Abstract
This paper examines the cryptographic security of fixed versus random elliptic curves over the field GF(p). Its basic assumption is that a large precomputation to aid in breaking the elliptic curve discrete logarithm problem (ECDLP) can be made for a fixed curve. We take this into account when examining curve security as well as considering a variation of Pollard's rho method where computations from solutions of previous ECDLPs can be used to solve subsequent ECDLPs on the same curve. We present a lower bound on the expected time to solve such ECDLPs using this method, as well as an approximation of the expected time remaining to solve an ECDLP when a given size of precomputation is available. We conclude that adding 5 bits to the size of a fixed curve to avoid general software attacks and an extra 6 bits to avoid attacks on special moduli and a parameters provides an equivalent level of security. © 2003 Springer-Verlag Berlin Heidelberg.
Cite
CITATION STYLE
Hitchcock, Y., Montague, P., Carter, G., & Dawson, E. (2003). The security of fixed versus random elliptic curves in cryptography. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 2727 LNCS, pp. 55–66). https://doi.org/10.1007/3-540-45067-X_6
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
