Welcome to the resource topic for
**2001/084**

**Title:**

Analysis of the GHS Weil Descent Attack on the ECDLP over Characteristic Two Finite Fields of Composite Degree

**Authors:**
Markus Maurer, Alfred Menezes, Edlyn Teske

**Abstract:**

In this paper, we analyze the Gaudry-Hess-Smart (GHS) Weil descent

attack on the elliptic curve discrete logarithm problem (ECDLP) for

elliptic curves defined over characteristic two finite fields of

composite extension degree. For each such field F_{2^N},

N \in [100,600], we identify elliptic curve parameters such

that (i) there should exist a cryptographically interesting elliptic

curve E over F_{2^N} with these parameters; and (ii) the GHS

attack is more efficient for solving the ECDLP in E(F_{2^N}) than

for solving the ECDLP on any other cryptographically interesting

elliptic curve over F_{2^N}. We examine the feasibility of the

GHS attack on the specific elliptic curves over F_{2^{176}},

F_{2^{208}}, F_{2^{272}}, F_{2^{304}}, and F_{2^{368}}

that are provided as examples inthe ANSI X9.62 standard for the

elliptic curve signature scheme ECDSA. Finally, we provide several

concrete instances of the ECDLP over F_{2^N}, N composite,

of increasing difficulty which resist all previously known attacks

but which are within reach of the GHS attack.

**ePrint:**
https://eprint.iacr.org/2001/084

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

**Example resources include:**
implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .