Summation Polynomial Algorithms for Elliptic Curves in Characteristic Two

Galbraith, Steven D.; Gebregiyorgis, Shishay W.

doi:10.1007/978-3-319-13039-2_24

Summation Polynomial Algorithms for Elliptic Curves in Characteristic Two

Steven D. Galbraith¹⁵ &
Shishay W. Gebregiyorgis¹⁵

Conference paper
First Online: 25 October 2014

1065 Accesses
14 Citations

Part of the Lecture Notes in Computer Science book series (LNSC,volume 8885)

Abstract

The paper is about the discrete logarithm problem for elliptic curves over characteristic 2 finite fields \({\mathbb {F}}_{2^n}\) of prime degree \(n\). We consider practical issues about index calculus attacks using summation polynomials in this setting. The contributions of the paper include: a new choice of variables for binary Edwards curves (invariant under the action of a relatively large group) to lower the degree of the summation polynomials; a choice of factor base that “breaks symmetry” and increases the probability of finding a relation; an experimental investigation of the use of SAT solvers rather than Gröbner basis methods for solving multivariate polynomial equations over \({\mathbb {F}}_2\).

We show that our new choice of variables gives a significant improvement to previous work in this case. The symmetry-breaking factor base and use of SAT solvers seem to give some benefits in practice, but our experimental results are not conclusive. Our work indicates that Pollard rho is still much faster than index calculus algorithms for the ECDLP over prime extension fields \({\mathbb {F}}_{2^n}\) of reasonable size.

