Elliptic Curve Discrete Logarithms and the Index Calculus

  • Joseph H. Silverman
  • Joe Suzuki
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1514)

Abstract

The discrete logarithm problem forms the basis of numerous cryptographic systems. The most effective attack on the discrete logarithm problem in the multiplicative group of a finite field is via the index calculus, but no such method is known for elliptic curve discrete logarithms. Indeed, Miller [23] has given a brief heuristic argument as to why no such method can exist. IN this note we give a detailed analysis of the index calculus for elliptic curve discrete logarithms, amplifying and extending miller’s remarks. Our conclusions fully support his contention that the natural generalization of the index calculus to the elliptic curve discrete logarithm problem yields an algorithm with is less effecient than a brute-force search algorithm.

References

  1. 1.
    Adleman, L., A subexponential algorithm for the discrete logarithm problem with applications to cryptography, Proc. 20th IEEE Found. Comp. Sci. Symp., 1979, pp. 55–60.Google Scholar
  2. 2.
    L. Adleman, J. DeMarrais and M. Huang,, A subexponential algorithm for discrete logarithms over the rational subgroup of the jacobians of large genus hyperelliptic curves over finite fields, Algorithmic Number Theory, Lecture Notes in Computer Science, volume 877, Springer-Verlag, 1994, pp. 28–40.Google Scholar
  3. 3.
    A.O. Atkins, The number of points on an elliptic curve modulo a prime, preprint, 1988.Google Scholar
  4. 4.
    R. Balasubramanian and N. Koblitz,, The improbability that an elliptic curve has subexponential discrete log problem under the Menezes-Okamoto-Vanstone algorithm, Journal of Cryptology (to appear).Google Scholar
  5. 5.
    Canfield, E.R., Erdös, P., Pomerance, C., On a problem of Oppenheim concerning ‘Factorisation Numerorum’, Journal Number Theory 17 (1983), 1–28.MATHCrossRefGoogle Scholar
  6. 6.
    Certicom White Paper, Remarks on the security of the elliptic curve cryptosystem, http://www.certicom.com/ecc/wecc3.htm.
  7. 7.
    T. ElGamal, A public-key cryptosystem and a signature scheme based on discrete logarithms, IEEE Transactions on Information Theory 31 (1985), 469–472.MATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    N. Elkies, Explicit isogenies, preprint, 1991.Google Scholar
  9. 9.
    G. Frey and H. Rück, A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves, Mathematics of Computation 62 (1994), 865–874.MATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    D. Gordon, Discrete logarithms in GF(p) using the number field sieve, SIAM Journal on Discrete Mathematics 6 (1993), 124–138.MATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    M. Hindry and J. Silverman, The canonical height and integral points on elliptic curves, Invent. Math. 93 (1988), 419–450.MATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    N. Koblitz, Elliptic curve cryptosystems, Mathematics of Computation 48 (1987), 203–209.MATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    —, CM-curves with good cryptographic properties, Advances in Cryptology-CRYPTO’ 91, Lecture Notes in Computer Science, volume 576, Springler-Verlag, 1992, pp. 279–287.Google Scholar
  14. 14.
    Kraitchik, M., Théorie des Nombres, volume 1, Gauthier-Villars, 1922.Google Scholar
  15. 15.
    —, Reserches sur la théorie des nombres, Gauthier-Villars, 1924.Google Scholar
  16. 16.
    B.A. LaMacchia and A.M. Odlyzko, Computation of discrete logarithms in prime fields, Designs, Codes and Cryptography 1 (1991), 47–62.MATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    S. Lang, Fundamentals of Diophantine Geometry, Springer-Verlag, New York, 1983.MATHGoogle Scholar
  18. 18.
    —, Elliptic Curves: Diophantine Analysis, Springer-Verlag, New York, 1978.MATHGoogle Scholar
  19. 19.
    R. Martin and W. McMillen, An elliptic curve over 2e with rank at least 23, announcement, June 1997.Google Scholar
  20. 20.
