Advertisement

Lifting and Elliptic Curve Discrete Logarithms

  • Joseph H. Silverman
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5381)

Abstract

The difficulty of the elliptic curve discrete logarithm problem (ECDLP) underlies the attractiveness of elliptic curves for use in cryptography. The index calculus is a lifting algorithm that solves the classical finite field discrete logarithm problem in subexponential time, but no such algorithm is known in general for elliptic curves. It turns out that there are four distinct lifting scenarios that one can use in attempting to solve the ECDLP; the lifting field may be a local field or a global field, and the lifted points may be torsion points or nontorsion points. These choices lead to four quite different ways to try to solve the ECDLP via lifting. None of these approaches has led to a solution to the ECDLP, but each method has its own reasons for failing to work. In this article I survey the four ways of lifting the ECDLP, explain their similarities and their differences, and describe the distinct roadblocks that arise in each case.

Keywords

Elliptic Curve Elliptic Curf Discrete Logarithm Discrete Logarithm Problem Torsion Point 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Adleman, L.M., DeMarrais, J., Huang, M.-D.A.: A subexponential algorithm for discrete logarithms over hyperelliptic curves of large genus over GF ( q). Theoret. Comput. Sci. 226(1-2), 7–18 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Blake, I.F., Seroussi, G., Smart, N.P.: Elliptic Curves in Cryptography. Cambridge University Press, Cambridge (1999)CrossRefzbMATHGoogle Scholar
  3. 3.
    Breuil, C., Conrad, B., Diamond, F., Taylor, R.: On the modularity of elliptic curves over ℚ: wild 3-adic exercises. J. Amer. Math. Soc. 14, 843–939 (2001)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Cheng, Q., Huang, M.-D.: Partial lifting and the elliptic curve discrete logarithm problem. Algorithmica 46(1), 59–68 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Kim, H.J., Cheon, J.H., Hahn, S.G.: On remarks on lifting problems for elliptic curves. Adv. Stud. Contemp. Math (Pusan) 2, 21–36 (2000)MathSciNetzbMATHGoogle Scholar
  6. 6.
    Cohen, H., Frey, G., Avanzi, R., Doche, C., Lange, T., Nguyen, K., Vercauteren, F.: Handbook of Elliptic and Hyperelliptic Curve Cryptography. Discrete Mathematics and Its Applications (Boca Raton). Chapman & Hall/CRC, Boca Raton (2006)zbMATHGoogle Scholar
  7. 7.
    Deuring, M.: Die Typen der Multiplikatorenringe elliptischer Funktionenkörper. Abh. Math. Sem. Hansischen Univ. 14, 197–272 (1941)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Gross, B., Kohnen, W., Zagier, D.: Heegner points and derivatives of L-series. II. Math. Ann. 278, 497–562 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Gross, B.H., Zagier, D.B.: Heegner points and derivatives of L-series. Invent. Math. 84, 225–320 (1986)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Hindry, M., Silverman, J.H.: The canonical height and integral points on elliptic curves. Invent. Math. 93, 419–450 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Hoffstein, J., Pipher, J., Silverman, J.H.: An Introduction to Mathematical Cryptography, UTM. Springer, New York (2008)zbMATHGoogle Scholar
  12. 12.
    Huang, M.-D., Kueh, K.L., Tan, K.-S.: Lifting elliptic curves and solving the elliptic curve discrete logarithm problem. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 377–384. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. 13.
    Jacobson, M.J., Koblitz, N., Silverman, J.H., Stein, A., Teske, E.: Analysis of the xedni calculus attack. Designs, Codes and Cryptography 20, 41–64 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Koblitz, N.: Elliptic curve cryptosystems. Mathematics of Computation 48, 203–209 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Lang, S.: Elliptic Curves: Diophantine Analysis. In: Grund. Math. Wiss., vol. 231. Springer, Berlin (1978)Google Scholar
