The State of Elliptic Curve Cryptography

Since the introduction of public-key cryptography by Diffie and Hellman in 1976, the potential for the use of the discrete logarithm problem in public-key cryptosystems has been recognized. Although the discrete logarithm problem as first employed by Diffie and Hellman was defined explicitly as the problem of finding logarithms with respect to a generator in the multiplicative group of the integers modulo a prime, this idea can be extended to arbitrary groups and, in particular, to elliptic curve groups. The resulting public-key systems provide relatively small block size, high speed, and high security. This paper surveys the development of elliptic curve cryptosystems from their inception in 1985 by Koblitz and Miller to present day implementations.

[1]  Don Coppersmith,et al.  Fast evaluation of logarithms in fields of characteristic two , 1984, IEEE Trans. Inf. Theory.

[2]  Alfred Menezes,et al.  Public-Key Cryptosystems with Very Small Key Length , 1992, EUROCRYPT.

[3]  Christof Paar,et al.  Optimal Extension Fields for Fast Arithmetic in Public-Key Algorithms , 1998, CRYPTO.

[4]  Shuhong Gao,et al.  Optimal normal bases , 1992, Des. Codes Cryptogr..

[5]  Willi Meier,et al.  Efficient Multiplication on Certain Nonsupersingular Elliptic Curves , 1992, CRYPTO.

[6]  J. Silverman "Elliptic curve discrete logarithms and index calculus," ASIACRYPT'98 , 1998 .

[7]  Andreas Stein,et al.  Key-Exchange in Real Quadratic Congruence Function Fields , 1996, Des. Codes Cryptogr..

[8]  Joseph H. Silverman,et al.  The Xedni Calculus and the Elliptic Curve Discrete Logarithm Problem , 2000, Des. Codes Cryptogr..

[9]  Jerome A. Solinas An Improved Algorithm for Arithmetic on a Family of Elliptic Curves , 1997, CRYPTO.

[10]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[11]  Paul C. van Oorschot,et al.  Parallel collision search with application to hash functions and discrete logarithms , 1994, CCS '94.

[12]  Ronald C. Mullin,et al.  Optimal normal bases in GF(pn) , 1989, Discret. Appl. Math..

[13]  Andreas Stein,et al.  Key-exchange in real quadratic congruence function fields , 1996 .

[14]  R. Lercier,et al.  "Finding good random elliptic curves for cryptosystems defined over F_ ," EUROCRYPT '97 , 1997 .

[15]  René Schoof,et al.  Nonsingular plane cubic curves over finite fields , 1987, J. Comb. Theory A.

[16]  Reynald Lercier,et al.  Counting the Number of Points on Elliptic Curves over Finite Fields: Strategies and Performance , 1995, EUROCRYPT.

[17]  Martin E. Hellman,et al.  An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[18]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[19]  Bart Preneel,et al.  On the Performance of Signature Schemes Based on Elliptic Curves , 1998, ANTS.

[20]  N. Koblitz A Course in Number Theory and Cryptography , 1987 .

[21]  Oliver Schirokauer Discrete logarithms and local units , 1993, Philosophical Transactions of the Royal Society of London. Series A: Physical and Engineering Sciences.

[22]  Scott A. Vanstone,et al.  Discrete Logarithm Based Cryptosystems in Quadratic Function Fields of Characteristic 2 , 1998, Des. Codes Cryptogr..

[23]  Tatsuaki Okamoto,et al.  New Public-Key Schemes Based on Elliptic Curves over the Ring Zn , 1991, CRYPTO.

[24]  Nigel P. Smart,et al.  The Discrete Logarithm Problem on Elliptic Curves of Trace One , 1999, Journal of Cryptology.

[25]  S. Davidson,et al.  An Ultra-high Speed Public Key Encryption Processor , 1992, 1992 Proceedings of the IEEE Custom Integrated Circuits Conference.

[26]  Andreas Stein,et al.  Analysis of the Xedni Calculus Attack , 2000, Des. Codes Cryptogr..

[27]  Reynald Lercier,et al.  Computing Isogenies in F2n , 1996, ANTS.

[28]  Horst G. Zimmer,et al.  Constructing elliptic curves with given group order over large finite fields , 1994, ANTS.

[29]  Neal Koblitz,et al.  Algebraic aspects of cryptography , 1998, Algorithms and computation in mathematics.

[30]  R.G.E. Pinch Extending the Wiener attack to RSA-type cryptosystems , 1995 .

[31]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[32]  Daniel Bleichenbacher On the Security of the KMOV Public Key Cryptosystem , 1997, CRYPTO.

[33]  N. Koblitz PRIMALITY OF THE NUMBER OF POINTS ON AN ELLIPTIC CURVE OVER A FINITE FIELD , 1988 .

[34]  A. Stein Equivalences between elliptic curves and real quadratic congruence function fields , 1997 .

