[Cryptography] Christophe Petit on ECDLP future advances
Thierry Moreau
thierry.moreau at connotech.com
Sat Mar 19 14:23:32 EDT 2016
FYI:
For those having both the mathematical skills and a chance to be in
Paris on March 30, here is an opportunity for learning some recent
trends in ECDLP (elliptic curve discrete logarithm problem).
See also Professor Petit academic web page:
http://people.maths.ox.ac.uk/petit/
- Thierry Moreau
(message forwarded from another list)
==============================================
Bonjour à tous,
J'ai le plaisir de vous annoncer que l'équipe Almasty (ALgorithms, MAths
and SecuriTY) du LIP6 accueillera :
***************************************************************
Christophe PETIT (University of Oxford)
le mercredi 30 mars à 17 heures
en salle 24-25-405, UPMC, 4 place Jussieu, 75005 PARIS
(montez par la tour 24 jusqu'au 4ème étage et
prenez le couloir qui mène à la rotonde 25)
TITRE :
Recent advances in Elliptic Curve Discrete Logarithm algorithms
***************************************************************
RESUME : The elliptic curve discrete logarithm problem (ECDLP) is one of
the core number theory problems used in cryptography today, for example
in TLS protocol. The elliptic curve discrete logarithm problem is
believed to be much harder than the discrete logarithm problem over
finite fields and the factorization problem, as the best attacks for
commonly used parameters are still generic DLP algorithms. As key sizes
in applications are chosen accordingly, it is important to understand
the exact hardness of ECDLP.
In this talk, I will review recent advances in solving this problem
using index calculus algorithms, starting from the work of Semaev in
2004. As it happens, we now have subexponential (in L(2/3) time)
algorithms for special families of parameters, but these parameters are
however not really used in practice. I will then show how these
algorithms can potentially be adapted to elliptic curves defined over
binary fields of prime degree extensions and to elliptic curve defined
over prime fields (the two families that appear in standards and
applications), and I will describe remaining challenges in improving
both their complexity and their analysis.
More information about the cryptography
mailing list