Cover and decomposition index calculus on elliptic curves made practical: application to a previously unreachable curve over Fp6

Authors:
Antoine Joux;Vanessa Vitse
Affiliations:
Laboratoire PRISM, DGA and Université de Versailles Saint-Quentin, Versailles Cedex, France;Laboratoire PRISM, Université de Versailles Saint-Quentin, Versailles Cedex, France
Venue:
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Year:
2012

Citing 13
Cited 1

Use of elliptic curves in cryptography

Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Computation of discrete logarithms in prime fields

Designs, Codes and Cryptography
The MAGMA algebra system I: the user language

Journal of Symbolic Computation - Special issue on computational algebra and number theory: proceedings of the first MAGMA conference
Extending the GHS Weil Descent Attack

EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
The function field sieve

ANTS-I Proceedings of the First International Symposium on Algorithmic Number Theory
A subexponential algorithm for discrete logarithms over the rational subgroup of the jacobians of large genus hyperelliptic curves over finite fields

ANTS-I Proceedings of the First International Symposium on Algorithmic Number Theory
Advances in Elliptic Curve Cryptography (London Mathematical Society Lecture Note Series)

Advances in Elliptic Curve Cryptography (London Mathematical Society Lecture Note Series)
A Weil Descent Attack against Elliptic Curve Cryptosystems over Quartic Extension Fields

IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem

Journal of Symbolic Computation
Lower bounds for discrete logarithms and related problems

EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
An algorithm for solving the discrete log problem on hyperelliptic curves

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
A variant of the F4 algorithm

CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
An index calculus algorithm for plane curves of small degree

ANTS'06 Proceedings of the 7th international conference on Algorithmic Number Theory

On polynomial systems arising from a weil descent

ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present a new "cover and decomposition" attack on the elliptic curve discrete logarithm problem, that combines Weil descent and decomposition-based index calculus into a single discrete logarithm algorithm. This attack applies, at least theoretically, to all composite degree extension fields, and is particularly well-suited for curves defined over Fp6. We give a real-size example of discrete logarithm computations on a curve over a 151-bit degree 6 extension field, which would not have been practically attackable using previously known algorithms.