Skip to main content
SpringerLink
Log in

Recent progress on the elliptic curve discrete logarithm problem

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

We survey recent work on the elliptic curve discrete logarithm problem. In particular we review index calculus algorithms using summation polynomials, and claims about their complexity.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. This is sometimes called the “non-uniform” model, but we do not discuss such interpretations in this paper. Note that an algorithm that stores a table of all discrete logs does not fit the model since the program length is \(O( r \log (r) )\) bits.

  2. It is not necessary that V be a subfield. If V is a one-dimensional subspace that is not a subfield then \(V^{(2)}\) is also a one-dimensional subspace, but \(V^{(2)} \ne V\).

  3. And more, including the first author and his Ph.D. student Shishay Gebregiyorgis.

  4. This is true only under genericity assumptions, and with appropriate monomial orderings.

  5. And one must be careful not to be fooled by the Strong law of small numbers [57].

References

  1. Adleman L., DeMarrais J., Huang M.D.: A subexponential algorithm for discrete logarithms over the rational subgroup of the Jacobians of large genus hyperelliptic curves over finite fields. In: Adleman L.M., Huang M.D. (eds.) ANTS I. LNCS, vol. 877, pp. 28–40. Springer, Heidelberg (1994)

  2. Augot D., Morain F.: Discrete logarithm computations over finite fields using Reed-Solomon codes. arXiv:1202.4361 (2012)

  3. Avanzi R., Cohen H., Doche C., Frey G., Lange T., Nguyen K., Vercauteren F.: Handbook of Elliptic and Hyperelliptic Cryptography. Chapman and Hall/CRC, Boca Raton (2006)

  4. Babai L., Szemerédi E.: On the complexity of matrix group problems I. Found. Comput. Sci. (FOCS) 229–240 (1996)

  5. Bailey D.V., Batina L., Bernstein D.J., Birkner P., Bos J.W., Chen H.C., Cheng C.M., van Damme G., de Meulenaer G., Perez L.J.D., Fan J., Güneysu T., Gurkaynak F., Kleinjung T., Lange T., Mentens N., Niederhagen R., Paar C., Regazzoni F., Schwabe P., Uhsadel L., Herrewege A.V., Yang B.Y.: Breaking ECC2K-130, Cryptology ePrint Archive: Report 2009/541. http://ecc-challenge.info/ (2009)

  6. Bernstein D.J., Lange T.: Computing small discrete logarithms faster. In: Galbraith S.D., Nandi M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 317–338. Springer, Brelin (2012)

  7. Bernstein D.J., Lange T.: Non-uniform cracks in the concrete: the power of free precomputation. In: Sako K., Sarkar P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 321–340. Springer, Berlin (2013)

  8. Bernstein D.J., Lange T.: Two grumpy giants and a baby. In: Howe E.W., Kedlaya K.S., (eds.) Proceedings of the Tenth Algorithmic Number Theory Symposium. Open Book Series, vol. 1, pp. 87–111. MSP (2013)

  9. Bernstein D.J., Lange T., Farashahi R.R.: Binary edwards curves. In: Oswald E., Rohatgi P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 244–265. Springer, Berlin (2008)

  10. Bernstein D.J., Lange T., Schwabe P.: On the correct use of the negation map in the Pollard rho method. In: Catalano D., Fazio N., Gennaro R., Nicolosi A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 128–146. Springer, Berlin (2011)

  11. Blackburn S.R., Murphy S.: The number of partitions in Pollard rho. Unpublished manuscript (1998)

  12. Blake I.F., Seroussi G., Smart N.P.: Elliptic Curves in Cryptography. Cambridge University Press, Cambridge (1999)

  13. Blake I.F., Seroussi G., Smart N.P.: Advances in Elliptic Curve Cryptography. Cambridge University Press, Cambridge (2005)

  14. Boneh D., Boyen X.: Short signatures without random oracles. In: C. Cachin, J. Camenisch (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Berlin (2004)

  15. Bos J.W., Costello C., Miele A.: Elliptic and hyperelliptic curves: a practical security analysis. In: Krawczyk H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 203–220. Springer, Berlin (2014)

