Paper 2003/058

An Elliptic Curve Trapdoor System

Edlyn Teske

Abstract

We propose an elliptic curve trapdoor system which is of interest in key escrow applications. In this system, a pair ($E_{\rm s}, E_{\rm pb}$) of elliptic curves over $\F_{2^{161}}$ is constructed with the following properties: (i) the Gaudry-Hess-Smart Weil descent attack reduces the elliptic curve discrete logarithm problem (ECDLP) in $E_{\rm s}(\F_{2^{161}})$ to a hyperelliptic curve DLP in the Jacobian of a curve of genus 7 or 8, which is computationally feasible, but by far not trivial; (ii) $E_{\rm pb}$ is isogenous to $E_{\rm s}$; (iii) the best attack on the ECDLP in $E_{\rm pb}(\F_{2^{161}})$ is the parallelized Pollard rho method.\\ The curve $E_{\rm pb}$ is used just as usual in elliptic curve cryptosystems. The curve $E_{\rm s} is submitted to a trusted authorityfor the purpose of key escrow. The crucial difference from other key escrow scenarios is that the trusted authority has to invest a considerable amount of computation to compromise a user's private key, which makes applications such as widespread wire-tapping impossible.

Metadata
Available format(s)
PDF PS
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
elliptic curve cryptosystemkey escrow
Contact author(s)
eteske @ math uwaterloo ca
History
2003-04-01: received
Short URL
https://ia.cr/2003/058
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2003/058,
      author = {Edlyn Teske},
      title = {An Elliptic Curve Trapdoor System},
      howpublished = {Cryptology {ePrint} Archive, Paper 2003/058},
      year = {2003},
      url = {https://eprint.iacr.org/2003/058}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.