A Cryptographic Application of Weil Descent

@inproceedings{Galbraith1999ACA,
  title={A Cryptographic Application of Weil Descent},
  author={Steven D. Galbraith and Nigel P. Smart},
  booktitle={IMACC},
  year={1999}
}
This paper gives some details about howWeil descent can be used to solve the discrete logarithm problem on elliptic curves which are defined over finite fields of small characteristic. The original ideas were first introduced into cryptography by Frey. We discuss whether these ideas are a threat to existing public key systems based on elliptic curves. 
View via Publisher
hpl.hp.com
97 Citations
Highly Influential Citations
6
Background Citations
17
Methods Citations
24
Results Citations
1

97 Citations

Citation Type

Citation Type

Solving Elliptic Curve Discrete Logarithm Problems Using Weil Descent
We provide the first cryptographically interesting instance of the elliptic curve discrete logarithm problem which resists all previously known attacks, but which can be solved with modest computer
Advances in Elliptic Curve Cryptography: Weil Descent Attacks
  • F. Hess
  • Mathematics, Computer Science
  • 2005
TLDR
This chapter summarises the main aspects of the existing literature on Weil descent attacks and contains some new material on the GHS attack in even characteristic.
Weil Descent Of Jacobians
  • S. Galbraith
  • Mathematics, Computer Science
    Electron. Notes Discret. Math.
  • 2001
Weil Descent of Jacobians
  • S. Galbraith
  • Mathematics, Computer Science
    Discret. Appl. Math.
  • 2003
EVALUATION REPORT FOR CRYPTREC: SECURITY LEVEL OF CRYPTOGRAPHY – ECDLP MATHEMATICAL PROBLEM
TLDR
The elliptic curve discrete logarithm problem and the known methods to solve it are discussed and the implications of these methods for choosing the domain parameters in elliptic Curve based cryptographic schemes are considered.
How Secure Are Elliptic Curves over Composite Extension Fields?
  • N. Smart
  • Mathematics, Computer Science
    EUROCRYPT
  • 2001
TLDR
The method of Weil descent for solving the ECDLP is compared against the standard method of parallelised Pollard rho and it is shown that composite degree extensions of degree divisible by four should be avoided.
Limitations of constructive Weil descent
TLDR
Weil restriction of scalars can be used to construct curves suitable for cryptography whose Jacobian has known group order, but only a small proportion of the set of all curves can be constructed in this way.
Software Implementation of Elliptic Curve Cryptography over Binary Fields
This paper presents an extensive and careful study of the software implementation on workstations of the NIST-recommended elliptic curves over binary fields. We also present the results of our
Weil Descent of Elliptic Curves over Finite Fields of Characteristic Three
  • S. Arita
  • Mathematics, Computer Science
    ASIACRYPT
  • 2000
The paper shows that some of elliptic curves over finite fields of characteristic three of composite degree are attacked by a more effective algorithm than Pollard's ρ method. For such an elliptic
Weil descent attack for Kummer extensions
TLDR
The Weil descent attack of Gaudry, Hess and Smart can be adapted to work for some hyperelliptic curves defined over fields of odd characteristic, and it is shown that those are the only families of nonsingular curves defining Kummer extensions for which this method will work.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 25 REFERENCES
A subexponential algorithm for discrete logarithms over the rational subgroup of the jacobians of large genus hyperelliptic curves over finite fields
TLDR
This paper gives a heuristic argument that under certain assumptions, there exists a c e ℜ>0 such that for all sufficiently large g e Z>0, for all odd primes p with log p ≤ (2g + 1).
An Algorithm of Subexponential Type Computing the Class Group of Quadratic Orders over Principal Ideal Domains
We present an algorithm which computes the class group of a quadratic order over a principal ideal domain that fulfills some properties which are implicated by computational requirements. It is a
Analysis of the Xedni Calculus Attack
TLDR
The practicality of the xedni calculus attack on the elliptic curve discrete logarithm problem (ECDLP) is analyzed, finding that asymptotically the algorithm is virtually certain to fail, because of an absolute bound on the size of the coefficients of a relation satisfied by the lifted points.
Primality Testing and Abelian Varieties over Finite Fields
Acknowledgement.- Overview of the algorithm and the proof of the main theorem.- Reduction of main theorem to three propositions.- Proof of proposition 1.- Proof of proposition 2.- Proof of
Frobenius maps of Abelian varieties and finding roots of unity in finite fields
"If 'twere done when 'tis done, then 'twere well/ It were done quickly."-Macbeth. Abstract. We give a generalization to Abelian varieties over finite fields of the algorithm of Schoof for elliptic
Efficient Algorithms for the Riemann-Roch Problem and for Addition in the Jacobian of a Curve
TLDR
A factorization-free polynomial-time algorithm is produced which improves the complexity of Noether's algorithm for the effective Riemann-Roch problem by an order of magnitude and also present further improvements which yield an algorithm with complexity which is linear in the size of the given divisor.
Computing in the jacobian of a plane algebraic curve
TLDR
An algorithm which extends the classical method of adjoints due to Brill and Noether for carrying out the addition operation in the Jacobian variety of a plane algebraic curve defined over an algebraic number field K with arbitrary singularities is described and it is proved that the answers it produces are defined over K.
Counting Points on Curves over Finite Fields
We consider the problem of counting the number of points on a plane curve, defined by a homogeneous polynomialF(x,y,z) ?Fqx,y,z, which are rational over a ground field Fq. More precisely, we show
The Xedni Calculus and the Elliptic Curve Discrete Logarithm Problem
  • J. Silverman
  • Mathematics, Computer Science
    Des. Codes Cryptogr.
  • 2000
TLDR
A new algorithm, termed the Xedni Calculus, is given, which might be used to solve the ECDLP and is applicable to the classical discrete logarithm problem for $${\mathbb{F}}_p^*$$ and to the integer factorization problem.
A rigorous subexponential algorithm for computation of class groups
Let C(-d) denote the Gauss Class Group of quadratic forms of a negative discriminant -d (or equivalently, the class group of the imaginary quadratic field Q(A/=') ). We give a rigorous proof that
...
1
2
3
...