Shor's discrete logarithm quantum algorithm for elliptic curves

We show in some detail how to implement Shor's efficient quantum algorithm for discrete logarithms for the particular case of elliptic curve groups. It turns out that for this problem a smaller quantum computer can solve problems further beyond current computing than for integer factorisation. A 160 bit elliptic curve cryptographic key could be broken on a quantum computer using around 1000 qubits while factoring the security-wise equivalent 1024 bit RSA modulus would require about 2000 qubits. In this paper we only consider elliptic curves over GF(p) and not yet the equally important ones over GF(2^n) or other finite fields. The main technical difficulty is to implement Euclid's gcd algorithm to compute multiplicative inverses modulo p. As the runtime of Euclid's algorithm depends on the input, one difficulty encountered is the ``quantum halting problem''.

Download Full-text

An O(m^2)-depth quantum algorithm for the elliptic curve discrete logarithm problem over GF(2^m)

Quantum Information and Computation ◽

10.26421/qic9.7-8-4 ◽

2009 ◽

Vol 9 (7&8) ◽

pp. 610-621

Author(s):

D. Maslov ◽

J. Mathew ◽

D. Cheung ◽

D.K. Pradhan

Keyword(s):

Elliptic Curve ◽

Elliptic Curves ◽

Finite Fields ◽

Nearest Neighbor ◽

Discrete Logarithm ◽

Quantum Algorithm ◽

Polynomial Time Algorithm ◽

Time Algorithm ◽

Discrete Logarithm Problem ◽

Quantum Polynomial

We consider a quantum polynomial-time algorithm which solves the discrete logarithm problem for points on elliptic curves over $GF(2^m)$. We improve over earlier algorithms by constructing an efficient circuit for multiplying elements of binary finite fields and by representing elliptic curve points using a technique based on projective coordinates. The depth of our proposed implementation, executable in the Linear Nearest Neighbor (LNN) architecture, is $O(m^2)$, which is an improvement over the previous bound of $O(m^3)$ derived assuming no architectural restrictions.

Download Full-text

PERSPECTIVES OF ELLIPTICAL CRYPTOGRAPHY TO ENSURE THE INTEGRITY AND CONFIDENTIALITY OF INFORMATION

Visnyk Universytetu “Ukraina” ◽

10.36994/2707-4110-2019-2-23-26 ◽

2019 ◽

Author(s):

Anna ILYENKO ◽

Sergii ILYENKO ◽

Yana MASUR

Keyword(s):

Information Systems ◽

Elliptic Curve ◽

Elliptic Curves ◽

Finite Fields ◽

Computational Efficiency ◽

Digital Signature ◽

Discrete Logarithm ◽

Algebraic Groups ◽

Schnorr Signature ◽

Stability Of Algorithms

In this article, the main problems underlying the current asymmetric crypto algorithms for the formation and verification of electronic-digital signature are considered: problems of factorization of large integers and problems of discrete logarithm. It is noted that for the second problem, it is possible to use algebraic groups of points other than finite fields. The group of points of the elliptical curve, which satisfies all set requirements, looked attractive on this side. Aspects of the application of elliptic curves in cryptography and the possibilities offered by these algebraic groups in terms of computational efficiency and crypto-stability of algorithms were also considered. Information systems using elliptic curves, the keys have a shorter length than the algorithms above the finite fields. Theoretical directions of improvement of procedure of formation and verification of electronic-digital signature with the possibility of ensuring the integrity and confidentiality of information were considered. The proposed method is based on the Schnorr signature algorithm, which allows data to be recovered directly from the signature itself, similarly to RSA-like signature systems, and the amount of recoverable information is variable depending on the information message. As a result, the length of the signature itself, which is equal to the sum of the length of the end field over which the elliptic curve is determined, and the artificial excess redundancy provided to the hidden message was achieved.

Download Full-text

Analysis of the GHS Weil Descent Attack on the ECDLP over Characteristic Two Finite Fields of Composite Degree

LMS Journal of Computation and Mathematics ◽

10.1112/s1461157000000723 ◽

2002 ◽

Vol 5 ◽

pp. 127-174 ◽

Cited By ~ 14

Author(s):

Markus Maurer ◽

Alfred Menezes ◽

Edlyn Teske

Keyword(s):