  16. Bos J.W., Kaihara M.E., Kleinjung T., Lenstra A.K., Montgomery P.L.: Solving a 112-bit prime elliptic curve discrete logarithm problem on game consoles using sloppy reduction. IJACT 2(3), 212–228 (2012)

  17. Bos J.W., Kleinjung T., Lenstra A.K.: On the use of the negation map in the Pollard Rho method. In: Hanrot G., Morain F., Thomé E. (eds.) ANTS IX. LNCS, vol. 6197, pp. 66–82. Springer, Berlin (2010)

  18. Brown D.R.L., Gallant R.P.: The static Diffie-Hellman problem. Cryptology ePrint Archives: Reports 2004/306 (2004)

  19. Certicom Research: Certicom ECC challenge. https://www.certicom.com/images/pdfs/challenge-2009.pdf. Updated in Nov 10 (2009)

  20. Chateauneuf M., Ling A.C.H., Stinson D.R.: Slope packings and coverings, and generic algorithms for the discrete logarithm problem. J. Comb. Des. 11(1), 36–50 (2003)

  21. Cheng Q.: Hard problems of algebraic geometry codes. IEEE Trans. Inf. Theory 54(1), 404–406 (2008)

  22. Cheon J.H.: Security analysis of the strong Diffie-Hellman problem. In: Vaudenay S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 1–11. Springer, Berlin (2006)

  23. Cheon J.H.: Discrete logarithm problem with auxiliary inputs. J. Cryptol. 23(3), 457–476 (2010)

  24. Cheon J.H., Kim T., Song Y.S.: A group action on \({\mathbb{Z}}_{p}^{*}\) and the generalized DLP with auxiliary inputs. In: Lange T., Lauter K.E., Lisonek P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 121–135. Springer, Berlin (2014)

  25. Diem C.: The GHS-attack in odd characteristic. J. Ramanujan Math. Soc. 18(1), 1–32 (2003)

  26. Diem C.: An index calculus algorithm for plane curves of small degree. In: Hess F., Pauli S., Pohst M.E. (eds.) ANTS VII. LNCS, vol. 4076, pp. 543–557. Springer, Berlin (2006)

  27. Diem C.: On the discrete logarithm problem in class groups of curves. Math. Comp. 80(273), 443–475 (2011)

  28. Diem C.: On the discrete logarithm problem in elliptic curves. Compos. Math. 147, 75–104 (2011)

  29. Diem C.: On the discrete logarithm problem in elliptic curves II. Algebra Number Theory 7(6), 1281–1323 (2013)

  30. Diem C., Kochinke S.: Computing discrete logarithms with special linear systems. Preprint (2013)

  31. Diem C., Scholten J.: Cover attacks—a report for the AREHCC project. Preprint (2003)

  32. Driencourt Y., Michon J.F.: Elliptic codes over fields of characteristics 2. J. Pure Appl. Algebra 45(1), 15–39 (1987)

  33. Faugère J., Gianni P., Lazard D., Mora T.: Efficient computation of zero-dimensional Gröbner bases by change of ordering. J. Symb. Comput. 16(4), 329–344 (1993)

  34. Faugère J.C., Perret L., Petit C., Renault G.: Improving the complexity of index calculus algorithms in elliptic curves over binary fields. In: Pointcheval D., Johansson T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 27–44. Springer, Berlin (2012)

  35. Faugère J., Gaudry P., Huot L., Renault G.: Sub-cubic change of ordering for Gröbner basis: a probabilistic approach. In: ISSAC 2014, pp. 170–177. ACM, New York (2014)

  36. Faugère J.C., Gaudry P., Huot L., Renault G.: Using symmetries in the index calculus for elliptic curves discrete logarithm. J. Cryptol. 27(4), 595–635 (2014)

  37. Faugère J., Huot L., Joux A., Renault G., Vitse V.: Symmetrized summation polynomials: using small order torsion points to speed up elliptic curve index calculus. In: Nguyen P.Q., Oswald E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 40–57. Springer, Berlin (2014)

  38. Fouque P., Joux A., Mavromati C.: Multi-user collisions: applications to discrete logarithm, Even-Mansour and PRINCE. In: Sarkar P., Iwata T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 420–438. Springer, Berlin (2014)