  16. 16.
    Masser, D.: Specializations of finitely generated subgroups of abelian varieties. Trans. Amer. Math. Soc. 311, 413–424 (1989)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Mazur, B.: Modular curves and the Eisenstein ideal. Inst. Hautes Études Sci. Publ. Math 47, 33–186 (1977)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Merel, L.: Bornes pour la torsion des courbes elliptiques sur les corps de nombres. Invent. Math. 124, 437–449 (1996)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Mestre, J.-F.: Formules explicites et minoration de conducteurs de variétés algébriques. Compositio Math. 58, 209–232 (1986)MathSciNetGoogle Scholar
  20. 20.
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
  21. 21.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)CrossRefzbMATHGoogle Scholar
  22. 22.
    Néron, A.: Problèmes arithmétiques et géométriques rattachés à la notion de rang d’une courbe algébrique dans un corps. Bull. Soc. Math. France 80, 101–166 (1952)MathSciNetzbMATHGoogle Scholar
  23. 23.
    Ooe, T., Top, J.: On the Mordell–Weil rank of an abelian variety over a number field. J. Pure Appl. Algebra 58(3), 261–265 (1989)MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Rosen, M., Silverman, J.H.: On the independence of Heegner points associated to distinct quadratic imaginary fields. Journal of Number Theory 127, 10–36 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Rosing, M.: Implementing Elliptic Curve Cryptography. Manning Publications (1998)Google Scholar
  26. 26.
    Satoh, T., Araki, K.: Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves. Commentarii Math. Univ. St. Pauli 47, 81–92 (1998); Errata.  48, 211–213 (1999)MathSciNetzbMATHGoogle Scholar
  27. 27.
    Semaev, I.A.: Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curves in characteristic p. Math. Comp. 67, 353–356 (1998)MathSciNetCrossRefzbMATHGoogle Scholar
  28. 28.
    Serre, J.-P.: Abelian l-adic representations and elliptic curves. In: Research Notes in Mathematics, vol. 7. A K Peters Ltd, Wellesley (1998)Google Scholar
  29. 29.
    Serre, J.-P.: Propriétés galoisiennes des points d’ordre fini des courbes elliptiques. Invent. Math. 15, 259–331 (1972)MathSciNetCrossRefGoogle Scholar
  30. 30.
    Silverman, J.H.: The Arithemtic of Elliptic Curves. In: Graduate Texts in Mathematics, vol. 106. Springer, Heidelberg (1986)Google Scholar
  31. 31.
    Serre, J.-P.: Computing heights on elliptic curves. Math. Comp. 51, 339–358 (1988)MathSciNetCrossRefGoogle Scholar
  32. 32.
    Serre, J.-P.: Advanced Topics in the Arithemtic of Elliptic Curves. Graduate Texts in Mathematics, vol. 151. Springer, Heidelberg (1994)Google Scholar
  33. 33.
    Serre, J.-P.: Computing canonical heights with little (or no) factorization. Math. Comp. 66, 787–805 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  34. 34.
    Serre, J.-P.: The xedni calculus and the elliptic curve discrete logarithm problem. Designs, Codes and Cryptography 20, 5–40 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  35. 35.
    Silverman, J.H., Suzuki, J.: Elliptic curve discrete logarithms and the index calculus. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 110–125. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  36. 36.
    Smart, N.P.: The discrete logarithm problem on elliptic curves of trace one. J. Cryptology 12, 193–196 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  37. 37.
    Stinson, D.: Cryptography: Theory and Practice. CRC Press, Boca Raton (1997)zbMATHGoogle Scholar
  38. 38.
    Taylor, R., Wiles, A.: Ring-theoretic properties of certain Hecke algebras. Ann. of Math. 141, 553–572 (1995)MathSciNetCrossRefzbMATHGoogle Scholar
  39. 39.
    Wiles, A.: Modular elliptic curves and Fermat’s last theorem. Ann. of Math. 141, 443–551 (1995)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Joseph H. Silverman
    • 1
  1. 1.Mathematics DepartmentBrown UniversityProvidenceUSA

Personalised recommendations