An Attack on a Trace-Zero Cryptosystem
نویسندگان
چکیده
It was recently proposed in the literature that the discretelogarithm problem (DLP) in trace-zero groups of genus 2 curves withrespect to constant field extensions of degree 3 is a fast and secure al-ternative to the well established cryptographic primitive of the DLP in elliptic curves over prime fields. We present a novel attack on this primitive. We show that the DLP inthe trace-zero group can always be transferred into the DLP in the classgroup of a curve of genus at most 6 over the prime field. Asymptotically,the DLP can be solved faster by transferring it into the DLP in the classgroup of this curve and using index calculus methods than by attackingit directly via generic methods. The speed-up one obtains correspondsto a reduction of 1/6th of the bit length. We discuss practical aspects of our attack and argue that for crypto-graphically relevant group sizes (even for “low security” applications of128 bit length), our attack always leads to a considerable speed-up inthe calculation of the DLP in relation to generic attacks.
منابع مشابه
Trace-Driven Cache Attacks on AES (Short Paper)
Cache based side-channel attacks have recently been attracted significant attention due to the new developments in the field. In this paper, we present an efficient trace-driven cache attack on a widely used implementation of the AES cryptosystem. We also evaluate the cost of the proposed attack in detail under the assumption of a noiseless environment. We develop an accurate mathematical model...
متن کاملTrace-Driven Cache Attacks on AES
Cache based side-channel attacks have recently been attracted significant attention due to the new developments in the field. In this paper, we present efficient trace-driven cache attacks on a widely used implementation of the AES cryptosystem. We also evaluate the cost of the proposed attacks in detail under the assumption of a noiseless environment. We develop an accurate mathematical model ...
متن کاملOn the computational complexity of finding a minimal basis for the guess and determine attack
Guess-and-determine attack is one of the general attacks on stream ciphers. It is a common cryptanalysis tool for evaluating security of stream ciphers. The effectiveness of this attack is based on the number of unknown bits which will be guessed by the attacker to break the cryptosystem. In this work, we present a relation between the minimum numbers of the guessed bits and uniquely restricted...
متن کاملHealing the Hill Cipher, Improved Approach to Secure Modified Hill against Zero-plaintext Attack
Hill Cipher is a symmetric cryptosystem that was claimed to suffer from known-plaintext attack for many years. Different methods have been proposed to make this cipher more secure against known attacks. The introduced classic Hill cipher by Tourani and Falahati in 2011 that was devised in two variants and based upon affine transformation, was considered to be more secure against known attacks. ...
متن کاملUsing the Trace Operator to repair the Polynomial Reconstruction based Cryptosystem presented at Eurocrypt 2003
In this paper, we present a modi cation of the Augot-Finiasz cryptosystem presented at EUROCRYPT 2003. Coron managed to design an attack against the original cryptosystem enabling an attacker to decrypt any intercepted ciphertext e ciently. We introduce here a modi cation of the scheme which appears to resist to this attack. We furthermore propose parameters thwarting the state of the art attacks.
متن کامل