Cryptology ePrint Archive: Report 2019/313

A SAT-based approach for index calculus on binary elliptic curves

Monika Trimoska and Sorina Ionica and Gilles Dequen

Abstract: Logical cryptanalysis, first introduced by Massacci in 2000, is a viable alternative to common algebraic cryptanalysis techniques over boolean fields. With XOR operations being at the core of many cryptographic problems, recent research in this area has focused on handling XOR clauses efficiently. In this paper, we investigate solving the point decomposition step of the index calculus method for prime degree extension fields $\mathbb{F}_{2^n}$, using SAT solving methods. We experimented with different SAT solvers and decided on using WDSat, a solver dedicated to this specific problem. We extend this solver by adding a novel breaking symmetry technique and optimizing the time complexity of the point decomposition step by a factor of $m!$ for the $(m+1)$\textsuperscript{th} Semaev's summation polynomial. While asymptotically solving the point decomposition problem with this method has exponential worst time complexity in the dimension $l$ of the vector space defining the factor base, experimental running times show that the the presented SAT solving technique is significantly faster than current algebraic methods based on Gröbner basis computation. For the values $l$ and $n$ considered in the experiments, the WDSat solver coupled with our breaking symmetry technique is up to 300 times faster then MAGMA's F4 implementation, and this factor grows with $l$ and $n$.

Category / Keywords: public-key cryptography / discrete logarithm, index calculus, elliptic curves, point decomposition, symmetry, satisfiability, DPLL algorithm

Original Publication (in the same form): Progress in Cryptology - AFRICACRYPT 2020
DOI:
https://doi.org/10.1007/978-3-030-51938-4_11

Date: received 20 Mar 2019, last revised 18 Dec 2020

Contact author: monika trimoska at u-picardie fr, sorina ionica at u-picardie fr, gilles dequen at u-picardie fr

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2019/313

[ Cryptology ePrint archive ]