Parameterized splitting systems for the discrete logarithm

Authors:
Sungwook Kim;Jung Hee Cheon
Affiliations:
ISaC and the Department of Mathematical Sciences, Seoul National University, Seoul, Korea;ISaC and the Department of Mathematical Sciences, Seoul National University, Seoul, Korea
Venue:
IEEE Transactions on Information Theory
Year:
2010

Citing 11
Cited 0

Handbook of Applied Cryptography

Handbook of Applied Cryptography
Some baby-step giant-step algorithms for the low hamming weight discrete logarithm problem

Mathematics of Computation
Random small hamming weight products with applications to cryptography

Discrete Applied Mathematics - Special issue on the 2000 com2MaC workshop on cryptography
Analysis of Low Hamming Weight Products

Discrete Applied Mathematics
Lower bounds for discrete logarithms and related problems

EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Self-certified public keys

EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
A note on discrete logarithms with special structure

EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
Practical threshold signatures

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
A parameterized splitting system and its application to the discrete logarithm problem with low hamming weight product exponents

PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
Hard instances of the constrained discrete logarithm problem

ANTS'06 Proceedings of the 7th international conference on Algorithmic Number Theory
A new baby-step giant-step algorithm and some applications to cryptanalysis

CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems

Quantified Score

Hi-index	754.84

Visualization

Abstract

Hoffstein and Silverman suggested the use of low Hamming weight product (LHWP) exponents to accelerate group exponentiation while maintaining the security level. With LHWP exponents, the computation costs on GF(2n) or Koblitz elliptic curves can be reduced significantly, where the cost of squaring and elliptic curve doubling is much lower than that of multiplication and elliptic curve addition, respectively. In this paper, we present a parameterized splitting system with an additional property, which is a refinement version of the system introduced in PKC'08. We show that it yields an algorithm for the discrete logarithm problem (DLP) with LHWP exponents with lower complexity than that of any previously known algorithms. To demonstrate its application, we attack the GPS identification scheme modified by Coron, Lefranc, and Poupard in CHES'05 and the DLP with Hoffstein and Silverman's (2,2,11)-exponent. The time complexity of our key recovery attack against the GPS scheme is 261,82, which was expected to be 278. Hoffstein and Silverman's (2,2,11)-exponent can be recovered with a time complexity of 253.02, which is the lowest among the known attacks.