Sciweavers

Share
EUROCRYPT
2001
Springer

Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems

11 years 4 months ago
Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems
Abstract. We show that finding an efficiently computable injective homomorphism from the XTR subgroup into the group of points over GF(p2 ) of a particular type of supersingular elliptic curve is at least as hard as solving the Diffie-Hellman problem in the XTR subgroup. This provides strong evidence for a negative answer to the question posed by S. Vanstone and A. Menezes at the Crypto 2000 Rump Session on the possibility of efficiently inverting the MOV embedding into the XTR subgroup. As a side result we show that the Decision Diffie-Hellman problem in the group of points on this type of supersingular elliptic curves is efficiently computable, which provides an example of a group where the Decision Diffie-Hellman problem is simple, while the Diffie-Hellman and discrete logarithm problem are presumably not. The cryptanalytical tools we use also lead to cryptographic applications of independent interest. These applications are an improvement of Joux’s one round protocol for tripart...
Eric R. Verheul
Added 28 Jul 2010
Updated 28 Jul 2010
Type Conference
Year 2001
Where EUROCRYPT
Authors Eric R. Verheul
Comments (0)
books