[Cryptography] Christophe Petit on ECDLP future advances

Thierry Moreau thierry.moreau at connotech.com
Sat Mar 19 14:23:32 EDT 2016 

FYI:

For those having both the mathematical skills and a chance to be in 
Paris on March 30, here is an opportunity for learning some recent 
trends in ECDLP (elliptic curve discrete logarithm problem).

See also Professor Petit academic web page:

http://people.maths.ox.ac.uk/petit/

- Thierry Moreau

(message forwarded from another list)
==============================================
Bonjour à tous,


J'ai le plaisir de vous annoncer que l'équipe Almasty (ALgorithms, MAths 
and SecuriTY) du LIP6 accueillera :



***************************************************************
           Christophe PETIT (University of Oxford)
               le mercredi 30 mars à 17 heures

    en salle 24-25-405, UPMC, 4 place Jussieu, 75005 PARIS
        (montez par la tour 24 jusqu'au 4ème étage et
         prenez le couloir qui mène à la rotonde 25)

                         TITRE :
Recent advances in Elliptic Curve Discrete Logarithm algorithms
***************************************************************



RESUME : The elliptic curve discrete logarithm problem (ECDLP) is one of 
the core number theory problems used in cryptography today, for example 
in TLS protocol. The elliptic curve discrete logarithm problem is 
believed to be much harder than the discrete logarithm problem over 
finite fields and the factorization problem, as the best attacks for 
commonly used parameters are still generic DLP algorithms. As key sizes 
in applications are chosen accordingly, it is important to understand 
the exact hardness of ECDLP.

In this talk, I will review recent advances in solving this problem 
using index calculus algorithms, starting from the work of Semaev in 
2004. As it happens, we now have subexponential (in L(2/3) time) 
algorithms for special families of parameters, but these parameters are 
however not really used in practice. I will then show how these 
algorithms can potentially be adapted to elliptic curves defined over 
binary fields of prime degree extensions and to elliptic curve defined 
over prime fields (the two families that appear in standards and 
applications), and I will describe remaining challenges in improving 
both their complexity and their analysis.

More information about the cryptography mailing list