Abstract
In 1999 Silverman [21] introduced a family of binary finite fields which are composite extensions of F2 and on which arithmetic operations can be performed more quickly than on prime extensions of F2 of the same size.
We present here a fast approach to elliptic curve cryptography using a distinguished subset of the set of Silverman fields F2 N = F h n. This approach leads to a theoretical computation speedup over fields of the same size, using a standard point of view (cf. [7]). We also analyse their security against prime extension fields F2 p, where p is prime, following the method of Menezes and Qu [12]. We conclude that our fields do not present any significant weakness towards the solution of the elliptic curve discrete logarithm problem and that often the Weil descent of Galbraith-Gaudry-Hess-Smart (GGHS) does not offer a better attack on elliptic curves defined over F N2 than on those defined over F p2 , with a prime p of the same size as N.
A noteworthy example is provided by F 2262 : a generic elliptic curve Y 2 + XY = X 3 + αX 2 + β defined over F2 226 is as prone to the GGHS Weil descent attack as a generic curve defined on the NIST field F2 223.
The work described in this paper has been supported by the European Commission through the IST Programme under Contract IST-1999-12324.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
D.G. Cantor. Computing in the Jacobian of a Hyperelliptic Curve. Mathematics of Computation, 48(177):95–101, 1987.
A. Enge and P. Gaudry. A General Framework for Subexponential Discrete Logarithm Algorithms. In LIX/RR/00/04-Laboratoire d’Informatique-Ecole Polytechnique-Palaiseau, to appear in Acta Arithmetica, Available at http://www.math.uni-augsburg.de/~enge/Publikationen.html, June 2000.
S. Gao and H.W. Lenstra JR. Optimal Normal Bases. Designs, Codes and Cryptography, 2:315–323, 1992.
P. Gaudry. An Algorithm for Solving the Discrete Logarithm Problem on Hyperelliptic Curves. In Springer-Verlag, editor, Advances in Cryptography-EUROCRYPT’ 2000, LNCS, 2000.
P. Gaudry, F. Hess, and N.P. Smart. Constructive and Destructive Facets of Weil Descent on Elliptic Curves. Journal of Cryptology, to appear.
D. M. Gordon. A Survey of Fast Exponentiation Methods. Journal of Algorithms, 27(1):129–146, 1998.
D. Hankerson, J. L. Hernandez, and A. Menezes. Software Implementation of Elliptic Curve Cryptography over Binary Fields. Proceedings of CHES2000, pages 1–24, 2000.
C. Hooley. On Artin’s Conjecture. J. Reine Angew. Math., 225:209–220, 1967.
B. Ito and S. Tsujii. Structure of a Parallel Multiplier for a Class of Fields GF(2n). Information and Compuers, 83:21–40, 1989.
K. Koblitz. Elliptic Curve Cryptosystems. Mathematics of Computation, 48(177):203–209, 1987.
N. Koblitz. CM-curves with good cryptographic properties. In Joan Feigenbaum, editor, Advances in Cryptology-Crypto’ 91, pages 279–287, Berlin, 1991. Springer-Verlag. Lecture Notes in Computer Science Volume 576.
A. Menezes and M. Qu. Analysis of the Weil Descent Attack of Gaudry, Hess and Smart. In Proceedings RSA 2001, 2001.
A. J. Menezes, T. Okamoto, and S. Vanstone. Reducing Elliptic Curve Logarithms to Logarithms in a Finite Field. IEEE Transactions on Information Theory, 39:1639–1646, 1993.
V. Miller. Use of Elliptic Curves in Cryptography. In Springer-Verlag, editor, Advances in Cryptology, CRYPTO86, volume 263 of LNCS, pages 417–426, 1986.
F. Morain and J. Olivos. Speeding up the Computations on an Elliptic Curve using Addition-Subtraction Chains. Inform. Theor. Appl., 24:531–543, 1990.
S. Pohlig and M. Hellman. An Improved Algorithm for Computing Logarithms over GF(p) and its Cryptographic Significants. IEEE Transactions on Infomation Theory, 24:106–110, 1978.
J. Pollard. Monte Carlo Methods for Index Computation (mod p). Mathematics of Computation, 32:918–924, 1978.
T. Satoh and K. Araki. Fermat Quotients and the Polynomial Time Discrete Log Algorithm for Anomalous Elliptic Curves. Commentarii Math. Univ. St. Pauli, 47:81–92, 1998.
I.A. Semaev. Evaluation of Discrete Logarithms in a Group of p-torsion Points of an Elliptic Curve in Characteristic p. Mathematics of Computation, 67:353–356, 1998.
D. Shanks. A Theory of Factorization and Genera. In Proc. Symp. Pure Math., 20:415–440, 1971.
J. H. Silverman. Fast Multiplication in Finite Fields GF(2n). Proceedings CHES’ 99, pages 122–134, 1999.
N. P. Smart. The Discrete Logarithm Problem on Elliptic Curves of Trace One. Journal of Cryptology, 12(3):193–196, 1999.
N. P. Smart. How Secure are Elliptic Curves over Composite Extension Fields? Proceedings EUROCRYPT 2001, 2045:30–39, 2001.
J. A. Solinas. An Improved Algorithm for Arithmetic on a Family of Elliptic Curves. In Burton S. Kaliski Jr., editor, Advances in Cryptology, CRYPTO’ 97, volume 1294 of Lecture Notes in Computer Science, Springer-Verlag, pages 357–371, 1997.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ciet, M., Jean-Jacques, Q., Sica, F. (2001). A Secure Family of Composite Finite Fields Suitable for Fast Implementation of Elliptic Curve Cryptography. In: Rangan, C.P., Ding, C. (eds) Progress in Cryptology — INDOCRYPT 2001. INDOCRYPT 2001. Lecture Notes in Computer Science, vol 2247. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45311-3_11
Download citation
DOI: https://doi.org/10.1007/3-540-45311-3_11
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43010-0
Online ISBN: 978-3-540-45311-6
eBook Packages: Springer Book Archive