Abstract
In this paper we extend the Weil descent attack due to Gaudry, Hess and Smart (GHS) to a much larger class of elliptic curves. This extended attack applies to fields of composite degree over $\F_2$. The principle behind the extended attack is to use isogenies to find an elliptic curve for which the GHS attack is effective. The discrete logarithm problem on the target curve can be transformed into a discrete logarithm problem on the isogenous curve. A further contribution of the paper is to give an improvement to an algorithm of Galbraith for constructing isogenies between elliptic curves, and this is of independent interest in elliptic curve cryptography. We show that a larger proportion than previously thought of elliptic curves over $\F_2^155$ should be considered weak.
Translated title of the contribution | Extending the GHS Weil descent attack |
---|---|
Original language | English |
Title of host publication | Advances in Cryptology - EUROCRYPT 2002 |
Publisher | Springer Berlin Heidelberg |
Pages | 29 - 44 |
Number of pages | 16 |
Volume | 2332 |
Publication status | Published - May 2002 |
Bibliographical note
Editors: Knudsen, LISBN: 3540435530
Publisher: Springer
Name and Venue of Conference: Advances in Cryptology - EUROCRYPT 2002: International Conference on the Theory and Applications of Cryptographic Techniques, Amsterdam, 28 April 28 - 2 May
Other: http://www.cs.bris.ac.uk/Publications/pub_info.jsp?id=1000621