Elliptic Curve of the Ring F q [ɛ]

Transcription

1 International Mathematical Forum, Vol. 6, 2011, no. 31, Elliptic Curve of the Ring F q [ɛ] ɛ n =0 Chillali Abdelhakim FST of Fez, Fez, Morocco chil2015@yahoo.fr Abstract Groups where the discrete logarithm problem (DLP) is believed to be intractable have proved to be inestimable building blocks for cryptographic applications. They are at the heart of numerous protocols such as key agreements, public-key cryptosystems, digital signatures, identification schemes, publicly verifiable secret sharings, hash functions and bit commitments. The search for new groups with intractable DLP is therefore of great importance.the goal of this article is to study elliptic curves over the ring F q [ɛ], with F q a finite field of order q and with the relation ɛ n =0,n 3. The motivation for this work came from the observation that several practical discrete logarithm-based cryptosystems, such as ElGamal, the Elliptic Curve Cryptosystems. In a first time, we describe these curves defined over a ring. Then, we study the algorithmic properties by proposing effective implementations for representing the elements and the group law. Keywords:Elliptic curves over the ring, Public key cryptography, Finite field, Ring 1 Introduction Let p be an odd prime number and n be an integer such that n 2. Consider the quotient ring A n = F q [X]/(X n ) where F q is the finite field of characteristic p and q elements. Then the ring A n may be identified to the ring F q [ɛ] where ɛ n = 0. In other word { n 1 } A n = a i ɛ i (a i ) 0 i n 1 F n q. The following results is easy to prove:

2 1502 Chillali Abdelhakim Lemma 1.1 Let X = n 1 X iɛ i and Y = n 1 Y iɛ i be two elements of A n. Then n 1 j XY = Z i ɛ i where Z j = X i Y j i. Lemma 1.2 The non-invertible elements of A n are those elements of the form n 1 i=1 X iɛ i. Lemma 1.3 Let Y = n 1 Y iɛ i be the inverse of the element X = n 1 X iɛ i. Then { Y0 = X0 1 Y j = X0 1 j 1 Y ix j i, j >0 Remark 1.4 We denote the canonical projection by n π : n π : A n A 1 n 1 X iɛ i X 0 n π is a morphism of rings. Remark 1.5 Let 2 k n, we denote k π the mapping kπ is a morphism of rings. kπ : A k A k 1 k 1 X iɛ i k 2 X iδ i 2 Elliptic Curve Over A n An elliptic curve over ring A n is curve that is given by such Weierstrass equation: ( ) :Y 2 Z = X 3 + axz 2 + bz 3 where a, b A n and 4a 3 +27b 2 is invertible in A n. We denote by Ea,b n the elliptic curve over A n. The set Ea,b n together with a special point O -called the point infinity- a commutative binary operation denoted by +. It is well known that the binary operation + endows the set Ea,b n with an abelian group with O as identity element. Theorem 2.1 If a =ã + a n 1 ɛ n 1, b = b + b n 1 ɛ n 1, X = X + X n 1 ɛ n 1, Y = Ỹ + Y n 1ɛ n 1, Z = Z + Z n 1 ɛ n 1 are elements of A n, which Y 2 Z = X 3 + axz 2 + bz 3, then Ỹ 2 Z = X3 +ã X Z 2 + b Z 3 +[D (AY n 1 + BZ n 1 + CX n 1 )]ɛ n 1 where A =2Y 0 Z 0, B = Y 2 0 3Z2 0 b 0 2Z 0 a 0 X 0, C = (3X a 0Z 2 0 ) and D = b n 1 Z a n 1 X 0 Z 2 0.

