Let E be an elliptic curve defined over a finite field 
, and let 
be a point of order n. Given \(Q \in \langle P \rangle\), the elliptic curve discrete logarithm problem (ECDLP) is to find the integer l, \(0 \leq l \leq n-1\), such that \(Q=lP\).
The ECDLP is a special case of the discrete logarithm problem in which the cyclic group G is represented by the group \(\langle P \rangle\) of points on an elliptic curve. It is of cryptographic interest because its apparent intractability is the basis for the security of elliptic curve cryptography.
If the order n of the base point P is composite and its factorization is known, then the Pohlig-Hellman algorithm [14] (see the discrete logarithm problem entry) can be used to efficiently reduce the ECDLP in \(\langle P \rangle\) to instances of the ECDLP in proper subgroups of 〈P〉. Thus, the difficulty of the original ECDLP instance depends on the size of the largest prime factor of n. In order to maximize resistance to the Pohlig-Hellman...
This is a preview of subscription content, log in via an institution to check access.
References
Adleman, L., J. DeMarrais, and M. Huang (1994). “A subexponential algorithm for discrete logarithms over the rational subgroup of the jacobians of large genus hyperelliptic curves over finite fields.” Algorithmic Number Theory—ANTS-I, Lecture Notes in Computer Science, vol. 877, eds. L. Adleman and M.-D. Huang. Springer-Verlag, Berlin, 28–40.
Frey, G. (2001). “Applications of arithmetical geometry to cryptographic constructions.” Proceedings of the Fifth International Conference on Finite Fields and Applications. Springer-Verlag, Berlin, 128–161.
Frey, G. and H. Rück (1994). “A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves.” Mathematics of Computation, 62, 865–874.
Gallant, R., R. Lambert, and S. Vanstone (2000). “Improving the parallelized Pollard lambda search on anomalous binary curves.” Mathematics of Computation, 69, 1699–1705.
Gaudry, P. (2000). “An algorithm for solving the discrete log problem in hyperelliptic curves.” Advances in Cryptology—EUROCRYPT 2000, Lecture Notes in Computer Science, vol. 1807, ed. B. Preneel. Springer-Verlag, Berlin, 19–34.
Gaudry, P., F. Hess, and N. Smart (2002). “Constructive and destructive facets of Weil descent on elliptic curves.” Journal of Cryptology, 15, 19–46.
Jacobson, M., N. Koblitz, J. Silverman, A. Stein, and E. Teske (2000). “Analysis of the xedni calculus attack.” Designs, Codes and Cryptography, 20, 41–64.
Jacobson, M., A. Menezes, and A. Stein (2001). “Solving elliptic curve discrete logarithm problems using Weil descent.” Journal of the Ramanujan Mathematical Society, 16, 231–260.
Maurer, M., A. Menezes, and E. Teske (2002). “Analysis of the GHS Weil descent attack on the ECDLP over characteristic two finite fields of composite degree.” LMS Journal of Computation and Mathematics, 5, 127–174.
Menezes, A., T. Okamoto, and S. Vanstone (1993). “Reducing elliptic curve logarithms to logarithms in a finite field.” IEEE Transactions on Information Theory, 39, 1639–1646.
Menezes A. and M. Qu (2001). “Analysis of the Weil descent attack of Gaudry, Hess and Smart.” Topics in Cryptology—CT-RSA 2001, Lecture Notes in Computer Science, vol. 2020, ed. D. Naccache. Springer-Verlag, Berlin, 308–318.
Menezes, A., E. Teske, and A. Weng (2004). “Weak fields for ECC.” Topics in Cryptology—CT-RSA 2004, Lecture Notes in Computer Science, vol. 2964, ed. T. Okamoto. Springer-Verlag, Berlin, 366–386.
Miller, V. (1986). “Use of elliptic curves in cryptography.” Advances in Cryptology—CRYPTO'85, Lecture Notes in Computer Science, vol. 218, ed. H.C. Williams. Springer-Verlag, Berlin, 417–426.
Pohlig, S. and M. Hellman (1978). “An improved algorithm for computing logarithms over GF(p) and its cryptographic significance.” IEEE Transactions on Information Theory, 24, 106–110.
Pollard, J. (1978). “Monte Carlo methods for index computation (mod p).” Mathematics of Computation, 32, 918–924.
Satoh, T. and K. Araki (1998). “Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves.” Commentarii Mathematici Universitatis Sancti Pauli, 47, 81–92.
Semaev, I. (1998). “Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p.” Mathematics of Computation, 67, 353–356.
Silverman, J. (2000). “The xedni calculus and the elliptic curve discrete logarithm problem.” Designs, Codes and Cryptography, 20, 5–40.
Silverman, J. and J. Suzuki (1998). “Elliptic curve discrete logarithms and the index calculus.” Advances in Cryptography—ASIACRYPT'98, Lecture Notes in Computer Science, vol. 1514, eds. K. Ohta and D. Pei. Springer-Verlag, Berlin, 110– 125.
Smart, N. (1999). “The discrete logarithm problem on elliptic curves of trace one.” Journal of Cryptology, 12, 193–196.
Teske, E. (1998). “Speeding up Pollard's rho method for computing discrete logarithms.” Algorithmic Number Theory—ANTS-III, Lecture Notes in Computer Science, vol. 1423, ed. J.P. Buhler. Springer-Verlag, Berlin, 541–554.
van Oorschot, P. and M. Wiener (1999). “Parallel collision search with cryptanalytic applications.” Journal of Cryptology, 12, 1–28.
Wiener, M. and R. Zuccherato (1999). “Faster attacks on elliptic curve cryptosystems.” Selected Areas in Cryptography—SAC'98, Lecture Notes in Computer Science, vol. 1556, eds. S. Tavares and H. Meijer. Springer-Verlag, Berlin, 190– 200.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this entry
Cite this entry
Hankerson, D., Menezes, A. (2005). Elliptic Curve Discrete Logarithm Problem. In: van Tilborg, H.C.A. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA . https://doi.org/10.1007/0-387-23483-7_132
Download citation
DOI: https://doi.org/10.1007/0-387-23483-7_132
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-23473-1
Online ISBN: 978-0-387-23483-0
eBook Packages: Computer ScienceReference Module Computer Science and Engineering