Advertisement

Key Length Estimation of Pairing-Based Cryptosystems Using ηT Pairing

  • Naoyuki Shinohara
  • Takeshi Shimoyama
  • Takuya Hayashi
  • Tsuyoshi Takagi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7232)

Abstract

The security of pairing-based cryptosystems depends on the difficulty of the discrete logarithm problem (DLP) over certain types of finite fields. One of the most efficient algorithms for computing a pairing is the η T pairing over supersingular curves on finite fields whose characteristic is 3. Indeed many high-speed implementations of this pairing have been reported, and it is an attractive candidate for practical deployment of pairing-based cryptosystems. The embedding degree of the η T pairing is 6, so we deal with the difficulty of a DLP over the finite field GF(36n ), where the function field sieve (FFS) is known as the asymptotically fastest algorithm of solving it. Moreover, several efficient algorithms are employed for implementation of the FFS, such as the large prime variation. In this paper, we estimate the time complexity of solving the DLP for the extension degrees n = 97,163, 193,239,313,353,509, when we use the improved FFS. To accomplish our aim, we present several new computable estimation formulas to compute the explicit number of special polynomials used in the improved FFS. Our estimation contributes to the evaluation for the key length of pairing-based cryptosystems using the η T pairing.

Keywords

pairing-based cryptosystems discrete logarithm problem finite field key length suitable values 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Adleman, L.M.: The Function Field Sieve. In: Huang, M.-D.A., Adleman, L.M. (eds.) ANTS 1994. LNCS, vol. 877, pp. 108–121. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  2. 2.
    Aoki, K., Shimoyama, T., Ueda, H.: Experiments on the Linear Algebra Step in the Number Field Sieve. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds.) IWSEC 2007. LNCS, vol. 4752, pp. 58–73. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Adleman, L.M., Huang, M.-D.A.: Function field sieve method for discrete logarithms over finite fields. Inform. and Comput. 151, 5–16 (1999)MathSciNetzbMATHCrossRefGoogle Scholar
  4. 4.
    Ahmadi, O., Hankerson, D., Menezes, A.: Software Implementation of Arithmetic in \(F_{3^m}\). In: Carlet, C., Sunar, B. (eds.) WAIFI 2007. LNCS, vol. 4547, pp. 85–102. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. 5.
    Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for key management - Part 1: General (Revised). NIST Special Publication 800-57 (2007)Google Scholar
  6. 6.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient Algorithms for Pairing-Based Cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Barreto, P.S.L.M., Galbraith, S., ÓhÉigeartaigh, C., Scott, M.: Efficient pairing computation on supersingular abelian varieties. Des., Codes Cryptogr. 42(3), 239–271 (2007)MathSciNetzbMATHCrossRefGoogle Scholar
  8. 8.
    Beuchat, J.-L., Brisebarre, N., Detrey, J., Okamoto, E., Shirase, M., Takagi, T.: Algorithms and arithmetic operators for computing the η T pairing in characteristic three. IEEE Trans. Comput. 57(11), 1454–1468 (2008)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Boneh, D., Franklin, M.: Identity based encryption from the Weil pairing. SIAM J. Comput. 32(3), 586–615 (2003)MathSciNetzbMATHCrossRefGoogle Scholar
  10. 10.
    Cavallar, S.: Strategies in Filtering in the Number Field Sieve. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 209–231. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. 11.
    Galbraith, S., Harrison, K., Soldera, D.: Implementing the Tate Pairing. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 324–337. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Gorla, E., Puttmann, C., Shokrollahi, J.: Explicit Formulas for Efficient Multiplication in \(F_{3^{6m}}\). In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 173–183. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  13. 13.