3 Elliptic curve of the ring 1503 Proof 2.2 Let a =ã + a n 1 ɛ n 1, b = b + b n 1 ɛ n 1, X = X + X n 1 ɛ n 1, Y = Ỹ + Y n 1ɛ n 1, Z = Z + Z n 1 ɛ n 1 are elements of A n. Then Y 2 Z =(Ỹ + Y n 1ɛ n 1 ) 2 ( Z + Z n 1 ɛ n 1 )=Ỹ 2 Z +(Y 2 0 Z n 1 +2Y 0 Z 0 Y n 1 )ɛ n 1 X 3 =( X + X n 1 ɛ n 1 ) 3 = X 3 +3X 2 0 X n 1ɛ n 1 axz 2 =ã X Z 2 +(2Z n 1 Z 0 a 0 X 0 + a 0 X n 1 Z a n 1 X 0 Z 2 0)ɛ n 1 bz 3 = b Z 3 +(b n 1 Z Z2 0 Z n 1b 0 )ɛ n 1 If Y 2 Z = X 3 + axz 2 + bz 3, then Ỹ 2 Z = X3 +ã X Z 2 + b Z 3 +(3X0X 2 n 1 + 2Z n 1 Z 0 a 0 X 0 + a 0 X n 1 Z0 2 + a n 1X 0 Z0 23Z2 0 Z n 1b 0 Y0 2Z n 1 2Y 0 Z 0 Y n 1 )ɛ n 1 so, Ỹ 2 Z = X3 +ã X Z 2 + b Z 3 +[D (AY n 1 + BZ n 1 + CX n 1 )]ɛ n 1 where A =2Y 0 Z 0, B = Y 2 0 3Z2 0 b 0 2Z 0 a 0 X 0, C = (3X a 0Z 2 0 ) and D = b n 1 Z a n 1 X 0 Z 2 0. Lemma 2.3 The mapping π k : Ea,b k E k 1 kπ(a), k π(b) [X : Y : Z] [ k π(x) : k π(y ): k π(z)] is a surjective homomorphism of groups. Proof 2.4 Let [X1 :Y 1:Z1] E k 1 kπ(a), k π(b), then there exists [X : Y : Z] Ea,b k such that πk ([X : Y : Z]) = [X1 : Y 1 : Z1]. By theorem 2.1, we have AY k 1 + BZ k 1 + CX k 1 = D[p]. Coefficients A, B and C are partial derivative of a function F (X, Y, Z) =Y 2 Z X 3 a 0 XZ 2 b 0 Z 3 at the point (x 0,y 0,z 0 ), can not be all three null. We can then at last conclude that [X k 1 : Y k 1 : Z k 1 ]. Finally, π k is a surjective. Lemma 2.5 The mapping θ k : F q E k a,b l [lɛ k 1 :1:0] is a injective homomorphism of groups. Proof 2.6 Evidently, θ k is injective. Let l, h F q, we have: [lɛ k 1 :1:0]+[hɛ k 1 :1:0]=[(l + h)ɛ k 1 :1:0] Finally θ k (l + h) =θ k (l) +θ k (h), and we concluded θ k is injective homomorphism of groups.

4 1504 Chillali Abdelhakim Definition 2.7 We definite G k by G k = Ker(π k ). Corollary 2.8 G k = θ k (F q ) Proof 2.9 Let [lɛ k 1 :1:0] θ k (F q ), then π k ([kɛ k 1 : 1 : 0]) = [0 : 1 : 0], we concluded [kɛ k 1 :1:0] G k. Let P =[X : Y : Z] G k, then π k (P ) = [0 : 1 : 0]. We set X = X k 1 ɛ k 1, Y =1+Y k 1 ɛ k 1, Z = Z k 1 ɛ k 1, and Y 1 =1 Y k 1 ɛ k 1. So, P =[Y 1 X :1:Y 1 Z]=[X k 1 ɛ k 1 :1:Z k 1 ɛ k 1 ]. We have P E k a,b, thus z k 1 =0and P θ k (F q ). Finally, G k = θ k (F q ). We deduce easily the following corollarie. Corollary 2.10 The group G k is an elementary abelian p-group. Theorem 2.11 The sequence j 0 G k Ea,b k π k E k 1 π(a),π(b) 0 be a short exact sequence defining the group extension E k a,b of Ek 1 π(a),π(b) by G k. Proof 2.12 By lemma2.3, lemma2.5 and Corollary2.8, we deduce The sequence j 0 G k Ea,b k π k E k 1 π(a),π(b) 0 be a short exact sequence defining the group extension E k a,b of Ek 1 π(a),π(b) by G k. ACKNOWLEDGEMENTS. I would thank Professor M. E. Charkani for his helpful comments and suggestions. References [1] Akiyama K, Goto A, A Public-key Cryptosystem using Algebraic Surfaces :Extended Abstract, PQCrypto Workshop Record, (2006). [2] Akiyama K, Goto A, An improvement of the algebric surface Public-key Cryptosystem, Proceedings of SCIS,(2008). [3] Miller V, Use of elliptic curves in cryptography in Advances in cryptography-crypto 85, Lecture Notes In Computer Science Springer- Verlag, vol. 218,pp (1989).

5 Elliptic curve of the ring 1505 [4] Koblitz N, Elliptic Curve Cryptosystems, Mathematics of Computation , (1987). [5] Joan-Josep C, Francisco F, Jos-Francisco V, Antonio Z,A nonlineear elliptic curve cryptosystem based on matrices, Mathematics of Computation , (2006). Received: January, 2011