Algebraic curves and cryptography

Finite Fields and their Applications

Volumn 11, Issue 3, 2005, Pages 544-577

  Galbraith, Steven ^a   Menezes, Alfred ^b  

^a UNIVERSITY OF LONDON   (United Kingdom)

^b UNIVERSITY OF WATERLOO   (Canada)

Author keywords

Discrete logarithm problem; Elliptic curves; Hyperelliptic curves; Public key cryptography

Indexed keywords

ALGEBRA; ALGORITHMS; COMPUTATION THEORY; COMPUTATIONAL METHODS; POLYNOMIALS; PROBLEM SOLVING; SET THEORY;

ALGEBRAIC CURVE CRYPTOGRAPHY; ALGEBRAIC CURVES; CURVE-BASED CRYPTOGRAPHY; DISCRETE LOGARITHM PROBLEM; ELLIPTIC CURVE; HYPERELLIPTIC CURVE;

PUBLIC KEY CRYPTOGRAPHY;

EID: 23044496791     PISSN: 10715797     EISSN: 10902465     Source Type: Journal    
DOI: 10.1016/j.ffa.2005.05.001     Document Type: Article

References (125)

1. L. Adleman J. DeMarrais A subexponential algorithm for discrete logarithms over all finite fields Math. Comput. 61 1993 1-15
2. T. Akishita, T. Takagi, On the optimal parameter choice for elliptic curve cryptosystems using isogeny, Public Key Cryptography-PKC 2004, Lecture Notes in Computer Science, vol. 2947, 2004, pp. 346-359.
3. ANSI X9.62, Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), American National Standards Institute, 1999.
4. ANSI X9.63, Public Key Cryptography for the Financial Services Industry: Key Agreement and Key Transport Using Elliptic Curve Cryptography, American National Standards Institute, 2001.
5. ab curves using modular curves, Algorithmic Number Theory: Fourth International Symposium, Lecture Notes in Computer Science, vol. 1838, 2000, pp. 113-126.
6. S. Arita, Weil descent of elliptic curves over finite fields of characteristic three, Advances in Cryptology-ASIACRYPT 2000, Lecture Notes in Computer Science, vol. 1976, 2000, pp. 248-259.
7. R. Avanzi, Aspects of hyperelliptic curves over large prime fields in software implementations, Cryptographic Hardware and Embedded Systems-CHES 2004, Lecture Notes in Computer Science, vol. 3156, 2004, pp. 148-162.
8. R. Avanzi H. Cohen C. Doche G. Frey T. Lange K. Nguyen F. Vercauteren Handbook of Elliptic and Hyperelliptic Curve Cryptography 2005 CRC Press Bora Raton, FL
9. R. Balasubramanian N. Koblitz The improbability that an elliptic curve has sub-exponential discrete log problem under the Menezes-Okamoto-Vanstone algorithm J. Cryptol. 11 1998 141-145
10. E. Barreiro, J. Sarlabous, J. Cherdieu, Efficient reduction on the jacobian variety of Picard curves, Coding Theory, Cryptography and Related Areas, Springer, Berlin, 2000, pp. 13-28.
11. P. Barreto, H. Kim, B. Lynn, M. Scott, Efficient implementation of pairing-based cryptosystems, Advances in Cryptology-CRYPTO 2002, Lecture Notes in Computer Science, vol. 2442, 2002, pp. 354-368.
12. P. Barreto, B. Lynn, M. Scott, Constructing elliptic curves with prescribed embedding degrees, Security in Communication Networks-SCN 2002, Lecture Notes in Computer Science, vol. 2576, 2003, pp. 257-267.
13. P. Barreto B. Lynn M. Scott Efficient implementation of pairing-based cryptosystems J. Cryptol. 17 2004 321-334
14. M. Bauer, S. Hamdy, On class group computations using the number field sieve, Advances in Cryptology-ASIACRYPT 2003, Lecture Notes in Computer Science, vol. 2894, 2003, pp. 311-325.
15. I. Blake G. Seroussi N. Smart Elliptic Curves in Cryptography 1999 Cambridge University Press Cambridge
16. I. Blake G. Seroussi N. Smart Advances in Elliptic Curve Cryptography 2005 Cambridge University Press Cambridge
17. B. den Boer, Diffie-Hellman is as strong as discrete log for certain primes, Advances in Cryptology-CRYPTO '88, Lecture Notes in Computer Science, vol. 403, 1996, pp. 530-539.
18. D. Boneh, X. Boyen, H. Shacham, Short group signatures, Advances in Cryptology-CRYPTO 2004, Lecture Notes in Computer Science, vol. 3152, 2004, pp. 41-55.