  39. Frey G.: Applications of arithmetic geometry to cryptographic constructions. In: Jungnickel D., Niederreiter N. (eds.) Finite Fields and Applications, pp. 128–161. Springer, Berlin (2001)

  40. Frey G.: On the relation between Brauer groups and discrete logarithms. Tatra Mt. Math. Publ. 35, 1–29 (2006)

  41. Galbraith S.D.: Constructing isogenies between elliptic curves over finite fields. LMS J. Comput. Math. 2, 118–138 (1999)

  42. Galbraith S.D.: Mathematics of Public Key Cryptography. Cambridge University Press, Cambridge (2012)

  43. Galbraith S.D., Gebregiyorgis S.W.: Summation polynomial algorithms for elliptic curves in characteristic two. In: Meier W., Mukhopadhyay D. (eds.) INDOCRYPT 2014. LNCS, vol. 8885, pp. 409–427. Springer, Berlin (2014)

  44. Galbraith S.D., Ruprai R.S.: Using equivalence classes to accelerate solving the discrete logarithm problem in a short interval. In: Nguyen P.Q., Pointcheval D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 368–383. Springer, Berlin (2010)

  45. Galbraith S.D., Smart N.P.: A cryptographic application of Weil descent. In: Walker M. (ed.) IMA Cryptography and Coding. LNCS, vol. 1746, pp. 191–200. Springer, Berlin (1999)

  46. Galbraith S.D., Hess F., Smart N.P.: Extending the GHS Weil descent attack. In: Knudsen L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 29–44. Springer, Berlin (2002)

  47. Galbraith S.D., Pollard J.M., Ruprai R.S.: Computing discrete logarithms in an interval. Math. Comp. 82(282), 1181–1195 (2013)

  48. Galbraith S.D., Wang P., Zhang F.: Computing elliptic curve discrete logarithms with improved baby-step giant-step algorithm, eprint 2015/605

  49. Gallant R.P., Lambert R.J., Vanstone S.A.: Improving the parallelized Pollard lambda search on binary anomalous curves. Math. Comp. 69(232), 1699–1705 (2000)

  50. Gaudry P.: Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem. J. Symb. Comput. 44(12), 1690–1702 (2009)

  51. Gaudry P., Hess F., Smart N.P.: Constructive and destructive facets of Weil descent on elliptic curves. J. Cryptol. 15(1), 19–46 (2002)

  52. Gaudry P., Schost É.: A low-memory parallel version of Matsuo, Chao, and Tsujii’s algorithm. In: Buell D.A. (ed.) ANTS VI. LNCS, vol. 3076, pp. 208–222. Springer, Berlin (2004)

  53. Gaudry P., Thomé E., Thériault N., Diem C.: A double large prime variation for small genus hyperelliptic index calculus. Math. Comp. 76(257), 475–492 (2007)

  54. Gorla E., Massierer M.: Index calculus in the trace zero variety. Cryptology ePrint Archives Reports 2014/318. Adv. Math. Commun. (2014). arXiv:1405.1059

  55. Granger R.: On the static Diffie-Hellman problem on elliptic curves over extension fields. In: Abe M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 283–302. Springer, Berlin (2010)

  56. Granger R., Joux A., Vitse V.: New timings for oracle-assisted SDHP on the IPSEC Oakley “well known group” 3 curve. Announcement on the NMBRTHRY mailing list (2010)

  57. Guy R.K.: The strong law of small numbers. Am. Math. Mon. 95(8), 697–712 (1988)

  58. Hankerson D., Menezes A., Vanstone S.: Guide to Elliptic Curve Cryptography. Springer, Berlin (2004)

  59. Hess F.: Computing relations in divisor class groups of algebraic curves over finite fields. Preprint (2003)

  60. Hess F.: Generalising the GHS attack on the elliptic curve discrete logarithm problem. LMS J. Comput. Math. 7, 167–192 (2004)

  61. Hitchcock Y., Montague P., Carter G., Dawson E.: The efficiency of solving multiple discrete logarithm problems and the implications for the security of fixed elliptic curves. Int. J. Inf. Secur. 3, 86–98 (2004)

