Re: bilinear pairing on curves where discrete log is easy
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: bilinear pairing on curves where discrete log is easy

From: Michael Scott <mscott@indigo.ie>
Date: Fri Jun 17 2005 - 19:53:12 CEST



Pubkeybreaker wrote:


> 


> Zsuzsanna Doncho wrote:


> 


>>Hi,


>>


>>usually a bilinear pairing is defined on curves where the discrete


>>logarithm problem is hard.


> 


> 


> <snip>


> 


>>Is there any solution, maybe in using a special elliptic curve, where


>>the discrete logarithm problem is easy?


> 


> 


> Try using super-singular elliptic curves:  These are curves over Z/pZ


> whose group order equals p.  There is a fast, practical polynomial time


> algorithm (Due to N. Smart,  maybe others as well?) for the DL problem


> for such curves.



I think such curves are anomalous, but not supersingular, and hence 


probably not much use for bilinear pairings. For supersingular curves 


the group order should be p+1, not p.



Mike Scott



> 


Received on Thu Sep 29 21:44:29 2005