Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem

We propose an index calculus algorithm for the discrete logarithm problem on general abelian varieties of small dimension. The main difference with the previous approaches is that we do not make use of any embedding into the Jacobian of a well-suited curve. We apply this algorithm to the Weil restriction of elliptic curves and hyperelliptic curves over small degree extension fields. In particular, our attack can solve an elliptic curve discrete logarithm problem defined over F"q"^"3 in heuristic asymptotic running time [email protected]?(q^4^/^3); and an elliptic problem over F"q"^"4 or a genus 2 problem over F"q"^"2 in heuristic asymptotic running time [email protected]?(q^3^/^2).

[1]  Nigel P. Smart,et al.  Constructive and destructive facets of Weil descent on elliptic curves , 2002, Journal of Cryptology.

[2]  Pierrick Gaudry,et al.  An L (1/3 + epsilon ) Algorithm for the Discrete Logarithm Problem for Low Degree Curves , 2007, EUROCRYPT.

[3]  E. V. Flynn The Jacobian and formal group of a curve of genus 2 over an arbitrary ground field , 1990, Mathematical Proceedings of the Cambridge Philosophical Society.

[4]  Seigo Arita,et al.  Weil Descent of Elliptic Curves over Finite Fields of Characteristic Three , 2000, ASIACRYPT.

[5]  Frederik Vercauteren,et al.  On the Discrete Logarithm Problem on Algebraic Tori , 2005, CRYPTO.

[6]  J. Faugère A new efficient algorithm for computing Gröbner bases (F4) , 1999 .

[7]  Ming-Deh A. Huang,et al.  Lifting Elliptic Curves and Solving the Elliptic Curve Discrete Logarithm Problem , 2000, ANTS.

[8]  Koh-ichi Nagao Decomposition Attack for the Jacobian of a Hyperelliptic Curve over an Extension Field , 2010, ANTS.

[9]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[10]  Joseph H. Silverman,et al.  The Xedni Calculus and the Elliptic Curve Discrete Logarithm Problem , 2000, Des. Codes Cryptogr..

[11]  Igor A. Semaev,et al.  Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p , 1998, Math. Comput..

[12]  PalaiseauDeutschland Franceenge A General Framework for Subexponential Discrete Logarithm Algorithms , 2000 .

[13]  Alfred Menezes,et al.  Analysis of the GHS Weil Descent Attack on the ECDLP over Characteristic Two Finite Fields of Composite Degree , 2001, INDOCRYPT.

[14]  Igor A. Semaev Summation polynomials and the discrete logarithm problem on elliptic curves , 2004, IACR Cryptol. ePrint Arch..

[15]  Nigel P. Smart,et al.  The Discrete Logarithm Problem on Elliptic Curves of Trace One , 1999, Journal of Cryptology.

[16]  David A. Cox,et al.  Ideals, Varieties, and Algorithms , 1997 .

[17]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[18]  Claus Diem,et al.  An Index Calculus Algorithm for Plane Curves of Small Degree , 2006, ANTS.

[19]  Steven D. Galbraith,et al.  A Cryptographic Application of Weil Descent , 1999, IMACC.

[20]  K. Brown,et al.  Graduate Texts in Mathematics , 1982 .

[21]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[22]  R. Zuccherato,et al.  An elementary introduction to hyperelliptic curves , 1996 .

[23]  C. Diem The GHS-attack in odd characteristic , 2003 .

[24]  J. Pila Frobenius maps of Abelian varieties and finding roots of unity in finite fields , 1990 .

[25]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1993, IEEE Trans. Inf. Theory.

[26]  Florian Hess,et al.  The GHS Attack Revisited , 2003, EUROCRYPT.

[27]  Pierrick Gaudry,et al.  An Algorithm for Solving the Discrete Log Problem on Hyperelliptic Curves , 2000, EUROCRYPT.

[28]  Nicolas Thériault,et al.  Index Calculus Attack for Hyperelliptic Curves of Small Genus , 2003, ASIACRYPT.

[29]  Jonathan Pila Counting points on curves over families in polynomial time , 2005 .

[30]  Alfred Menezes,et al.  Analysis of the Weil Descent Attack of Gaudry, Hess and Smart , 2001, CT-RSA.

[31]  Shuhong Gao,et al.  Factoring multivariate polynomials via partial differential equations , 2003, Math. Comput..

[32]  Jean Charles Faugère,et al.  A new efficient algorithm for computing Gröbner bases without reduction to zero (F5) , 2002, ISSAC '02.

[33]  Emmanuel Thomé,et al.  Index Calculus in Class Groups of Non-hyperelliptic Curves of Genus Three , 2008, Journal of Cryptology.

[34]  Pierrick Gaudry,et al.  An L ( 1 / 3 + ε ) Algorithm for the Discrete Logarithm Problem for Low Degree Curves , 2007 .

[35]  Andreas Stein,et al.  Analysis of the Xedni Calculus Attack , 2000, Des. Codes Cryptogr..

[36]  Neal Koblitz,et al.  Algebraic aspects of cryptography , 1998, Algorithms and computation in mathematics.

[37]  Takakazu Satoh,et al.  Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves , 1998 .

[38]  Nicolas Thériault,et al.  A double large prime variation for small genus hyperelliptic index calculus , 2004, Math. Comput..

[39]  J. Couveignes,et al.  Algebraic groups and discrete logarithm , 2001 .

[40]  Leonard M. Adleman,et al.  A subexponential algorithm for discrete logarithms over the rational subgroup of the jacobians of large genus hyperelliptic curves over finite fields , 1994, ANTS.