  62. Hodges T.J., Petit C., Schlather J.: First fall degree and Weil descent. Finite Fields Appl. 30, 155–177 (2014)

  63. Hong J., Lee H.: Analysis of possible pre-computation aided DLP solving algorithms. J. Korean Math. Soc. 52(4), 797–819 (2015)

  64. Huang M.D., Raskind W.: Global duality, signature calculus and the discrete logarithm problem. LMS J. Comput. Math. 12, 228–263 (2009)

  65. Huang Y., Petit C., Shinohara N., Takagi T.: Improvement of Faugère et al.’s method to solve ECDLP. In: Sakiyama K., Terada M. (eds.) IWSEC 2013. LNCS, vol. 8231, pp. 115–132. Springer, Berlin (2013)

  66. Huang M.A., Kosters M., Yeo S.L.: Last fall degree, HFE, and Weil descent attacks on ECDLP. In: Gennaro R., Robshaw M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 581–600. Springer, Berlin (2015)

  67. Huang M.D.A., Kosters M., Yang Y., Yeo S.L.: On the last fall degree of zero-dimensional Weil descent systems (2015). arXiv:1505.02532

  68. Huang Y., Petit C., Shinohara N., Takagi T.: On generalized first fall degree assumptions. Cryptology ePrint Archive: Report 2015/358 (2015)

  69. Hyung T.L., Jung H., Cheon J.H.: Accelerating ID-based encryption based on trapdoor DL using pre-computation. Cryptology ePrint Archive: Report 2011/187 (2011)

  70. Iijima T., Momose F., Chao J.: A classification of elliptic curves with respect to the GHS attack in odd characteristic (2015). Cryptology ePrint Archive: Report 2015/805

  71. Kim J.-H., Montenegro R., Peres Y., Tetali P.: A birthday paradox for Markov chains, with an optimal bound for collision in the Pollard rho algorithm for discrete logarithm. Ann. Appl. Probab. 20(2), 295–521 (2010)

  72. Jacobson Jr. M.J., Koblitz N., Silverman J.H., Stein A., Teske E.: Analysis of the Xedni calculus attack. Des. Codes Cryptogr. 20(1), 41–64 (2000)

  73. Jao D., Miller S.D., Venkatesan R.: Do all elliptic curves of the same order have the same difficulty of discrete log? In: Roy B.K. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 21–40. Springer, Berlin (2005)

  74. Joux A.: Algorithmic Cryptanalysis. Chapman & Hall/CRC, Boca Raton (2009)

  75. Joux A., Vitse V.: Cover and decomposition index calculus on elliptic curves made practical—application to a previously unreachable curve over \( {\mathbb{F}}_{{p}^{6}}\). In: Adv. Cryptol.– EUROCRYPT 2012. LNCS, vol. 7237, pp. 9–26. Springer, Berlin (2012)

  76. Joux A., Vitse V.: Elliptic curve discrete logarithm problem over small degree extension fields—application to the static Diffie-Hellman problem on \({E}({\mathbb{F}}_{{q}^{5}})\). J. Cryptol. 26(1), 119–143 (2013)

  77. Joux A., Lercier R., Naccache D., Thomé E.: Oracle-assisted static Diffie-Hellman is easier than discrete logarithms. In: Parker M.G. (ed.) Cryptography and Coding, 12th IMA International Conference. LNCS, vol. 5921, pp. 351–367. Springer, Berlin (2009)

  78. Karabina K.: Point decomposition problem in binary elliptic curves. Cryptology ePrint Archive: Report 2015/319 (2015)

  79. Kijima S., Montenegro R.: Collision of random walks and a refined analysis of attacks on the discrete logarithm problem. In: Katz J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 127–149. Springer, Berlin (2015)

  80. Kim T., Cheon J.H.: A new approach to the discrete logarithm problem with auxiliary inputs. Cryptology ePrint Archive: Report 2012/609 (2012)

  81. Kim J.H., Montenegro R., Tetali P.: Near optimal bounds for collision in Pollard rho for discrete log. Found. Comput. Sci. (FOCS) 215–223. (2007)

