Abstract
In this paper we extend the Weil descent attack due to Gaudry, Hess and Smart (GHS) to a much larger class of elliptic curves. This extended attack applies to fields of composite degree over F 2. The principle behind the extended attack is to use isogenies to find an elliptic curve for which the GHS attack is effective. The discrete logarithm problem on the target curve can be transformed into a discrete logarithm problem on the isogenous curve.
A further contribution of the paper is to give an improvement to an algorithm of Galbraith for constructing isogenies between elliptic curves, and this is of independent interest in elliptic curve cryptography. We show that a larger proportion than previously thought of elliptic curves over F 2155 should be considered weak.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
IETF. The Oakley Key Determination Protocol. IETF RFC 2412, Nov 1998.
D.J. Bernstein. Bounds on Ψ (x, y). http://cr.yp.to/psibound.html.
I.F. Blake, G. Seroussi and N.P. Smart. Elliptic Curves in Cryptography. Cambridge University Press, 1999.
H. Cohen, A course in computational number theory. Springer GTM 138 1993.
J.-M. Couveignes. Computing l-isogenies using the p-torsion. Algorithmic Number Theory Symposium-ANTS II, Springer-Verlag LNCS 1122, 59–65, 1996.
G. Frey. How to disguise an elliptic curve. Talk at ECC’ 98, Waterloo.
G. Frey and H. Rück. A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Math. Comp., 62, 865–874, 1994.
S.D. Galbraith. Constructing isogenies between elliptic curves over finite fields. LMS J. Comput. Math., 2, 118–138, 1999.
S.D. Galbraith and N.P. Smart. A Cryptographic application of Weil descent. Codes and Cryptography, Springer-Verlag LNCS 1746, 191–200, 1999.
P. Gaudry, F. Hess and N.P. Smart. Constructive and destructive facets of Weil descent on elliptic curves. J. Cryptology, 15, 19–46, 2002.
M. Jacobson, A. Menezes and A. Stein. Solving elliptic curve discrete logarithm problems using Weil descent. J. Ramanujan Math. Soc., 16, No. 3, 231–260, 2001.
D. Kohel. Endormorphism rings of elliptic curves over finite fields. Phd Thesis, Berkeley, 1996.
R. Lercier. Computing isogenies in F 2 n. Algorithmic Number Theory Symposium-ANTS II, Springer-Verlag LNCS 1122, 197–212, 1996.
A. Menezes, T. Okamoto and S. Vanstone. Reducing elliptic curve logarithms to logarithms in finite fields. IEEE Trans. on Infor. Th., 39, 1639–1646, 1993.
A. Menezes and M. Qu. Analysis of the Weil descent attack of Gaudry, Hess and Smart. Topics in Cryptology-CT-RSA 2001, Springer-Verlag LNCS 2020, 308–318, 2001.
S. Pohlig and M. Hellman. An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Trans. on Infor. Th., 24, 106–110, 1978.
J. Pollard. Monte Carlo methods for index computations mod p. Math. Comp., 32, 918–924, 1978.
N.P. Smart. How secure are elliptic curves over composite extension fields? EUROCRYPT’ 01, Springer-Verlag LNCS 2045, 30–39, 2001.
J. Vélu. Isogénies entre courbes elliptiques. Comptes Rendus l’Acad. Sci. Paris, Ser. A, 273, 238–241 1971.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Galbraith, S.D., Hess, F., Smart, N.P. (2002). Extending the GHS Weil Descent Attack. In: Knudsen, L.R. (eds) Advances in Cryptology — EUROCRYPT 2002. EUROCRYPT 2002. Lecture Notes in Computer Science, vol 2332. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46035-7_3
Download citation
DOI: https://doi.org/10.1007/3-540-46035-7_3
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43553-2
Online ISBN: 978-3-540-46035-0
eBook Packages: Springer Book Archive