Abstract
In this paper we further the study of index calculus methods for solving the elliptic curve discrete logarithm problem (ECDLP). We focus on the index calculus for subfield curves, also called Koblitz curves, defined over \(\mathbb {F}_q\) with ECDLP in \(\mathbb {F}_{q^n}\). Instead of accelerating the solution of polynomial systems during index calculus as was predominantly done in previous work, we define factor bases that are invariant under the q-power Frobenius automorphism of the field \(\mathbb {F}_{q^n}\), reducing the number of polynomial systems that need to be solved. A reduction by a factor of 1/n is the best one could hope for. We show how to choose factor bases to achieve this, while simultaneously accelerating the linear algebra step of the index calculus method for Koblitz curves by a factor \(n^2\). Furthermore, we show how to use the Frobenius endomorphism to improve symmetry breaking for Koblitz curves. We provide constructions of factor bases with the desired properties, and we study their impact on the polynomial system solving costs experimentally.
This is a preview of subscription content, access via your institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Benjamin, A.T., Bennett, C.D.: The probability of relatively prime polynomials. Math. Mag. 80(3), 196–202 (2007)
Couveignes, J.-M., Lercier, R.: Galois invariant smoothness basis. In: Algebraic Geometry and Its Applications: Dedicated to Gilles Lachaud on His 60th Birthday, pp. 142–167. World Scientific (2008)
Diem, C.: On the discrete logarithm problem in elliptic curves. Compos. Math. 147(1), 75–104 (2011)
Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases (F4). J. Pure Appl. Algebra 139(1–3), 61–88 (1999)
Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases without reduction to zero (F5). In: Proceedings of the 2002 International Symposium on Symbolic and Algebraic Computation, pp. 75–83 (2002)
Faugère, J.-C., Gaudry, P., Huot, L., Renault, G.: Using symmetries in the index calculus for elliptic curves discrete logarithm. J. Cryptol. 27(4), 595–635 (2014)
Faugère, J.-C., Gianni, P., Lazard, D., Mora, T.: Efficient computation of zero-dimensional Gröbner bases by change of ordering. J. Symb. Comput. 16(4), 329–344 (1993)
Faugère, J.-C., Perret, L., Petit, C., Renault, G.: Improving the complexity of index calculus algorithms in elliptic curves over binary fields. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 27–44. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_4
Galbraith, S.D., Gaudry, P.: Recent progress on the elliptic curve discrete logarithm problem. Des. Codes Crypt. 78(1), 51–72 (2015). https://doi.org/10.1007/s10623-015-0146-7
Gaudry, P.: An algorithm for solving the discrete log problem on hyperelliptic curves. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 19–34. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_2
Gaudry, P.: Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem. J. Symb. Comput. 44(12), 1690–1702 (2009)
Gorla, E., Massierer, M.: Index calculus in the trace zero variety. Adv. Math. Commun. 9(4), 515–539 (2015)
Huang, M.-D.A., Kosters, M., Yeo, S.L.: Last fall degree, HFE, and Weil descent attacks on ECDLP. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. Part I, LNCS, vol. 9215, pp. 581–600. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_28
Huang, Y.-J., Petit, C., Shinohara, N., Takagi, T.: Improvement of Faugère et al.’s method to solve ECDLP. In: Sakiyama, K., Terada, M. (eds.) IWSEC 2013. LNCS, vol. 8231, pp. 115–132. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41383-4_8
Joux, A., Lercier, R.: The function field sieve in the medium prime case. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 254–270. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_16
Joux, A., Vitse, V.: Elliptic curve discrete logarithm problem over small degree extension fields. J. Cryptol. 26(1), 119–143 (2013)
Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)
Menezes, A., Qu, M.: Analysis of the Weil descent attack of Gaudry, Hess and smart. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 308–318. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-45353-9_23
Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986). https://doi.org/10.1007/3-540-39799-X_31
Nagao, K.: Decomposition formula of the Jacobian group of plane curve (2013)
Petit, C., Quisquater, J.-J.: On polynomial systems arising from a Weil descent. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 451–466. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_28
Pohlig, S., Hellman, M.: An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (corresp.). IEEE Trans. Inf. Theory 24(1), 106–110 (1978)
Pollard, J.M.: Kangaroos, monopoly and discrete logarithms. J. Cryptol. 13(4), 437–447 (2000)
Rescorla, E., Dierks, T.: The transport layer security (TLS) protocol version 1.3 (2018)
Semaev, I.: Summation polynomials and the discrete logarithm problem on elliptic curves. IACR Cryptology ePrint Archive 2004:31 (2004)
Semaev, I.: New algorithm for the discrete logarithm problem on elliptic curves. Cryptology ePrint Archive, Report 2015/310 (2015). https://eprint.iacr.org/2015/310
Smart, N.P.: Elliptic curve cryptosystems over small fields of odd characteristic. J. Cryptol. 12(2), 141–151 (1999)
Van Oorschot, P.C., Wiener, M.J.: Parallel collision search with cryptanalytic applications. J. Cryptol. 12(1), 1–28 (1999)
Wiedemann, D.: Solving sparse linear equations over finite fields. IEEE Trans. Inf. Theory 32(1), 54–62 (1986)
Wiener, M.J., Zuccherato, R.J.: Faster attacks on elliptic curve cryptosystems. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 190–200. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48892-8_15
Acknowledgements
We thank Jean-Marc Couveignes and Reynald Lercier for their work on Galois invariant smoothness bases [2] and helpful conversations about the topic. Furthermore, we would like to thank the anonymous reviewers for their helpful comments on the submitted manuscript of this paper. Christophe Petit’s work was supported by EPSRC grant EP/S01361X/1. Simon-Philipp Merz was supported by the EPSRC grant EP/P009301/1.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Galbraith, S.D., Granger, R., Merz, SP., Petit, C. (2021). On Index Calculus Algorithms for Subfield Curves. In: Dunkelman, O., Jacobson, Jr., M.J., O'Flynn, C. (eds) Selected Areas in Cryptography. SAC 2020. Lecture Notes in Computer Science(), vol 12804. Springer, Cham. https://doi.org/10.1007/978-3-030-81652-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-81652-0_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-81651-3
Online ISBN: 978-3-030-81652-0
eBook Packages: Computer ScienceComputer Science (R0)