Cryptographic implications of Hess' generalized GHS attack

Autor:	Alfred Menezes, Edlyn Teske
Přispěvatelé:	Cryptology
Rok vydání:	2005
Předmět:	Discrete mathematics Algebra and Number Theory Generalization business.industry Applied Mathematics Cryptography Elliptic curve Finite field Discrete logarithm Counting points on elliptic curves Elliptic curve cryptography Schoof's algorithm business Mathematics
Zdroj:	Applicable Algebra in Engineering, Communication and Computing, 16, 439-460
ISSN:	1432-0622 0938-1279
DOI:	10.1007/s00200-005-0186-8
Popis:	A finite field K is said to be weak for elliptic curve cryptography if all instances of the discrete logarithm problem for all elliptic curves over K can be solved in significantly less time than it takes Pollard's rho method to solve the hardest instances. By considering the GHS Weil descent attack, it was previously shown that characteristic two finite fields ** are weak. In this paper, we examine characteristic two finite fields ** for weakness under Hess' generalization of the GHS attack. We show that the fields ** are potentially partially weak in the sense that any instance of the discrete logarithm problem for half of all elliptic curves over **, namely those curves E for which ** is divisible by 4, can likely be solved in significantly less time than it takes Pollard's rho method to solve the hardest instances. We also show that the fields ** are partially weak, that the fields ** are potentially weak, and that the fields ** are potentially partially weak. Finally, we argue that the other fields ** where N is not divisible by 3, 5, 6, 7 or 8, are not weak under Hess' generalized GHS attack.
Databáze:	OpenAIRE
Externí odkaz:	https://explore.openaire.eu/search/publication?articleId=doi_dedup___::3364389d3729f125ef3f28a497c46367 https://doi.org/10.1007/s00200-005-0186-8 Zobrazit plný text záznamu Full text from SpringerLink