Abstract
In 2008 and 2009, Gaudry and Diem proposed an index calculus method for the resolution of the discrete logarithm on the group of points of an elliptic curve defined over a small degree extension field \(\mathbb{F}_{q^{n}}\). In this paper, we study a variation of this index calculus method, improving the overall asymptotic complexity when \(n = \varOmega(\sqrt [3]{\log_{2} q})\). In particular, we are able to successfully obtain relations on \(E(\mathbb{F}_{q^{5}})\), whereas the more expensive computational complexity of Gaudry and Diem’s initial algorithm makes it impractical in this case. An important ingredient of this result is a variation of Faugère’s Gröbner basis algorithm F4, which significantly speeds up the relation computation. We show how this index calculus also applies to oracle-assisted resolutions of the static Diffie–Hellman problem on these elliptic curves.
Article PDF
Similar content being viewed by others
References
M. Bardet, Étude des systèmes algébriques surdéterminés. Applications aux codes correcteurs et à la cryptographie. PhD thesis, Université Pierre et Marie Curie, Paris VI, 2004
M. Bardet, J.-C. Faugère, B. Salvy, B.-Y. Yang, Asymptotic behaviour of the degree of regularity of semi-regular polynomial systems. Presented at MEGA’05, Eighth International Symposium on Effective Methods in Algebraic Geometry, 2005
E. Becker, M.G. Marinari, T. Mora, C. Traverso, The shape of the shape lemma, in Proceedings of ISSAC’94, Oxford, 1994 (ACM, New York, 1994), pp. 129–133
L. Bettale, J.-C. Faugère, L. Perret, Hybrid approach for solving multivariate systems over finite fields. J. Math. Cryptol. 3(3), 177–197 (2010)
W. Bosma, J. Cannon, C. Playoust, The Magma algebra system. I. The user language. J. Symb. Comput. 24(3–4), 235–265 (1997). Computational algebra and number theory (London, 1993)
D.R.L. Brown, R.P. Gallant, The static Diffie–Hellman problem. Cryptology ePrint Archive, Report 2004/306, 2004
B. Buchberger, Gröbner bases: an algorithmic method in polynomial ideal theory, in Multidimensional Systems Theory, Progress, Directions and Open Problems, ed. by N. Bose. Math. Appl., vol. 16 (Reidel, Dordrecht, 1985), pp. 184–232
H. Cohen, G. Frey, R. Avanzi, C. Doche, T. Lange, K. Nguyen, F. Vercauteren (eds.), Handbook of Elliptic and Hyperelliptic Curve Cryptography. Discrete Mathematics and Its Applications (Chapman & Hall/CRC, Boca Raton, 2006)
A. Colin, Solving a system of algebraic equations with symmetries. J. Pure Appl. Algebra 117/118, 195–215 (1997)
D. Cox, J. Little, D. O’Shea, Ideals, Varieties, and Algorithms, 3rd edn. Undergraduate Texts in Mathematics (Springer, New York, 2007)
C. Diem, On the discrete logarithm problem in elliptic curves. Compos. Math. 147(1), 75–104 (2011)
W. Diffie, M.E. Hellman, New directions in cryptography. IEEE Trans. Inf. Theory IT-22(6), 644–654 (1976)
C. Eder, J. Perry, F5C: a variant of Faugère’s F5 algorithm with reduced Gröbner bases. J. Symb. Comput. 45(12), 1442–1458 (2010)
T. ElGamal, A public key cryptosystem and a signature scheme based on discrete logarithms, in Advances in Cryptology—CRYPTO 1984. Lecture Notes in Comput. Sci., vol. 196 (Springer, Berlin, 1985), pp. 10–18
J.-C. Faugère, A new efficient algorithm for computing Gröbner bases (F4). J. Pure Appl. Algebra 139(1-3), 61–88 (1999)
J.-C. Faugère, A new efficient algorithm for computing Gröbner bases without reduction to zero (F5), in Proceedings of ISSAC’02 (ACM, New York, 2002), pp. 75–83
J.-C. Faugère, L. Perret, Algebraic cryptanalysis of Curry and Flurry using correlated messages, in Inscrypt 2009, ed. by M. Yung, F. Bao, vol. 6151 (Springer, Berlin, 2010), pp. 266–277
J.-C. Faugère, P. Gianni, D. Lazard, T. Mora, Efficient computation of zero-dimensional Gröbner bases by change of ordering. J. Symb. Comput. 16(4), 329–344 (1993)
G. Frey, H.-G. Rück, A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Math. Comput. 62(206), 865–874 (1994)
P. Gaudry, Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem. J. Symb. Comput. 44(12), 1690–1702 (2008)
P. Gaudry, F. Hess, N.P. Smart, Constructive and destructive facets of Weil descent on elliptic curves. J. Cryptol. 15(1), 19–46 (2002)
