1 2 1.1............................................ 3 1.2.................................... 7 1.3........................................... 9 1.4..

2010 8 3 ( )

1 2 1.1............................................ 3 1.2.................................... 7 1.3........................................... 9 1.4........................................ 15 1.5......................................... 17 1.6 (1)........................... 21 1.7 (2)......................... 25 1.8 (3) 2..................... 27 2 30 2.1 (ECDLP).............................. 31 2.2........................................... 33 2.3 Baby-step Giant-step.................................. 35 2.4 ρ.............................................. 37 2.5............................... 43 2.6............................. 45 3 48 3.1 (ECC)..................................... 49 3.2 ECDH........................................ 51 3.3 ECElGamal...................................... 53 3.4 ECDSA......................................... 55 3.5.............................. 57 1

1., ( ). 2

1.1 p, 0 p 1 F p = {0, 1,..., p 1}. p 0 p 1, p,. 1.1 F 7 = {0, 1, 2, 3, 4, 5, 6} x + y 1.1. F p x x + p p, F p x x + p. x y = x + p y, F p. 1.2 F 7 = {0, 1, 2, 3, 4, 5, 6} x y 1.2. (additive group). 3

1.1 y x F 7 0 1 2 3 4 5 6 0 1 2 3 4 5 6 1.2 y x F 7 0 1 2 3 4 5 6 0 1 2 3 4 5 6 G (i) G a, b, c (a b) c = a (b c), (ii) G a a e = e a = a G e, (iii) G a a a = a a = e G a,, G (group). +. ( x y = y x ), ( x + y = y + x ). 4

F p p,. 1.3 F 7 = {0, 1, 2, 3, 4, 5, 6} x y 1.3. F p p, x, x + p, x + 2p, x + 3p,.... x y = (x + p) y = (x + 2p) y =,. (, p, x, a, b ap + by = 1, by 1 (mod p) b y 1 (mod p), x y = x b. a, b Euclid.) 1.4 F 7 = {0, 1, 2, 3, 4, 5, 6} x y (y 0) 1.4., ( 0 ) p F p (prime field).,, ( 0 ), (finite field).,.. 5

1.3 y x F 7 0 1 2 3 4 5 6 0 1 2 3 4 5 6 1.4 y x F 7 0 1 2 3 4 5 6 0 1 2 3 4 5 6 field, field ( )., köper (, ).,, field. 6

1.2 F p. 1.5 ( ) E : y 2 = x 3 + ax + b (a, b F p, E = 4a 3 + 27b 2 0) (1.1) F p (elliptic curve). 1.6 E : y 2 = x 3 + 3x + 4 F 7. E, x, y F p (x, y) F p - (F p -rational point). (the point at infinity) O. (x, y). 1.7 F 7 E : y 2 = x 3 + 3x + 4 10 1.5. 1.5 y 2 = x 3 + 3x + 4 F 7 - P 0 O P 1 (0, 2) P 9 (0, ) P 2 (1, 1) P 8 (1, ) P 3 (2, 2) P 7 (2, ) P 4 (5, 2) P 6 (5, ) P 5 7

E = 4a 3 + 27b 2 0, (1.1). E (discriminant). 2 F : y = x 2 + Bx + C F = B 2 4C, F 0 F. n G : y = A 0 x n + A 1 x n 1 + + A n G = A 2(n 1) 0 (α 1 α 2 ) 2 (α 1 α n ) 2 (α 2 α 3 ) 2... (α 2 α n ) 2 (α n 1 α n ) 2. α 1,..., α n G., n = 3, E = 4a 3 + 27b 2. 8

1.3,. ( x, y )., ( ). 1.8 ( ) R = P + Q. F p E : y 2 = x 3 + ax + b 2 P, Q ( O) 1. 2 P, Q (P = Q P ) l. 2. E l 3 R ( R = O ). 3. R x R (R = O R = O ). R R, R = R. O,. 1.9 1.6. 1.7 F 7 E : y 2 = x 3 + 3x + 4, 1.6 y 2 = x 3 + 3x + 4 F 7 - P 0 O P 1 (0, 2) P 6 (5, 5) P 2 (1, 1) P 7 (2, 5) P 3 (2, 2) P 8 (1, 6) P 4 (5, 2) P 9 (0, 5) P 5 (6, 0) 9

