# A Kilobit Hidden SNFS Discrete Logarithm Computation

@article{Fried2016AKH,
title={A Kilobit Hidden SNFS Discrete Logarithm Computation},
author={Joshua Fried and Pierrick Gaudry and Nadia Heninger and Emmanuel Thom{\'e}},
journal={ArXiv},
year={2016},
volume={abs/1610.02874}
}
• Published 10 October 2016
• Mathematics, Computer Science
• ArXiv
We perform a special number field sieve discrete logarithm computation in a 1024-bit prime field. To our knowledge, this is the first kilobit-sized discrete logarithm computation ever reported for prime fields. This computation took a little over two months of calendar time on an academic cluster using the open-source CADO-NFS software.
48 Citations
• Mathematics, Computer Science
2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP)
• 2021
This work proposes a new method to find the special number field sieve(SNFS) polynomial pair of a given prime, and recommends a simple ad-hoc detection of the trapdoor before doing the general numberField sieve (GNFS) to a prime $p$.
• Computer Science, Mathematics
• 2020
This work addresses the question of degree 6 and aims at providing real-life timings for discrete logarithms in small degree extensions of finite fields of large characteristic, and shows how to improve many parts of the NFS-DL algorithm to reach this target.
• Computer Science, Mathematics
IACR Cryptol. ePrint Arch.
• 2020
Two new records are reported: the factorization of RSA-240, a 795-bit number, and a discrete logarithm computation over a 7 95-bit prime field, and it is shown that computing a discreteLogarithms is not much harder than a factorized number of the same size.
• Fabrice Boudot
• Computer Science, Mathematics
IACR Cryptol. ePrint Arch.
• 2017
The pre-computation phase for a 768-bit discrete logarithm problem, that allows for example to build a massive decryption tool of IPsec traffic protected by the Oakley group 1, was feasible in reasonable time using technologies available before the year 2000.
This work improves the initial splitting phase and applies to any nonprime finite field, and is very efficient when the extension degree is composite.
• G. Teşeleanu
• Computer Science, Mathematics
IACR Cryptol. ePrint Arch.
• 2017
This work combines the notions of threshold scheme and kleptographic attack to construct the first $$\ell$$ out of n threshold klePTographic attack on discrete logarithm based digital signatures and prove its security in the standard and random oracle models.
• Computer Science, Mathematics
EUROCRYPT
• 2017
This work presents succinct two-party protocols for securely computing branching programs and $${\mathsf{NC}^1}$$ circuits under the DDH assumption, providing the first alternative to fully homomorphic encryption.
• Mathematics, Computer Science
• 2019
This work studies the best attacks against some of the most popular pairings and proposes new key sizes using an analysis which is more precise than the analysis in a recent article of Menezes, Sarkar and Singh.
This thesis proposes and study two new sieve algorithms allowing us to treat any dimensions, with an emphasis on the three-dimensional case, and provides a complete implementation of the relation collection for some variants of the NFS in three dimensions.

## References

SHOWING 1-10 OF 50 REFERENCES

• Mathematics, Computer Science
ASIACRYPT
• 2007
We describe how we reached a new factoring milestone by completing the first special number field sieve factorization of a number having more than 1024 bits, namely the Mersenne number 21039 - 1.
• Mathematics, Computer Science
Math. Comput.
• 2003
It is shown that the number field sieve outperforms the gaussian integer method in the hundred digit range by successfully computing discrete logarithms with GNFS in a large prime field.
It is shown that this modification of an algorithm for finding discrete logarithms over the field GF(p) (p is a prime number) gives the best estimate at the present time of the complexity of finding discrete logs over finite prime fields which coincides with the best known estimate of the difficulty of factoring integers obtained by D. Coppersmith.
Using a number field sieve, discrete logarithms modulo primes of special forms can be found faster than standard primes. This has raised concerns about trapdoors in discrete log cryptosystems, such
This paper presents a method for generating prime moduli with a special form which can simplify the modular reduction process and reduce the storage requirement. Such moduli will be particularly
• Mathematics
CRYPTO
• 2010
This paper reports on the factorization of the 768-bit number RSA-768 by the number field sieve factoring method and discusses some implications for RSA.
The fact that certain smoothness computations can be reused, and thereby reduce the asymptotic running time of the Number Field Sieve, is used to give a way to precompute tables which will be useful for factoring any integers in a large range.
The number field sieve, the newest and fastest known method for factorising integers used in public-key cryptosystems, is considered, and so-called polynomial selection methods for the numberField sieve are improved.
• Oliver Schirokauer
• Mathematics
Philosophical Transactions of the Royal Society of London. Series A: Physical and Engineering Sciences
• 1993
Let K be a number field and (9K its ring of integers. Let l be a prime number and e a positive integer. We give a method to construct leth powers in (9K using smooth algebraic integers. This method
• Computer Science, Mathematics
Journal of Cryptology
• 2010
An algorithm for solving the discrete logarithm problem in Jacobians of families of plane curves whose degrees in X and Y are low with respect to their genera using heuristics similar to the ones used in the number field sieves or the function field sieve is presented.