Analysis of the GHS Weil Descent Attack on the ECDLP over Characteristic Two Finite Fields of Composite Degree

Markus Maurer; Alfred Menezes; Edlyn Teske

doi:10.1112/S1461157000000723

Abstract

Core share and HTML view are not available for this content. However, as you have access to this content, a full PDF is available via the ‘Save PDF’ action button.

In this paper, the authors analyze the Gaudry-Hess-Smart (GHS) Weil descent attack on the elliptic curve discrete logarithm problem (ECDLP) for elliptic curves defined over characteristic two finite fields of composite extension degree. For each such field F2N, where N is in [100,600], elliptic curve parameters are identified such that: (i) there should exist a cryptographically interesting elliptic curve E over F2N with these parameters; and (ii) the GHS attack is more efficient for solving the ECDLP in E(F2N) than for solving the ECDLP on any other cryptographically interesting elliptic curve over F2N. The feasibility of the GHS attack on the specific elliptic curves is examined over F2176, F2208, F2272, F2304 and F2368, which are provided as examples in the ANSI X9.62 standard for the elliptic curve signature scheme ECDSA. Finally, several concrete instances are provided of the ECDLP over F2N, N composite, of increasing difficulty; these resist all previously known attacks, but are within reach of the GHS attack.

Crossref Citations

This article has been cited by the following publications. This list is generated based on data provided by Crossref.

Menezes, Alfred Teske, Edlyn and Weng, Annegret 2004. Topics in Cryptology – CT-RSA 2004. Vol. 2964, Issue. , p. 366.

Koblitz, Neal and Menezes, Alfred J. 2004. A Survey of Public-Key Cryptosystems. SIAM Review, Vol. 46, Issue. 4, p. 599.

Reyhani-Masoleh, A. and Hasan, M.A. 2005. Low complexity word-level sequential normal basis multipliers. IEEE Transactions on Computers, Vol. 54, Issue. 2, p. 98.

Galbraith, Steven and Menezes, Alfred 2005. Algebraic curves and cryptography. Finite Fields and Their Applications, Vol. 11, Issue. 3, p. 544.

Dahab, R. Hankerson, D. Hu, F. Long, M. Lopez, J. and Menezes, A. 2006. Software multiplication using Gaussian normal bases. IEEE Transactions on Computers, Vol. 55, Issue. 8, p. 974.

Menezes, Alfred and Teske, Edlyn 2006. Cryptographic implications of Hess' generalized GHS attack. Applicable Algebra in Engineering, Communication and Computing, Vol. 16, Issue. 6, p. 439.

Farashahi, Reza Rezaeian Pellikaan, Ruud and Sidorenko, Andrey 2008. Extractors for binary elliptic curves. Designs, Codes and Cryptography, Vol. 49, Issue. 1-3, p. 171.

Batina, Lejla Guajardo, Jorge Preneel, Bart Tuyls, Pim and Verbauwhede, Ingrid 2008. RFID Security. p. 317.

Gaudry, Pierrick 2009. Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem. Journal of Symbolic Computation, Vol. 44, Issue. 12, p. 1690.

Hankerson, Darrel Karabina, Koray and Menezes, Alfred 2009. Analyzing the Galbraith-Lin-Scott Point Multiplication Method for Elliptic Curves over Binary Fields. IEEE Transactions on Computers, Vol. 58, Issue. 10, p. 1411.

Karabina, Koray Menezes, Alfred Pomerance, Carl and Shparlinski, Igor E. 2010. On the asymptotic effectiveness of Weil descent attacks. Journal of Mathematical Cryptology, Vol. 4, Issue. 2,

Hankerson, Darrel and Menezes, Alfred 2011. Encyclopedia of Cryptography and Security. p. 397.

Dominguez-Oviedo, Agustin Hasan, M. Anwar and Ansari, Bijan 2011. Fault-Based Attack on Montgomery’s Ladder Algorithm. Journal of Cryptology, Vol. 24, Issue. 2, p. 346.

Kumar, D. Sravana Suneetha, C. H. and Sirisha, P. 2019. Emerging Research in Computing, Information, Communication and Applications. Vol. 906, Issue. , p. 199.

Hankerson, Darrel and Menezes, Alfred 2021. Encyclopedia of Cryptography, Security and Privacy. p. 1.

Article contents

Analysis of the GHS Weil Descent Attack on the ECDLP over Characteristic Two Finite Fields of Composite Degree

Abstract

Save article to Kindle

Save article to Dropbox

Save article to Google Drive

Reply to: Submit a response

Your details

You have entered the maximum number of contributors

Conflicting interests