Welcome to the resource topic for
**2001/054**

**Title:**

Extending the GHS Weil Descent Attack

**Authors:**
S. D. Galbraith, F. Hess, N. P. Smart

**Abstract:**

In this paper we extend the Weil descent attack

due to Gaudry, Hess and Smart (GHS) to

a much larger class of elliptic curves.

This extended attack still only works for fields of composite

degree over \F_2.

The principle behind the extended attack is to use

isogenies to

find a new elliptic curve for which the GHS attack is

effective.

The discrete logarithm problem on the target curve

can be transformed into a discrete logarithm problem

on the new isogenous curve.

One contribution of the paper is to give

an improvement to an algorithm of Galbraith

for constructing isogenies between elliptic curves,

and this is of independent interest in

elliptic curve cryptography.

We conclude that fields of the form \F_{q^7} should be

considered weaker from a cryptographic standpoint than

other fields.

In addition we show that a larger proportion than previously

thought of elliptic curves over \F_{2^{155}} should be

considered weak.

**ePrint:**
https://eprint.iacr.org/2001/054

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

**Example resources include:**
implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .