Lifting and Elliptic Curve Discrete Logarithms

  • Joseph H. Silverman
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5381)

Abstract

The difficulty of the elliptic curve discrete logarithm problem (ECDLP) underlies the attractiveness of elliptic curves for use in cryptography. The index calculus is a lifting algorithm that solves the classical finite field discrete logarithm problem in subexponential time, but no such algorithm is known in general for elliptic curves. It turns out that there are four distinct lifting scenarios that one can use in attempting to solve the ECDLP; the lifting field may be a local field or a global field, and the lifted points may be torsion points or nontorsion points. These choices lead to four quite different ways to try to solve the ECDLP via lifting. None of these approaches has led to a solution to the ECDLP, but each method has its own reasons for failing to work. In this article I survey the four ways of lifting the ECDLP, explain their similarities and their differences, and describe the distinct roadblocks that arise in each case.

References

  1. 1.
    Adleman, L.M., DeMarrais, J., Huang, M.-D.A.: A subexponential algorithm for discrete logarithms over hyperelliptic curves of large genus over GF ( q). Theoret. Comput. Sci. 226(1-2), 7–18 (1999)MathSciNetCrossRefMATHGoogle Scholar
  2. 2.
    Blake, I.F., Seroussi, G., Smart, N.P.: Elliptic Curves in Cryptography. Cambridge University Press, Cambridge (1999)CrossRefMATHGoogle Scholar
  3. 3.
    Breuil, C., Conrad, B., Diamond, F., Taylor, R.: On the modularity of elliptic curves over ℚ: wild 3-adic exercises. J. Amer. Math. Soc. 14, 843–939 (2001)MathSciNetCrossRefMATHGoogle Scholar
  4. 4.
    Cheng, Q., Huang, M.-D.: Partial lifting and the elliptic curve discrete logarithm problem. Algorithmica 46(1), 59–68 (2006)MathSciNetCrossRefMATHGoogle Scholar
  5. 5.
    Kim, H.J., Cheon, J.H., Hahn, S.G.: On remarks on lifting problems for elliptic curves. Adv. Stud. Contemp. Math (Pusan) 2, 21–36 (2000)MathSciNetMATHGoogle Scholar
  6. 6.
    Cohen, H., Frey, G., Avanzi, R., Doche, C., Lange, T., Nguyen, K., Vercauteren, F.: Handbook of Elliptic and Hyperelliptic Curve Cryptography. Discrete Mathematics and Its Applications (Boca Raton). Chapman & Hall/CRC, Boca Raton (2006)MATHGoogle Scholar
  7. 7.
    Deuring, M.: Die Typen der Multiplikatorenringe elliptischer Funktionenkörper. Abh. Math. Sem. Hansischen Univ. 14, 197–272 (1941)MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    Gross, B., Kohnen, W., Zagier, D.: Heegner points and derivatives of L-series. II. Math. Ann. 278, 497–562 (1987)MathSciNetCrossRefMATHGoogle Scholar
  9. 9.
    Gross, B.H., Zagier, D.B.: Heegner points and derivatives of L-series. Invent. Math. 84, 225–320 (1986)MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Hindry, M., Silverman, J.H.: The canonical height and integral points on elliptic curves. Invent. Math. 93, 419–450 (1988)MathSciNetCrossRefMATHGoogle Scholar
  11. 11.
    Hoffstein, J., Pipher, J., Silverman, J.H.: An Introduction to Mathematical Cryptography, UTM. Springer, New York (2008)MATHGoogle Scholar
  12. 12.
    Huang, M.-D., Kueh, K.L., Tan, K.-S.: Lifting elliptic curves and solving the elliptic curve discrete logarithm problem. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 377–384. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. 13.
    Jacobson, M.J., Koblitz, N., Silverman, J.H., Stein, A., Teske, E.: Analysis of the xedni calculus attack. Designs, Codes and Cryptography 20, 41–64 (2000)MathSciNetCrossRefMATHGoogle Scholar
  14. 14.
    Koblitz, N.: Elliptic curve cryptosystems. Mathematics of Computation 48, 203–209 (1987)MathSciNetCrossRefMATHGoogle Scholar
  15. 15.
    Lang, S.: Elliptic Curves: Diophantine Analysis. In: Grund. Math. Wiss., vol. 231. Springer, Berlin (1978)Google Scholar
  16. 16.
