Extending the GHS Weil Descent Attack

Authors:
Steven D. Galbraith;Florian Hess;Nigel P. Smart
Affiliations:
-;-;-
Venue:
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Year:
2002

Citing 4
Cited 14

A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves

Mathematics of Computation
A course in computational algebraic number theory

A course in computational algebraic number theory
Elliptic curves in cryptography

Elliptic curves in cryptography
Computing l-Isogenies Using the p-Torsion

ANTS-II Proceedings of the Second International Symposium on Algorithmic Number Theory

Supersingular Abelian Varieties in Cryptology

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Hardware architectures for public key cryptography

Integration, the VLSI Journal
Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults

Designs, Codes and Cryptography
Extractors for binary elliptic curves

Designs, Codes and Cryptography
Bits Security of the Elliptic Curve Diffie---Hellman Secret Keys

CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Applications to cryptography of twisting commutative algebraic groups

Discrete Applied Mathematics
On the relations between non-interactive key distribution, identity-based encryption and trapdoor discrete log groups

Designs, Codes and Cryptography
The GHS attack revisited

EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Do all elliptic curves of the same order have the same difficulty of discrete log?

ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
A low-memory algorithm for finding short product representations in finite groups

Designs, Codes and Cryptography
Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies

PQCrypto'11 Proceedings of the 4th international conference on Post-Quantum Cryptography
Cover and decomposition index calculus on elliptic curves made practical: application to a previously unreachable curve over Fp6

EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Algebraic curves and cryptography

Finite Fields and Their Applications
On efficient pairings on elliptic curves over extension fields

Pairing'12 Proceedings of the 5th international conference on Pairing-Based Cryptography

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper we extend the Weil descent attack due to Gaudry, Hess and Smart (GHS) to a much larger class of elliptic curves. This extended attack applies to fields of composite degree over F2. The principle behind the extended attack is to use isogenies to find an elliptic curve for which the GHS attack is effective. The discrete logarithm problem on the target curve can be transformed into a discrete logarithm problem on the isogenous curve.A further contribution of the paper is to give an improvement to an algorithm of Galbraith for constructing isogenies between elliptic curves, and this is of independent interest in elliptic curve cryptography. We show that a larger proportion than previously thought of elliptic curves over F2155 should be considered weak.