A SAT-Based Approach for Index Calculus on Binary Elliptic Curves

Logical cryptanalysis, first introduced by Massacci in 2000, is a viable alternative to common algebraic cryptanalysis techniques over boolean fields. With xor operations being at the core of many cryptographic problems, recent research in this area has focused on handling xor clauses efficiently. In this paper, we investigate solving the point decomposition step of the index calculus method for prime-degree extension fields [Formula: see text], using sat solving methods. We experimented with different sat solvers and decided on using WDSat, a solver dedicated to this specific problem. We extend this solver by adding a novel symmetry breaking technique and optimizing the time complexity of the point decomposition step by a factor of m! for the [Formula: see text](th) summation polynomial. While asymptotically solving the point decomposition problem with this method has exponential worst time complexity in the dimension l of the vector space defining the factor base, experimental running times show that the presented sat solving technique is significantly faster than current algebraic methods based on Gröbner basis computation. For the values l and n considered in the experiments, the WDSat solver coupled with our symmetry breaking technique is up to 300 times faster than Magma’s F4 implementation, and this factor grows with l and n.