Abstract
We show that finding an efficiently computable injective homomorphism from the XTR subgroup into the group of points over GF(p 2) of a particular type of supersingular elliptic curve is at least as hard as solving the Diffie-Hellman problem in the XTR subgroup. This provides strong evidence for a negative answer to the question posed by S. Vanstone and A. Menezes at the Crypto 2000 Rump Session on the possibility of efficiently inverting the MOV embedding into the XTR subgroup. As a side result we show that the Decision Diffie-Hellman problem in the group of points on this type of supersingular elliptic curves is efficiently computable, which provides an example of a group where the Decision Diffie-Hellman problem is simple, while the Diffie-Hellman and discrete logarithm problem are presumably not. The cryptanalytical tools we use also lead to cryptographic applications of independent interest. These applications are an improvement of Joux's one round protocol for tripartite Diffie-Hellman key exchange and a non refutable digital signature scheme that supports escrowable encryption. We also discuss the applicability of our methods to general elliptic curves defined over finite fields.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
R. Barasubramanian, N. Koblitz, The improbability that an elliptic curve has subexponential discrete log problem under the MOV algorithm, J. of Cryptology, vol 11, 141–145, 1999.
R. Cramer, R. Gennaro, B. Schoenmakers, A Secure and Optimally Efficient Multi-Authority Election Scheme Advances in Cryptology-EUROCRYPT '97 Proceedings, Springer-Verlag, 1997, 103–118.
R. Cramer, V. Shoup, A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack, Proceedings of Crypto 1998, LNCS 1462, Springer-Verlag, 1998, 13–25.
T. ElGamal, A Public Key Cryptosystem and a Signature scheme Based on Discrete Logarithms, IEEE Transactions on Information Theory 31(4), 1985, 469–472.
A. Joux, A one round protocol for tripartite Diffie-Hellman, 4th International Symposium, Proceedings of ANTS, LNCS 1838, Springer-Verlag, 2000, 385–394.
A. Joux, K. Nguyen, Seperating Decision Diffie-Hellman from Diffie-Hellman in cryptographic groups, in preparation. Available from eprint.iacr.org.
G. Gong, L. Harn, Public key cryptosystems based on cubic finite field extensions, IEEE Trans. on I.T., November 1999.
N. Koblitz, The 4th workshop on Elliptic Curve Cryptography (ECC 2000), Essen, October 4–6 2000.
N. Koblitz, An Elliptic Curve Implementation of the Finite Field Digital Signature Algorithm, Proceedings of Crypto '98, LNCS 1462, Springer-Verlag, 1998, 327–337.
A.K. Lenstra, E.R. Verheul, The XTR public key system, Proceedings of Crypto 2000, LNCS 1880, Springer-Verlag, 2000, 1–19; available from http://www.ecstr.com.
A.K. Lenstra, E.R. Verheul, Key improvements to XTR, Proceedings of Asiacrypt 2000, LNCS 1976, Springer-Verlag, 2000, 220–223; available from http://www.ecstr.com.
A.K. Lenstra, E.R. Verheul, Fast irreducibility and subgroup membership testing in XTR, Proceedings of the 2001 Public Key Cryptography conference, LNCS 1992, Springer-Verlag, 2001, 73–86; available from http://www.ecstr.com.
R. Lidl, W.B. Müller, Permutation Polynomials in RSA-cryptosystems, Crypto '83 Proceedings, Plemium Press, 1984, 293–301.
A. Menezes, Elliptic Curve Public Key Cryptosystems, Kluwer Academic Publishers, Boston 1993.
A. Menezes, T. Okamoto, S.A. Vanstone Reducing elliptic curve logarithms to a finite field, IEEE Trans. Info. Theory, 39, 1639–1646, 1993.
A. Menezes, S.A. Vanstone, ECSTR (XTR): Elliptic Curve Singular Trace Representation, Rump Session of Crypto dy2000.
S.C. Pohlig, M.E. Hellman, An improved algorithm for computing logarithms over GF(p) and its cryptographic significance, IEEE Trans. on IT, 24 (1978), 106–110.
J. Silverman, The Arithmetic on Elliptic Curves, Springer-Verlag, New York, 1986.
P. Smith, C. Skinner, A public-key cryptosystem and a digital signature system based on the Lucas function analogue to discrete logarithms, Asiacrypt '94 proceedings, Springer-Verlag, 1995, 357–364.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Verheul, E.R. (2001). Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems. In: Pfitzmann, B. (eds) Advances in Cryptology — EUROCRYPT 2001. EUROCRYPT 2001. Lecture Notes in Computer Science, vol 2045. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44987-6_13
Download citation
DOI: https://doi.org/10.1007/3-540-44987-6_13
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42070-5
Online ISBN: 978-3-540-44987-4
eBook Packages: Springer Book Archive