The security of fixed versus random elliptic curves in cryptography

  • Authors:

  • Yvonne Hitchcock;Paul Montague;Gary Carter;Ed Dawson

  • Affiliations:

  • Information Security Research Centre, Queensland University of Technology, Brisbane, Australia;Motorola Australia Software Centre, Mawson Lakes, SA, Australia;School of Mathematics, Queensland University of Technology, Brisbane, Australia;Information Security Research Centre, Queensland University of Technology, Brisbane, Australia

  • Venue:
  • ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
  • Year:
  • 2003

Quantified Score

Hi-index 0.00

Visualization

Abstract

This paper examines the cryptographic security of fixed versus random elliptic curves over the field GF(p). Its basic assumption is that a large precomputation to aid in breaking the elliptic curve discrete logarithm problem (ECDLP) can be made for a fixed curve. We take this into account when examining curve security as well as considering a variation of Pollard's rho method where computations from solutions of previous ECDLPs can be used to solve subsequent ECDLPs on the same curve. We present a lower bound on the expected time to solve such ECDLPs using this method, as well as an approximation of the expected time remaining to solve an ECDLP when a given size of precomputation is available. We conclude that adding 5 bits to the size of a fixed curve to avoid general software attacks and an extra 6 bits to avoid attacks on special moduli and a parameters provides an equivalent level of security.