Abstract
Solving the elliptic curve discrete logarithm problem (ECDLP) by using Gröbner basis has recently appeared as a new threat to the security of elliptic curve cryptography and pairing-based cryptosystems. At Eurocrypt 2012, Faugère, Perret, Petit and Renault proposed a new method using a multivariable polynomial system to solve ECDLP over finite fields of characteristic 2. At Asiacrypt 2012, Petit and Quisquater showed that this method may beat generic algorithms for extension degrees larger than about 2000.
In this paper, we propose a variant of Faugère et al.’s attack that practically reduces the computation time and memory required. Our variant is based on the idea of symmetrization. This idea already provided practical improvements in several previous works for composite-degree extension fields, but its application to prime-degree extension fields has been more challenging. To exploit symmetries in an efficient way in that case, we specialize the definition of factor basis used in Faugère et al.’s attack to replace the original polynomial system by a new and simpler one. We provide theoretical and experimental evidence that our method is faster and requires less memory than Faugère et al.’s method when the extension degree is large enough.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
National Security Agency: The case for elliptic curve cryptography (January 2009), http://www.nsa.gov/business/programs/elliptic_curve.shtml
Shanks, D.: Class number, A theory of factorization, and genera. In: 1969 Number Theory Institute (Proc. Sympos. Pure Math., vol. XX, State Univ. New York, Stony Brook, N.Y., 1969), Providence, R.I., pp. 415–440 (1971)
Pollard, J.M.: A Monte Carlo method for factorization. BIT Numerical Mathematics 15(3), 331–334 (1975)
Brent, R.P.: An improved Monte Carlo factorization algorithm. BIT Numerical Mathematics 20, 176–184 (1980)
Pollard, J.M.: Kangaroos, monopoly and discrete logarithms. Journal of Cryptology 13, 437–447 (2000)
Diem, C.: An index calculus algorithm for plane curves of small degree. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 543–557. Springer, Heidelberg (2006)
Gaudry, P.: Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem. Journal of Symbolic Computation 44(12), 1690–1702 (2009)
Diem, C.: On the discrete logarithm problem in elliptic curves. Compositio Mathematica 147, 75–104 (2011)
Faugère, J.-C., Perret, L., Petit, C., Renault, G.: Improving the complexity of index calculus algorithms in elliptic curves over binary fields. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 27–44. Springer, Heidelberg (2012)
Petit, C., Quisquater, J.-J.: On polynomial systems arising from a Weil descent. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 451–466. Springer, Heidelberg (2012)
Joux, A., Vitse, V.: Elliptic curve discrete logarithm problem over small degree extension fields. Journal of Cryptology, 1–25 (2011)
Faugère, J.C., Gaudry, P., Huot, L., Renault, G.: Using symmetries in the index calculus for elliptic curves discrete logarithm. IACR Cryptology ePrint Archive 2012, 199 (2012)
Semaev, I.: Summation polynomials and the discrete logarithm problem on elliptic curves. IACR Cryptology ePrint Archive 2004, 31 (2004)
Faugère, J.C.: A new efficient algorithm for computing Gröbner bases (F4). Journal of Pure and Applied Algebra 139(1-3), 61–88 (1999)
Faugère, J.C.: A new efficient algorithm for computing Gröbner bases without reduction to zero (F5). In: Proceedings of the 2002 International Symposium on Symbolic and Algebraic Computation, ISSAC 2002, pp. 75–83. ACM, New York (2002)
Faugère, J., Gianni, P., Lazard, D., Mora, T.: Efficient computation of zero-dimensional Gröbner bases by change of ordering. Journal of Symbolic Computation 16(4), 329–344 (1993)
Joux, A., Vitse, V.: Cover and decomposition index calculus on elliptic curves made practical - application to a previously unreachable curve over \(\mathbb{F}_{p^6}\). In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 9–26. Springer, Heidelberg (2012)
Joux, A., Vitse, V.: A variant of the F4 algorithm. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 356–375. Springer, Heidelberg (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Huang, YJ., Petit, C., Shinohara, N., Takagi, T. (2013). Improvement of Faugère et al.’s Method to Solve ECDLP. In: Sakiyama, K., Terada, M. (eds) Advances in Information and Computer Security. IWSEC 2013. Lecture Notes in Computer Science, vol 8231. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41383-4_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-41383-4_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41382-7
Online ISBN: 978-3-642-41383-4
eBook Packages: Computer ScienceComputer Science (R0)