Abstract
We present a new “cover and decomposition” attack on the elliptic curve discrete logarithm problem, that combines Weil descent and decomposition-based index calculus into a single discrete logarithm algorithm. This attack applies, at least theoretically, to all composite degree extension fields, and is particularly well-suited for curves defined over \(\mathbb{F}_{p^6}\). We give a real-size example of discrete logarithm computations on a curve over a 151-bit degree 6 extension field, which would not have been practically attackable using previously known algorithms.
This work was granted access to the HPC resources of CCRT under the allocation 2010-t201006445 made by GENCI (Grand Equipement National de Calcul Intensif).
Chapter PDF
Similar content being viewed by others
References
Adleman, L.M.: The Function Field Sieve. In: Huang, M.-D.A., Adleman, L.M. (eds.) ANTS 1994. LNCS, vol. 877, pp. 108–121. Springer, Heidelberg (1994)
Adleman, L.M., DeMarrais, J., Huang, M.-D.: A Subexponential Algorithm for Discrete Logarithms over the Rational Subgroup of the Jacobians of Large Genus Hyperelliptic Curves over Finite Fields. In: Huang, M.-D.A., Adleman, L.M. (eds.) ANTS 1994. LNCS, vol. 877, pp. 28–40. Springer, Heidelberg (1994)
Arita, S., Matsuo, K., Nagao, K.-I., Shimura, M.: A Weil descent attack against elliptic curve cryptosystems over quartic extension fields. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E89-A, 1246–1254 (2006)
Bailey, D.V., Paar, C.: Efficient arithmetic in finite field extensions with application in elliptic curve cryptography. J. Cryptology 14(3), 153–176 (2001)
Blake, I.F., Seroussi, G., Smart, N.P. (eds.): Advances in elliptic curve cryptography. London Mathematical Society Lecture Note Series, vol. 317. Cambridge University Press, Cambridge (2005)
Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system. I. The user language. J. Symbolic Comput. 24(3-4), 235–265 (1997)
Diem, C.: The GHS attack in odd characteristic. J. Ramanujan Math. Soc. 18(1), 1–32 (2003)
Diem, C.: An Index Calculus Algorithm for Plane Curves of Small Degree. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 543–557. Springer, Heidelberg (2006)
Diem, C.: On the discrete logarithm problem in elliptic curves. Compos. Math. 147(1), 75–104 (2011)
Frey, G.: How to disguise an elliptic curve (Weil descent). Talk at the 2nd Elliptic Curve Cryptography Workshop (ECC) (1998)
Galbraith, S.D., Hess, F., Smart, N.P.: Extending the GHS Weil Descent Attack. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 29–44. Springer, Heidelberg (2002)
Gaudry, P.: An Algorithm for Solving the Discrete Log Problem on Hyperelliptic Curves. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 19–34. Springer, Heidelberg (2000)
Gaudry, P.: Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem. J. Symbolic Comput. 44(12), 1690–1702 (2008)
Gaudry, P., Hess, F., Smart, N.P.: Constructive and destructive facets of Weil descent on elliptic curves. J. Cryptology 15(1), 19–46 (2002)
Gaudry, P., Thomé, E., Thériault, N., Diem, C.: A double large prime variation for small genus hyperelliptic index calculus. Math. Comp. 76, 475–492 (2007)
Hess, F.: Generalising the GHS attack on the elliptic curve discrete logarithm problem. LMS J. Comput. Math. 7, 167–192 (2004) (electronic)
Hess, F.: Weil descent attacks. In: Advances in Elliptic Curve Cryptography. London Math. Soc. Lecture Note Ser, vol. 317, pp. 151–180. Cambridge Univ. Press, Cambridge (2005)
Joux, A., Vitse, V.: Elliptic curve discrete logarithm problem over small degree extension fields. J. Cryptology, 1–25 (2011), doi:10.1007/s00145-011-9116-z
Joux, A., Vitse, V.: A Variant of the F4 Algorithm. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 356–375. Springer, Heidelberg (2011)
Koblitz, N.: Elliptic curve cryptosystems. Math. Comp. 48(177), 203–209 (1987)
LaMacchia, B.A., Odlyzko, A.M.: Computation of discrete logarithms in prime fields. Des. Codes Cryptogr. 1(1), 47–62 (1991)
Lenstra, A.K., Lenstra Jr., H.W. (eds.): The development of the number field sieve. Lecture Notes in Math., vol. 1554. Springer, Berlin (1993)
Menezes, A., Teske, E., Weng, A.: Weak Fields for ECC. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 366–386. Springer, Heidelberg (2004)
Miller, V.S.: Use of Elliptic Curves in Cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)
Momose, F., Chao, J.: Scholten forms and elliptic/hyperelliptic curves with weak Weil restrictions. Cryptology ePrint Archive, Report 2005/277 (2005)
Nagao, K.-i.: Decomposition Attack for the Jacobian of a Hyperelliptic Curve over an Extension Field. In: Hanrot, G., Morain, F., Thomé, E. (eds.) ANTS-IX. LNCS, vol. 6197, pp. 285–300. Springer, Heidelberg (2010)
Nart, E., Ritzenthaler, C.: Genus 3 curves with many involutions and application to maximal curves in characteristic 2. In: Arithmetic, Geometry, Cryptography and Coding Theory 2009. Contemp. Math., vol. 521, pp. 71–85. Amer. Math. Soc., Providence (2010)
Pollard, J.M.: Monte Carlo methods for index computation \(({\rm mod}\ p)\). Math. Comp. 32(143), 918–924 (1978)
Scholten, J.: Weil restriction of an elliptic curve over a quadratic extension, http://homes.esat.kuleuven.be/~jscholte/weilres.pdf
Semaev, I.A.: Summation polynomials and the discrete logarithm problem on elliptic curves. Cryptology ePrint Archive, Report 2004/031 (2004)
Shoup, V.: Lower Bounds for Discrete Logarithms and Related Problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)
Thériault, N.: Weil descent attack for Kummer extensions. J. Ramanujan Math. Soc. 18(3), 281–312 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 International Association for Cryptologic Research
About this paper
Cite this paper
Joux, A., Vitse, V. (2012). Cover and Decomposition Index Calculus on Elliptic Curves Made Practical. In: Pointcheval, D., Johansson, T. (eds) Advances in Cryptology – EUROCRYPT 2012. EUROCRYPT 2012. Lecture Notes in Computer Science, vol 7237. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29011-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-29011-4_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29010-7
Online ISBN: 978-3-642-29011-4
eBook Packages: Computer ScienceComputer Science (R0)