An O(m^2)-depth quantum algorithm for the elliptic curve discrete logarithm problem over GF(2^m)

2009 ◽  
Vol 9 (7&8) ◽  
pp. 610-621
Author(s):  
D. Maslov ◽  
J. Mathew ◽  
D. Cheung ◽  
D.K. Pradhan
Keyword(s):  
Elliptic Curve ◽  
Elliptic Curves ◽  
Finite Fields ◽  
Nearest Neighbor ◽  
Discrete Logarithm ◽  
Quantum Algorithm ◽  
Polynomial Time Algorithm ◽  
Time Algorithm ◽  
Discrete Logarithm Problem ◽  
Quantum Polynomial

We consider a quantum polynomial-time algorithm which solves the discrete logarithm problem for points on elliptic curves over $GF(2^m)$. We improve over earlier algorithms by constructing an efficient circuit for multiplying elements of binary finite fields and by representing elliptic curve points using a technique based on projective coordinates. The depth of our proposed implementation, executable in the Linear Nearest Neighbor (LNN) architecture, is $O(m^2)$, which is an improvement over the previous bound of $O(m^3)$ derived assuming no architectural restrictions.

scholarly journals Analysis of the GHS Weil Descent Attack on the ECDLP over Characteristic Two Finite Fields of Composite Degree

2002 ◽  
Vol 5 ◽  
pp. 127-174 ◽  
Author(s):  
Markus Maurer ◽  
Alfred Menezes ◽  
Edlyn Teske
Keyword(s):  
Elliptic Curve ◽  
Elliptic Curves ◽  
Finite Fields ◽  
Discrete Logarithm ◽  
Discrete Logarithm Problem ◽  
Signature Scheme ◽  
Extension Degree ◽  
Characteristic Two ◽  
Weil Descent

AbstractIn this paper, the authors analyze the Gaudry-Hess-Smart (GHS) Weil descent attack on the elliptic curve discrete logarithm problem (ECDLP) for elliptic curves defined over characteristic two finite fields of composite extension degree. For each such field F2N, where N is in [100,600], elliptic curve parameters are identified such that: (i) there should exist a cryptographically interesting elliptic curve E over F2N with these parameters; and (ii) the GHS attack is more efficient for solving the ECDLP in E(F2N) than for solving the ECDLP on any other cryptographically interesting elliptic curve over F2N. The feasibility of the GHS attack on the specific elliptic curves is examined over F2176, F2208, F2272, F2304 and F2368, which are provided as examples in the ANSI X9.62 standard for the elliptic curve signature scheme ECDSA. Finally, several concrete instances are provided of the ECDLP over F2N, N composite, of increasing difficulty; these resist all previously known attacks, but are within reach of the GHS attack.

Shor's discrete logarithm quantum algorithm for elliptic curves

2003 ◽  
Vol 3 (4) ◽  
pp. 317-344
Author(s):  
J. Proos ◽  
Ch. Zalka
Keyword(s):  
Elliptic Curve ◽  
Elliptic Curves ◽  
Finite Fields ◽  
Quantum Computer ◽  
Discrete Logarithm ◽  
Quantum Algorithm ◽  
Technical Difficulty ◽  
Discrete Logarithms ◽  
Modulo P ◽  
Cryptographic Key

We show in some detail how to implement Shor's efficient quantum algorithm for discrete logarithms for the particular case of elliptic curve groups. It turns out that for this problem a smaller quantum computer can solve problems further beyond current computing than for integer factorisation. A 160 bit elliptic curve cryptographic key could be broken on a quantum computer using around 1000 qubits while factoring the security-wise equivalent 1024 bit RSA modulus would require about 2000 qubits. In this paper we only consider elliptic curves over GF(p) and not yet the equally important ones over GF(2^n) or other finite fields. The main technical difficulty is to implement Euclid's gcd algorithm to compute multiplicative inverses modulo p. As the runtime of Euclid's algorithm depends on the input, one difficulty encountered is the ``quantum halting problem''.

PERSPECTIVES OF ELLIPTICAL CRYPTOGRAPHY TO ENSURE THE INTEGRITY AND CONFIDENTIALITY OF INFORMATION

2019 ◽  
Author(s):  
Anna ILYENKO ◽  
Sergii ILYENKO ◽  
Yana MASUR
Keyword(s):  
Information Systems ◽  
Elliptic Curve ◽  
Elliptic Curves ◽  
Finite Fields ◽  
Computational Efficiency ◽  
Digital Signature ◽  
Discrete Logarithm ◽  
Algebraic Groups ◽  
Schnorr Signature ◽  
Stability Of Algorithms

In this article, the main problems underlying the current asymmetric crypto algorithms for the formation and verification of electronic-digital signature are considered: problems of factorization of large integers and problems of discrete logarithm. It is noted that for the second problem, it is possible to use algebraic groups of points other than finite fields. The group of points of the elliptical curve, which satisfies all set requirements, looked attractive on this side. Aspects of the application of elliptic curves in cryptography and the possibilities offered by these algebraic groups in terms of computational efficiency and crypto-stability of algorithms were also considered. Information systems using elliptic curves, the keys have a shorter length than the algorithms above the finite fields. Theoretical directions of improvement of procedure of formation and verification of electronic-digital signature with the possibility of ensuring the integrity and confidentiality of information were considered. The proposed method is based on the Schnorr signature algorithm, which allows data to be recovered directly from the signature itself, similarly to RSA-like signature systems, and the amount of recoverable information is variable depending on the information message. As a result, the length of the signature itself, which is equal to the sum of the length of the end field over which the elliptic curve is determined, and the artificial excess redundancy provided to the hidden message was achieved.

