Trapdoor one-way functions on elliptic curves and their application to shorter signatures and asymmetric encryption
First Claim
1. A cryptographic system operating on an elliptic curve E of order n, said cryptosystem having an endomorphism [z] corresponding to a quadratic algebraic integer z that has the form z2+uz+v=0, where u and v are secret integers, and v is relatively prime to n;
- a public key operation to apply said endomorphism [z] to cryptographic data x to obtain modified data x′
; and
a private key operation to apply [−
w][u]+[z] to said modified data x′
in order to obtain said data x, where w is an integer and wv=1 mod n.
4 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a new trapdoor one-way function. In a general sense, some quadratic algebraic integer z is used. One then finds a curve E and a rational map defining [z] on E. The rational map [z] is the trapdoor one-way function. A judicious selection of z will ensure that [z] can be efficiently computed, that it is difficult to invert, that determination of [z] from the rational functions defined by [z] is difficult, and knowledge of z allows one to invert [z] on a certain set of elliptic curve points. Every rational map is a composition of a translation and an endomorphism. The most secure part of the rational map is the endomorphism as the translation is easy to invert. If the problem of inverting the endomorphism and thus [z] is as hard as the discrete logarithm problem in E, then the size of the cryptographic group can be smaller than the group used for RSA trapdoor one-way functions.
-
Citations
15 Claims
-
1. A cryptographic system operating on an elliptic curve E of order n, said cryptosystem having an endomorphism [z] corresponding to a quadratic algebraic integer z that has the form z2+uz+v=0, where u and v are secret integers, and v is relatively prime to n;
- a public key operation to apply said endomorphism [z] to cryptographic data x to obtain modified data x′
; and
a private key operation to apply [−
w][u]+[z] to said modified data x′
in order to obtain said data x, where w is an integer and wv=1 mod n. - View Dependent Claims (2, 3, 4, 5, 6, 7)
- a public key operation to apply said endomorphism [z] to cryptographic data x to obtain modified data x′
-
8. A method for performing cryptographic operations in a cryptographic system operating on an elliptic curve E of order n, said method comprising the steps of deriving an endomorphism [z] corresponding to a quadratic algebraic integer z that has the form z2+uz+v=0, where u and v are secret integers, and v is relatively prime to n;
- applying a public key operation using said endomorphism [z] to cryptographic data x to obtain modified data x′
; and
applying a private key operation using [−
w][u]+[z] to said modified data x′
in order to obtain said data x, where w is an integer and wv=1 mod n. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- applying a public key operation using said endomorphism [z] to cryptographic data x to obtain modified data x′
Specification