Elliptic Curve ◽

Elliptic Curves ◽

Finite Fields ◽

Discrete Logarithm ◽

Discrete Logarithm Problem ◽

Signature Scheme ◽

Extension Degree ◽

Characteristic Two ◽

Weil Descent

AbstractIn this paper, the authors analyze the Gaudry-Hess-Smart (GHS) Weil descent attack on the elliptic curve discrete logarithm problem (ECDLP) for elliptic curves defined over characteristic two finite fields of composite extension degree. For each such field F2N, where N is in [100,600], elliptic curve parameters are identified such that: (i) there should exist a cryptographically interesting elliptic curve E over F2N with these parameters; and (ii) the GHS attack is more efficient for solving the ECDLP in E(F2N) than for solving the ECDLP on any other cryptographically interesting elliptic curve over F2N. The feasibility of the GHS attack on the specific elliptic curves is examined over F2176, F2208, F2272, F2304 and F2368, which are provided as examples in the ANSI X9.62 standard for the elliptic curve signature scheme ECDSA. Finally, several concrete instances are provided of the ECDLP over F2N, N composite, of increasing difficulty; these resist all previously known attacks, but are within reach of the GHS attack.

Download Full-text

Quantum Algorithm for Solving the Discrete Logarithm Problem in the Class Group of an Imaginary Quadratic Field and Security Comparison of Current Cryptosystems at the Beginning of Quantum Computer Age

Lecture Notes in Computer Science - Emerging Trends in Information and Communication Security ◽

10.1007/11766155_34 ◽

2006 ◽

pp. 481-493 ◽

Cited By ~ 1

Author(s):

Arthur Schmidt

Keyword(s):

Class Group ◽

Quadratic Field ◽

Quantum Computer ◽

Discrete Logarithm ◽

Quantum Algorithm ◽

Imaginary Quadratic Field ◽

Discrete Logarithm Problem

Download Full-text

Finding roots in with the successive resultants algorithm

LMS Journal of Computation and Mathematics ◽

10.1112/s1461157014000138 ◽

2014 ◽

Vol 17 (A) ◽

pp. 203-217 ◽

Cited By ~ 2

Author(s):

Christophe Petit

Keyword(s):

Finite Field ◽

Elliptic Curve ◽

Finite Fields ◽

Coding Theory ◽

Discrete Logarithm ◽

Discrete Logarithm Problem ◽

Polynomial Equations ◽

Preliminary Results ◽

Characteristic Case ◽

Practical Security

AbstractThe problem of solving polynomial equations over finite fields has many applications in cryptography and coding theory. In this paper, we consider polynomial equations over a ‘large’ finite field with a ‘small’ characteristic. We introduce a new algorithm for solving this type of equations, called the successive resultants algorithm (SRA). SRA is radically different from previous algorithms for this problem, yet it is conceptually simple. A straightforward implementation using Magma was able to beat the built-in Roots function for some parameters. These preliminary results encourage a more detailed study of SRA and its applications. Moreover, we point out that an extension of SRA to the multivariate case would have an important impact on the practical security of the elliptic curve discrete logarithm problem in the small characteristic case.Supplementary materials are available with this article.

Download Full-text

The Construction of ElGamal over Koblitz Curve

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.931-932.1441 ◽

2014 ◽

Vol 931-932 ◽

pp. 1441-1446 ◽

Cited By ~ 1

Author(s):

Krissanee Kamthawee ◽

Bhichate Chiewthanakul

Keyword(s):

Elliptic Curve ◽

Elliptic Curves ◽

Discrete Logarithm ◽

Scalar Multiplication ◽

Computer Hardware ◽

Point Multiplication ◽

Koblitz Curves ◽

Elliptic Curve Cryptosystems ◽

Elgamal Cryptosystem ◽

Primary Advantage

Recently elliptic curve cryptosystems are widely accepted for security applications key generation, signature and verification. Cryptographic mechanisms based on elliptic curves depend on arithmetic involving the points of the curve. it is possible to use smaller primes, or smaller finite fields, with elliptic curves and achieve a level of security comparable to that for much larger integers. Koblitz curves, also known as anomalous binary curves, are elliptic curves defined over F2. The primary advantage of these curves is that point multiplication algorithms can be devised that do not use any point doublings. The ElGamal cryptosystem, which is based on the Discrete Logarithm problem can be implemented in any group. In this paper, we propose the ElGamal over Koblitz Curve Scheme by applying the arithmetic on Koblitz curve to the ElGamal cryptosystem. The advantage of this scheme is that point multiplication algorithms can be speeded up the scalar multiplication in the affine coodinate of the curves using Frobenius map. It has characteristic two, therefore it’s arithmetic can be designed in any computer hardware. Moreover, it has more efficient to employ the TNAF method for scalar multiplication on Koblitz curves to decrease the number of nonzero digits. It’s security relies on the inability of a forger, who does not know a private key, to compute elliptic curve discrete logarithm.

