Quantum Attacks on ECDLP-Based Cryptosystems

  • Song Y. Yan


In this chapter we shall first study the elliptic curve discrete logarithm problem (ECDLP) and the classical solutions to ECDLP, and then we shall discuss some of the most popular ECDLP-based cryptographic systems for which there is no efficient cryptanalytic algorithm. Finally, we shall introduce some quantum algorithms for attacking both the ECDLP problem and the ECDLP-based cryptographic systems.


Elliptic Curve Elliptic Curf Quantum Algorithm Discrete Logarithm Elliptic Curve Cryptography 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [1]
    G. Agnew, R. Mullin, S.A. Vanstone, An implementation of elliptic curve cryptosystems over \(\mathbb{F}_{{2}^{155}}\). IEEE J. Sel. Areas Comm. 11, 804–813 (1993)CrossRefGoogle Scholar
  2. [2]
    R.M. Avanzi, Development of Curve Based Cryptography (Ruhr-Universität Bochum, Germany, 2007), p. 12Google Scholar
  3. [3]
    I. Blake, G. Seroussi, N. Smart, Elliptic Curves in Cryptography (Cambridge University Press, Cambridge, 1999)MATHGoogle Scholar
  4. [4]
    I. Blake, G. Seroussi, N. Smart, Advances in Elliptic Curves Cryptography (Cambridge University Press, Cambridge, 2005)CrossRefGoogle Scholar
  5. [5]
    J.W. Bos, M.E. Kaihara, T. Kleinjung et al., On the security of 1024-bit RSA and 160-bit elliptic curve cryptography, in IACR Cryptology ePrint Archive (2009), p. 19Google Scholar
  6. [6]
    J.W. Bos, M.E. Kaihara, T. Kleinjung et al., Solving a 112-bit prime elliptic curve discrete logarithm problem on game consoles using sloppy reduction. Int. J. Appl. Cryptography 2(3), 212–228 (2012)MathSciNetMATHCrossRefGoogle Scholar
  7. [7]
    D.E. Browne, Efficient classical simulation of the quantum fourier transform. New J. Phys. 9, 146, 1–7 (2007)Google Scholar
  8. [8]
    Certicom Research, Certicom ECC Challenge, 47 pp. (2009)
  9. [9]
    D. Cheung, D. Maslo et al., On the design and optimization of a quantum polynomial-time attack on elliptic curve cryptography, in Theory of Quantum Computation, Communication, and Cryptography Third Workshop, Theory of Quantum Computing 2008. Lecture Notes in Computer Science, vol. 5106 (Springer, New York, 2008), pp. 96–104Google Scholar
  10. [10]
    H. Cohen, G. Frey, Handbook of Elliptic and Hyperelliptic Curve Cryptography (CRC Press, Boca Raton, 2006)MATHGoogle Scholar
  11. [11]
    S. Cook, The P versus NP problem, in The Millennium Prize Problems, ed. by J. Carlson, A. Jaffe, A. Wiles (Clay Mathematics Institute/American Mathematical Society, Providence, 2006), pp. 87–104Google Scholar
  12. [12]
    R. Crandall, C. Pomerance, Prime Numbers – A Computational Perspective, 2nd edn. (Springer, New York, 2005)MATHGoogle Scholar
  13. [13]
    N. Demytko, A new elliptic curve based analogue of RSA, in Advances in Cryptology – EUROCRYPT 93. Lecture Notes in Computer Science, vol. 765 (Springer, New York, 1994), pp. 40–49Google Scholar
  14. [14]
    J. Eicher, Y. Opoku, Using the Quantum Computer to Break Elliptic Curve Cryptosystems (University of Richmond, Richmond, 1997), p. 28Google Scholar
  15. [15]
    G. Frey, The arithmetic behind cryptography. Not. AMS 57(3), 366–374 (2010)MathSciNetMATHGoogle Scholar
  16. [16]
    G. Frey, M. Müller, H.G. Rück, The Tate pairing and the Discrete Logarithm Applied to Elliptic Curve Cryptosystems (University of Essen, Germany, 1998), p. 5Google Scholar
  17. [17]
    M.R. Garey, D.S. Johnson, Computers and Intractability – A Guide to the Theory of NP-Completeness (W.H. Freeman and Company, New York, 1979)MATHGoogle Scholar
  18. [18]
    D. Hankerson, A.J. Menezes, S. Vanstone, Guide to Elliptic Curve Cryptography (Springer, New York, 2004)MATHGoogle Scholar
  19. [19]
    G.H. Hardy, E.M. Wright, An Introduction to Theory of Numbers, 6th edn. (Oxford University Press, Oxford, 2008)MATHGoogle Scholar
  20. [20]
    J. Hoffstein, J. Pipher, J.H. Silverman, An Introduction to Mathematical Cryptography (Springer, New York, 2008)MATHGoogle Scholar
  21. [21]
