TY - GEN
T1 - Elliptic curves with the montgomery-form and their cryptographic applications
AU - Okeya, Katsuyuki
AU - Kurumatani, Hiroyuki
AU - Sakurai, Kouichi
N1 - Publisher Copyright:
© Springer-Verlag Berlin Heidelberg 2000
PY - 2000
Y1 - 2000
N2 - We show that the elliptic curve cryptosystems based on the Montgomery-form EM: BY2 = X3+ AX2 +X are immune to the timing-attacks by using our technique of randomized projective coordinates, while Montgomery originally introduced this type of curves for speeding up the Pollard and Elliptic Curve Methods of integer factorization [Math. Comp. Vol.48, No.177, (1987) pp.243-264]. However, it should be noted that not all the elliptic curves have the Montgomery-form, because the order of any elliptic curve with the Montgomery-form is divisible by “4”. Whereas recent ECC-standards [NIST,SEC-1] recommend that the cofactor of elliptic curve should be no greater than 4 for cryptographic applications. Therefore, we present an efficient algorithm for generating Montgomery-form elliptic curve whose cofactor is exactly “4”. Finally, we give the exact consition on the elliptic curves whether they can be represented as a Montgomery-form or not. We consider divisibility by “8” for Montgomery-form elliptic curves. We implement the proposed algorithm and give some numerical examples obtained by this.
AB - We show that the elliptic curve cryptosystems based on the Montgomery-form EM: BY2 = X3+ AX2 +X are immune to the timing-attacks by using our technique of randomized projective coordinates, while Montgomery originally introduced this type of curves for speeding up the Pollard and Elliptic Curve Methods of integer factorization [Math. Comp. Vol.48, No.177, (1987) pp.243-264]. However, it should be noted that not all the elliptic curves have the Montgomery-form, because the order of any elliptic curve with the Montgomery-form is divisible by “4”. Whereas recent ECC-standards [NIST,SEC-1] recommend that the cofactor of elliptic curve should be no greater than 4 for cryptographic applications. Therefore, we present an efficient algorithm for generating Montgomery-form elliptic curve whose cofactor is exactly “4”. Finally, we give the exact consition on the elliptic curves whether they can be represented as a Montgomery-form or not. We consider divisibility by “8” for Montgomery-form elliptic curves. We implement the proposed algorithm and give some numerical examples obtained by this.
UR - http://www.scopus.com/inward/record.url?scp=84957794840&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84957794840&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-46588-1_17
DO - 10.1007/978-3-540-46588-1_17
M3 - Conference contribution
AN - SCOPUS:84957794840
SN - 3540669671
SN - 9783540669678
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 238
EP - 257
BT - Public Key Cryptography - 3rd International Workshop on Practice and Theory in Public Key Cryptosystems, PKC 2000, Proceedings
A2 - Imai, Hideki
A2 - Zheng, Yuliang
PB - Springer Verlag
T2 - 3rd International Workshop on Practice and Theory in Public Key Cryptosystems, PKC 2000
Y2 - 18 January 2000 through 20 January 2000
ER -