楕円曲線暗号の計算機実験

(1)

2009SE295

1

"!$#

%'&)(+*,'-.)(0/)(21436587:9;2*,=<?>A@BC4D

EGFHJI0K2L @NMNO?PRQTSU IWVX P+*,)(:DZYT[\Y?<

]_^ BC I`0a <?b ^ MNOc50de'fGg2hN32i'@+jkMMW3 5clm23+npo+BWqsr4t0u

[1]

<vbsoWw `caxRy 7vzp<v{A| Q y w:}'~G"325)O ^ w3J|:PJJYTP `+asI4 @?2s< y BG4j

2

R

F

p

= k=

5

2 (+Gz

p

O

a, b ∈ F

p

I0y w74

E(p; a, b) =

(x, y) ∈ F

p

× F

p

| y

2 = x

3 + ax + b

∪ {O}

(1)

<c7

F

p

(Wqsr4t0uO ^ jMMc347

O

5W6W O¢¡ £ L @c¤¥P0e'N32i¦Y§7

a, b ∈ F

p

5

4a

3 + 27b

3 6= 0

(2)

<8¨'B )© ()O @0j ª « qRrtGu

E(5; 1, 1)

(4"¬AG®

F

5

I'¯ Nw'7

f (x) = x

3 + x + 1

(

x = 0, 1, 2, 3, 4

3"(4°"7

y =

0, 1, 2, 3, 4

(

y

2

(0°p<c~G @JO±7

x

0 1 2 3 4

f (x)

1 3 1 1 4

y

0 1 2 3 4

y

2 0 1 4 4 1

OWP"@:jG² H <+³´ @)Oµ7

x = 1

¶ (

x

I· 'w 5:7

y

2 = f (x)

O?P2@

y

¸8¹º @NMNO ¸8»6¼ @0j½"¾ £ 7

x = 0

(pO4|c7

f (x) = 1

)Y§7

y = 1

O

y = 4

3

y

2 = f (x)

¸8¿ YÁÀ · j

E(5; 1, 1)

5:7

9

¼¦Â P2@

E(5; 1, 1) =

(0, 1), (0, 4), (2, 1), (2, 4), (3, 1),

(3, 4), (4, 2), (4, 3) ∪ {O}

(W632i'@0j

y

ÃÄ <

4 = −1, 3 = −2

OÆÅ¦|:Ç y w7

E(5; 1, 1)

<

xy

È8É6 I4ÊWË' @6OÌ74Í Ê (2 ^ I P@?j

-

_x

1 2 3

0

1

2 −1

−2

6

y

u

3

k=Î Ï¦Ð_Ñ q¦rtu (4p(8Ò6Ó¦< Í"() ^ I8Ô C@8j Í7

E = E(p; a, b)

O¢Õ4Ö @0j

(i)

×Ø (0

P ∈ E

OÌ0

O

Oc(0Ùp<

P + O = O + P = P

(3)

I Y Ô C'@cj P8Ú"ÛW7

O

<c72M+(cÒÓ IÜ+ @

0

«ÞÝ ß'à ¬RO @0j

(ii)

0

O

¶ ( ×Ø (0

P = (x, y) ∈ E

I0y wG7

P

0 _{= (x, −y)}

3 ÔAá @Ws5

E

(:_OcPN@+j

P

O

P

0

(0Ùp<

P + P

0 _{= P}

0 _{+ P = O}

₍₄₎

O Ô C@vj P0ÚNÛv7

P

0

<

−P

O @?jÆ¤ I 7

P = (x, 0)

(" ^ P+ ¸ i L £ « i'@JOc5 Â P8¬â7

P + P = O

32i'@0j ã2ä « Ò"Ó=( Ô2å

(iii) ) P

1 = (x

1 , y

1 ) ∈ E, P

2 =

(x

2 , y

2 ) ∈ E

I'· 6w27

(a) x

1 6= x

2

7 á B"57

(b)

x

1 = x

2 , y

1 = y

2 6= 0

¸¿ YÆÀ ·¦© (=O @4j6æ'( O8|?7

λ =











y

2 − y

1 x

2 − x

1 (a)