(elliptic curve) (ellipse).,.,., ( ).. 10

. 1.10 ( ) R = P + Q. F p E : y 2 = x 3 + ax + b 2 P, Q P = O : R = Q. Q = O : R = P. : P = (x P, y P ), Q = (x Q, y Q ) y P = y Q : R = O ( Q = P ). y P y Q : R = (x R, y R ). x R, y R x R = λ 2 x P x Q, y R = λ(x P x R ) y P, λ 2 P, Q ( P ). y P y Q x λ = P x Q 3x 2 P + a 2y P x P x Q x P = x Q 1.11 1.7 F 7 E : y 2 = x 3 + 3x + 4, P 2 + P 4, 2 P 6. 11

2 P = (x P, y P ), Q = (x Q, y Q ) (y P y Q )/(x P x Q ). x P = x Q 0,. P, Q E : y 2 = x 3 + ax + b y P y Q = (y P y Q )(y P + y Q ) x P x Q (x P x Q )(y P + y Q ) = yp 2 yq 2 (x P x Q )(y P + y Q ) = (x3 P + ax P + b) (x 3 Q + ax Q + b) (x P x Q )(y P + y Q ) = (x P x Q )(x 2 P + x P x Q + x 2 Q + a) (x P x Q )(y P + y Q ) = x2 P + x P x Q + x 2 Q + a y P + y Q, P = Q x P = x Q, y P = y Q. y P y Q = x2 P + x P x Q + x 2 Q + a = 3x2 P + a x P x Q y P + y Q 2y P 12

y 2 = x 3 + 3x + 4 F 7-1.7. 1.7 y 2 = x 3 + 3x + 4 F 7 - P 0 P 1 P 2 P 3 P 4 P 5 P 6 P 7 P 8 P 9 P 0 P 0 P 1 P 2 P 3 P 4 P 5 P 6 P 7 P 8 P 9 P 1 P 1 P 8 P 9 P 6 P 7 P 4 P 5 P 3 P 2 P 0 P 2 P 2 P 9 P 1 P 4 P 6 P 3 P 7 P 5 P 0 P 8 P 3 P 3 P 6 P 4 P 1 P 9 P 2 P 8 P 0 P 5 P 7 P 4 P 4 P 7 P 6 P 9 P 8 P 1 P 0 P 2 P 3 P 5 P 5 P 5 P 4 P 3 P 2 P 1 P 0 P 9 P 8 P 7 P 6 P 6 P 6 P 5 P 7 P 8 P 0 P 9 P 2 P 1 P 4 P 3 P 7 P 7 P 3 P 5 P 0 P 2 P 8 P 1 P 9 P 6 P 4 P 8 P 8 P 2 P 0 P 5 P 3 P 7 P 4 P 6 P 9 P 1 P 9 P 9 P 0 P 8 P 7 P 5 P 6 P 3 P 4 P 1 P 2 1.12 1.8, 1.10. 13

, y 2 = x 3 + ax + b ( 1.4), y 2 + a 1 xy + a 3 y = x 3 + a 2 x 2 + a 4 x + a 6 (Weierstrass ). y 2 = x 3 + ax + b. 14

1.4,. Mordell-Weil (Mordell-Weil group). (group order).. 1.13 1.7 F 7 E : y 2 = x 3 + 3x + 4 #E. F p,. 1.14 (Hasse-Weil ) F p E #E, #E. p + 1 2 p #E p + 1 + 2 p Hasse-Weil ( 1.14), F p p., F 7 1.8.,,. 1.15 1.7 F 7 E : y 2 = x 3 + 3x + 4 Hasse-Weil ( 1.14). 15

1.8 F 7 E : y 2 = x 3 + ax + b b 0 1 2 3 4 5 6 0 12 9 13 3 7 4 1 8 5 6 10 11 2 8 5 6 10 11 a 3 8 12 9 6 10 7 4 4 8 5 6 10 11 5 8 12 9 6 10 7 4 6 8 12 9 6 10 7 4 Deuring Hasse-Weil ( 1.14),., Deuring. Deuring, a, b, Hasse-Weil. F 7 ( 1.8). 16

