Lifting and Elliptic Curve Discrete Logarithms

The difficulty of the elliptic curve discrete logarithm problem (ECDLP) underlies the attractiveness of elliptic curves for use in cryptography. The index calculus is a lifting algorithm that solves the classical finite field discrete logarithm problem in subexponential time, but no such algorithm is known in general for elliptic curves. It turns out that there are four distinct lifting scenarios that one can use in attempting to solve the ECDLP; the lifting field may be a local field or a global field, and the lifted points may be torsion points or nontorsion points. These choices lead to four quite different ways to try to solve the ECDLP via lifting. None of these approaches has led to a solution to the ECDLP, but each method has its own reasons for failing to work. In this article I survey the four ways of lifting the ECDLP, explain their similarities and their differences, and describe the distinct roadblocks that arise in each case.

[1]  Loïc Merel,et al.  Bornes pour la torsion des courbes elliptiques sur les corps de nombres , 1996 .

[2]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[3]  Nigel P. Smart,et al.  Elliptic Curves in Cryptography: Preface , 1999 .

[4]  Jeffrey Shallit,et al.  Algorithmic Number Theory , 1996, Lecture Notes in Computer Science.

[5]  André Néron,et al.  Problèmes arithmétique et géométriques rattachés à la notion de rang d'une courbe algébrique dans un corps , 1952 .

[6]  W. Kohnen,et al.  Heegner points and derivatives ofL-series. II , 1987 .

[7]  J. Top,et al.  On the Mordell-Weil rank of an abelian variety over a number field , 1989 .

[8]  J. Hoffstein,et al.  An introduction to mathematical cryptography , 2008 .

[9]  Joe Suzuki,et al.  Elliptic Curve Discrete Logarithms and the Index Calculus , 1998, ASIACRYPT.

[10]  Joseph H. Silverman,et al.  Computing canonical heights with little (or no) factorization , 1997, Math. Comput..

[11]  S. Lang,et al.  Elliptic Curves: Diophantine Analysis , 1978 .

[12]  K. Brown,et al.  Graduate Texts in Mathematics , 1982 .

[13]  Kazuo Ohta,et al.  Advances in Cryptology — ASIACRYPT’98 , 2002, Lecture Notes in Computer Science.

[14]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[16]  晋輝 趙,et al.  H. Cohen, G. Frey, R. Avanzi, C. Doche, T. Lange, K. Nguyen and F. Vercauteren (eds.): Handbook of Elliptic and Hyperelliptic Curve Cryptography, Discrete Math. Appl. (Boca Raton)., Chapman & Hall/CRC, 2006年,xxxiv + 808ページ. , 2009 .

[17]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[18]  Andreas Stein,et al.  Analysis of the Xedni Calculus Attack , 2000, Des. Codes Cryptogr..

[19]  Igor A. Semaev,et al.  Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p , 1998, Math. Comput..

[20]  A. Wiles,et al.  Ring-Theoretic Properties of Certain Hecke Algebras , 1995 .

[21]  D. W. Masser Specializations of finitely generated subgroups of abelian varieties , 1989 .

[22]  Tibor Juhas The use of elliptic curves in cryptography , 2007 .

[23]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[24]  Joseph H. Silverman,et al.  Computing heights on elliptic curves , 1988 .

[25]  M. Deuring Die Typen der Multiplikatorenringe elliptischer Funktionenkörper , 1941 .

[26]  A. Wiles Modular Elliptic Curves and Fermat′s Last Theorem(抜粋) (フェルマ-予想がついに解けた!?) , 1995 .

[27]  Leonard M. Adleman,et al.  A Subexponential Algorithm for Discrete Logarithms over Hyperelliptic Curves of Large Genus over GF(q) , 1999, Theor. Comput. Sci..

[28]  Tanja Lange,et al.  Handbook of Elliptic and Hyperelliptic Curve Cryptography , 2005 .

[29]  Mathematische,et al.  Heegner Points and Derivatives of L-Series. II , 2005 .

[30]  Takakazu Satoh,et al.  Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves , 1998 .

[31]  Barry Mazur,et al.  Modular curves and the eisenstein ideal , 1977 .

[32]  Joseph H. Silverman,et al.  The canonical height and integral points on elliptic curves , 1988 .

[33]  Jean-François Mestre,et al.  Formules explicites et minoration de conducteurs de vari'et'es alg'ebriques , 1986 .

[34]  J. Cheon,et al.  On Remarks of Lifting Problems for Elliptic Curves , 2000 .

[35]  Nigel P. Smart,et al.  The Discrete Logarithm Problem on Elliptic Curves of Trace One , 1999, Journal of Cryptology.

[36]  Jean-Pierre Serre Propriétés galoisiennes des points d'ordre fini des courbes elliptiques , 1971 .

[37]  J. Cassels,et al.  ABELIAN l -ADIC REPRESENTATIONS AND ELLIPTIC CURVES , 1969 .

[38]  Qi Cheng,et al.  Partial Lifting and the Elliptic Curve Discrete Logarithm Problem , 2004, Algorithmica.

[39]  Ming-Deh A. Huang,et al.  Lifting Elliptic Curves and Solving the Elliptic Curve Discrete Logarithm Problem , 2000, ANTS.

[40]  Wolfgang Bauer Implementing elliptic curve cryptography , 2002, Communications and Multimedia Security.

[41]  Joseph H. Silverman,et al.  The Xedni Calculus and the Elliptic Curve Discrete Logarithm Problem , 2000, Des. Codes Cryptogr..

[42]  Sarah Meiklejohn,et al.  Review of an introduction to mathematical cryptography by Jeffrey Hoffstein, Jill Pipher, and Joseph Silverman Springer-Verlag, 2008 , 2010, SIGA.

[43]  R. Taylor,et al.  On the modularity of elliptic curves over 𝐐: Wild 3-adic exercises , 2001, Journal of the American Mathematical Society.