Function field sieve method for discrete logarithms over finite fields
Information and Computation
The Calculation of Multivariate Polynomial Resultants
Journal of the ACM (JACM)
The Security of Hidden Field Equations (HFE)
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Gröbner-Bases, Gaussian elimination and resolution of systems of algebraic equations
EUROCAL '83 Proceedings of the European Computer Algebra Conference on Computer Algebra
Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
ANTS-I Proceedings of the First International Symposium on Algorithmic Number Theory
ANTS-I Proceedings of the First International Symposium on Algorithmic Number Theory
A new efficient algorithm for computing Gröbner bases without reduction to zero (F5)
Proceedings of the 2002 international symposium on Symbolic and algebraic computation
A subexponential algorithm for the discrete logarithm problem with applications to cryptography
SFCS '79 Proceedings of the 20th Annual Symposium on Foundations of Computer Science
Journal of Symbolic Computation
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
An algorithm for solving the discrete log problem on hyperelliptic curves
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Efficient algorithms for solving overdefined systems of multivariate polynomial equations
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Computing loci of rank defects of linear matrices using Gröbner bases and applications to cryptology
Proceedings of the 2010 International Symposium on Symbolic and Algebraic Computation
Journal of Symbolic Computation
Cryptanalysis of multivariate and odd-characteristic HFE variants
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Inverting HFE systems is quasi-polynomial for all fields
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Algebraic cryptanalysis of mceliece variants with compact keys
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Inverting HFE is quasipolynomial
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Polynomial equivalence problems: algorithmic and theoretical aspects
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
The function field sieve in the medium prime case
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Improving the complexity of index calculus algorithms in elliptic curves over binary fields
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Fast evaluation of logarithms in fields of characteristic two
IEEE Transactions on Information Theory
Succinct non-interactive arguments via linear interactive proofs
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
Elligator: elliptic-curve points indistinguishable from uniform random strings
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
| Hi-index | 0.00 |
In the last two decades, many computational problems arising in cryptography have been successfully reduced to various systems of polynomial equations. In this paper, we revisit a class of polynomial systems introduced by Faugère, Perret, Petit and Renault. Based on new experimental results and heuristic evidence, we conjecture that their degrees of regularity are only slightly larger than the original degrees of the equations, resulting in a very low complexity compared to generic systems. We then revisit the application of these systems to the elliptic curve discrete logarithm problem (ECDLP) for binary curves. Our heuristic analysis suggests that an index calculus variant due to Diem requires a subexponential number of bit operations $(O2^{c\,n^{2/3}\log n})$ over the binary field ${\mathbb F}{2^n}$, where c is a constant smaller than 2. According to our estimations, generic discrete logarithm methods are outperformed for any nN where N≈2000, but elliptic curves of currently recommended key sizes (n≈160) are not immediately threatened. The analysis can be easily generalized to other extension fields.