Download Full-text

Elliptic curves with a given number of points over finite fields

Compositio Mathematica ◽

10.1112/s0010437x12000541 ◽

2012 ◽

Vol 149 (2) ◽

pp. 175-203 ◽

Cited By ~ 8

Author(s):

Chantal David ◽

Ethan Smith

Keyword(s):

Positive Integer ◽

Asymptotic Formula ◽

Elliptic Curve ◽

Elliptic Curves ◽

Finite Fields ◽

Short Interval ◽

Distribution Of Primes ◽

Primes In Arithmetic Progressions ◽

Interval Distribution ◽

Better Than

AbstractGiven an elliptic curve E and a positive integer N, we consider the problem of counting the number of primes p for which the reduction of E modulo p possesses exactly N points over 𝔽p. On average (over a family of elliptic curves), we show bounds that are significantly better than what is trivially obtained by the Hasse bound. Under some additional hypotheses, including a conjecture concerning the short-interval distribution of primes in arithmetic progressions, we obtain an asymptotic formula for the average.

Download Full-text

Efficient quantum circuits for binary elliptic curve arithmetic: reducing $T$-gate complexity

Quantum Information and Computation ◽

10.26421/qic13.7-8-5 ◽

2013 ◽

Vol 13 (7&8) ◽

pp. 631-644

Author(s):

Brittanney Amento ◽

Martin Rotteler ◽

Rainer Steinwalds

Keyword(s):

Elliptic Curve ◽

Elliptic Curves ◽

Finite Fields ◽

Quantum Algorithms ◽

Substantial Reduction ◽

Quantum Circuit ◽

Quantum Circuits ◽

Curves Over Finite Fields ◽

Curve Representation ◽

Modern Cryptography

Elliptic curves over finite fields ${\mathbb F}_{2^n}$ play a prominent role in modern cryptography. Published quantum algorithms dealing with such curves build on a short Weierstrass form in combination with affine or projective coordinates. In this paper we show that changing the curve representation allows a substantial reduction in the number of $T$-gates needed to implement the curve arithmetic. As a tool, we present a quantum circuit for computing multiplicative inverses in $\mathbb F_{2^n}$ in depth $\bigO(n\log_2 n)$ using a polynomial basis representation, which may be of independent interest.

Download Full-text

Generalising the GHS Attack on the Elliptic Curve Discrete Logarithm Problem

LMS Journal of Computation and Mathematics ◽

10.1112/s146115700000108x ◽

2004 ◽

Vol 7 ◽

pp. 167-192 ◽

Cited By ~ 21

Author(s):

F. Hess

Keyword(s):

Elliptic Curve ◽

Elliptic Curves ◽

Characteristic Polynomial ◽

Discrete Logarithm ◽

Discrete Logarithm Problem ◽

Weil Descent

AbstractThe Weil descent construction of the GHS attack on the elliptic curve discrete logarithm problem (ECDLP) is generalised in this paper, to arbitrary Artin-Schreier extensions. A formula is given for the characteristic polynomial of Frobenius for the curves thus obtained, as well as a proof that the large cyclic factor of the input elliptic curve is not contained in the kernel of the composition of the conorm and norm maps. As an application, the number of elliptic curves that succumb to the basic GHS attack is considerably increased, thereby further weakening curves over GF2155.Other possible extensions or variations of the GHS attack are discussed, leading to the conclusion that they are unlikely to yield further improvements.

Download Full-text

Cryptographic Primitives

Cryptographic Primitives in Blockchain Technology ◽

10.1093/oso/9780198862840.003.0003 ◽

2020 ◽

pp. 57-134

Author(s):

Andreas Bolfing

Keyword(s):

Elliptic Curve ◽

Elliptic Curves ◽

Digital Signature ◽

Discrete Logarithm ◽

Public Key ◽

Public Key Encryption ◽

Cryptographic Primitives ◽

Digital Signature Algorithm ◽

Digital Signature Scheme ◽

Current Standards

This chapter provides a very detailed introduction to cryptography. It first explains the cryptographic basics and introduces the concept of public-key encryption which is based on one-way and trapdoor functions, considering the three major public-key encryption families like integer factorization, discrete logarithm and elliptic curve schemes. This is followed by an introduction to hash functions which are applied to construct Merkle trees and digital signature schemes. As modern cryptoschemes are commonly based on elliptic curves, the chapter then introduces elliptic curve cryptography which is based on the Elliptic Curve Discrete Logarithm Problem (ECDLP). It considers the hardness of the ECDLP and the possible attacks against it, showing how to find suitable domain parameters to construct cryptographically strong elliptic curves. This is followed by the discussion of elliptic curve domain parameters which are recommended by current standards. Finally, it introduces the Elliptic Curve Digital Signature Algorithm (ECDSA), the elliptic curve digital signature scheme.

Download Full-text