2014
DOI: 10.1007/978-3-642-55220-5_3
|View full text |Cite
|
Sign up to set email alerts
|

Symmetrized Summation Polynomials: Using Small Order Torsion Points to Speed Up Elliptic Curve Index Calculus

Abstract: Abstract. Decomposition-based index calculus methods are currently efficient only for elliptic curves E defined over non-prime finite fields of very small extension degree n. This corresponds to the fact that the Semaev summation polynomials, which encode the relation search (or "sieving"), grow over-exponentially with n. Actually, even their computation is a first stumbling block and the largest Semaev polynomial ever computed is the 6-th. Following ideas from Faugère, Gaudry, Huot and Renault, our goal is to… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

1
19
0

Year Published

2014
2014
2020
2020

Publication Types

Select...
3
2

Relationship

1
4

Authors

Journals

citations
Cited by 10 publications
(20 citation statements)
references
References 13 publications
1
19
0
Order By: Relevance
“…Note that the degree bound 2 m−2 is consistent with the arguments on page 44 (Sections 2 and 3.1) of [13]: Since deg(t) = 4 we would expect polynomials of degree 4 m−1 , but t is invariant and so factors through a 2-isogeny, so we get degree 2 m−1 . The further saving of a factor 2 follows since t(−P ) = t(P ).…”
Section: The Point Tsupporting
confidence: 80%
See 3 more Smart Citations
“…Note that the degree bound 2 m−2 is consistent with the arguments on page 44 (Sections 2 and 3.1) of [13]: Since deg(t) = 4 we would expect polynomials of degree 4 m−1 , but t is invariant and so factors through a 2-isogeny, so we get degree 2 m−1 . The further saving of a factor 2 follows since t(−P ) = t(P ).…”
Section: The Point Tsupporting
confidence: 80%
“…Faugère et al [12,13] have considered action by larger groups (by using points of small order) for elliptic curves over F q n where n is small (e.g., n = 4 or n = 5) and the characteristic is = 2, 3. Their work gives further reduction in the cost of solving the system.…”
Section: Degree Reduction Via Symmetriesmentioning
confidence: 99%
See 2 more Smart Citations
“…or 4 m−1 m!. The paper [35] experiments further with these ideas and computes an 8-th summation polynomial in terms of invariant variables (previously the 8-th summation polynomial would have been unreachable). Vitse [113] did a more systematic study of which subgroups could be used in such a setting.…”
Section: Symmetriesmentioning
confidence: 99%