19. D. Boneh M. Franklin Identity-based encryption from the Weil pairing SIAM J. Comput. 32 2003 586-615
20. D. Boneh, R. Lipton, Algorithms for black-box fields and their application to cryptography, Advances in Cryptology-CRYPTO '96, Lecture Notes in Computer Science, vol. 109, 1996, pp. 283-297.
21. D. Boneh B. Lynn H. Shacham Short signatures from the Weil pairing J. Cryptol. 7 2004 297-319
22. D. Boneh A. Silverberg Applications of multilinear forms to cryptography Contemp. Math. 324 2003 71-90
23. F. Brezing, A. Weng, Elliptic curves suitable for pairing based cryptography, Designs, Codes Cryptogr., to appear.
24. E. Brier, M. Joye, Fast point multiplication on elliptic curves through isogenies, Applied Algebra, Algebraic Algorithms and Error-Correcting Codes: 15th International Symposium, AAECC-15, Lecture Notes in Computer Science, vol. 2643, 2003, pp. 43-50.
25. D. Cantor Computing in the jacobian of a hyperelliptic curve Math. Comput. 48 1987 95-101
26. D. Coppersmith Small solutions to polynomial equations, with low exponent RSA vulnerabilities J. Cryptol. 10 1997 233-260
27. M. Deuring Die Typen der Multiplikatorenringe elliptischer Funktionenkörper Abh. Math. Sem. Hansischen Univ. 14 1941 197-272
28. C. Diem The GHS attack in odd characteristic J. Ramanujan Math. Soc. 18 2003 1-32
29. C. Diem, On the discrete logarithm problem in elliptic curves over non-prime finite fields, presentation at ECC 2004, Bochum, Germany, 2004.
30. W. Diffie M. Hellman New directions in cryptography IEEE Trans. Inform. Theory 22 1976 644-654
31. R. Dupont A. Enge F. Morain Building curves with arbitrary small MOV degree over finite prime fields J. Cryptol. 18 2005 79-89
32. p - x + d, Advances in Cryptology-ASIACRYPT 2003, Lecture Notes in Computer Science, vol. 2894, 2003, pp. 111-123.
33. S. Edixhoven, Sur les couplages de Weil et de Tate, University of Rennes Seminar 15 February 2002. Available from http://www.math.univ-rennes1.fr/ crypto/seminaire0.html.
34. K. Eisenträger, K. Lauter, P. Montgomery, Improved Weil and Tate pairings for elliptic and hyperelliptic curves, Algorithmic Number Theory: 6th International Symposium, Lecture Notes in Computer Science, vol. 3076, 2004, pp. 169-183.
35. T. ElGamal A public key cryptosystem and a signature scheme based on discrete logarithms IEEE Trans. Inform. Theory 31 1985 469-472
36. A. Enge P. Gaudry A general framework for subexponential discrete logarithm algorithms Acta Arith. 102 2002 83-103
37. FIPS 186, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186, National Institute of Standards and Technology, 1994.
38. FIPS 186-2, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-2, National Institute of Standards and Technology, 2000.
39. S. Flon, R. Oyono, Fast arithmetic on jacobians of Picard curves, Public Key Cryptography-PKC 2004, Lecture Notes in Computer Science, vol. 2947, 2004, pp. 55-68.
40. M. Fouquet P. Gaudry R. Harley An extension of Satoh's algorithm and its implementation J. Ramanujan Math. Soc. 15 2000 281-318
41. G. Frey, Applications of arithmetical geometry to cryptographic constructions, Proceedings of the Fifth International Conference on Finite Fields and Applications, Springer, Berlin, 2001, pp. 128-161.
42. G. Frey H. Rück A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves Math. Comput. 62 1994 865-874
43. W. Fulton Algebraic Curves 1969 Benjamin New York
44. S. Galbraith Constructing isogenies between elliptic curves over finite fields LMS J. Comput. Math. 2 1999 118-138
45. S. Galbraith, Supersingular curves in cryptography, Advances in Cryptology-ASIACRYPT 2001, Lecture Notes in Computer Science, vol. 2248, 2001, pp. 495-513.
46. S. Galbraith Weil descent of Jacobians Discrete Appl. Math. 128 2003 165-180
47. S. Galbraith, Pairings, Chapter IX of [16], 2005.
48. S. Galbraith, K. Harrison, D. Soldera, Implementing the Tate pairing, Algorithmic Number Theory: 5th International Symposium, Lecture Notes in Computer Science, vol. 2369, 2002, pp. 324-337.
49. S. Galbraith, F. Hess, N. Smart, Extending the GHS Weil descent attack, Advances in Cryptology-EUROCRYPT 2002, Lecture Notes in Computer Science, vol. 2332, 2002, pp. 29-44.
50. S. Galbraith, J. McKee, P. Valença, Ordinary abelian varieties having small embedding degree Cryptology ePrint Archive: Report 2004/ 365, 2004. Available from http://eprint.iacr.org/2004/365/.
51. S. Galbraith S. Paulus N. Smart Arithmetic on superelliptic curves Math. Comput. 71 2002 393-405
52. S. Galbraith V. Rotger Easy decision Diffie-Hellman groups LMS J. Comput. Math. 7 2004 201-218
53. P. Gaudry, An algorithm for solving the discrete log problem in hyperelliptic curves, Advances in Cryptology-EUROCRYPT 2000, Lecture Notes in Computer Science, vol. 1807, 2000, pp. 19-34.
54. P. Gaudry, A comparison and a combination of SST and AGM algorithms for counting points of elliptic curve in characteristic 2, Advances in Cryptology-ASIACRYPT 2002, Lecture Notes in Computer Science, vol. 2501, 2002, pp. 311-327.
55. P. Gaudry, Index calculus for abelian varieties and the elliptic curve discrete logarithm problem, Cryptology ePrint Archive: Report 2004/073, 2004. Available from http://eprint.iacr.org/2004/073/.
56. P. Gaudry F. Hess N. Smart Constructive and destructive facets of Weil descent on elliptic curves J. Cryptol. 15 2002 19-46
57. P. Gaudry, É. Schost, Construction of secure random curves of genus 2 over prime fields, Advances in Cryptology-EUROCRYPT 2004, Lecture Notes in Computer Science, vol. 3027, 2004, pp. 239-256.
58. P. Gaudry, N. Thériault, E. Thomé, A double large prime variation for small genus hyperelliptic index calculus, Cryptology ePrint Archive: Report 2004/153, 2004. Available from http://eprint. iacr.org/2004/153/
59. D. Gordon Discrete logarithms in GF (p) using the number field sieve SIAM J. Discrete Math. 6 1993 124-138
60. D. Hankerson A. Menezes S. Vanstone Guide to Elliptic Curve Cryptography 2003 Springer Berlin
61. F. Hess Computing Riemann-Roch spaces in algebraic function fields and related topics J. Symbolic Comput. 33 2002 425-445
62. F. Hess Generalising the GHS attack on the elliptic curve discrete logarithm problem LMS J. Comput. Math. 7 2004 167-192
63. F. Hess, Weil descent attacks, Chapter VIII of [16], 2005.
64. M. Huang D. Ierardi Efficient algorithms for the Riemann-Roch problem and for addition in the jacobian of a curve J. Symbolic Comput. 18 1994 519-539
65. IEEE Std 1363-2000, IEEE Standard Specifications for Public-Key Cryptography, 2000.
66. ISO/IEC 15946, Information Technology-Security Techniques-Cryptography Techniques Based on Elliptic Curves, Part 1: General (2002), Part 2: Digital Signatures (2002), Part 3: Key Establishment (2002), Part 4: Digital Signatures Giving Message Recovery (2004).
67. T. Izu, J. Kogure, M. Noro, K. Yokoyama, Efficient implementation of Schoof's algorithm, Advances in Cryptology-ASIACRYPT '98, Lecture Notes in Computer Science, vol. 1514, 1998, pp. 66-79.
68. M. Jacobson N. Koblitz J. Silverman A. Stein E. Teske Analysis of the xedni calculus attack Designs, Codes Cryptogr. 20 2000 41-64
69. M. Jacobson A. Menezes A. Stein Solving elliptic curve discrete logarithm problems using Weil descent J. Ramanujan Math. Soc. 16 2001 231-260
70. D. Jao, S.D. Miller, R. Venkatesan, Ramanujan graphs and the random reducibility of discrete log on isogenous elliptic curves, Cryptology ePrint Archive: Report 2004/312, 2004. Available from http://eprint. iacr.org/2004/312/.
71. A. Joux, A one round protocol for tripartite Diffie-Hellman, Algorithmic Number Theory: Fourth International Symposium, Lecture Notes in Computer Science, vol. 1838, 2000, pp. 385-393.