    Granger, R.: Estimates for Discrete Logarithm Computations in Finite Fields of Small Characteristic. In: Paterson, K.G. (ed.) Cryptography and Coding 2003. LNCS, vol. 2898, pp. 190–206. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Granger, R., Holt, A.J., Page, D., Smart, N.P., Vercauteren, F.: Function Field Sieve in Characteristic Three. In: Buell, D.A. (ed.) ANTS 2004. LNCS, vol. 3076, pp. 223–234. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  15. 15.
    Granger, R., Page, D., Stam, M.: Hardware and software normal basis arithmetic for pairing-based cryptography in characteristic three. IEEE Trans. Comput. 54(7), 852–860 (2005)CrossRefGoogle Scholar
  16. 16.
    Hankerson, D., Menezes, A., Scott, M.: Software implementation of pairings. In: Identity-Based Cryptography, pp. 188–206 (2009)Google Scholar
  17. 17.
    Harrison, K., Page, D., Smart, N.P.: Software implementation of finite fields of characteristic three, for use in pairing-based cryptosystems. LMS Journal of Computation and Mathematics 5, 181–193 (2002)MathSciNetzbMATHGoogle Scholar
  18. 18.
    Hayashi, T., Shinohara, N., Wang, L., Matsuo, S., Shirase, M., Takagi, T.: Solving a 676-Bit Discrete Logarithm Problem in GF(36n). In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 351–367. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    Joux, A., et al.: Discrete logarithms in GF(2607) and GF(2613). Posting to the Number Theory List (2005), http://listserv.nodak.edu/cgi-bin/wa.exe?A2=ind0509&L=nmbrthry&T=0&P=3690
  20. 20.
    Joux, A., Lercier, R.: The Function Field Sieve Is Quite Special. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 431–445. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  21. 21.
    Joux, A., Lercier, R.: The Function Field Sieve in the Medium Prime Case. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 254–270. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    Kawahara, Y., Aoki, K., Takagi, T.: Faster Implementation of η T Pairing Over GF(3m) Using Minimum Number of Logical Instructions for GF(3)-Addition. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 282–296. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  23. 23.
    Kleinjung, T., Aoki, K., Franke, J., Lenstra, A.K., Thomé, E., Bos, J.W., Gaudry, P., Kruppa, A., Montgomery, P.L., Osvik, D.A., te Riele, H., Timofeev, A., Zimmermann, P.: Factorization of a 768-Bit RSA Modulus. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 333–350. Springer, Heidelberg (2010)Google Scholar
  24. 24.
    Kerins, T., Marnane, W., Popovici, E., Barreto, P.S.L.M.: Efficient Hardware for the Tate Pairing Calculation in Characteristic Three. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 412–426. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  25. 25.
    Lanczos, C.: Solution of systems of linear equations by minimized iterations. J. Res. Nat. Bureau of Standards 49(1), 33–53 (1952)MathSciNetGoogle Scholar
  26. 26.
    Lenstra, A.K., Lenstra Jr., H.W., Manasse, M.S., Pollard, J.M.: The number field sieve. LNIM, vol. 1554, pp. 43–49 (1993)Google Scholar
  27. 27.
    Pollard, J.M.: The lattice sieve. LNIM, vol. 1554, pp. 43–49 (1993)Google Scholar
  28. 28.
    Page, D., Smart, N.P.: Hardware Implementation of Finite Fields of Characteristic Three. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 529–539. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  29. 29.
    Pomerance, C., Wagstaff Jr., S.S.: Implementation of the continued fraction integer factoring algorithm. Congress Numer. 37, 99–118 (1983)MathSciNetGoogle Scholar
  30. 30.
    Shinohara, N., Shimoyama, T., Hayashi, T., Takagi, T.: Key Length Estimation of Pairing-based Cryptosystems using η T Pairing, Cryptology ePrint Archive: Report 2012/042 (2012), http://eprint.iacr.org/2012/042
  31. 31.
    Smart, N., Page, D., Vercauteren, F.: A comparison of MNT curves and supersingular curves. Applicable Algebra in Engineering, Communication and Computing 17, 379–392 (2006)MathSciNetzbMATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Naoyuki Shinohara
    • 1
  • Takeshi Shimoyama
    • 2
  • Takuya Hayashi
    • 3
  • Tsuyoshi Takagi
    • 3
  1. 1.National Institute of Information and Communications TechnologyJapan
  2. 2.FUJITSU LABORATORIES Ltd.Japan
  3. 3.Kyushu UniversityJapan

Personalised recommendations