SAC 2008: Selected Areas in Cryptography pp 82-102

# Lifting and Elliptic Curve Discrete Logarithms

• Joseph H. Silverman
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5381)

## Abstract

The difficulty of the elliptic curve discrete logarithm problem (ECDLP) underlies the attractiveness of elliptic curves for use in cryptography. The index calculus is a lifting algorithm that solves the classical finite field discrete logarithm problem in subexponential time, but no such algorithm is known in general for elliptic curves. It turns out that there are four distinct lifting scenarios that one can use in attempting to solve the ECDLP; the lifting field may be a local field or a global field, and the lifted points may be torsion points or nontorsion points. These choices lead to four quite different ways to try to solve the ECDLP via lifting. None of these approaches has led to a solution to the ECDLP, but each method has its own reasons for failing to work. In this article I survey the four ways of lifting the ECDLP, explain their similarities and their differences, and describe the distinct roadblocks that arise in each case.

## Keywords

Elliptic Curve Elliptic Curf Discrete Logarithm Discrete Logarithm Problem Torsion Point
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

## References

1. 1.
Adleman, L.M., DeMarrais, J., Huang, M.-D.A.: A subexponential algorithm for discrete logarithms over hyperelliptic curves of large genus over GF ( q). Theoret. Comput. Sci. 226(1-2), 7–18 (1999)
2. 2.
Blake, I.F., Seroussi, G., Smart, N.P.: Elliptic Curves in Cryptography. Cambridge University Press, Cambridge (1999)
3. 3.
Breuil, C., Conrad, B., Diamond, F., Taylor, R.: On the modularity of elliptic curves over ℚ: wild 3-adic exercises. J. Amer. Math. Soc. 14, 843–939 (2001)
4. 4.
Cheng, Q., Huang, M.-D.: Partial lifting and the elliptic curve discrete logarithm problem. Algorithmica 46(1), 59–68 (2006)
5. 5.
Kim, H.J., Cheon, J.H., Hahn, S.G.: On remarks on lifting problems for elliptic curves. Adv. Stud. Contemp. Math (Pusan) 2, 21–36 (2000)
6. 6.
Cohen, H., Frey, G., Avanzi, R., Doche, C., Lange, T., Nguyen, K., Vercauteren, F.: Handbook of Elliptic and Hyperelliptic Curve Cryptography. Discrete Mathematics and Its Applications (Boca Raton). Chapman & Hall/CRC, Boca Raton (2006)
7. 7.
Deuring, M.: Die Typen der Multiplikatorenringe elliptischer Funktionenkörper. Abh. Math. Sem. Hansischen Univ. 14, 197–272 (1941)
8. 8.
Gross, B., Kohnen, W., Zagier, D.: Heegner points and derivatives of L-series. II. Math. Ann. 278, 497–562 (1987)
9. 9.
Gross, B.H., Zagier, D.B.: Heegner points and derivatives of L-series. Invent. Math. 84, 225–320 (1986)
10. 10.
Hindry, M., Silverman, J.H.: The canonical height and integral points on elliptic curves. Invent. Math. 93, 419–450 (1988)
11. 11.
Hoffstein, J., Pipher, J., Silverman, J.H.: An Introduction to Mathematical Cryptography, UTM. Springer, New York (2008)
12. 12.
Huang, M.-D., Kueh, K.L., Tan, K.-S.: Lifting elliptic curves and solving the elliptic curve discrete logarithm problem. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 377–384. Springer, Heidelberg (2000)
13. 13.
Jacobson, M.J., Koblitz, N., Silverman, J.H., Stein, A., Teske, E.: Analysis of the xedni calculus attack. Designs, Codes and Cryptography 20, 41–64 (2000)
14. 14.
Koblitz, N.: Elliptic curve cryptosystems. Mathematics of Computation 48, 203–209 (1987)
15. 15.
Lang, S.: Elliptic Curves: Diophantine Analysis. In: Grund. Math. Wiss., vol. 231. Springer, Berlin (1978)Google Scholar
16. 16.
Masser, D.: Specializations of finitely generated subgroups of abelian varieties. Trans. Amer. Math. Soc. 311, 413–424 (1989)
17. 17.
Mazur, B.: Modular curves and the Eisenstein ideal. Inst. Hautes Études Sci. Publ. Math 47, 33–186 (1977)
18. 18.
Merel, L.: Bornes pour la torsion des courbes elliptiques sur les corps de nombres. Invent. Math. 124, 437–449 (1996)
19. 19.
Mestre, J.-F.: Formules explicites et minoration de conducteurs de variétés algébriques. Compositio Math. 58, 209–232 (1986)
20. 20.
Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
21. 21.
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)
22. 22.
Néron, A.: Problèmes arithmétiques et géométriques rattachés à la notion de rang d’une courbe algébrique dans un corps. Bull. Soc. Math. France 80, 101–166 (1952)
23. 23.
Ooe, T., Top, J.: On the Mordell–Weil rank of an abelian variety over a number field. J. Pure Appl. Algebra 58(3), 261–265 (1989)
24. 24.
Rosen, M., Silverman, J.H.: On the independence of Heegner points associated to distinct quadratic imaginary fields. Journal of Number Theory 127, 10–36 (2007)
25. 25.
Rosing, M.: Implementing Elliptic Curve Cryptography. Manning Publications (1998)Google Scholar
26. 26.
Satoh, T., Araki, K.: Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves. Commentarii Math. Univ. St. Pauli 47, 81–92 (1998); Errata.  48, 211–213 (1999)
27. 27.
Semaev, I.A.: Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curves in characteristic p. Math. Comp. 67, 353–356 (1998)
28. 28.
Serre, J.-P.: Abelian l-adic representations and elliptic curves. In: Research Notes in Mathematics, vol. 7. A K Peters Ltd, Wellesley (1998)Google Scholar
29. 29.
Serre, J.-P.: Propriétés galoisiennes des points d’ordre fini des courbes elliptiques. Invent. Math. 15, 259–331 (1972)
30. 30.
Silverman, J.H.: The Arithemtic of Elliptic Curves. In: Graduate Texts in Mathematics, vol. 106. Springer, Heidelberg (1986)Google Scholar
31. 31.
Serre, J.-P.: Computing heights on elliptic curves. Math. Comp. 51, 339–358 (1988)
32. 32.
Serre, J.-P.: Advanced Topics in the Arithemtic of Elliptic Curves. Graduate Texts in Mathematics, vol. 151. Springer, Heidelberg (1994)Google Scholar
33. 33.
Serre, J.-P.: Computing canonical heights with little (or no) factorization. Math. Comp. 66, 787–805 (1997)
34. 34.
Serre, J.-P.: The xedni calculus and the elliptic curve discrete logarithm problem. Designs, Codes and Cryptography 20, 5–40 (2000)
35. 35.
Silverman, J.H., Suzuki, J.: Elliptic curve discrete logarithms and the index calculus. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 110–125. Springer, Heidelberg (1998)
36. 36.
Smart, N.P.: The discrete logarithm problem on elliptic curves of trace one. J. Cryptology 12, 193–196 (1999)
37. 37.
Stinson, D.: Cryptography: Theory and Practice. CRC Press, Boca Raton (1997)
38. 38.
Taylor, R., Wiles, A.: Ring-theoretic properties of certain Hecke algebras. Ann. of Math. 141, 553–572 (1995)
39. 39.
Wiles, A.: Modular elliptic curves and Fermat’s last theorem. Ann. of Math. 141, 443–551 (1995)