Analysis of the Xedni Calculus Attack

AbstractThe xedni calculus attack on the elliptic curve discrete logarithm problem (ECDLP) involves lifting points from the finite field $${\mathbb{F}}_p$$ to the rational numbers $${\mathbb{Q}}$$ and then constructing an elliptic curve over $${\mathbb{Q}}$$ that passes through them. If the lifted points are linearly dependent, then the ECDLP is solved. Our purpose is to analyze the practicality of this algorithm. We find that asymptotically the algorithm is virtually certain to fail, because of an absolute bound on the size of the coefficients of a relation satisfied by the lifted points. Moreover, even for smaller values of p experiments show that the odds against finding a suitable lifting are prohibitively high.

[1]  Neal Koblitz,et al.  Algebraic aspects of cryptography , 1998, Algorithms and computation in mathematics.

[2]  Karl Rubin,et al.  Elliptic curves with complex multiplication and the conjecture of Birch and Swinnerton-Dyer , 1981 .

[3]  René Schoof,et al.  Nonsingular plane cubic curves over finite fields , 1987, J. Comb. Theory A.

[4]  J. Cassels,et al.  Diophantine Equations with Special Reference To Elliptic Curves , 1966 .

[5]  A. Neron,et al.  Quasi-fonctions et Hauteurs sur les Varietes Abeliennes , 1965 .

[6]  Joseph H. Silverman,et al.  The Xedni Calculus and the Elliptic Curve Discrete Logarithm Problem , 2000, Des. Codes Cryptogr..

[7]  Joseph H. Silverman,et al.  Computing heights on elliptic curves , 1988 .

[8]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[9]  J. Silverman Advanced Topics in the Arithmetic of Elliptic Curves , 1994 .

[10]  L. G. Lidia,et al.  A library for computational number theory , 1997 .

[11]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[12]  Johannes Buchmann,et al.  LiDIA : a library for computational number theory , 1995 .

[13]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[14]  A. Wiles,et al.  The Birch and Swinnerton-Dyer Conjecture , 2000 .

[15]  Alfred Menezes,et al.  Elliptic curve public key cryptosystems , 1993, The Kluwer international series in engineering and computer science.

[16]  Jean-François Mestre,et al.  Formules explicites et minoration de conducteurs de vari'et'es alg'ebriques , 1986 .

[17]  Barry Mazur,et al.  Modular curves and the eisenstein ideal , 1977 .

[18]  Joseph H. Silverman,et al.  Computing canonical heights with little (or no) factorization , 1997, Math. Comput..

[19]  S. Lang,et al.  Elliptic Curves: Diophantine Analysis , 1978 .

[20]  Joseph H. Silverman,et al.  Lower bound for the canonical height on elliptic curves , 1981 .

[21]  Joseph H. Silverman,et al.  The canonical height and integral points on elliptic curves , 1988 .

[22]  Joseph H. Silverman,et al.  Divisibility of the Specialization Map for Families of Elliptic Curves , 1985 .

[23]  George Havas,et al.  Extended GCD and Hermite Normal Form Algorithms via Lattice Basis Reduction , 1998, Exp. Math..

[24]  A. Wiles,et al.  Ring-Theoretic Properties of Certain Hecke Algebras , 1995 .

[25]  D. W. Masser Specializations of finitely generated subgroups of abelian varieties , 1989 .

[26]  Kenneth A. Ribet,et al.  On modular representations of $$(\bar Q/Q)$$ arising from modular forms , 1990 .

[27]  André Néron,et al.  Problèmes arithmétique et géométriques rattachés à la notion de rang d'une courbe algébrique dans un corps , 1952 .

[28]  Joe Suzuki,et al.  Elliptic Curve Discrete Logarithms and the Index Calculus , 1998, ASIACRYPT.

[29]  H. Swinnerton-Dyer,et al.  Ellitpic curves and modular functions , 1975 .

[30]  G. de B. Robinson,et al.  Modular Representations of Sn , 1964, Canadian Journal of Mathematics.

[31]  A. Wiles Modular Elliptic Curves and Fermat′s Last Theorem(抜粋) (フェルマ-予想がついに解けた!?) , 1995 .