Obstacles to the torsion-subgroup attack on the decision Diffie-Hellman Problem

@article{Koblitz2004ObstaclesTT,
  title={Obstacles to the torsion-subgroup attack on the decision Diffie-Hellman Problem},
  author={Neal Koblitz and Alfred Menezes},
  journal={Math. Comput.},
  year={2004},
  volume={73},
  pages={2027-2041}
}
Cheng and Uchiyama show that if one is given an elliptic curve, depending on a prime p, that is defined over a number field and has certain properties, then one can solve the Decision Diffie-Hellman Problem (DDHP) in Fp in polynomial time. We show that it is unlikely that an elliptic curve with the desired properties exists. 

Figures from this paper

A One Round Protocol for Tripartite Diffie–Hellman

  • A. Joux
  • Mathematics, Computer Science
    Journal of Cryptology
  • 2004
A three participants variation of the Diffie--Hellman protocol is proposed, based on the Weil and Tate pairings on elliptic curves, which were first used in cryptography as cryptanalytic tools for reducing the discrete logarithm problem on some elliptic curve to the discreteLogarithms problem in a finite field.

Small rational points on elliptic curves over number fields

Let E/k be an elliptic curve over a number field. We obtain some quantitative refinements of results of Hindry-Silverman, giving an upper bound for the number of k-rational torsion points, and a

Good and Bad Uses of Elliptic Curves in Cryptography

The construction of cryptosystems using elliptic curves is described, the Elliptic Curve Discrete Logarithm Problem is discussed, and the different types of elliptic curve that can be chosen for cryptographic applications are surveyed.

References

SHOWING 1-10 OF 36 REFERENCES

The Decision Diffie-Hellman Problem

  • D. Boneh
  • Mathematics, Computer Science
    ANTS
  • 1998
This paper surveys the recent applications of DDH as well as known results regarding its security, and describes some open problems in this area.

Nonuniform Polynomial Time Algorithm to Solve Decisional Diffie-Hellman Problem in Finite Fields under Conjecture

In this paper, we show that curves which are defined over a number field of small degree but have a large torsion group over the number field have considerable cryptographic significance. If those

A One Round Protocol for Tripartite Diffie-Hellman

  • A. Joux
  • Mathematics, Computer Science
    ANTS
  • 2000
A three participants variation of the Diffie-Hellman protocol is proposed, based on the Weil and Tate pairings on elliptic curves, which were first used in cryptography as cryptanalytic tools for reducing the discrete logarithm problem on some elliptic curve to the discreteLogarithms problem in a finite field.

A One Round Protocol for Tripartite Diffie–Hellman

  • A. Joux
  • Mathematics, Computer Science
    Journal of Cryptology
  • 2004
A three participants variation of the Diffie--Hellman protocol is proposed, based on the Weil and Tate pairings on elliptic curves, which were first used in cryptography as cryptanalytic tools for reducing the discrete logarithm problem on some elliptic curve to the discreteLogarithms problem in a finite field.

Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems

  • E. Verheul
  • Mathematics, Computer Science
    EUROCRYPT
  • 2001
We show that finding an efficiently computable injective homomorphism from the XTR subgroup into the group of points over GF(p2) of a particular type of supersingular elliptic curve is at least as

Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems

  • E. Verheul
  • Mathematics, Computer Science
    Journal of Cryptology
  • 2004
Abstract We show that finding an efficiently computable injective homomorphism from the XTR subgroup into the group of points over GF(p2) of a particular type of supersingular elliptic curve is at

Diffie-Hellman is as Strong as Discrete Log for Certain Primes

It is proven that both the discrete log problem and the Diffie-Hellman key exchange scheme are (probabilisticly) polynomial-time equivalent if the totient of P-l has only small prime factors with respect to a (fixed)Polynomial in 2logP.

Counting points of small height on elliptic curves

— Let k be a number field and let E be an elliptic curve defined over k. We prove a counting result which gives, among other things, the existence of a positive constant C, effectively computable in

Analysis of the Xedni Calculus Attack

The practicality of the xedni calculus attack on the elliptic curve discrete logarithm problem (ECDLP) is analyzed, finding that asymptotically the algorithm is virtually certain to fail, because of an absolute bound on the size of the coefficients of a relation satisfied by the lifted points.

A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack

A new public key cryptosystem is proposed and analyzed. The scheme is quite practical, and is provably secure against adaptive chosen ciphertext attack under standard intractability assumptions.