Pairing-friendly elliptic curves with variable CM discriminant
|Affiliation:||University of Waterloo|
|Room:||Mathematics & Computer Building (MC) 5158|
Elliptic curves with small embedding degree and large prime-order subgroup are key ingredients for implementing pairing-based cryptographic systems. Such "pairing-friendly" curves are rare and thus require specific constructions. Many such constructions fix the elliptic curve's CM discriminant in advance, most commonly to D=1,2 or 3. Some skeptics fear that such a special property may be used in a future attack on the elliptic curve discrete logarithm problem (on whose hardness the security of pairing-based cryptosystems relies). We present a few constructions of elliptic curves with low embedding degree and show how to obtain families of elliptic curves with variable CM discriminant.
This talk is based on joint work with David Freeman and Michael Scott.
200 University Avenue West
Waterloo, ON N2L 3G1