This paper proposes a Weil descent attack against elliptic curve cryptosystems over quartic extension fields. The scenario of the attack is as follows: First, one reduces a DLP on a Weierstrass form over the quartic extention of a finite field k to a DLP on a special form, called Scholten form, over the same field. Second, one reduces the DLP on the Scholten form to a DLP on a genus two hyperelliptic curve over the quadratic extension of k. Then, one reduces the DLP on the hyperelliptic curve to one on a Cab model over k. Finally, one obtains the discrete-log of original DLP by applying the Gaudry method to the DLP on the Cab model. In order to carry out the scenario, this paper shows that many of elliptic curve discrete-log problems over quartic extension fields of odd characteristics are reduced to genus two hyperelliptic curve discrete-log problems over quadratic extension fields, and that almost all of the genus two hyperelliptic curve discrete-log problems over quadratic extension fields of odd characteristics come under Weil descent attack. This means that many of elliptic curve cryptosystems over quartic extension fields of odd characteristics can be attacked uniformly.

The Weil descent attack, suggested by Frey, has been implemented by Gaudry, Hess and Smart (the so-called GHS attack) on elliptic curves over finite fields of characteristic two and with composite extension degrees. Recently, Diem presented a general treatment of the GHS attack to hyperelliptic curves over finite fields of arbitrary odd characteristics. This paper shows that Diem's approach can be extended to curves of which the function fields are cyclic Galois extensions. In particular, we show the existence of GHS Weil restriction, triviality of the kernel of GHS conorm-norm homomorphism, and lower/upper bounds of genera of the resulting curves.