    D. Husemöller, in Elliptic Curves. Graduate Texts in Mathematics, vol. 111 (Springer, New York, 1987)Google Scholar
  22. [22]
    G. Iaccarino, T. Mazza, Fast parallel molecular algorithms for the elliptic curve logarithm problem over GF(2n), in Proceedings of the 2009 Workshop on Bio-inspired Algorithms for Distributed Systems (ACM, New York, 2008), pp. 95–104Google Scholar
  23. [23]
    K. Ireland, M. Rosen, in A Classical Introduction to Modern Number Theory, 2nd edn. Graduate Texts in Mathematics, vol. 84 (Springer, New York, 1990)Google Scholar
  24. [24]
    M.J. Jacobson, N. Koblitz, J.H. Silverman, A. Stein, E. Teske, Analysis of the Xedni calculus attack. Des. Codes Cryptography 20, 41–64 (2000)MathSciNetMATHCrossRefGoogle Scholar
  25. [25]
    R. Jain, Z. Ji et al., QIP = PSPACE. Comm. ACM 53(9), 102–109 (2010)CrossRefGoogle Scholar
  26. [26]
    D. Johnson, A. Menezes, S. Vanstone, The elliptic curve digital signatures algorithm (ECDSA). Int. J. Inf. Sec. 1(1), 36–63 (2001)Google Scholar
  27. [27]
    O. Johnston, A Discrete Logarithm Attack on Elliptic Curves. IACR Cryptology ePrint Archive, vol. 575, p. 14 (2010)Google Scholar
  28. [28]
    K. Karabina, A. Menezes, C. Pomerance, I.E. Shparlinski, On the asymptotic effectiveness of Weil descent attacks. J. Math. Cryptol. 4(2), 175–191 (2010)MathSciNetMATHCrossRefGoogle Scholar
  29. [29]
    P. Kaye, Techniques for Quantum Computing. Ph.D. Thesis, University of Waterloo, 2007, p. 151Google Scholar
  30. [30]
    P. Kaye, C. Zalka, Optimized quantum implementation of elliptic curve arithmetic over binary fields. Quant. Inf. Comput. 5(6), 474–491 (2006)Google Scholar
  31. [31]
    N. Koblitz, Elliptic curve cryptography. Math. Comput. 48, 203–209 (1987)MathSciNetMATHCrossRefGoogle Scholar
  32. [32]
    N. Koblitz, in A Course in Number Theory and Cryptography, 2nd edn. Graduate Texts in Mathematics vol. 114 (Springer, New York, 1994)Google Scholar
  33. [33]
    N. Koblitz, in Algebraic Aspects of Cryptography. Algorithms and Computation in Mathematics, vol. 3 (Springer, New York, 1998)Google Scholar
  34. [34]
    N. Koblitz, Cryptography, in Mathematics Unlimited – 2001 and Beyond, ed. by B. Enguist, W. Schmid (Springer, New York, 2001), pp. 749–769CrossRefGoogle Scholar
  35. [35]
    N. Koblitz, A. Menezes, S.A. Vanstone, The state of elliptic curve cryptography. Des. Codes Cryptography 19, 173–193 (2000)MathSciNetMATHCrossRefGoogle Scholar
  36. [36]
    K. Koyama, U.M. Maurer, T. Okamoto, S.A. Vanstone, New public-key schemes based on elliptic curves over the ring \(\mathbb{Z}_{n}\). (NTT Laboratories, Kyoto, 1991)Google Scholar
  37. [37]
    K. Lauter, The advantages of elliptic curve cryptography for wireless security. IEEE Wirel. Comm. 11(1), 62–67 (2004)CrossRefGoogle Scholar
  38. [38]
    H.W. Lenstra Jr., Elliptic Curves and Number-Theoretic Algorithms (Mathematisch Instituut, Universiteit van Amsterdam, Amsterdam, 1986)Google Scholar
  39. [39]
    K. Li, S. Zou, J. Xv, Fast parallel molecular algorithms for DNA-based computation solving the elliptic curve logarithm problem over GF(2n). J. Biomed. Biotechnol. Article ID 518093, 10 (2008)Google Scholar
  40. [40]
    A. Menezes, S.A. Vanstone, Elliptic curve cryptosystems and their implementation. J. Cryptol. 6, 209–224 (1993)MathSciNetMATHCrossRefGoogle Scholar
  41. [41]
    A. Menezes, T. Okamoto, S.A. Vanstone, Reducing elliptic curve logarithms in a finite field. IEEE Trans. Inf. Theor. 39(5), 1639–1646 (1993)MathSciNetMATHCrossRefGoogle Scholar
  42. [42]
    A. Menezes, P.C. van Oorschot, S.A. Vanstone, Handbook of Applied Cryptography (CRC Press, Boca Raton, 1996)CrossRefGoogle Scholar
  43. [43]
    A.J. Menezes, Elliptic Curve Public Key Cryptography (Kluwer, Dordrecht, 1993)CrossRefGoogle Scholar
  44. [44]
    J.F. Mestre, Formules Explicites et Minoration de Conducteurs de Variétés algébriques. Compositio Math. 58, 209–232 (1986)MathSciNetMATHGoogle Scholar
  45. [45]
