The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Keselamatan kriptografi lengkung elips berkait rapat dengan kerumitan pengiraan masalah logaritma diskret lengkung eliptik (ECDLP). Hari ini, serangan praktikal terbaik terhadap ECDLP ialah algoritma logaritma diskret generik masa eksponen seperti kaedah rho Pollard. Satu baris pertanyaan baru-baru ini dalam kalkulus indeks untuk ECDLP yang dimulakan oleh Semaev, Gaudry, dan Diem telah menunjukkan bahawa, di bawah andaian heuristik tertentu, algoritma sedemikian boleh membawa kepada serangan subeksponen kepada ECDLP. Dalam kajian ini, kami menyiasat kerumitan pengiraan ECDLP untuk lengkung eliptik dalam pelbagai bentuk — termasuk Hessian, Montgomery, (berpintal) Edwards dan perwakilan Weierstrass — menggunakan kalkulus indeks. Menggunakan kalkulus indeks, kami menyasarkan untuk menentukan sama ada terdapat sebarang perbezaan yang ketara dalam kerumitan pengiraan ECDLP untuk lengkung eliptik dalam pelbagai bentuk. Kami menyediakan bukti empirikal dan pandangan yang menunjukkan jawapan afirmatif dalam kertas ini.
Chen-Mou CHENG
Osaka University
Kenta KODERA
Osaka University
Atsuko MIYAJI
Osaka University,Japan Advanced Institute of Science and Technology
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Salinan
Chen-Mou CHENG, Kenta KODERA, Atsuko MIYAJI, "Differences among Summation Polynomials over Various Forms of Elliptic Curves" in IEICE TRANSACTIONS on Fundamentals,
vol. E102-A, no. 9, pp. 1061-1071, September 2019, doi: 10.1587/transfun.E102.A.1061.
Abstract: The security of elliptic curve cryptography is closely related to the computational complexity of the elliptic curve discrete logarithm problem (ECDLP). Today, the best practical attacks against ECDLP are exponential-time generic discrete logarithm algorithms such as Pollard's rho method. A recent line of inquiry in index calculus for ECDLP started by Semaev, Gaudry, and Diem has shown that, under certain heuristic assumptions, such algorithms could lead to subexponential attacks to ECDLP. In this study, we investigate the computational complexity of ECDLP for elliptic curves in various forms — including Hessian, Montgomery, (twisted) Edwards, and Weierstrass representations — using index calculus. Using index calculus, we aim to determine whether there is any significant difference in the computational complexity of ECDLP for elliptic curves in various forms. We provide empirical evidence and insight showing an affirmative answer in this paper.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E102.A.1061/_p
Salinan
@ARTICLE{e102-a_9_1061,
author={Chen-Mou CHENG, Kenta KODERA, Atsuko MIYAJI, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Differences among Summation Polynomials over Various Forms of Elliptic Curves},
year={2019},
volume={E102-A},
number={9},
pages={1061-1071},
abstract={The security of elliptic curve cryptography is closely related to the computational complexity of the elliptic curve discrete logarithm problem (ECDLP). Today, the best practical attacks against ECDLP are exponential-time generic discrete logarithm algorithms such as Pollard's rho method. A recent line of inquiry in index calculus for ECDLP started by Semaev, Gaudry, and Diem has shown that, under certain heuristic assumptions, such algorithms could lead to subexponential attacks to ECDLP. In this study, we investigate the computational complexity of ECDLP for elliptic curves in various forms — including Hessian, Montgomery, (twisted) Edwards, and Weierstrass representations — using index calculus. Using index calculus, we aim to determine whether there is any significant difference in the computational complexity of ECDLP for elliptic curves in various forms. We provide empirical evidence and insight showing an affirmative answer in this paper.},
keywords={},
doi={10.1587/transfun.E102.A.1061},
ISSN={1745-1337},
month={September},}
Salinan
TY - JOUR
TI - Differences among Summation Polynomials over Various Forms of Elliptic Curves
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 1061
EP - 1071
AU - Chen-Mou CHENG
AU - Kenta KODERA
AU - Atsuko MIYAJI
PY - 2019
DO - 10.1587/transfun.E102.A.1061
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E102-A
IS - 9
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - September 2019
AB - The security of elliptic curve cryptography is closely related to the computational complexity of the elliptic curve discrete logarithm problem (ECDLP). Today, the best practical attacks against ECDLP are exponential-time generic discrete logarithm algorithms such as Pollard's rho method. A recent line of inquiry in index calculus for ECDLP started by Semaev, Gaudry, and Diem has shown that, under certain heuristic assumptions, such algorithms could lead to subexponential attacks to ECDLP. In this study, we investigate the computational complexity of ECDLP for elliptic curves in various forms — including Hessian, Montgomery, (twisted) Edwards, and Weierstrass representations — using index calculus. Using index calculus, we aim to determine whether there is any significant difference in the computational complexity of ECDLP for elliptic curves in various forms. We provide empirical evidence and insight showing an affirmative answer in this paper.
ER -