Constructive and destructive facets of Weil descent on elliptic curves
In this paper we look in detail at the curves which arise in the method of Galbraith and Smart for producing curves in the Weil restriction of an elliptic curve over a finite field of characteristic 2 of composite degree. We explain how this method can be used to construct hyperelliptic cryptosystems which could be as secure as cryptosystems based on the original elliptic curve. On the other hand, we show that the same technique may provide a way of attacking the original elliptic curve cryptosystem using recent advances in the study of the discrete logarithm problem on hyperelliptic curves.
We examine the resulting higher genus curves in some detail and propose an additional check on elliptic curve systems defined over fields of characteristic 2 so as to make them immune from the methods in this paper.
Key wordsFunction fields Divisor class group Cryptography Elliptic curves
Unable to display preview. Download preview PDF.
- L. Adleman, J. De Marrais and M.-D. Huang. A subexponential algorithm for discrete logarithms over the rational subgroup of the Jacobians of large genus hyperelliptic curves over finite fields. In ANTS-1: Algorithmic Number Theory, L.M. Adleman and M-D. Huang, editors. LNCS 877, pp. 28–40. Springer-Verlag, Berlin, 1994.CrossRefGoogle Scholar
- E. Artin and J. Tate. Class Field Theory. Benjamin, New York, 1967.Google Scholar
- A. Enge and P. Gaudry. A general framework for the discrete logarithm index calculus. To appear in Acta Arith.Google Scholar
- G. Frey. How to disguise an elliptic curve. Talk at Waterloo workshop on the ECDLP, 1998. http://cacr.math.uwaterloo.ca/conferences/1998/ecc98/slides.html.Google Scholar
- F. Heß. Zur Divisorenklassengruppenberechnung in globalen Funktionenkörpern. Dissertation, TU Berlin, 1999.Google Scholar
- R. Lidl and H. Niederreiter. Finite Fields. Addison-Wesley, Reading, MA, 1983.Google Scholar