    Masser, D.: Specializations of finitely generated subgroups of abelian varieties. Trans. Amer. Math. Soc. 311, 413–424 (1989)MathSciNetCrossRefMATHGoogle Scholar
  17. 17.
    Mazur, B.: Modular curves and the Eisenstein ideal. Inst. Hautes Études Sci. Publ. Math 47, 33–186 (1977)MathSciNetCrossRefMATHGoogle Scholar
  18. 18.
    Merel, L.: Bornes pour la torsion des courbes elliptiques sur les corps de nombres. Invent. Math. 124, 437–449 (1996)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Mestre, J.-F.: Formules explicites et minoration de conducteurs de variétés algébriques. Compositio Math. 58, 209–232 (1986)MathSciNetGoogle Scholar
  20. 20.
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
  21. 21.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)CrossRefMATHGoogle Scholar
  22. 22.
    Néron, A.: Problèmes arithmétiques et géométriques rattachés à la notion de rang d’une courbe algébrique dans un corps. Bull. Soc. Math. France 80, 101–166 (1952)MathSciNetMATHGoogle Scholar
  23. 23.
    Ooe, T., Top, J.: On the Mordell–Weil rank of an abelian variety over a number field. J. Pure Appl. Algebra 58(3), 261–265 (1989)MathSciNetCrossRefMATHGoogle Scholar
  24. 24.
    Rosen, M., Silverman, J.H.: On the independence of Heegner points associated to distinct quadratic imaginary fields. Journal of Number Theory 127, 10–36 (2007)MathSciNetCrossRefMATHGoogle Scholar
  25. 25.
    Rosing, M.: Implementing Elliptic Curve Cryptography. Manning Publications (1998)Google Scholar
  26. 26.
    Satoh, T., Araki, K.: Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves. Commentarii Math. Univ. St. Pauli 47, 81–92 (1998); Errata.  48, 211–213 (1999)MathSciNetMATHGoogle Scholar
  27. 27.
    Semaev, I.A.: Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curves in characteristic p. Math. Comp. 67, 353–356 (1998)MathSciNetCrossRefMATHGoogle Scholar
  28. 28.
    Serre, J.-P.: Abelian l-adic representations and elliptic curves. In: Research Notes in Mathematics, vol. 7. A K Peters Ltd, Wellesley (1998)Google Scholar
  29. 29.
    Serre, J.-P.: Propriétés galoisiennes des points d’ordre fini des courbes elliptiques. Invent. Math. 15, 259–331 (1972)MathSciNetCrossRefGoogle Scholar
  30. 30.
    Silverman, J.H.: The Arithemtic of Elliptic Curves. In: Graduate Texts in Mathematics, vol. 106. Springer, Heidelberg (1986)Google Scholar
  31. 31.
    Serre, J.-P.: Computing heights on elliptic curves. Math. Comp. 51, 339–358 (1988)MathSciNetCrossRefGoogle Scholar
  32. 32.
    Serre, J.-P.: Advanced Topics in the Arithemtic of Elliptic Curves. Graduate Texts in Mathematics, vol. 151. Springer, Heidelberg (1994)Google Scholar
  33. 33.
    Serre, J.-P.: Computing canonical heights with little (or no) factorization. Math. Comp. 66, 787–805 (1997)MathSciNetCrossRefMATHGoogle Scholar
  34. 34.
    Serre, J.-P.: The xedni calculus and the elliptic curve discrete logarithm problem. Designs, Codes and Cryptography 20, 5–40 (2000)MathSciNetCrossRefMATHGoogle Scholar
  35. 35.
    Silverman, J.H., Suzuki, J.: Elliptic curve discrete logarithms and the index calculus. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 110–125. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  36. 36.
    Smart, N.P.: The discrete logarithm problem on elliptic curves of trace one. J. Cryptology 12, 193–196 (1999)MathSciNetCrossRefMATHGoogle Scholar
  37. 37.
    Stinson, D.: Cryptography: Theory and Practice. CRC Press, Boca Raton (1997)MATHGoogle Scholar
  38. 38.
    Taylor, R., Wiles, A.: Ring-theoretic properties of certain Hecke algebras. Ann. of Math. 141, 553–572 (1995)MathSciNetCrossRefMATHGoogle Scholar
  39. 39.
    Wiles, A.: Modular elliptic curves and Fermat’s last theorem. Ann. of Math. 141, 443–551 (1995)MathSciNetCrossRefMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Joseph H. Silverman
    • 1
  1. 1.Mathematics DepartmentBrown UniversityProvidenceUSA

Personalised recommendations