Abstract
In this work we analyse the GLV method of Gallant, Lambert and Vanstone (CRYPTO 2001) which uses a fast endomorphism Φ with minimal polynomial X2 + rX + s to compute any multiple kP of a point P of order n lying on an elliptic curve. First we fill in a gap in the proof of the bound of the kernel K vectors of the reduction map f: (i,j) → i + λj (mod n). In particular, we prove the GLV decomposition with explicit constant kP = k1P + k2Φ(P), with max{|k1|,|k2|} ≤ √1 + |r| + s√n . Next we improve on this bound and give the best constant in the given examples for the quantity supk,n max{|k1|,|k2|}/√n. Independently Park, Jeong, Kim, and Lim (PKC 2002) have given similar but slightly weaker bounds. Finally we provide the first explicit bounds for the GLV method generalised to hyperelliptic curves as described in Park, Jeong and Lim (EUROCRYPT 2002).
| Original language | English |
|---|---|
| Pages (from-to) | 21-36 |
| Number of pages | 16 |
| Journal | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
| Volume | 2595 |
| Publication status | Published - Dec 1 2003 |
Fingerprint
Keywords
- Algebraic number fields
- Efficiently-computable endomorphisms
- Elliptic curve cryptography
- Fast performance
ASJC Scopus subject areas
- Theoretical Computer Science
- Computer Science(all)