Results 1  10
of
23
Counting Points on Elliptic Curves Over Finite Fields
, 1995
"... . We describe three algorithms to count the number of points on an elliptic curve over a finite field. The first one is very practical when the finite field is not too large; it is based on Shanks's babystepgiantstep strategy. The second algorithm is very efficient when the endomorphism ring of ..."
Abstract

Cited by 82 (0 self)
 Add to MetaCart
. We describe three algorithms to count the number of points on an elliptic curve over a finite field. The first one is very practical when the finite field is not too large; it is based on Shanks's babystepgiantstep strategy. The second algorithm is very efficient when the endomorphism ring of the curve is known. It exploits the natural lattice structure of this ring. The third algorithm is based on calculations with the torsion points of the elliptic curve [18]. This deterministic polynomial time algorithm was impractical in its original form. We discuss several practical improvements by Atkin and Elkies. 1. Introduction. Let p be a large prime and let E be an elliptic curve over F p given by a Weierstraß equation Y 2 = X 3 +AX +B for some A, B 2 F p . Since the curve is not singular we have that 4A 3 + 27B 2 6j 0 (mod p). We describe several methods to count the rational points on E, i.e., methods to determine the number of points (x; y) on E with x; y 2 F p . Most o...
Algorithms for computing isogenies between elliptic curves
 Math. Comp
, 2000
"... Abstract. The heart of the improvements by Elkies to Schoof’s algorithm for computing the cardinality of elliptic curves over a finite field is the ability to compute isogenies between curves. Elkies ’ approach is well suited for the case where the characteristic of the field is large. Couveignes sh ..."
Abstract

Cited by 31 (6 self)
 Add to MetaCart
Abstract. The heart of the improvements by Elkies to Schoof’s algorithm for computing the cardinality of elliptic curves over a finite field is the ability to compute isogenies between curves. Elkies ’ approach is well suited for the case where the characteristic of the field is large. Couveignes showed how to compute isogenies in small characteristic. The aim of this paper is to describe the first successful implementation of Couveignes’s algorithm. In particular, we describe the use of fast algorithms for performing incremental operations on series. We also insist on the particular case of the characteristic 2. 1.
Constructing Isogenies Between Elliptic Curves Over Finite Fields
 LMS J. Comput. Math
, 1999
"... Let E 1 and E 2 be ordinary elliptic curves over a finite field Fp such that #E1 (Fp ) = #E2 (Fp ). Tate's isogeny theorem states that there is an isogeny from E1 to E2 which is defined over Fp . The goal of this paper is to describe a probabilistic algorithm for constructing such an isogeny. ..."
Abstract

Cited by 31 (4 self)
 Add to MetaCart
Let E 1 and E 2 be ordinary elliptic curves over a finite field Fp such that #E1 (Fp ) = #E2 (Fp ). Tate's isogeny theorem states that there is an isogeny from E1 to E2 which is defined over Fp . The goal of this paper is to describe a probabilistic algorithm for constructing such an isogeny.
Counting the Number of Points on Elliptic Curves over Finite Fields of Characteristic Greater than Three
 In Proceedings of ANTS I
, 1994
"... We present a variant of an algorithm of Oliver Atkin for counting the number of points on an elliptic curve over a finite field. We describe an implementation of this algorithm for prime fields. We report on the use of this implementation to count the number of points on a curve over IFp , where p i ..."
Abstract

Cited by 16 (4 self)
 Add to MetaCart
We present a variant of an algorithm of Oliver Atkin for counting the number of points on an elliptic curve over a finite field. We describe an implementation of this algorithm for prime fields. We report on the use of this implementation to count the number of points on a curve over IFp , where p is a 375digit prime.
Finding Good Random Elliptic Curves for Cryptosystems Defined over ...
 Advances in Cryptology { EUROCRYPT '97
, 1997
"... . One of the main difficulties for implementing cryptographic schemes based on elliptic curves defined over finite fields is the necessary computation of the cardinality of these curves. In the case of finite fields IF2 n , recent theoretical breakthroughs yield a significant speed up of the comput ..."
Abstract