(Wç

3x

2

1 + a

2y

1 (b)

(Wç

(5)

x

3 = λ

2 − x

1 − x

2 , y

3 = λ(x

1 − x

3 ) − y

1 (6)

3 Ô)á @c

P

3 = (x

3 , y

3 )

5

E

(We' O?P2@0j ª « qArt8u

E(5; 1, 1)

(8)(+ÒNÓ2¬

F

5

(

2

è Oé zs5:7

x

0 1 2 3 4

x

2 0 1 4 4 1

x

1 2 3 4

1/x 1 3 2 4

(N ^ I P'@cj

P = (0, 1) ∈ E(5; 1, 1)

I8· Gw87

2P =

P + P

<c~G @0j

x

1 = 0, y

1 = 1

O y w7Gêë

(5)

(

(b)

(WçkOÌêë

(6)

<WìNN@JO±7

λ =

3x

2

1 + 1

2y

1 =

3 · 0

2 + 1

2 · 1

=

1

2 = 3

x

3 = λ

2 − 2x

1 = 3

2 − 2 · 0 = 4

y

3 = λ(x

1 − x

3 ) − y

1 = 3 · (0 − 4) − 1 = 2

OµP@?j y B ¸ ovw87

2P = (4, 2)

3i@cjí Â I 7

3P =

P + 2P

<c~G @0j

x

1 = 0, y

1 = 1, x

2 = 4, y

2 = 2

O y w74êë

(5)

(

(a)

(WçkOÌêë

(6)

<WìNN@JO±7

λ =

y

2 − y

1 x

2 − x

1 =

2 − 1

4 − 0

=

1

4 = 4

x

3 = λ

2 − x

1 − x

2 = 4

2 − 0 − 4 = 1 − 4 = 2

y

3 = λ(x

1 − x

3 ) − y

1 = 4 · (0 − 2) − 1 = 1

(2)

¸

3P = (2, 1)

4P = P + 3P = (3, 4), 5P = P + 4P = (3, 1),

6P = P + 5P = (2, 4), 7P = P + 6P = (4, 3),

8P = P + 7P = (1, 4)

(6 ^ I ~=í L @Wj

4 = −1

"Yð7

8P = (1, 4)

5

−P

32i'@0j y B ¸ o+w7

9P = P + 8P = O

O?P2@0j

-

_x

1 2 3

0

1

2 −1

−2

6

y

u

:

A

AU

6 H

_HH

j

X

y

u

4

k=òñ=óZôöõ6÷ÎøRùÎúZûRùZüký

E(F

p

) = E(p; a, b)

<

F

p

(Wqsr8t0u O y 7âþÿ I { |:Pz

n

37"5WCGw

nP = O

O?P2@

P ∈ E(F

p

)

< 4jJM:(

P

< WOv¡4j25 » ( <07"!$#5 » ( %ò<07æ L&8L 7

Σ

n

= {0, 1, ... , n − 1}

¼RÂ '47$()N5

A =

P

<W7"! #G5

B =

%

P

<c~G y w7S} I+*,N @0j ¸ 7-

B

<W7"! # ¸ 7.%

A

<c~G @JO±7

B =

%

A =

/%

P

(7)

O?P6o+w70J(+1

K =

/%

P

¸32_Â L @0j

#

"

!

A =

P

<c~G

-A

B

E(F

p

), P

« ê54¬ 687 H "#

#

"

!

! #

B =

%

P

<c~G M ^ y w06(:90; ¸ g< I P L £ 7 0=' @?>@"A B @ `0a <?C¾N@NMNOc5DE232i'@0j *,H ! # ¸ 7 È F

X ∈ E

< `:a'x y w GH I* YvB=O @:j! # 5:7 2(0ê54I

P , A

O8 » ( %<?bAo+w7

B =

%

P, Y = X +

%

A

(8)

<c~G y 7 I+*,N @0jJKc[=o4B25

X = Y + (−

B)

(9)

33L axN @0j

#

"

!