1.5 F p E P ( (base point) ). d, P d d P = P + + P } {{ } d (scalar multiplication).,. 1.16 1.7 F 7 E : y 2 = x 3 + 3x + 4, P 1. 2 P 1 = 3 P 1 = 4 P 1 = 5 P 1 = 6 P 1 = 7 P 1 =, 2, 3,..., O. (point order)., P d P = O.,,. 1.17. 1.7 F 7 E : y 2 = x 3 + 3x + 4, P 1 17

x d x d, ( mod N ) RSA., d P,,. 18

d P, d 1., 8 P = P + P + P + P + P + P + P + P 7., 8 P = 2 (2 (2 P )), 3.,. d 2 d = 2 n 1 + d n 2 2 n 2 + + d 1 2 + d 0 (d i {0, 1}) = (1, d n 2,..., d 1, d 0 ) 2. 1.1 : P, d = (1, d n 2,..., d 1, d 0 ) 2 : d P 1. Q P 2. i = n 2,..., 1, 0 : 2.1 Q 2 Q 2.2 d i = 1 Q Q + P 3. Q., d P ( ) 1.5 log 2 d, d 1. 1.18, d = 3045 = (1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1) 2, Q.,. i 10 9 8 7 6 5 4 3 2 1 0 d i 0 1 1 1 1 1 0 0 1 0 1 2.1 2.1 2.2 19

F q E Mordell-Weil E(F q ), E(F q ) 2 C 1, C 2, E(F q ) C 1 C 2 (#C 1 #C 2, #C 1 (q 1))., E(F q ) ( E(F q ) C 1 ). 20

1.6 (1),.,. F p,, ( 10 50 ). ( 1.10),., (projective coordinates)., 3 (X : Y : Z)., 2 (X : Y : Z), (X : Y : Z ) X = cx, Y = cy, Z = cz c F p, 2. (X : Y : Z) = (2X : 2Y : 2Z) = = (X/Z : Y/Z : 1)., ( ) (x, y), (x : y : 1)., (X : Y : Z) (X/Z, Y/Z). 21

Jacobian, 2 X = c 2 X, Y = c 3 Y, Z = cz Jacobian (Jacobian projective coordinate).,. 22

Y 2 Z = X 3 + axz 2 + bz 3 (a, b F p, E = 4a 3 + 27b 2 0)., y 2 = x 3 +ax+b x = X/Z, y = Y/Z., X Z 0.,.,,. 1.19 ( ) F p E : Y 2 Z = X 3 + axz 2 + bz 3 2 P = (X P : Y P : Z P ), Q = (X Q : Y Q : Z Q ) R = P + Q = (X R : Y R : Z R ). P Q X R = va Y R = u(v 2 X P Z Q A) v 3 Y P Z Q Z R = v 3 Z P Z Q u = Y Q Z P Y P Z Q, v = X Q Z P X P Z Q, A = u 2 Z P Z Q v 3 2v 2 X P Z Q P = Q X R = 2hs Y R = w(4b h) 8YP 2 s 2 Z R = 8s 3 w = az 2 P + 3X2 P, s = Y P Z P, B = sx P Y P, h = w 2 8B 1.20. P Q : P Q :, P = (x : y : 1) d P = (X : Y : Z), (X/Z, Y/Z)., 1,. 23

,, Jacobian,. P Q P = Q 3, 1 4, 1 14 12 Jacobian 16 10 1.1, d d i, P = Q, P Q 1/2, P = Q Jacobian. 24

1.7 (2) 1.1 d 2., d m. m = 8 ( n 3 ). 1.2 (8 ) : P, d = (d n 1, d n 2,..., d 1, d 0 ) 2 : d P 0. i = 0, 1,..., 7 : 0.1 P i i P 1. Q P 4dn 1 +2d n 2 +d n 3 2. i = n 4, n 7,..., 2 : 2.1 Q 8 Q 2.2 Q Q + P 4di +2 i 1 +d i 2 3. Q. 1.2, 0. P 0, P 1,..., P 7, 1. 2.2. 1.1, 3. (window method). 1.21, d = 3045 = (1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1) 2, Q.,. i 8 5 2 d i d i 1 d i 2 111 100 101 2.1 2.1 2.2 1.1, 1.2 2.1 1/3, 8 P 3, 2.1 n., 2.2 1/3, 2.2 n/3. 1.1 2.2 1/2, 2.2 n/2,. 1.2 0.1,. 25

