{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,6]],"date-time":"2025-12-06T00:21:43Z","timestamp":1764980503509,"version":"3.46.0"},"reference-count":39,"publisher":"Walter de Gruyter GmbH","issue":"3","license":[{"start":{"date-parts":[[2017,5,11]],"date-time":"2017-05-11T00:00:00Z","timestamp":1494460800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017,9,1]]},"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>We present a variation on the CM method that produces elliptic curves over prime fields with nearly prime order that do not admit many efficiently computable isogenies. Assuming the Bateman\u2013Horn conjecture, we prove that elliptic curves produced this way almost always have a large embedding degree, and thus are resistant to the MOV attack on the ECDLP.<\/jats:p>","DOI":"10.1515\/jmc-2016-0053","type":"journal-article","created":{"date-parts":[[2017,5,11]],"date-time":"2017-05-11T08:45:40Z","timestamp":1494492340000},"page":"131-146","source":"Crossref","is-referenced-by-count":3,"title":["Isolated elliptic curves and the MOV attack"],"prefix":"10.1515","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3039-4824","authenticated-orcid":false,"given":"Travis","family":"Scholl","sequence":"first","affiliation":[{"name":"Department of Mathematics , University of Washington , Seattle WA 98195 , USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"374","published-online":{"date-parts":[[2017,5,11]]},"reference":[{"key":"2025120600191292349_j_jmc-2016-0053_ref_001_w2aab3b7b3b1b6b1ab1b8b1Aa","doi-asserted-by":"crossref","unstructured":"R.  Balasubramanian and N.  Koblitz,\nThe improbability that an elliptic curve has subexponential discrete log problem under the Menezes\u2013Okamoto\u2013Vanstone algorithm,\nJ. Cryptology 11 (1998), no. 2, 141\u2013145.\n10.1007\/s001459900040","DOI":"10.1007\/s001459900040"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_002_w2aab3b7b3b1b6b1ab1b8b2Aa","doi-asserted-by":"crossref","unstructured":"P. T.  Bateman and R. A.  Horn,\nA heuristic asymptotic formula concerning the distribution of prime numbers,\nMath. Comp. 16 (1962), 363\u2013367.\n10.1090\/S0025-5718-1962-0148632-7","DOI":"10.1090\/S0025-5718-1962-0148632-7"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_003_w2aab3b7b3b1b6b1ab1b8b3Aa","doi-asserted-by":"crossref","unstructured":"R.  Br\u00f6ker, D.  Charles and K.  Lauter,\nEvaluating large degree isogenies and applications to pairing based cryptography,\nPairing-Based Cryptography \u2013 Pairing 2008,\nLecture Notes in Comput. Sci. 5209,\nSpringer, Berlin (2008), 100\u2013112.","DOI":"10.1007\/978-3-540-85538-5_7"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_004_w2aab3b7b3b1b6b1ab1b8b4Aa","doi-asserted-by":"crossref","unstructured":"R.  Br\u00f6ker, K.  Lauter and A. V.  Sutherland,\nModular polynomials via isogeny volcanoes,\nMath. Comp. 81 (2012), no. 278, 1201\u20131231.","DOI":"10.1090\/S0025-5718-2011-02508-1"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_005_w2aab3b7b3b1b6b1ab1b8b5Aa","doi-asserted-by":"crossref","unstructured":"P.-J.  Cahen and J.-L.  Chabert,\nInteger-Valued Polynomials,\nMath. Surveys Monogr. 48,\nAmerican Mathematical Society, Providence, 1997.","DOI":"10.1090\/surv\/048"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_006_w2aab3b7b3b1b6b1ab1b8b6Aa","doi-asserted-by":"crossref","unstructured":"H.  Cohen,\nA Course in Computational Algebraic Number Theory,\nGrad. Texts in Math. 138,\nSpringer, Berlin, 1993.","DOI":"10.1007\/978-3-662-02945-9"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_007_w2aab3b7b3b1b6b1ab1b8b7Aa","doi-asserted-by":"crossref","unstructured":"H.  Cohen, G.  Frey, R.  Avanzi, C.  Doche, T.  