For pairing based cryptography we need elliptic curves defined over finite fields F q whose group order is divisible by some prime with | q k − 1 where k is relatively small. In Barreto et al. and Dupont et al. Building curves with arbitrary small Mov degree over finite fields, Preprint, 2002], algorithms for the construction of ordinary elliptic curves over prime fields F p with arbitrary embedding degree k are given. Unfortunately, p is of size O( 2 ).We give a method to generate ordinary elliptic curves over prime fields with p significantly less than 2 which also works for arbitrary k. For a fixed embedding degree k, the new algorithm yields curves with p ≈ s where s = 2 − 2/ϕ(k) or s = 2 − 1/ϕ(k) depending on k. For special values of k even better results are obtained.We present several examples. In particular, we found some curves where is a prime of small Hamming weight resp. with a small addition chain.
Abstract. In this article we generalize the CM method for elliptic and hyperelliptic curves to Picard curves. We describe the algorithm in detail and discuss the results of our implementation.
Abstract. In this article we show how to generalize the CM-method for elliptic curves to genus two. We describe the algorithm in detail and discuss the results of our implementation.
Abstract. The complex multiplication (CM) method for genus 2 is currently the most efficient way of generating genus 2 hyperelliptic curves defined over large prime fields and suitable for cryptography. Since low class number might be seen as a potential threat, it is of interest to push the method as far as possible. We have thus designed a new algorithm for the construction of CM invariants of genus 2 curves, using 2-adic lifting of an input curve over a small finite field. This provides a numerically stable alternative to the complex analytic method in the first phase of the CM method for genus 2. As an example we compute an irreducible factor of the Igusa class polynomial system for the quartic CM field Q(i Ô 75 + 12 √ 17), whose class number is 50. We also introduce a new representation to describe the CM curves: a set of polynomials in (j1, j2, j3) which vanish on the precise set of triples which are the Igusa invariants of curves whose Jacobians have CM by a prescribed field. The new representation provides a speedup in the second phase, which uses Mestre's algorithm to construct a genus 2 Jacobian of prime order over a large prime field for use in cryptography.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.