Cryptology ePrint Archive: Report 2014/158

Point compression for the trace zero subgroup over a small degree extension field

Elisa Gorla and Maike Massierer

Abstract: Using Semaev's summation polynomials, we derive a new equation for the $\mathbb{F}_q$-rational points of the trace zero variety of an elliptic curve defined over $\mathbb{F}_q$. Using this equation, we produce an optimal-size representation for such points. Our representation is compatible with scalar multiplication. We give a point compression algorithm to compute the representation and a decompression algorithm to recover the original point (up to some small ambiguity). The algorithms are efficient for trace zero varieties coming from small degree extension fields. We give explicit equations and discuss in detail the practically relevant cases of cubic and quintic field extensions.

Category / Keywords: public-key cryptography / elliptic curve cryptography, pairing-based cryptography, discrete logarithm problem, trace zero variety, efficient representation, point compression, summation polynomials

Original Publication (in the same form): Designs, Codes and Cryptography
DOI: 10.1007/s10623-014-9921-0

Date: received 1 Mar 2014

Contact author: maike massierer at inria fr

Available format(s): PDF | BibTeX Citation

Version: 20140303:112603 (All versions of this report)

Short URL: ia.cr/2014/158

Discussion forum: Show discussion | Start new discussion