A =

P

<c~G

B, Y

E(F

p

), P, A

« ê54¬ 687 H "#

'

&

$

%

! #

B =

%

P

Y = X +

%

A

<c~G

5

MONQPSR q)rt+u

(31; 2, 17)

(0p<?C¾N@0j8+®

F

31

I¯ 4w87

f (x) = x

3 + 2x + 17

(O+|µ7µqJr8tcu

E(31; 2, 17)

(0e2z)5

]E(31; 2, 17) = 41

I PN@+j

P = (10, 13)

3 i¦Y§7

P, 2P, ..., 40P

á 3?TpÛU y w$VWX I4 @JO

Í (" ^ I P2@0j

0

5

10

15

20

25

30

0

5

10

15

20

25

30

Ê

1

z°~GY8Z MM038 [ I (H¦O:!$#( ^ P4DYT[$YW< y w'¨ B0j\'5 » (+88s<

24

O y 7!"#5 » (]8 p<

29

O y B:j 25

A = 24P = (17, 29)

<W7"! # 5

B = 29P = (23, 4)

<c~G y w8SU I+*,y i ^ j ¸

24B

<?! # ¸

29A

<c~G y w7

24 B = 29 A = (10, 18)

(10)

OcP6o+wG7s(12

K = (10, 18)

¸2ZÂ L @+jpM MW3 =N @I>I@ A B @ `0a <?C¾N@Wj! # ¸4È F

X =

(30, 13) ∈ E

< `0axy w5 I+* @0j0! #G5

P , A ,

%Z<?bAo+w7

B =

%

P, Y = X +

%

A = (30, 13) + (10, 18) (11)

<c~G y 7 I+*,N @0jJKc[=o4B25

X = Y + (−

B) = (24, 1) + (10, −18)

(12)

33L ax 3J|?7

X = (30, 13)

<^JC2@NMNO ¸ 3J|@0j

6

_a`cb)# qprGt:us(?9;)( d I· wIe'47+[ I 9; < y 7 `+a'x y w7?L a'x" @6M6O ¸ 3s|4B:j+f g258> @ A B @ `0asI4· w?h-i y B ¸ 7=æ(jJ( `0aR© %& 3N5ke36iRY§7l0( ^ Im ìAí L w'"@( ¼ © e n 3|8BGAOpoO0B:j qsrutSv

[1]

w0x k"yG7z V8{}| 7+~ V" 7?5I7?08 5 7670Ù; `+a d OqprGt:u5â7 U]'727

2008.

楕円曲線暗号の計算機実験

2009SE295

1

[1]

2

F

p

5

p

a, b ∈ F

p

E(p; a, b) =

(x, y) ∈ F

p

× F

p

| y

2

= x

3

+ ax + b

∪ {O}

(1)

F

p

O

a, b ∈ F

p

4a

3

+ 27b

3

6= 0

(2)

E(5; 1, 1)

F

5

f (x) = x

3

+ x + 1

x = 0, 1, 2, 3, 4

y =

0, 1, 2, 3, 4

y

2

x

0 1 2 3 4

f (x)

1 3 1 1 4

y

0 1 2 3 4

y

2

0 1 4 4 1

x = 1

x

y

2

= f (x)

y

x = 0

f (x) = 1

y = 1

y = 4

y

2

= f (x)

E(5; 1, 1)

9

E(5; 1, 1) =

(0, 1), (0, 4), (2, 1), (2, 4), (3, 1),

(3, 4), (4, 2), (4, 3) ∪ {O}

y

4 = −1, 3 = −2

E(5; 1, 1)

xy

-

x

1 2 3

0

(x, y) ∈ F

(0, 1), (0, 4), (2, 1), (2, 4), (3, 1),

_x

_{= (x, −y)}

_{= P}

_{+ P = O}

₍₄₎