|
Friday, March 27, 2009 |
|
|
|
|
Pairing-friendly elliptic curves with variable CM discriminant |
|
|
Elliptic curves with small embedding degree and large prime-order subgroup are key
ingredients for implementing pairing-based cryptographic systems. Such
"pairing-friendly" curves are rare and thus require specific constructions. Many
such constructions fix the elliptic curve's CM discriminant in advance, most
commonly to D=1,2 or 3. Some skeptics fear that such a special property may be
used in a future attack on the elliptic curve discrete logarithm problem (on whose
hardness the security of pairing-based cryptosystems relies). We present a few
constructions of elliptic curves with low embedding degree and show how to obtain
families of elliptic curves with variable CM discriminant. |