Abstract
In this paper we look in detail at the curves which arise in the method of Galbraith and Smart for producing curves in the Weil restriction of an elliptic curve over a finite field of characteristic 2 of composite degree. We explain how this method can be used to construct hyperelliptic cryptosystems which could be as secure as cryptosystems based on the original elliptic curve. On the other hand, we show that the same technique may provide a way of attacking the original elliptic curve cryptosystem using recent advances in the study of the discrete logarithm problem on hyperelliptic curves.
We examine the resulting higher genus curves in some detail and propose an additional check on elliptic curve systems defined over fields of characteristic 2 so as to make them immune from the methods in this paper.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
L. Adleman, J. De Marrais and M.-D. Huang. A subexponential algorithm for discrete logarithms over the rational subgroup of the Jacobians of large genus hyperelliptic curves over finite fields. In ANTS-1: Algorithmic Number Theory, L.M. Adleman and M-D. Huang, editors. LNCS 877, pp. 28–40. Springer-Verlag, Berlin, 1994.
E. Artin and J. Tate. Class Field Theory. Benjamin, New York, 1967.
I.F. Blake, G. Seroussi and N.P. Smart. Elliptic Curves in Cryptography. Cambridge University Press, Cambridge, 1999.
D.G. Cantor. Computing in the Jacobian of a hyperelliptic curve. Math. Comp., 48, 95–101, 1987.
C. Chevalley. Introduction to the Theory of Algebraic Functions of One Variable. Mathematical Surveys Number VI. American Mathematical Society, Providence, RI, 1951.
A. Enge and P. Gaudry. A general framework for the discrete logarithm index calculus. To appear in Acta Arith.
G. Frey. How to disguise an elliptic curve. Talk at Waterloo workshop on the ECDLP, 1998. http://cacr.math.uwaterloo.ca/conferences/1998/ecc98/slides.html.
G. Frey and H.-G. Rück. A remark concerning m-divisibility and the discrete logarithm problem in the divisor class group of curves. Math. Comp., 62, 865–874, 1994.
S.D. Galbraith and N.P. Smart. A cryptographic application of Weil descent. In Cryptography and Coding, 7th IMA Conference. LNCS 1746, pp. 191–200. Springer-Verlag, Berlin, 1999. The full version of the paper is HP Labs Technical Report HPL-1999-70.
P. Gaudry. An algorithm for solving the discrete logarithm problem on hyperelliptic curves. In Advanced in Cryptology — EUROCRYPT 2000. LNCS 1807, pp. 19–34. Springer-Verlag, Berlin, 2000.
F. Heß. Zur Divisorenklassengruppenberechnung in globalen Funktionenkörpern. Dissertation, TU Berlin, 1999.
R. Lidl and H. Niederreiter. Finite Fields. Addison-Wesley, Reading, MA, 1983.
V. Müller, A. Stein and C. Thiel. Computing discrete logarithms in real quadratic function fields of large genus. Math. Comp., 68, 807–822, 1999.
J. Neukirch. Algebraic Number Theory. Springer-Verlag, New York, 1999.
R. Schoof. Elliptic curves over finite fields and the computation of square roots mod p. Math. Comp., 44, 483–494, 1985.
J. H. Silverman. The Arithmetic of Elliptic Curves. GTM 106. Springer-Verlag, New York, 1986.
N.P. Smart. On the performance of hyperelliptic cryptosystems. In Advances in Cryptology, EUROCRYPT ’99. LNCS 1592, pp. 165–175. Springer-Verlag, Berlin, 1999.
H. Stichtenoth. Algebraic Function Fields and Codes. Springer-Verlag, New York, 1993.
Author information
Authors and Affiliations
Additional information
Communicated by Johannes Buchmann
Online publication 29 August 2001
Rights and permissions
About this article
Cite this article
Gaudry, P., Hess, F. & Smart, N.P. Constructive and destructive facets of Weil descent on elliptic curves. J. Cryptology 15, 19–46 (2002). https://doi.org/10.1007/s00145-001-0011-x
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-001-0011-x