Complexity bounds on Semaev’s naive index calculus method for ECDLP

Complexity bounds on Semaev’s naive index calculus method for ECDLP

Since Semaev introduced summation polynomials in 2004, a number of studies have been devoted to improving the index calculus method for solving the elliptic curve discrete logarithm problem (ECDLP) with better complexity than generic methods such as Pollard’s rho method and the baby-step and giant-s...

Full description

Bibliographic Details
Main Authors: Yokoyama Kazuhiro, Yasuda Masaya, Takahashi Yasushi, Kogure Jun
Format: Article
Language:English
Published: De Gruyter 2020-10-01
Series:Journal of Mathematical Cryptology
Subjects:
ecdlp
summation polynomials
index calculus methods
gröbner basis computation
fall degrees
primary 94a60
secondary 14g50
Online Access:https://doi.org/10.1515/jmc-2019-0029
Description
Summary:Since Semaev introduced summation polynomials in 2004, a number of studies have been devoted to improving the index calculus method for solving the elliptic curve discrete logarithm problem (ECDLP) with better complexity than generic methods such as Pollard’s rho method and the baby-step and giant-step method (BSGS). In this paper, we provide a deep analysis of Gröbner basis computation for solving polynomial systems appearing in the point decomposition problem (PDP) in Semaev’s naive index calculus method. Our analysis relies on linear algebra under simple statistical assumptions on summation polynomials. We show that the ideal derived from PDP has a special structure and Gröbner basis computation for the ideal is regarded as an extension of the extended Euclidean algorithm. This enables us to obtain a lower bound on the cost of Gröbner basis computation. With the lower bound, we prove that the naive index calculus method cannot be more efficient than generic methods.
ISSN:1862-2976
1862-2984

Similar Items