**New algorithm for the discrete logarithm problem on elliptic curves**

*Igor Semaev*

**Abstract: **A new algorithms for computing discrete logarithms on elliptic curves defined over finite fields is suggested. It is based on a new method to find zeroes of summation polynomials. In binary elliptic curves one is to solve a cubic system of Boolean equations. Under a first fall degree assumption
the regularity degree of the system is at most $4$. Extensive experimental data which supports the assumption is provided. An heuristic analysis suggests a new asymptotical complexity bound $2^{c\sqrt{n\ln n}}, c\approx 1.69$ for computing discrete logarithms on an elliptic curve over a field of size $2^n$. For several binary elliptic curves recommended by FIPS the new method performs better than Pollard's. The asymptotical bound is correct under a weaker assumption that the regularity degree is bounded by $o(\sqrt{\frac{n}{\ln n}})$ though the conclusion on the security of FIPS curves does not generally hold in this case.

**Category / Keywords: **discrete logarithm problem, elliptic curve cryptosystem

**Date: **received 5 Apr 2015, last revised 10 Apr 2015

**Contact author: **igor at ii uib no

**Available format(s): **PDF | BibTeX Citation

**Note: **A new section is added, it is shown that the asymptotical bound for ECDLP in binary elliptic curves depends on a much weaker assumption not related to any first fall degree assumptions.

Since the first version appeared on the IACR web-site several people sent me their unpublished works which exploit similar ideas though without asymptotical analysis of the ECDLP. I have now acknowledged this.

**Version: **20150410:191851 (All versions of this report)

**Short URL: **ia.cr/2015/310

[ Cryptology ePrint archive ]