Abstract
We generalize the Weil descent construction of the GHS attack to arbitrary Artin-Schreier extensions. We give a formula for the characteristic polynomial of Frobenius of the obtained curves and prove that the large cyclic factor of the input elliptic curve is not contained in the kernel of the composition of the conorm and norm maps. As an application we almost square the number of elliptic curves which succumb to the basic GHS attack, thereby weakening curves over \( \mathbb{F}_{2^{155} } \) further. We also discuss other possible extensions or variations of the GHS attack and conclude that they are not likely to yield further improvements.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
S. Arita. Weil descent of elliptic curves over finite fields of characteristic three. In T. Okamoto, editor, Advances in Cryptology — ASIACRYPT 2000, LNCS 1976, pages 248–258, Kyoto, 2000. Springer-Verlag, Berlin-Heidelberg-New York.
I. Blake, G. Seroussi, and N. Smart. Elliptic Curves in Cryptography. LMS Lecture Notes Series 265. Cambridge University Press, Cambridge, 1999.
D. Boneh and M. Franklin. Identity-based encryption from the Weil pairing. In J. Kilian, editor, Advances in Cryptology — CRYPTO 2001, LNCS 2139, pages 213–229. Springer-Verlag, Berlin-Heidelberg-New York, 2001.
C. Pandu Rangan and C. Ding, editors. Progress in Cryptology — INDOCRYPT 2001, LNCS 2247, Chennai, India, 2001. Springer-Verlag, Berlin-Heidelberg-New York.
M. Ciet, J.-J. Quisquater, and F. Sica. A secure family of composite finite fields suitable for fast implementation of elliptic curve cryptography. In C. Pandu Rangan and C. Ding [4], pages 108–116.
C. Diem. The GHS-attack in odd characteristic. submitted, 2002.
G. Frey. How to disguise an elliptic curve. Talk at ECC’ 98, Waterloo, 1998.
G. Frey and H.-G. Rück. A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Math. Comp., 62:865–874, 1994.
S. Galbraith. Weil descent of Jacobians. In D. Augot and C. Carlet, editors, WCC2001 International workshop on coding and cryptography, Electron. Notes Discrete Math. 6, Paris, 2001. Elsevier, Amsterdam.
S. Galbraith, F. Hess, and N. P. Smart. Extending the GHS Weil descent attack. In L. R. Knudsen, editor, Advances in Cryptology — EUROCRYPT 2002, LNCS 2332, pages 29–44, Amsterdam, 2002. Springer-Verlag, Berlin-Heidelberg-New York.
S. Galbraith and N. P. Smart. A cryptographic application of Weil descent. In M. Walker, editor, Cryptography and Coding, LNCS 1746, pages 191–200, Cirencester, 1999. Springer-Verlag, Berlin-Heidelberg-New York.
P. Gaudry, F. Hess, and N. P. Smart. Constructive and destructive facets of Weil descent on elliptic curves. J. Cryptology, 15(1):19–46, 2002.
F. Hess. Extending the GHS Weil descent attack. Talk at ECC’ 01, Waterloo, 2001.
F. Hess. Computing Riemann-Roch spaces in algebraic function fields and related topics. J. Symbolic Comp., 33(4):425–445, 2002.
F. Hess. Computing relations in divisor class groups of algebraic curves over finite fields. Preprint, 2003.
IETF. The Oakley key determination protocol. IETF RFC 2412, 1998.
M. Jacobson, A. Menezes, and A. Stein. Solving elliptic curve discrete logarithm problems using Weil descent. J. Ramanujan Math. Soc., 16(3):231–260, 2001.
M. Maurer, A. Menezes, and E. Teske. Analysis of the GHS Weil descent attack on the ECDLP over characteristic two finite fields of composite degree. In C. Pandu Rangan and C. Ding [4], pages 195–213.
A. Menezes, T. Okamoto, and S. Vanstone. Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Info. Th., 39:1639–1646, 1993.
A. Menezes and M. Qu. Analysis of the Weil descent attack of Gaudry, Hess and Smart. In D. Naccache, editor, Progress in Cryptology — CT-RSA 2001, LNCS 2020, pages 308–318, San Francisco, 2001. Springer-Verlag, Berlin-Heidelberg-New York.
J. Neukirch. Algebraic Number Theory. Springer-Verlag, Berlin-Heidelberg-New York, 1999.
N. P. Smart. How secure are elliptic curves over composite extension fields? In B. Pfitzmann, editor, Advances in Cryptology-EUROCRYPT 2001, LNCS 2045, pages 30–39, Innsbruck, 2001. Springer-Verlag, Berlin-Heidelberg-New York.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 International Association for Cryptologic Research
About this paper
Cite this paper
Hess, F. (2003). The GHS Attack Revisited. In: Biham, E. (eds) Advances in Cryptology — EUROCRYPT 2003. EUROCRYPT 2003. Lecture Notes in Computer Science, vol 2656. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-39200-9_23
Download citation
DOI: https://doi.org/10.1007/3-540-39200-9_23
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-14039-9
Online ISBN: 978-3-540-39200-2
eBook Packages: Springer Book Archive