Faster Attacks on Elliptic Curve Cryptosystems

Authors:
Michael J. Wiener;Robert J. Zuccherato
Affiliations:
-;-
Venue:
SAC '98 Proceedings of the Selected Areas in Cryptography
Year:
1998

Citing 6
Cited 20

Use of elliptic curves in cryptography

Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p

Mathematics of Computation
CM-Curves with Good Cryptographic Properties

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
An Improved Algorithm for Arithmetic on a Family of Elliptic Curves

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
A Fast Software Implementation for Arithmetic Operations in GF(2n)

ASIACRYPT '96 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Fast Key Exchange with Elliptic Curve Systems

CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology

Elliptic Curve Cryptography on a Palm OS Device

ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
Speeding up the Arithmetic on Koblitz Curves of Genus Two

SAC '00 Proceedings of the 7th Annual International Workshop on Selected Areas in Cryptography
Random Walks Revisited: Extensions of Pollard's Rho Algorithm for Computing Multiple Discrete Logarithms

SAC '01 Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography
Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms

CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
PGP in constrained wireless devices

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Collision Search for Elliptic Curve Discrete Logarithm over GF(2m) with FPGA

CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Exponentiation in Pairing-Friendly Groups Using Homomorphisms

Pairing '08 Proceedings of the 2nd international conference on Pairing-Based Cryptography
Speeding Up the Pollard Rho Method on Prime Fields

ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Subset-Restricted Random Walks for Pollard rho Method on ${\mathbf{F}_{p^m}}$

Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
Endomorphisms for Faster Elliptic Curve Cryptography on a Large Class of Curves

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
On the correct use of the negation map in the Pollard rho method

PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Solving a 112-bit prime elliptic curve discrete logarithm problem on game consoles using sloppy reduction

International Journal of Applied Cryptography
Using equivalence classes to accelerate solving the discrete logarithm problem in a short interval

PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Computing elliptic curve discrete logarithms with the negation map

Information Sciences: an International Journal
Solving a 112-bit prime elliptic curve discrete logarithm problem on game consoles using sloppy reduction

International Journal of Applied Cryptography
Koblitz curve cryptosystems

Finite Fields and Their Applications
Improved Pollard rho method for computing discrete logarithms over finite extension fields

Journal of Computational and Applied Mathematics
Efficient java implementation of elliptic curve cryptography for J2ME-Enabled mobile devices

WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
On the strength comparison of the ECDLP and the IFP

SCN'12 Proceedings of the 8th international conference on Security and Cryptography for Networks
Speeding up elliptic curve discrete logarithm computations with point halving

Designs, Codes and Cryptography

Quantified Score

Hi-index	0.00

Visualization

Abstract

The previously best attack known on elliptic curve cryptosystems used in practice was the parallel collision search based on Pollard's ρ-method. The complexity of this attack is the square root of the prime order of the generating point used. For arbitrary curves, typically defined over GF(p) or GF(2m), the attack time can be reduced by a factor or √2, a small improvement. For subfield curves, those defined over GF(2ed) with coefficients defining the curve restricted to GF(2e), the attack time can be reduced by a factor of √2d. In particular for curves over GF(2m) with coefficients in GF(2), called anomalous binary curves or Koblitz curves, the attack time can be reduced by a factor of √2m. These curves have structure which allows faster cryptosystem computations. Unfortunately, this structure also helps the attacker. In an example, the time required to compute an elliptic curve logarithm on an anomalous binary curve over GF(2163) is reduced from 281 to 277 elliptic curve operations.