Lange, K.  Nguyen and F.  Vercauteren,\nHandbook of Elliptic and Hyperelliptic Curve Cryptography,\nDiscrete Math. Appl. (Boca Raton),\nChapman & Hall\/CRC, Boca Raton, 2006.","DOI":"10.1201\/9781420034981"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_008_w2aab3b7b3b1b6b1ab1b8b8Aa","doi-asserted-by":"crossref","unstructured":"A. C.  Cojocaru and I. E.  Shparlinski,\nOn the embedding degree of reductions of an elliptic curve,\nInform. Process. Lett. 109 (2009), no. 13, 652\u2013654.\n10.1016\/j.ipl.2009.02.018","DOI":"10.1016\/j.ipl.2009.02.018"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_009_w2aab3b7b3b1b6b1ab1b8b9Aa","unstructured":"D. A.  Cox,\nPrimes of the Form x2+n\u2062y2{x^{2}+ny^{2}}. Fermat, Class Field Theory, and Complex Multiplication, 2nd ed.,\nPure Appl. Math. (Hoboken),\nJohn Wiley & Sons, Hoboken, 2013."},{"key":"2025120600191292349_j_jmc-2016-0053_ref_010_w2aab3b7b3b1b6b1ab1b8c10Aa","unstructured":"A.  Entin,\nOn the Bateman\u2013Horn conjecture for polynomials over large finite fields,\npreprint (2014), http:\/\/arxiv.org\/abs\/1409.0846."},{"key":"2025120600191292349_j_jmc-2016-0053_ref_011_w2aab3b7b3b1b6b1ab1b8c11Aa","doi-asserted-by":"crossref","unstructured":"E.  Fouvry and H.  Iwaniec,\nGaussian primes,\nActa Arith. 79 (1997), no. 3, 249\u2013287.\n10.4064\/aa-79-3-249-287","DOI":"10.4064\/aa-79-3-249-287"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_012_w2aab3b7b3b1b6b1ab1b8c12Aa","doi-asserted-by":"crossref","unstructured":"G.  Frey, M.  M\u00fcller and H.-G.  R\u00fcck,\nThe Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems,\nIEEE Trans. Inform. Theory 45 (1999), no. 5, 1717\u20131719.\n10.1109\/18.771254","DOI":"10.1109\/18.771254"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_013_w2aab3b7b3b1b6b1ab1b8c13Aa","doi-asserted-by":"crossref","unstructured":"J.  Friedlander and A.  Granville,\nLimitations to the equi-distribution of primes. IV,\nProc. Roy. Soc. London Ser. A 435 (1991), no. 1893, 197\u2013204.\n10.1098\/rspa.1991.0138","DOI":"10.1098\/rspa.1991.0138"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_014_w2aab3b7b3b1b6b1ab1b8c14Aa","doi-asserted-by":"crossref","unstructured":"J.  Friedlander and H.  Iwaniec,\nUsing a parity-sensitive sieve to count prime values of a polynomial,\nProc. Natl. Acad. Sci. USA 94 (1997), no. 4, 1054\u20131058.\n10.1073\/pnas.94.4.1054","DOI":"10.1073\/pnas.94.4.1054"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_015_w2aab3b7b3b1b6b1ab1b8c15Aa","doi-asserted-by":"crossref","unstructured":"J.  Friedlander and H.  Iwaniec,\nOpera de Cribro,\nAmer. Math. Soc. Colloq. Publ. 57,\nAmerican Mathematical Society, Providence, 2010.","DOI":"10.1090\/coll\/057"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_016_w2aab3b7b3b1b6b1ab1b8c16Aa","doi-asserted-by":"crossref","unstructured":"D.  Jao, S. D.  Miller and R.  Venkatesan,\nDo all elliptic curves of the same order have the same difficulty of discrete log?,\nAdvances in Cryptology \u2013 ASIACRYPT 2005,\nLecture Notes in Comput. Sci. 3788,\nSpringer, Berlin (2005), 21\u201340.","DOI":"10.1007\/11593447_2"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_017_w2aab3b7b3b1b6b1ab1b8c17Aa","doi-asserted-by":"crossref","unstructured":"D.  Jao, S. D.  Miller and R.  Venkatesan,\nExpander graphs based on GRH with an application to elliptic curve cryptography,\nJ. Number Theory 129 (2009), no. 6, 1491\u20131504.\n10.1016\/j.jnt.2008.11.006","DOI":"10.1016\/j.jnt.2008.11.006"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_018_w2aab3b7b3b1b6b1ab1b8c18Aa","doi-asserted-by":"crossref","unstructured":"D.  Jao and V.  