Using Symmetries in the Index Calculus for Elliptic Curves Discrete Logarithm

In 2004, an algorithm is introduced to solve the DLP for elliptic curves defined over a non-prime finite field $\mathbb{F}_{q^{n}}$. One of the main steps of this algorithm requires decomposing points of the curve $E(\mathbb{F}_{q^{n}})$ with respect to a factor base, this problem is denoted PDP. In this paper, we will apply this algorithm to the case of Edwards curves, the well-known family of elliptic curves that allow faster arithmetic as shown by Bernstein and Lange. More precisely, we show how to take advantage of some symmetries of twisted Edwards and twisted Jacobi intersections curves to gain an exponential factor 2ω(n−1) to solve the corresponding PDP where ω is the exponent in the complexity of multiplying two dense matrices. Practical experiments supporting the theoretical result are also given. For instance, the complexity of solving the ECDLP for twisted Edwards curves defined over $\mathbb{F}_{q^{5}}$, with q≈264, is supposed to be ∼ 2160 operations in $E(\mathbb{F}_{q^{5}})$ using generic algorithms compared to 2130 operations (multiplications of two 32-bits words) with our method. For these parameters the PDP is intractable with the original algorithm.The main tool to achieve these results relies on the use of the symmetries and the quasi-homogeneous structure induced by these symmetries during the polynomial system solving step. Also, we use a recent work on a new algorithm for the change of ordering of a Gröbner basis which provides a better heuristic complexity of the total solving process.

[1]  Claus Diem,et al.  An Index Calculus Algorithm for Plane Curves of Small Degree , 2006, ANTS.

[2]  Leonard M. Adleman,et al.  A Subexponential Algorithm for Discrete Logarithms over All Finite Fields , 1993, CRYPTO.

[3]  Antoine Joux,et al.  Elliptic Curve Discrete Logarithm Problem over Small Degree Extension Fields , 2011, Journal of Cryptology.

[4]  Emmanuel Thomé,et al.  Index Calculus in Class Groups of Non-hyperelliptic Curves of Genus Three , 2008, Journal of Cryptology.

[5]  Jean-Charles Faugère,et al.  FGb: A Library for Computing Gröbner Bases , 2010, ICMS.

[6]  Pierrick Gaudry,et al.  Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem , 2009, J. Symb. Comput..

[7]  J. Couveignes,et al.  Algebraic groups and discrete logarithm , 2001 .

[8]  J. Faugère,et al.  On the complexity of Gröbner basis computation of semi-regular overdetermined algebraic equations , 2004 .

[9]  Tanja Lange,et al.  Twisted Edwards Curves , 2008, AFRICACRYPT.

[10]  Luk Bettale,et al.  Hybrid approach for solving multivariate systems over finite fields , 2009, J. Math. Cryptol..

[11]  Pierrick Gaudry,et al.  An L ( 1 / 3 + ε ) Algorithm for the Discrete Logarithm Problem for Low Degree Curves , 2007 .

[12]  C. Chevalley Invariants of Finite Groups Generated by Reflections , 1955 .

[13]  Bernd Sturmfels,et al.  Algorithms in Invariant Theory (Texts and Monographs in Symbolic Computation) , 2008 .

[14]  Jean-Charles Faugère,et al.  Solving systems of polynomial equations with symmetries using SAGBI-Gröbner bases , 2009, ISSAC '09.

[15]  Koh-ichi Nagao Decomposition Attack for the Jacobian of a Hyperelliptic Curve over an Extension Field , 2010, ANTS.

[16]  임종인,et al.  Gröbner Bases와 응용 , 1995 .

[17]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[18]  Moni Naor,et al.  Theory and Applications of Models of Computation , 2015, Lecture Notes in Computer Science.

[19]  Daniel Lazard,et al.  Gröbner-Bases, Gaussian elimination and resolution of systems of algebraic equations , 1983, EUROCAL.

[20]  D. Chudnovsky,et al.  Sequences of numbers generated by addition in formal groups and new primality and factorization tests , 1986 .

