A Secure Family of Composite Finite Fields Suitable for Fast Implementation of Elliptic Curve Cryptography

In 1999 Silverman [21] introduced a family of binary finite fields which are composite extensions of F2 and on which arithmetic operations can be performed more quickly than on prime extensions of F2 of the same size. We present here a fast approach to elliptic curve cryptography using a distinguished subset of the set of Silverman fields F2N = Fhn . This approach leads to a theoretical computation speedup over fields of the same size, using a standard point of view (cf. [7]). We also analyse their security against prime extension fields F2p , where p is prime, following the method of Menezes and Qu [12]. We conclude that our fields do not present any significant weakness towards the solution of the elliptic curve discrete logarithm problem and that often the Weil descent of Galbraith-Gaudry-Hess-Smart (GGHS) does not offer a better attack on elliptic curves defined over F2N than on those defined over F2p , with a prime p of the same size as N . A noteworthy example is provided by F2226 : a generic elliptic curve Y 2 + XY = X + αX + β defined over F2226 is as prone to the GGHS Weil descent attack as a generic curve defined on the NIST field F2233 .