  82. Kim M., Cheon J.H., Lee I.S.: Analysis on a generalized algorithm for the strong discrete logarithm problem with auxiliary inputs. Math. Comput. 83(288), 1993–2004 (2014)

  83. Koblitz N., Menezes A.: Another look at non-standard discrete log and Diffie-Hellman problems. J. Math. Cryptol. 2(4), 311–326 (2008)

  84. Koblitz N., Menezes A.: Intractable problems in cryptography. In: McGuire G., Mullen G.L., Panario D., Shparlinski I.E., (eds.) Finite Fields: Theory and Applications. Contemporary Mathematics, vol. 518, pp. 279–300. AMS, Providence (2010)

  85. Kohel, D.R., Shparlinski, I.E.: On exponential sums and group generators for elliptic curves over finite fields. In: Bosma, W. (ed.) ANTS IV. LNCS, vol. 1838, pp. 395–404. Springer, Berlin (2000)

  86. Kosters M.: Deterministically generating Picard groups of hyperelliptic curves over finite fields. arXiv:1402.6579 (2014)

  87. Kosters M., Yeo S.L.: Notes on summation polynomials. arXiv:1503.08001 (2015)

  88. Kozaki S., Kutsuma T., Matsuo K.: Remarks on Cheon’s algorithms for pairing-related problems. In: Takagi T., Okamoto T., Okamoto E., Okamoto T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 302–316. Springer, Berlin (2007)

  89. Kuhn F., Struik R.: Random walks revisited: extensions of Pollard’s rho algorithm for computing multiple discrete logarithms. In: Vaudenay S., Youssef A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 212–229. Springer, Berlin (2001)

  90. Massierer M.: Some experiments investigating a possible \({L}(1/4)\) algorithm for the discrete logarithm problem in algebraic curves (2014). Cryptology ePrint Archive: Report 2014/996

  91. May A., Ozerov I.: A generic algorithm for small weight discrete logarithms in composite groups. In: Joux A., Youssef A.M. (eds.) SAC 2014. LNCS, vol. 8781, pp. 278–289. Springer, Berlin (2014)

  92. Menezes A., Qu M.: Analysis of the Weil descent attack of Gaudry, Hess and Smart. In: Naccache D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 308–318. Springer, Berlin (2001)

  93. Momose F., Chao J.: Elliptic curves with weak coverings over cubic extensions of finite fields with odd characteristics. J. Ramanujan Math. Soc. 28(3), 299–357 (2013)

  94. Montenegro R., Tetali P.: How long does it take to catch a wild kangaroo? In: Symposium on Theory of Computing (STOC), pp. 553–559 (2009)

  95. Nagao K.I.: Decomposition attack for the Jacobian of a hyperelliptic curve over an extension field. In: Hanrot G., Morain F., Thomé E. (eds.) ANTS-IX: Algorithmic Number Theory. LNCS, vol. 6197, pp. 285–300. Springer, Berlin (2010)

  96. Nagao K.I.: Decomposition formula of the Jacobian group of plane curve. Cryptology ePrint Archive: Report 2013/548 (2013)

  97. Nechaev V.I.: Complexity of a determinate algorithm for the discrete logarithm. Math. Notes 55(2), 165–172 (1994)

  98. Nguyen K.: Explicit arithmetic of Brauer groups, ray class fields and index calculus. Ph.D. Thesis, University Essen (2001)

  99. Oorschot P., Wiener M.J.: Parallel collision search with cryptanalytic applications. J. Cryptol. 12(1), 1–28 (1999)

  100. Petit C., Quisquater J.J.: On polynomial systems arising from a Weil descent. In: Wang X., Sako K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 451–466. Springer, Berlin (2012)

  101. Pollard J.M.: Kangaroos, monopoly and discrete logarithms. J. Cryptol. 13(4), 437–447 (2000)

  102. Pomerance C.: Fast, rigorous factorization and discrete logarithm algorithms. In: Johnson D.S., Nishizeki T., Nozaki A., Wolf H.S. (eds.) Discrete algorithms and complexity. Proceedings of the Japan-US Joint Seminar, 4–6 June, 1986, Kyoto, Japan. Perspectives in Computing, pp. 119–143. Academic Press, Orlando (1987)

