Abstract
The goal of this paper is to further study the index calculus method that was first introduced by Semaev for solving the ECDLP and later developed by Gaudry and Diem. In particular, we focus on the step which consists in decomposing points of the curve with respect to an appropriately chosen factor basis. This part can be nicely reformulated as a purely algebraic problem consisting in finding solutions to a multivariate polynomial f(x 1,…,x m ) = 0 such that x 1,…,x m all belong to some vector subspace of \(\mathbb{F}_{2^n}/\mathbb{F}_2\). Our main contribution is the identification of particular structures inherent to such polynomial systems and a dedicated method for tackling this problem. We solve it by means of Gröbner basis techniques and analyze its complexity using the multi-homogeneous structure of the equations. A direct consequence of our results is an index calculus algorithm solving ECDLP over any binary field \(\mathbb{F}_{2^n}\) in time O(2ωt) , with t ≈ n/2 (provided that a certain heuristic assumption holds). This has to be compared with Diem’s [14] index calculus based approach for solving ECDLP over \(\mathbb{F}_{q^n}\) which has complexity \(\mathrm{exp}\big({O(n\log(n)^{{1}/{2}})}\big)\) for q = 2 and n a prime (but this holds without any heuristic assumption). We emphasize that the complexity obtained here is very conservative in comparison to experimental results. We hope the new ideas provided here may lead to efficient index calculus based methods for solving ECDLP in theory and practice.
Chapter PDF
Similar content being viewed by others
References
Adleman, L.M.: A Subexponential Algorithm for the Discrete Logarithm Problem with Applications to Cryptography. In: Proceedings of the 20th Annual Symposium on Foundations of Computer Science, SFCS 1979, pp. 55–60. IEEE Computer Society, Washington, DC, USA (1979)
Adleman, L.M.: The Function Field Sieve. In: Huang, M.-D.A., Adleman, L.M. (eds.) ANTS 1994. LNCS, vol. 877, pp. 108–121. Springer, Heidelberg (1994)
Adleman, L.M., DeMarrais, J., Huang, M.: A Subexponential Algorithm for Discrete Logarithms over the Rational Subgroup of the Jacobians of Large Genus Hyperelliptic Curves over Finite Fields. In: Huang, M.-D.A., Adleman, L.M. (eds.) ANTS 1994. LNCS, vol. 877, pp. 28–40. Springer, Heidelberg (1994)
Adleman, L.M., Huang, M.: Function Field Sieve Method for Discrete Logarithms over Finite Fields. Inform. and Comput. 151(1-2), 5–16 (1999)
Bardet, M.: Étude des Systèmes Algébriques Surdéterminés. Applications aux codes Correcteurs et à la Cryptographie. PhD thesis, Université Paris VI (2004)
Bardet, M., Faugère, J.-C., Salvy, B.: Complexity of Gröbner Basis Computation for Semi-Regular Overdetermined Sequences over F 2 with Solutions in F 2. Technical Report 5049, INRIA (December 2003), http://www.inria.fr/rrrt/rr-5049.html
Bardet, M., Faugère, J.-C., Salvy, B., Yang, B.-Y.: Asymptotic Expansion of the Degree of Regularity for Semi-Regular Systems of Equations. In: Gianni, P. (ed.) The Effective Methods in Algebraic Geometry Conference, Mega 2005, pp. 1–14 (May 2005)
Bettale, L., Faugère, J.-C., Perret, L.: Hybrid Approach for Solving Multivariate Systems over Finite Fields. Journal of Math. Cryptology 3(3), 177–197 (2010)
Bettale, L., Faugère, J.-C., Perret, L.: Cryptanalysis of HFE, multi-HFE and Variants for Odd and Even Characteristic. Des. Codes Cryptography, 1–46 (2012)
Buchberger, B.: Ein Algorithmus zum Auffinden der Basiselemente des Restklassenringes nach einem nulldimensionalen Polynomideal. PhD thesis, Universität Innsbruck (1965)
Cohen, H., Frey, G. (eds.): Handbook of Elliptic and Hyperelliptic Curve Cryptography. Discrete Mathematics and its Applications. Chapman & Hall/CRC (2005)
Coppersmith, D.: Fast Evaluation of Logarithms in Fields of Characteristic Two. IEEE Transactions on Information Theory 30(4), 587–593 (1984)
Diem, C.: On the Discrete Logarithm Problem in Elliptic Curves. Compositio Mathematica 147, 75–104 (2011)
Diem, C.: On the Discrete Logarithm Problem in Elliptic Curves II. Presented at ECC 2011 (2011), http://www.math.uni-leipzig.de/diem/preprints/dlp-ell-curves-II.pdf
Enge, A., Gaudry, P.: A General Framework for Subexponential Discrete Logarithm Algorithms. Acta Arith. 102(1), 83–103 (2002)
Faugère, J.-C.: A New Efficient Algorithm for Computing Gröbner Basis (F4). Journal of Pure and Applied Algebra 139(1-3), 61–88 (1999)
