2002 Fiscal Year Final Research Report Summary
Number theory for positive characteristics and its application to elliptic curve cryptography
| Project/Area Number |
12640009
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Single-year Grants |
|---|
| Section | 一般 |
|---|
| Research Field |
Algebra
|
|---|
| Research Institution | Saitama University |
|---|
Principal Investigator |
SATOH Takakazu Saitama Univ., Dept. of Mathematics, Assoc. Prof., 理学部, 助教授 (70215797)
|
|---|
| Co-Investigator(Kenkyū-buntansha) |
GON Yasuro Saitama Univ., Dept. of Mathematics, Assistant, 理学部, 助手 (30302508)
YANAI Hisae Saitama Univ., Dept. of Mathematics, Lecturer, 理学部, 講師 (10008865)
TAKEICHI Kisao Saitama Univ., Dept. of Mathematics, Professor, 理学部, 教授 (00011560)
|
|---|
| Project Period (FY) |
2000 – 2002
|
| Keywords | the Frobenius substitutions / finite fields / elliptic curves / order counting |
|---|
| Research Abstract |
We establish and develop a p-adic point counting algorithm for elliptic curves over finite fields of small characteristics. Let p be a fixed small prime and put q to be the N-th power of p. For a given ordinal elliptic curve E defined over the finite field k of q elements, we construct a fast algorithm to compute the number of k-rational points of E. When a small prime p is fixed and N tends to infinity, our algorithm is faster than the so-called SEA algorithm.
Our algorithm is based on the canonical lifts of elliptic curves. First we lift a given ordinal elliptic curve to its canonical lift. We use the fact that two j-invariants of lifted curves are related by the p-th modular polynomial. So, construction of the canonical lifts is reduced to find a solution to a certain system of non-linear equations. Second, we compute the leading coefficient of the dual of the lift of the p-th Frobenius morphism. This should not be confused with the inverse Frobenius substitution, since we are working over the field of characteristic zero once the curve is lifted. Third, by looking at the action of the dual of the lifted Frobenius morphism, we can compute the trace of the q-th Frobenius endomorphism. Using well-known Hasse's equality, we obtain the number of the rational points and we are done.
We further construct a faster algorithm, with some precomputations which depends on only on q. The precomputation is quite feasible for the case that N is less than, say, 500. Hence the cost of precomputation is no problem for practical applications. On the other hand, thanks to the precomputation, we can evaluate the Frobenius substitution quickly. This ameliorates the growth rate of time complexity with respect to a number of bit operations by a factor of at least the square root of N.
|
