TY - GEN

T1 - Elliptic curves with the montgomery-form and their cryptographic applications

AU - Okeya, Katsuyuki

AU - Kurumatani, Hiroyuki

AU - Sakurai, Kouichi

N1 - Publisher Copyright:
© Springer-Verlag Berlin Heidelberg 2000

PY - 2000

Y1 - 2000

N2 - We show that the elliptic curve cryptosystems based on the Montgomery-form EM: BY2 = X3+ AX2 +X are immune to the timing-attacks by using our technique of randomized projective coordinates, while Montgomery originally introduced this type of curves for speeding up the Pollard and Elliptic Curve Methods of integer factorization [Math. Comp. Vol.48, No.177, (1987) pp.243-264]. However, it should be noted that not all the elliptic curves have the Montgomery-form, because the order of any elliptic curve with the Montgomery-form is divisible by “4”. Whereas recent ECC-standards [NIST,SEC-1] recommend that the cofactor of elliptic curve should be no greater than 4 for cryptographic applications. Therefore, we present an efficient algorithm for generating Montgomery-form elliptic curve whose cofactor is exactly “4”. Finally, we give the exact consition on the elliptic curves whether they can be represented as a Montgomery-form or not. We consider divisibility by “8” for Montgomery-form elliptic curves. We implement the proposed algorithm and give some numerical examples obtained by this.

AB - We show that the elliptic curve cryptosystems based on the Montgomery-form EM: BY2 = X3+ AX2 +X are immune to the timing-attacks by using our technique of randomized projective coordinates, while Montgomery originally introduced this type of curves for speeding up the Pollard and Elliptic Curve Methods of integer factorization [Math. Comp. Vol.48, No.177, (1987) pp.243-264]. However, it should be noted that not all the elliptic curves have the Montgomery-form, because the order of any elliptic curve with the Montgomery-form is divisible by “4”. Whereas recent ECC-standards [NIST,SEC-1] recommend that the cofactor of elliptic curve should be no greater than 4 for cryptographic applications. Therefore, we present an efficient algorithm for generating Montgomery-form elliptic curve whose cofactor is exactly “4”. Finally, we give the exact consition on the elliptic curves whether they can be represented as a Montgomery-form or not. We consider divisibility by “8” for Montgomery-form elliptic curves. We implement the proposed algorithm and give some numerical examples obtained by this.

UR - http://www.scopus.com/inward/record.url?scp=84957794840&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84957794840&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-46588-1_17

DO - 10.1007/978-3-540-46588-1_17

M3 - Conference contribution

AN - SCOPUS:84957794840

SN - 3540669671

SN - 9783540669678

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 238

EP - 257

BT - Public Key Cryptography - 3rd International Workshop on Practice and Theory in Public Key Cryptosystems, PKC 2000, Proceedings

A2 - Imai, Hideki

A2 - Zheng, Yuliang

PB - Springer Verlag

T2 - 3rd International Workshop on Practice and Theory in Public Key Cryptosystems, PKC 2000

Y2 - 18 January 2000 through 20 January 2000

ER -