Arithmetic of Elliptic Curves

Handbook of Elliptic and Hyperelliptic Curve Cryptography Pub Date : 2005-07-19 DOI:10.1201/9781420034981.pt3

C. Doche, T. Lange

{"title":"Arithmetic of Elliptic Curves","authors":"C. Doche, T. Lange","doi":"10.1201/9781420034981.pt3","DOIUrl":null,"url":null,"abstract":"Elliptic curves constitute one of the main topics of this book. They have been proposed for applications in cryptography due to their fast group law and because so far no subexponential attack on their discrete logarithm problem (cf. Section 1.5) is known. We deal with security issues in later chapters and concentrate on the group arithmetic here. In an actual implementation this needs to be built on an efficient implementation of finite field arithmetic (cf. Chapter 11). In the sequel we first review the background on elliptic curves to the extent needed here. For a more general presentation of elliptic curves, see Chapter 4. Then we address the question of efficient implementation in large odd and in even characteristics. We refer mainly to [HAME+ 2003] for these sections. Note that there are several softwares packages or libraries able to work on elliptic curves, for example PARI/GP [PARI] and apecs [APECS]. The former is a linkable library that also comes with an interactive shell, whereas the latter is a Maple package. Both come with full sources. The computer algebra systems Magma [MAGMA] and SIMATH [SIMATH] can deal with elliptic curves, too. Elliptic curves have received a lot of attention throughout the past almost 20 years and many papers report experiments and timings for various field sizes and coordinates. We do not want to repeat the results but refer to [AVA 2004a, COMI+ 1998] and Section 14.7 for odd characteristic and [HALO+ 2000, LODA 1998, LODA 1999] for even characteristic. Another excellent and comprehensive reference comparing point multiplication costs and implementation results is [HAME+ 2003, Tables 3.12, 3.13 and 3.14 and Chap. 5].","PeriodicalId":131128,"journal":{"name":"Handbook of Elliptic and Hyperelliptic Curve Cryptography","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"53","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Handbook of Elliptic and Hyperelliptic Curve Cryptography","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1201/9781420034981.pt3","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 53

Abstract

Elliptic curves constitute one of the main topics of this book. They have been proposed for applications in cryptography due to their fast group law and because so far no subexponential attack on their discrete logarithm problem (cf. Section 1.5) is known. We deal with security issues in later chapters and concentrate on the group arithmetic here. In an actual implementation this needs to be built on an efficient implementation of finite field arithmetic (cf. Chapter 11). In the sequel we first review the background on elliptic curves to the extent needed here. For a more general presentation of elliptic curves, see Chapter 4. Then we address the question of efficient implementation in large odd and in even characteristics. We refer mainly to [HAME+ 2003] for these sections. Note that there are several softwares packages or libraries able to work on elliptic curves, for example PARI/GP [PARI] and apecs [APECS]. The former is a linkable library that also comes with an interactive shell, whereas the latter is a Maple package. Both come with full sources. The computer algebra systems Magma [MAGMA] and SIMATH [SIMATH] can deal with elliptic curves, too. Elliptic curves have received a lot of attention throughout the past almost 20 years and many papers report experiments and timings for various field sizes and coordinates. We do not want to repeat the results but refer to [AVA 2004a, COMI+ 1998] and Section 14.7 for odd characteristic and [HALO+ 2000, LODA 1998, LODA 1999] for even characteristic. Another excellent and comprehensive reference comparing point multiplication costs and implementation results is [HAME+ 2003, Tables 3.12, 3.13 and 3.14 and Chap. 5].

查看原文本刊更多论文

椭圆曲线的算法

椭圆曲线是本书的主要主题之一。由于它们的快速群律，并且由于到目前为止还没有对它们的离散对数问题(参见第1.5节)的次指数攻击，它们已被提议用于密码学中。我们在后面的章节中处理安全问题，并在这里集中讨论群算法。在实际实现中，这需要建立在有限域算法的有效实现上(参见第11章)。在续篇中，我们首先回顾椭圆曲线的背景，以达到这里所需要的程度。关于椭圆曲线的更一般的描述，见第4章。然后，我们讨论了在大奇数和偶数特征下的有效实现问题。对于这些章节，我们主要参考[HAME+ 2003]。请注意，有几个软件包或库可以处理椭圆曲线，例如PARI/GP [PARI]和apecs [apecs]。前者是一个可链接的库，也附带一个交互式shell，而后者是一个Maple包。两者都有完整的来源。计算机代数系统Magma [Magma]和SIMATH [SIMATH]也可以处理椭圆曲线。椭圆曲线在过去近20年中受到了广泛的关注，许多论文报道了各种场大小和坐标下的实验和计时。我们不想重复结果，但奇特征参考[AVA 2004a, COMI+ 1998]和第14.7节，偶特征参考[HALO+ 2000, LODA 1998, LODA 1999]。另一个比较点乘法成本和实现结果的优秀而全面的参考文献是[HAME+ 2003，表3.12、3.13和3.14和第5章]。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Handbook of Elliptic and Hyperelliptic Curve Cryptography

自引率

0.00%

发文量