Advertisement

Summation Polynomial Algorithms for Elliptic Curves in Characteristic Two

  • Steven D. GalbraithEmail author
  • Shishay W. Gebregiyorgis
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8885)

Abstract

The paper is about the discrete logarithm problem for elliptic curves over characteristic 2 finite fields \({\mathbb {F}}_{2^n}\) of prime degree \(n\). We consider practical issues about index calculus attacks using summation polynomials in this setting. The contributions of the paper include: a new choice of variables for binary Edwards curves (invariant under the action of a relatively large group) to lower the degree of the summation polynomials; a choice of factor base that “breaks symmetry” and increases the probability of finding a relation; an experimental investigation of the use of SAT solvers rather than Gröbner basis methods for solving multivariate polynomial equations over \({\mathbb {F}}_2\).

We show that our new choice of variables gives a significant improvement to previous work in this case. The symmetry-breaking factor base and use of SAT solvers seem to give some benefits in practice, but our experimental results are not conclusive. Our work indicates that Pollard rho is still much faster than index calculus algorithms for the ECDLP over prime extension fields \({\mathbb {F}}_{2^n}\) of reasonable size.

Keywords

ECDLP Summation polynomials Index calculus 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bernstein, D.J., Lange, T., Rezaeian Farashahi, R.: Binary Edwards Curves. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 244–265. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  2. 2.
    Bettale, L., Faugère, J.-C., Perret, L.: Hybrid approach for solving multivariate systems over finite fields. J. Math. Crypt. 3, 177–197 (2009)zbMATHGoogle Scholar
  3. 3.
    Courtois, N.T., Bard, G.V.: Algebraic Cryptanalysis of the Data Encryption Standard. In: Galbraith, S.D. (ed.) Cryptography and Coding 2007. LNCS, vol. 4887, pp. 152–169. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  4. 4.
    Diem, C.: On the discrete logarithm problem in elliptic curves over non-prime finite fields. In: Lecture at ECC 2004 (2004)Google Scholar
  5. 5.
    Diem, C.: On the discrete logarithm problem in class groups of curves. Mathematics of Computation 80, 443–475 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Diem, C.: On the discrete logarithm problem in elliptic curves. Composition Math. 147(1), 75–104 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Diem, C.: On the discrete logarithm problem in elliptic curves II. Algebra and Number Theory 7(6), 1281–1323 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Faugère, J.-C., Perret, L., Petit, C., Renault, G.: Improving the Complexity of Index Calculus Algorithms in Elliptic Curves over Binary Fields. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 27–44. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  9. 9.
    Faugère, J.-C., Gaudry, P., Huot, L., Renault, G.: Using Symmetries in the Index Calculus for Elliptic Curves Discrete Logarithm. Journal of Cryptology (to appear, 2014)Google Scholar
  10. 10.
    Faugère, J.-C., Huot, L., Joux, A., Renault, G., Vitse, V.: Symmetrized Summation Polynomials: Using Small Order Torsion Points to Speed Up Elliptic Curve Index Calculus. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 40–57. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  11. 11.
    Faugère, J.-C., Gianni, P., Lazard, D., Mora, T.: Efficient Computation of zero-dimensional Gröbner bases by change of ordering. Journal of Symbolic Computation 16(4), 329–344 (1993)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Gaudry, P., Hess, F., Smart, N.P.: Constructive and destructive facets of Weil descent on elliptic curves. J. Crypt. 15(1), 19–46 (2002)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Gaudry, P.: Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem. Journal of Symbolic Computation 44(12), 1690–1702 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Gomes, C.P., Selman, B., Kautz, H.: Boosting combinatorial search through randomization. In: Mostow, J., Rich, C. (eds.) Proceedings AAAI 1998, pp. 431–437. AAAI (1998)Google Scholar
  15. 15.
    Huang, Y.-J., Petit, C., Shinohara, N., Takagi, T.: Improvement of Faugère et al.’s Method to Solve ECDLP. In: Sakiyama, K., Terada, M. (eds.) IWSEC 2013. LNCS, vol. 8231, pp. 115–132. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  16. 16.
    Joux, A., Vitse, V.: Cover and Decomposition Index Calculus on Elliptic Curves Made Practical. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 9–26. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  17. 17.
    McDonald, C., Charnes, C., Pieprzyk, J.: Attacking Bivium with MiniSat, ECRYPT Stream Cipher Project, Report 2007/040 (2007)Google Scholar
  18. 18.
    Petit, C., Quisquater, J.-J.: On Polynomial Systems Arising from a Weil Descent. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 451–466. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  19. 19.
    Shantz, M., Teske, E.: Solving the Elliptic Curve Discrete Logarithm Problem Using Semaev Polynomials, Weil Descent and Gröbner Basis Methods – An Experimental Study. In: Fischlin, M., Katzenbeisser, S. (eds.) Buchmann Festschrift. LNCS, vol. 8260, pp. 94–107. Springer, Heidelberg (2013)Google Scholar
  20. 20.
    Semaev, I.: Summation polynomials and the discrete logarithm problem on elliptic curves, Cryptology ePrint Archive, Report 2004/031 (2004)Google Scholar
  21. 21.
    Sörensson, N., Eén, N.: Minisat 2.1 and Minisat++ 1.0 SAT race 2008 editions, SAT, pp. 31–32 (2008)Google Scholar
  22. 22.
    Yang, B.-Y., Chen, J.-M.: Theoretical analysis of XL over small fields. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 277–288. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  23. 23.
    Yang, B.-Y., Chen, J.-M., Courtois, N.: On asymptotic security estimates in XL and Gröbner bases-related algebraic cryptanalysis. In: Lopez, J., Qing, S., Okamoto, E. (eds.) ICICS 2004. LNCS, vol. 3269, pp. 401–413. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Steven D. Galbraith
    • 1
    Email author
  • Shishay W. Gebregiyorgis
    • 1
  1. 1.Mathematics DepartmentUniversity of AucklandAucklandNew Zealand

Personalised recommendations