Generalising the GHS attack on the elliptic curve discrete logarithm

We generalise the Weil descent construction of the GHS attack on the elliptic curve discrete logarithm problem (ECDLP) to arbitrary Artin-Schreier extensions. We give a formula for the characteristic polynomial of Frobenius of the obtained curves and prove that the large cyclic factor of the input elliptic curve is not contained in the kernel of the composition of the conorm and norm maps. As an application we considerably increase the number of elliptic curves which succumb to the basic GHS attack, thereby weakening curves over F2155 further. We also discuss other possible extensions or variations of the GHS attack and conclude that they are not likely to yield further improvements.

[1]  Hilarie K. Orman,et al.  The OAKLEY Key Determination Protocol , 1997, RFC.

[2]  Alfred Menezes,et al.  Analysis of the GHS Weil Descent Attack on the ECDLP over Characteristic Two Finite Fields of Composite Degree , 2001, INDOCRYPT.

[3]  Nicolas Thériault,et al.  Weil Descent Attack for Artin-Schreier Curves , 2003 .

[4]  Steven D. Galbraith,et al.  A Cryptographic Application of Weil Descent , 1999, IMACC.

[5]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[6]  Alfred Menezes,et al.  Solving Elliptic Curve Discrete Logarithm Problems Using Weil Descent , 2001, IACR Cryptol. ePrint Arch..

[7]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[8]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[9]  Steven D. Galbraith,et al.  Extending the GHS Weil Descent Attack , 2002, EUROCRYPT.

[10]  G. Frey,et al.  A remark concerning m -divisibility and the discrete logarithm in the divisor class group of curves , 1994 .

[11]  H. Stichtenoth,et al.  Elementary Abelianp-extensions of algebraic function fields , 1991 .

[12]  Florian Hess,et al.  Computing Riemann-Roch Spaces in Algebraic Function Fields and Related Topics , 2002, J. Symb. Comput..

[13]  J. Tyrrell,et al.  ALGEBRAIC NUMBER THEORY , 1969 .

[14]  Nigel P. Smart,et al.  Constructive and destructive facets of Weil descent on elliptic curves , 2002, Journal of Cryptology.

[15]  Seigo Arita,et al.  Weil Descent of Elliptic Curves over Finite Fields of Characteristic Three , 2000, ASIACRYPT.

[16]  C. Diem The GHS-attack in odd characteristic , 2003 .

[17]  Jean-Jacques Quisquater,et al.  A Secure Family of Composite Finite Fields Suitable for Fast Implementation of Elliptic Curve Cryptography , 2001, INDOCRYPT.

[18]  Editors , 1986, Brain Research Bulletin.

[19]  Alfred Menezes,et al.  Analysis of the Weil Descent Attack of Gaudry, Hess and Smart , 2001, CT-RSA.

[20]  Nigel P. Smart,et al.  How Secure Are Elliptic Curves over Composite Extension Fields? , 2001, EUROCRYPT.

[21]  Henning Stichtenoth,et al.  Algebraic function fields and codes , 1993, Universitext.

[22]  Steven D. Galbraith,et al.  Weil Descent of Jacobians , 2001, Discret. Appl. Math..