  103. Sakemi Y., Hanaoka G., Izu T., Takenaka M., Yasuda M.: Solving a discrete logarithm problem with auxiliary input on a 160-bit elliptic curve. In: Fischlin M., Buchmann J.A., Manulis M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 595–608. Springer, Berlin (2012)

  104. Sarkar P., Singh S.: A simple method for obtaining relations among factor basis elements for special hyperelliptic curves. Cryptology ePrint Archive: Report 2015/179 (2015)

  105. Satoh T.: On generalization of Cheon’s algorithm. Cryptology ePrint Archive: Report 2009/058 (2009)

  106. Semaev I.: New algorithm for the discrete logarithm problem on elliptic curves. Cryptology ePrint Archive: Report 2015/310 (2015)

  107. Semaev I.A.: Summation polynomials and the discrete logarithm problem on elliptic curves. Cryptology ePrint Archive: Report 2004/031 (2004)

  108. Shantz M., Teske E.: Solving the elliptic curve discrete logarithm problem using Semaev polynomials, Weil descent and Gröbner basis methods—an experimental study. In: Number Theory and Cryptography. LNCS, vol. 8260, pp. 94–107. Springer, Berlin (2013)

  109. Shoup V.: Lower bounds for discrete logarithms and related problems. In: Fumy W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Berlin (1997)

  110. Shparlinski I.E., Voloch J.F.: Generators of elliptic curves over finite fields. Bull. Inst. Math. Acad. Sin. 9(4), 657–670 (2014)

  111. Thériault N.: Index calculus attack for hyperelliptic curves of small genus. In: Laih C.S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 75–92. Springer, Berlin (2003)

  112. Thériault N.: Weil descent attack for Kummer extentions. J. Ramanujan Math. Soc. 18(3), 281–312 (2003)

  113. Vitse V.: Summation polynomials and symmetries for the ECDLP over extension fields. Talk given at the DLP 2014 workshop, Ascona (2014)

  114. Washington L.C.: Elliptic Curves: Number Theory and Cryptography, 2nd edn. CRC Press, London (2008)

  115. Wenger E., Wolfger P.: Solving the discrete logarithm of a 113-bit Koblitz curve with an FPGA cluster. In: Joux A., Youssef A.M. (eds.) SAC 2014. LNCS, vol. 8781, pp. 363–379. Springer, Berlin (2014)

  116. Wenger E., Wolfger P.: Harder, better, faster, stronger—elliptic curve discrete logarithm computations on FPGAs. Cryptology ePrint Archive: Report 2015/143 (2015)

  117. Wiener M.J., Zuccherato R.J.: Faster attacks on elliptic curve cryptosystems. In: Tavares S.E., Meijer H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 190–200. Springer, Berlin (1998)

  118. Yun A.: Generic hardness of the multiple discrete logarithm problem. In: Oswald E., Fischlin M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 817–836. Springer, Berlin (2015)

  119. Zhang F., Wang P.: Speeding up elliptic curve discrete logarithm computations with point halving. Des. Codes Cryptogr. 67(2), 197–208 (2013)

Download references

Acknowledgments

We thank Claus Diem, Michiel Kosters, Christophe Petit, Peter Wild and an anonymous referee for helpful comments on the draft of this article. The second author also thanks Maike Massierer, Pierre-Jean Spaenlehauer and Vanessa Vitse for various discussions on the topic.

Author information

Authors and Affiliations

  1. University of Auckland, Auckland, New Zealand

    Steven D. Galbraith

  2. CNRS, Université de Lorraine and Inria, Nancy, France

    Pierrick Gaudry

Authors
  1. Steven D. Galbraith
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pierrick Gaudry
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Steven D. Galbraith.

Additional information

This is one of several papers published in Designs, Codes and Cryptography comprising the 25th Anniversary Issue.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Galbraith, S.D., Gaudry, P. Recent progress on the elliptic curve discrete logarithm problem. Des. Codes Cryptogr. 78, 51–72 (2016). https://doi.org/10.1007/s10623-015-0146-7

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-015-0146-7

Keywords

Mathematics Subject Classification

Search

Navigation