Abstract
The security of elliptic curve cryptography, which is based on the computational hardness of ECDLP, has been extensively studied for decades. Index calculus algorithm has been paid much attention by many cryptographers to solve ECDLP. Recently, Sarkar and Singh proposed a method for obtaining relations among factor basis for special hyperelliptic curves, which is possible to obtain the decomposition without requiring solving a multivariate system of non-linear equations, and could be used in index calculus. In this paper, we revisited their approach and extended it to some elliptic curves with j-invariant 0 and 1728. We show how to get point decomposition and point relations among factor basis, by solving several linear equations and univariate equations with relatively low degree instead of multivariate non-linear equations. The new decomposition method could be better than common methods such as summation polynomials and it is expected to be an important ingredient in index calculus to solve the discrete logarithm problem of elliptic curves. We also give some examples of the concrete computation of relations among factor basis element, which indicate that such technique could take effect when the dimension n of point decomposition is relatively high and the n-th summation polynomial does not work.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
