| 有限域上超椭圆曲线离散对数问题的错误攻击 |
| |
| 引用本文: | 王明强,薛海洋,展涛.有限域上超椭圆曲线离散对数问题的错误攻击[J].中国通信学报,2012,9(11):150-161. |
| |
| 作者姓名: | 王明强 薛海洋 展涛 |
| |
| 摘 要: |
|
| 收稿时间: | 2012-12-24; |
Fault Attacks on Hyperelliptic Curve Discrete Logarithm Problem over Finite Fields |
| |
| Wang Mingqiang,Xue Haiyang,Zhan Tao.Fault Attacks on Hyperelliptic Curve Discrete Logarithm Problem over Finite Fields[J].China communications magazine,2012,9(11):150-161. |
| |
| Authors: | Wang Mingqiang Xue Haiyang Zhan Tao |
| |
| Affiliation: | 1School of Mathematics, Shandong University, Jinan 250100, P. R. China
2State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100864, P. R. China |
| |
| Abstract: | In this paper, we present two explicit inva-lid-curve attacks on the genus 2 hyperelliptic curve o-ver a finite field. First, we propose two explicit attack models by injecting a one-bit fault in a given divisor. Then, we discuss the construction of an invalid curve based on the faulted divisor. Our attacks are based on the fact that the Hyperelliptic Curve Scalar Multiplica-tion (HECSM) algorithm does not utilize the curve parameters and We consider three hyperelliptic curves as the attack targets. For curve with security level 186 (in bits), our attack method can get the weakest inva-lid curve with security level 42 (in bits); there are 93 invalid curves with security level less than 50. We al-so estimate the theoretical probability of getting a weak hyperelliptic curve whose cardinality is a smooth integer. Finally, we show that the complexity of the fault attack is subexponential if the attacker can freely inject a fault in the input divisor. Cryptosystems based on the genus 2 hyperelliptic curves cannot work against our attack algorithm in practice. |
| |
| Keywords: | hyperelliptic curve discrete logarithm finite field genus cryptosystem |
|
| 点击此处可从《中国通信学报》浏览原始摘要信息 |
|
点击此处可从《中国通信学报》下载全文 |
|
