[curves] Improvements on discrete log for Koblitz curves?
Steven Galbraith
s.galbraith at math.auckland.ac.nz
Mon Apr 6 18:38:54 PDT 2015
My student and I already tried something similar and concluded it did
not work. But Semaev is smarter than me, so I will need to read his
paper more carefully to tell. It pays not to underestimate Igor Semaev.
Regarding the asymptotics: the memory requirement will probably render
the method impossible (I mean, like "not enough elementary particles in
the universe" impossible) even if the time estimate is technically
faster than pollard rho (remember that rho is parallelisable and
requires small storage).
Steven
On 07/04/15 12:44, Trevor Perrin wrote:
> An eprint paper claims an improvement over Pollard Rho vs the FIPS
> K-409 and K-571 curves:
>
> https://eprint.iacr.org/2015/310.pdf
>
>
> Seems like this might be building on the direction described below,
> from the "ellipticnews" blog:
>
> https://ellipticnews.wordpress.com/2012/05/16/two-new-papers-on-the-ecdlp-in-characteristic-2/
>
>
> Anyone able to place the work in context? (is this a real
> improvement? by how much? what are prospects for further advances,
> application to other curves, etc.)
>
>
> Trevor
> _______________________________________________
> Curves mailing list
> Curves at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/curves
More information about the Curves
mailing list