Elliptic Curve Cryptosystems

  • Ian F. Blake
  • XuHong Gao
  • Ronald C. Mullin
  • Scott A. Vanstone
  • Tomik Yaghoobian
Part of the The Springer International Series in Engineering and Computer Science book series (SECS, volume 199)


As we have seen in Section 6.1, the elements of a finite cyclic group G may be used to implement several cryptographic schemes, provided that finding logarithms of elements in G is infeasible. We may take G to be a cyclic subgroup of E(F q ), the group of F q -rational points of an elliptic curve defined over F q ; this was first suggested by N. Koblitz [10] and V. Miller [17]. Since the addition in this group is relatively simple, and moreover the discrete logarithm problem in G is believed to be intractable, elliptic curve cryptosystems have the potential to provide security equivalent to that of existing public key schemes, but with shorter key lengths. Having short key lengths is a factor that can be crucial in some applications, for example the design of smart card systems.


Elliptic Curve Elliptic Curf Logarithm Problem Discrete Logarithm Discrete Logarithm Problem 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    G. Agnew, T. Beth, R. Mullin and S. Vanstone, Arithmetic operations in GF(2 m ), J. of Cryptology, to appear.Google Scholar
  2. [2]
    G. Agnew, R. Mullin, I. Onyszchuk and S. Vanstone, “An. implementation for a fast public key cryptosystem”, J. of Cryptology, 3 (1991), 63–79.MathSciNetzbMATHCrossRefGoogle Scholar
  3. [3]
    M. Ben-Or, “Probabilistic algorithms in finite fields”, 22nd Annual Symposium on Foundations of Computer Science (1981), 394–398.Google Scholar
  4. [4]
    D. Coppersmith, “Fast evaluation of logarithms in fields of characteristic two”, IEEE Trans. Info. Th., 30 (1984), 587–594.MathSciNetzbMATHCrossRefGoogle Scholar
  5. [5]
    D. Coppersmith, A. Odlyzko and R. Schroeppel, “Discrete logarithms in Gf(p)”, Algorithmica, 1 (1986), 1–15.MathSciNetzbMATHCrossRefGoogle Scholar
  6. [6]
    T. Elgamal, “A public key cryptosystem and a signature scheme based on discrete logarithms”, IEEE Trans. Info. Th., 31 (1985), 469–472.MathSciNetzbMATHCrossRefGoogle Scholar
  7. [7]
    T. Elgamal, “A subexponential-time algorithm for computing discrete logarithms over Gf(p 2)”, IEEE Trans. Info. Th., 31 (1985), 473–481.MathSciNetCrossRefGoogle Scholar
  8. [8]
    D. Husemoller, Elliptic Curves, Springer-Verlag, New York, 1987.zbMATHGoogle Scholar
  9. [9]
    B. Kaliski, Elliptic Curves and Cryptography: A PseudorAndom Bit Generator and other Tools, Ph.D. thesis, M.I.T., January 1988.Google Scholar
  10. [10]
    N. Koblitz, “Elliptic curve cryptosystems”, Math. Comp., 48 (1987), 203–209.MathSciNetzbMATHCrossRefGoogle Scholar
  11. [11]
    N. Koblitz, “Constructing elliptic curve cryptosystems in characteristic 2”, Advances in Cryptology: Proceedings of Crypto ’90, Lecture Notes in Computer Science, 537 (1991), Springer-Verlag, 156–167.Google Scholar
  12. [12]
    N. Koblitz, “Elliptic curve implementation of zero-knowledge blobs”, J. of Cryptology, 4 (1991), 207–213.MathSciNetzbMATHCrossRefGoogle Scholar
  13. [13]
    N. Koblitz, “Cm-Curves with good cryptographic properties”, Advances in Cryptology: Proceedings of Crypto ’91, Lecture Notes in Computer Science, 576 (1992), Springer-Verlag, 279–287.Google Scholar
  14. [14]
    A. Lenstra, H.W. Lenstra, M. Manasse and J. Pollard, “The number field sieve” , Proceedings of the 22nd Annual Acm Symposium on Theory of Computing (1990), 564–572.Google Scholar
  15. [15]
    A. Menezes, T. Okamoto and S. Vanstone, “Reducing elliptic curve logarithms to logarithms in a finite field”, Proceedings of the 23rd Annual Acm Symposium on Theory of Computing (1991), 80–89.Google Scholar
  16. [16]
    A. Menezes, S. Vanstone and R. Zuccherato, “Counting points on elliptic curves over F2m”, Math. Comp., to appear.Google Scholar
  17. [17]
    V. Miller, “Uses of elliptic curves in cryptography”, Advances in Cryptology: Proceedings of Crypto ’85, Lecture Notes in Computer Science, 218 (1986), Springer-Verlag, 417–426.Google Scholar
  18. [18]
    V. Miller, “Short programs for functions on curves”, unpublished manuscript, 1986.Google Scholar
  19. [19]
    A. Odlyzko, “Discrete logarithms and their cryptographic significance”, in Advances in Cryptology: Proceedings of Eurocrypt ’84, Lecture Notes in Computer Science, 209 (1985), Springer-Verlag, 224–314.Google Scholar
  20. [20]
    C. Pomerance, “Fast, rigorous factorization and discrete logarithms al-gorithms”, in Discrete Algorithms and Complexity, Academic Press, 1987, 119–143.Google Scholar
  21. [21]
    J. Rosser and L. Schoenfield, “Approximate formulas for some functions of prime numbers”, Illinois J. Math., 6 (1962), 64–94.MathSciNetzbMATHGoogle Scholar
  22. [22]
    R.J. Schoof, “Elliptic curves over finite fields and the computation of square roots mod p”, Math. Comp., 44 (1985), 483–494.MathSciNetzbMATHGoogle Scholar
  23. [23]
    J. Silverman, The Arithmetic of Elliptic Curves, Springer-Verlag, New York, 1986.zbMATHCrossRefGoogle Scholar
  24. [24]
    R. Silverman, “The multiple polynomial quadratic sieve”, Math. Comp., 48 (1987), 329–339.MathSciNetzbMATHCrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 1993

Authors and Affiliations

  • Ian F. Blake
    • 1
  • XuHong Gao
    • 1
  • Ronald C. Mullin
    • 1
  • Scott A. Vanstone
    • 1
  • Tomik Yaghoobian
    • 1
  1. 1.University of WaterlooCanada

Personalised recommendations