Weak Fields for ECC

We demonstrate that some finite fields, including \(\mathbb{F}_{{2}^{210}}\), are weak for elliptic curve cryptography in the sense that any instance of the elliptic curve discrete logarithm problem for any elliptic curve over these fields can be solved in significantly less time than it takes Pollard’s rho method to solve the hardest instances. We discuss the implications of our observations to elliptic curve cryptography, and list some open problems.

[1]  Alfred Menezes,et al.  Solving Elliptic Curve Discrete Logarithm Problems Using Weil Descent , 2001, IACR Cryptol. ePrint Arch..

[2]  Steven D. Galbraith Weil Descent of Jacobians , 2003, Discret. Appl. Math..

[3]  D. Cantor Computing in the Jacobian of a hyperelliptic curve , 1987 .

[4]  Nigel P. Smart,et al.  The Discrete Logarithm Problem on Elliptic Curves of Trace One , 1999, Journal of Cryptology.

[5]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1993, IEEE Trans. Inf. Theory.

[6]  Leonard M. Adleman,et al.  A subexponential algorithm for discrete logarithms over the rational subgroup of the jacobians of large genus hyperelliptic curves over finite fields , 1994, ANTS.

[7]  D. Kohel Endomorphism rings of elliptic curves over finite fields , 1996 .

[8]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[9]  Edlyn Teske On random walks for Pollard's rho method , 2001, Math. Comput..

[10]  Igor A. Semaev,et al.  Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p , 1998, Math. Comput..

[11]  Michael J. Wiener,et al.  Faster Attacks on Elliptic Curve Cryptosystems , 1998, Selected Areas in Cryptography.

[12]  Florian Hess,et al.  The GHS Attack Revisited , 2003, EUROCRYPT.

[13]  William M. Daley,et al.  Digital Signature Standard (DSS) , 2000 .

[14]  P. Gaudry,et al.  A general framework for subexponential discrete logarithm algorithms , 2002 .

[15]  Alfred Menezes,et al.  Analysis of the Weil Descent Attack of Gaudry, Hess and Smart , 2001, CT-RSA.

[16]  G. Frey Applications of Arithmetical Geometry to Cryptographic Constructions , 2001 .

[17]  Steven D. Galbraith,et al.  Extending the GHS Weil Descent Attack , 2002, EUROCRYPT.

[18]  G. Frey,et al.  A remark concerning m -divisibility and the discrete logarithm in the divisor class group of curves , 1994 .

[19]  Pierrick Gaudry,et al.  An Algorithm for Solving the Discrete Log Problem on Hyperelliptic Curves , 2000, EUROCRYPT.

[20]  Scott A. Vanstone,et al.  Improving the parallelized Pollard lambda search on anomalous binary curves , 2000, Math. Comput..

[21]  Sachar Paulus,et al.  Sieving in Function Fields , 1999, Exp. Math..

[22]  Edlyn Teske,et al.  Speeding Up Pollard's Rho Method for Computing Discrete Logarithms , 1998, ANTS.

[23]  D. Cantor,et al.  A new algorithm for factoring polynomials over finite fields , 1981 .

[24]  Nigel P. Smart,et al.  Constructive and destructive facets of Weil descent on elliptic curves , 2002, Journal of Cryptology.

[25]  Fabian Kuhn,et al.  Random Walks Revisited: Extensions of Pollard's Rho Algorithm for Computing Multiple Discrete Logarithms , 2001, Selected Areas in Cryptography.

[26]  Nigel P. Smart,et al.  How Secure Are Elliptic Curves over Composite Extension Fields? , 2001, EUROCRYPT.

[27]  Michael J. Jacobson,et al.  Computational Aspects of NUCOMP , 2002, ANTS.

[28]  Ricardo Dahab,et al.  High-Speed Software Multiplication in F2m , 2000, INDOCRYPT.

[29]  Hilarie K. Orman,et al.  The OAKLEY Key Determination Protocol , 1997, RFC.

[30]  Alfred Menezes,et al.  Analysis of the GHS Weil Descent Attack on the ECDLP over Characteristic Two Finite Fields of Composite Degree , 2002 .

[31]  Ales Pultr,et al.  Remarks on strategies in combinatorial games , 1985, Discret. Appl. Math..

[32]  Sachar Paulus,et al.  Comparing Real and Imaginary Arithmetics for Divisor Class Groups of Hyperelliptic Curves , 1998, ANTS.

[33]  Jerome A. Solinas,et al.  Efficient Arithmetic on Koblitz Curves , 2000, Des. Codes Cryptogr..

[34]  Paul Barrett,et al.  Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor , 1986, CRYPTO.

[35]  Edlyn Teske,et al.  An Elliptic Curve Trapdoor System , 2004, Journal of Cryptology.

[36]  S. Galbraith Constructing Isogenies between Elliptic Curves Over Finite Fields , 1999 .

[37]  Michael J. Wiener The Full Cost of Cryptanalytic Attacks , 2003, Journal of Cryptology.

[38]  Don Coppersmith,et al.  Discrete logarithms inGF(p) , 2005, Algorithmica.

[39]  Takakazu Satoh,et al.  Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves , 1998 .