Abstract
We address the Menezes-Okamoto-Vanstone (MOV) algorithm for attacking elliptic curve cryptosystems which is completed in subexponential time for supersingular elliptic curves. There exist two hurdles to clear, from an algorithmic point of view, in applying the MOV reduction to general elliptic curves: the problem of explicitly determining the minimum extension degree k such that \(E[n]\subset E(F_{q^k})\) and that of efficiently finding an n-torsion point needed to evaluate the Weil pairing, where n is the order of a cyclic group of the elliptic curve discrete logarithm problem. We can find an answer to the first problem in a recent paper by Balasubramanian and Koblitz. On the other hand, the second problem is important as well, since the reduction might require exponential time even for small k. In this paper, we actually construct a novel method of efficiently finding an n-torsion point, which leads to a solution of the second problem. In addition, our contribution allows us to draw the conclusion that the MOV reduction is indeed as powerful as the Frey-Rück reduction under \(n\not\vert q-1\), not only from the viewpoint of the minimum extension degree but also from that of the effectiveness of algorithms.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Atkin, A.O.L.: The number of points on an elliptic curve modulo a prime, Draft (1988)
Atkin, A.O.L.: The number of points on an elliptic curve modulo a prime (ii), Draft (1992)
Balasubramanian, R., Koblitz, N.: The improbability that an elliptic curve has subexponential discrete log problem under the Menezes-Okamoto-Vanstone algorithm. Journal of Cryptology 11, 141–145 (1998)
Cohen, H.: A Course in Computational Algebraic Number Theory. Springer, Berlin (1993)
Couveignes, J.-M., Morain, F.: Schoof’s algorithm and isogeny cycles. In: The Proc. of ANTS-I. LNCS, vol. 877, pp. 43–58 (1994)
Couveignes, J.-M., Dewaghe, L., Morain, F.: Isogeny cycles and the Schoof-Elkies-Atkin algorithm. LIX/RR/96/03 (1996)
Couveignes, J.-M.: Computing l-isogenies using the p-torsion. In: Cohen, H. (ed.) ANTS 1996. LNCS, vol. 1122, pp. 59–65. Springer, Heidelberg (1996)
Denny, T., Schirokauer, O., Weber, D.: Discrete logarithms: the effectiveness of the index calculus method. In: Cohen, H. (ed.) ANTS 1996. LNCS, vol. 1122, Springer, Heidelberg (1996)
Elkies, N.D.: Explicit isogenies, Draft (1991)
Frey, G., Rück, H.G.: A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Math. Comp. 62(206), 865–874 (1994)
Frey, G., Müller, M., Rück, H.G.: The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems (1998) (preprint)
Harasawa, R., Shikata, J., Suzuki, J., Imai, H.: Comparing the MOV and FR reductions in elliptic curve cryptography. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 190–205. Springer, Heidelberg (1999)
Izu, T., Kogure, J., Noro, M., Yokoyama, K.: Efficient Implementation of Schoof’s Algorithm. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 66–79. Springer, Heidelberg (1998)
Koblitz, N.: Elliptic Curve Cryptosystems. Math. Comp. 48, 203–209 (1987)
Koblitz, N.: Algebraic Aspects of Cryptography. Springer, Heidelberg (1998)
Lercier, R., Morain, F.: Counting the number of points on elliptic curves over finite fields: strategy and performances. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 79–94. Springer, Heidelberg (1995)
Lercier, R.: Computing isogenies in F\(_{2^n}\). In: Cohen, H. (ed.) ANTS 1996. LNCS, vol. 1122, pp. 197–212. Springer, Heidelberg (1996)
Menezes, A.: Elliptic Curve Public Key Cryptosystem. Kluwer Acad. Publ., Boston (1993)
Menezes, A., Okamoto, T., Vanstone, S.: Reducing elliptic curve logarithms in a finite field. IEEE Transactions on Information Theory IT-39(5), 1639–1646 (1993)
Miller, V.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)
Miller, V.: Short programs for functions on curves (unpublished manuscript) (1986)
Morain, F.: Calcul du nombre de points sur une courbe elliptique dans un corps fini: aspects algorithmiques. J. Théor. Nombres Bordeaux 7, 255–282 (1995)
Satoh, T., Araki, K.: Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves. Commentarii Math. Univ. St. Pauli 47(1), 81–92 (1998)
Schoof, R.: Nonsingular plane cubic curves over finite fields. J. Combinatorial Theory, Series A 46, 183–211 (1987)
Schoof, R.: Counting points on elliptic curves over finite fields. J. Théor. Nombres Bordeaux 7, 219–254 (1995)
Semaev, I.: Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p. Math. of Computation 67, 353–356 (1998)
Silverman, J.: The Arithmetic of Elliptic Curves. Springer, New York (1986)
Silverman, J., Suzuki, J.: Elliptic curve discrete logarithms and index calculus. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 110–125. Springer, Heidelberg (1998)
Smart, N.: The Discrete logarithm problem on elliptic curves of trace one. To appear in Journal of Cryptology
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shikata, J., Zheng, Y., Suzuki, J., Imai, H. (1999). Optimizing the Menezes-Okamoto-Vanstone (MOV) Algorithm for Non-supersingular Elliptic Curves. In: Lam, KY., Okamoto, E., Xing, C. (eds) Advances in Cryptology - ASIACRYPT’99. ASIACRYPT 1999. Lecture Notes in Computer Science, vol 1716. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-48000-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-540-48000-6_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66666-0
Online ISBN: 978-3-540-48000-6
eBook Packages: Springer Book Archive