{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T14:14:02Z","timestamp":1773238442160,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":45,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540209966","type":"print"},{"value":"9783540246602","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2004]]},"DOI":"10.1007\/978-3-540-24660-2_28","type":"book-chapter","created":{"date-parts":[[2010,8,2]],"date-time":"2010-08-02T15:18:44Z","timestamp":1280762324000},"page":"366-386","source":"Crossref","is-referenced-by-count":25,"title":["Weak Fields for ECC"],"prefix":"10.1007","author":[{"given":"Alfred","family":"Menezes","sequence":"first","affiliation":[]},{"given":"Edlyn","family":"Teske","sequence":"additional","affiliation":[]},{"given":"Annegret","family":"Weng","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"28_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"28","DOI":"10.1007\/3-540-58691-1_39","volume-title":"Algorithmic Number Theory","author":"L. Adleman","year":"1994","unstructured":"Adleman, L., DeMarrais, J., Huang, M.: A subexponential algorithm for discrete logarithms over the rational subgroup of the jacobians of large genus hyperelliptic curves over finite fields. In: Huang, M.-D.A., Adleman, L.M. (eds.) ANTS 1994. LNCS, vol.\u00a0877, pp. 28\u201340. Springer, Heidelberg (1994)"},{"key":"28_CR2","series-title":"Lecture Notes in Computer Science","first-page":"311","volume-title":"Advances in Cryptology - CRYPTO \u201986","author":"P. Barrett","year":"1987","unstructured":"Barrett, P.: Implementing the Rivest Shamir and Adleman public key encryption algorithm on a standard digital signal processor. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol.\u00a0263, pp. 311\u2013323. Springer, Heidelberg (1987)"},{"key":"28_CR3","unstructured":"Bernstein, D.: Circuits for integer factorization: A proposal, preprint (2001)"},{"key":"28_CR4","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1090\/S0025-5718-1987-0866101-0","volume":"48","author":"D. Cantor","year":"1987","unstructured":"Cantor, D.: Computing in the jacobian of a hyperelliptic curve. Math. Comp.\u00a048, 95\u2013101 (1987)","journal-title":"Math. Comp."},{"key":"28_CR5","doi-asserted-by":"publisher","first-page":"587","DOI":"10.1090\/S0025-5718-1981-0606517-5","volume":"36","author":"D. Cantor","year":"1981","unstructured":"Cantor, D., Zassenhaus, H.: A new algorithm for factoring polynomials over finite fields. Math. Comp.\u00a036, 587\u2013592 (1981)","journal-title":"Math. Comp."},{"key":"28_CR6","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/BF01840433","volume":"1","author":"D. Coppersmith","year":"1986","unstructured":"Coppersmith, D., Odlyzko, A., Schroeppel, R.: Discrete logarithms in GF(p). Algorithmica\u00a01, 1\u201315 (1986)","journal-title":"Algorithmica"},{"key":"28_CR7","doi-asserted-by":"publisher","first-page":"83","DOI":"10.4064\/aa102-1-6","volume":"102","author":"A. Enge","year":"2002","unstructured":"Enge, A., Gaudry, P.: A general framework for subexponential discrete logarithm algorithms. Acta Arithmetica\u00a0102, 83\u2013103 (2002)","journal-title":"Acta Arithmetica"},{"key":"28_CR8","unstructured":"FIPS 186-2, Digital signature standard (DSS), Federal Information Processing Standards Publication 186\u20132, National Institute of Standards and Technology (2000)"},{"key":"28_CR9","doi-asserted-by":"crossref","first-page":"339","DOI":"10.1080\/10586458.1999.10504623","volume":"8","author":"R. Flassenberg","year":"1999","unstructured":"Flassenberg, R., Paulus, S.: Sieving in function fields. Experimental Mathematics\u00a08, 339\u2013349 (1999)","journal-title":"Experimental Mathematics"},{"key":"28_CR10","unstructured":"Fouquet, M.: Anneau d\u2019endomorphismes et cardinalit\u00e9 des courbes elliptiques: aspects algorithmiques, PhD