Equations System coming from Weil descent and subexponential attack for algebraic curve cryptosystem

In [2], Faugére et al. shows that the decomposition problem of a point of elliptic curve over binary field F2n reduces to solving low degree equations system over F2 coming from Weil descent. Using this method, the discrete logarithm problem of elliptic curve over F2n reduces to linear constrains, i.e., solving equations system using linear algebra of monomial modulo field equations, and its complexity is expected to be subexponential of input size n. However, it is pity that at least using linear constrains, it is exponential. In [7], Petit et al. shows that assuming first fall degree assumption, from which the complexity of solving low degree equations system using Gröbner basis computation is subexponential, its total complexity is heuristically subexponential. On the other hands, the author [6] shows that the decomposition problem of Jacobian of plane curve over Fpn also essentially reduces to solving low degree equations system over Fp coming from Weil descent. In this paper, we revise (precise estimation of first fall degree) the results of Petit et al. and show that the discrete logarithm problem of elliptic curve over small characteristic field Fpn is subexponential of input size n, and the discrete logarithm problem of Jacobian of small genus curve over small characteristic field Fpn is also subexponential of input size n, under first fall degree assumption.