d 160, m = 2 4 2 5. 26

1.8 (3) 2, P P ( (x, y), (X : Y : Z))., d 2 d = 2 n 1 + d n 2 2 n 2 + + d 1 2 + d 0 (d i { 1, 0, 1}) = (1, d n 2,..., d 1, d 0 ) 2,. 1.3 ( 2 ) : P, d = (d n 1, d n 2,..., d 1, d 0 ) 2 : d P 1. Q P 2. i = n 2,..., 1, 0 : 2.1 Q 2 Q 2.2 d i = 1 Q Q + P 2.3 d i = 1 Q Q P 3. Q. d 2, NAF (non-adjacent form, ). d, 3d ( ) 2 (e n+1, e n,..., e 0 ) 2 d ( ) 2 (f n+1, f n,..., f 0 ) 2. d = (3d d)/2, 3d 2 d 2 2, d 2 ( d i = e i+1 f i+1 ). NAF,, 1 1, d ±1 log 2 d/3. 1.3 NAF, 1.33 log 2 n. 27

2 2, d i = 1,. 28

p,., y 2 = x 3 + ax + b.,.,. [ ],.,,.,,., (d P d ),.,.,,,. 29

2,. 30

2.1 (ECDLP) F p E, P d Q = d P ( )., P, Q Q = d P d (1 d l, l P ) (elliptic curve discrete logarithm problem, ECDLP). 2.1 1.7 F 7 E : y 2 = x 3 + 3x + 4, P = P 1, Q = P 2, Q = d P d. 2.1,.,.,. 2.2 F p, P, Q F p Q = d P d.. 31

P, Q = P d, P, Q d ( ), log P Q. y = log P Q. Q = d P d ( ).,. 32

2.2 2 P, Q Q = d P d (1 d l, l P ) ( ), 2 P, 3 P,..., l P (brute force method). 2.3 4 GHz, 1 4 2 30. 1 1, 2 160.. 1 3 10 7. 33

2 160,, ( 2 160 = 1461501637330902918203684832716283019655932542976 ).,,. Mathematica Maple,,. Risa/Asir,. 34

2.3 Baby-step Giant-step, Baby-step Giant-step (Baby-step Giant-step method). Q = d P, P l m = l ( x x ). d = sm + t (0 s, t < m), s, t d. s, t. R = m P, Q = d P = (sm + t) P = s (m P ) + t P = s R + t P, s, t Q t P = s R (2.1). 2 Q, Q P, Q 2 P, Q 3 P,..., Q (m 1) P O, R, 2 R, 3 R,..., (m 1) R, x. 2, s, t, d. m, 2m, 2 l. 2.4 Baby-step Giant-step, l 160 2 81. 2.3, 2 81,. 1 3 10 7., Baby-step Giant-step,. 35

, 2., 2 30 2 35, 2 40 2 45, 2 50 2 55. 36

2.4 ρ, ρ (ρ method), Baby-step Giant-step. Q = d P, s P + t Q = s P + t Q s, t, s, t (s s, t t ). (t t ) Q = (s s) P Q = s s t t P, (s s)/(t t ) d. mod l (l P ). 2.5 F 229 E : y 2 = x 3 + x + 44, P = (5, 116), Q = (155, 166) Q = d P. P l = 239., 26 P + 108 Q = 47 P + 188 Q = (9, 18) Q = 47 26 108 188 P = 21 80 P = 176 P d = 176. R i = s i P + t i Q, ρ, R i = R j R i, R j.. 37

( ) 2,.., (365 ) 23 1/2 2..,. ρ,. 38

ρ,,. R, (Random Walk ) f. R + M 0 if x(r) 0 (mod 4) R + M 1 if x(r) 1 (mod 4) f(r) = R + M 2 if x(r) 2 (mod 4) R + M 3 if x(r) 3 (mod 4) x(r) R x. M i = u i P + v i Q. 2.6 2.5, R 0 = (39, 159) = 54 P + 175 Q f,. R 9 R 21. M 0 = (135, 117) = 79 P + 163 Q M 2 = (84, 62) = 87 P + 109 Q M 1 = (96, 97) = 206 P + 19 Q M 3 = (72, 134) = 219 P + 68 Q. i R i s i t i x(r i ) mod 4 i R i s i t i x(r i ) mod 4 0 (39, 159) 54 175 3 16 (197, 92) 193 0 1 1 (160, 9) 34 4 0 17 (211, 47) 160 19 3 2 (130, 182) 113 167 2 18 (194, 145) 140 87 2 3 (27, 17) 200 37 3 19 (0, 68) 227 196 0 4 (36, 97) 180 105 0 20 (223, 153) 67 120 3 5 (119, 180) 20 29 3 21 (9, 18) 47 188 1 6 (108, 89) 0 97 0 22 (167, 57) 14 207 3 7 (81, 168) 79 21 1 23 (75, 136) 233 36 3 8 (223, 153) 46 40 3 24 (57, 105) 213 104 1 9 (9, 18) 26 108 1 25 (159, 4) 180 123 3 10 (167, 57) 232 127 3 26 (185, 227) 160 191 1 11 (75, 136) 212 195 3 27 (158, 26) 127 210 2 12 (57, 105) 192 24 1 28 (197, 92) 214 80 1 13 (159, 4) 159 43 3 29 (211, 47) 181 99 3 14 (185, 227) 139 111 1 30 (194, 145) 161 167 2 15 (158, 26) 106 130 2 31 (0, 68) 9 37 0 39

