Journal of Cryptology

, Volume 15, Issue 1, pp 19–46

Constructive and destructive facets of Weil descent on elliptic curves

Authors

  • P. Gaudry
    • LIX, École Polytechnique
  • F. Hess
    • School of Mathematics and Statistics F07University of Sydney
  • N. P. Smart
    • Computer Science DepartmentUniversity of Bristol
Article

DOI: 10.1007/s00145-001-0011-x

Cite this article as:
Gaudry, P., Hess, F. & Smart, N.P. J. Cryptology (2002) 15: 19. doi:10.1007/s00145-001-0011-x

Abstract

In this paper we look in detail at the curves which arise in the method of Galbraith and Smart for producing curves in the Weil restriction of an elliptic curve over a finite field of characteristic 2 of composite degree. We explain how this method can be used to construct hyperelliptic cryptosystems which could be as secure as cryptosystems based on the original elliptic curve. On the other hand, we show that the same technique may provide a way of attacking the original elliptic curve cryptosystem using recent advances in the study of the discrete logarithm problem on hyperelliptic curves.

We examine the resulting higher genus curves in some detail and propose an additional check on elliptic curve systems defined over fields of characteristic 2 so as to make them immune from the methods in this paper.

Key words

Function fields Divisor class group Cryptography Elliptic curves

Copyright information

© Springer-Verlag 2002