Recent research for efficient algorithms for solving the dis- crete logarithm (DL) problem on elliptic curves depends on the difficult question of the feasibility of index calculus which would consist of split- ting EC points into sums of points lying in a certain subspace. A natural algebraic approach towards this goal is through solving systems of non linear multivariate equations derived from the so called summation poly- nomials which method have been proposed by Semaev in 2004 [12].
In this paper we consider simplified variants of this problem with splitting in two or three parts in binary curves. We propose three algorithms with running time of the order of 2n/3 for both problems. It is not clear how to interpret these results but they do in some sense violate the generic group model for these curves.

Link to Paper »


Nicolas T Courtois



Cryptography and Cryptology

Leave a Reply