Keywords

ECDLP
Summation polynomials
Index calculus

This is a preview of subscription content, access via your institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Bernstein, D.J., Lange, T., Rezaeian Farashahi, R.: Binary Edwards Curves. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 244–265. Springer, Heidelberg (2008)
CrossRef Google Scholar
Bettale, L., Faugère, J.-C., Perret, L.: Hybrid approach for solving multivariate systems over finite fields. J. Math. Crypt. 3, 177–197 (2009)
MATH Google Scholar
Courtois, N.T., Bard, G.V.: Algebraic Cryptanalysis of the Data Encryption Standard. In: Galbraith, S.D. (ed.) Cryptography and Coding 2007. LNCS, vol. 4887, pp. 152–169. Springer, Heidelberg (2007)
CrossRef Google Scholar
Diem, C.: On the discrete logarithm problem in elliptic curves over non-prime finite fields. In: Lecture at ECC 2004 (2004)
Google Scholar
Diem, C.: On the discrete logarithm problem in class groups of curves. Mathematics of Computation 80, 443–475 (2011)
CrossRef MathSciNet MATH Google Scholar
Diem, C.: On the discrete logarithm problem in elliptic curves. Composition Math. 147(1), 75–104 (2011)
CrossRef MathSciNet MATH Google Scholar
Diem, C.: On the discrete logarithm problem in elliptic curves II. Algebra and Number Theory 7(6), 1281–1323 (2013)
CrossRef MathSciNet MATH Google Scholar
Faugère, J.-C., Perret, L., Petit, C., Renault, G.: Improving the Complexity of Index Calculus Algorithms in Elliptic Curves over Binary Fields. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 27–44. Springer, Heidelberg (2012)
CrossRef Google Scholar
Faugère, J.-C., Gaudry, P., Huot, L., Renault, G.: Using Symmetries in the Index Calculus for Elliptic Curves Discrete Logarithm. Journal of Cryptology (to appear, 2014)
Google Scholar
Faugère, J.-C., Huot, L., Joux, A., Renault, G., Vitse, V.: Symmetrized Summation Polynomials: Using Small Order Torsion Points to Speed Up Elliptic Curve Index Calculus. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 40–57. Springer, Heidelberg (2014)
CrossRef Google Scholar
Faugère, J.-C., Gianni, P., Lazard, D., Mora, T.: Efficient Computation of zero-dimensional Gröbner bases by change of ordering. Journal of Symbolic Computation 16(4), 329–344 (1993)
CrossRef MathSciNet MATH Google Scholar
Gaudry, P., Hess, F., Smart, N.P.: Constructive and destructive facets of Weil descent on elliptic curves. J. Crypt. 15(1), 19–46 (2002)
CrossRef MathSciNet Google Scholar
Gaudry, P.: Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem. Journal of Symbolic Computation 44(12), 1690–1702 (2009)
CrossRef MathSciNet MATH Google Scholar
Gomes, C.P., Selman, B., Kautz, H.: Boosting combinatorial search through randomization. In: Mostow, J., Rich, C. (eds.) Proceedings AAAI 1998, pp. 431–437. AAAI (1998)
Google Scholar
Huang, Y.-J., Petit, C., Shinohara, N., Takagi, T.: Improvement of Faugère et al.’s Method to Solve ECDLP. In: Sakiyama, K., Terada, M. (eds.) IWSEC 2013. LNCS, vol. 8231, pp. 115–132. Springer, Heidelberg (2013)
CrossRef Google Scholar
Joux, A., Vitse, V.: Cover and Decomposition Index Calculus on Elliptic Curves Made Practical. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 9–26. Springer, Heidelberg (2012)
CrossRef Google Scholar
McDonald, C., Charnes, C., Pieprzyk, J.: Attacking Bivium with MiniSat, ECRYPT Stream Cipher Project, Report 2007/040 (2007)
Google Scholar
Petit, C., Quisquater, J.-J.: On Polynomial Systems Arising from a Weil Descent. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 451–466. Springer, Heidelberg (2012)
CrossRef Google Scholar
Shantz, M., Teske, E.: Solving the Elliptic Curve Discrete Logarithm Problem Using Semaev Polynomials, Weil Descent and Gröbner Basis Methods – An Experimental Study. In: Fischlin, M., Katzenbeisser, S. (eds.) Buchmann Festschrift. LNCS, vol. 8260, pp. 94–107. Springer, Heidelberg (2013)
Google Scholar
Semaev, I.: Summation polynomials and the discrete logarithm problem on elliptic curves, Cryptology ePrint Archive, Report 2004/031 (2004)
Google Scholar
Sörensson, N., Eén, N.: Minisat 2.1 and Minisat++ 1.0 SAT race 2008 editions, SAT, pp. 31–32 (2008)
Google Scholar
Yang, B.-Y., Chen, J.-M.: Theoretical analysis of XL over small fields. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 277–288. Springer, Heidelberg (2004)
CrossRef Google Scholar
Yang, B.-Y., Chen, J.-M., Courtois, N.: On asymptotic security estimates in XL and Gröbner bases-related algebraic cryptanalysis. In: Lopez, J., Qing, S., Okamoto, E. (eds.) ICICS 2004. LNCS, vol. 3269, pp. 401–413. Springer, Heidelberg (2004)
CrossRef Google Scholar

Download references

Author information

Authors and Affiliations

Mathematics Department, University of Auckland, Auckland, New Zealand
Steven D. Galbraith & Shishay W. Gebregiyorgis

Authors

Steven D. Galbraith
View author publications
You can also search for this author in PubMed Google Scholar
Shishay W. Gebregiyorgis
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Steven D. Galbraith .

Editor information

Editors and Affiliations

Hochschule für Technik, Fachhochschule Nordwestschweiz, Windisch, Switzerland
Willi Meier
Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India
Debdeep Mukhopadhyay

Rights and permissions

Reprints and Permissions

Copyright information

About this paper

Cite this paper

Galbraith, S.D., Gebregiyorgis, S.W. (2014). Summation Polynomial Algorithms for Elliptic Curves in Characteristic Two. In: Meier, W., Mukhopadhyay, D. (eds) Progress in Cryptology -- INDOCRYPT 2014. INDOCRYPT 2014. Lecture Notes in Computer Science(), vol 8885. Springer, Cham. https://doi.org/10.1007/978-3-319-13039-2_24

Download citation

DOI: https://doi.org/10.1007/978-3-319-13039-2_24
Published: 25 October 2014
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-13038-5
Online ISBN: 978-3-319-13039-2
eBook Packages: Computer ScienceComputer Science (R0)