Abstract
In this paper, we describe improvements to the function field sieve (FFS) for the discrete logarithm problem in \( \mathbb{F}p^n \) , when p is small. Our main contribution is a new way to build the algebraic function fields needed in the algorithm. With this new construction, the heuristic complexity is as good as the complexity of the construction proposed by Adleman and Huang [2], i.e L p n[1/3,c] = exp((c+ o(1))log(p n)1/3 log(log(p n))2/3) where c = (32/9)1/3. With either of these constructions the FFS becomes an equivalent of the special number field sieve used to factor integers of the form A N ± B. From an asymptotic point of view, this is faster than older algorithm such as Coppersmith’s algorithm and Adleman’s original FFS. From a practical viewpoint, we argue that our construction has better properties than the construction of Adleman and Huang. We demonstrate the efficiency of the algorithm by successfully computing discrete logarithms in a large finite field of characteristic two, namely \( \mathbb{F}2^{521} \) .
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
L. M. Adleman. The function field sieve. In Proceedings of the ANTS-I conference, volume 877 of Lecture Notes in Computer Science, pages 108–121, 1994.
L. M. Adleman and M. A. Huang. Function field sieve method for discrete logarithms over finite fields. In Information and Computation, volume 151, pages 5–16. Academic Press, 1999.
J. P. Buhler, H. W. Lenstra, Jr., and C. Pomerance. Factoring integers with the number field sieve. Pages 50–94 in [15].
F. Chabaud and R. Lercier. ZEN, User Manual. Available at http://-www.di.ens.fr/~zen/ .
D. Coppersmith. Fast evaluation of logarithms in fields of characteristic two. IEEE transactions on information theory, IT-30(4):587–594, July 1984.
D. Coppersmith, A. Odlyzko, and R. Schroppel. Discrete logarithms in \( \mathbb{F}_p \) . Algorithmica, 1:1–15, 1986.
T. Denny, O. Schirokauer, and D. Weber. Discrete Logarithms: The effectiveness of the Index Calculus Method. In Proceedings of the ANTS-II conference, volume 1122 of Lecture Notes in Computer Science, pages 337–361, 1996.
M. Elkenbracht-Huizing. An implementation of the number field sieve. Experimental Mathematics, 5(3):231–253, 1996.
S. Gao and J. Howell. A general polynomial sieve. Designs, Codes and Cryptography, 18:149–157, 1999.
R. Golliver, A. K. Lenstra, and K. McCurley. Lattice sieving and trial division. In Proceedings of the ANTS-I conference, volume 877 of Lecture Notes in Computer Science, pages 18–27. Springer-Verlag, 1994.
D. Gordon and K. McCurley. Massively parallel computation of discrete logarithms. In Advances in Cryptology — CRYPTO’92, volume 740 of Lecture Notes in Computer Science, pages 312–323. Springer-Verlag, 1993.
A. Joux and R. Lercier. Improvements to the general number field sieve for discrete logarithms in prime fields. Math. Comp., 2000. To appear. Preprint available at http://www.medicis.polytechnique.fr/~lercier/ .
B. A. LaMacchia and A. M. Odlyzko. Computation of discrete logarithms in prime fields. Designs, Codes and Cryptography, 1:47–62, 1991.
B. A. LaMacchia and A. M. Odlyzko. Solving large sparse systems over finite fields. In Advances in Cryptology — CRYPTO’90, volume 537 of Lecture Notes in Computer Science, pages 109–133. Springer-Verlag, 1991.
A. K. Lenstra and H. W. Lenstra, Jr., editors. The development of the number field sieve, volume 1554 of Lecture Notes in Mathematics. Springer-Verlag, 1993.
R. Lidl and H. Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Addison-Wesley, 1983.
R. Lovorn. Rigorous Subexponential Algorithms for Discrete Logarithms Over Finite Fields. PhD thesis, Univ. of Georgia, 1992.
R. Matsumoto. Using Cab curves in the function field sieve. IEICE Trans. Fundamentals, E82-A(3):551–552, march 1999.
A. M. Odlyzko. Discrete logarithms in finite fields and their cryptographic significance. In T. Beth, N. Cot, and I. Ingemarsson, editors, Advances in Cryptology — EUROCRYP’84, volume 209 of Lecture Notes in Computer Science, pages 224–314. Springer-Verlag, 1985. Available at http:/www.dtc.umn.edu/~odlyzko .
J.M. Pollard. The lattice sieve. Pages 43–49 in [15].
P. Montgomery S. Cavallar and H. te Riele. New record SNFS factorization. Available at http://listserv.nodak.edu/archives/nmbrthry.html, november 2000. Factorization of 2773 + 1.
O. Schirokauer. The special function field sieve. Preprint.
O. Schirokauer. Discrete logarithms and local units. Phil. Trans. R. Soc. Lond. A 345, pages 409–423, 1993.
R. D. Silverman. The Multiple Polynomial Quadratic Sieve. Math. Comp., 48:329–339, 1987.
E. Thomé. Computation of discrete logarithms in \( \mathbb{F}_{2^{607} } \) . In Advances in Cryptology — ASIACRYPT’2001, volume 2248 of Lecture Notes in Computer Science, pages107–124. Springer-Verlag, 2001.
E. Thomé. Discrete logarithms in \( \mathbb{F}_{2^{607} } \) . Available at http://listserv.nodak.-edu/archives/nmbrthry.html, february 2002.
D. Weber and Th. Denny. The solution of McCurley’s discrete log challenge. In H. Krawczyk, editor, Advances in Cryptology — CRYPTO’98, volume 1462 of Lecture Notes in Computer Science, pages 458–471. Springer-Verlag, 1998.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Joux, A., Lercier, R. (2002). The Function Field Sieve Is Quite Special. In: Fieker, C., Kohel, D.R. (eds) Algorithmic Number Theory. ANTS 2002. Lecture Notes in Computer Science, vol 2369. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45455-1_34
Download citation
DOI: https://doi.org/10.1007/3-540-45455-1_34
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43863-2
Online ISBN: 978-3-540-45455-7
eBook Packages: Springer Book Archive