[21]  C. Diem On the discrete logarithm problem in elliptic curves , 2010, Compositio Mathematica.

[22]  Chenqi Mou,et al.  Fast algorithm for change of ordering of zero-dimensional Gröbner bases with sparse multiplication matrices , 2011, ISSAC '11.

[23]  PalaiseauDeutschland Franceenge A General Framework for Subexponential Discrete Logarithm Algorithms , 2000 .

[24]  Joachim von zur Gathen,et al.  Modern Computer Algebra , 1998 .

[25]  G. Frey Applications of Arithmetical Geometry to Cryptographic Constructions , 2001 .

[26]  John J. Cannon,et al.  The Magma Algebra System I: The User Language , 1997, J. Symb. Comput..

[27]  Leonard M. Adleman,et al.  A subexponential algorithm for discrete logarithms over the rational subgroup of the jacobians of large genus hyperelliptic curves over finite fields , 1994, ANTS.

[28]  Leonard M. Adleman,et al.  Algorithmic Number Theory , 1994, Lecture Notes in Computer Science.

[29]  Jean-Charles Faugère,et al.  On the complexity of computing gröbner bases for quasi-homogeneous systems , 2013, ISSAC '13.

[30]  Neal Koblitz,et al.  Hyperelliptic cryptosystems , 1989, Journal of Cryptology.

[31]  H. Edwards A normal form for elliptic curves , 2007 .

[32]  Nicolas Thériault,et al.  Index Calculus Attack for Hyperelliptic Curves of Small Genus , 2003, ASIACRYPT.

[33]  Nicolas Thériault,et al.  A double large prime variation for small genus hyperelliptic index calculus , 2004, Math. Comput..

[34]  Reynald Lercier,et al.  Galois invariant smoothness basis , 2007 .

[35]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[36]  Jean-Charles Faugère,et al.  Efficient Computation of Zero-Dimensional Gröbner Bases by Change of Ordering , 1993, J. Symb. Comput..

[37]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[38]  R. Gregory Taylor,et al.  Modern computer algebra , 2002, SIGA.

[39]  Jean-Charles Faugère,et al.  Computing Gröbner bases for quasi-homogeneous systems , 2013, ArXiv.

[40]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[41]  Pierrick Gaudry,et al.  Fast change of ordering with exponent ω , 2013, ACCA.

[42]  J. Faugère A new efficient algorithm for computing Gröbner bases (F4) , 1999 .

[43]  G. C. Shephard,et al.  Finite Unitary Reflection Groups , 1954, Canadian Journal of Mathematics.

[44]  Serge Vaudenay,et al.  Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology , 2008 .

[45]  Igor A. Semaev Summation polynomials and the discrete logarithm problem on elliptic curves , 2004, IACR Cryptol. ePrint Arch..

[46]  David A. Cox,et al.  Ideals, Varieties, and Algorithms: An Introduction to Computational Algebraic Geometry and Commutative Algebra, 3/e (Undergraduate Texts in Mathematics) , 2007 .

[47]  Tanja Lange,et al.  Faster Addition and Doubling on Elliptic Curves , 2007, ASIACRYPT.

[48]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[49]  Arjeh M. Cohen,et al.  Some tapas of computer algebra , 1999, Algorithms and computation in mathematics.

[50]  Hongfeng Wu,et al.  Twisted Jacobi Intersections Curves , 2010, TAMC.

[51]  Douglas H. Wiedemann Solving sparse linear equations over finite fields , 1986, IEEE Trans. Inf. Theory.

[52]  Claus Diem On the discrete logarithm problem in class groups of curves , 2011, Math. Comput..

[53]  Dirk Fox,et al.  Digital Signature Standard (DSS) , 2001, Datenschutz und Datensicherheit.

[54]  Tibor Juhas The use of elliptic curves in cryptography , 2007 .

[55]  Jean Charles Faugère,et al.  A new efficient algorithm for computing Gröbner bases without reduction to zero (F5) , 2002, ISSAC '02.