Complexity bounds on Semaev’s naive index calculus method for ECDLP

Yokoyama Kazuhiro; Yasuda Masaya; Takahashi Yasushi; Kogure Jun

doi:10.1515/jmc-2019-0029

Journal of Mathematical Cryptology (Oct 2020)

Complexity bounds on Semaev’s naive index calculus method for ECDLP

Yokoyama Kazuhiro,
Yasuda Masaya,
Takahashi Yasushi,
Kogure Jun

Affiliations

Yokoyama Kazuhiro: Rikkyo University, Tokyo, Japan
Yasuda Masaya: Rikkyo University, Tokyo, Japan
Takahashi Yasushi: FUJITSU Laboratories LTD., Kawasaki, Japan
Kogure Jun: FUJITSU Laboratories LTD., Kawasaki, Japan

DOI: https://doi.org/10.1515/jmc-2019-0029
Journal volume & issue: Vol. 14, no. 1
pp. 460 – 485

Abstract

Read online

Since Semaev introduced summation polynomials in 2004, a number of studies have been devoted to improving the index calculus method for solving the elliptic curve discrete logarithm problem (ECDLP) with better complexity than generic methods such as Pollard’s rho method and the baby-step and giant-step method (BSGS). In this paper, we provide a deep analysis of Gröbner basis computation for solving polynomial systems appearing in the point decomposition problem (PDP) in Semaev’s naive index calculus method. Our analysis relies on linear algebra under simple statistical assumptions on summation polynomials. We show that the ideal derived from PDP has a special structure and Gröbner basis computation for the ideal is regarded as an extension of the extended Euclidean algorithm. This enables us to obtain a lower bound on the cost of Gröbner basis computation. With the lower bound, we prove that the naive index calculus method cannot be more efficient than generic methods.

Published in Journal of Mathematical Cryptology

ISSN: 1862-2976 (Print); 1862-2984 (Online)
Publisher: De Gruyter
Country of publisher: Poland
LCC subjects: Science: Mathematics
Website: https://www.degruyter.com/view/journals/jmc/jmc-overview.xml

About the journal

Abstract

Keywords