 |
 |
 |
|
 |
 |
 |
 |
|
 |
 |
 |
 |
 |
 |
 |
3.3 Further details about the challenge
This subsection presents some additional information about the challenge. Each problem posed is to compute the private key given the elliptic curve parameters, the base point P of order n, and the public key point Q. The private key is the unique integer l, 0
l
With the exception of the Koblitz curves, all elliptic curves have been chosen randomly in a verifiable manner (see Sections 3.1.4 and 3.2.4) - anyone can verify that the elliptic curve parameters were indeed generated at random.
Another interesting feature of the challenge is that the points P and Q having order n were also chosen randomly in a verifiable manner (see Sections 3.1.4 and 3.2.4). This means that each particular private key l is presently unknown even to the creators of the challenge! However, any alleged solution l' that is found to a challenge can easily be verified by checking that Q = l'P. The challenges presented here therefore adhere to the philosophy expressed by Matt Blaze [Blaze] at Crypto '97 that the solutions to a challenge should be unknown to the creators at the outset of the challenge.
The problems have been separated into two categories:
(i) elliptic curves over F2m, and
(ii) elliptic curves over Fp.
There have not been any mathematical discoveries to date to suggest that the ECDLP for elliptic curves over F2m is any easier or harder than the ECDLP for elliptic curves over Fp.
For each of these categories, the problems have been further divided into three sub-categories:
(i) Exercises,
(ii) Level I Challenges, and
(iii) Level II Challenges.
These are distinguished by the size of the parameter n, the prime order of the base point P. As the size of n increases, the problem is expected to become harder. By a k-bit challenge, we shall mean a challenge whose parameter n has bitlength k.
Copyright © Certicom Corp., 1997-2000. All rights reserved.
Information subject to change. http://www.certicom.com