research unit 1

This site is powered by Aigaion - A PHP/Web based management system for shared and annotated bibliographies. For more information visit


Type of publication:Article
Entered by:chita
TitleOn the Efficient Generation of Prime-Order Elliptic Curves
Bibtex cite IDRACTI-RU1-2010-5
Journal Journal of Cryptology
Year published 2010
Volume 23
Number 3
Pages 477-503
DOI 10.1007/s00145-009-9037-2
Keywords Public key cryptography,Elliptic curve cryptosystems,Complex multiplication,Weber polynomials,Prime order
We consider the generation of prime-order elliptic curves (ECs) over a prime field $\mathbbF_p$ using the Complex Multiplication (CM) method. A crucial step of this method is to compute the roots of a special type of class field polynomials with the most commonly used being the Hilbert and Weber ones. These polynomials are uniquely determined by the CM discriminant D. In this paper, we consider a variant of the CM method for constructing elliptic curves (ECs) of prime order using Weber polynomials. In attempting to construct prime-order ECs using Weber polynomials, two difficulties arise (in addition to the necessary transformations of the roots of such polynomials to those of their Hilbert counterparts). The first one is that the requirement of prime order necessitates that D≡3mod8), which gives Weber polynomials with degree three times larger than the degree of their corresponding Hilbert polynomials (a fact that could affect efficiency). The second difficulty is that these Weber polynomials do not have roots in $\mathbbF_p$ . In this work, we show how to overcome the above difficulties and provide efficient methods for generating ECs of prime order focusing on their support by a thorough experimental study. In particular, we show that such Weber polynomials have roots in the extension field $\mathbbF_p^3$ and present a set of transformations for mapping roots of Weber polynomials in $\mathbbF_p^3$ to roots of their corresponding Hilbert polynomials in $\mathbbF_p$ . We also show how an alternative class of polynomials, with degree equal to their corresponding Hilbert counterparts (and hence having roots in $\mathbbF_p$ ), can be used in the CM method to generate prime-order ECs. We conduct an extensive experimental study comparing the efficiency of using this alternative class against the use of the aforementioned Weber polynomials. Finally, we investigate the time efficiency of the CM variant under four different implementations of a crucial step of the variant and demonstrate the superiority of two of them.
Konstantinou, Elisavet
Kontogeorgis, Aristides
Stamatiou, Yannis
Zaroliagis, Christos
zaro.pdf (main file)
Publication ID731