scholarly journals Finding roots in with the successive resultants algorithm

2014 ◽  
Vol 17 (A) ◽  
pp. 203-217 ◽  
Author(s):  
Christophe Petit
Keyword(s):  
Finite Field ◽  
Elliptic Curve ◽  
Finite Fields ◽  
Coding Theory ◽  
Discrete Logarithm ◽  
Discrete Logarithm Problem ◽  
Polynomial Equations ◽  
Preliminary Results ◽  
Characteristic Case ◽  
Practical Security

AbstractThe problem of solving polynomial equations over finite fields has many applications in cryptography and coding theory. In this paper, we consider polynomial equations over a ‘large’ finite field with a ‘small’ characteristic. We introduce a new algorithm for solving this type of equations, called the successive resultants algorithm (SRA). SRA is radically different from previous algorithms for this problem, yet it is conceptually simple. A straightforward implementation using Magma was able to beat the built-in Roots function for some parameters. These preliminary results encourage a more detailed study of SRA and its applications. Moreover, we point out that an extension of SRA to the multivariate case would have an important impact on the practical security of the elliptic curve discrete logarithm problem in the small characteristic case.Supplementary materials are available with this article.

scholarly journals Generalising the GHS Attack on the Elliptic Curve Discrete Logarithm Problem

2004 ◽  
Vol 7 ◽  
pp. 167-192 ◽  
Author(s):  
F. Hess
Keyword(s):  
Elliptic Curve ◽  
Elliptic Curves ◽  
Characteristic Polynomial ◽  
Discrete Logarithm ◽  
Discrete Logarithm Problem ◽  
Weil Descent

AbstractThe Weil descent construction of the GHS attack on the elliptic curve discrete logarithm problem (ECDLP) is generalised in this paper, to arbitrary Artin-Schreier extensions. A formula is given for the characteristic polynomial of Frobenius for the curves thus obtained, as well as a proof that the large cyclic factor of the input elliptic curve is not contained in the kernel of the composition of the conorm and norm maps. As an application, the number of elliptic curves that succumb to the basic GHS attack is considerably increased, thereby further weakening curves over GF2155.Other possible extensions or variations of the GHS attack are discussed, leading to the conclusion that they are unlikely to yield further improvements.

scholarly journals On the discrete logarithm problem in elliptic curves

2010 ◽  
Vol 147 (1) ◽  
pp. 75-104 ◽  
Author(s):  
Claus Diem
Keyword(s):  
Elliptic Curve ◽  
Elliptic Curves ◽  
Discrete Logarithm ◽  
Finite Extension ◽  
Discrete Logarithm Problem ◽  
Natural Numbers ◽  
Expected Time

AbstractWe study the elliptic curve discrete logarithm problem over finite extension fields. We show that for any sequences of prime powers (qi)i∈ℕand natural numbers (ni)i∈ℕwithni⟶∞andni/log (qi)⟶0 fori⟶∞, the elliptic curve discrete logarithm problem restricted to curves over the fields 𝔽qniican be solved in subexponential expected time (qnii)o(1). We also show that there exists a sequence of prime powers (qi)i∈ℕsuch that the problem restricted to curves over 𝔽qican be solved in an expected time ofe𝒪(log (qi)2/3).

scholarly journals Operations of Points on Elliptic Curve in Affine Coordinates

2019 ◽  
Vol 27 (3) ◽  
pp. 315-320
Author(s):  
Yuichi Futa ◽  
Hiroyuki Okazaki ◽  
Yasunari Shidama
Keyword(s):  
Information Security ◽  
Elliptic Curve ◽  
Elliptic Curves ◽  
Elliptic Curve Cryptography ◽  
Binary Operation ◽  
Discrete Logarithm ◽  
Discrete Logarithm Problem

Summary In this article, we formalize in Mizar [1], [2] a binary operation of points on an elliptic curve over GF(p) in affine coordinates. We show that the operation is unital, complementable and commutative. Elliptic curve cryptography [3], whose security is based on a difficulty of discrete logarithm problem of elliptic curves, is important for information security.

scholarly journals Operations of Points on Elliptic Curve in Projective Coordinates

2012 ◽  
Vol 20 (1) ◽  
pp. 87-95
Author(s):  
Yuichi Futa ◽  
Hiroyuki Okazaki ◽  
Daichi Mizushima ◽  
Yasunari Shidama
Keyword(s):  
Information Security ◽  
Elliptic Curve ◽  
Elliptic Curves ◽  
Elliptic Curve Cryptography ◽  
Discrete Logarithm ◽  
Discrete Logarithm Problem ◽  
Binary Operations

Operations of Points on Elliptic Curve in Projective Coordinates In this article, we formalize operations of points on an elliptic curve over GF(p). Elliptic curve cryptography [7], whose security is based on a difficulty of discrete logarithm problem of elliptic curves, is important for information security. We prove that the two operations of points: compellProjCo and addellProjCo are unary and binary operations of a point over the elliptic curve.

scholarly journals The Equivalence between the DHP and DLP for Elliptic Curves Used in Practical Applications

2004 ◽  
Vol 7 ◽  
pp. 50-72 ◽  
Author(s):  
A. Muzereau ◽  
N. P. Smart ◽  
F. Vercauteren
Keyword(s):  
Elliptic Curve ◽  
Elliptic Curves ◽  
Discrete Logarithm ◽  
Discrete Logarithm Problem ◽  
Precise Estimate ◽  
Practical Applications ◽  
Diffie Hellman ◽  
Exact Security

AbstractIn this paper, the authors re-examine the reduction of Maurer and Wolf of the discrete logarithm problem to the Diffie-Hellman problem. They give a precise estimate for the number of operations required in the reduction, and then use this to estimate the exact security of the elliptic curve variant of the Diffie-Hellman protocol for various elliptic curves defined in standards.

Sign in / Sign up

Export Citation Format

Share Document