fields of definition of Q-curves Jordi Quer , 1999 .

[9]  Zhenghua Zhou,et al.  Efficient 3-dimensional GLV method for faster point multiplication on some GLS elliptic curves , 2010, Inf. Process. Lett..

[10]  Tanja Lange,et al.  Twisted Edwards Curves , 2008, AFRICACRYPT.

[11]  Patrick Longa,et al.  Four-Dimensional Gallant-Lambert-Vanstone Scalar Multiplication , 2012, ASIACRYPT.

[12]  Joseph H. Silverman,et al.  The arithmetic of elliptic curves , 1986, Graduate texts in mathematics.

[13]  Ed Dawson,et al.  Twisted Edwards Curves Revisited , 2008, IACR Cryptol. ePrint Arch..

[14]  Martijn Stam,et al.  Understanding Adaptivity: Random Systems Revisited , 2012, ASIACRYPT.

[15]  Denis Réal,et al.  Fault Attack on Elliptic Curve Montgomery Ladder Implementation , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[16]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[17]  Jordi Quer,et al.  Q‐Curves and Abelian Varieties of GL2‐Type , 2000 .

[18]  Jean-Jacques Quisquater,et al.  Analysis of the Gallant-Lambert-Vanstone Method Based on Efficient Endomorphisms: Elliptic and Hyperelliptic Curves , 2002, Selected Areas in Cryptography.

[19]  M. Hellman The Mathematics of Public-Key Cryptography , 1979 .

[20]  Lawrence C. Washington Review of "Handbook of Elliptic and Hyperelliptic Curve Cryptography by H. Cohen and G. Frey", Chapman & Hall/CRC, 2006, 1-58488-518-1 , 2008, SIGA.

[21]  Yuji Hasegawa Q-curves over quadratic fields , 1997 .

[22]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[23]  Sorina Ionica,et al.  Four-Dimensional GLV via the Weil Restriction , 2013, ASIACRYPT.

[24]  Eric R. Verheul,et al.  Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems , 2001, Journal of Cryptology.

[25]  W. Bosma,et al.  HANDBOOK OF MAGMA FUNCTIONS , 2011 .

[26]  Jeffrey Shallit,et al.  Algorithmic Number Theory , 1996, Lecture Notes in Computer Science.

[27]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[28]  Jordi Quer Fields of definition of $\mathbb {Q}$-curves , 2001 .

[29]  Phong Q. Nguyen,et al.  Advances in Cryptology – EUROCRYPT 2013 , 2013, Lecture Notes in Computer Science.

[30]  John Cremona,et al.  Modular Curves and Abelian Varieties , 2012 .

[31]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[32]  Aggelos Kiayias,et al.  Public Key Cryptography - PKC 2006 , 2006, Lecture Notes in Computer Science.

[33]  Christophe Doche,et al.  Efficient Scalar Multiplication by Isogeny Decompositions , 2005, IACR Cryptol. ePrint Arch..

[34]  Katsuyuki Takashima,et al.  A New Type of Fast Endomorphisms on Jacobians of Hyperelliptic Curves and Their Cryptographic Application , 2006, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[35]  R. Schoof Elliptic Curves Over Finite Fields and the Computation of Square Roots mod p , 1985 .

[36]  Patrick Longa,et al.  Four-Dimensional Gallant–Lambert–Vanstone Scalar Multiplication , 2011, Journal of Cryptology.

[37]  Serge Vaudenay Progress in Cryptology - AFRICACRYPT 2008, First International Conference on Cryptology in Africa, Casablanca, Morocco, June 11-14, 2008. Proceedings , 2008, AFRICACRYPT.

[38]  László Babai,et al.  On Lovász’ lattice reduction and the nearest lattice point problem , 1986, Comb..

[39]  Scott A. Vanstone,et al.  Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms , 2001, CRYPTO.

[40]  Michael Scott,et al.  Endomorphisms for Faster Elliptic Curve Cryptography on a Large Class of Curves , 2009, Journal of Cryptology.

[41]  Benjamin A. Smith,et al.  Efficiently Computable Endomorphisms for Hyperelliptic Curves , 2006, ANTS.

[42]  Jordan S. Ellenberg ℚ-Curves and Galois Representations , 2004 .

[43]  Tanja Lange,et al.  Handbook of Elliptic and Hyperelliptic Curve Cryptography , 2005 .