thesis, \u00c9cole polytechnique, Palaiseau Cedex (2001)"},{"key":"28_CR11","doi-asserted-by":"crossref","first-page":"128","DOI":"10.1007\/978-3-642-56755-1_13","volume-title":"Proceedings of the Fifth International Conference on Finite Fields and Applications, Springer-Verlag","author":"G. Frey","year":"2001","unstructured":"Frey, G.: Applications of arithmetical geometry to cryptographic constructions. In: Proceedings of the Fifth International Conference on Finite Fields and Applications, Springer-Verlag, pp. 128\u2013161. Springer, Heidelberg (2001)"},{"key":"28_CR12","first-page":"865","volume":"62","author":"G. Frey","year":"1994","unstructured":"Frey, G., R\u00fcck, H.: A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Math. Comp.\u00a062, 865\u2013874 (1994)","journal-title":"Math. Comp."},{"key":"28_CR13","doi-asserted-by":"crossref","first-page":"118","DOI":"10.1112\/S1461157000000097","volume":"2","author":"S. Galbraith","year":"1999","unstructured":"Galbraith, S.: Constructing isogenies between elliptic curves over finite fields. LMS Journal of Computation and Mathematics\u00a02, 118\u2013138 (1999)","journal-title":"LMS Journal of Computation and Mathematics"},{"key":"28_CR14","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1016\/S0166-218X(02)00443-2","volume":"12","author":"S. Galbraith","year":"2003","unstructured":"Galbraith, S.: Weil descent of jacobians. Discrete Applied Mathematics\u00a012, 165\u2013180 (2003)","journal-title":"Discrete Applied Mathematics"},{"key":"28_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1007\/3-540-46035-7_3","volume-title":"Advances in Cryptology - EUROCRYPT 2002","author":"S. Galbraith","year":"2002","unstructured":"Galbraith, S., Hess, F., Smart, N.: Extending the GHS Weil descent attack. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol.\u00a02332, pp. 29\u201344. Springer, Heidelberg (2002)"},{"key":"28_CR16","doi-asserted-by":"publisher","first-page":"1699","DOI":"10.1090\/S0025-5718-99-01119-9","volume":"69","author":"R. Gallant","year":"2000","unstructured":"Gallant, R., Lambert, R., Vanstone, S.: Improving the parallelized Pollard lambda search on anomalous binary curves. Math. Comp.\u00a069, 1699\u20131705 (2000)","journal-title":"Math. Comp."},{"key":"28_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/3-540-45539-6_2","volume-title":"Advances in Cryptology - EUROCRYPT 2000","author":"P. Gaudry","year":"2000","unstructured":"Gaudry, P.: An algorithm for solving the discrete log problem in hyperelliptic curves. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol.\u00a01807, pp. 19\u201334. Springer, Heidelberg (2000)"},{"key":"28_CR18","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/s00145-001-0011-x","volume":"15","author":"P. Gaudry","year":"2002","unstructured":"Gaudry, P., Hess, F., Smart, N.: Constructive and destructive facets of Weil descent on elliptic curves. J. Cryptology\u00a015, 19\u201346 (2002)","journal-title":"J. Cryptology"},{"key":"28_CR19","unstructured":"Hankerson, D.: personal communication (2003)"},{"key":"28_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"374","DOI":"10.1007\/3-540-39200-9_23","volume-title":"Advances in Cryptology \u2013 EUROCRPYT 2003","author":"F. Hess","year":"2003","unstructured":"Hess, F.: The GHS attack revisited. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol.\u00a02656, pp. 374\u2013387. Springer, Heidelberg (2003)"},{"key":"28_CR21","unstructured":"Hess, F.: personal communication (2003)"},{"key":"28_CR22","unstructured":"Jacobson, M.: personal communication (2003)"},{"key":"28_CR23","first-page":"231","volume":"16","author":"M. Jacobson","year":"2001","unstructured":"Jacobson, M., Menezes, A., Stein, A.: Solving elliptic curve discrete logarithm problems using Weil descent. Journal of the Ramanujan Mathematical Society\u00a016, 231\u2013260 (2001)","journal-title":"Journal of the Ramanujan Mathematical Society"},{"key":"28_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1007\/3-540-45455-1_10","volume-title":"Algorithmic Number Theory","author":"M. Jacobson","year":"2002","unstructured":"Jacobson, M., van der Poorten, A.: Computational aspects of NUCOMP. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol.\u00a02369, pp. 120\u2013133. Springer, Heidelberg (2002)"},{"key":"28_CR25","unstructured":"Kohel, D.: Endomorphism rings of elliptic curves over finite fields, PhD thesis, University of California, Berkeley (1996)"},{"key":"28_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"212","DOI":"10.1007\/3-540-45537-X_17","volume-title":"Selected Areas in Cryptography","author":"F. Kuhn","year":"2001","unstructured":"Kuhn, F., Struik, R.: Random walks revisited: Extensions of Pollard\u2019s rho algorithm for computing multiple discrete logarithms. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol.\u00a02259, pp. 212\u2013229. Springer, Heidelberg (2001)"},{"key":"28_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"203","DOI":"10.1007\/3-540-44495-5_18","volume-title":"Progress in Cryptology - INDOCRYPT 2000","author":"J. L\u00f3pez","year":"2000","unstructured":"L\u00f3pez, J., Dahab, R.: High-speed software multiplication in $\\mathbb{F}$ 2 m . In: Roy, B., Okamoto, E. (eds.) INDOCRYPT 2000. LNCS, vol.\u00a01977, pp. 203\u2013212. Springer, Heidelberg (2000)"},{"key":"28_CR28","doi-asserted-by":"crossref","first-page":"127","DOI":"10.1112\/S1461157000000723","volume":"5","author":"M. Maurer","year":"2002","unstructured":"Maurer, M., Menezes, A., Teske, E.: Analysis of the GHS Weil descent attack on the ECDLP over characteristic two finite fields of composite degree. LMS Journal of Computation and Mathematics\u00a05, 127\u2013174 (2002)","journal-title":"LMS Journal of Computation and Mathematics"},{"key":"28_CR29","doi-asserted-by":"publisher","first-page":"1639","DOI":"10.1109\/18.259647","volume":"39","author":"A. Menezes","year":"1993","unstructured":"Menezes, A., Okamoto, T., Vanstone, S.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Transactions on Information Theory\u00a039, 1639\u20131646 (1993)","journal-title":"IEEE Transactions on Information Theory"},{"key":"28_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"308","DOI":"10.1007\/3-540-45353-9_23","volume-title":"Topics in Cryptology - CT-RSA 2001","author":"A. Menezes","year":"2001","unstructured":"Menezes, A., Qu, M.: Analysis of the Weil descent attack of Gaudry, Hess and Smart. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol.\u00a02020, pp. 308\u2013318. Springer, Heidelberg (2001)"},{"key":"28_CR31","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/PL00003816","volume":"12","author":"P. Oorschot van","year":"1999","unstructured":"van Oorschot, P., Wiener, M.: Parallel collision search with cryptanalytic applications. J. Cryptology\u00a012, 1\u201328 (1999)","journal-title":"J. Cryptology"},{"key":"28_CR32","doi-asserted-by":"crossref","unstructured":"Orman, H.: The OAKLEY key determination protocol. RFC 2412 (1998), Available from http:\/\/www.ietf.org","DOI":"10.17487\/rfc2412"},{"key":"28_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"576","DOI":"10.1007\/BFb0054894","volume-title":"Algorithmic Number Theory","author":"S. Paulus","year":"1998","unstructured":"Paulus, S., Stein, A.: Comparing real and imaginary arithmetics for divisor class groups of hyperelliptic curves. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol.\u00a01423, pp. 576\u2013591. Springer, Heidelberg (1998)"},{"key":"28_CR34","first-page":"918","volume":"32","author":"J. Pollard","year":"1978","unstructured":"Pollard, J.: Monte Carlo methods for index computation mod p. Math. Comp.