An Elliptic Curve Trapdoor System

Authors:
Edlyn Teske
Affiliations:
Department of Combinatorics and Optimization, University of Waterloo, Waterloo, Ontario N2L 3G1, Canada
Venue:
Journal of Cryptology
Year:
2006

Citing 0
Cited 3

On the relations between non-interactive key distribution, identity-based encryption and trapdoor discrete log groups

Designs, Codes and Cryptography
Hidden pairings and trapdoor DDH groups

ANTS'06 Proceedings of the 7th international conference on Algorithmic Number Theory
Fast arithmetics in Artin-Schreier towers over finite fields

Journal of Symbolic Computation

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose an elliptic curve trapdoor system which is of interest in key escrow applications. In this system, a pair (Es, Epb) of elliptic curves over F2161 is constructed with the following properties: (i) the Gaudry-Hess-Smart Weil descent attack reduces the elliptic curve discrete logarithm problem (ECDLP) in Es(F2161) to a hyperelliptic curve DLP in the Jacobian of a curve of genus 7 or 8, which is computationally feasible, but by far not trivial; (ii) Es is isogenous to Es; (iii) the best attack on the ECDLP in Es(F2161) is the parallelized Pollard rho method. The curve Es is used just as usual in elliptic curve cryptosystems. The curve Es is submitted to a trusted authority for the purpose of key escrow. The crucial difference from other key escrow scenarios is that the trusted authority has to invest a considerable amount of computation to compromise a user's private key, which makes applications such as widespread wire-tapping impossible.