Distributing of point division on 4 results of Edwards curve points group to adjacement classes

Abstract

Elliptic curves in Edwards form are perspective for usage in modern asymmetric cryptosystems. Such curves have a series of advantages in compare with elliptic curves in canonical form, such as speed of addition, universality of addition law, existence of affine coordinates for neutral element of group of points. The fact that Edwards curves are symmetric in both variables involves some properties of such curves that are used in cryptogogy. These days Edwards curves are actively investigates all over the world, for instance, the possibility is investigated to design new digital signature standards on Edwards curves. The most interesting for practical usage are Edwards curves which orders are equal to 4n, where n is large prime number. The security of digital signature on Edwards curves is based on complication of DLP (Discrete logarithm problem) in subgroup of Edwards curve points. The usage of Edwards curve for new digital signature standards stipulates the actuality of cryptanalysis of such cryptosystems. The important place among attacks on DLP-based cryptosystems take special attacks that use the features of the cyclic group in which the DLP problem is considered. Because of this it is necessary to investigate the structure of the cyclic group and its features for cryptanalysis of such systems. One of the algebraic tasks which may be useful in cryptanalysis is representation of Edwards curve points by the pair of left (right) adjacent classes by subgroups of the order 4 and of the maximal prime order n. One of the algorithms for cryptographic analysis of the Edwards curve cryptosystems is the division of point of Edwards curve by four. Division results are tightly connected with the split of point groups of Edward curve by adjacent classes of subgoups of maximum prime order and of the order 4. Structure of the Edwards curve points group allows to determine definitively position of any point of this group, simultaneously in two adjacent classes of subgroups of maximum prime order or fourth order. Example is given of discrete logarithmic problem solution using division of point by four and classification of results of division by adjacent classes for point groups of Edwards curve of order twenty eight and seventy six.