Cited by 15 (0 self)
 Add to MetaCart
. One of the main difficulties for implementing cryptographic schemes based on elliptic curves defined over finite fields is the necessary computation of the cardinality of these curves. In the case of finite fields IF2 n , recent theoretical breakthroughs yield a significant speed up of the computations. Once described some of these ideas in the first part of this paper, we show that our current implementation runs from 2 up to 10 times faster than what was done previously. In the second part, we exhibit a slight change of Schoof's algorithm to choose curves with a number of points "nearly" prime and so construct cryptosystems based on random elliptic curves instead of specific curves as it used to be. 1 Introduction It is well known that the discrete logarithm problem is hard on elliptic curves defined over finite fields IF q . This is due to the fact that the only known attacks (baby steps giant steps [Sha71], Pollard ae [Pol78] and PohligHellman [PH78] methods) are still exponen...
Remarks on the SchoofElkiesAtkin algorithm
 Math. Comp
, 1998
"... Abstract. Schoof’s algorithm computes the number m of points on an elliptic curve E defined over a finite field Fq. Schoof determines m modulo small primes ℓ using the characteristic equation of the Frobenius of E and polynomials of degree O(ℓ 2). With the works of Elkies and Atkin, we have just to ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
Abstract. Schoof’s algorithm computes the number m of points on an elliptic curve E defined over a finite field Fq. Schoof determines m modulo small primes ℓ using the characteristic equation of the Frobenius of E and polynomials of degree O(ℓ 2). With the works of Elkies and Atkin, we have just to compute, when ℓ is a “good ” prime, an eigenvalue of the Frobenius using polynomials of degree O(ℓ). In this article, we compute the complexity of Müller’s algorithm, which is the best known method for determining one eigenvalue and we improve the final step in some cases. Finally, when ℓ is “bad”, we describe how to have polynomials of small degree and how to perform computations, in Schoof’s algorithm, on xvalues only. 1.
Isogeny volcanoes and the SEA algorithm
 In ANTSV, volume 2369 of LNCS
, 2000
"... . In 1985, Schoof gave a deterministic polynomial time algorithm to compute the cardinality of an elliptic curve over a nite eld. His algorithm computes the cardinality modulo small primes and builds the answer using the Chinese Remaindering Theorem. The improvements of Atkin and Elkies made the com ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
. In 1985, Schoof gave a deterministic polynomial time algorithm to compute the cardinality of an elliptic curve over a nite eld. His algorithm computes the cardinality modulo small primes and builds the answer using the Chinese Remaindering Theorem. The improvements of Atkin and Elkies made the computations easier and practical. Couveignes and Morain showed how to extend the ideas of Elkies to the case of prime powers, in eect walking through the Tate module associated to the curve, via rational isogenies. This latter algorithm works well if the Frobenius of the curve has two distinct eigenvalues and there remained to tackle the case of repeated eigenvalues. The purpose of this work is to solve this problem, explaining how this relates to the computation of the endomorphism ring of the curve, as worked out by Kohel. 1. Introduction Let E be an elliptic curve dened over a nite eld F q , where q = p r with p prime. By Hasse's theorem, the Frobenius of the curve is an endomorp...
Computing the cardinality of CM elliptic curves using torsion points
, 2008
"... Let E be an elliptic curve having complex multiplication by a given quadratic order of an imaginary quadratic field K. The field of definition of E is the ring class field Ω of the order. If the prime p splits completely in Ω, then we can reduce E modulo one the factors of p and get a curve E define ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
Let E be an elliptic curve having complex multiplication by a given quadratic order of an imaginary quadratic field K. The field of definition of E is the ring class field Ω of the order. If the prime p splits completely in Ω, then we can reduce E modulo one the factors of p and get a curve E defined over Fp. The trace of the Frobenius of E is known up to sign and we need a fast way to find this sign. For this, we propose to use the action of the Frobenius on torsion points of small order built with class invariants à la Weber, in a manner reminiscent of the SchoofElkiesAtkin algorithm for computing the cardinality of a given elliptic curve modulo p. We apply our results to the Elliptic Curve Primality Proving algorithm (ECPP).
Construction of Secure Elliptic Cryptosystems Using CM Tests and Liftings
, 1998
"... . Elliptic curves over number fields with CM can be used to design nonisogenous elliptic cryptosystems over finite fields efficiently. The existing algorithm to build such CM curves, socalled the CM field algorithm, is based on analytic expansion of modular functions, costing computations of O(2 ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
. Elliptic curves over number fields with CM can be used to design nonisogenous elliptic cryptosystems over finite fields efficiently. The existing algorithm to build such CM curves, socalled the CM field algorithm, is based on analytic expansion of modular functions, costing computations of O(2 5h=2 h 21=4 ) where h is the class number of the endomorphism ring of the CM curve. Thus it is effective only in the small class number cases. This paper presents polynomial time algorithms in h to build CM elliptic curves over number fields. In the first part, probabilistic probabilistic algorithms of CM tests are presented to find elliptic curves with CM without restriction on class numbers. In the second part, we show how to construct ring class fields from ray class fields. Finally, a deterministic algorithm for lifting the ring class equations from small finite fields thus construct CM curves is presented. Its complexity is shown as O(h 7 ). 1 Introduction Elliptic curves over fin...
Efficient Implementation of Schoof's Algorithm
 Advances in Cryptology { ASIACRYPT '98
, 1999
"... . Schoof's algorithm is used to find a secure elliptic curve for cryptosystems, as it can compute the number of rational points on a randomly selected elliptic curve defined over a finite field. By realizing efficient combination of several improvements, such as AtkinElkies's method, the isogeny cy ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
. Schoof's algorithm is used to find a secure elliptic curve for cryptosystems, as it can compute the number of rational points on a randomly selected elliptic curve defined over a finite field. By realizing efficient combination of several improvements, such as AtkinElkies's method, the isogeny cycles method, and trial search by matchandsort techniques, we can count the number of rational points on an elliptic curve over GF (p) in a reasonable time, where p is a prime whose size is around 240bits. 1 Introduction When we use the elliptic curve cryptosystem [9, 17] (ECC for short), we first have to define an elliptic curve over a finite field. Then, all cryptographic operations will be performed on the group of rational points on the curve. Since all the curves are not necessarily secure, we should be very careful when we choose an elliptic curve for ECC. There are several methods to select a curve for ECC, such as Schoof's method [22], CM(Complex Multiplication) method [2, 18, 10,...