\u00a032, 918\u2013924 (1978)","journal-title":"Math. Comp."},{"key":"28_CR35","first-page":"81","volume":"47","author":"T. Satoh","year":"1998","unstructured":"Satoh, T., Araki, K.: Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves. Commentarii Mathematici Universitatis Sancti Pauli\u00a047, 81\u201392 (1998)","journal-title":"Commentarii Mathematici Universitatis Sancti Pauli"},{"key":"28_CR36","doi-asserted-by":"publisher","first-page":"353","DOI":"10.1090\/S0025-5718-98-00887-4","volume":"67","author":"I. Semaev","year":"1998","unstructured":"Semaev, I.: Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p. Math. Comp.\u00a067, 353\u2013356 (1998)","journal-title":"Math. Comp."},{"key":"28_CR37","unstructured":"Shoup, V.: NTL: A library for doing Number Theory, Available from http:\/\/shoup.net\/ntl"},{"key":"28_CR38","doi-asserted-by":"publisher","first-page":"193","DOI":"10.1007\/s001459900052","volume":"12","author":"N. Smart","year":"1999","unstructured":"Smart, N.: The discrete logarithm problem on elliptic curves of trace one. J. Cryptology\u00a012, 193\u2013196 (1999)","journal-title":"J. Cryptology"},{"key":"28_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1007\/3-540-44987-6_3","volume-title":"Advances in Cryptology - EUROCRYPT 2001","author":"N.P. Smart","year":"2001","unstructured":"Smart, N.P.: How secure are elliptic curves over composite extension fields? In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol.\u00a02045, pp. 30\u201339. Springer, Heidelberg (2001)"},{"key":"28_CR40","doi-asserted-by":"publisher","first-page":"195","DOI":"10.1023\/A:1008306223194","volume":"19","author":"J. Solinas","year":"2000","unstructured":"Solinas, J.: Efficient arithmetic on Koblitz curves. Designs, Codes and Cryptography\u00a019, 195\u2013249 (2000)","journal-title":"Designs, Codes and Cryptography"},{"key":"28_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"541","DOI":"10.1007\/BFb0054891","volume-title":"Algorithmic Number Theory","author":"E. Teske","year":"1998","unstructured":"Teske, E.: Speeding up Pollard\u2019s rho method for computing discrete logarithms. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol.\u00a01423, pp. 541\u2013554. Springer, Heidelberg (1998)"},{"key":"28_CR42","doi-asserted-by":"publisher","first-page":"809","DOI":"10.1090\/S0025-5718-00-01213-8","volume":"70","author":"E. Teske","year":"2000","unstructured":"Teske, E.: On random walks for Pollard\u2019s rho method. Math. Comp.\u00a070, 809\u2013825 (2000)","journal-title":"Math. Comp."},{"key":"28_CR43","unstructured":"Teske, E.: An elliptic curve trapdoor system, Cryptology ePrint Archive Report 2003\/058 (2003)"},{"key":"28_CR44","doi-asserted-by":"crossref","unstructured":"Wiener, M.: The full cost of cryptanalytic attacks. J. Cryptology (to appear)","DOI":"10.1007\/s00145-003-0213-5"},{"key":"28_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"190","DOI":"10.1007\/3-540-48892-8_15","volume-title":"Selected Areas in Cryptography","author":"M. Wiener","year":"1999","unstructured":"Wiener, M., Zuccherato, R.: Faster attacks on elliptic curve cryptosystems. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol.\u00a01556, pp. 190\u2013200. Springer, Heidelberg (1999)"}],"container-title":["Lecture Notes in Computer Science","Topics in Cryptology \u2013 CT-RSA 2004"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-24660-2_28","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,1]],"date-time":"2019-06-01T03:30:51Z","timestamp":1559359851000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-24660-2_28"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2004]]},"ISBN":["9783540209966","9783540246602"],"references-count":45,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-24660-2_28","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2004]]}}}