Abstract
Decomposition-based index calculus methods are currently efficient only for elliptic curves E defined over non-prime finite fields of very small extension degree n. This corresponds to the fact that the Semaev summation polynomials, which encode the relation search (or “sieving”), grow over-exponentially with n. Actually, even their computation is a first stumbling block and the largest Semaev polynomial ever computed is the 6-th. Following ideas from Faugère, Gaudry, Huot and Renault, our goal is to use the existence of small order torsion points on E to define new summation polynomials whose symmetrized expressions are much more compact and easier to compute. This setting allows to consider smaller factor bases, and the high sparsity of the new summation polynomials provides a very efficient decomposition step. In this paper the focus is on 2-torsion points, as it is the most important case in practice. We obtain records of two kinds: we successfully compute up to the 8-th symmetrized summation polynomial and give new timings for the computation of relations with degree 5 extension fields.
Keywords
- ECDLP
- elliptic curves
- decomposition method
- index calculus
- Semaev polynomials
- multivariate polynomial systems
- invariant theory
This work has been partially supported by the LabExPERSYVAL-Lab(ANR-11-LABX-0025) and the HPAC grant of the French National Research Agency (HPAC ANR-11-BS02-013).
Download conference paper PDF
References
Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system. I. The user language. J. Symbolic Comput. 24(3-4), 235–265 (1997); Computational algebra and number theory, London (1993)
Diem, C.: On the discrete logarithm problem in elliptic curves. Compos. Math. 147(1), 75–104 (2011)
Faugère, J.-C.: FGb: A Library for Computing Gröbner Bases. In: Fukuda, K., van der Hoeven, J., Joswig, M., Takayama, N. (eds.) ICMS 2010. LNCS, vol. 6327, pp. 84–87. Springer, Heidelberg (2010)
Faugère, J.-C., Gaudry, P., Huot, L., Renault, G.: Using symmetries in the index calculus for elliptic curves discrete logarithm. J. Cryptology, 1–41 (2013), doi:10.1007/s00145-013-9158-5.
Faugère, J.-C., Gianni, P., Lazard, D., Mora, T.: Efficient computation of zero-dimensional Gröbner bases by change of ordering. J. Symbolic Comput. 16(4), 329–344 (1993)
Gaudry, P.: Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem. J. Symbolic Comput. 44(12), 1690–1702 (2008)
Gaudry, P., Hess, F., Smart, N.P.: Constructive and destructive facets of Weil descent on elliptic curves. J. Cryptology 15(1), 19–46 (2002)
Granger, R., Joux, A., Vitse, V.: New timings for oracle-assisted SDHP on the IPSEC Oakley ’Well Known Group’ 3 curve. Announcement on the NBRTHRY Mailing List (July 2010), http://listserv.nodak.edu/archives/nmbrthry.html
IETF. The Oakley key determination protocol. IETF RFC 2412 (1998)
Joux, A., Vitse, V.: Cover and Decomposition Index Calculus on Elliptic Curves made practical: Application to a seemingly secure curve over \(\mathbb{F}_{p^6}\). In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 9–26. Springer, Heidelberg (2012)
Joux, A., Vitse, V.: Elliptic curve discrete logarithm problem over small degree extension fields. J. Cryptology 26(1), 119–143 (2013)
Koblitz, N., Menezes, A.: Another look at non-standard discrete log and Diffie-Hellman problems. J. Math. Cryptol. 2(4), 311–326 (2008)
Semaev, I.A.: Summation polynomials and the discrete logarithm problem on elliptic curves. Cryptology ePrint Archive, Report 2004/031 (2004)
Serre, J.-P.: Propriétés galoisiennes des points d’ordre fini des courbes elliptiques. Invent. Math. 15(4), 259–331 (1972)
Zippel, R.: Interpolating polynomials from their values. Journal of Symbolic Computation 9(3), 375–403 (1990)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 International Association for Cryptologic Research
About this paper
Cite this paper
Faugère, JC., Huot, L., Joux, A., Renault, G., Vitse, V. (2014). Symmetrized Summation Polynomials: Using Small Order Torsion Points to Speed Up Elliptic Curve Index Calculus. In: Nguyen, P.Q., Oswald, E. (eds) Advances in Cryptology – EUROCRYPT 2014. EUROCRYPT 2014. Lecture Notes in Computer Science, vol 8441. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-55220-5_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-55220-5_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-55219-9
Online ISBN: 978-3-642-55220-5
eBook Packages: Computer ScienceComputer Science (R0)