Abstract
The previously best attack known on elliptic curve cryptosystems used in practice was the parallel collision search based on Pollard ’s ρ-method. The complexity of this attack is the square root of the prime order of the generating point used. For arbitrary curves, typically defined over GF(p) or GF(2m), the attack time can be reduced by a factor or √2, a small improvement. For subfield curves, those defined over GF(2ed) with coefficients defining the curve restricted to GF(2e), the attack time can be reduced by a factor of √2d. In particular for curves over GF(2m) with coefficients in GF(2), called anomalous binary curves or Koblitz curves, the attack time can be reduced by a factor of √2m. These curves have structure which allows faster cryptosystem computations. Unfortunately, this structure also helps the attacker. In an example, the time required to compute an elliptic curve logarithm on an anomalous binary curve over GF(2163) is reduced from 281 to 277 elliptic curve operations.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
ANSI X9.62-199x: Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), January 13, 1998.
ANSI X9.63-199x: Public Key Cryptography for the Financial Services Industry: Elliptic Curve Key Agreement and Transport Protocols, October 5, 1997.
E. De Win A. Bosselaers, S. Vandenberghe, P. De Gersem and J. Vandewalle, “A fast software implementation for arithmetic operations in GF(2n),” Advances in Cryptology, Proc. Asiacrypt96, LNCS 1163, K. Kim and T. Matsumoto, Eds., Springer-Verlag, 1996, pp. 65–76.
W. Diffie and M. Hellman, New directions in cryptography, IEEE Transactions on Information Theory 22 (1976), pp. 644–654.
R. Gallant, R. Lambert and S. Vanstone, “Improving the Parallelized Pollard Lambda Search on Binary Anomalous Curves”, Research Report No. CORR98-15, Department of Combinatorics and Optimization, University of Waterloo, Waterloo,Canada, (1998).
N. Koblitz, Elliptic curve cryptosystems, Mathematics of Computation 48 (1987), pp. 203–209.
N. Koblitz, “CM-curves with good cryptographic properties,” Advances in Cryptology, Proc. Crypto91, LNCS 576, J. Feigenbaum, Ed., Springer-Verlag, 1997, pp. 279–287.
A. Menezes, T. Okamoto and S. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field, IEEE Transactions on Information Theory, 39 (1993), pp. 1639–1646.
V. Miller, “Uses of elliptic curves in cryptography,” in Advances in Cryptology-CRYPTO’ 85, Lecture Notes in Computer Science, 218 (1986), Springer-Verlag, pp. 417–426.
NationalInstituteforStandards and Technology, “Digital signature standard,” Federal information processing standard, U.S. Department of Commerce, FIPS PUB 186, Washington,DC, 1994.
J.M. Pollard, Monte Carlo methods for index computation (mod p), Mathematics of Computation, 32 (1978), pp. 918–924.
T. Satoh and K. Araki, Fermat Quotients and the Polynomial Time Discrete Log Algorithm for Anomalous Elliptic Curves, preprint, 1997.
R. Schroeppel, H. Orman, S. OMalley and O. Spatscheck, “Fast key exchange with elliptic curve systems,” Advances in Cryptology, Proc. Crypto95, LNCS 963, D. Coppersmith, Ed., Springer-Verlag, 1995, pp. 43–56.
I. Semaev, Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p, Mathematics of Computation, 67 (1998), pp. 353–356.
N. Smart, The discrete logarithm problem on elliptic curves of trace one, preprint, 1997.
J. Solinas, “An improved algorithm for arithmetic on a family of elliptic curves,” Advances in Cryptology, Proc. Crypto97, LNCS 1294, B. Kaliski, Ed., Springer-Verlag, 1997, pp. 357–371.
E. Teske, “Speeding up Pollard’s rho method for computing discrete logarithms,” Technical Report No. TI-1/98, Technische Hochschule Darmstadt, Darmstadt,Germany, (1998).
P. van Oorschot and M. Wiener, Parallel collision search with cryptanalytic applications, Journal of Cryptology, to appear.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wiener, M.J., Zuccherato, R.J. (1999). Faster Attacks on Elliptic Curve Cryptosystems. In: Tavares, S., Meijer, H. (eds) Selected Areas in Cryptography. SAC 1998. Lecture Notes in Computer Science, vol 1556. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48892-8_15
Download citation
DOI: https://doi.org/10.1007/3-540-48892-8_15
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65894-8
Online ISBN: 978-3-540-48892-7
eBook Packages: Springer Book Archive