适用于建立密码体制的椭圆曲线的构造方法及实现

本文提出了一种素域Ｚｐ（ｐ〉３）上椭圆曲线的构造方法，以获得椭圆曲线Ｅ／Ｚｐ，使得Ｅ（Ｚｐ）无平滑阶子群且其阶＃Ｅ（Ｚｐ）中含有多个大素因子。这类椭圆曲线可用于密码技术中各种需要合数阶群的情形。在这类椭圆曲线上建立密码体制，消除了离散对数型保密或数字签名方案信息泄露的隐患，为建立可抗击各种攻击的椭圆曲线密码体制提供了基础。同时，本文还我存的用于密码体制的椭圆曲线构造方法（这些方法用于构造＃Ｅ（Ｚｐ

CONSTRUCTING ELLIPTIC CURVES SUITABLE FOR CRYPTOSYSTEMS-METHODS AND IMPLEMENTATION

It is generally believed that the discrete logarithm problem in a non-supersingular elliptic curve E/K is much more difficult than the discrete logarithm problem in a finite flied of the same size as K. So, the elliptic curve cryptosystems can provide equivalent security as the existing public key schemes, using muchshorter secret keys. This is a very interesting property. To find a suitable elliptic curve is a basic step to build an elliptic curve cryptosystem. Schoof's algorithm is an interesting method to find a suitable curve, but it and its various improvements are not efficient enough so far. This paper presents a method to construct an elliptic curve E over the prime field Zp whose order # E(Zp) contains two large prime factors and has no smooth factors. The time complexity of the method is O(log32p).This kind of elliptic curves can be used to various situations in which composite order groups are needed. In the cryptosystems over such elliptic curves, the leakage of information is prevented. and then the cryptosystems are robust against the attacks in Anderson's paper. This paper also improves the existing methods of building an elliptic curve E/Z, with nearly prime order. Comparing with former ones, it shows that the authors' method is more efficient.