[prev in list] [next in list] [prev in thread] [next in thread]
List: moderncrypto-curves
Subject: [curves] Twist-secure Weierstrass curves over Fq(Sal384)
From: coruus () gmail ! com (David Leon Gil)
Date: 2014-11-30 2:14:05
Message-ID: CAA7UWsWUvKS5jHqabR5X-HzkEMsmfxvyq+Oy5vs=uDU5hEg9cQ () mail ! gmail ! com
[Download RAW message or body]
Some numerical results for elliptic curves over Fq(2^384 - 2^128 -
2^96 + 2^32 - 1). I generated curves by j-invariant using the
relations:
a4 = (36 / (j0 - 1728))
a6 = (-1 / (j0 - 1728))
I've run 0 < j ~<= 210341. (Upper-bound approximate because a few
curves with smaller j were still being point-counted when I stopped
the process.)
--
221/210341 (about 0.1%) of the curves had prime order (cofactor 1). 4
of those curves (about 2%) had prime order on both the curve and
twist.
The j-invariants of the twist-secure curves I found: 145, 23041, 85522, 155663.
(Some raw data here: https://github.com/coruus/sally)
I was too lazy to attempt to replicate using Appendix 4 of this:
http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf
- David
(Many thanks to Michael Hamburg for his point-counting script. Any
egregious blunders are entirely mine, however.)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic