Elliptic curves in cryptography
Elliptic curves in cryptography
Software Implementation of the NIST Elliptic Curves Over Prime Fields
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Speeding Up Pollard's Rho Method for Computing Discrete Logarithms
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
A Practical Implementation of Elliptic Curve Cryptosystems over GF(p) on a 16-bit Microcomputer
PKC '98 Proceedings of the First International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
Hi-index | 0.00 |
This paper examines the cryptographic security of fixed versus random elliptic curves over the field GF(p). Its basic assumption is that a large precomputation to aid in breaking the elliptic curve discrete logarithm problem (ECDLP) can be made for a fixed curve. We take this into account when examining curve security as well as considering a variation of Pollard's rho method where computations from solutions of previous ECDLPs can be used to solve subsequent ECDLPs on the same curve. We present a lower bound on the expected time to solve such ECDLPs using this method, as well as an approximation of the expected time remaining to solve an ECDLP when a given size of precomputation is available. We conclude that adding 5 bits to the size of a fixed curve to avoid general software attacks and an extra 6 bits to avoid attacks on special moduli and a parameters provides an equivalent level of security.