Paper 2014/158

Point compression for the trace zero subgroup over a small degree extension field

Elisa Gorla and Maike Massierer

Abstract

Using Semaev's summation polynomials, we derive a new equation for the Fq-rational points of the trace zero variety of an elliptic curve defined over Fq. Using this equation, we produce an optimal-size representation for such points. Our representation is compatible with scalar multiplication. We give a point compression algorithm to compute the representation and a decompression algorithm to recover the original point (up to some small ambiguity). The algorithms are efficient for trace zero varieties coming from small degree extension fields. We give explicit equations and discuss in detail the practically relevant cases of cubic and quintic field extensions.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Designs, Codes and Cryptography
DOI
10.1007/s10623-014-9921-0
Keywords
elliptic curve cryptographypairing-based cryptographydiscrete logarithm problemtrace zero varietyefficient representationpoint compressionsummation polynomials
Contact author(s)
maike massierer @ inria fr
History
2014-03-03: received
Short URL
https://ia.cr/2014/158
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2014/158,
      author = {Elisa Gorla and Maike Massierer},
      title = {Point compression for the trace zero subgroup over a small degree extension field},
      howpublished = {Cryptology {ePrint} Archive, Paper 2014/158},
      year = {2014},
      doi = {10.1007/s10623-014-9921-0},
      url = {https://eprint.iacr.org/2014/158}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.