scholarly journals On the first fall degree of summation polynomials

2019 ◽  
Vol 13 (3-4) ◽  
pp. 229-237
Author(s):  
Stavros Kousidis ◽  
Andreas Wiemers
Keyword(s):  
Elliptic Curve ◽  
Gröbner Basis ◽  
Discrete Logarithm ◽  
Polynomial Systems ◽  
Discrete Logarithm Problem ◽  
Grobner Basis ◽  
Weil Descent ◽  
Degree Bound

Abstract We improve on the first fall degree bound of polynomial systems that arise from a Weil descent along Semaev’s summation polynomials relevant to the solution of the Elliptic Curve Discrete Logarithm Problem via Gröbner basis algorithms.

scholarly journals Generalising the GHS Attack on the Elliptic Curve Discrete Logarithm Problem

2004 ◽  
Vol 7 ◽  
pp. 167-192 ◽  
Author(s):  
F. Hess
Keyword(s):  
Elliptic Curve ◽  
Elliptic Curves ◽  
Characteristic Polynomial ◽  
Discrete Logarithm ◽  
Discrete Logarithm Problem ◽  
Weil Descent

AbstractThe Weil descent construction of the GHS attack on the elliptic curve discrete logarithm problem (ECDLP) is generalised in this paper, to arbitrary Artin-Schreier extensions. A formula is given for the characteristic polynomial of Frobenius for the curves thus obtained, as well as a proof that the large cyclic factor of the input elliptic curve is not contained in the kernel of the composition of the conorm and norm maps. As an application, the number of elliptic curves that succumb to the basic GHS attack is considerably increased, thereby further weakening curves over GF2155.Other possible extensions or variations of the GHS attack are discussed, leading to the conclusion that they are unlikely to yield further improvements.

scholarly journals Analysis of the GHS Weil Descent Attack on the ECDLP over Characteristic Two Finite Fields of Composite Degree

2002 ◽  
Vol 5 ◽  
pp. 127-174 ◽  
Author(s):  
Markus Maurer ◽  
Alfred Menezes ◽  
Edlyn Teske
Keyword(s):  
Elliptic Curve ◽  
Elliptic Curves ◽  
Finite Fields ◽  
Discrete Logarithm ◽  
Discrete Logarithm Problem ◽  
Signature Scheme ◽  
Extension Degree ◽  
Characteristic Two ◽  
Weil Descent

AbstractIn this paper, the authors analyze the Gaudry-Hess-Smart (GHS) Weil descent attack on the elliptic curve discrete logarithm problem (ECDLP) for elliptic curves defined over characteristic two finite fields of composite extension degree. For each such field F2N, where N is in [100,600], elliptic curve parameters are identified such that: (i) there should exist a cryptographically interesting elliptic curve E over F2N with these parameters; and (ii) the GHS attack is more efficient for solving the ECDLP in E(F2N) than for solving the ECDLP on any other cryptographically interesting elliptic curve over F2N. The feasibility of the GHS attack on the specific elliptic curves is examined over F2176, F2208, F2272, F2304 and F2368, which are provided as examples in the ANSI X9.62 standard for the elliptic curve signature scheme ECDSA. Finally, several concrete instances are provided of the ECDLP over F2N, N composite, of increasing difficulty; these resist all previously known attacks, but are within reach of the GHS attack.

scholarly journals Complexity bounds on Semaev’s naive index calculus method for ECDLP

2020 ◽  
Vol 14 (1) ◽  
pp. 460-485
Author(s):  
Kazuhiro Yokoyama ◽  
Masaya Yasuda ◽  
Yasushi Takahashi ◽  
Jun Kogure
Keyword(s):  
Lower Bound ◽  
Gröbner Basis ◽  
Discrete Logarithm ◽  
Polynomial Systems ◽  
Grobner Basis ◽  
Step Method ◽  
Complexity Bounds ◽  
Index Calculus ◽  
Basis Computation ◽  
The Ideal

AbstractSince Semaev introduced summation polynomials in 2004, a number of studies have been devoted to improving the index calculus method for solving the elliptic curve discrete logarithm problem (ECDLP) with better complexity than generic methods such as Pollard’s rho method and the baby-step and giant-step method (BSGS). In this paper, we provide a deep analysis of Gröbner basis computation for solving polynomial systems appearing in the point decomposition problem (PDP) in Semaev’s naive index calculus method. Our analysis relies on linear algebra under simple statistical assumptions on summation polynomials. We show that the ideal derived from PDP has a special structure and Gröbner basis computation for the ideal is regarded as an extension of the extended Euclidean algorithm. This enables us to obtain a lower bound on the cost of Gröbner basis computation. With the lower bound, we prove that the naive index calculus method cannot be more efficient than generic methods.

Sign in / Sign up

Export Citation Format

Share Document