Analysis of the GHS Weil Descent Attack on the ECDLP over Characteristic Two Finite Fields of Composite Degree

(Extended Abstract)
  • Markus Maurer
  • Alfred Menezes
  • Edlyn Teske
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2247)

Abstract

We analyze the Gaudry-Hess-Smart (GHS) Weil descent attack on the elliptic curve discrete logarithm problem (ECDLP)for elliptic curves defined over characteristic two finite fields of composite extension degree. For each such field F2N, N ∈ [160, 600], we identify elliptic curve parameters such that (i)there should exist a cryptographically interesting elliptic curve E over F2N with these parameters; and (ii)the GHS attack is more efficient for solving the ECDLP in E(F2N)than for any other cryptographically interesting elliptic curve over F2N.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    E. Artin. “Quadratische Körper im Gebiete der höheren Kongruenzen”, Mathematische Zeitschrift, 19 (1924), 207–246.CrossRefMathSciNetGoogle Scholar
  2. 2.
    D. Cantor, “Computing in the jacobian of a hyperelliptic curve”, Math. Comp., 48 (1987), 95–101.MATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    M. Daberkow, C. Fieker, J. Klüners, M. Pohst, K. Roegner, M. Schörnig, K. Wildanger, “KANT V4”, J. Symbolic Computation, 24 (1997), 267–283.MATHCrossRefGoogle Scholar
  4. 4.
    A. Enge, P. Gaudry, “A general framework for subexponential discrete logarithm algorithms”, Acta Arithmetica, to appear.Google Scholar
  5. 5.
    M. Fouquet, P. Gaudry, R. Harley, “An extension of Satoh’s algorithm and its implementation”, J. Ramanujan Mathematical Society, 15 (2000), 281–318.MATHMathSciNetGoogle Scholar
  6. 6.
    G. Frey, “How to disguise an elliptic curve (Weil descent)”, Talk at ECC’ 98, Waterloo, 1998.Google Scholar
  7. 7.
    G. Frey, H. Rück, “A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves”, Math. Comp., 62 (1994), 865–874.MATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    S. Galbraith, F. Hess, N. Smart, “Extending the GHS Weil descent attack”, preprint, 2001.Google Scholar
  9. 9.
    S. Galbraith, N. Smart, “A cryptographic application of Weil descent”, Codes and Cryptography, LNCS 1746, 1999, 191–200.CrossRefGoogle Scholar
  10. 10.
    P. Gaudry, “An algorithm for solving the discrete log problem on hyperelliptic curves”, Advances in Cryptology—Eurocrypt 2000, LNCS 1807, 2000, 19–34.CrossRefGoogle Scholar
  11. 11.
    P. Gaudry, F. Hess, N. Smart, “Constructive and destructive facets of Weil descent on elliptic curves”, preprint, January 2000.Google Scholar
  12. 12.
    F. Hess, KASH program for performing the GHS attack, 2000.Google Scholar
  13. 13.
    Internet Engineering Task Force, The OAKLEY Key Determination Protocol, IETF RFC 2412, November 1998.Google Scholar
  14. 14.
    M. Jacobson, A. Menezes, A. Stein, “Solving elliptic curve discrete logarithm problems using Weil descent”, J. Ramanujan Mathematical Society, to appear.Google Scholar
  15. 15.
    A. Joux. Personal communication. June 2001.Google Scholar
  16. 16.
    A. Joux, R. Lercier, “Improvements on the general number field sieve for discrete logarithms in finite fields”, Math. Comp., to appear.Google Scholar
  17. 17.
    A. Menezes, T. Okamoto, S. Vanstone, “Reducing elliptic curve logarithms to logarithms in a finite field”, IEEE Trans. Info. Th., 39 (1993), 1639–1646.MATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    A. Menezes, M. Qu, “Analysis of the Weil descent attack of Gaudry, Hess and Smart”, Topics in Cryptology—CT-RSA 2001, LNCS 2020, 2001, 308–318.CrossRefGoogle Scholar
  19. 19.
    P. van Oorschot, M. Wiener, “Parallel collision search with cryptanalytic applications”, J. Cryptology, 12 (1999), 1–28.MATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    S. Paulus, H. Rück, “Real amd imaginary quadratic representations of hyperelliptic function fields”, Math. Comp., 68 (1999), 1233–1241.MATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    S. Pohlig, M. Hellman, “An improved algorithm for computing logs over GF(p) and its cryptographic significance”, IEEE Trans. Info. Th., 24 (1978), 106–110.MATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    J. Pollard, “Monte Carlo methods for index computation mod p”, Math. Comp., 32 (1978), 918–924.MATHCrossRefMathSciNetGoogle Scholar
  23. 23.
    T. Satoh, “The canonical lift of an ordinary elliptic curve over a finite field and its point counting”, J. Ramanujan Mathematical Society, 15 (2000), 247–270.MATHMathSciNetGoogle Scholar
  24. 24.
    E. Teske, “Speeding up Pollard’s rho method for computing discrete logarithms”, Algorithmic Number Theory, LNCS 1423, 1998, 541–554.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Markus Maurer
    • 1
  • Alfred Menezes
    • 1
  • Edlyn Teske
    • 1
  1. 1.Dept. of C&OUniversity of WaterlooCanada

Personalised recommendations