Abstract
For cryptographic applications, in order to avoid a reduction of the discrete logarithm problem via the Chinese remainder theorem, one usually considers elliptic curves over finite fields whose order is a prime times a small so-called cofactor c. It is, however, possible to attack specific curves with this property via dedicated attacks. Particularly, if an elliptic curve \(E/\mathbb {F}_{q^n}\) is given, one might try to use the idea of cover attacks to reduce the problem to the corresponding problem in the Jacobian of a curve of genus \(g \ge n\) over \(\mathbb {F}_q\). In the given situation, the only attack so far which follows this idea is the GHS attack, this attack requires that the cofactor c is divisible by 4 as otherwise the genus of the resulting curve is too large. We present an algorithm for finding genus 3 hyperelliptic covers for the case \(c=2\). The construction works in odd characteristic and the resulting cover map has degree 3. As an application, two explicit examples of elliptic curves whose order are respectively 2 times a 149-bit prime and 2 times a 256-bit prime vulnerable to the attack are given.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Bosma W., Cannon J., Playoust C.: The Magma algebra system. I. The user language. J. Symb. Comput. 24(3–4), 235–265 (1997).
Cosset R., Robert D.: Computing (l, l)-isogenies in polynomial time on Jacobians of genus 2 curves. Math. Comput. 84(294), 1953–1975 (2015).
Diem C.: The GHS attack in odd characteristic. J. Ramanujan Math. Soc. 18(1), 1–32 (2003).
Diem C.: On the discrete logarithm problem in elliptic curves. Compos. Math. 147(1), 75–104 (2011).
Diem C.: On the discrete logarithm problem in class groups of curves. Math. Comput. 80, 443–475 (2011).
Diem C.: On the discrete logarithm problem for plane curves. J. Th. des Nombres de Bordeaux. 24, 639–667 (2012).
Gaudry P., Hess F., Smart N.P.: Constructive and destructive facets of Weil descent on elliptic curves. J. Cryptol. 15(1), 19–46 (2002).
Galbraith S.D., Hess F., Smart N.P.: Extending the GHS Weil descent attack. In: Knudsen L.R. (ed.) EUROCRYPT 2002, vol. 2332, pp. 29–44. LNCSSpringer, Heidelberg (2002).
Gaudry P., Thomé E., Thériault N., Diem C.: A double large prime variation for small genus hyperelliptic index calculus. Math. Comput. 76(257), 475–492 (2007).
Gaudry P.: Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem. J. Symb. Comput. 44(12), 1690–1702 (2009).
Joux A., Vitse V.: Cover and decomposition index calculus on elliptic curves made practical—application to a previously unreachable curve over \(\mathbb{F}_{p^6}\). In: EUROCRYPT 2012. LNCS vol. 7237, pp. 9–26 (2012).
Kuhn R.M.: Curves of genus 2 with split Jacobian. Trans. Am. Math. Soc. 307(1), 41–49 (1988).
Mumford D.: Tata lectures on Theta II. Progress in Mathematics. Springer, Berlin (1984).
Milne J.S.: Abelian varieties (v2.00). www.jmilne.org/math/.
Momose F., Chao J.: Scholten forms and elliptic/hyperelliptic curves with weak Weil restrictions. Cryptology ePrint Archive, Report 2005/277 (2005).
Momose F., Chao J.: Elliptic curves with weak coverings over cubic extensions of finite fields with odd characteristic. Cryptology ePrint Archive, Report 2006/347 (2006).
Nagao K-i: Decomposition attack for the Jacobian of a hyperelliptic curve over an extension field. In: Hanrot G., Morain F., Thomé E. (eds.) ANTS-IX. LNCS, pp. 285–300. Springer, Heidelberg (2010).
Semaev I.: Summation polynomials and the discrete logarithm problem on elliptic curves. http://eprint.iacr.org/2004/031.
Smith B.A.: Isogenies and the discrete logarithm problem in the Jacobians of genus 3 hyperelliptic curves. J. Cryptol. 22(4), 505–529 (2009).
Silverman J.H.: The Arithmetic of Elliptic Curves. GTM 106. Springer, New York (2009).
Thériault N.: Weil descent attack for Kummer extensions. J. Ramanujan Math. Soc. 18(3), 281–312 (2003).
Tate J.: Classes d’isogénie des variétés abéliennes sur un corps fini. Sém. Bourbaki, Exp. 352, 95–110 (1968–1969).
Waterhouse W.C., Milne J.S.: Abelian varieties over finite fields. http://www.jmilne.org/math/articles/1971a.pdf.
Acknowledgements
We gratefully acknowledge Claus Diem for various discussions which inspired this research, Benjamin Smith for the isogeny computation that occurred in the Example 2, and the anonymous referees for their useful suggestions which improved this paper. This work was supported by the National Natural Science Foundation of China under Grant Nos. 61502487 and 61772515. Furthermore, the first author acknowledges the scholarship provided by German Academic Exchange Service (DAAD).
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by A. Winterhof.
Rights and permissions
About this article
Cite this article
Tian, S., Li, B., Wang, K. et al. Cover attacks for elliptic curves with cofactor two. Des. Codes Cryptogr. 86, 2451–2468 (2018). https://doi.org/10.1007/s10623-018-0457-6
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-018-0457-6