### An Elliptic Curve Trapdoor System

Edlyn Teske

##### Abstract

We propose an elliptic curve trapdoor system which is of interest in key escrow applications. In this system, a pair ($E_{\rm s}, E_{\rm pb}$) of elliptic curves over $\F_{2^{161}}$ is constructed with the following properties: (i) the Gaudry-Hess-Smart Weil descent attack reduces the elliptic curve discrete logarithm problem (ECDLP) in $E_{\rm s}(\F_{2^{161}})$ to a hyperelliptic curve DLP in the Jacobian of a curve of genus 7 or 8, which is computationally feasible, but by far not trivial; (ii) $E_{\rm pb}$ is isogenous to $E_{\rm s}$; (iii) the best attack on the ECDLP in $E_{\rm pb}(\F_{2^{161}})$ is the parallelized Pollard rho method.\\ The curve $E_{\rm pb}$ is used just as usual in elliptic curve cryptosystems. The curve \$E_{\rm s} is submitted to a trusted authorityfor the purpose of key escrow. The crucial difference from other key escrow scenarios is that the trusted authority has to invest a considerable amount of computation to compromise a user's private key, which makes applications such as widespread wire-tapping impossible.

Available format(s)
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
elliptic curve cryptosystemkey escrow
Contact author(s)
eteske @ math uwaterloo ca
History
Short URL
https://ia.cr/2003/058

CC BY

BibTeX

@misc{cryptoeprint:2003/058,
author = {Edlyn Teske},
title = {An Elliptic Curve Trapdoor System},
howpublished = {Cryptology ePrint Archive, Paper 2003/058},
year = {2003},
note = {\url{https://eprint.iacr.org/2003/058}},
url = {https://eprint.iacr.org/2003/058}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.