Advertisement

Computing Discrete Logarithms in \({\mathbb F}_{3^{6 \cdot 137}}\) and \({\mathbb F}_{3^{6 \cdot 163}}\) Using Magma

  • Gora Adj
  • Alfred Menezes
  • Thomaz Oliveira
  • Francisco Rodríguez-HenríquezEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9061)

Abstract

We show that a Magma implementation of Joux’s \(L[1/4+o(1)]\) algorithm can be used to compute discrete logarithms in the 1303-bit finite field \({\mathbb F}_{3^{6 \cdot 137}}\) and the 1551-bit finite field \({\mathbb F}_{3^{6 \cdot 163}}\) with very modest computational resources. Our \({\mathbb F}_{3^{6 \cdot 137}}\) implementation was the first to illustrate the effectiveness of Joux’s algorithm for computing discrete logarithms in small-characteristic finite fields that are not Kummer or twisted-Kummer extensions.

Keywords

Discrete Logarithm Discrete Logarithm Problem Bilinear Pairing Irreducible Factor Descent Step 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Supplementary material

References

  1. 1.
    Adj, G., Menezes, A., Oliveira, T., Rodríguez-Henríquez, F.: Weakness of \(\mathbb{F}_{3^{6 \cdot 509}}\) for discrete logarithm cryptography. In: Cao, Z., Zhang, F. (eds.) Pairing 2013. LNCS, vol. 8365, pp. 20–44. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  2. 2.
    Adj, G., Menezes, A., Oliveira, T., Rodríguez-Henríquez, F.: Weakness of \({\mathbb{F}}_{3^{6 \cdot 1429}}\) and \({\mathbb{F}}_{2^{4 \cdot 3041}}\) for discrete logarithm cryptography. Finite Fields and Their Applications (to appear)Google Scholar
  3. 3.
    Barbulescu, R., Bouvier, C., Detrey, J., Gaudry, P., Jeljeli, H., Thomé, E., Videau, M., Zimmermann, P.: Discrete logarithm in GF(2\(^{809}\)) with FFS. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 221–238. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  4. 4.
    Barbulescu, R., Gaudry, P., Joux, A., Thomé, E.: A heuristic quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 1–16. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  5. 5.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  6. 6.
    Beuchat, J., Detrey, J., Estibals, N., Okamoto, E., Rodríguez-Henríquez, F.: Fast architectures for the \(\eta _T\) pairing over small-characteristic supersingular elliptic curves. IEEE Trans. Comput. 60, 266–281 (2011)CrossRefMathSciNetGoogle Scholar
  7. 7.
    Blake, I., Fuji-Hara, R., Mullin, R., Vanstone, S.: Computing logarithms in finite fields of characteristic two. SIAM J. Algebraic Discrete Methods 5, 276–285 (1984)CrossRefzbMATHMathSciNetGoogle Scholar
  8. 8.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J. Cryptology 17, 297–319 (2004)CrossRefzbMATHMathSciNetGoogle Scholar
  9. 9.
    Coppersmith, D.: Fast evaluation of logarithms in fields of characteristic two. IEEE Trans. Inf. Theory 30, 587–594 (1984)CrossRefzbMATHMathSciNetGoogle Scholar
  10. 10.
    Coppersmith, D.: Solving homogeneous linear equations over \(GF(2)\) via block Wiedemann algorithm. Math. Comput. 62, 333–350 (1994)zbMATHMathSciNetGoogle Scholar
  11. 11.
  12. 12.
    Faugère, J.: A new efficient algorithm for computing Gröbner bases (\(F_4\)). J. Pure Appl. Algebra 139, 61–88 (1999)CrossRefzbMATHMathSciNetGoogle Scholar
  13. 13.
    Frey, G., Rück, H.: A remark concerning \(m\)-divisibility and the discrete logarithm in the divisor class group of curves. Math. Comput. 62, 865–874 (1994)zbMATHGoogle Scholar
  14. 14.
    Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the tate pairing. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 324–337. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  15. 15.
    Göloğlu, F., Granger, R., McGuire, G., Zumbrägel, J.: On the function field sieve and the impact of higher splitting probabilities. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 109–128. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  16. 16.
    Göloğlu, F., Granger, R., McGuire, G., Zumbrägel, J.: Solving a 6120-bit DLP on a desktop computer. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 136–152. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  17. 17.
    Granger, R., Kleinjung, T., Zumbrägel, J.: Breaking ‘128-bit secure’ supersingular binary curves (or how to solve discrete logarithms in \({\mathbb{F}}_{2^{4 \cdot 1223}}\) and \({\mathbb{F}}_{2^{12 \cdot 367}}\)). http://eprint.iacr.org/2014/119
  18. 18.
    Granger, R., Kleinjung, T., Zumbrägel, J.: Breaking ‘128-bit Secure’ supersingular binary curves. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 126–145. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  19. 19.
    Granger, R., Page, D., Stam, M.: Hardware and software normal basis arithmetic for pairing based cryptography in characteristic three. IEEE Trans. Comput. 54, 852–860 (2005)CrossRefGoogle Scholar
  20. 20.
    Granger, R., Page, D., Stam, M.: On small characteristic algebraic tori in pairing-based cryptography. LMS J. Comput. Math. 9, 64–85 (2006)CrossRefzbMATHMathSciNetGoogle Scholar
  21. 21.
    Granger, R., Zumbrägel, J.: On the security of supersingular binary curves. presentation at ECC 2013 (16 September 2013)Google Scholar
  22. 22.
    Hayashi, T., Shimoyama, T., Shinohara, N., Takagi, T.: Breaking pairing-based cryptosystems using \(\eta \) \(_{{T}}\) pairing over GF(3\(^{97}\)). In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 43–60. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  23. 23.
    Joux, A.: A new index calculus algorithm with complexity L(1/4 + o(1)) in small characteristic. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 355–380. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  24. 24.
    Joux, A.: Discrete logarithm in \(GF(2^{6128})\), Number Theory List (21 May 21 2013)Google Scholar
  25. 25.
    Joux, A., Lercier, R.: The function field sieve in the medium prime case. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 254–270. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  26. 26.
    Joux, A., Pierrot, C.: Improving the polynomial time precomputation of frobenius representation discrete logarithm algorithms. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 378–397. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  27. 27.
  28. 28.
    Menezes, A., Okamoto, T., Vanstone, S.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Inf. Theory 39, 1639–1646 (1993)CrossRefzbMATHMathSciNetGoogle Scholar
  29. 29.
    Pollard, J.: Monte Carlo methods for index computation mod \(p\). Math. Comput. 32, 918–924 (1978)zbMATHMathSciNetGoogle Scholar
  30. 30.
    Shinohara, N., Shimoyama, T., Hayashi, T., Takagi, T.: Key length estimation of pairing-based cryptosystems using \(\eta \) \(_{{T}}\) pairing. In: Ryan, M.D., Smyth, B., Wang, G. (eds.) ISPEC 2012. LNCS, vol. 7232, pp. 228–244. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  31. 31.
    Wiedemann, D.: Solving sparse linear equations over finite fields. IEEE Trans. Inf. Theory 32, 54–62 (1986)CrossRefzbMATHMathSciNetGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Gora Adj
    • 1
  • Alfred Menezes
    • 2
  • Thomaz Oliveira
    • 1
  • Francisco Rodríguez-Henríquez
    • 1
    Email author
  1. 1.Computer Science DepartmentCINVESTAV-IPNMexico CityMexico
  2. 2.Department of Combinatorics and OptimizationUniversity of WaterlooWaterlooCanada

Personalised recommendations