Faugère, J.-C.: A New Efficient Algorithm for Computing Gröbner Bases without Reduction to Zero (F5). In: Proceedings of the 2002 International Symposium on Symbolic and Algebraic Computation, ISSAC 2002, pp. 75–83. ACM, New York (2002)
Faugère, J.-C., Joux, A.: Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 44–60. Springer, Heidelberg (2003)
Faugère, J.-C., Otmani, A., Perret, L., Tillich, J.-P.: Algebraic Cryptanalysis of McEliece Variants with Compact Keys. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 279–298. Springer, Heidelberg (2010)
Faugère, J.-C.: FGb: A Library for Computing Gröbner Bases. In: Fukuda, K., van der Hoeven, J., Joswig, M., Takayama, N. (eds.) ICMS 2010. LNCS, vol. 6327, pp. 84–87. Springer, Heidelberg (2010)
Faugère, J.-C., Levy-dit-Vehel, F., Perret, L.: Cryptanalysis of MinRank. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 280–296. Springer, Heidelberg (2008)
Faugère, J.-C., Perret, L., Petit, C., Renault, G.: New Subexponential Algorithms for Factoring in \(SL(2,\mathbb{F}_2^n)\). Preprint (2011)
Faugère, J.-C., Safey El Din, M., Spaenlehauer, P.-J.: Computing Loci of Rank Defects of Linear Matrices using Gröbner Bases and Applications to Cryptology. In: ISSAC 2010: Proceedings of the 2010 International Symposium on Symbolic and Algebraic Computation, ISSAC 2010, pp. 257–264. ACM, New York (2010)
Faugère, J.-C., Safey El Din, M., Spaenlehauer, P.-J.: Gröbner Bases of Bihomogeneous Ideals Generated by Polynomials of Bidegree (1,1): Algorithms and Complexity. Journal of Symbolic Computation 46(4), 406–437 (2011)
Faugère, J.-C., Rahmany, S.: Solving Systems of Polynomial Equations with Symmetries using SAGBI-Gröbner bases. In: ISSAC 2009: Proceedings of the 2009 International Symposium on Symbolic and Algebraic Computation, ISSAC 2009, pp. 151–158. ACM, New York (2009)
Gaudry, P., Thomé, E., Thériault, N., Diem, C.: A Double Large Prime Variation for Small Genus Hyperelliptic Index Calculus. Math. Comp. 76(257), 475–492 (electronic) (2007)
Gaudry, P.: An Algorithm for Solving the Discrete Log Problem on Hyperelliptic Curves. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 19–34. Springer, Heidelberg (2000)
Gaudry, P.: Index Calculus for Abelian Varieties of Small Simension and the Elliptic Curve Discrete Logarithm Problem. J. Symb. Comput. 44(12), 1690–1702 (2009)
Granboulan, L., Joux, A., Stern, J.: Inverting HFE Is Quasipolynomial. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 345–356. Springer, Heidelberg (2006)
Joux, A., Lercier, R.: The Function Field Sieve in the Medium Prime Case. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 254–270. Springer, Heidelberg (2006)
Kipnis, A., Shamir, A.: Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 19–30. Springer, Heidelberg (1999)
Koblitz, N.: Elliptic Curve Cryptosystems. Mathematics of Computation 48, 203–209 (1987)
Kraitchik, M.: Théorie des Nombres. Gauthier–Villards (1922)
Lazard, D.: Gröbner-Bases, Gaussian Elimination and Resolution of Systems of Algebraic Equations. In: van Hulzen, J.A. (ed.) EUROCAL 1983. LNCS, vol. 162, pp. 146–156. Springer, Heidelberg (1983)
Macaulay, F.S.: The Algebraic Theory of Modular Systems. Cambridge Mathematical Library, vol. xxxi. Cambridge University Press (1916)
Macaulay, F.S.: Some Properties of Enumeration in the Theory of Modular Systems. Proc. London Math. Soc. 26, 531–555 (1927)
Miller, V.S.: Use of Elliptic Curves in Cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)
Patarin, J.: Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996)
Rojas, J.M.: Solving Degenerate Sparse Polynomial Systems Faster. J. Symbolic Computation 28, 155–186 (1999)
Semaev, I.: Summation Polynomials and the Discrete Logarithm Problem on Elliptic Curves (2004), http://eprint.iacr.org/2004/031.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 International Association for Cryptologic Research
About this paper
Cite this paper
Faugère, JC., Perret, L., Petit, C., Renault, G. (2012). Improving the Complexity of Index Calculus Algorithms in Elliptic Curves over Binary Fields. In: Pointcheval, D., Johansson, T. (eds) Advances in Cryptology – EUROCRYPT 2012. EUROCRYPT 2012. Lecture Notes in Computer Science, vol 7237. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29011-4_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-29011-4_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29010-7
Online ISBN: 978-3-642-29011-4
eBook Packages: Computer ScienceComputer Science (R0)