    A. Menezes, T. Okamoto and S. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field, IEEE Transactions on Information Theory 39 (1993), 1639–1646.MATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    J.F. Mestre, Formules explicites et minoration de conducteurs de variétés algébriques, Compositio Math. 58 (1986), 209–232.MATHMathSciNetGoogle Scholar
  22. 22.
    —, Constructiuon d’une courbe elliptique de rang ≥ 12, C.R. Acad. Sc. Paris t. 295 (1982), 643–644.MATHMathSciNetGoogle Scholar
  23. 23.
    V.S. Miller, Use of elliptic curves in cryptography, Advances in Cryptology CRYPTO’ 85 (Lecture Notes in Computer Science, vol. 218), Springer-Verlag, 1986, pp. 417–426.Google Scholar
  24. 24.
    A. Miyaji, On ordinary elliptic curve cryptosystems, Advances in Cryptology-ASIACRYPT’ 91, Lecture Notes in Computer Science, volume 218, Springer-Verlag, 1993, pp. 460–469.Google Scholar
  25. 25.
    S. Pohlig and M. Hellman, An improved algorithm for computing logarithms over GF(p) and its cryptographic significance, IEEE Transactions on Information Theory 24 (1978), 106–110.MATHCrossRefMathSciNetGoogle Scholar
  26. 26.
    J. Pollard, Monte Carlo methods for index computation mod p, Mathematics of Computation 32 (1978), 918–924.MATHCrossRefMathSciNetGoogle Scholar
  27. 27.
    H. H. Rück, On the discrete logarithms on some elliptic curves, preprint, 1997.Google Scholar
  28. 28.
    T. Satoh and K. Araki, Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves, preprint.Google Scholar
  29. 29.
    O. Schirokauer, D. Weber, and Th. Denny, Discrete logarithms: The effectiveness of the index calculus method, Algorithmic Number Theory, (ANTS-II, Talence, France, 1996), Lect. Notes in Computer Sci., vol. 1122, Springer-Verlag, 1996, pp. 337–362.MathSciNetGoogle Scholar
  30. 30.
    R. Schoof, Elliptic curves over finite fields and the computation of square roots modulo p, Math. Comp. 44 (1985), 483–494.MATHCrossRefMathSciNetGoogle Scholar
  31. 31.
    I. Semaev, Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p, Mathematics of Computation 67 (1998), 353–356.MATHCrossRefMathSciNetGoogle Scholar
  32. 32.
    V. Shoup, Lower bounds for discrete logarithms and related problems, Advances in Cryptology-EUROCRYPT’ 97, Lecture Notes in Computer Science, volume 1233, Springer-Verlag, 1997, pp. 256–266.Google Scholar
  33. 33.
    J.H. Silverman, The Arithmetic of Elliptic Curves, Graduate Texts in Math., vol. 106, Springer-Verlag, Berlin and New York, 1986.Google Scholar
  34. 34.
    —, Advanced Topics in the Arithmetic of Elliptic Curves, Graduate Texts in Math., vol. 151, Springer-Verlag, Berlin and New York, 1994.Google Scholar
  35. 35.
    —, Lower bound for the canonical height on elliptic curves, Duke Math. J. 48 (1981), 633–648.MATHCrossRefMathSciNetGoogle Scholar
  36. 36.
    —, The difference between the Weil height and the canonical height on elliptic curves, Math. Comp. 192 (1990), 723–743.CrossRefGoogle Scholar
  37. 37.
    —, Computing heights on elliptic curves, Math. Comp. 51 (1988), 339–358.MATHCrossRefMathSciNetGoogle Scholar
  38. 38.
    —, Computing canonical heights with little (or no) factorization, Math. Comp. 66 (1997), 787–805.MATHCrossRefMathSciNetGoogle Scholar
  39. 39.
    N. Smart, Announcement of an attack on the ECDLP for anomalous elliptic curves, preprint, 1997.Google Scholar
  40. 40.
    J. Solinas, An improved algorithm for arithmetic on a family of elliptic curves, Advances in Cryptology-CRYPTO’ 97, Lecture Notes in Computer Science, volume 1294, Springer-Verlag, 1997, pp. 357–371.Google Scholar
  41. 41.
    J. Voloch, The discrete logarithm problem on elliptic curves and descents, preprint, 1997.Google Scholar
  42. 42.
    Weber, D., Computing discrete logarithms with the general number field sieve, Algorithmic Number Theory, (ANTS-II, Talence, France, 1996), Lect. Notes in Computer Sci., vol. 1122, Springer-Verlag, 1996, pp. 391–403.Google Scholar
  43. 43.
    A.E. Western and J.C.P. Miller, Tables of Indices and Primitive Roots, Royal Society Mathematical Tables, vol. 9, Cambridge Univ. Press, 1968.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Joseph H. Silverman
    • 1
  • Joe Suzuki
    • 2
  1. 1.Mathematics DepartmentBrown UniversityProvidenceUSA
  2. 2.Department of MathematicsOsaka UniversityOsakaJapan

Personalised recommendations