Random walk f,, 4.. ρ, 20. 40

, l., R i (distinguished point). x θ., 1/θ.,. R i = R j f(r i ) = f(r j ), f(f(r i )) = f(f(r j )), f(f(f(r i ))) = f(f(f(r j ))),...,,. 2.7 2.6, x 1 0 ( θ = 10), R 1 = (160, 9), R 2 = (130, 182), R 19 = (0, 68), R 31 = (0, 68). R 19 R 31, R 19 = 227 P + 196 Q = 9 P + 37 Q = R 31 d = 176. ρ, l, Baby-step Giant-step. l/θ, Baby-step Giant-step., ρ,.,,. 41

Certicom Certicom Waterloo Scott Vanstone 1985, (, Waterloo RIM ). Certicom,. 42

2.5., ρ. (Certicom Challenge.) 1997 12 79 Certicom Challenge 1998 01 89 Certicom Challenge 1998 03 97 Certicom Challenge 2002 10 109 Certicom Challenge 2009 07 112 2009 7 112. p = (2 128 3)/(11 6949) a = 4451685225093714772084598273548424 b = 2061118396808653202902996166388514 #E = 4451685225093714776491891542548933 x P = 188281465057972534892223778713752 y P = 3419875491033170827167861896082688 l = 4451685225093714776491891542548933 x Q = 1415926535897932384626433832795028 y Q = 3846759606494706724286139623885544 d = 312521636014772477161767351856699 Q x (π 3) 10 34,. 112, PlayStation 3 200., 2009 1 7. 43

Certicom Challenge Certicom,,.,. 359 100,000,,,. 44

2.6, ρ.,. 2.6.1 Menezes-Okamoto-Vanstone Waterloo Alfred Menezes, Scott Vanstone NTT Tatsuaki Okamoto, F p p + 1 (Supersingular ),. 2.8 1.8 F 7, Supersingular., ( ) Supersingluar. 2.6.2 Semaev-Smart-Satoh-Araki Igor Semaev, Bristol Nigel Smart, Takakazu Satoh Kiyomichi Araki, F p p (Anomalous ),. 2.9 1.8 F 7, Anomalous. 45

Menezes-Okamoto-Vanstone,,,. (pairing)., 2 e : E(F q ) E(F q ) G, P, P, Q, Q, e(p + P, Q) = e(p, Q) e(p, Q), e(p, Q + Q ) = e(p, Q) e(p, Q )., (bilinear map).,,, ID. 46

, P, Q Q = d P d.,, Baby-step Giant-step, ρ. ρ. [ ],,.,,.,. 47

3,.. 48

3.1 (ECC),. (elliptic curve cryptosystems, ECC)... 3.1 ( ).,. RSA, RSA 1024. RSA, ( d) 160.,. 3.1. F p, E : y 2 = x 3 + ax + b. P = (x P, y P ), l.. p = 2 160 2 31 1 = 1461501637330902918203684832716283019653785059327 a = 3 = 1461501637330902918203684832716283019653785059324 b = 163235791306168110546604919403271579530548345413 #E = 1461501637330902918203687197606826779884643492439 x P = 425826231723888350446541592701409065913635568770 y P = 203520114162904107873991457957346892027982641970 l = 1461501637330902918203687197606826779884643492439 49

3.1 Diffie-Hellman (ECDH) Menezes-Qu-Vanstone (ECMQV) ElGamal (ECElGamal) DSA (ECDSA), (encryption), (cryptsystem) 2.,. (cryptsystem ),. 50