P. Gaudry, E. Thomé, N. Thériault, C. Diem, A double large prime variation for small genus hyperelliptic index calculus. Math. Comput. 76, 475–492 (2007)
R. Gebauer, H.M. Möller, On an installation of Buchberger’s algorithm. J. Symb. Comput. 6(2–3), 275–286 (1988)
R. Granger, On the static Diffie–Hellman problem on elliptic curves over extension fields, in Advances in Cryptology—ASIACRYPT 2010. Lecture Notes in Comput. Sci., vol. 6477 (2010), pp. 283–302
R. Granger, A. Joux, V. Vitse, New timings for oracle-assisted SDHP on the IPSEC Oakley ‘Well Known Group’ 3 curve. Announcement on the NBRTHRY mailing list, July 2010. http://listserv.nodak.edu/archives/nmbrthry.html
F. Hess, Weil descent attacks, in Advances in Elliptic Curve Cryptography. London Math. Soc. Lecture Note Ser., vol. 317 (Cambridge Univ. Press, Cambridge, 2005), pp. 151–180
A. Joux, V. Vitse, A variant of the F4 algorithm, in Topics in Cryptology—CT-RSA 2011, ed. by A. Kiayias. Lecture Notes in Comput. Sci., vol. 6558 (Springer, Berlin, 2011), pp. 356–375
A. Joux, R. Lercier, D. Naccache, E. Thomé, Oracle assisted static Diffie–Hellman is easier than discrete logarithms, in IMA Int. Conf, ed. by M.G. Parker. Lecture Notes in Comput. Sci., vol. 5921 (Springer, Berlin, 2009), pp. 351–367
N. Koblitz, Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)
N. Koblitz, A. Menezes, Another look at non-standard discrete log and Diffie–Hellman problems. J. Math. Cryptol. 2(4), 311–326 (2008)
D. Lazard, Gröbner bases, Gaussian elimination and resolution of systems of algebraic equations, in Computer Algebra, London, 1983. Lecture Notes in Comput. Sci., vol. 162 (Springer, Berlin, 1983), pp. 146–156
A.J. Menezes, T. Okamoto, S.A. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Inf. Theory 39(5), 1639–1646 (1993)
V.S. Miller, Use of elliptic curves in cryptography, in Advances in Cryptology—CRYPTO 1985. Lecture Notes in Comput. Sci., vol. 218 (Springer, Berlin, 1986), pp. 417–426
V.S. Miller, The Weil pairing, and its efficient calculation. J. Cryptol. 17(4), 235–261 (2004)
S. Pohlig, M. Hellman, An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Trans. Inf. Theory IT-24, 106–110 (1978)
J.M. Pollard, Monte Carlo methods for index computation (modp). Math. Comput. 32(143), 918–924 (1978)
J.M. Pollard, Kangaroos, monopoly and discrete logarithms. J. Cryptol. 13(4), 437–447 (2000)
T. Satoh, K. Araki, Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves. Comment. Math. Univ. St. Pauli 47(1), 81–92 (1998)
I.A. Semaev, Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p. Math. Comput. 67(221), 353–356 (1998)
I.A. Semaev, Summation polynomials and the discrete logarithm problem on elliptic curves. Cryptology ePrint Archive, Report 2004/031, 2004
D. Shanks, Class number, a theory of factorization, and genera, in 1969 Number Theory Institute (Proc. Sympos. Pure Math., Vol. XX, State Univ. New York, Stony Brook, N.Y., 1969) (Amer. Math. Soc., Providence, 1971), pp. 415–440
J.H. Silverman, The Arithmetic of Elliptic Curves. Graduate Texts in Mathematics, vol. 106 (Springer, New York, 1986)
N.P. Smart, The discrete logarithm problem on elliptic curves of trace one. J. Cryptol. 12(3), 193–196 (1999)
N. Thériault, Index calculus attack for hyperelliptic curves of small genus, in Advances in Cryptology—ASIACRYPT 2003, ed. by Heidelberg. Lecture Notes in Comput. Sci., vol. 2894 (Springer, Berlin, 2003), pp. 75–92
N.M. Thiéry, Computing minimal generating sets of invariant rings of permutation groups with SAGBI-Gröbner basis, in DM-CCG 2001, ed. by R. Cori, J. Mazoyer, M. Morvan, R. Mosseri. DMTCS Proceedings, vol. AA (2001), pp. 315–328
J. von zur Gathen, J. Gerhard, Modern Computer Algebra, 2nd edn. (Cambridge University Press, Cambridge, 2003)
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Nigel P. Smart
Rights and permissions
About this article
Cite this article
Joux, A., Vitse, V. Elliptic Curve Discrete Logarithm Problem over Small Degree Extension Fields. J Cryptol 26, 119–143 (2013). https://doi.org/10.1007/s00145-011-9116-z
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-011-9116-z