Weil配对求解椭圆曲线离散对数的实施分析  

作　　者：胡建军 HU Jianjun(School of Digital Media,Lanzhou University of Arts and Science,Lanzhou Gansu 730010,China)

机构地区：[1]兰州文理学院数字媒体学院,甘肃兰州730010

出　　处：《新疆大学学报（自然科学版中英文）》2024年第3期329-335,343,共8页Journal of Xinjiang University(Natural Science Edition in Chinese and English)

基　　金：兰州文理学院服务地方经济社会发展计划项目“椭圆曲线密码关键技术研究”(2021FWDF15)。

摘　　要：Weil配对广泛应用于加密、解密、签名、密码交换和密码体制安全分析中.1993年,Menezes等利用Weil配对有效地将超奇异椭圆曲线的离散对数约减到有限域上的离散对数,基于Weil配对的椭圆曲线密码体制遭受严峻挑战,然而,基于Weil配对的椭圆曲线密码体制的应用并未止步.为此,分析了适合Weil配对椭圆曲线的特征,指出适合Weil配对的椭圆曲线是具有二元循环群结构的曲线,一元群结构的超奇异椭圆曲线通过嵌入度的方式能够构造出二元群结构的超奇异椭圆曲线.同时,为了方便理解Weil配对的实施,列出了适合Weil配对安全的常见椭圆曲线.最后,聚焦了MOV攻击嵌入度为偶数的超奇异椭圆的实施过程,利用PARI软件验证了分析结论,指出了PARI和SageMath软件在设计上存在的缺陷.Weil pairing is widely used in encryption,decryption,signature,cryptographic exchange and cryp-tosystem security analysis.In 1993,Menezes et al.used Weil pairing to effectively reduce the discrete logarithm of a supersingular elliptic curve to the discrete logarithm over afinitefield,so the elliptic curve cryptosystem based on Weil pairing was seriously challenged.However,the application of elliptic curve cryptosystem based on Weil pairing has not stopped.For this reason,the characteristics of elliptic curves suitable for Weil pairing are analyzed,and it is pointed out that the elliptic curves suitable for Weil pairing are curves with binary cyclic group structure,and the hypersingular elliptic curves with monadic group structure can be constructed by means of embedding degree.At the same time,in order to facilitate the understanding of the implementation of Weil pairing,common elliptic curves suitable for Weil pairing safety are listed.Finally,we focus on the implementation process of MOV attack with even embedding degree of supersingular elliptic curve,verify the analysis results by using PARI software,and point out the designflaws of PARI and SageMath software.

关 键 词：有限域 超奇异椭圆曲线 扭曲群 离散对数 WEIL配对 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]