A Weil Descent Attack against Elliptic Curve Cryptosystems over Quartic Extension Fields

This paper proposes a Weil descent attack against elliptic curve cryptosystems over quartic extension fields. The scenario of the attack is as follows: First, one reduces a DLP on a Weierstrass form over the quartic extention of a finite field k to a DLP on a special form, called Scholten form, over the same field. Second, one reduces the DLP on the Scholten form to a DLP on a genus two hyperelliptic curve over the quadratic extension of k. Then, one reduces the DLP on the hyperelliptic curve to one on a Cab model over k. Finally, one obtains the discrete-log of original DLP by applying the Gaudry method to the DLP on the Cab model. In order to carry out the scenario, this paper shows that many of elliptic curve discrete-log problems over quartic extension fields of odd characteristics are reduced to genus two hyperelliptic curve discrete-log problems over quadratic extension fields, and that almost all of the genus two hyperelliptic curve discrete-log problems over quadratic extension fields of odd characteristics come under Weil descent attack. This means that many of elliptic curve cryptosystems over quartic extension fields of odd characteristics can be attacked uniformly.

[1]  C. Diem The GHS-attack in odd characteristic , 2003 .

[2]  Takakazu Satoh,et al.  Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves , 1998 .

[3]  N. Thériault Weil descent attack for Kummer extensions , 2003 .

[4]  有田 正剛 A Weil Descent Attack against Elliptic Curve Cryptosystems over Quartic Extension Fields (符号と暗号の代数的数理研究集会報告集) , 2005 .

[5]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1993, IEEE Trans. Inf. Theory.

[6]  Igor A. Semaev,et al.  Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p , 1998, Math. Comput..

[7]  Steven D. Galbraith,et al.  A Cryptographic Application of Weil Descent , 1999, IMACC.

[8]  J. Scholten,et al.  WEIL RESTRICTION OF AN ELLIPTIC CURVE OVER , 2003 .

[9]  Nigel P. Smart,et al.  The Discrete Logarithm Problem on Elliptic Curves of Trace One , 1999, Journal of Cryptology.

[10]  Nigel P. Smart,et al.  Constructive and destructive facets of Weil descent on elliptic curves , 2002, Journal of Cryptology.

[11]  Claus Diem,et al.  Index Calculus in Class Groups of Plane Curves of Small Degree , 2005, IACR Cryptol. ePrint Arch..

[12]  Gerhard Frey,et al.  Curves of genus 2 covering elliptic curves and an arithmetical application , 1991 .

[13]  G. Frey,et al.  A remark concerning m -divisibility and the discrete logarithm in the divisor class group of curves , 1994 .

[14]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[15]  Steven D. Galbraith Weil Descent of Jacobians , 2003, Discret. Appl. Math..

[16]  Koh-ichi Nagao,et al.  Improvement of ThéLeriault Algorithm of Index Calculus for Jacobian of Hyperelliptic Curves of Small Genus , 2004, IACR Cryptol. ePrint Arch..

[17]  Nicolas Thériault,et al.  A double large prime variation for small genus hyperelliptic index calculus , 2004, Math. Comput..

[18]  Seigo Arita Gaudry's Variant against Cab Curves , 2000, Public Key Cryptography.

[19]  Seigo Arita,et al.  Weil Descent of Elliptic Curves over Finite Fields of Characteristic Three , 2000, ASIACRYPT.

[20]  Steven D. Galbraith,et al.  Extending the GHS Weil Descent Attack , 2002, EUROCRYPT.

[21]  Seigo Arita,et al.  An addition algorithm in Jacobian of Cab curves , 2003, Discret. Appl. Math..

[22]  Pierrick Gaudry,et al.  An Algorithm for Solving the Discrete Log Problem on Hyperelliptic Curves , 2000, EUROCRYPT.

[23]  Nicolas Thériault,et al.  Index Calculus Attack for Hyperelliptic Curves of Small Genus , 2003, ASIACRYPT.