Reducing elliptic curve logarithms to logarithms in a finite field

Abstruct- Elliptic cuwe cryptosystems have the potential to provide relatively small block size, high-security public key schemes that can be efficiently implemented. As with other known public key schemes, such as RSA and discrete exponentiation in a finite field, some care must be exercised when selecting the parameters involved, in this case the elliptic curve and the underlying field. Specific classes of cuwes that give little or no advantage over previously known schemes are discussed. The main result of the paper is to demonstrate the reduction of the elliptic curve logarithm problem to the logarithm problem in the multiplicative group of an extension of the underlying finite field. For the class of supersingular elliptic curves, the reduction takes probabilistic polynomial time, thus providing a probabilistic subexponential time algorithm for the former problem. Index Tem- Discrete logarithms, elliptic curves, public key CryPtOSraPhY.

[1]  Gary L. Miller,et al.  On taking roots in finite fields , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[2]  Andreas Bender,et al.  On the Implementation of Elliptic Curve Cryptosystems , 1989, CRYPTO.

[3]  Robert D. Silverman The multiple polynomial quadratic sieve , 1987 .

[4]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[5]  T. Elgamal A subexponential-time algorithm for computing discrete logarithms over GF(p^2) , 1985 .

[6]  Burton S. Kaliski,et al.  Elliptic curves and cryptography: a pseudorandom bit generator and other tools , 1988 .

[7]  Kevin S. McCurley,et al.  Massively Parallel Computation of Discrete Logarithms , 1992, CRYPTO.

[8]  Don Coppersmith,et al.  Fast evaluation of logarithms in fields of characteristic two , 1984, IEEE Trans. Inf. Theory.

[9]  J. L. Selfridge,et al.  Factorizations of b[n]±1, b=2, 3, 5, 6, 7, 10, 11, 12 up to high powers , 1985 .

[10]  Michael O. Rabin,et al.  Probabilistic Algorithms in Finite Fields , 1980, SIAM J. Comput..

[11]  Arjen K. Lenstra,et al.  The number field sieve , 1990, STOC '90.

[12]  René Schoof,et al.  Nonsingular plane cubic curves over finite fields , 1987, J. Comb. Theory A.

[13]  R. Schoof Elliptic Curves Over Finite Fields and the Computation of Square Roots mod p , 1985 .

[14]  Justin M. Reyneri,et al.  Fast Computation of Discrete Logarithms in GF(q) , 1982, CRYPTO.

[15]  Burton S. Kaliski,et al.  A Pseudo-Random Bit Generator Based on Elliptic Logarithms , 1986, CRYPTO.

[16]  J. Rosser,et al.  Approximate formulas for some functions of prime numbers , 1962 .

[17]  Carl Pomerance,et al.  Rigorous, subexponential algorithms for discrete logarithms over finite fields , 1992 .

[18]  Alfred Menezes,et al.  The Implementation of Elliptic Curve Cryptosystems , 1990, AUSCRYPT.

[19]  C. Pomerance Fast, Rigorous Factorization and Discrete Logarithm Algorithms , 1987 .

[20]  Joseph H. Silverman,et al.  The arithmetic of elliptic curves , 1986, Graduate texts in mathematics.

[21]  Michael Ben-Or,et al.  Probabilistic algorithms in finite fields , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[22]  Andrew M. Odlyzko,et al.  Discrete Logarithms in Finite Fields and Their Cryptographic Significance , 1985, EUROCRYPT.