有限域上的椭圆曲线在公钥密码学中获得诸多应用,比如椭圆曲线密码系统、基于身份的加密体制和基于同种的Diffie-Hellman密钥交换等等.椭圆曲线具有多种代数方程表现形式,例如Weierstrass形式、Edwards形式、Huff形式和Hessian形式等.椭圆曲线的不同代数表达式在应用实现时有不同优势.与经典的 Weierstrass 形式相比,Edwards 形式从计算效率和安全角度来说具有更多优势.故而近年来不少研究工作专注于Edwards形式的椭圆曲线.但传统椭圆曲线密码系统的标准参数均在Weierstrass形式下给出的,不便于工程人员在 Edwards 形式下做算法实现.本文的主要贡献是给出将二元域上椭圆曲线的Weierstrass形式到Edwards形式的转换算法.转换过程主要利用了Shallue-Woestijne算法和半分有理点算法,与已有结果相比,我们新提出的算法不依赖于任何条件并具有确定性多项式时间复杂度.实际上新的算法只需要很少的计算量.另外,我们还在附录中给出相应的例子以详细说明从 Weierstrass形式到Edwards形式的转换过程.%Elliptic curves over finite fields have found many applications in public key cryptography, such as elliptic curve cryptosystems (ECC), identity-based encryption, isogeny-based Diffie-Hellman key exchange, etc. Elliptic curves have a variety of algebraic equations including Weierstrass form, Edwards form, Huff form, Hessian form, etc. Different forms of elliptic curves have their own merits. Compared with the classical Weierstrass form, the Edwards form has more advantages with respect to efficiency and security. However, the parameters of traditional ECC used in standards are given in the Weierstrass form. It is inconvenient for engineers to implement cryptographic algorithms in the Edwards form. This paper gives an algorithm of converting the Weierstrass form into the Edwards form for elliptic curves over binary fields. The converting process makes use of the Shallue-Woestijne algorithm and the halving a rational point algorithm. The proposed algorithm has a deterministic polynomial time complexity and does not require any additional condition compared with the previous results. In addition, only a small amount of computation is required in the proposed algorithm. An example is illustrated explicitly for the conversion process from the Weierstrass form into the Edwards form in the Appendix.
展开▼