72. A. Joux, R. Lercier, The function field sieve is quite special, Algorithmic Number Theory: 5th International Symposium, Lecture Notes in Computer Science, vol. 2369, 2002, pp. 431-445.
73. K. Kedlaya Counting points on hyperelliptic curves using Monsky-Washnitzer cohomology J. Ramanujan Math. Soc. 16 2001 323-338
74. N. Koblitz Elliptic curve cryptosystems Math. Comput. 48 1987 203-209
75. N. Koblitz Hyperelliptic cryptosystems J. Cryptol. 1 1989 139-150
76. N. Koblitz Algebraic Aspects of Cryptography 1998 Springer Berlin
77. T. Lange Formulae for arithmetic on genus 2 hyperelliptic curves Appl. Algebra Eng. Commun. Comput. 15 2005 295-328
78. A. Lenstra M. Manasse Factoring with two large primes Math. Comput. 63 1994 785-798
79. R. Lercier, F. Morain, Counting the number of points on elliptic curves over finite fields: Strategies and performances, Advances in Cryptology-EUROCRYPT '95, Lecture Notes in Computer Science, vol. 921, 1995, pp. 79-94.
80. R. Lidl H. Niederreiter Introduction to Finite Fields and their Applications 1994 Cambridge University Press Cambridge
81. M. Maurer A. Menezes E. Teske Analysis of the GHS Weil descent attack on the ECDLP over characteristic two finite fields of composite degree LMS J. Comput. Math. 5 2002 127-174
82. U. Maurer S. Wolf The relationship between breaking the Diffie-Hellman protocol and computing discrete logarithms SIAM J. Comput. 28 1999 1689-1731
83. A. Menezes T. Okamoto S. Vanstone Reducing elliptic curve logarithms to logarithms in a finite field IEEE Trans. Inform. Theory 39 1993 1639-1646
84. A. Menezes, M. Qu, Analysis of the Weil descent attack of Gaudry, Hess and Smart, Topics in Cryptology-CT-RSA 2001, Lecture Notes in Computer Science, vol. 2020, 2001, pp. 308-318.
85. A. Menezes, E. Teske, Cryptographic implications of Hess' generalized GHS attack, Appl. Algebra Eng. Commun. Comput., to appear.
86. A. Menezes, E. Teske, A. Weng, Weak fields for ECC, Topics in Cryptology-CT-RSA 2004, Lecture Notes in Computer Science, vol. 2964, 2004, pp. 366-386.
87. A. Menezes, Y. Wu, R. Zuccherato, An elementary introduction to hyperelliptic curves, appendix in [76], 1998, 155-178.
88. V. Miller, Uses of elliptic curves in cryptography, Advances in Cryptology-CRYPTO '85, Lecture Notes in Computer Science, vol. 218, 1986, pp. 417-426.
89. V. Miller The Weil pairing, and its efficient calculation J. Cryptol. 17 2004 235-261
90. A. Miyaji, M. Nakabayashi, S. Takano, New explicit conditions of elliptic curve traces for FR-reduction, IEICE-Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E84-A (2001), pp. 1234-1243.
91. D. Mumford, Tata Lectures on Theta II, Progress in Mathematics, vol. 43, Birkhäuser, Basel, 1984.
92. D. Naccache, J. Stern, Signing on a postcard, Financial Cryptography-FC 2000, Lecture Notes in Computer Science, vol. 1962, 2001, pp. 121-135.
93. V. Nechaev Complexity of a determinate algorithm for the discrete logarithm problem Math. Notes 55 1994 165-172
94. S. Paulus H.-G. Rück Real and imaginary quadratic representations of hyperelliptic function fields Math. Comput. 68 1999 1233-1241
95. J. Pelzl, T. Wollinger, J. Guajardo, C. Paar, Hyperelliptic curve cryptosystems: Closing the performance gap to elliptic curves, Cryptographic Hardware and Embedded Systems-CHES 2003, Lecture Notes in Computer Science, vol. 2779, 2003, pp. 351-365.
96. L. Pintsov, S. Vanstone, Postal revenue collection in the digital age, Financial Cryptography-FC 2000, Lecture Notes in Computer Science, vol. 1962, 2001, pp. 105-120.
97. S. Pohlig M. Hellman An improved algorithm for computing logarithms over GF (p) and its cryptographic significance IEEE Trans. Inform. Theory 24 1978 106-110
98. J. Pollard Monte Carlo methods for index computation mod p Math. Comput. 32 1978 918-924
