I have a few questions on how to set up Elliptic Curve Discrete Log Problems that are safe against the Pohlig-Hellman attack, pairing attacks, and anomalous curve attacks. If anyone can point me to any good sources on any of these issues, I would really appreciate it. I have mostly looked at Washington along with a few other books and articles.
Pohlig-Hellman: To protect against this, Bob must ensure that the order of P is divisible by a large prime number (from what I have found, 2^160 is good enough as of 2015). As far as I can tell, he has two options. The first is to find |P| and factor it. But factoring is a hard problem (and finding |P| isn't exactly easy). Is it feasible to factor numbers that are around the size 2^160? His other option would be to find the number of points on the curve (the order of the group) then check that number is divisible by a large prime. Then with a high probability, P will have order which is divisible by that same large prime. This has the same problem that Bob's first approach had, except finding the number of points on the curve is (as far as I can tell) harder than finding |P|. Both of these options seem bad. In practice, what is done to ensure |P| is divisible by a large prime?
Attacks with Pairing: I don't entirely understand the concept of pairings. But as far as I can tell, as long as the curve used is not supersingular (another word I don't completely understand), attacks with pairings are probably infeasible. Is there a fast way to determine if a curve is supersingular?
Anomalous Curves: If the number of points on an elliptic curve over F_q is equal to q, then the curve is called anomalous, and solving the ECDLP is easy. Can Bob determine if a curve is anomalous without computing the number of points on the curve? If not, is computing the number of points on the curve feasible?