Soukharev,\nA subexponential algorithm for evaluating large degree isogenies,\nAlgorithmic Number Theory,\nLecture Notes in Comput. Sci. 6197,\nSpringer, Berlin (2010), 219\u2013233.","DOI":"10.1007\/978-3-642-14518-6_19"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_019_w2aab3b7b3b1b6b1ab1b8c19Aa","unstructured":"J.  Katz and Y.  Lindell,\nIntroduction to Modern Cryptography, 2nd ed.,\nChapman & Hall\/CRC Cryptogr. Netw. Secur.,\nCRC Press, Boca Raton, 2015."},{"key":"2025120600191292349_j_jmc-2016-0053_ref_020_w2aab3b7b3b1b6b1ab1b8c20Aa","doi-asserted-by":"crossref","unstructured":"A. H.  Koblitz, N.  Koblitz and A.  Menezes,\nElliptic curve cryptography: The serpentine course of a paradigm shift,\nJ. Number Theory 131 (2011), no. 5, 781\u2013814.\n10.1016\/j.jnt.2009.01.006","DOI":"10.1016\/j.jnt.2009.01.006"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_021_w2aab3b7b3b1b6b1ab1b8c21Aa","unstructured":"N.  Koblitz and A.  Menezes,\nThe brave new world of bodacious assumptions in cryptography,\nNotices Amer. Math. Soc. 57 (2010), no. 3, 357\u2013365."},{"key":"2025120600191292349_j_jmc-2016-0053_ref_022_w2aab3b7b3b1b6b1ab1b8c22Aa","unstructured":"D.  Kohel,\nEndomorphism rings of elliptic curves over finite fields,\nPh.D. thesis, University of California at Berkeley, 1996, http:\/\/echidna.maths.usyd.edu.au\/~kohel\/pub\/thesis.pdf."},{"key":"2025120600191292349_j_jmc-2016-0053_ref_023_w2aab3b7b3b1b6b1ab1b8c23Aa","unstructured":"J. C.  Lagarias and A. M.  Odlyzko,\nEffective versions of the Chebotarev density theorem,\nAlgebraic Number Fields,\nAcademic Press, London (1977), 409\u2013464."},{"key":"2025120600191292349_j_jmc-2016-0053_ref_024_w2aab3b7b3b1b6b1ab1b8c24Aa","doi-asserted-by":"crossref","unstructured":"F.  Luca, D. J.  Mireles and I. E.  Shparlinski,\nMOV attack in various subgroups on elliptic curves,\nIllinois J. Math. 48 (2004), no. 3, 1041\u20131052.","DOI":"10.1215\/ijm\/1258131069"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_025_w2aab3b7b3b1b6b1ab1b8c25Aa","doi-asserted-by":"crossref","unstructured":"A. J.  Menezes, T.  Okamoto and S. A.  Vanstone,\nReducing elliptic curve logarithms to logarithms in a finite field,\nIEEE Trans. Inform. Theory 39 (1993), no. 5, 1639\u20131646.\n10.1109\/18.259647","DOI":"10.1109\/18.259647"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_026_w2aab3b7b3b1b6b1ab1b8c26Aa","doi-asserted-by":"crossref","unstructured":"A.  Menezes and E.  Teske,\nCryptographic implications of Hess\u2019 generalized GHS attack,\nAppl. Algebra Engrg. Comm. Comput. 16 (2006), no. 6, 439\u2013460.\n10.1007\/s00200-005-0186-8","DOI":"10.1007\/s00200-005-0186-8"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_027_w2aab3b7b3b1b6b1ab1b8c27Aa","doi-asserted-by":"crossref","unstructured":"A.  Menezes, E.  Teske and A.  Weng,\nWeak fields for ECC,\nTopics in Cryptology \u2013 CT-RSA 2004,\nLecture Notes in Comput. Sci. 2964,\nSpringer, Berlin (2004), 366\u2013386.","DOI":"10.1007\/978-3-540-24660-2_28"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_028_w2aab3b7b3b1b6b1ab1b8c28Aa","doi-asserted-by":"crossref","unstructured":"S. D.  Miller and R.  Venkatesan,\nSpectral analysis of Pollard rho collisions,\nAlgorithmic number theory,\nLecture Notes in Comput. Sci. 4076,\nSpringer, Berlin (2006), 573\u2013581.","DOI":"10.1007\/11792086_40"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_029_w2aab3b7b3b1b6b1ab1b8c29Aa","unstructured":"M.  Pandey,\nOn Eisenstein primes,\npreprint (2016), https:\/\/arxiv.org\/abs\/1607.00469v1."},{"key":"2025120600191292349_j_jmc-2016-0053_ref_030_w2aab3b7b3b1b6b1ab1b8c30Aa","doi-asserted-by":"crossref","unstructured":"K.  Rubin and A.  Silverberg,\nChoosing the correct elliptic curve in the CM method,\nMath. Comp. 79 (2010), no. 269, 545\u2013561.