Analysis of the GHS Weil Descent Attack on the ECDLP over Characteristic Two Finite Fields of Composite Degree
- First Online:
We analyze the Gaudry-Hess-Smart (GHS) Weil descent attack on the elliptic curve discrete logarithm problem (ECDLP)for elliptic curves defined over characteristic two finite fields of composite extension degree. For each such field F2N, N ∈ [160, 600], we identify elliptic curve parameters such that (i)there should exist a cryptographically interesting elliptic curve E over F2N with these parameters; and (ii)the GHS attack is more efficient for solving the ECDLP in E(F2N)than for any other cryptographically interesting elliptic curve over F2N.
Unable to display preview. Download preview PDF.
- 4.A. Enge, P. Gaudry, “A general framework for subexponential discrete logarithm algorithms”, Acta Arithmetica, to appear.Google Scholar
- 6.G. Frey, “How to disguise an elliptic curve (Weil descent)”, Talk at ECC’ 98, Waterloo, 1998.Google Scholar
- 8.S. Galbraith, F. Hess, N. Smart, “Extending the GHS Weil descent attack”, preprint, 2001.Google Scholar
- 11.P. Gaudry, F. Hess, N. Smart, “Constructive and destructive facets of Weil descent on elliptic curves”, preprint, January 2000.Google Scholar
- 12.F. Hess, KASH program for performing the GHS attack, 2000.Google Scholar
- 13.Internet Engineering Task Force, The OAKLEY Key Determination Protocol, IETF RFC 2412, November 1998.Google Scholar
- 14.M. Jacobson, A. Menezes, A. Stein, “Solving elliptic curve discrete logarithm problems using Weil descent”, J. Ramanujan Mathematical Society, to appear.Google Scholar
- 15.A. Joux. Personal communication. June 2001.Google Scholar
- 16.A. Joux, R. Lercier, “Improvements on the general number field sieve for discrete logarithms in finite fields”, Math. Comp., to appear.Google Scholar