3.2 ECDH, ( ).,, Diffie-Hellman (ECDH ). 3.2 (ECDH ) Alice Bob, F p E P. Alice Bob, 2 K A = K B. 1. Alice d A, P A = d A P Bob. 2. Bob d B, P B = d B P Alice. 3. P B Alice K A = d A P B,. 4. P A Bob K B = d B P A,. 3.3 1.7 F 7 E : y 2 = x 3 + 3x + 4 P = P 1, d A = 2, d B = 3. P A = K B = P B = K A = 3.4 ECDH, Alice K A Bob K B. ECDH. Carol, Alice Bob ECDH, F p, E, P. Alice Bob P A, P B. P A, P d A, P B, P d B, Carol d A, d B. ECDH. 51

Diffie-Hellman (ECDH ) P A = d A P, P B = d B P, P A, P B, P K = d A d B P Diffie-Hellman (ECDH ). ECDH., P A, P d A, K = d A P B, ECDH. ECDH, d A, d B K,. ECDH,, ECDH. 52

3.3 ECElGamal ECDH, ECElGamal. 3.5 (ECElGamal ) Alice Bob, F p E P. Alice Bob, Bob M. 1. Bob d B, P B = d B P. P B, d B. 2. Alice a r, P A = r P. b Bob P B, K = r P B. c M, C = M + K. d Bob C P A. 3. Bob a P A d B, K = d B P A. b M = C K, M. 3.6 ECElGamal, Alice K Bob K.. 53

, 1985 IBM Victor Miller Washington Neal Koblitz.,. 54

3.4 ECDSA, ECDSA. 3.7 (ECDSA ) Alice Bob, F p E P l. Alice Bob, Bob m. 1. Alice d A (1 d A l), P A = d A P. P A, d A. 2. Alice a r, U = r P = (x U, y U ). b m H(m). c u = x U mod l, v = (H(m) + u d A )/r mod l. d Bob (u, v). 3. Bob a Alice P A, d = 1/v mod l V = d H(m) P + d u P A = (x V, y V ). b u = x V mod l.,,. 3.8 ECDSA,. 55

DTCP,., DTCP (Digital Transmission Content Protection),. DTCP, ECDH, ECDSA. 56

3.5,,. 2, Baby-step Giant-step, ρ l. l,.,. 3.9 ( ) P. F p E 1. p, p. 2. a, b F p, E(a, b) : y 2 = x 3 + ax + b. (Hasse-Weil, p + 1 2 p #E(a, b) p + 1 + 2 p ). 3. #E(a, b) 2.. 4. #E(a, b) = p 2. (Anomalous ). 5. E(a, b) P. 3.10 Supersingular.. 3.11 3.,.. 57

NIST,,,. NIST. 58

(ECC), ( ). [ ],,.,., ANSI ( ), IEEE ( ), ISO ( ), NIST ( ), CRYPTREC ( ).,. 59

,.,., ( ). 2,., ( ),, 2004 5., ( ),, 2003 11.,. 3,. 3,,.,,, 2001 11. Joseph Silverman, A Friendly Introduction to Number Theory (3rd edition), Pearson Prentice Hall, 2006 [, ( 3 ),, 2007 ] Victor Shoup, A Computational Introduction to Number Theory and Algebra (1st edition) [ PDF : http://shoup.net/ntb/]. Jeffrey Hoffstein, Jill Pipher, Joseph Silverman, An Introduction to Mathematical Cryptography, Springer-Verlag, 2008 60

,,. 3,.,,, 2003 3,, BP, 1998 7 ( ),,, 2010 4, 2 (, ).,,, 2008 11,,,, 2004 3. 2. 3,. 4,. Neal Koblitz, A Course in Number Theory and Cryptography (2nd edition), Springer-Verlag, 1994 [, ( 2 ),, 1997 8 ] Ian Blake, Gadiel Seroussi, Nigel Smart, Elliptic Curves in Cryptography, Cambridge University Press, 2000 [,,, 2001 ] Darrel Hankerson, Alfred Menezes, Scott Vanstone, Guide to Elliptic Curve Cryptography, Springer, 2002, (, ),,, 2008 8, ( : ID ). ID. Luther Martin, Introduction to Identity-Based Encryption, Artech House, 2008 61

,,.,,. (ISEC) [2 1 ] (JANT) [3 1 ], ISEC, 300. (SCIS) [ 1 ], (IACR) CRYPTO EUROCRYPTO ASIACRYPTO PKC,. Workshop on Elliptic Curve Cryptography (ECC) 62