FLASH: New attacks

[Nigel Randsley-Pena]

Alan,


Using a parallel colision search based on Pollard's rho method has a

complexity of the square root of the prime order of the generating point

used. For arbitrary curves defined over GF(p) or GF(2^m) the attack time

can be reduced by a factor of the square root of 2, so it's only a small

improvement.For subfield curves, those defined over GF(2^ed) with

coefficients defining the curve restricted to GF(2^e), the attack time

can be reduced by a factor of the square root of 2d. In particular for

curves over GF(2m) with coefficients in GF(2), called anomalous binary

curves or Koblitz curves, the attack time can be reduced by a factor of

the square root of 2m. These curves have structure which allows faster

cryptosystem computations. Unfortunately, this structure also helps the

attacker. In an example, the time required to compute an elliptic curve

logarithm on an anomalous binary

curve over GF(2^163) is reduced from 2^81 to 2^77 elliptic curve

operations.

I can send you the full Wiener and Zuccherato paper if you want but it

should already be available for download.


Nigel


------------------------------------------------------------------------

To UNSUBSCRIBE send: unsubscribe flasher in the body of an

email to

list-managershocker [dot] com

.  Problems to:

ownershocker [dot] com

N.B. Email address must be the same as the one you used to subscribe.

For info on digest mode send: info flasher to

list-managershocker [dot] com