In the article we propose a new compression method (to 2 log 2 (q) + 3 bits) for the F q 2 -points of an elliptic curve E b : It is based on F q -rationality of some generalized Kummer surface GK b . This is the geometric quotient of the Weil restriction R b := R F q 2 /Fq (E b ) under the order 3 automorphism restricted from E b . More precisely, we apply the theory of conic bundles i.e., conics over the function field F q (t) to obtain explicit and quite simple formulas of a birational F q

more »

... omorphism between GK b and A 2 . Our point compression method consists in computation of these formulas. To recover (in the decompression stage) the original point from E b (F q 2 ) = R b (F q ) we find an inverse image of the natural map R b → GK b of degree 3, i.e., we extract a cubic root in F q . For q ≡ 1 (mod 27) this is just a single exponentiation in F q , hence the new method seems to be much faster than the classical one with x-coordinate, which requires two exponentiations in F q .