178 research outputs found
Computing Elliptic Curve Discrete Logarithms with Improved Baby-step Giant-step Algorithm
The negation map can be used to speed up the computation of elliptic curve discrete logarithms using either the baby-step giant-step algorithm (BSGS) or Pollard rho. Montgomery\u27s simultaneous modular inversion can also be used to speed up Pollard rho when running many walks in parallel. We generalize these ideas and exploit the fact that for any two elliptic curve points and , we can efficiently get when we compute . We apply these ideas to speed up the baby-step giant-step algorithm. Compared to the previous methods, the new methods can achieve a significant speedup for computing elliptic curve discrete logarithms in small groups or small intervals.
Another contribution of our paper is to give an analysis of the average-case running time of Bernstein and Lange\u27s ``grumpy giants and a baby\u27\u27 algorithm, and also to consider this algorithm in the case of groups with efficient inversion.
Our conclusion is that, in the fully-optimised context, both the interleaved BSGS and grumpy-giants algorithms have superior average-case running time compared with Pollard rho. Furthermore, for the discrete logarithm problem in an interval, the interleaved BSGS algorithm is considerably faster than the Pollard kangaroo or Gaudry-Schost methods
A Generic Approach to Searching for Jacobians
We consider the problem of finding cryptographically suitable Jacobians. By
applying a probabilistic generic algorithm to compute the zeta functions of low
genus curves drawn from an arbitrary family, we can search for Jacobians
containing a large subgroup of prime order. For a suitable distribution of
curves, the complexity is subexponential in genus 2, and O(N^{1/12}) in genus
3. We give examples of genus 2 and genus 3 hyperelliptic curves over prime
fields with group orders over 180 bits in size, improving previous results. Our
approach is particularly effective over low-degree extension fields, where in
genus 2 we find Jacobians over F_{p^2) and trace zero varieties over F_{p^3}
with near-prime orders up to 372 bits in size. For p = 2^{61}-1, the average
time to find a group with 244-bit near-prime order is under an hour on a PC.Comment: 22 pages, to appear in Mathematics of Computatio
Removable Weak Keys for Discrete Logarithm Based Cryptography
We describe a novel type of weak cryptographic private key that can exist in
any discrete logarithm based public-key cryptosystem set in a group of prime
order where has small divisors. Unlike the weak private keys based on
\textit{numerical size} (such as smaller private keys, or private keys lying in
an interval) that will \textit{always} exist in any DLP cryptosystems, our type
of weak private keys occurs purely due to parameter choice of , and hence,
can be removed with appropriate value of . Using the theory of implicit
group representations, we present algorithms that can determine whether a key
is weak, and if so, recover the private key from the corresponding public key.
We analyze several elliptic curves proposed in the literature and in various
standards, giving counts of the number of keys that can be broken with
relatively small amounts of computation. Our results show that many of these
curves, including some from standards, have a considerable number of such weak
private keys. We also use our methods to show that none of the 14 outstanding
Certicom Challenge problem instances are weak in our sense, up to a certain
weakness bound
Discrete logarithms in curves over finite fields
A survey on algorithms for computing discrete logarithms in Jacobians of
curves over finite fields
A usability study of elliptic curves
In the recent years, the need of information security has rapidly increased due to an enormous growth of data transmission. In this thesis, we study the uses of elliptic curves in the cryptography. We discuss the elliptic curves over finite fields, attempts to attack; discrete logarithm, Pollard’s rho algorithm, baby-step giant-step algorithm, Pohlig-Hellman algorithm, function field sieve, and number field sieve. The main cryptographic reason to use elliptic curves over finite fields is to provide arbitrarily large finite cyclic groups having a computationally difficult discrete logarithm problem
Groups from Cyclic Infrastructures and Pohlig-Hellman in Certain Infrastructures
In discrete logarithm based cryptography, a method by Pohlig and Hellman
allows solving the discrete logarithm problem efficiently if the group order is
known and has no large prime factors. The consequence is that such groups are
avoided. In the past, there have been proposals for cryptography based on
cyclic infrastructures. We will show that the Pohlig-Hellman method can be
adapted to certain cyclic infrastructures, which similarly implies that certain
infrastructures should not be used for cryptography. This generalizes a result
by M\"uller, Vanstone and Zuccherato for infrastructures obtained from
hyperelliptic function fields.
We recall the Pohlig-Hellman method, define the concept of a cyclic
infrastructure and briefly describe how to obtain such infrastructures from
certain function fields of unit rank one. Then, we describe how to obtain
cyclic groups from discrete cyclic infrastructures and how to apply the
Pohlig-Hellman method to compute absolute distances, which is in general a
computationally hard problem for cyclic infrastructures. Moreover, we give an
algorithm which allows to test whether an infrastructure satisfies certain
requirements needed for applying the Pohlig-Hellman method, and discuss whether
the Pohlig-Hellman method is applicable in infrastructures obtained from number
fields. Finally, we discuss how this influences cryptography based on cyclic
infrastructures.Comment: 14 page
Algorithms for Determining the Order of the Group of Points on an EllipticCurve with Application in Cryptography
Eliptické křivky jsou rovinné křivky, jejíž body vyhovují Weierstrassově rovnici. Jejich hlavní využití je v kryptografii, kde představují důležitý nástroj k tvorbě těžko rozluštitelných kódů bez znalosti klíče, který je v porovnání s ostatními šifrovacími systémy krátký. Díky těmto přednostem jsou hojně využívány. Abychom mohli kódovat a dekódovat zprávy v systému eliptických křivek, musíme znát řád dané eliptické křivky. K jeho získání se mimo jiné používá Shanksův algoritmus a jeho vylepšená varianta, Mestreho algoritmus.The elliptic curves are plane curves whose points satisfy the Weierstrass equation. Their main application is in the cryptography, where they represent an important device for creating code which is hard to break without knowing the key and which is short in comparison with other encoding methods. The elliptic curves are widely used thanks to these advantages. To be able to code and decode in the elliptic curve cryptography we must know the order of the given elliptic curve. The Shank's algorithm and its improved version, the Mestre's algorithm, are used for its determining.
Recent progress on the elliptic curve discrete logarithm problem
International audienceWe survey recent work on the elliptic curve discrete logarithm problem. In particular we review index calculus algorithms using summation polynomials, and claims about their complexity
- …