Abstract
We analyze the Gaudry-Hess-Smart (GHS) Weil descent attack on the elliptic curve discrete logarithm problem (ECDLP)for elliptic curves defined over characteristic two finite fields of composite extension degree. For each such field F2 N, N ∈ [160, 600], we identify elliptic curve parameters such that (i)there should exist a cryptographically interesting elliptic curve E over F2 N with these parameters; and (ii)the GHS attack is more efficient for solving the ECDLP in E(F N2 )than for any other cryptographically interesting elliptic curve over F2 N.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
E. Artin. “Quadratische Körper im Gebiete der höheren Kongruenzen”, Mathematische Zeitschrift, 19 (1924), 207–246.
D. Cantor, “Computing in the jacobian of a hyperelliptic curve”, Math. Comp., 48 (1987), 95–101.
M. Daberkow, C. Fieker, J. Klüners, M. Pohst, K. Roegner, M. Schörnig, K. Wildanger, “KANT V4”, J. Symbolic Computation, 24 (1997), 267–283.
A. Enge, P. Gaudry, “A general framework for subexponential discrete logarithm algorithms”, Acta Arithmetica, to appear.
M. Fouquet, P. Gaudry, R. Harley, “An extension of Satoh’s algorithm and its implementation”, J. Ramanujan Mathematical Society, 15 (2000), 281–318.
G. Frey, “How to disguise an elliptic curve (Weil descent)”, Talk at ECC’ 98, Waterloo, 1998.
G. Frey, H. Rück, “A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves”, Math. Comp., 62 (1994), 865–874.
S. Galbraith, F. Hess, N. Smart, “Extending the GHS Weil descent attack”, preprint, 2001.
S. Galbraith, N. Smart, “A cryptographic application of Weil descent”, Codes and Cryptography, LNCS 1746, 1999, 191–200.
P. Gaudry, “An algorithm for solving the discrete log problem on hyperelliptic curves”, Advances in Cryptology—Eurocrypt 2000, LNCS 1807, 2000, 19–34.
P. Gaudry, F. Hess, N. Smart, “Constructive and destructive facets of Weil descent on elliptic curves”, preprint, January 2000.
F. Hess, KASH program for performing the GHS attack, 2000.
Internet Engineering Task Force, The OAKLEY Key Determination Protocol, IETF RFC 2412, November 1998.
M. Jacobson, A. Menezes, A. Stein, “Solving elliptic curve discrete logarithm problems using Weil descent”, J. Ramanujan Mathematical Society, to appear.
A. Joux. Personal communication. June 2001.
A. Joux, R. Lercier, “Improvements on the general number field sieve for discrete logarithms in finite fields”, Math. Comp., to appear.
A. Menezes, T. Okamoto, S. Vanstone, “Reducing elliptic curve logarithms to logarithms in a finite field”, IEEE Trans. Info. Th., 39 (1993), 1639–1646.
A. Menezes, M. Qu, “Analysis of the Weil descent attack of Gaudry, Hess and Smart”, Topics in Cryptology—CT-RSA 2001, LNCS 2020, 2001, 308–318.
P. van Oorschot, M. Wiener, “Parallel collision search with cryptanalytic applications”, J. Cryptology, 12 (1999), 1–28.
S. Paulus, H. Rück, “Real amd imaginary quadratic representations of hyperelliptic function fields”, Math. Comp., 68 (1999), 1233–1241.
S. Pohlig, M. Hellman, “An improved algorithm for computing logs over GF(p) and its cryptographic significance”, IEEE Trans. Info. Th., 24 (1978), 106–110.
J. Pollard, “Monte Carlo methods for index computation mod p”, Math. Comp., 32 (1978), 918–924.
T. Satoh, “The canonical lift of an ordinary elliptic curve over a finite field and its point counting”, J. Ramanujan Mathematical Society, 15 (2000), 247–270.
E. Teske, “Speeding up Pollard’s rho method for computing discrete logarithms”, Algorithmic Number Theory, LNCS 1423, 1998, 541–554.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Maurer, M., Menezes, A., Teske, E. (2001). Analysis of the GHS Weil Descent Attack on the ECDLP over Characteristic Two Finite Fields of Composite Degree. In: Rangan, C.P., Ding, C. (eds) Progress in Cryptology — INDOCRYPT 2001. INDOCRYPT 2001. Lecture Notes in Computer Science, vol 2247. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45311-3_19
Download citation
DOI: https://doi.org/10.1007/3-540-45311-3_19
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43010-0
Online ISBN: 978-3-540-45311-6
eBook Packages: Springer Book Archive