Abstract
So-called nonadjacent representations are commonly used in elliptic curve cryptography to facilitate computing a scalar multiple of a point on an elliptic curve. A nonadjacent representation having few non-zero coefficients would further speed up the computations. However, any attempt to use these techniques must also consider the impact on the security of the cryptosystem. The security is studied by examining a related discrete logarithm problem, the topic of this paper. We describe an algorithm to solve the relevant discrete logarithm problem in time that is approximately the square root of the search space. This algorithm is of the familiar ``baby-step giant-step'' type. In developing our algorithm we use two tools of independent interest; namely, a combinatorial set system called a ``splitting system'' and a new type of combinatorial Gray code.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Chase, P.J.: Combination generation and graylex ordering. Congressus Numerantium 69, 215–242 (1989)
Deng, D., Stinson, D.R., Li, P.C., van Rees, G.H.J., Wei, R.: Constructions and bounds for splitting systems. Submitted
Eades, P., McKay, B.: An algorithm for generating subsets of fixed size with a strong minimal change property. Information Processing Letters 19, 131–133 (1984)
Heiman, R.: A note on discrete logarithms with special structure. Lecture Notes in Computer Science 658, 454–457 (1993) (Advances in Cryptology – EUROCRYPT '92)
Jenkyns, T.A., McCarthy, D.: Generating all k-subsets of {1, . . . , n} with minimal changes. Ars Combinatoria 40, 153–159 (1995)
Knuth, D.E.: The Art of Computer Programming, Pre-fascicle 3A. A Draft of Section 7.2.1.3: Generating all Combinations. Version of Sepetmber 2, 2004
Kreher, D.L., Stinson, D.R.: Combinatorial Algorithms: Generation, Enumeration and Search, CRC Press 1999
Ling, A.C.H., Li, P.C., van Rees, G.H.J.: Splitting systems and separating systems. Discrete Mathematics 279, 355–368 (2004)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography, CRC Press 1996
Morain, F., Olivos, J.: Speeding up the computations on an elliptic curve using addition-subtraction chains. RAIRO Informatique Théorique et Applications 24, 531–543 (1990)
Muir, J.A., Stinson, D.R.: Minimality and other properties of the width-w nonadjacent form. To appear in Mathematics of Computation
Savage, C.: A survey of combinatorial Gray codes. SIAM Review 39, 605–629 (1997)
Stinson, D.R.: Some baby-step giant-step algorithms for the low hamming weight discrete logarithm problem. Mathematics of Computation 71, 379–391 (2002)
Teske, E.: Square-root algorithms for the discrete logarithm problem (a survey). In: Public-Key Cryptography and Computational Number Theory, pp. 283–301. Walter de Gruyter, 2001
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Muir, J., Stinson, D. On the low hamming weight discrete logarithm problem for nonadjacent representations. AAECC 16, 461–472 (2006). https://doi.org/10.1007/s00200-005-0187-7
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00200-005-0187-7