The Generalized Weil Pairing and the Discrete Logarithm Problem on Elliptic Curves

  • Theodoulos Garefalakis
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2286)


We review the construction of a generalization of the Weil pairing, which is non-degenerate and bilinear, and use it to construct a reduction from the discrete logarithm problem on elliptic curves to the discrete logarithm problem in finite fields, which is efficient for curves with trace of Frobenius congruent to 2modulo the order of the base point. The reduction is as simple to construct as that of Menezes, Okamoto, and Vanstone [16], and is provably equivalent to that of Frey and Rück [10].


Elliptic Curve Elliptic Curf Prime Order Discrete Logarithm Elliptic Curve Cryptography 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    L.M. Adleman. A subexponential algorithm for the discrete logarithm problem with applications to cryptography. In Proc. 20th IEEE Found. Comp. Sci. Symp., pages 55–60, 1979.Google Scholar
  2. 2.
    L.M. Adleman. The function field sieve. In ANTS: 1st International Algorithmic Number Theory Symposium (ANTS), volume 877 of LNCS, pages 108–121, Berlin, Germany, 1994. Springer.zbMATHGoogle Scholar
  3. 3.
    L.M. Adleman and J. DeMarrais. A subexponential algorithm for discrete logarithms over all finite fields. In Douglas R. Stinson, editor, Proc. CRYPTO 93, pages 147–158. Springer, 1994. Lecture Notes in Computer Science No. 773.zbMATHGoogle Scholar
  4. 4.
    L.M. Adleman and M.D. Huang. Function field sieve method for discrete logarithms over finite fields. INFCTRL: Information and Computation (formerly Information and Control), 151:5–16, 1999.MathSciNetzbMATHGoogle Scholar
  5. 5.
    I. Blake, G. Seroussi, and N. Smart. Elliptic curves in Cryptography, volume 265 of London Mathematical Society, Lecture Note Series. Cambridge University Press, 1999.Google Scholar
  6. 6.
    I. F. Blake, R. Fuji-Hara, R. C. Mullin, and S. A. Vanstone. Computing logarithms in finite fields of caracteristic two. SIAM J. Alg. Disc. Methods, 5:276–285, 1985.CrossRefGoogle Scholar
  7. 7.
    D. Coppersmith. Fast evaluation of logarithms in fields of characteristic two. IEEE Trans. Inform. Theory, IT-30:587–594, 1984.MathSciNetCrossRefGoogle Scholar
  8. 8.
    W. Diffie and M. Hellman. New directions in cryptography. IEEE Trans. Inform. Theory, 22:472–492, 1976.MathSciNetCrossRefGoogle Scholar
  9. 9.
    G. Frey, M. Müller, and H.G. Rück. The tate pairing and the discrete logarithm applied to elliptic curve cryptosystems. IEEE Trans. Inform. Theory, 45(5):1717–1719, 1999.MathSciNetCrossRefGoogle Scholar
  10. 10.
    G. Frey and H.G. Rück. A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Mathematics of Computation, 62(206):865–874, 1994.MathSciNetzbMATHGoogle Scholar
  11. 11.
    T. Garefalakis and D. Panario. The index calculus method using non-smooth polynomials. Mathematics of Computation, 70(235):1253–1264, 2001.MathSciNetCrossRefGoogle Scholar
  12. 12.
    D.M. Gordon. Discrete logarithms in GF(p) using the number field sieve. SIAM J. Disc. Math., 6(1):124–138, February 1993.MathSciNetCrossRefGoogle Scholar
  13. 13.
    R. Harasawa, J. Shikata, J. Suzuki, and H. Imai. Comparing the MOV and FR reductions in elliptic curve cryptography. In Advances in Cryptology: EUROCRYPT’ 99, volume 1592of Lecture Notes in Computer Science, pages 190–205. Springer, 1999.zbMATHGoogle Scholar
  14. 14.
    N. Koblitz. Elliptic curve cryptosystems. Mathematics of Computation, 48(177):203–209, 1987.MathSciNetCrossRefGoogle Scholar
  15. 15.
    K. S. McCurley. The discrete logarithm problem. Proc. of Symp. in Applied Math., 42:49–74, 1990.MathSciNetGoogle Scholar
  16. 16.
    A. Menezes, E. Okamoto, and S. Vanstone. Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Transactions on Information Theory, 39, 1993.MathSciNetCrossRefGoogle Scholar
  17. 17.
    V. S. Miller. Uses of elliptic curves in cryptography. In Hugh C. Williams, editor, Advances in cryptology-CRYPTO’ 85: proceedings, volume 218 of Lecture Notes in Computer Science, pages 417–426. Springer-Verlag, 1986.Google Scholar
  18. 18.
    C. Pomerance. Fast, rigorous factorization and discrete logarithm algorithms. In Discrete Algorithms And Complexity, Proc. of the Japan-US Joint Seminar, Academic Press, pages 119–143, 1986.CrossRefGoogle Scholar
  19. 19.
    J. H. Silverman. The Arithmetic of Elliptic Curves, volume 106 of Graduate Texts in Mathematics. Springer-Verlag, 1986.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Theodoulos Garefalakis
    • 1
  1. 1.Department of Mathematics Royal HollowayUniversity of LondonEghamUK

Personalised recommendations