Prabhat Kushwaha

Michael John Jacobson,, Prabhat Kushwaha

We describe a novel type of weak cryptographic private key that can exist in any discrete logarithm based public-key cryptosystem set in a group of prime order $p$ where $p-1$ has small divisors. Unlike the weak private keys based on \textit{numerical size} (such as smaller private keys, or private keys lying in an interval) that will \textit{always} exist in any DLP cryptosystems, our type of weak private keys occurs purely due to parameter choice of $p$, and hence, can be removed with appropriate value of $p$. Using the theory of implicit group representations, we present algorithms that can determine whether a key is weak, and if so, recover the private key from the corresponding public key. We analyze several elliptic curves proposed in the literature and in various standards, giving counts of the number of keys that can be broken with relatively small amounts of computation. Our results show that many of these curves, including some from standards, have a considerable number of such weak private keys. We also use our methods to show that none of the 14 outstanding Certicom Challenge problem instances are weak in our sense, up to a certain weakness bound.

Prabhat Kushwaha, Ayan Mahalanobis

In this paper, a new algorithm to solve the discrete logarithm problem is presented which is similar to the usual baby-step giant-step algorithm. Our algorithm exploits the order of the discrete logarithm in the multiplicative group of a finite field. Using randomization with parallelized collision search, our algorithm indicates some weakness in NIST curves over prime fields which are considered to be the most conservative and safest curves among all NIST curves.

Prabhat Kushwaha

In 2004, Muzereau et al. showed how to use a reduction algorithm of the discrete logarithm problem to Diffie-Hellman problem in order to estimate lower bound on Diffie-Hellman problem on elliptic curves. They presented their estimates for various elliptic curves that are used in practical applications. In this paper, we show that a much tighter lower bound for Diffie-Hellman problem on those curves can be achieved, if one uses the multiplicative group of a finite field as an auxiliary group. Moreover, improved lower bound estimates on Diffie-Hellman problem for various recommended curves are also given which are the tightest; thus, leading us towards the equivalence of Diffie-Hellman problem and the discrete logarithm problem for these recommended elliptic curves.