Discrete logarithms in GF(P) using the number field sieve
SIAM Journal on Discrete Mathematics
A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves
Mathematics of Computation
Function field sieve method for discrete logarithms over finite fields
Information and Computation
Elliptic curves in cryptography
Elliptic curves in cryptography
The index calculus method using non-smooth polynomials
Mathematics of Computation
Efficient Algorithms for Pairing-Based Cryptosystems
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Use of Elliptic Curves in Cryptography
CRYPTO '85 Advances in Cryptology
A Subexponential Algorithm for Discrete Logarithms over All Finite Fields
CRYPTO '93 Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology
ANTS-I Proceedings of the First International Symposium on Algorithmic Number Theory
ANTS-V Proceedings of the 5th International Symposium on Algorithmic Number Theory
Comparing the MOV and FR reductions in elliptic curve cryptography
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems
IEEE Transactions on Information Theory
Polynomial approximation of bilinear Diffie--Hellman maps
Finite Fields and Their Applications
| Hi-index | 0.00 |
We review the construction of a generalization of the Weil pairing, which is nondegenerate and bilinear, and use it to construct a reduction from the discrete logarithm problem on elliptic curves to the discrete logarithm problem in finite fields. We show that the new pairing can be computed efficiently for curves with trace of Frobenius congruent to 2 modulo the order of the base point. This leads to an efficient reduction for this class of curves. The reduction is as simple to construct as that of Menezes et al. (IEEE Trans. Inform. Theory, 39, 1993), and is provably equivalent to that of Frey and Rück (Math. Comput. 62 (206) (1994) 865).