\n10.1090\/S0025-5718-09-02266-2","DOI":"10.1090\/S0025-5718-09-02266-2"},{"key":"#cr-split#-2025120600191292349_j_jmc-2016-0053_ref_031_w2aab3b7b3b1b6b1ab1b8c31Aa.1","doi-asserted-by":"crossref","unstructured":"A. Schinzel and W. Sierpi\u0144ski, Sur certaines hypoth\u00e8ses concernant les nombres premiers, Acta Arith. 4 (1958), 185-208","DOI":"10.4064\/aa-4-3-185-208"},{"key":"#cr-split#-2025120600191292349_j_jmc-2016-0053_ref_031_w2aab3b7b3b1b6b1ab1b8c31Aa.2","unstructured":"erratum, Acta Arith. 5 (1958), 259."},{"key":"2025120600191292349_j_jmc-2016-0053_ref_032_w2aab3b7b3b1b6b1ab1b8c32Aa","doi-asserted-by":"crossref","unstructured":"R.  Schoof,\nNonsingular plane cubic curves over finite fields,\nJ. Combin. Theory Ser. A 46 (1987), no. 2, 183\u2013211.\n10.1016\/0097-3165(87)90003-3","DOI":"10.1016\/0097-3165(87)90003-3"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_033_w2aab3b7b3b1b6b1ab1b8c33Aa","doi-asserted-by":"crossref","unstructured":"V.  Shoup,\nA Computational Introduction to Number Theory and Algebra, 2nd ed.,\nCambridge University Press, Cambridge, 2009.","DOI":"10.1017\/CBO9780511814549"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_034_w2aab3b7b3b1b6b1ab1b8c34Aa","doi-asserted-by":"crossref","unstructured":"J. H.  Silverman,\nThe Arithmetic of Elliptic Curves, 2nd ed.,\nGrad. Texts in Math. 106,\nSpringer, New York, 2009.","DOI":"10.1007\/978-0-387-09494-6"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_035_w2aab3b7b3b1b6b1ab1b8c35Aa","doi-asserted-by":"crossref","unstructured":"N. P.  Smart,\nThe discrete logarithm problem on elliptic curves of trace one,\nJ. Cryptology 12 (1999), no. 3, 193\u2013196.\n10.1007\/s001459900052","DOI":"10.1007\/s001459900052"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_036_w2aab3b7b3b1b6b1ab1b8c36Aa","doi-asserted-by":"crossref","unstructured":"A. V.  Sutherland,\nIsogeny volcanoes,\nANTS X \u2013 Proceedings of the Tenth Algorithmic Number Theory Symposium,\nOpen Book Ser. 1,\nMathematical Sciences Publishers, Berkeley (2013), 507\u2013530.","DOI":"10.2140\/obs.2013.1.507"},{"key":"2025120600191292349_j_jmc-2016-0053_ref_037_w2aab3b7b3b1b6b1ab1b8c37Aa","unstructured":"W.  Wang,\nIsolated curves for hyperelliptic curve cryptography,\nPh.D. thesis, University of Washington, 2012, http:\/\/search.proquest.com\/docview\/1197791596."},{"key":"2025120600191292349_j_jmc-2016-0053_ref_038_w2aab3b7b3b1b6b1ab1b8c38Aa","unstructured":"The Sage Developers, SageMath, the Sage Mathematics Software System (Version 6.10), 2016, http:\/\/www.sagemath.org\/."}],"container-title":["Journal of Mathematical Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.degruyter.com\/view\/j\/jmc.2017.11.issue-3\/jmc-2016-0053\/jmc-2016-0053.xml","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.degruyterbrill.com\/document\/doi\/10.1515\/jmc-2016-0053\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.degruyterbrill.com\/document\/doi\/10.1515\/jmc-2016-0053\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,6]],"date-time":"2025-12-06T00:19:25Z","timestamp":1764980365000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.degruyterbrill.com\/document\/doi\/10.1515\/jmc-2016-0053\/html"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,5,11]]},"references-count":39,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2017,9,21]]},"published-print":{"date-parts":[[2017,9,1]]}},"alternative-id":["10.1515\/jmc-2016-0053"],"URL":"https:\/\/doi.org\/10.1515\/jmc-2016-0053","relation":{},"ISSN":["1862-2984","1862-2976"],"issn-type":[{"type":"electronic","value":"1862-2984"},{"type":"print","value":"1862-2976"}],"subject":[],"published":{"date-parts":[[2017,5,11]]}}}