, Volume 19, Issue 1, pp 115-133
Date: 02 Mar 2005

An Elliptic Curve Trapdoor System

Rent the article at a discount

Rent now

* Final gross prices may vary according to local VAT.

Get Access


We propose an elliptic curve trapdoor system which is of interest in key escrow applications. In this system, a pair (Es, Epb) of elliptic curves over F2 161 is constructed with the following properties: (i) the Gaudry-Hess-Smart Weil descent attack reduces the elliptic curve discrete logarithm problem (ECDLP) in Es(F2 161) to a hyperelliptic curve DLP in the Jacobian of a curve of genus 7 or 8, which is computationally feasible, but by far not trivial; (ii) Es is isogenous to Es; (iii) the best attack on the ECDLP in Es(F2 161) is the parallelized Pollard rho method. The curve Es is used just as usual in elliptic curve cryptosystems. The curve Es is submitted to a trusted authority for the purpose of key escrow. The crucial difference from other key escrow scenarios is that the trusted authority has to invest a considerable amount of computation to compromise a user's private key, which makes applications such as widespread wire-tapping impossible.