Abstract
The xedni calculus attack on the elliptic curve discrete logarithm problem (ECDLP) involves lifting points from the finite field \({\mathbb{F}}_p\) to the rational numbers \({\mathbb{Q}}\) and then constructing an elliptic curve over \({\mathbb{Q}}\) that passes through them. If the lifted points are linearly dependent, then the ECDLP is solved. Our purpose is to analyze the practicality of this algorithm. We find that asymptotically the algorithm is virtually certain to fail, because of an absolute bound on the size of the coefficients of a relation satisfied by the lifted points. Moreover, even for smaller values of p experiments show that the odds against finding a suitable lifting are prohibitively high.
Similar content being viewed by others
References
B. Birch and H. P. F. Swinnerton-Dyer, Notes on elliptic curves I and II, J.Reine Angew.Math., Vol. 212 (1963) pp. 7–25 and Vol. 218 (1965) pp. 79–108.
B. Birch and H. P. F. Swinnerton-Dyer, Elliptic curves and modular functions. In B. Birch and W. Kuyk (eds.), Modular Functions of One Variable IV (Lect. Notes in Math., Vol. 476), Springer-Verlag, 1975, pp. 2–32.
J. W. S. Cassels, Diophantine equations with special reference to elliptic curves, J.London Math.Soc., Vol. 41 (1966) 193–291.
J. H. Cheon, S. G. Hahn, and H. J. Kim, Analogue of the index calculus for elliptic discrete logarithm, preprint.
J. Coates and A. Wiles, On the conjecture of Birch and Swinnerton-Dyer, Invent.Math., Vol. 39 (1977) pp. 223–251.
R. Greenberg, On the Birch and Swinnerton-Dyer conjecture, Invent.Math., Vol. 72 (1983) pp. 241–265.
G. Havas, B. Majewski, and K. Matthews, Extended GCD and Hermite normal form algorithms via lattice basis reduction, Experimental Math., Vol. 7 (1998) pp. 125–136.
M. Hindry and J. H. Silverman, The canonical height and integral points on elliptic curves, Invent.Math., Vol. 93 (1988), 419–450.
N. Koblitz, Elliptic curve cryptosystems, Math.Comp., Vol. 48 (1987) pp. 203–209.
N. Koblitz, Introduction to Elliptic Curves and Modular Forms, 2nd ed., Springer-Verlag, 1993.
N. Koblitz, Algebraic Aspects of Cryptography, Springer-Verlag, 1998.
S. Lang, Elliptic Curves: Diophantine Analysis, Springer-Verlag, 1978.
S. Lang, Fundamental of Diophantine Geometry, Springer-Verlag, 1983.
LiDIA Group, Technische Universität Darmstadt, Darmstadt, Germany, LiDIA-A Library for Computational Number Theory, Version 1.3, 1997.
D. W. Masser, Specializations of finitely generated subgroups of abelian varieties, Trans.Amer.Math.Soc., Vol. 311 (1989) pp. 413–424.
B. Mazur, Modular curves and the Eisenstein ideal, Inst.Hautes Études Sci.Publ.Math., Vol. 47 (1977) pp. 33–186.
A. Menezes, Elliptic Curve Public Key Cryptosystems, Kluwer Acad. Pub., 1993.
A. Menezes, P. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996.
J. F. Mestre, Construction d'une courbe elliptique de rang ¸ 12, C.R.Acad.Sci.Paris, Vol. 295 (1982) pp. 643–644.
J. F. Mestre, Formules explicites et minoration de conducteurs de variétés algébriques, Compos.Math., Vol. 58 (1986) pp. 209–232.
V. S. Miller, Use of elliptic curves in cryptography, Advances in Cryptology-Crypto '85 (Lect. Notes in Comp. Sci., Vol. 218), Springer-Verlag (1986), pp. 417–426.
A. Néron, Propriétés arithmétqiues et géométriques attachés à la notion de rang d'une courbe algébrique dans un corps, Bull.Soc.Math.France, Vol. 80 (1952) pp. 101–166.
A. Néron, Quasi-fonctions et hauteurs sur les variétés abéliennes, Annals of Math., Vol. 82 (1965) pp. 249–331.
K. Ribet, On modular representations of Gal.(Q;Q) arising from modular forms, Invent.Math. Vol. 100 (1990) pp. 431–476.
K. Rubin, Elliptic curves with complex multiplication and the conjecture of Birch and Swinnerton-Dyer, Invent.Math., Vol. 64 (1981) pp. 455–470.
R. Schoof, Nonsingular plane cubic curves, J.Combinatorial Theory, Ser.A, Vol. 46 (1987) pp. 183–211.
J. H. Silverman, Lower bound for the canonical height on elliptic curves, Duke Math.J., Vol. 48 (1981) pp. 633–648.
J. H. Silverman, Divisibility of the specialization map for families of elliptic curves, Amer.J.Math., Vol. 107 (1985) pp. 555–565.
J. H. Silverman, The Arithmetic of Elliptic Curves, Springer-Verlag (1986).
J. H. Silverman, Computing heights on elliptic curves, Math.Comp., Vol. 51 (1988) pp. 339–358.
J. H. Silverman, Advanced Topics in the Arithmetic of Elliptic Curves, Springer-Verlag (1994).
J. H. Silverman, Computing canonical heights with little (or no) factorization, Math.Comp., Vol. 66 (1997) pp. 787–805.
J. H. Silverman, The xedni calculus and the elliptic curve discrete logarithm problem, Designs, Codes and Cryptography, Vol. 20 (2000), pp. 5–40.
J. H. Silverman and J. Suzuki, Elliptic curve discrete logarithms and the index calculus, Advances in Cryptology-ASIACRYPT '98 (Lecture Notes in Comp. Sci. Vol.), Springer-Verlag (1998), pp. 110–125.
J. H. Silverman and J. Tate, Rational Points on Elliptic Curves, Springer-Verlag (1992).
R. Taylor and A. Wiles, Ring-theoretic properties of certain Hecke algebras, Annals of Math., Vol. 141 (1995) pp. 553–572.
A. Wiles, Modular elliptic curves and Fermat's Last Theorem, Annals of Math., Vol. 141 (1995) pp. 443–551.
H. G. Zimmer et al., SIMATH Manual, University of Saarland, Saarbrücken, Germany (1997).
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Jacobson, M.J., Koblitz, N., Silverman, J.H. et al. Analysis of the Xedni Calculus Attack. Designs, Codes and Cryptography 20, 41–64 (2000). https://doi.org/10.1023/A:1008312401197
Issue Date:
DOI: https://doi.org/10.1023/A:1008312401197