    B. Meyer, V. Müller, A public key cryptosystem based on elliptic curves over \(\mathbb{Z}/n\mathbb{Z}\) equivalent to factoring, in Advances in Cryptology, EUROCRYPT ’96. Proceedings, Lecture Notes in Computer Science, vol. 1070 (Springer, New York, 1996), pp. 49–59Google Scholar
  46. [46]
    V. Miller, Uses of elliptic curves in cryptography, in Lecture Notes in Computer Science, vol. 218 (Springer, New York, 1986), pp. 417–426Google Scholar
  47. [47]
    R.A. Mollin, An Introduction to Cryptography, 2nd edn. (Chapman & Hall/ CRC, London/West Palm Beach, 2006)Google Scholar
  48. [48]
    R.A. Mollin, Algebraic Number Theory, 2nd edn. (Chapman & Hall/CRC, London/West Palm Beach, 2011)MATHGoogle Scholar
  49. [49]
    M.A. Nielson, I.L. Chuang, Quantum Computation and Quantum Information, 10th Anniversary edn. (Cambridge University Press, Cambridge, 2010)Google Scholar
  50. [50]
    J. Proos, C. Zalka, Shor’s discrete logarithm quantum algorithm for elliptic curves. Quant. Inf. Comput. 3(4), 317–344 (2003)MathSciNetMATHGoogle Scholar
  51. [51]
    M. Rosing, Implementing Elliptic Curve Cryptography (Manning, New York, 1999)Google Scholar
  52. [52]
    R. Schoof, Elliptic curves over finite fields and the computation of square roots mod p. Math. Comput. 44, 483–494 (1985)Google Scholar
  53. [53]
    P. Shor, Algorithms for quantum computation: discrete logarithms and factoring, in Proceedings of 35th Annual Symposium on Foundations of Computer Science (IEEE Computer Society, Silver Spring, 1994), pp. 124–134Google Scholar
  54. [54]
    P. Shor, Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)MathSciNetMATHCrossRefGoogle Scholar
  55. [55]
    J.H. Silverman, The Xedni calculus and the elliptic curve discrete logarithm problem. Des. Codes Cryptography 20, 5–40 (2000)MATHCrossRefGoogle Scholar
  56. [56]
    J.H. Silverman, in The Arithmetic of Elliptic Curves. Graduate Texts in Mathematics, vol. 106, 2nd edn. (Springer, New York, 2010)Google Scholar
  57. [57]
    J.H. Silverman, J. Suzuki, Elliptic curve discrete logarithms and the index calculus, in Advances in Cryptology – ASIACRYPT ’98. Lecture Notes in Computer Science, vol. 1514 (Springer, New York, 1998), pp. 110–125Google Scholar
  58. [58]
    N. Smart, Cryptography: An Introduction (McGraw-Hill, New York, 2003)Google Scholar
  59. [59]
    M. Stamp, R.M. Low, Applied Cryptanalysis (Wiley, New York, 2007)CrossRefGoogle Scholar
  60. [60]
    A. Stanoyevitch, Introduction to Cryptography (CRC Press, West Palm Beach, 2011)MATHGoogle Scholar
  61. [61]
    D.R. Stinson, Cryptography: Theory and Practice, 2nd edn. (Chapman & Hall/CRC Press, London/West Palm Beach, 2002)Google Scholar
  62. [62]
    H.C.A. van Tilborg, Fundamentals of Cryptography (Kluwer, Dordrecht, 1999)Google Scholar
  63. [63]
    W. Trappe, L. Washington, Introduction to Cryptography with Coding Theory, 2nd edn. (Prentice-Hall, Englewood Cliffs, 2006)MATHGoogle Scholar
  64. [64]
    R. van Meter, K.M. Itoh, Fast quantum modular exponentiation. Phys. Rev. A 71, 052320, 1–12 (2005)Google Scholar
  65. [65]
    S.S. Wagstaff Jr., Cryptanalysis of Number Theoretic Ciphers (Chapman & Hall/CRC, London/West Palm Beach, 2002)Google Scholar
  66. [66]
    L. Washington, Elliptic Curves: Number Theory and Cryptography, 2nd edn. (Chapman & Hall/CRC, London/West Palm Beach, 2008)MATHCrossRefGoogle Scholar
  67. [67]
    C.P. Williams, Explorations in Quantum Computation, 2nd edn. (Springer, New York, 2011)CrossRefGoogle Scholar
  68. [68]
    C.P. Williams, S.H. Clearwater, Ultimate Zero and One: Computing at the Quantum Frontier (Copernicus, New York, 2000)CrossRefGoogle Scholar
  69. [69]
    S.Y. Yan, Number Theory for Computing, 2nd edn. (Springer, New York, 2002)MATHGoogle Scholar
  70. [70]
    S.Y. Yan, in Primality Testing and Integer Factorization in Public-Key Cryptography. Advances in Information Security, vol. 11, 2nd edn. (Springer, New York, 2009)Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2013

Authors and Affiliations

  • Song Y. Yan
    • 1
  1. 1.Department of MathematicsHarvard UniversityCambridgeUSA

Personalised recommendations