Point Decomposition Problem in Binary Elliptic Curves

Karabina, Koray

doi:10.1007/978-3-319-30840-1_10

Koray Karabina¹⁵

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9558))

Included in the following conference series:

ICISC 2015

820 Accesses
2 Citations

Abstract

We analyze the point decomposition problem (PDP) in binary elliptic curves. It is known that PDP in an elliptic curve group can be reduced to solving a particular system of multivariate non-linear equations derived from the so called Semaev summation polynomials. We modify the underlying system of equations by introducing some auxiliary variables. We argue that the trade-off between lowering the degree of Semaev polynomials and increasing the number of variables provides a significant speed-up.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
We prefer to use point rather than element because elliptic curve group elements are commonly called points.
2.
This is roughly when the number of relations exceeds \(|\mathcal {B}|\).

References

Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system I: the user language. J. Symbolic Comput. 24, 235–265 (1997)
Article MathSciNet MATH Google Scholar
Diem, C.: On the discrete logarithm problem in elliptic curves II. Algebra Number Theory 7, 1281–1323 (2013)
Article MathSciNet MATH Google Scholar
Faugère, J.-C.: A new efficient algorithm for computing Groebner bases (F4). J. Pure Appl. Algebra 139, 61–68 (1999)
Article MathSciNet MATH Google Scholar
Faugère, J.-C.: A new efficient algorithm for computing Groebner bases without reduction to zero (F5). In: International Symposium on Symbolic and Algebraic Computation, pp. 75–83 (2002)
Google Scholar
Faugère, J.-C., Perret, L., Petit, C., Renault, G.: Improving the complexity of index calculus algorithms in elliptic curves over binary fields. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 27–44. Springer, Heidelberg (2012)
Chapter Google Scholar
Galbraith, S.D., Gebregiyorgis, S.W.: Summation polynomial algorithms for elliptic curves in characteristic two. In: Meier, W., Mukhopadhyay, D. (eds.) Progress in Cryptology – INDOCRYPT 2014. LNCS, vol. 8885, pp. 409–427. Springer, Berlin (2014)
Google Scholar
Gaudry, P.: Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem. J. Symbolic Comput. 44, 1690–1702 (2009)
Article MathSciNet MATH Google Scholar
Huang, Y.-J., Petit, C., Shinohara, N., Takagi, T.: Improvement of Faugère et al.’s Method to Solve ECDLP. In: Terada, M., Sakiyama, K. (eds.) IWSEC 2013. LNCS, vol. 8231, pp. 115–132. Springer, Heidelberg (2013)
Chapter Google Scholar
Kosters, M., Yeo, S.: Notes on summation polynomials (2015). arXiv:1503.08001
Petit, C., Quisquater, J.-J.: On polynomial systems arising from a Weil descent. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 451–466. Springer, Heidelberg (2012)
Chapter Google Scholar
Semaev, I.: Summation polynomials and the discrete logarithm problem on elliptic curves, Cryptology ePrint Archive: Report/031 (2004)
Google Scholar
Semaev, I.: New algorithm for the discrete logarithm problem on elliptic curves, Cryptology ePrint Archive: Report 2015/310 (2015)
Google Scholar
Shantz, M., Teske, E.: Solving the elliptic curve discrete logarithm problem using Semaev polynomials, Weil descent and Gröbner basis methods – an experimental study. In: Fischlin, M., Katzenbeisser, S. (eds.) Buchmann Festschrift. LNCS, vol. 8260, pp. 94–107. Springer, Heidelberg (2013)
Google Scholar

Download references

Acknowledgment

I would like to acknowledge two recent papers [9, 12]. Semaev [12] claims a new complexity bound \(2^{c(\sqrt{n\ln n}})\) for solving ECDLP(2, n) under the assumption that the degree of regularity in Groebner computations of particular polynomial systems is \(D_{\mathsf {reg}}\le 4\). Semaev also shows that ECDLP(2, n) can be solved in time \(2^{o(c\sqrt{n\ln n})}\) under a weaker assumption that \(D_{\mathsf {reg}} = o(\sqrt{n/\ln n})\) The techniques used in [12] and in this paper are similar. In [9], Kosters and Yeo provide experimental evidence that the degree of regularity of the underlying polynomial systems is likely to increase as a function of n, whence the conjecture \(D_{\mathsf {reg}} \approx D_{\mathsf {FirstFall}}\) may be false.

I would like to thank Michiel Kosters and Igor Semaev for their comments on the first version of this paper.

Author information

Authors and Affiliations

Florida Atlantic University, Boca Raton, FL, 33431, USA
Koray Karabina

Authors

Koray Karabina
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Koray Karabina .

Editor information

Editors and Affiliations

Sungkyunkwan University, Suwon, Gyeonggi, Korea (Republic of)
Soonhak Kwon
UNIST, Ulsan, Korea (Republic of)
Aaram Yun

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Karabina, K. (2016). Point Decomposition Problem in Binary Elliptic Curves. In: Kwon, S., Yun, A. (eds) Information Security and Cryptology - ICISC 2015. ICISC 2015. Lecture Notes in Computer Science(), vol 9558. Springer, Cham. https://doi.org/10.1007/978-3-319-30840-1_10

Download citation

DOI: https://doi.org/10.1007/978-3-319-30840-1_10
Published: 10 March 2016
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-30839-5
Online ISBN: 978-3-319-30840-1
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics