Journal of Cryptology

, Volume 15, Issue 1, pp 19–46

Constructive and destructive facets of Weil descent on elliptic curves

  • P. Gaudry
  • F. Hess
  • N. P. Smart

DOI: 10.1007/s00145-001-0011-x

Cite this article as:
Gaudry, P., Hess, F. & Smart, N.P. J. Cryptology (2002) 15: 19. doi:10.1007/s00145-001-0011-x


In this paper we look in detail at the curves which arise in the method of Galbraith and Smart for producing curves in the Weil restriction of an elliptic curve over a finite field of characteristic 2 of composite degree. We explain how this method can be used to construct hyperelliptic cryptosystems which could be as secure as cryptosystems based on the original elliptic curve. On the other hand, we show that the same technique may provide a way of attacking the original elliptic curve cryptosystem using recent advances in the study of the discrete logarithm problem on hyperelliptic curves.

We examine the resulting higher genus curves in some detail and propose an additional check on elliptic curve systems defined over fields of characteristic 2 so as to make them immune from the methods in this paper.

Key words

Function fields Divisor class group Cryptography Elliptic curves 

Copyright information

© Springer-Verlag 2002

Authors and Affiliations

  • P. Gaudry
    • 1
  • F. Hess
    • 2
  • N. P. Smart
    • 3
  1. 1.LIX, École PolytechniquePalaiseauFrance
  2. 2.School of Mathematics and Statistics F07University of SydneySydneyAustralia
  3. 3.Computer Science DepartmentUniversity of BristolBristolEngland

Personalised recommendations