99. K. Rubin, A. Silverberg, Supersingular abelian varieties in cryptology, Advances in Cryptology-CRYPTO 2002, Lecture Notes in Computer Science, vol. 2442, 2002, pp. 336-353.
100. H. Rück On the discrete logarithm in the divisor class group of curves Math. Comput. 68 1999 805-806
101. R. Sakai, K. Ohgishi, M. Kasahara, Cryptosystems based on pairings, Proceedings of the 2000 Symposium on Cryptography and Information Security, Okinawa, Japan, 2000.
102. T. Satoh The canonical lift of an ordinary elliptic curve over a prime field and its point counting J. Ramanujan Math. Soc. 15 2000 247-270
103. T. Satoh K. Araki Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves Comment. Math. Univ. Sancti Pauli 47 1998 81-92
104. C. Schnorr Efficient signature generation for smart cards J. Cryptol. 4 1991 161-174
105. R. Schoof Elliptic curves over finite fields and the computation of square roots mod p Math. Comput. 44 1985 483-494
106. R. Schoof Nonsingular plane cubic curves over finite fields J. Combin. Theory, A 46 1987 183-211
107. M. Scott, P. Barreto, Generating more MNT elliptic curves, Designs, Codes Cryptogr., to appear.
108. I. Semaev Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p Math. Comput. 67 1998 353-356
109. I. Semaev, Summation polynomial and the discrete logarithm problem on elliptic curves, Cryptology ePrint Archive: Report 2004/031, 2004. Available from http://eprint.iacr.org/2004/031/.
110. A. Shamir, Identity-based cryptosystems and signature schemes, Advances in Cryptology-Proceedings of CRYPTO 84, Lecture Notes in Computer Science, vol. 196, 1985, pp. 47-53.
111. V. Shoup, Lower bounds for discrete logarithms and related problems, Advances in Cryptology-EUROCRYPT '97, Lecture Notes in Computer Science, vol. 1233, 1997, pp. 256-266.
112. J. Silverman The Arithmetic of Elliptic Curves 1986 Springer Berlin
113. J. Silverman The xedni calculus and the elliptic curve discrete logarithm problem Designs, Codes Cryptogr. 20 2000 5-40
114. J. Silverman, J. Suzuki, Elliptic curve discrete logarithms and the index calculus, Advances in Cryptology-ASIACRYPT '98, Lecture Notes in Computer Science, vol. 1514, 1998, pp. 110-125.
115. N. Smart The discrete logarithm problem on elliptic curves of trace one J. Cryptol. 12 1999 193-196
116. N. Smart, An analysis of Goubin's refined power analysis attack, Cryptographic Hardware and Embedded Systems-CHES 2003, Lecture Notes in Computer Science, vol. 2779, 2003, pp. 281-290.
117. A. Stein Sharp upper bounds for arithmetics in hyperelliptic function fields J. Ramanujan Math. Soc. 16 2001 1-86
118. M. Stevens, T. Lange, Efficient doubling on genus two curves over binary fields, Selected Areas in Cryptography-SAC 2004, Lecture Notes in Computer Science, vol. 3357, 2005, pp. 170-181.
119. N. Thériault, Index calculus attack for hyperelliptic curves of small genus, Advances in Cryptology-ASIACRYPT 2003, Lecture Notes in Computer Science, vol. 2894, 2003, pp. 75-92.
120. N. Thériault Weil descent attack for Kummer extensions J. Ramanujan Math. Soc. 18 2003 281-312
121. F. Vercauteren, Computing zeta functions of hyperelliptic curves over finite fields of characteristic 2, Advances in Cryptology-CRYPTO 2002, Lecture Notes in Computer Science, vol. 2442, 2002, pp. 369-384.
122. E. Verheul Evidence that XTR is more secure than supersingular elliptic curve cryptosystems J. Cryptol. 17 2004 277-296
123. E. Volcheck, Computing in the jacobian of a plane algebraic curve, Algorithmic Number Theory, Lecture Notes in Computer Science, 1994, pp. 221-233.
124. L. Washington Elliptic Curves: Number Theory and Cryptography 2003 CRC Press Baco Raton, FL
125. A. Weng Constructing hyperelliptic curves of genus 2 suitable for cryptography Math. Comput. 72 2003 435-458