Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is an enormous amount of literature on the subject. To quote the mathematician Serge Lang:
It is possible to write endlessly on elliptic curves. (This is not a threat.)Elliptic curves also figured prominently in the recent proof of Fermat's Last Theorem by Andrew Wiles. Originally pursued for purely aesthetic reasons, elliptic curves have recently been utilized in devising algorithms for factoring integers, primality proving, and in public-key cryptography. In this article, we aim to give the reader an introduction to elliptic curve cryptosystems, and to demonstrate why these systems provide relatively small block sizes, high-speed software and hardware implementations, and offer the highest strength-per-key-bit of any known public-key scheme.
INTRODUCTIONSince the introduction of the concept of public-key cryptography by Whit Diffie and Martin Hellman in 1976, the cryptographic importance of the apparent intractability of the well-studied discrete logarithm problem has been recognized. Taher ElGamal first described how this problem could be utilized in public-key encryption and digital signature schemes. ElGamal's methods have been refined and incorporated into various protocols to meet a variety of applications, and one of its extensions forms the basis for the U.S. government digital signature algorithm (DSA).We begin by introducing some basic mathematical terminology. A group is an abstract mathematical object consisting of a set G together with an operation * defined on pairs of elements of G; The order of the group is the number of elements in G. The operation must have certain properties, similar to those with which we are familiar from ordinary integer arithmetic. For example, the integers modulo n, namely = n = { 0, 1, 2, . . . , n -1 }, forms a group under the (Kluwer Academic Publishers, 1993). Alfred is a professor of mathematics at Auburn University in Alabama, and consults on a regular basis for Certicom Corp. He can be reached at menezal@mail.auburn.edu 2 operation of addition modulo n. If p is a prime number, then the non-zero elements of = p , namely = p * = { 1, 2, . . . , p -1}, forms a group under the operation of multiplication modulo p. The order of a group element g ∈ G is the least positive integer n such that g n = 1. For example, in the group = 11 * , the element g = 3 has order 5, since The discrete logarithm problem, as first employed by Diffie and Hellman in their key agreement protocol, was defined explicitly as the problem of finding logarithms in the group = p * :
1997) and also is the author of Elliptic Curve Public Key Cryptosystemsgiven an element g ∈ = p * of order n, and given h ∈ = p * , find an integer, provided that such an integer exists. The integer x is called the discrete logarithm of h to the base g. For example, consider p = 17. Then g = 10 is an element of order n = 16 in = 17 * . If h = 11, then the discrete logarithm of h to the base g is 13 because ...
