# Constructive and destructive facets of Weil descent on elliptic curves

## Authors

- First Online:

- Received:
- Revised:

DOI: 10.1007/s00145-001-0011-x

- Cite this article as:
- Gaudry, P., Hess, F. & Smart, N.P. J. Cryptology (2002) 15: 19. doi:10.1007/s00145-001-0011-x

## Abstract

In this paper we look in detail at the curves which arise in the method of Galbraith and Smart for producing curves in the Weil restriction of an elliptic curve over a finite field of characteristic 2 of composite degree. We explain how this method can be used to construct hyperelliptic cryptosystems which could be as secure as cryptosystems based on the original elliptic curve. On the other hand, we show that the same technique may provide a way of attacking the original elliptic curve cryptosystem using recent advances in the study of the discrete logarithm problem on hyperelliptic curves.

We examine the resulting higher genus curves in some detail and propose an additional check on elliptic curve systems defined over fields of characteristic 2 so as to make them immune from the methods in this paper.