[35]  Takakazu Satoh,et al.  Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves , 1998 .

[36]  Barry Mazur,et al.  Modular curves and the eisenstein ideal , 1977 .

[37]  Bruce Schneier,et al.  Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security. A Report by an Ad Hoc Group of Cryptographers and Computer Scientists , 1996 .

[38]  Richard J. Lipton,et al.  Algorithms for Black-Box Fields and their Application to Cryptography (Extended Abstract) , 1996, CRYPTO.

[39]  Servaas Vandenberghe,et al.  A Fast Software Implementation for Arithmetic Operations in GF(2n) , 1996, ASIACRYPT.

[40]  Reynald Lercier,et al.  Finding Good Random Elliptic Curves for Cryptosystems Defined over F2n , 1997, EUROCRYPT.

[41]  G. Frey,et al.  A remark concerning m -divisibility and the discrete logarithm in the divisor class group of curves , 1994 .

[42]  Andreas Stein,et al.  Computing discrete logarithms in real quadratic congruence function fields of large genus , 1999, Math. Comput..

[43]  Daniel M. Gordon,et al.  Discrete Logarithms in GF(P) Using the Number Field Sieve , 1993, SIAM J. Discret. Math..

[44]  Gordon B. Agnew,et al.  An Implementation of Elliptic Curve Cryptosystems Over F2155 , 1993, IEEE J. Sel. Areas Commun..

[45]  François Morain Building Elliptic Curves Modulo Large Primes , 1991, EUROCRYPT.

[46]  Scott A. Vanstone,et al.  Improving the parallelized Pollard lambda search on anomalous binary curves , 2000, Math. Comput..

[47]  R. Balasubramanian,et al.  The Improbability That an Elliptic Curve Has Subexponential Discrete Log Problem under the Menezes—Okamoto—Vanstone Algorithm , 1998, Journal of Cryptology.

[48]  Stephen C. Pohlig,et al.  An Improved Algorithm for Computing Logarithms over GF(p) and Its Cryptographic Significance , 2022, IEEE Trans. Inf. Theory.

[49]  S. Lang,et al.  Abelian varieties over finite fields , 2005 .

[50]  Alfred Menezes,et al.  Elliptic curve public key cryptosystems , 1993, The Kluwer international series in engineering and computer science.

[51]  Jean-François Mestre,et al.  Formules explicites et minoration de conducteurs de vari'et'es alg'ebriques , 1986 .

[52]  Y. Driencourt,et al.  Elliptic codes over fields of characteristics 2 , 1987 .

[53]  Neal Koblitz,et al.  CM-Curves with Good Cryptographic Properties , 1991, CRYPTO.

[54]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[55]  Robert J. Zuccherato,et al.  The Equivalence Between Elliptic Curve and Quadratic Function Field Discrete Logarithms in Characteristic 2 , 1998, ANTS.

[56]  Joe Suzuki,et al.  Elliptic Curve Discrete Logarithms and the Index Calculus , 1998, ASIACRYPT.

[57]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[58]  Kaoru Kurosawa,et al.  Low Exponent Attack Against Elliptic Curve RSA , 1995, Inf. Process. Lett..

[59]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[60]  G. Geer Codes and Elliptic Curves , 1991 .

[61]  Christof Paar,et al.  Efficient Algorithms for Elliptic Curve Cryptosystems , 1997, CRYPTO.

[62]  Igor A. Semaev,et al.  Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p , 1998, Math. Comput..

[63]  R. Schoof Elliptic Curves Over Finite Fields and the Computation of Square Roots mod p , 1985 .

[64]  R. Gallant,et al.  Improving the Parallelized Pollard Lambda Search on Binary Anomalous Curves , 1998 .

[65]  Burton S. Kaliski,et al.  A Pseudo-Random Bit Generator Based on Elliptic Logarithms , 1986, CRYPTO.

[66]  H. W. Lenstra,et al.  Factoring integers with elliptic curves , 1987 .

[67]  Joe Kilian,et al.  Almost all primes can be quickly certified , 1986, STOC '86.

[68]  Yves Driencourt,et al.  Some Properties of Elliptic Codes Over a Field of Characteristic 2 , 1985, AAECC.

[69]  Leonard M. Adleman,et al.  A subexponential algorithm for discrete logarithms over the rational subgroup of the jacobians of large genus hyperelliptic curves over finite fields , 1994, ANTS.

[70]  J. Silverman Advanced Topics in the Arithmetic of Elliptic Curves , 1994 .

[71]  Hilarie K. Orman,et al.  Fast Key Exchange with Elliptic Curve Systems , 1995, CRYPTO.

[72]  Neal Koblitz,et al.  Constructing Elliptic Curve Cryptosystems in Characteristic 2 , 1990, CRYPTO.