Extractors for binary elliptic curves
Designs, Codes and Cryptography
Algebraic curves and cryptography
Finite Fields and Their Applications
On efficient pairings on elliptic curves over extension fields
Pairing'12 Proceedings of the 5th international conference on Pairing-Based Cryptography
| Hi-index | 0.00 |
A finite field K is said to be weak for elliptic curve cryptography if all instances of the discrete logarithm problem for all elliptic curves over K can be solved in significantly less time than it takes Pollard's rho method to solve the hardest instances. By considering the GHS Weil descent attack, it was previously shown that characteristic two finite fields ** are weak. In this paper, we examine characteristic two finite fields ** for weakness under Hess' generalization of the GHS attack. We show that the fields ** are potentially partially weak in the sense that any instance of the discrete logarithm problem for half of all elliptic curves over **, namely those curves E for which ** is divisible by 4, can likely be solved in significantly less time than it takes Pollard's rho method to solve the hardest instances. We also show that the fields ** are partially weak, that the fields ** are potentially weak, and that the fields ** are potentially partially weak. Finally, we argue that the other fields ** where N is not divisible by 3, 5, 6, 7 or 8, are not weak under Hess' generalized GHS attack.