Abstract
In recent years several papers have appeared that investigate the classical discrete logarithm problem for elliptic curves by means of the multivariate polynomial approach based on the celebrated summation polynomials, introduced by Semaev in 2004. With a notable exception by Petit et al. in 2016, all numerous papers on the subject have investigated only the composite-field case, leaving apart the laborious prime-field case. In this paper we propose a variation of Semaev's original approach that reduces to only one the relations to be found among points of the factor base, thus decreasing drastically the necessary Groebner basis computations. Our proposal holds for any finite field but it is particularly suitable for the prime-field case, where it outperforms both the original Semaev's method and the specialised algorithm by Petit et al..
Highlights
Several cryptographic schemes base their security upon the hardness of the discrete logarithm problem for elliptic curves (ECDLP) [13, 15]
In this paper we propose a new variant of index calculus algorithms for elliptic curves that holds for any finite field, but which is suitable for the prime-field case
We have presented a new index calculus algorithm that exploits summation polynomials for solving the discrete logarithm problem on elliptic curves defined over finite fields
Summary
Several cryptographic schemes base their security upon the hardness of the discrete logarithm problem for elliptic curves (ECDLP) [13, 15]. In 2004 Semaev introduced [20] a family of polynomials, named summation polynomials, proposing their exploitation for an index calculus algorithm for elliptic curves. Semaev sketched his proposal in the case of elliptic curves defined over prime fields Fp, suggesting to define F as the set of rational points whose x-coordinates are small when taken as integers in the standard complete residue system [0, . In this paper we propose a new variant of index calculus algorithms for elliptic curves that holds for any finite field, but which is suitable for the prime-field case. Our proposal reduces the index calculus algorithm for elliptic curves to the computation of a single linear relation among points of the factor base.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
