[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ECDL on Oakley Grp 3&4

To: IPsec List <ipsec@tis.com>
Subject: Re: ECDL on Oakley Grp 3&4
From: Lewis McCarthy <lmccarth@cs.umass.edu>
Date: Thu, 13 Aug 1998 15:36:58 -0400
Organization: Theoretical Computer Science Group, University of Massachusetts at Amherst
References: <E0z6zWL-0006Yo-00@wserver.physnet.uni-hamburg.de>
Sender: owner-ipsec@ex.tis.com

Niels Provos writes:
> FYI M. Wiener and R. Zuccherato will be presenting a paper with the
> title 'Faster attacks on Elliptic Curve Cryptosystems' at the SAC'98.
> The paper describes a speedup of the Pollard-\rho attack when an
> elliptic curve over GF(2**n), with n = ed, is defined over GF(2**e).
> The speedup is by a factor of \sqrt{2d}.
> 
> Since both Oakley Group 3 and 4 are defined over GF(2**31) and GF(2**37)
> respectivly, the speedup of a parallel collison-search in both cases is by a
> factor of about \sqrt(2*5) ~ 3.

See http://grouper.ieee.org/groups/1363/contrib.html (about 2/3 down the 
page) for a version of this paper.

-Lewis

References:

ECDL on Oakley Grp 3&4

From: Niels Provos <provos@wserver.physnet.uni-hamburg.de>

Prev by Date: Re: 40-bit DES negotiation in IKE?
Next by Date: Text to be sent to
Prev by thread: ECDL on Oakley Grp 3&4
Next by thread: Text to be sent to
Index(es):
- Main
- Thread